Converge check onto --context-dir; let request-http read headers.json#8
Open
scott-cotton wants to merge 1 commit intostagingfrom
Open
Converge check onto --context-dir; let request-http read headers.json#8scott-cotton wants to merge 1 commit intostagingfrom
scott-cotton wants to merge 1 commit intostagingfrom
Conversation
check now invokes the actionbox binary with --context-dir ./context instead of --input/--attr. Every file in the context directory becomes a named variable in the expression env (with name, expression, results_file and attrs reserved for the action itself), so plan params and step outputs flow into check expressions via extra_inputs declared on the step without needing an intermediate eval. The object input is dropped, and the attrs schema becomes a flat JSON object so failure metadata is expressed naturally. request-http drops the dead line-delimited headers loop in favor of --headers-file ./context/headers.json, which the actionbox binary now decodes as a JSON []string. This was the only path that ever wrote the headers param (schema-typed array → .json), so the previous shell guard was unreachable. Both ACTION.md script bodies require the matching actionbox binary changes in signadot/signadot to be deployed first. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Action manifest changes that match signadot/signadot#6861.
check/ACTION.mdThe script body is rewritten to invoke
actionbox checkwith--context-dir ./contextinstead of--input/--attr. The new binary loads every file in the context directory into a single map and uses it as the expression env, with{name, expression, results_file, attrs}reserved for the action itself. Theobjectinput declaration is dropped: plans bring values into the check expression viaextra_inputsdeclared on the step, exactly the wayevalalready does.The prose explaining the directory model, reserved names, and
extra_inputswiring pattern is added to the action description so the LLM compiler sees it (and so plan authors reading the source see it too). The expression examples are updated to assume anextra_inputs: [{name: capture}]declaration with refs wiringcaptureto a previous step's HTTP capture.check/schemas/attrs.jsonSchema changes from
array<string>(with a"^[^=]+=.+$"pattern enforcingkey=valueformatting) to a flatobject<string, string>. Failure metadata is now expressed as natural JSON.request-http/ACTION.mdThe dead line-delimited headers loop is replaced with a single line:
The new binary decodes the JSON array of strings and merges them with any explicit
--headerflags. This was the only path that ever wrote the schema-typedheadersparam (it lands as.jsonbecause of its schemaRef), so the previous shell guard was unreachable in practice.Companion PR
Requires the binary changes in signadot/signadot#6861. The new ACTION.md scripts call
actionbox check --context-dirandactionbox request-http --headers-file, which the pre-PR binary doesn't recognize. The new sandboxes binary must be deployed beforeactionsyncis pointed at this branch, otherwise plans with check or request-http steps will hard-fail at runtime with "unknown flag".Migration notes
Existing compiled plans that wired check via
refs: {object: ...}will fail validation afteractionsyncupdates the check action definition (becauseobjectis no longer a declared param). The mitigation is recompilation — the compile API picks up the new shape automatically. See the companion PR for the full migration story.Test plan
actionsyncpointed at this branch and a sandboxes binary built from the companion PRX-Custom-Authfrom a plan param composed viaeval, sent throughrequest-http, asserted bycheck) — header reaches httpbin and check passes. This also exercises the runner-side schema-typed write path thatattrs.jsonwould use.output: {status_code: steps.send_request.outputs.capture.response.statusCode}) — runtime produces the integer200Note: a failing-check-with-
attrs.jsonend-to-end isn't included because the schema-typed write path is already covered by the headers test (sameWriteContextcode path) and the check binary's failure-metadata behavior is covered by unit tests.🤖 Generated with Claude Code