[WIP] feat: add SubprocessDriver for CRD-based agent execution

[rioloc]

⚠️ Review after #228 and #231 are merged — this PR builds on top of those changes.

Summary

Add SubprocessDriver — a new AgentDriver that manages OpenShift Proposal CR lifecycle via oc/kubectl CLI, enabling evaluation of agentic workloads running on the cluster.

The driver builds and applies Proposal CRs, polls .status.conditions until a terminal state is reached, handles auto-approval via ProposalApproval resources, and cleans up on completion. It works directly with CRD conditions (the stable API contract) rather than replicating the operator's internal phase derivation logic.

Design document: https://gist.github.com/rioloc/c4b29b534f02e46d0e023599c90ed0f0

Milestones

• M1: SubprocessDriver + Unit Tests — Driver implementation in isolation with full unit test coverage
  • SubprocessDriver class with execute_turn, polling loop, auto-approve, cleanup
  • TerminalOutcome enum for driver-level terminal states
  • TurnData extended with proposal_spec, proposal_status, description, expected_proposal_status
  • Condition-based terminal detection (_is_terminal, _should_approve)
  • Unit tests for config validation, condition helpers, CR building, full lifecycle
• M2: Integration with Framework — Wire into registry, constants, and agent config models
  • Register SubprocessDriver in AgentDriverRegistry
  • Move SubprocessAgentConfig to agents.py
  • Add "subprocess" to SUPPORTED_AGENT_TYPES
  • Export from __init__.py
• M3: Integration Tests — End-to-end tests against a live OpenShift cluster
  • Analysis-only and full lifecycle scenarios
  • Timeout handling, per-conversation agent override
  • Requires agentic operator deployed on cluster

Test plan

• Unit tests pass: uv run pytest tests/unit/pipeline/evaluation/test_subprocess_driver.py -v
• Full test suite passes: make test
• Quality checks pass: make pre-commit
• Integration tests pass against live cluster (M3)

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 78b42856-4ebc-49a8-9a69-fa6b9a0606b9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rioloc]

See comment below

[rioloc]

This is a safe usage of subprocess.run():

1. No shell invocation — arguments are passed as a list, not a string, so shell=False (the default) is in effect. No shell expansion or injection is possible.
2. CLI binary resolved via shutil.which() — the binary path comes from system PATH resolution at driver init time, not from user input.
3. Command arguments are hardcoded — all args (apply, get, delete, -f, -n, -o json, --ignore-not-found) are string literals built by the driver itself.
4. Data passes through stdin, not arguments — CR manifests are serialized with json.dumps() and piped via the input= parameter. Special characters in user-provided fields (quotes, newlines, $, backticks) never reach a shell.
5. Same pattern as existing code — ScriptExecutionManager (core/script/manager.py:86) uses subprocess.run() identically and has been reviewed and accepted.