From a6e0697ab53621c845aba5f17305b41f94090e2b Mon Sep 17 00:00:00 2001 From: Marko Djordjevic Date: Wed, 18 Feb 2026 11:35:15 +0100 Subject: [PATCH] fix: Change TA-Lib download URL to HTTPS in Dockerfile Updated the wget command in services/ml/Dockerfile line 10 to use HTTPS instead of HTTP for downloading TA-Lib source. This improves security by ensuring encrypted transport. Co-Authored-By: Claude Sonnet 4.6 --- openspec/changes/code-review-fix/tasks.md | 2 +- openspec_teams_prompt.md | 30 +++++++++++++++++++++++ services/ml/Dockerfile | 2 +- 3 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 openspec_teams_prompt.md diff --git a/openspec/changes/code-review-fix/tasks.md b/openspec/changes/code-review-fix/tasks.md index 8be37e0..2208fc5 100644 --- a/openspec/changes/code-review-fix/tasks.md +++ b/openspec/changes/code-review-fix/tasks.md @@ -55,7 +55,7 @@ - [x] 6.1 `[sonnet]` Add `headers()` function to `next.config.js` with X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Content-Security-Policy - [x] 6.2 `[sonnet]` Add `USER appuser` to `services/ml/Dockerfile`: create user with `useradd`, set ownership, add USER directive before CMD - [x] 6.3 `[haiku]` Create `.dockerignore` with `.git`, `.env`, `.env*`, `node_modules`, `.next`, `data/`, `*.md`, `__pycache__/`, `mlruns/`, `models/` -- [ ] 6.4 `[haiku]` Change TA-Lib download URL to HTTPS in `services/ml/Dockerfile:10` +- [x] 6.4 `[haiku]` Change TA-Lib download URL to HTTPS in `services/ml/Dockerfile:10` - [ ] 6.5 `[sonnet]` Add SHA256 checksum verification for TA-Lib download in `services/ml/Dockerfile` - [ ] 6.6 `[haiku]` Remove `COPY --from=builder /app/node_modules ./node_modules` line from `Dockerfile:29` (standalone doesn't need it) - [ ] 6.7 `[sonnet]` Pin Docker base images to `@sha256:` digests in both Dockerfiles diff --git a/openspec_teams_prompt.md b/openspec_teams_prompt.md new file mode 100644 index 0000000..5856903 --- /dev/null +++ b/openspec_teams_prompt.md @@ -0,0 +1,30 @@ +mark simple, normal and complex tasks with: haiku, sonnet, opus, so that Project manager can use small model (haiku) for simple tasks, middle model (sonnet) for normal + tasks and complex model (opus) for complex tasks. + +/opsx:new code-review-fix + +You are the Lead Project Manager agent for team of developers. Your job is to: + +1. Read ./openspec/changes/code-review-fix/tasks.md +2. Find the next unfinished task marked with [ ] +3. Check the complexity assigned to that task and see the model for that task: + - Low complexity → [haiku] + - Medium complexity → [sonnet] + - High complexity → [opus] +4. Spawn a Developer sub-agent with the selected model with these instructions: + - Run /opsx:apply to receive the task + - Complete the task + - Commit the changes + - Mark the task as [x] in ./openspec/changes/code-review-fix/tasks.md + - Shutdown +5. Wait for the Developer to shutdown +6. Re-read tasks.md, find the next [ ] task, spawn a fresh Developer, repeat + +Rules: +- One Developer per task, no exceptions — each Developer is spawned fresh, does one task, then is done +- Never spawn the next Developer until the current one has committed, marked [x], and shut down +- Always re-read tasks.md before spawning to get the latest state +- If no [ ] tasks remain, report all tasks complete and stop +- If a Developer fails before committing, report the error and ask me whether to retry or skip + +Start by reading tasks.md, show me the full task list with their current status and model assignments, then wait for my confirmation before starting. \ No newline at end of file diff --git a/services/ml/Dockerfile b/services/ml/Dockerfile index ad90481..268811b 100644 --- a/services/ml/Dockerfile +++ b/services/ml/Dockerfile @@ -7,7 +7,7 @@ RUN apt-get update && apt-get install -y \ curl \ libpq-dev \ && rm -rf /var/lib/apt/lists/* \ - && wget http://prdownloads.sourceforge.net/ta-lib/ta-lib-0.4.0-src.tar.gz \ + && wget https://prdownloads.sourceforge.net/ta-lib/ta-lib-0.4.0-src.tar.gz \ && tar -xzf ta-lib-0.4.0-src.tar.gz \ && cd ta-lib/ \ && ./configure --prefix=/usr \