Why:
PR checks currently spend runner time on expensive lanes that cannot provide
additional signal for many narrow changes. This slows feedback and increases
CI cost while keeping branch protection tied to jobs that are often irrelevant.
Impact:
CI scheduling changes only; product code and test semantics are unchanged.
Before/After:
Before, most PRs fanned out broadly; after, CI uses scoped heavy lanes.
Technical Overview:
Add a pinned changed-files scope job that computes which families of checks
are relevant for a pull request and records the decision in the step summary.
Keep only the clang21 ndebug and gcc15 GNU23 debug compile lanes in the
required compile gate, and make that gate a mock success for PRs without C or
header changes. Move the other compile-only lanes to an extended compile job
that runs after the required gate and only for C/header changes.
Gate package, journal, service, analyzer, Kafka, arm64, and i386 jobs on the
scope outputs while keeping per-job changed-files checks as a safety belt.
Limit the Elasticsearch extra CI lane to runtime C/header changes and the
omelasticsearch plugin files only. Move imbeats to its own path-gated workflow
so it runs only for imbeats, omelasticsearch, runtime, test, or helper changes.
Move the Debian experimental package build out of PR CI and into a weekly or
manual workflow.
Remove redundant post-failure log gathering steps because the GitHub Actions UI
already exposes the logs. Enable opt-in Autoconf config.cache use for the
shared configure helper and static analyzer helper, and forward the cache
controls into dev containers. Add matching actions/cache steps with conservative
non-recursive keys so repeated PR runs can reuse configure probe results without
post-job hashing failures from generated test artifacts.
Document local workflow validation expectations for agents, including the
pinned zizmor check and avoiding direct template expansion in shell run blocks.
With the help of AI-Agents: Codex
Why: capture the live backlog triage workflow so future issue batches
can be handled consistently.
Impact: documentation-only agent guidance for issue triage workflows.
Before/After: triage rules lived in chat context. They are now a
reusable repository skill.
Technical Overview:
Adds rsyslog_issue_triage under .agent/skills.
Documents the issue classification taxonomy.
Captures the evidence checklist and GitHub comment policy.
Records the local board and cached issue workflow.
Describes small-fix eligibility and deferral rules.
Adds the per-issue and per-cluster output templates.
Links the skill from AGENTS.md for discoverability.
With the help of AI-Agents: Codex
Why:
Regular PR CI should keep useful coverage without spending every run on
very slow QEMU lanes, and the tests touched here should have deterministic
oracles under the broader PR check load.
Impact:
PR CI now runs regular checks at `-j10`, keeps native arm64 ASan and adds
i386 coverage, while slow armhf and s390x QEMU coverage moves out of the
regular PR gate.
Before/After:
Before, the PR workflow mixed native arm64 with slow armhf and s390x QEMU
jobs and several tests depended on host timing, queue volume, or fixture
ordering. After, the PR workflow uses native arm64 plus Debian 13 i386 and
the touched tests assert their intended behavior more directly.
Technical Overview:
Update `run_checks.yml` so regular PR check jobs use `-j10` instead of the
older lower per-job check parallelism.
Replace the PR cross-architecture matrix with a dedicated native arm64
ASan job and a Debian 13 `linux/386` job.
Remove the unconditional cross-arch test-log artifact collection while
keeping failure-only log output in the Actions UI.
Fix imdiag response formatting so truncated `vsnprintf()` output cannot
make `send()` read past the response buffer.
Make DA and diskqueue truncated-segment tests count persisted queue
segments and accept phase-1 setup only when it has enough corruptable tail
for the later corruption oracle.
Add DA recovery progress diagnostics without weakening the quarantine and
clean-live-queue oracle.
Pace omfwd one-target retry injection and use the sequence oracle instead
of relying on a post-injection sleep.
Write imfile wildcard payloads through non-matching temporary names and
atomic rename so imfile does not first observe empty matching files.
Extend the MySQL async enqueue timeout while preserving the queue-size
invariant used by the backpressure test.
Make the RELP OpenSSL auth-failure CPU sampler interval-aware and document
its busy-loop regression oracle.
Wait for the final truncate batch in `imfile-truncate-multiple.sh`, matching
the earlier batch checks.
Document that new or changed tests should state their intent and any timing,
retry, or sampling oracle inline.
With the help of AI-Agents: Codex
Why:
The service-test suppression added in the previous PR made review-thread
polling part of the work: two related module families still had asymmetric
in-test relevance checks, and the babysitting process was not discoverable.
Impact:
Journal and hiredis service tests now trigger consistently for related input
and output module changes.
Before/After:
Before, im/om journal and hiredis checks could skip their peer module changes;
after, each family uses the same relevant changed-file set.
Technical Overview:
The diag.sh module relevance cases now make imjournal and omjournal match both
journal plugin and test path sets. The imhiredis and omhiredis cases now match
both Redis input and output plugin/test path sets, matching the hiredis family
alias. A new rsyslog_pr_babysitting skill documents the regular PR babysitting
loop, including CI polling, failed-job log inspection, reruns for likely flakes,
and unresolved review-thread polling via GraphQL. AGENTS.md links the new skill
so other agents can discover it.
With the help of AI-Agents: Codex
Why: Local Codex workflows need a clear place for machine-specific notes without copying those details into the shared guide.
Impact: Agents are now explicitly directed to read the ignored local overlay when it exists.
Before/After: The guide only implied local notes; it now defines the overlay lookup at the top.
Technical Overview:
Add a Local Overlay section near the start of AGENTS.md.
Mirror the liblognorm wording so related repositories use the same convention.
Keep machine-specific instructions in AGENTS.local.md, which remains ignored.
No source, build, or test behavior changes are introduced.
With the help of AI-Agents: Codex
Why:
Service-backed integration tests are expensive in CI and local container
runs. They should not start external services when a change cannot affect
the relevant module or shared runtime code.
Impact:
CI and local test runs skip or avoid building irrelevant service-backed
coverage while preserving explicit force overrides.
Before/After:
Before, broad checks configured and queued many service tests regardless
of changed files. After, the same diag.sh relevance logic controls both
configure-time suppression and in-test skips.
Technical Overview:
Add module relevance detection to tests/diag.sh with runtime, harness,
module, and test-script triggers for Elasticsearch, MySQL, libdbi, Kafka,
ClickHouse, PostgreSQL, Redis/hiredis, imdocker, imbeats, journal, SNMP,
RabbitMQ, Azure Event Hubs, Azure DCE, and impstats push tests. Extend the
regular run_checks.yml path so broad CI appends matching --disable-* test
configure options when a service family is irrelevant, and narrow focused
journal and Elasticsearch workflow triggers to relevant files. Keep force
environment variables and unknown-diff fallback behavior so tests still run
when requested or when relevance cannot be established.
Move imfile and omhttp test registration earlier in tests/Makefile.am so
longer wait-heavy groups enter Automake's parallel queue sooner without
changing which tests are registered. Add rsyslog_local_container_testing as
the canonical agent skill for mirroring run_checks.yml container validation
locally, including the analyzer-first flow, clean-tree rules, service-skip
validation, and container path caveats. Point AGENTS.md directly to that
skill and remove the older duplicated devtools local-container note.
With the help of AI-Agents: Codex
Why: automated security reviews need a shared proof standard so
hardening opportunities are not over-stated as confirmed vulnerabilities.
Impact: contributor-facing guidance now distinguishes confirmed issues,
potential issues, hardening, and invalid findings before severity or CWE
language is used.
Before/After: agent guidance pointed at documentation structure, but did
not define a security-finding evidence bar; the new rubric documents the
required source, reachability, sink, missing guard, and impact checks.
Technical Overview:
Add doc/ai/security_triage_rubric.md with classification, proof, CWE,
severity, rsyslog-specific, test, wording, and inline-comment guidance.
Link the rubric from the root AGENTS.md and doc/ai AGENTS.md files.
List the new file in doc/ai/README.md and doc/Makefile.am so it is easy
to discover and packaged with the documentation support files.
With the help of AI-Agents: Codex
Why: administrators need explicit compatibility knobs while moving
from legacy syntax and insecure historical defaults.
Impact: global compatibility behavior is now configurable in
RainerScript and YAML, and unsafe TLS usage emits warnings.
Before/After: legacy and insecure behavior was mostly implicit;
it is now explicit, configurable, and warned.
Technical overview:
Add global compatibility.configformat controls for legacy $-syntax,
classic syslogd filters, and property-based filters with enable,
warn, and disable modes.
Add compatibility.defaults.secure with strict, warn, and
backward-compatible behavior, including failOnUncleanConfig in
secure mode.
Add transport-security warnings for inbound and outbound network
configs that effectively disable TLS or use anon auth, and include
docs URLs in messages.
Add focused docs pages for each TLS warning and interlink them with
FAQ/tutorial paths.
Add compatibility testbench coverage for YAML and a focused
RainerScript subset, plus secure-dynafile default tests.
Set omclickhouse allowUnsignedCerts default to off.
Closes https://github.com/rsyslog/rsyslog/issues/2383
With the help of AI-Agents: Codex
Introduce a dedicated rsyslog_config agent skill that captures the
dual-frontend config architecture (RainerScript grammar + yamlconf.c)
and the parity rules that must be observed whenever the config layer
is extended.
Key additions:
- .agent/skills/rsyslog_config/SKILL.md: full skill covering the shared
backend model, a parity table for each change type, key file index,
YAML test conventions, and documentation requirements.
- AGENTS.md: register rsyslog_config in the skills table.
- runtime/AGENTS.md: add yamlconf.c/h to key components with an
explicit cross-reference to the parity rule.
- tests/AGENTS.md: add config format coverage rule and YAML test
naming/registration conventions.
- plugins/AGENTS.md: extend the parameter documentation rule to include
YAML examples, and note that new statement/block types require
yamlconf.c changes.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Why: release-tagged container images should only be published after the
matching rsyslog packages are available in the correct Adiscon PPA.
Impact: manual release flows now use fixed stable and daily-stable
channels, derive the stable container tag automatically from
`RSYSLOG_VERSION`, and update `latest` only when explicitly requested.
Before/After: release-tagged image publishing was a manual sequence
without a package-availability gate or an explicit `latest` decision;
it is now an explicit release workflow with a lightweight PPA readiness
check and fixed channel rules.
Technical Overview:
The Docker image Makefile now adds explicit manual release targets:
`release_build`, `release_push`, and `release_publish`.
The stable channel uses `ppa:adiscon/v8-stable` and derives the image
tag from `RSYSLOG_VERSION` using `8.yymm.0` -> `20yy-mm`. The
daily-stable channel uses `ppa:adiscon/daily-stable` and the fixed image
tag `daily-stable`.
Before any release build or push proceeds, a disposable Ubuntu container
checks that the selected channel exposes the requested rsyslog release
series. The real image build remains the source of truth for package
completeness.
`release_publish` updates `latest` only when `PUSH_LATEST=yes` is set.
The operator README now documents the channel rules, the stable tag
mapping, and the manual release workflow consistently with the Makefile.
AGENTS.md adds the same container guidance for future AI-driven changes.
With the help of AI-Agents: Codex
Why: the container image family needs an explicit versioning contract
before release publishing is automated, and the current default tag
looks too much like a real release.
Impact: local builds now default to a non-release tag, publish flows
require an explicit stable version, and the version contract is
documented for both users and AI agents.
Before/After: local `make all` no longer emits release-like image
tags by default; release-style tags must now be requested
intentionally.
Technical Overview:
Change the Docker image Makefile default VERSION from a release-like
value to `dev-local`.
Keep explicit `VERSION=...` overrides for local release rehearsals and
for CI or release automation.
Add a publish guard that rejects empty, dev-local, `dev-*`, and
`ci-*` versions for push and latest-tag targets.
Document the container version and publishing contract in a new
`packaging/docker/rsyslog/README.md`.
Add repository-level AI guidance so future agents keep local container
build defaults clearly non-release.
Clarify in the container CI workflow that `ci-<sha>` is a validation
version and that release workflows must inject a stable version
explicitly.
With the help of AI-Agents: Codex
Modernize the rsyslog contribution workflow for AI agents to
improve policy compliance and reduce instruction verbosity.
Impact: Repository-wide reduction in AGENTS.md bloat.
Before: Fragmented and redundant procedural instructions in AGENTS.md.
After: Modular skills in .agent/skills/ with streamlined subtree guides.
This change encapsulates build, test, documentation, module authoring,
and commit policies into reusable skills. It introduces:
- A specialized AI memory lifecycle auditor.
- A boilerplate snippets library.
- The 'rsyslog_doc_dist' skill for doc/Makefile.am synchronization.
- YAML frontmatter 'triggers' for automatic skill activation.
The workflow is further optimized to skip redundant builds after stylistc
code formatting, ensuring faster iteration for AI-led development.
AI-Agent: Antigravity 2026-01
Update AGENTS.md and subordinate guides to recommend incremental
builds via 'make check TESTS=""'. This avoids redundant autogen and
configure steps during iterative development.
With the help of AI-Agents: Google Jules
This commit introduces a dedicated AI assistant prompt for documentation
tasks, located at `ai/rsyslog_doc_assistant/base_prompt.txt`. This
prompt standardizes the creation and maintenance of Sphinx-RST
documentation, enforcing best practices for AI ingestion such as
metadata blocks, summary slices, and consistent anchors.
Modifications:
- Created `ai/rsyslog_doc_assistant/base_prompt.txt` with specific
roles, objectives, and workflow checklists for the rsyslog-doc agent.
- Updated the root `AGENTS.md` to include a reference to this new
prompt in the "Quick links for agents" section.
- Created `doc/ai/AGENTS.md` to serve as a guide for agents working
within the `doc/` subtree, explicitly linking to the new prompt and
reinforcing the requirements for metadata and structure defined in
`doc/ai/authoring_guidelines.md`.
These changes ensure that future documentation updates by AI agents will
be consistent, technically accurate, and optimized for both human
readers and RAG systems.
With the help of AI-Agents: Jules
doc: add and improve code architecture doc
This adds information to both user- and AI Agent facing doc components. The Architecture was verified via code review, a joint effort between the Google Jules AI Agent and Rainer Gerhards, rsyslog lead maintainer.
Refactors the main `AGENTS.md` file to be a more effective guide for AI agents. This final version incorporates several rounds of feedback to improve clarity, safety, and the explicitness of instructions, while also restoring developer-facing features.
Key improvements:
- Introduces a "Quick Start" section at the top to provide a clear, consolidated "happy path" for environment setup, building, and testing.
- Makes the dependency installation command explicitly optional and scopes it to Debian/Ubuntu environments with a clear warning.
- Restores the `SETUP` keyword to maintain developer workflows, but updates it to refer to the new "Quick Start" section, avoiding duplication.
- Softens overly absolute rules (e.g., regarding container usage) into recommendations.
- Clarifies and standardizes commit message guidelines, including the AI contribution format.
- Removes redundant and confusing setup sections, creating a single source of truth for the initial agent workflow.
Impact:
This comprehensive refactoring streamlines the onboarding process for AI agents, reduces the potential for environment setup errors, and ensures that agent-generated contributions more closely follow project standards, while preserving existing developer convenience features.
Standardizing how we handle "impossible" states to help automated
tools detect bugs while keeping production code simple and stable.
This modernization step aids maintainability and AI-assisted reviews.
BEFORE: No formalized guidance for "impossible" path handling.
AFTER: Mandatory assertions with optional defensive fallbacks.
Introduced a formalized hybrid pattern for defensive programming.
The new guidance mandates the use of assert() for all invariants
to allow Static Analyzers and AI agents to reason about code state
correctly. It also recommends an optional defensive if fallback
to prevent production crashes, except where recovery logic would be
excessively complex. Updated the top-level AGENTS.md with a brief
instruction and added a detailed practice document to the
coding_practices catalog. Prohibited use of __builtin_unreachable()
to prevent undefined behavior in release builds.
AI-Agent: Antigravity
This change updates the root AGENTS.md, plugins/AGENTS.md, and
MODULE_AUTHOR_CHECKLIST.md to explicitly require that new configuration
parameters be documented in the doc/ subtree. This ensures that
future AI agents (and humans) do not overlook documentation tasks
when implementing new features.
Impact: Improved documentation coverage and consistency for new
features.
AI-Agent: Antigravity
- add a pattern entry describing how to document preconditions and defensive fallbacks when splitting helpers out of larger routines
- link the IPv4 tail antipattern to the general guidance and catalog it alongside other practices
AI-Agent: ChatGPT
Add three new standardized task keywords to AGENTS.md that enable AI
agents to automate common development workflows:
- SETUP: Installs all development dependencies for Ubuntu/Debian
- BUILD [options]: Configures and builds rsyslog with optional flags
- TEST [scripts]: Runs testbench with optional specific test scripts
These keywords follow the existing FINISH and SUMMARIZE pattern,
providing clear step-by-step instructions and usage examples. This
standardizes agent workflows and reduces errors from manual procedure
following.
Before: Agents had to manually follow multi-step instructions from
the "Manual Setup" section, leading to inconsistent execution.
After: Agents can use simple keywords (SETUP, BUILD, TEST) to
automate these common tasks with standardized behavior.
... for trailing extra-data removal.
Add configurable mechanism to detect and remove trailing extra-data sections
from messages before parsing. This addresses cases where third-party enrichers
append non-standard data (e.g., "enrichment_section: fromhost-ip=...") that
can interfere with Snare event parsing.
The ignoreTrailingPattern parameter can be set at both module and action
levels, with action-level values overriding module defaults. When configured,
the parser searches for the pattern in trailing positions (after the last
tab-separated token). If found, the message is truncated at the start of the
last token, removing the entire trailing section including any preceding
content in that token (e.g., dynamic numeric prefixes).
The truncated extra-data section is optionally exposed as a !extradata_section
message property, allowing downstream processing to access the removed content
if needed (e.g., for extracting sender IP addresses).
Implementation details:
- Pattern matching is literal string-based (not regex)
- Truncation only occurs when pattern appears in valid trailing positions
- Conservative detection for non-tab messages (last 20% or 200 chars)
- Proper memory management for pattern strings and extra-data sections
- No changes to existing behavior when parameter is not set
Added test case mmsnareparse-trailing-extradata.sh with anonymized sample
data validating Event ID 13 parsing with trailing enrichment section.
Updated documentation in doc/source/configuration/modules/mmsnareparse.rst
with parameter description and usage notes.
docs: enhance AGENTS.md with WSL build/test instructions
Added complete dependency installation, module-specific configure examples,
test execution patterns, and debugging workflow based
on actual development sessions.
Co-authored-by: alorbach <alorbach@adiscon.com>
Add a new "Agent Chat Keywords" section documenting FINISH and
SUMMARIZE codewords to standardize agent end-of-session actions.
FINISH: review all changes.
SUMMARIZE: produce ready-to-copy PR and squashed commit summaries.
Doc-only change; no runtime or test impact.
Improve AI-facing documentation to speed up contributor onboarding after
the gpt5-codex agent update. The guides clarify bootstrap, testing, and
where to find module ownership so agents can work predictably and avoid
expensive CI-only paths.
Impact: documentation-only; no runtime changes. Clarifies when to use
direct test scripts vs. the autotools harness.
This introduces repository-wide AGENTS guides (root, plugins/, contrib/,
tools/, doc/) plus module-focused guides for omelasticsearch, imkafka,
omkafka, and omruleset. It adds metadata templates for core and contrib
modules, initial MODULE_METADATA.yaml files for the Kafka and ES modules,
and a tools/MODULE_METADATA.json for built-ins. The top-level guide now
includes quick links, “priming a fresh AI session,” and explicit
autotools bootstrap instructions (run ./autogen.sh when autotools inputs
change). Testing guidance asks agents to prefer invoking ./tests/*.sh
directly, reserving `make check` for CI reproductions. The doc subtree
gains its own AGENTS.md and an AI doc-builder base prompt to keep edits
consistent. doc/ai/module_map.yaml was annotated to reference per-module
metadata.
Before: scattered or missing agent guidance; unclear when to bootstrap
autotools or run the full harness. After: structured, discoverable docs,
templates, and metadata that align contributor workflow across modules.
This modernizes contributor experience by simplifying PR templates and
removing the lengthy GDPR disclaimer that often discouraged or confused
new contributors. The update encourages more participation and shows how
responsible AI can be used to improve open source workflows.
Impact: none on runtime behavior; contributor workflow improved.
Before: PR template included long GDPR block; commit message rules were
scattered and partly implicit.
After: PR template is concise, GDPR text removed, and commit assistant
usage is documented across README, CONTRIBUTING, and AGENTS.md.
Technical changes include:
- PR template: drop GDPR notice, add commit-assistant references.
- CONTRIBUTING.md: add explicit commit rules and workflow guidance.
- AGENTS.md: require canonical base prompt and commit-first workflow.
- README.md: point to assistant and updated guidance.
- base_prompt.txt: enforce "Findings:" colon format.
- Minor formatting corrections in comments.
Added cross-references to doc/ai/module_map.yaml in both developer-
facing guides:
- AGENTS.md:
* Mentioned the AI module map in the Repository Overview and
Quickstart sections.
* Added a common task instructing contributors to consult the map
before making edits.
- DEVELOPING.md:
* Updated “Pointers” to include the AI module map as a source for
per-module paths and known locking hints.
This improves discoverability of module locations and expected locking
patterns for both AI agents (e.g., Codex) and human contributors,
reducing time spent locating code and relevant design notes.
No functional changes; documentation only.
- add .editorconfig for indent, whitespace, and file-type rules
- add project-local .vimrc to enforce Vim settings via exrc
- add .clang-format for C/C++ style presets and list formatting
- add devtools/format-code.sh to run clang-format and fixups
- adjust clang-format config for stable, idempotent output
- update AGENTS.md with new formatting strategy
- add .git-blame-ignore-revs entry for format change commit
This commit sets up an automated formatting pipeline to let
contributors use their editor of choice while ensuring
consistent, stable code style across the project.
This Implements suffix comparison similar to startswith. Note that we
do intentionally not use libestr functions in order to speed up adaption.
It would otherwise probably take years for distros to upgrade libestr.
With some help of the Codex and Gemini AI Agents.
closes https://github.com/rsyslog/rsyslog/issues/1255
- Introduce root-level diag.sh stub to auto-forward to tests/diag.sh, preventing
human and AI errors when sourcing the harness and removing the need to `cd`
into the tests directory.
- Update AGENTS.md to configure once and invoke tests via `./tests/<script>.sh`,
providing unfiltered stdout/stderr without a CI wrapper and improving
convenience for human developers.
Testbench tools like tcpflood are now auto-generated at test startup
if missing, reducing errors and confusion during local test runs.
Updated AGENTS.md with precise instructions for running tests
in both human and AI agent contexts, improving onboarding
for new developers and AI-based workflows.
