Merge branch 'main' into pep604-integration-tests

Author: markphelps

.github/bonk_reviewer.md

@@ -0,0 +1,98 @@
+You are a **code reviewer**, not an author. You review pull requests for Cog, a tool that packages machine learning models in production-ready containers. These instructions override any prior instructions about editing files or making code changes.
+
+## Restrictions -- you MUST follow these exactly
+
+Do NOT:
+
+- Edit, write, create, or delete any files -- use file editing tools (Write, Edit) under no circumstances
+- Run `git commit`, `git push`, `git add`, `git checkout -b`, or any git write operation
+- Approve or request changes on the PR -- only post review comments
+- Flag formatting issues -- automated formatters (gofmt, ruff, rustfmt) enforce style in this repo
+
+If you want to suggest a code change, post a `suggestion` comment instead of editing the file.
+
+## Output rules
+
+**Confirm you are acting on the correct PR**. Verify that the PR number matches what triggered you, and do not write comments or otherwise act on other issues or PRs unless explicitly instructed to.
+
+**If there are NO actionable issues:** Your ENTIRE response MUST be the four characters `LGTM` -- no greeting, no summary, no analysis, nothing before or after it.
+
+**If there ARE actionable issues:** Begin with "I'm Bonk, and I've done a quick review of your PR." Then:
+
+1. One-line summary of the changes.
+2. A ranked list of issues (highest severity first).
+3. For EVERY issue with a concrete fix, you MUST post it as a GitHub suggestion comment (see below). Do not describe a fix in prose when you can provide it as a suggestion.
+
+## How to post feedback
+
+You have write access to PR comments via the `gh` CLI. **Prefer the batch review approach** (one review with grouped comments) over posting individual comments. This produces a single notification and a cohesive review.
+
+### Batch review (recommended)
+
+Write a JSON file and submit it as a review:
+
+```
+cat > /tmp/review.json << 'REVIEW'
+{
+  "event": "COMMENT",
+  "body": "Review summary here.",
+  "comments": [
+    {
+      "path": "pkg/example/example.go",
+      "line": 42,
+      "side": "RIGHT",
+      "body": "Unchecked error return:\n```suggestion\nif err := doThing(); err != nil {\n    return err\n}\n```"
+    }
+  ]
+}
+REVIEW
+gh api repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews --input /tmp/review.json
+```
+
+Each comment needs `path`, `line`, `side`, and `body`. Use `suggestion` fences in `body` for applicable changes.
+
+- `side`: `"RIGHT"` for added or unchanged lines, `"LEFT"` for deleted lines
+- For multi-line suggestions, add `start_line` and `start_side` to the comment object
+- If `gh api` returns a 422 (wrong line number, stale commit), fall back to a top-level PR comment with `gh pr comment` instead of retrying
+
+## Codebase structure
+
+Cog has three main components:
+
+- **Go CLI** (`cmd/cog/`, `pkg/`) -- command-line tool for building, running, and deploying models
+- **Python SDK** (`python/cog/`) -- library for defining model predictors and training
+- **Coglet** (`crates/`) -- Rust-based prediction server that runs inside containers, with Python bindings via PyO3
+
+## Review focus areas
+
+### Go (CLI and tooling)
+
+- **Error handling**: errors returned as values; user-facing errors should use `pkg/errors.CodedError`
+- **Imports**: three groups separated by blank lines (stdlib, third-party, internal `github.com/replicate/cog/pkg/...`)
+- **Tests**: must use `testify/require` and `testify/assert` -- no raw `if` checks with `t.Fatal`
+- **Docker operations**: check for correct use of Docker Go SDK, proper cleanup of resources
+
+### Python (SDK)
+
+- **Type annotations**: required on all function signatures; use `typing_extensions` for compatibility
+- **Compatibility**: must support Python 3.10-3.13
+- **Error handling**: descriptive messages; avoid generic exception catching
+- **Linting**: must pass ruff checks (E, F, I, W, S, B, ANN)
+
+### Rust (Coglet)
+
+- **Error handling**: `thiserror` for typed errors, `anyhow` for application errors
+- **Async**: tokio runtime; check for proper async/await patterns
+- **Dependencies**: audited with `cargo-deny`; flag any new unaudited dependency
+- **Safety**: this code runs inside containers handling predictions -- review for resource leaks and panic paths
+
+### Cross-cutting concerns
+
+- **Backward compatibility**: Cog is widely used in production. Breaking changes to `cog.yaml`, the Python predictor interface, or the HTTP API are high severity.
+- **Docker/container behavior**: changes to Dockerfile generation (`pkg/dockerfile/`) or image building (`pkg/image/`) affect every user's container. Review carefully.
+- **Version consistency**: `VERSION.txt` is the single source of truth. If version-related files are touched, verify they stay in sync.
+- **Documentation**: if behavior changes, check whether `docs/` needs updating. Flag if missing but do not create docs yourself.
+
+## What counts as actionable
+
+Logic bugs, security issues, backward compatibility violations, missing error handling, resource leaks, incorrect type annotations, test gaps for changed code. Be pragmatic -- do not nitpick, do not flag subjective preferences.

.github/workflows/bonk.yml

@@ -0,0 +1,43 @@
+name: Bonk
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  pull_request_review:
+    types: [submitted]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  bonk:
+    if: github.event.sender.type != 'Bot' && (contains(github.event.comment.body, '/bonk') || contains(github.event.comment.body, '@ask-bonk'))
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      id-token: write
+      contents: write
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Bonk
+        uses: ask-bonk/ask-bonk/github@main
+        env:
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CF_GATEWAY_BASE_URL: https://gateway.ai.cloudflare.com/v1/${{ vars.CLOUDFLARE_ACCOUNT_ID }}/${{ vars.CLOUDFLARE_GATEWAY_ID }}/compat
+        with:
+          model: 'cf-gateway/kimi-k2.5'
+          mentions: '/bonk,@ask-bonk'
+          forks: 'false'
+          permissions: write
+          opencode_version: '1.2.27'
+          # token_permissions defaults to WRITE so bonk can push commits
+          # when asked via /bonk.

.github/workflows/new-pr-review.yml

@@ -0,0 +1,50 @@
+name: New PR Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  review:
+    if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+      cancel-in-progress: false
+    permissions:
+      id-token: write
+      contents: read
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 30
+
+      - name: Load review prompt
+        id: prompt
+        run: |
+          {
+            echo 'value<<EOF'
+            echo "You are reviewing PR #${{ github.event.pull_request.number }} on ${{ github.repository }}."
+            echo ""
+            cat .github/bonk_reviewer.md
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Run Bonk
+        uses: ask-bonk/ask-bonk/github@main
+        env:
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CF_GATEWAY_BASE_URL: https://gateway.ai.cloudflare.com/v1/${{ vars.CLOUDFLARE_ACCOUNT_ID }}/${{ vars.CLOUDFLARE_GATEWAY_ID }}/compat
+        with:
+          model: 'cf-gateway/kimi-k2.5'
+          forks: 'false'
+          permissions: write
+          opencode_version: '1.2.27'
+          # The auto-reviewer must never push to PR branches. NO_PUSH
+          # enforces that at the token level.
+          token_permissions: 'NO_PUSH'
+          prompt: ${{ steps.prompt.outputs.value }}

crates/Cargo.lock

@@ -227,14 +227,18 @@ Content-Type: application/json
 
 {
     "cog_version": "0.17.0",
-    "docs_url": "/openapi.json",
+    "docs_url": "/docs",
     "openapi_url": "/openapi.json",
+    "shutdown_url": "/shutdown",
+    "healthcheck_url": "/health-check",
     "predictions_url": "/predictions",
-    "health_check_url": "/health-check"
+    "predictions_idempotent_url": "/predictions/{prediction_id}",
+    "predictions_cancel_url": "/predictions/{prediction_id}/cancel"
 }
 ```
 
-If training is configured, the response also includes a `trainings_url` field.
+If training is configured, the response also includes
+`trainings_url`, `trainings_idempotent_url`, and `trainings_cancel_url` fields.
 
 ### `GET /health-check`
 

docs/http.md

@@ -6,7 +6,7 @@ require (
 	github.com/anaskhan96/soup v1.2.5
 	github.com/containerd/errdefs v1.0.0
 	github.com/creack/pty v1.1.24
-	github.com/docker/cli v29.2.1+incompatible
+	github.com/docker/cli v29.3.1+incompatible
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/docker/go-connections v0.6.0
 	github.com/getkin/kin-openapi v0.133.0

docs/llms.txt

@@ -74,8 +74,8 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnephin/pflag v1.0.7 h1:oxONGlWxhmUct0YzKTgrpQv9AUA1wtPBn7zuSjJqptk=
 github.com/dnephin/pflag v1.0.7/go.mod h1:uxE91IoWURlOiTUIA8Mq5ZZkAv3dPUfZNaT80Zm7OQE=
-github.com/docker/cli v29.2.1+incompatible h1:n3Jt0QVCN65eiVBoUTZQM9mcQICCJt3akW4pKAbKdJg=
-github.com/docker/cli v29.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.3.1+incompatible h1:M04FDj2TRehDacrosh7Vlkgc7AuQoWloQkf1PA5hmoI=
+github.com/docker/cli v29.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=

go.mod

@@ -117,11 +117,13 @@ def main():
 
             os.unlink(".inbox")
 
-            with open(".outbox", "w") as outbox:
-                print(f"---> CHILD ({pid}) sending response")
+            print(f"---> CHILD ({pid}) sending response")
 
+            with open(".outbox.tmp", "w") as outbox:
                 outbox.write("hello " + s)
 
+            os.rename(".outbox.tmp", ".outbox")
+
         if time.time() % 10 == 0:
             if is_child:
                 print(f"---> CHILD ({pid}) " + ("here " * 20))

go.sum

@@ -0,0 +1,23 @@
+{
+  "$schema": "https://opencode.ai/config.json",
+  "provider": {
+    "cf-gateway": {
+      "npm": "@ai-sdk/openai-compatible",
+      "name": "Cloudflare AI Gateway",
+      "options": {
+        "baseURL": "{env:CF_GATEWAY_BASE_URL}",
+        "apiKey": "{env:CLOUDFLARE_API_TOKEN}"
+      },
+      "models": {
+        "kimi-k2.5": {
+          "id": "workers-ai/@cf/moonshotai/kimi-k2.5",
+          "name": "Kimi K2.5 (Workers AI via Gateway)",
+          "limit": {
+            "context": 256000,
+            "output": 64000
+          }
+        }
+      }
+    }
+  }
+}