claude: Add unit tests for ExternalIPsConfig in collector/lib/ExternalIPsConfi#3107
Draft
robbycochran wants to merge 17 commits intomasterfrom
Draft
claude: Add unit tests for ExternalIPsConfig in collector/lib/ExternalIPsConfi#3107robbycochran wants to merge 17 commits intomasterfrom
robbycochran wants to merge 17 commits intomasterfrom
Conversation
Consolidate all documentation under docs/ Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a devcontainer based on the collector-builder image that enables agent-driven development of collector. The devcontainer includes all C++ build dependencies, Go, Node.js, Claude Code, gcloud CLI, and developer tooling (ripgrep, fd, gh). Verified: cmake configure, full collector build, and 17/17 unit tests pass inside the container. Claude Code authenticates to Vertex AI via read-only gcloud credential mount. - .devcontainer/: Dockerfile, devcontainer.json, network firewall - CLAUDE.md: agent development guide with build/test workflows - .claude/skills/: /build, /ci-status, /iterate slash commands - .claude/settings.json: deny Read(.devcontainer/**) for security - Security: bubblewrap sandboxing, npm hardening, read-only mounts, optional iptables firewall with NET_ADMIN Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…DE.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The run.sh script launches Claude Code in the devcontainer with: - Git worktree isolation: agent works on its own copy, never touches the user's checkout. Worktree is cleaned up on exit. - GitHub auth: supports fine-grained PAT via GITHUB_TOKEN or host gh CLI config (read-only mount) - Modes: autonomous (-p task), interactive, shell, no-worktree Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace gh CLI and Docker-based MCP server with official GitHub MCP server at api.githubcopilot.com/mcp (OAuth, project-scoped .mcp.json) - Add permissions.deny for dangerous MCP tools (merge, delete, fork) - Add bubblewrap, socat, iptables to Dockerfile for sandboxing - Remove gh CLI install from Dockerfile - Fix run.sh: suppress git worktree output, use bash array for docker args instead of eval with string (fixes --interactive mode) - Remove Docker socket mount and GITHUB_TOKEN forwarding from run.sh - Update skills to reference mcp__github__* tools instead of gh CLI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…missions Move skills from .claude/skills/ to .claude/plugins/collector-dev/ as a proper Claude Code plugin. Each skill now declares only the tools it needs via allowed-tools frontmatter: - /collector-dev:build — cmake, make, git describe, strip (no GitHub) - /collector-dev:ci-status — git branch/log + GitHub MCP read-only tools - /collector-dev:iterate — build tools + git + clang-format + GitHub MCP PR/push tools The GitHub MCP server config moves from root .mcp.json into the plugin's .mcp.json so it's bundled with the skills that use it. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
run.sh now creates the branch, pushes it, and opens a draft PR before launching the agent. The agent receives the branch name and PR URL in its prompt and only needs to commit and push. iterate skill drops all GitHub MCP write tools (create_branch, push_files, create_pull_request, update_pull_request). It retains only read-only GitHub MCP tools for checking CI status. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New skill that checks CI status and reacts to failures: - PASSED: all checks green, stop - PENDING: still running, wait for next loop - FIXED: diagnosed failure, pushed fix, awaiting new CI - FLAKE: infra issue, not code - BLOCKED: needs human intervention Usage: /loop 30m /collector-dev:watch-ci Same restricted tool set as iterate — read-only GitHub MCP, build tools, git push to existing branch only. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New /collector-dev:task skill that runs the full lifecycle: 1. Implement the task (edit, build, unit test, format, push) 2. Monitor CI in a loop (sleep 10m, check status, fix failures) 3. Stop when all checks pass, or after 6 cycles (~3h) Reports final status: PASSED, BLOCKED, or TIMEOUT. run.sh now invokes /collector-dev:task directly so a single command goes from task description to green CI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Claude Code doesn't auto-discover plugins from .claude/plugins/. Add --plugin-dir /workspace/.claude/plugins/collector-dev to all claude invocations so skills like /collector-dev:task are available. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use --output-format stream-json --verbose for autonomous task mode so all messages (tool calls, responses, thinking) stream to container stdout in real time. Interactive mode keeps the normal TUI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
--local edits the working tree directly with interactive TUI. No worktree, no branch, no PR. For debugging and experimentation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
git worktree add does not init submodules. Without this, cmake fails because falcosecurity-libs and other submodules are missing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Only init falcosecurity-libs and collector/proto/third_party/stackrox. The 17 builder/third_party/* submodules are baked into the builder image and not needed for compiling collector. This avoids cloning 49 recursive submodules (was hanging on large repos like grpc). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3107 +/- ##
=======================================
Coverage 27.38% 27.38%
=======================================
Files 95 95
Lines 5427 5427
Branches 2548 2548
=======================================
Hits 1486 1486
Misses 3214 3214
Partials 727 727
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Task
Add unit tests for ExternalIPsConfig in collector/lib/ExternalIPsConfig.h and ExternalIPsConfig.cpp. Test the direction enum conversion from protobuf sensor config, the fallback behavior when runtime_config is absent, the IsEnabled bitwise checks and the operator formatting
Automated by Claude Code agent. Branch:
claude/agent-1773876100-82793