main

TTekniumfeat(ci): use 6-way slicing based on benchmark results

dc4b0465创建于 12 天前历史提交

文件	最后提交记录	最后更新时间
ISSUE_TEMPLATE	feat: add openrouter/elephant-alpha to curated model lists (#9378) * Add hermes debug share instructions to all issue templates - bug_report.yml: Add required Debug Report section with hermes debug share and /debug instructions, make OS/Python/Hermes version optional (covered by debug report), demote old logs field to optional supplementary - setup_help.yml: Replace hermes doctor reference with hermes debug share, add Debug Report section with fallback chain (debug share -> --local -> doctor) - feature_request.yml: Add optional Debug Report section for environment context All templates now guide users to run hermes debug share (or /debug in chat) and paste the resulting paste.rs links, giving maintainers system info, config, and recent logs in one step. * feat: add openrouter/elephant-alpha to curated model lists - Add to OPENROUTER_MODELS (free, positioned above GPT models) - Add to _PROVIDER_MODELS["nous"] mirror list - Add 256K context window fallback in model_metadata.py	1 个月前
actions	ci: run docker build on PRs + smoke test arm64 Adds pull_request trigger to docker-publish.yml so PRs that touch Dockerfile / docker/ / pyproject.toml / uv.lock / the workflow itself verify the image builds cleanly before merge. Previously, Dockerfile regressions (e.g. a stale uv.lock, a typo'd dep) would only surface after merge when the docker-publish workflow ran on main. Build-verify-only on PRs: the per-arch jobs run their load: true build + smoke test, but the push-by-digest + artifact upload steps remain gated on push-to-main or release. The merge and move-latest jobs stay excluded from PRs by their existing if: gates, so :latest and SHA tags are never touched from PR runs. Concurrency: PR runs use a PR-scoped group (docker-<pr_number>) with cancel-in-progress: true so rapid pushes to the same PR collapse to the latest commit. Push/release runs keep cancel-in-progress: false — every merge still gets its own SHA-tagged image. Also adds arm64 smoke tests (previously amd64-only): the image is now built with load: true on arm64 too, then docker run --help + dashboard --help smoke tests run identically on both arches. Both smoke test blocks were extracted into a new composite action at .github/actions/hermes-smoke-test to keep the two jobs DRY. New files: - .github/actions/hermes-smoke-test/action.yml Modified: - .github/workflows/docker-publish.yml	27 天前
workflows	feat(ci): use 6-way slicing based on benchmark results Benchmarked 4/5/6/7/8 slices with LPT duration-balanced distribution: - 4 slices: 4.8m wall, 135s spread - 5 slices: 3.4m wall, 46s spread - 6 slices: 3.3m wall, 26s spread ← optimal - 7 slices: 3.9m wall, 109s spread - 8 slices: 3.7m wall, 96s spread 6 slices is the sweet spot: lowest wall time, tightest spread. 7+ gets slower due to per-slice startup overhead dominating. Also removes benchmark branch markers from save-durations condition.	12 天前
PULL_REQUEST_TEMPLATE.md	docs: add documentation & housekeeping checklist to PR template Add a second checklist section covering common oversights seen in PRs: - Update relevant docs (README, docs/, docstrings) - Update cli-config.yaml.example when adding config keys - Update CONTRIBUTING.md/AGENTS.md for architecture changes - Consider cross-platform impact (Windows/macOS) - Update tool schemas when changing tool behavior Each item has an 'or N/A' option so contributors aren't blocked on items that don't apply to their change.	2 个月前
dependabot.yml	chore(security): add OSV-Scanner CI + Dependabot for github-actions only (#20037) Adds two supply-chain controls that complement our existing pinning strategy (full-SHA action pins, exact-version source dep pins via uv.lock / package-lock.json) without undermining it. .github/workflows/osv-scanner.yml Detection-only scan of uv.lock and the ui-tui/website package-locks against the OSV vulnerability database. Runs on PRs that touch lockfiles, on push to main, and weekly against main so CVEs published after merge still surface. Uses Google's officially- recommended reusable workflow pinned by full SHA (v2.3.5). Findings upload to the Security tab; fail-on-vuln is disabled so pre-existing vulns in pinned deps do not block merges — we move pins deliberately, not under CI pressure. .github/dependabot.yml Scoped to github-actions only. Action pins must be moved when upstream publishes patches (often themselves security fixes); Dependabot opens a PR with the new SHA + release notes for normal review. Source-dependency ecosystems (pip, npm) are deliberately NOT enabled — automatic version-bump PRs against uv.lock / package-lock.json would fight our pinning strategy. CVE-driven security updates for source deps are enabled separately via the repo's Dependabot security updates setting (GitHub UI), which fires only when a pinned version becomes known-vulnerable.	30 天前