-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Patch: headless http server launch, Kilo Code (#1120), e2e bridge harness #1201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Scriptwonder
merged 12 commits into
CoplayDev:beta
from
Scriptwonder:chore/triage-quickwins-and-e2e
Jun 15, 2026
Merged
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
21953a0
fix: resolve unqualified generic names in unity_reflect; fix URP/ProB…
Scriptwonder 7b73f3e
Merge remote-tracking branch 'upstream/beta' into chore/triage-quickw…
Scriptwonder eb9a4d6
Merge remote-tracking branch 'upstream/beta' into chore/triage-quickw…
Scriptwonder d109211
fix(server): headless local HTTP server launch with per-port logs and…
Scriptwonder afa447e
fix(client): configure Kilo Code with its kilo.jsonc MCP format (#1120)
Scriptwonder 89f27f1
test(e2e): add headless bridge harness and deterministic no-LLM CI smoke
Scriptwonder 555158d
test(server): enforce tool/test symmetry with a shrink-only guard
Scriptwonder 614382c
chore(server): sync uv.lock to package version 9.7.1
Scriptwonder 0c2edf2
chore: ignore local .mcp.json dev config
Scriptwonder 60f43e0
chore(tests): add missing EditMode test .meta sidecars; ignore test-p…
Scriptwonder 86d6f7a
fix(harness): address Copilot/CodeRabbit review nits
Scriptwonder 34d1498
fix(harness): reject invalid --legs values at the CLI (CodeRabbit)
Scriptwonder File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,194 @@ | ||
| name: E2E Bridge Smoke (deterministic, no LLM) | ||
|
|
||
| # Boots a headless Unity Editor, starts the Python MCP server's wire path, and | ||
| # drives a fixed sequence of real tool calls with exact assertions | ||
| # (Server/tests/e2e/bridge_smoke.py). Unlike claude-nl-suite.yml this needs | ||
| # NO Anthropic API key -- it is deterministic and cheap, so it can gate PRs and | ||
| # releases. It still needs Unity license secrets to boot the Editor. | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| pull_request: | ||
| paths: | ||
| - "MCPForUnity/Editor/**" | ||
| - "MCPForUnity/Runtime/**" | ||
| - "Server/src/**" | ||
| - "Server/tests/e2e/**" | ||
| - "tools/local_harness.py" | ||
| - ".github/workflows/e2e-bridge.yml" | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
|
|
||
| env: | ||
| UNITY_IMAGE: unityci/editor:ubuntu-2021.3.45f2-linux-il2cpp-3 | ||
|
|
||
| jobs: | ||
| e2e-bridge: | ||
| runs-on: ubuntu-24.04 | ||
| timeout-minutes: 40 | ||
| steps: | ||
| - name: Detect Unity license secrets | ||
| id: detect | ||
| env: | ||
| UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }} | ||
| UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }} | ||
| UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }} | ||
| UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }} | ||
| run: | | ||
| set -e | ||
| if [ -n "$UNITY_LICENSE" ] || { [ -n "$UNITY_EMAIL" ] && [ -n "$UNITY_PASSWORD" ] && [ -n "$UNITY_SERIAL" ]; }; then | ||
| echo "unity_ok=true" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "unity_ok=false" >> "$GITHUB_OUTPUT" | ||
| echo "::warning::Unity license secrets absent; E2E bridge smoke will be skipped (not failed)." | ||
| fi | ||
|
|
||
| - uses: actions/checkout@v4 | ||
| if: steps.detect.outputs.unity_ok == 'true' | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - uses: astral-sh/setup-uv@v4 | ||
| if: steps.detect.outputs.unity_ok == 'true' | ||
| with: | ||
| python-version: "3.11" | ||
|
|
||
| - name: Install MCP server | ||
| if: steps.detect.outputs.unity_ok == 'true' | ||
| run: | | ||
| set -eux | ||
| uv venv | ||
| echo "VIRTUAL_ENV=$GITHUB_WORKSPACE/.venv" >> "$GITHUB_ENV" | ||
| echo "$GITHUB_WORKSPACE/.venv/bin" >> "$GITHUB_PATH" | ||
| uv pip install -e Server | ||
|
|
||
| # --- License staging (mirrors claude-nl-suite.yml) --- | ||
| - name: Decide license sources | ||
| if: steps.detect.outputs.unity_ok == 'true' | ||
| id: lic | ||
| shell: bash | ||
| env: | ||
| UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }} | ||
| UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }} | ||
| UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }} | ||
| UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }} | ||
| run: | | ||
| set -eu | ||
| use_ulf=false; use_ebl=false | ||
| [[ -n "${UNITY_LICENSE:-}" ]] && use_ulf=true | ||
| [[ -n "${UNITY_EMAIL:-}" && -n "${UNITY_PASSWORD:-}" && -n "${UNITY_SERIAL:-}" ]] && use_ebl=true | ||
| echo "use_ulf=$use_ulf" >> "$GITHUB_OUTPUT" | ||
| echo "use_ebl=$use_ebl" >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Stage Unity .ulf license (from secret) | ||
| if: steps.detect.outputs.unity_ok == 'true' && steps.lic.outputs.use_ulf == 'true' | ||
| id: ulf | ||
| env: | ||
| UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }} | ||
| shell: bash | ||
| run: | | ||
| set -eu | ||
| mkdir -p "$RUNNER_TEMP/unity-license-ulf" "$RUNNER_TEMP/unity-local/Unity" | ||
| f="$RUNNER_TEMP/unity-license-ulf/Unity_lic.ulf" | ||
| if printf "%s" "$UNITY_LICENSE" | base64 -d - >/dev/null 2>&1; then | ||
| printf "%s" "$UNITY_LICENSE" | base64 -d - > "$f" | ||
| else | ||
| printf "%s" "$UNITY_LICENSE" > "$f" | ||
| fi | ||
| chmod 600 "$f" || true | ||
| if grep -qi '<Signature>' "$f"; then | ||
| cp -f "$f" "$RUNNER_TEMP/unity-local/Unity/Unity_lic.ulf" | ||
| echo "ok=true" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "ok=false" >> "$GITHUB_OUTPUT" | ||
| fi | ||
|
|
||
| - name: Activate Unity (EBL via container) | ||
| if: steps.detect.outputs.unity_ok == 'true' && steps.lic.outputs.use_ebl == 'true' | ||
| shell: bash | ||
| env: | ||
| UNITY_IMAGE: ${{ env.UNITY_IMAGE }} | ||
| UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }} | ||
| UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }} | ||
| UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }} | ||
| run: | | ||
| set -euo pipefail | ||
| mkdir -p "$RUNNER_TEMP/unity-config" "$RUNNER_TEMP/unity-local" | ||
| docker run --rm --network host \ | ||
| -e HOME=/root -e UNITY_EMAIL -e UNITY_PASSWORD -e UNITY_SERIAL \ | ||
| -v "$RUNNER_TEMP/unity-config:/root/.config/unity3d" \ | ||
| -v "$RUNNER_TEMP/unity-local:/root/.local/share/unity3d" \ | ||
| "$UNITY_IMAGE" bash -lc ' | ||
| set -euxo pipefail | ||
| /opt/unity/Editor/Unity -batchmode -nographics -logFile - \ | ||
| -username "$UNITY_EMAIL" -password "$UNITY_PASSWORD" -serial "$UNITY_SERIAL" -quit || true | ||
| ' | ||
|
|
||
| - name: Warm up project (import Library once) | ||
| if: steps.detect.outputs.unity_ok == 'true' | ||
| shell: bash | ||
| env: | ||
| UNITY_IMAGE: ${{ env.UNITY_IMAGE }} | ||
| ULF_OK: ${{ steps.ulf.outputs.ok }} | ||
| run: | | ||
| set -euxo pipefail | ||
| manual_args=() | ||
| if [[ "${ULF_OK:-false}" == "true" ]]; then | ||
| manual_args=(-manualLicenseFile "/root/.local/share/unity3d/Unity/Unity_lic.ulf") | ||
| fi | ||
| docker run --rm --network host \ | ||
| -e HOME=/root \ | ||
| -v "${{ github.workspace }}:${{ github.workspace }}" -w "${{ github.workspace }}" \ | ||
| -v "$RUNNER_TEMP/unity-config:/root/.config/unity3d" \ | ||
| -v "$RUNNER_TEMP/unity-local:/root/.local/share/unity3d" \ | ||
| -v "$RUNNER_TEMP/unity-cache:/root/.cache/unity3d" \ | ||
| "$UNITY_IMAGE" /opt/unity/Editor/Unity -batchmode -nographics -logFile - \ | ||
| -projectPath "${{ github.workspace }}/TestProjects/UnityMCPTests" \ | ||
| "${manual_args[@]}" -quit | ||
|
|
||
| - name: Clean old MCP status | ||
| if: steps.detect.outputs.unity_ok == 'true' | ||
| run: | | ||
| set -eux | ||
| mkdir -p "$GITHUB_WORKSPACE/.unity-mcp" | ||
| rm -f "$GITHUB_WORKSPACE/.unity-mcp"/unity-mcp-status-*.json || true | ||
|
|
||
| - name: Run headless bridge harness (boot + wait + smoke/editmode/playmode) | ||
| if: steps.detect.outputs.unity_ok == 'true' | ||
| shell: bash | ||
| env: | ||
| UNITY_IMAGE: ${{ env.UNITY_IMAGE }} | ||
| ULF_OK: ${{ steps.ulf.outputs.ok }} | ||
| run: | | ||
| set -euxo pipefail | ||
| # In --ci mode the harness drives the DockerLauncher: it runs the same | ||
| # docker container (repo .unity-mcp status dir, docker liveness/teardown, | ||
| # log redaction), waits on the status file, derives the instance, then | ||
| # runs the smoke + EditMode + PlayMode legs over the bridge. | ||
| license_args=() | ||
| if [[ "${ULF_OK:-false}" == "true" ]]; then | ||
| license_args=(--editor-arg -manualLicenseFile \ | ||
| --editor-arg "/root/.local/share/unity3d/Unity/Unity_lic.ulf") | ||
| fi | ||
| python3 tools/local_harness.py --ci \ | ||
| --legs smoke,editmode,playmode \ | ||
| --project-path TestProjects/UnityMCPTests \ | ||
| --reports reports \ | ||
| "${license_args[@]}" | ||
|
|
||
| - name: Unity logs on failure | ||
| if: failure() && steps.detect.outputs.unity_ok == 'true' | ||
| run: docker logs unity-mcp --tail 200 | sed -E 's/((email|serial|license|password|token)[^[:space:]]*)/[REDACTED]/Ig' || true | ||
|
|
||
| - name: Upload E2E report | ||
| if: always() && steps.detect.outputs.unity_ok == 'true' | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: e2e-bridge-report | ||
| path: reports/junit-*.xml | ||
| if-no-files-found: ignore | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
🏁 Script executed:
Repository: CoplayDev/unity-mcp
Length of output: 251
🏁 Script executed:
Repository: CoplayDev/unity-mcp
Length of output: 1404
Pin third-party actions to immutable SHAs and disable checkout credential persistence.
At lines 51, 56, and 190, action refs are tag-pinned (
@v4) instead of SHA-pinned, and the checkout action at line 51 retains default credential persistence. Replace version tags with full commit SHAs and addpersist-credentials: falseto checkout:Example fix for checkout (lines 51–54)
Apply the same SHA pinning pattern to
astral-sh/setup-uv@v4(line 56) andactions/upload-artifact@v4(line 190).🧰 Tools
🪛 zizmor (1.25.2)
[warning] 51-54: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[error] 51-51: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
[error] 56-56: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents
Source: Linters/SAST tools