Add K8s auto-develop, license change, secure prompts#2
Merged
flavienbwk merged 8 commits intomainfrom Mar 9, 2026
Merged
Conversation
Replace the 38-node n8n agentic loop (WF01) with a 19-node workflow that launches Claude Code CLI in Kubernetes Jobs. The old standalone variant is preserved in n8n_standalone/ for non-K8s environments. Key changes: - n8n/ split into n8n_claude_k8s/ (K8s Jobs) and n8n_standalone/ (agentic loop) - K8s infra: Dockerfile, entrypoint, job template, NetworkPolicy, RBAC setup - deploy.py: new map_env_vars() replaces hardcoded K8s URLs, project board IDs, and image refs with placeholders injected from credentials.env; script fails if any required env var is missing - CI: GitHub Actions workflow to build/push Claude Code image on release branch - Docs rewritten as setup-focused instructions
Defense-in-depth against prompt injection: all prompts that include user-controlled data (issue body, PR diffs, CI logs, alert payloads) now wrap that content with a per-invocation random boundary and instruct the model to treat everything inside as untrusted data. Updated scripts: wf01-k8s-01, wf01-agent-01, wf01-09, wf02-08, wf02-fix03, wf03-11, wf04-02, wf04-03 (both K8s and standalone).
flavienbwk
changed the title
flavienbwk
changed the title
CI failure logs often have the actual error at the bottom, but the previous 30K head truncation cut it off after Docker pull output. Now keeps first 5K (build context) + last 25K (test failures).
PR titles were derived from the truncated branch slug (40-char limit), producing names like "Add A Subtle Gradient Background To The". Now fetches the full issue title via GitHub API and uses it instead.
- Add gh CLI to Docker image and configure auth in entrypoint - Add imagePullPolicy: Always to K8s job manifests (WF01 + WF03) - Replace 13 old auto-fix nodes (parse/match/commit via API) with 10 K8s nodes (build job → create → poll → read logs → post result) - Claude Code now has full repo access + gh CLI for reading CI logs, PR comments, and running tests locally - Handle "succeeded but no push" case in result comment (already fixed)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
n8n_claude_k8s/(K8s, recommended) andn8n_standalone/(preserved, no K8s needed)deploy.pyfromcredentials.env; deploy fails if any required var is missingreleasebranchTest plan
make deploy-allsucceeds with placeholder injection across all 5 workflowsCLA