refactor: simplify trigger server to fire-and-forget + fix monitoring loop prompts (#1384)

The trigger server streamed script stdout back to GitHub Actions via a long-lived HTTP response, requiring --http1.1, heartbeat injection, server.timeout(req, 0), createEnqueuer, drainStreamOutput, and 90-min GH Actions timeouts. In practice GitHub Actions is just a dumb trigger — the real state lives on the VM (log files, journalctl). Simplify to fire-and-forget: spawn script, return 200 JSON immediately. Also fix the refactor and discovery team lead monitoring loops. The prompts buried the loop in a single compressed line that the model ignored (doing Bash("sleep 10") repeatedly without calling TaskList). Replace with a dedicated "Monitor Loop (CRITICAL)" section with numbered steps, matching the security.sh pattern that actually works. Changes: - trigger-server.ts: remove ~150 lines of streaming code (createEnqueuer, drainStreamOutput, startStreamingRun, heartbeat, ReadableStream), replace with startFireAndForgetRun (stdout: "inherit", immediate JSON) - All 4 workflows: simple curl POST, timeout-minutes 90→5, remove --http1.1/-N/--max-time/exit-code handling - refactor.sh: add Monitor Loop (CRITICAL) section with numbered steps - discovery-team-prompt.txt: same Monitor Loop fix - SKILL.md: update architecture docs, remove streaming sections Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-28 20:09:34 +00:00 · 2026-02-17 10:47:52 -05:00 · 2026-02-17 10:47:52 -05:00 · f3cfe890f7
commit f3cfe890f7
parent aff3b73850
8 changed files with 90 additions and 299 deletions
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@ -14,7 +14,7 @@ concurrency:
 jobs:
  review:
    runs-on: ubuntu-latest
-    timeout-minutes: 40
+    timeout-minutes: 5
    # Only trigger on issues with safe-to-work AND (team-building or security) labels, or schedule/manual
    if: >-
      github.event_name != 'issues' ||
@ -32,25 +32,6 @@ jobs:
            exit 0
          fi

-          set +e
-          # --fail-with-body: exit 22 on HTTP errors but still print the body
-          # -N: no output buffering (stream chunks in real-time)
-          # --max-time: hard cap matching the Sprite's cycle timeout + grace
-          curl -sSN --http1.1 --fail-with-body --max-time 2700 -X POST \
+          curl -sS --fail-with-body -X POST \
            "${SPRITE_URL}/trigger?reason=${{ github.event_name }}&issue=${{ github.event.issue.number || '' }}" \
            -H "Authorization: Bearer ${TRIGGER_SECRET}"
-          CURL_EXIT=$?
-          set -e
-
-          if [ "$CURL_EXIT" -eq 0 ]; then
-            echo ""
-            echo "=== Security review completed ==="
-          elif [ "$CURL_EXIT" -eq 22 ]; then
-            # HTTP error — body was already printed above (429 = already running, 409 = dedup, etc.)
-            echo ""
-            echo "=== Trigger returned HTTP error (see output above) ==="
-          else
-            echo ""
-            echo "=== curl failed (exit=$CURL_EXIT) ==="
-            exit 1
-          fi