Autonomous development loop for the Hyrule Networks (AS215932) infrastructure.
This repository is a LangGraph runtime that classifies a change, plans it into a task spec, delegates implementation to a real coding-agent backend inside a guarded worktree, re-runs gates, has senior-role agents judge the resulting diff, learns from every run, and stops at a draft PR for human sign-off. Merges and production applies are always human-gated.
Extracted from AS215932/network-operations
once the v2 refactor stabilized — see that repo's docs/engineering-loop/ for
the design spec and roadmap, and docs/agentic-development-loop.md here for the
runtime reference.
Running an ISP in public means a lot of small, precise changes: firewall rules, monitoring checks, DNS records, config tweaks. The Engineering Loop automates the mechanical parts — classification, planning, implementation, testing, and review prep — while keeping humans in control of anything that touches production.
src/hyrule_engineering_loop/— the LangGraph runtime,AgentBackend, policy/judgment/memory/intake/daemon modules, and the operator CLI.tests/— the phased test suites (test_engineering_graph.py,test_phase*.py), fully offline (mock backend, no API keys).skills/— role, writer, and ISP-procedure skills the loop injects.docs/agent-loops/,docs/agentic-development-loop.md,docs/engineering-loop/— role cards, runtime reference, and v2 design.integrations/pi/— the Pi/loopextension.configs/loop/— systemd service + timer for the operations lane.model-policy.yml,engineering-loop-policy.yml— model/backend routing and the mutation/publication policy guards.
uv run --group dev python -m pytest -q
uv run --group dev mypy --strict src
uvx ruff check src testsuv run hyrule-engineering-loop --help
# one operations-lane cycle over the core AS215932 loop:approved queues:
uv run hyrule-engineering-loop daemon --onceThe daemon's default production scope is the seven core repos:
engineering-loop, network-operations, hyrule-cloud, hyrule-web,
hyrule-mcp, noc-agent, and hyrule-network-proxy. It runs low-and-slow by
default: at most 2 runs/day, $10/day, and docs-only mutation boundaries unless
a later reviewed PR widens them.
The dedicated loop VM sets HYRULE_MODEL_POLICY_FILE to
configs/loop/model-policy.production.yml after the operator completes Pi auth;
local tests keep using the root model-policy.yml mock backend.
The backend executes generated code. CI runs only on the unprivileged
ci-pr runner (label hyrule-public-pr); the daemon refuses to run when
GITHUB_ACTIONS is set. Never schedule it on a privileged runner.
network-operations— Production infrastructure recordhyrule-mcp— Live MCP diagnostics consumed during investigationsnoc-agent— Operator-facing incident agent