signal-view-fix #35

benchinnery · 2026-06-04T15:13:48-04:00

benchinnery commented

2026-06-04 15:13:48 -04:00

Summary

This branch adds two new CLI commands (setup_repo and upload) and improves the CLI startup experience.

ria setup_repo: Create a RIA Hub Project repository

Creates a properly-configured RIA Hub Project repo both remotely and locally in one command.

Calls the RIA Hub API with is_ria: true and auto_init: true, which marks the repository as a RIA Project in the hub
(badge in the UI, DB flag set) and seeds README.md and .gitattributes with LFS tracking rules in the initial commit
After remote creation, fetches and syncs the server-seeded files locally — no divergent history
Falls back to writing README.md and .gitattributes locally if the hub is unreachable or --no-remote is passed
Credentials are resolved via git's credential store; no manual token setup required if the user has previously used
RIA Hub with git
Supports --private, --owner, --path, --no-remote, and --hub flags
Defaults to https://riahub.ai

Note: requires a corresponding change in ria-hub to expose is_ria in the CreateRepoOption API struct
(modules/structs/repo.go) and wire it through the API handler (routers/api/v1/repo/repo.go). Without that deployed,
repo creation falls back to local file setup and the RIA Project DB flag is not set.

ria upload: Stream large files to a RIA Hub Project via Git LFS

Uploads arbitrarily large files to a repo's LFS object store without buffering anything into memory.

Hashes the file locally (SHA-256), checks whether the server already has it via the LFS batch API, streams it in 8
MB chunks with a progress bar, then commits the LFS pointer via the Gitea contents API
Each file produces one commit recording the LFS pointer
Supports --repo, --branch, --path (remote directory), --message, and --hub flags
Defaults to https://riahub.ai

CLI improvements (cli.py)

Suppresses the spurious matplotlib Unable to import Axes3D warning caused by having both a system apt package and a
pip-installed matplotlib (common on Ubuntu)
Checks for git-lfs at startup and prints a clear install-guide warning if missing, including platform-specific
instructions
CLI now shows help text when invoked with no subcommand (invoke_without_command=True); if git-lfs is missing it
pauses before showing help so the warning is not immediately scrolled past

Minor: agent/cli.py

Made --hub on the register subcommand optional with a DEFAULT_HUB_URL constant (defaults to http://localhost:3000
with a comment to switch for production), removing the required=True friction

Code quality

All flake8 violations resolved: E402 (import order), F401 (unused ssl imports), two C901 complexity violations
reduced by extracting helpers (_resolve_path_and_name, _resolve_owner, _git_init, _configure_remote in setup_repo;
_upload_single_file, _stream_upload_progress in upload)

Summary This branch adds two new CLI commands (setup_repo and upload) and improves the CLI startup experience. **ria setup_repo:** Create a RIA Hub Project repository Creates a properly-configured RIA Hub Project repo both remotely and locally in one command. - Calls the RIA Hub API with is_ria: true and auto_init: true, which marks the repository as a RIA Project in the hub (badge in the UI, DB flag set) and seeds README.md and .gitattributes with LFS tracking rules in the initial commit - After remote creation, fetches and syncs the server-seeded files locally — no divergent history - Falls back to writing README.md and .gitattributes locally if the hub is unreachable or --no-remote is passed - Credentials are resolved via git's credential store; no manual token setup required if the user has previously used RIA Hub with git - Supports --private, --owner, --path, --no-remote, and --hub flags - Defaults to https://riahub.ai Note: requires a corresponding change in ria-hub to expose is_ria in the CreateRepoOption API struct (modules/structs/repo.go) and wire it through the API handler (routers/api/v1/repo/repo.go). Without that deployed, repo creation falls back to local file setup and the RIA Project DB flag is not set. **ria upload**: Stream large files to a RIA Hub Project via Git LFS Uploads arbitrarily large files to a repo's LFS object store without buffering anything into memory. - Hashes the file locally (SHA-256), checks whether the server already has it via the LFS batch API, streams it in 8 MB chunks with a progress bar, then commits the LFS pointer via the Gitea contents API - Each file produces one commit recording the LFS pointer - Supports --repo, --branch, --path (remote directory), --message, and --hub flags - Defaults to https://riahub.ai **CLI improvements (cli.py)** - Suppresses the spurious matplotlib Unable to import Axes3D warning caused by having both a system apt package and a pip-installed matplotlib (common on Ubuntu) - Checks for git-lfs at startup and prints a clear install-guide warning if missing, including platform-specific instructions - CLI now shows help text when invoked with no subcommand (invoke_without_command=True); if git-lfs is missing it pauses before showing help so the warning is not immediately scrolled past Minor: agent/cli.py - Made --hub on the register subcommand optional with a DEFAULT_HUB_URL constant (defaults to http://localhost:3000 with a comment to switch for production), removing the required=True friction Code quality - All flake8 violations resolved: E402 (import order), F401 (unused ssl imports), two C901 complexity violations reduced by extracting helpers (_resolve_path_and_name, _resolve_owner, _git_init, _configure_remote in setup_repo; _upload_single_file, _stream_upload_progress in upload)

benchinnery added 7 commits 2026-06-04 15:13:48 -04:00

signal viewing tools 07fc871463

cli-command fixes 1b6d79f65c

lfs check 4a71dcf6c2

lfs wanring clarity 6a106fe2c4

final cli fixes 0fd9550977

domain changes 3dbbe1721d

one last address change

Build Sphinx Docs Set / Build Docs (pull_request) Successful in 22s

Details

Build Project / Build Project (3.10) (pull_request) Successful in 1m2s

Details

Build Project / Build Project (3.11) (pull_request) Successful in 2m31s

Details

Build Project / Build Project (3.12) (pull_request) Successful in 17m29s

Details

Test with tox / Test with tox (3.10) (pull_request) Successful in 16m19s

Details

Test with tox / Test with tox (3.11) (pull_request) Successful in 5m18s

Details

Test with tox / Test with tox (3.12) (pull_request) Successful in 4m41s

Details

0b736612ec

benchinnery requested review from gillian 2026-06-04 15:13:48 -04:00

G gillian requested changes 2026-06-04 15:35:16 -04:00

Dismissed

G gillian left a comment

Bugs (should fix before merge)

Wrong URL in _configure_remote skip message (setup_repo.py): the printed git remote add URL is {hub}/{repo_name}.git, missing the owner segment. Should be {hub}/{resolved_owner}/{repo_name}.git.

Connection leak in _stream_upload_progress (upload.py): conn.connect() has no try/finally, so if conn.send() or the file read raises, the connection is never closed. The older _stream_upload function gets this right with a try/finally, but that function is never called (dead code, should be removed). Either add the try/finally to _stream_upload_progress or consolidate the two.

click.pause() hangs in non-TTY contexts (cli.py): if ria is invoked in CI or with piped stdin and git-lfs is missing, this blocks indefinitely. Guard with sys.stdin.isatty().

Security gaps (both in upload.py)

No redirect protection: setup_repo.py has _NoRedirectHandler with a good explanation of why following redirects on authenticated requests is dangerous. _get_file_sha and _commit_lfs_pointer in upload.py use plain urlopen and don't get that protection.

No insecure-HTTP warning: setup_repo.py calls _warn_if_insecure before any credential use; upload.py skips this entirely despite sending Basic auth.

Code quality

_get_stored_credentials, _resolve_credentials, and _basic_auth are copy-pasted between the two new files. Worth extracting to a shared _hub_auth.py — this is also where the redirect handler and insecure warning should live, which would fix points 4 and 5 for free.

"https://riahub.ai" is now defined as three separate constants/literals across agent/cli.py, setup_repo.py, and upload.py. A single source of truth in the shared module would fix this too.

The annotation changes (Annotation, transforms, viewer, annotate display, tests) are clean and ready as-is.

**Bugs (should fix before merge)** Wrong URL in _configure_remote skip message (setup_repo.py): the printed git remote add URL is {hub}/{repo_name}.git, missing the owner segment. Should be {hub}/{resolved_owner}/{repo_name}.git. Connection leak in _stream_upload_progress (upload.py): conn.connect() has no try/finally, so if conn.send() or the file read raises, the connection is never closed. The older _stream_upload function gets this right with a try/finally, but that function is never called (dead code, should be removed). Either add the try/finally to _stream_upload_progress or consolidate the two. click.pause() hangs in non-TTY contexts (cli.py): if ria is invoked in CI or with piped stdin and git-lfs is missing, this blocks indefinitely. Guard with sys.stdin.isatty(). **Security gaps (both in upload.py)** No redirect protection: setup_repo.py has _NoRedirectHandler with a good explanation of why following redirects on authenticated requests is dangerous. _get_file_sha and _commit_lfs_pointer in upload.py use plain urlopen and don't get that protection. No insecure-HTTP warning: setup_repo.py calls _warn_if_insecure before any credential use; upload.py skips this entirely despite sending Basic auth. **Code quality** _get_stored_credentials, _resolve_credentials, and _basic_auth are copy-pasted between the two new files. Worth extracting to a shared _hub_auth.py — this is also where the redirect handler and insecure warning should live, which would fix points 4 and 5 for free. "https://riahub.ai" is now defined as three separate constants/literals across agent/cli.py, setup_repo.py, and upload.py. A single source of truth in the shared module would fix this too. The annotation changes (Annotation, transforms, viewer, annotate display, tests) are clean and ready as-is.

benchinnery commented

2026-06-04 15:49:14 -04:00

Bugs fixed:

_configure_remote — now uses resolved_owner (the actual value) instead of the literal string in the
manual-add message
_stream_upload_progress — connection is now wrapped in try/finally so it closes even if the file read or conn.send
raises; the dead _stream_upload function was removed
click.pause() — guarded with sys.stdin.isatty() so piped/CI invocations don't block

Security gaps fixed:

_get_file_sha and _commit_lfs_pointer in upload.py now use hub_opener() (the redirect-blocking opener) instead of
plain urlopen
upload command now calls warn_if_insecure(hub) before touching credentials

Code quality:

New _hub_auth.py is the single source of truth for DEFAULT_HUB, _NoRedirectHandler, hub_opener, warn_if_insecure,
basic_auth, get_stored_credentials, store_credentials, and resolve_credentials — both setup_repo.py and upload.py
import from it; all local duplicates removed

Bugs fixed: - _configure_remote — now uses resolved_owner (the actual value) instead of the literal string <owner> in the manual-add message - _stream_upload_progress — connection is now wrapped in try/finally so it closes even if the file read or conn.send raises; the dead _stream_upload function was removed - click.pause() — guarded with sys.stdin.isatty() so piped/CI invocations don't block Security gaps fixed: - _get_file_sha and _commit_lfs_pointer in upload.py now use hub_opener() (the redirect-blocking opener) instead of plain urlopen - upload command now calls warn_if_insecure(hub) before touching credentials Code quality: - New _hub_auth.py is the single source of truth for DEFAULT_HUB, _NoRedirectHandler, hub_opener, warn_if_insecure, basic_auth, get_stored_credentials, store_credentials, and resolve_credentials — both setup_repo.py and upload.py import from it; all local duplicates removed

benchinnery added 2 commits 2026-06-04 15:49:48 -04:00

Merge remote-tracking branch 'origin/main' into signal-view-fix 5a67b39d22

adressing feedback

Build Sphinx Docs Set / Build Docs (pull_request) Successful in 16s

Details

Build Project / Build Project (3.10) (pull_request) Successful in 57s

Details

Build Project / Build Project (3.11) (pull_request) Successful in 54s

Details

Build Project / Build Project (3.12) (pull_request) Successful in 2m17s

Details

Test with tox / Test with tox (3.10) (pull_request) Successful in 2m51s

Details

Test with tox / Test with tox (3.11) (pull_request) Successful in 4m44s

Details

Test with tox / Test with tox (3.12) (pull_request) Successful in 8m39s

Details

0b75013653

G gillian approved these changes 2026-06-04 15:54:29 -04:00

benchinnery merged commit 3e7ccf506d into main

2026-06-04 16:05:12 -04:00

benchinnery referenced this issue from a commit

2026-06-04 16:05:13 -04:00

Merge pull request 'signal-view-fix' (#35) from signal-view-fix into main

Sign in to join this conversation.

No reviewers

No Milestone

No project

No Assignees

2 Participants

G

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: qoherent/ria-toolkit-oss#35