ci: multi-transport (subprocess/http/unix) SQL E2E matrix#2
Merged
Conversation
The haybarn integration suite (test/sql/*.test) previously ran only over the subprocess/stdio transport. Add HTTP and AF_UNIX (launcher) coverage so the same suite exercises every transport the vgi extension supports, by changing only what the .test files ATTACH as the worker LOCATION. - cmd/vgi-cve-worker: wire a --unix <path> flag alongside --http; it serves the SDK's AF_UNIX launcher transport (RunUnix prints "UNIX:<path>") with the idle timeout disabled (CI owns the process lifecycle). - ci/run-integration.sh: parameterize by TRANSPORT (subprocess|http|unix). http starts `--http` and parses the SDK's "PORT:<n>" line -> http://host:port (bare root: the extension POSTs methods at <LOCATION>/<method>, mounted at the server root; a /vgi path would 404). unix starts `--unix <sock>`, waits for the "UNIX:<path>" line and the socket file -> unix://<sock>. The mock NVD server now runs for ALL transports (the worker's table functions still call it); every started process is trap-killed on exit. Keep the INSTALL vgi FROM community warm step and fixture staging unchanged. - Guard against the runner's silent network-error skip: the DuckDB/Haybarn sqllogictest runner SKIPS (exit 0) any test whose error matches "HTTP", so a broken HTTP leg would fake-pass having run nothing. The script now fails the leg when every test was skipped, surfacing the skip reason. - .github/workflows/ci.yml: turn the integration job into a transport matrix (subprocess, http, unix); the build/vet/fmt/unit job is untouched. - ci/README.md: document the matrix, port/socket discovery, the always-on mock, and the silent-skip guard. Local validation (haybarn-unittest v1.5.4-rc1, osx_arm64): subprocess GREEN (25 assertions), unix GREEN (25 assertions). http is SKIPPED locally by the runner's network-error rule (the guard fails the leg loudly rather than faking a pass); the worker + community vgi extension ATTACH and query correctly over HTTP when exercised directly, so this is validated on linux CI. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The http leg revealed two real, transport-specific issues; resolve the first and gate the second (a genuine protocol limitation, never faked): 1. httpfs is required. The vgi extension drives the worker-RPC HTTP POSTs through DuckDB's HTTPUtil, which is only registered when httpfs is loaded. The .test files only `LOAD vgi`, so over HTTP every worker request failed with an "HTTP"-flavoured error that the runner silently skipped. The script now injects `INSTALL httpfs FROM core; LOAD httpfs;` after each `LOAD vgi;` for the http leg only. 2. cve_api.test is GATED on http (runs on subprocess/unix only). The cve/ cve_search/cpe_cves table functions stream their result across multiple Process exchanges, signalling end-of-stream with per-execution state (state.Done: first Process emits, next returns Finish()). The vgi HTTP transport is stateless — each RPC is independent, so the per-execution state does not persist across exchanges (the SDK itself disables deferred cleanup in HTTP mode: "no reliable stream-end signal"). Done resets every request, Process re-emits forever, and the worker spins re-binding indefinitely. This is the documented "partition-local state across exchanges" HTTP limitation, so we gate the file rather than fake a pass. The offline CVSS scalars are plain request/response and DO run over http. ci/README.md documents both. Local validation: subprocess GREEN (25), unix GREEN (25), http GREEN (14, offline scalars; table funcs gated). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds HTTP and AF_UNIX (launcher) transport coverage to the haybarn SQL E2E
suite, which previously ran only subprocess/stdio. The same
test/sql/*.testsuite now runs over each transport as a CI matrix, by changing only what the
tests ATTACH as the worker
LOCATION.What changed
cmd/vgi-cve-worker: wire a--unix <path>flag (alongside--http)that serves the SDK's AF_UNIX launcher transport.
ci/run-integration.sh: parameterized byTRANSPORT(
subprocess|http|unix). Discovers the worker's port (PORT:<n>) orsocket (
UNIX:<path>), sets the LOCATION accordingly, and trap-kills theout-of-band worker. The mock NVD server now runs for all transports (the
worker's table functions still call it). Adds a guard that fails a leg if
the runner silently skipped every test (its built-in
HTTPnetwork-errorskip), so a broken HTTP leg can't fake-pass.
.github/workflows/ci.yml: integration job is now atransport: [subprocess, http, unix]matrix. Build/vet/fmt/unit jobuntouched; the
INSTALL vgi FROM communitywarm step preserved.ci/README.md: documents the matrix, discovery, always-on mock, and thesilent-skip guard.
Local validation (haybarn-unittest v1.5.4-rc1, osx_arm64)
loudly rather than faking a pass. The worker + community vgi extension ATTACH
and query correctly over HTTP when exercised directly — validated here on
linux CI.
🤖 Generated with Claude Code