#dev-contrib

wdym like a guideline on how to use AI in the server

!rule 10

that works

To me "answers" implies something else

I mean when people come on voice and ask for assistance with their project/scripts or w/e which is slop they don't understand

that is probably something to be written as a policy on site or an extension to the asking questions guide -- if that's something people feel is necessary then opening an issue on the meta repo is a good idea and staff will discuss it

i would look at the issues first, there are a lot of well specified feature requests and enhancements for a range of functionality

I ended up writing the following to do the message separation a bit more ergonomically:

with ordered_messages as (
    select id, created_at, ROW_NUMBER() over (order by created_at) - 1
    as message_index
from messages where author_id = '158020687850766338'),
base_time as (
    select created_at as start_time from ordered_messages where message_index = 0
),
adjusted_values as (
    select om.id, greatest(om.created_at, bt.start_time + om.message_index * INTERVAL '15 minutes') as new_timestamp
    from ordered_messages om
    cross join base_time bt
)
update messages
set created_at = av.new_timestamp
from adjusted_values av
where messages.id = av.id

still not quite happy with it though

is it worth cleaning this script up and putting it somewhere? I suspect the cleaner variant would be just having a script to replace the metricity data with known data, parameterized over author_id would be cleaner so you don't have to go to the server and spam messages to populate the table in the first place

!source exec

!source eval

Is this is the change needed in bot#3390 ?

Hm

IMO command name should be exec and alias should be eval

eval should be like exec but if the input is not a single expression, it permabans you

@patent pivot https://github.com/python-discord/bot/issues/3390#issuecomment-3341737512

for now just add an alias

ok making PR

bot#3392

Works!

Hi guys , i wanted to help with the open source projects , any guidence (im a newbie)?

!contrib

thanks!

What is python

A programming language. If you'd like to learn more you could check out https://www.python.org/about/

Hi guys, i am exploring preview environments for django/fastAPI during development, i have few question and would love insights from the folks who have done this in thier workflow

Hey, maybe you should ask this in #web-development
. This channel is for discussion about this server's OSS projects (https://git.pydis.com/)

@rapid swallow thank you

I have noticed, that the eval command gives a redo button when the non-code portions of the message are edited

often times I include an explanation around the code that should run (which is in a codeblock).
However, if I make a typo, then edit it, it prompts me to rerun

I wonder, what would be strategy to stop that from happening? I mean, how would you check programatically?

Run prepare_input on both of the contents before comparing

Or no, after comparing

If before.content != after.content and prepare_input(before.content) != prepare_input(after.content): ...

Checking the first one because we don't need to run two regexes if it wasn't content that changed

Can someone help me set up docker in desktop cause ive done installed and set up wsl but for some reason it says its version its too old for docker. Dm me private please!

#sir-lancebot-playground message
Yeah, because Lance isn't sending names for the day

hi, i have some experience programming. Would anyone be interested if I try adding a !lint command to the bot which I guess would use something like ruff, run it on a code snippet and give the output of ruff?

I don't know if you will use this but, coderabbitai is free(The Pro tier is free) for OSS projects like the Python Bot and Sir Lancebot.

Background: Code rabbit is like GitHub Copilot and summarizes, and review PR's. This gives context for reviewers and contributors. It can also be configured for the repositories specific needs(ex: the exact format on how to write code). It also gives reviews in your IDE.

Btw I am not from code rabbit or associated with them, I just came across this and thought it would be cool for projects like this.

We did play with it on a few repos, whilst it was alright it didn't generate anything I'd call particularly useful so not sure it's worth it for PyDis projects

It might be useful, a temporary integration maybe?

this sounds cool -- I like both the idea of flagging lint issues and also running ruff format. in theory we have ruff in the container or can add it easily

we did try it, it's been used on our repos

ok then

so like in the snelkbox containers we also run ruff check?

Ok, I can try adding a !lint function. If I understand correctly !e runs code, so I can look into that and adapt it to use ruff instead of eval or something like that?

Hello guys i want to start python how i can be better fast ?

maybe look into the snekbox repo too

I have a question for the snekbox. I want to use snekbox for my project(running python code in a website(code will run on the server side, api maybe?) How do I do this and set it up?

yeah

we just need to bundle it as a dependency

in the same way we already have added numpy and similar

and then just need to check the entrypoints get mounted to the jail

Im building snekbox and it's been 10 minutes and its not done yet

probably my computer being slow

stuck on step 27 of build

@vital escarp !contib

!contrib

can someone rate my code?

i started python 5 minutes ago

this channel is for projects of python-discord ask in #python-discussion or open a #1035199133436354600 post

There is an existing issue for that - https://github.com/python-discord/bot/issues/1880

Doesn't specifically mention ruff but only because it's from before ruff existed :)

A good start would be coming up with a specification for how the command would be implemented, and the user interface for it (e.g. how could it support passing options for the linter) and posting that on the issue

Oh it seems neither ruff nor black have a Python API... That might make things tricky.

I suppose a call to subprocess.run could be used to execute ruff. And it would follow a similar style to the eval command

bot/exts/utils/internal.py line 231

async def eval(self, ctx: Context, *, code: str) -> None:```

yeah it would be a matter of running the commands -- which is why i said we'd need to expose the entrypoints into the nsjail that actually runs the code

ah i'm not that familliar with nsjail.

If I add snekbox to a website(for running code) would it still be a static site(Hosted with Cloudflare pages/github pages) or dynamic?

This seems like a scope creep for snekbox

I've had a black format command for a while on Monty

iirc the snekbox endpoint lets you specify the path to the executable you want to use, could this be as simple as adding the package you want to the requirements.txt and then just working out the path to pass for the executable?

what wookie said, it doesn't require any changes to snekbox

If ruff provides a pre-built executable it would be even more trivial

it just requires us to expose entrypoints (or check they're exposed), you can pass the path to the executable in to snekbox alongside files that snekbox will put in an execution dir

It does

Ah gotcha. In that case I think it's cool

iirc it should be a case of putting it in /snekbin somewhere and then specifying that path when calling the api

yea

Remember to set the env var to have ruff not write a cache

it'll be a tmpfs inside the nsjail container anyway so shouldn't matter

looks like there hasnt been much contribution to sir lancelot this year

Yeah but why have the performance penalty of writing a useless cache

Then get started on it

Remember WPC: Write Performant Code

say less twin come with me

So when are we rewriting snekbox to use rust? /s

Soon..........

we're a programming community

Guys, How would a !stats command be for showing contribution stats of the bot, lancebot, site, snekbox, etc in a certain timeframe.
Something in this format:
Showing stats for the Last 10 months:
Issues Opened: 10
PR's Opened: 15
Issues Closed:5
PR's closed: 2
Total Commits:100

Something like that?

like the details on https://www.pythondiscord.com/ ?

The stats there are total stars, and PR's I think

though we could add those too

Ill check the Github API docs

if it's possible

we already get that from the GitHub API

those stats on the homepage are pulled from the GitHub api

I don't know if you are talking about what i am talking are you talking about this:

This shows:
Lang, Stars, and forks

I want to show:
PR's opened in a timeframe, Issues opened in a timeframe, PR's closed in a timeframe, Issues closed in a timeframe and total commits in a timeframe

so the command is like this !stats <timestamp_start> <timestamp_end>

Yeah seems cool

Hmmmm

uhhh

can you open an issue for this

Sure gimme a few minutes

i'm again not sure if implementing this in discord is very useful given you can get more useful statistics straight out of GitHub with your own queries and have them be presented in a much better way

Consider: recognition within discord

not sure what you mean

I mean like if you were to show someone stats for bot in Discord it would be cool

Like all the contribution efforts

from the community

I think doing that via numbers doesn't really do it justice, highlighting individual features is what does that justice and we have the auto-embedding of issues and PRs

wdym

and also, being completely transparent, our repos are a lot less active than they used to be and I'm not sure it very well highlights the development efforts of our community projects if you focus solely on the most recent issues and PRs

its just a number statisitc

we can probably add on to it in the future

wait a sec... am i only able to contribute to sir lance if i purchase Ona (formerly Gitpod)?

i forked it and cloned it to pycharm but then i actually read the contribution page on pythondiscord.com

Issue opened: bot#3394

ope

they have a free plan. maaaaaan this is why my ADHD ass needs to read the instructions before grabbing the hammer

can you share the exact page with the exact instructions

been a while since i've done anything with lancebot, but i did not interact with gitpod

sure 🙂 https://www.pythondiscord.com/pages/guides/pydis-guides/contributing/sir-lancebot/

git pod is one method to work with sir lancebot, you don't have to use it. Can run everything locally

What you need is under the requirements section

yeah i used the docker path iirc, back in the poetry days

poetry?

!pypi poetry

another package-etc manger, like uv

yea pydis used to use poetry until they chaged into uv

Ahem, "pep517 frontend, environment management, and package manager." A project manager if you will.

Package manager slightly misnames it due to all of the other tools that exist

!pypi uv

in Rust

@harsh hill you don't need to use gitpod

why does everything need to be in rust

You can literally clone the repo, run docker compose up, and boom running bot
-# after adding bot token

I said so

Always with the fine print

huh?

Go on

i have nothing else to add

I think you could use slightly more polite and less pedantic ways

very nice:https://git.pydis.wtf

True.

Sorry for being pedantic about the description of uv

meh
did not perceive as even slightly hostile

okay i got the venv installed and ill just say thats as far as im going to go rn. thats wayyyy out of my league haha

ill be back for you sir lanceBOT. wait for me senpai

fair

and that's totally fine

now im just blasting baroque music in my ear while going thru tutorial hell. lets get this bread and grind

why would you say that's out of your league ?

The reason why I'm asking is that we'd also like to simplify this as much as possible

and make it even more accessible

for sure! vocab (knowing what venv and precommit and push, etc.,), how to navigate pycharm(the difference between the terminal and the text editor. do they work together or are they separate?) and simply just like... how do you run code, read code, how is it divided into different files in the project...

all sorts of stuff

its not you, its me

would this be your first ever contribution?

yee

Fair and I did not mean to not reply

Before i forgot but @celest charm got me interested in seeing about adding basedpyright to @stable mountain

And I'm down to submit the pull

I don't have the contributing docs in front of me atm but which part of getting a local copy of sir lancebot are you having trouble with? Maybe I can help walk you through it.

The tldr is

• clone the repo
• open in an IDE/editor
• install dependencies
• install git hook
• create discord application and discord server
• add bot to server
• add token to new .env file in editor
• add other configuration variables

I can't remember if the last time we discussed this was in a public channel, but the way we'd like to do it is as a completely separate non-required check using the baseline

so it's much more an advisory thing

there are things we'll need to undoubtedly silence/ignore because there are things we can contextually assess to be impossible that the typing system cannot, and at this point we don't wish to constrain contributors to having to add a pile of typing stuff

so importantly at this stage not part of the main lint pipeline and not part of pre-commit/commit hooks

Hey everyone! I just launched Digamma Prime — a symbolic framework for auditing ML models.

It uses metrics like φ and Δφ to compare models by behavior, not just accuracy.

Docs, CLI, and tutorials are live: https://github.com/Cerene-Salt/Digamma-Prime-Framework

Would love feedback or collaborators — especially around visual modules and dashboards!

I did it with the help of Copilot.

This channel is for projects related to python discord not personal projects

Read the description for more info

!d disnake.Role.colour is this on my end?

Seems its the inventory configuration here

base url should be https://docs.disnake.dev/en/latest/

there's a second API in there for some reason

these two commands !d removedoc disnake
!d setdoc disnake https://docs.disnake.dev/en/latest/objects.inv

should fix it

!d removedoc disnake

Inf typing loop

I'm just typing a very long message..

wait what

Yeah, it's trying to look it up in the removedoc command ._.

it does not exist?

The current disnake docs endpoint is wrong, apparently.

(see above)

ah

makes sense

still typing......

Poor @stable mountain

its still going

its gonna be permanent

shen what did you do

Lol, it just needs to be be restarted

shen?

M-x rollout restart bots/bot or whatever it is

hi

me here

oh i just saw your username

Python has been stuck typing for a while in multiple channels... I sent this message 14 minutes ago

It is becuase of this command

its calling the wrong API

and its stuck in a loop

allegedly

i c

Lmfao

@late hedge we did it again we broke @stable mountain

First ruff and now pydis

this is no laughing matter
LOOK WHAT YOU'VE DONE

(and yes, disnake once broke ruff CI)

y

Off topic

why has no one fixed this yet
do i have to ping devs oops in the dev oops channel

yes

They're the ones with permission to restart the bot

heaven forbid the former oopser do it

@fallen patrol a restart is all that's needed to get it to stop, right?

It's also typing in #bot-commands

The doc cache also probably needs to be reset

M-x rollout restart bot/bots

<@&409416496733880320> pybot has been typing in multiple channels for a while, may need restarted.
some commands, like !docs, also appear to be failing

nuthin

Oh wait this probably why this command didn't finish

this is not that channel

i noticed. this does demo the problem, though

directions, thuri, directions

If the only problem is that it's typing then it's not really urgent, someone will get to it

!docs is dead

!d

Yeah it's a little more urgent I think

apparently there may be other problems
i no have sentry access so cannot give full details

Lol

This is why I need to rewrite the docs command on monty

It works but it doesn't sometimes

What makes you think that?

Last Sentry event was 6h ago

you don't say

doesn't the Python bot have any kind of sane timeout, maximum retries and maximum redirects that it follows when doing lookups and retrieval for the !d commands?

doesn't seem so

How do you view these?

I didn't think you had access

I login to Sentry

They never removed it
They probably will now that they see it though

i technically have access to pydis's sentry, but i'm not on any of the teams, so i can't see anything

Lmao

Wait you used to be devops?

yea

Yeah I think anyone in the org can just login

O.o

Why did you leave?

probably lol

So this is the get request https://github.com/python-discord/bot/blob/main/bot/exts/info/doc/_batch_parser.py#L111

But looking at the aiohttp documentation it seems to set 30s timeout and 10 max redirects by default

bot/exts/info/doc/_batch_parser.py line 111

async with bot.instance.http_session.get(doc_item.url, raise_for_status=True) as response:```

Its this. https://github.com/python-discord/bot/blob/f0e4d45cb30208c35fa55372e15ea524ea573123/bot/exts/info/doc/_cog.py#L410

bot/exts/info/doc/_cog.py line 410

@lock(NAMESPACE, COMMAND_LOCK_SINGLETON, raise_error=True)```

it got stuck either in redis or in refreshing the inventories

and based on the state of !d

it was either here https://github.com/python-discord/bot/blob/f0e4d45cb30208c35fa55372e15ea524ea573123/bot/exts/info/doc/_cog.py#L216 or https://github.com/python-discord/bot/blob/f0e4d45cb30208c35fa55372e15ea524ea573123/bot/exts/info/doc/_inventory_parser.py#L89-L90 (probably)

bot/exts/info/doc/_cog.py line 216

await self.item_fetcher.clear()```
`bot/exts/info/doc/_inventory_parser.py` lines 89 to 90
```py
timeout = aiohttp.ClientTimeout(sock_connect=5, sock_read=5)
async with bot.instance.http_session.get(url, timeout=timeout, raise_for_status=True) as response:```

wow

its still going

Wao

Yikes, this means that there's no total timeout

there's a timeout for each individual socket.read() and for connecting, but not for the total request time

be the change etc.

btw there is an issue for this docs problem https://github.com/python-discord/bot/issues/3326

Wait a moment

@timid sentinel are you able to dump some logs from yesterday, and are you able to check if python broke the urls on its own or if someone modified the values?

It looks fixed now, but there was another broken package as well

There is nothing interesting in the logs, I don't think anything changed recently.

It seems disnake had the wrong base url in january #bot-commands message

But not in November 2024 #bot-commands message

So I'm guessing something happened between then. logs don't go that far back and I probably don't have access to whatever channel the command was run in if it was manual

Umm.. guys Python 3.14 dropped a stable release. should we make the bot use 3.14 instead of 3.13?

nvm Ill just open an issue

for !eval or for the bot itself?
I don't think discord.py supports it nor will soon

I'd also wait until most whitelisted libraries support 3.14 before updating eval tbh

Yeah we'll need to wait for dependencies, and we'll also probably want to wait for 3.14.1 to help ensure any major bugs are ironed out.

bot#3397

for !eval

ok lemme edit the issue

!e 3.14 import sys;print(sys.version_info)

:white_check_mark: Your 3.14 pre-release eval job has completed with return code 0.

sys.version_info(major=3, minor=14, micro=0, releaselevel='candidate', serial=1)

Already there it seems

though needs updating

wdym

Isn't the point of a stable release that major bugs are ironed out?

or are we waiting for general publics issues?

@timid sentinel do you have logs around 1424854698460184700 about whether or not there was a concurrent documentation invoke?

this

also I think it's probably a better idea to look at it at a higher organisation level and push multiple of our projects to newer python versions where we can

what's the situation with the docs command? is this just because the dissnake endpoint was configured wrong or something

https://github.com/python-discord/bot/issues/3326#issuecomment-3378793022

ahh gotcha thanks

so fixing the URL has actually fixed the immediate problem?

yeah I think it should have

why was the original problem the !d discord though?

oh was this whilst dissnake was hijacking the discord namespace

hmmm

It may have been a temporary outage of the discord.py docs?

which I think could trigger the same issue

hmmm yeah

Our docs didn't

Not in the past 3 years.

yesterday discord also had the same bug.

huh. No it didn't #bot-commands message maybe

odd

!d discord

!d disnake.discord

disnake's "discord" is just a page in the docs, which is valid, it seems like the docs command just handles it weirdly sometimes

yeah

snekbox#244

it would not surprise me if that gets blocked by third-parties until 2026

what gets blocked?

migrating to 3.14

they prefer high stability over features.

thats why they wait

alright i stand corrected. my own major environment members (coverage, hypothesis, jinja2, matplotlib, numpy, pandas, pillow, pytest, ruff, scipy and sympy) already got successfully resolved for 3.14

wait did i comment on the wrong issue

okay I think we can maybe calm it with these issues, this doesn't even reference snekbox

@fallen patrol @toxic wren we already have 3.14 in snekbox, this issue just needs to be about moving from the rc to the new release (which is a one line change).

https://github.com/python-discord/snekbox/blob/main/Dockerfile#L45

the bot still needs to be updated to default to 3.14, that is not controlled snekbox side, but again it's literally updating the order of the literal that stores version info

https://github.com/python-discord/bot/blob/main/bot%2Fexts%2Futils%2Fsnekbox%2F_cog.py#L90

Dockerfile line 45

RUN /build_python.sh 3.14.0rc1```
`bot%2Fexts%2Futils%2Fsnekbox%2F_cog.py` line 90
```py
SupportedPythonVersions = Literal["3.13", "3.13t", "3.14"]```

I appreciate the enthusiasm from both of you generally with contributions here but this caused a bunch of issue noise for 2 lines of changes and I think maybe just stepping off the gas a touch and thinking a bit more slowly / asking Core Devs might be better

for example we've now closed that bot issue when there are actually bot changes necessary, and the snekbox issue mentions bot when snekbox has nothing to do with bot and is a completely separate and independent project

I mean fwiw at the time of that issue that change wasn't in snekbox, which to me is a different project from the bot, I also don't see the issue with well, making issues: its a pretty good way of tracking things that need to be done!

Enough discussion happened here that it seems to have needed an issue anyhow. eg these #dev-contrib message #dev-contrib message definitely make it sound like it needs time before full support

Sure, maybe it needed issues, but either way it at least needed an issue in both places instead of one issue that was then edited to fundamentally change scope and then eventually closed.

I've made the snekbox changes now anyway. Anyone else is free to pick up the reordering of the literal and remove the extra bit of copy about it being pre-release.

yeah didn't mean the issue in bot needed to be closed

just that it also needed one in snekbox

one that actually describes the snekbox changes instead of a copy paste from bot would've been better for that

yeah. I didn't open that.

I know, just replying to your comment, I agree issues are great for tracking things that need to be done but if they're fundamentally misspecified and talk about the wrong things it's about as useful as having no issues

fair

Any issue that proposes refactoring/changing something should include some sort of guidance to where those changes would be, like the GitHub links I posted above.

ye

in some cases it may just be a feature request though

yea but that's not refactoring or a change

im arguing an apples to oranges please ignore me

if something's brand new sure, else you link where the thing needs adding or changing

feature requests are either enhancements or brand new things, the former still has the same rules

snekbox CI should be done in 20 mins or so, so bot will start using 3.14.0 when !eval 3.14 ... is used, the copy just needs removing and the default version changing

depending on what's cached and what needs rebuilding because the python versions changed it might be 50 minutes left in snekbox we'll see

why do we build the python versions for snekbox?

rather than using prebuilts?

was mostly so we can support pre-releases I think, the way we have python versions in snekbox isn't permanent

hahaha 3.14.0 test suite fails in CI

now we see why we wait for .1

hello! can someone here suggest me beginner repo that i can contribute to

i have knowledge on ml,fastapi,mongodb,firebase,nlp stuff

You can have a look at our repos

We usually tag issues for people who don't know the repos with ' good first issue'

!contribute

i checked the repo most of the good first issue have been taken or done with a pr

should i create a new issue by myself

how do i start

Yeah good first issues can be taken, but if you feel they have just been picked up and ignored, you can try posting a message here and we will look into and and maybe reassign, because it does happen.

You don't really need to work on good first issues per se, if something picks up your interest and do some research to understand how things currently work and propose something, you can of course request to be assigned, but that can be too much to dive into right from the start.

You can always create issues if you notice something is wrong/could use improvement/have ideas of course.

Is this you ?

uhhh

i would like to be anonymous

it was just to know about the assignment, didn't mean it to sound like exposing you, sorry

@toxic wren they're just spam issues, generally from people who are new to GitHub and don't entirely understand things. core devs see and delete them when they're opened, if the user closes them there's no need to really try interrogate why they were opened, there generally is no reason other than spam

Hey @lilac merlin, this channel is for contributions to repositories of the Python Discord organizations, not any random projects.

!eval 3.14 ```py
import sys
print(sys.version_info)

:white_check_mark: Your 3.14 pre-release eval job has completed with return code 0.

sys.version_info(major=3, minor=14, micro=0, releaselevel='final', serial=0)

https://github.com/python-discord/bot/pull/3406

#dev-log message why?

you can see from the PR body

#dev-log message ?

so... you use an emac? I don't get the point?

do you know what emacs is

https://www.gnu.org/software/emacs/

yes

the PR was opened from emacs and had a title of --- because i configured something wrong

i did not mean to title the PR just ---

not a very descriptive title

oh ok

so you uh use an emac?

i don't know what you mean by "an emac"

the software is called emacs

it is a text editor, like vscode

I mean you use the software

my mind keeps thinking about Macbooks when typing that.

so I used "an emac"

instead of emac

yea i use the software

um... do you like it? It looks old.

doesn't look too old

that and this look very different:

"Emacs is the extensible, customizable, self-documenting real-time display editor" 🙂

that looks amazing🤩

similar to vim you can have it look however you want

I did not think it was that customizable, I just use a vanilla Zed install.

Yay snekbox supports pi-thon now

!e ```py
import sys
print(sys.version_info)

:white_check_mark: Your 3.14 eval job has completed with return code 0.

sys.version_info(major=3, minor=14, micro=0, releaselevel='final', serial=0)

!e 3.14t ```py
import sysconfig
print(sysconfig.get_config_var("Py_GIL_DISABLED"))

:white_check_mark: Your 3.14 free threaded eval job has completed with return code 0.

1

did you forget about the !exec alias? #changelog message

bot#3403 attachment uploading?

bot#3196 shouldn't this be a snekbox issue?

no

snekbox doesn't know anything about !timeit, !timeit is literally just a template that the bot applies before sending it off to snekbox for eval

anything that is actually about how code runs, available versions, the execution environment, etc. goes on snekbox

anything about the frontend to that (the !eval command, features like !timeit) need to go on bot because that's actually where the commands are

the logic to rerun commands (and the current problem where !timeit reruns use !eval) is something that is entirely on bot

snekbox has no idea

oh ok

what needs to be done to have support to allow internet access in snekbox if allowed with an evaluation request? eg providing "permissions": {"network": true} in an API request and having the environment allow that

because I have a usecase for allowing network access in a specific snekbox container as a still otherwise controlled and restrained environment

fairly trivial

I'd imagine the macvlan stuff would just need setting

there might be some filtering necessary to make sure your jailed procs can't then access snekbox API themselves or other services running locally or in a private network

https://serverfault.com/a/1114563

neat, is this something that could be considered for upstreaming? (as in, I plan to implement this either way for my own use)

seems fine to have upstream, but obviously documented with the caveat that snekbox itself cannot handle that network filtering

ye

if an eval process can access snekbox API then it can cause a denial of service quite easily

in my case I don't really care about that, I just need to download a few files from the internet every so often and parse them safely in an environment
code is controlled anyhow

if going upstream it probably needs an issue to specify what the interface looks like for users

.repo python-discord/snekbox

I think there's a chance that because we can't necessarily protect it well then we shouldn't add it upstream so we need to discuss that

.repository python-discord/snekbox

ok.

snekbox right now is very hard to make dangerous

https://github.com/python-discord/snekbox/issues/new/choose

none of the config options we expose would allow for any sort of compromise or resource exhaustion

Fair

allowing network immediately adds a lot of risk of internal network pivoting and snekbox API access means people can launch infinite denial of service problems against snekbox, and we can't really add protection against those

wonder if we can add RFC1918 IP filtering somehow to nsjail

nsjail outsources most of that to macvlan and the interface there is fairly simple and low level

possibly https://github.com/google/nsjail#isolation-of-network-services-inetd-style

in my mind it'd be easy with netns

like ip netns exec jailns iptables -A OUTPUT -d 10.0.0.0/8 -j REJECT

or something

but I don't think it'd be easy to achieve from solely nsjail

fair

if it were to be added it could probably require an environment variable in configuration to ensure the environment is secured

bot#3408

oh so close

@patent pivot I don't see a reason to surface the issue to the user because this could possibly be a ratelimit has been reached vs anything else

we don't want to surface 404s, 401s, 403s, but we could surface 429 as a marker to the devs

granted, it logs as an error in that case. I don't see a log of when this happened but I'm sort of interested about it

yes but something happened that was an error and then we blindly return other results, that's bad UX

we don't need to surface error specifics but we should say the results are incomplete

anytime we present incomplete information we should tell the user or retry

i mean, not necessarily

there's a lot of detection that would need to go on then

what do you mean

https://github.com/python-discord/bot/blob/8e8d5b0c4023e957324a4e69f9704393e0e29fe2/bot/exts/info/code_snippets.py#L284
https://github.com/onerandomusername/private-repo/blob/main/README.md#L2-4
what should behavior be on this message? it shouldn't tell me that its half of the messages, I know its half of the messages

bot/exts/info/code_snippets.py line 284

continue```

at the very least it shouldn't stop the one half because of that private repo link

I feel if it's a transient error code we should note and tell the user that

permanent error codes obviously less important

obviously the ideal would be to retry but that's probably overcomplicating it

Could I take a look at the source logs/what caused this specific issue? bot#3404

there's actually not a lot useful

that's all sentry is surfacing

& in the actual logs

huh

what message was it?

or was that not even logged?

even just the date those timestamps were from means I could figure out the message through snowflake searching

it wasn't logged because it was a 404 but it was #ot0-psvm’s-eternal-disapproval message

ah yeah

that is an intentional break the bot string

<https://github.com/onerandomusername/monty-python/blob/main/../../../../wntrblm/nox/blob/main/README.md#L1>

it normalises to a completely different path and 404s because of that

bot#3315

I can submit a fix if desired

right now it has this sort of bug

https://github.com/onerandomusername/monty-python/blob/main/../../../../rate_limit#L1

../../../../rate_limit line 1

{"resources":{"code_search":{"limit":60,"remaining":45,"reset":1760365703,"used":15,"resource":"code_search"},"core":{"limit":60,"remaining":45,"reset":1760365703,"used":15,"resource":"core"},"graphql":{"limit":0,"remaining":0,"reset":1760368260,"used":0,"resource":"graphql"},"integration_manifest":{"limit":5000,"remaining":5000,"reset":1760368260,"used":0,"resource":"integration_manifest"},"search":{"limit":10,"remaining":10,"reset":1760364720,"used":0,"resource":"search"}},"rate":{"limit":60,"remaining":45,"reset":1760365703,"used":15,"resource":"core"}}```

do we authenticaate those requests

you don't

which is why a 403/404 is more possible for python codesnippets: you only get 60 requests in an hour

well that's good at least lol

i auth mine but it doesn't have any permissions other than upping the ratelimit

yea i'd just be worried that it'd allow for some nasty permission escalation into private repos

like <https://github.com/onerandomusername/monty-python/blob/main/../../../../repos/python-discord/admin-tasks#L1> or something

it doesn't

i think only arthur has real permissions

M-x github add jb3

:white_check_mark: Successfully invited jb3 to the staff team.

this is my scope

literally just: exists

oh wait

lemme check

either way I can patch 3315 if you want

I fixed this on my bot last night

ok yeah just tested, without that there's nothing that isn't public aside from it showing public details of the logged in github user which i wouldn't consider a security hole since that is public knowledge anyhow

you can't get anything private

yea i don't mind reviewing that

bot#3409

I haven't tested this exact fix on @stable mountain but I tested it within Monty and ported the fix over

so if it doesn't work that's on my port

okay fixed the stochastic snekbox tests a little bit I thnk

there is still this that pops up every now and then but I don't think this is related to any recent changes https://github.com/python-discord/snekbox/actions/runs/18422697909/job/52500287007

!e 3.14j ```py
import sys

data = []

for number in range(0, 100_000):
data.append(number * 2)
if sys._jit.is_active():
print(f"JIT activated on round {number}")
break

:white_check_mark: Your 3.14 JIT-compilation enabled eval job has completed with return code 0.

JIT activated on round 4096

Huh

Hello,
I want to make most of the general use commands into slash(/)( !commands are also there) commands. Does anyone want to work with me on this. I can work alone if needed.

to clarify, you mean adding slash functionality, right? not switching to slash-only?

yes

if we're doing that can we open an issue to discuss priorities and implementation

it's going to be an absolute pain to review if that's all done at once

I suggest breaking it down into commands that are best suited to become hybrid commands (particularly ones where autocomplete is possible) and then open a PR for each individual cog prioritising the commands that make most sense

at least for this iteration no commands that are helper+ or moderator+ should be moved

huh to which bit

!help

docs could be one maybe

@patent pivot i suggest an ai command that sends a troll email to volcy, signed with "Love, claude"

Hi Bella, Absolutely 😊. Love from all my family to yours

this is true, docs would be a very good one to move

@toxic wren I'm suggesting each cog rather than each command

I might reword this issue a bit -- but I can assign you to it if you want to take it

Sure.

ah ok

can you reword?

issue is updated

cogs are the full modules of commands

like !eval and !timeit are part of the Eval/Snekbox cog (can't remember exactly what it's called)

we should use that as a unit of migration

(though we won't migrate those two commands)

ok, is't the codebase for the commands made pre-slash. Will it still be possible to migrate?

yes, hybrid commands

it's a discord.py feature

also we won't need to migrate the help command I wouldn't have thought -- the command works as is for text commands and the idea of slash commands is that typing a / becomes your new help command (as all commands are displayed there to the user)

Bella is right that migrating docs is something that instantly improves the user experience and works better as a slash command

I'll have a look through for others when I'm at a laptop

https://discordpy.readthedocs.io/en/stable/ext/commands/commands.html#hybrid-commands

Ok, Ill start working on !docs later today or tomorrow.

jit is cool

yeah. after looking through discord.py as well I do think that hybrid is cool.

!src docs

!contrib

!docs aiohttp

!src tag

!src tags

probably should do this in #bot-commands

are all the docs not in the bot repo?

!docs aiohttp does not work on my local version

#bot-commands message

use that command

what the heck

What do you mean by docs being on the bot repo?

I am curious.
Is the list of available inventories stored somewhere? Is it in the DB?

It's in redis iirc

Yeah, it's cached in redis

its in redis????

I swear that used to be in the database

the symbols cache is yeah

!src docs

the inventory links are stored in the database

oh yeah the symbol cache which is redisable

but the inventories need persistence

No
You have to go to each website and find the URL for the Sphinx “inventory” file, and then run !docs setdoc with the URL, and that will download all the symbols and put the URL in the database for future reference.

For example:
!docs setdoc disnake https://docs.disnake.dev/en/latest/objects.inv

Meta: a list of a the ones we have could be added to the bot docs to give contributors a starting point

hmmm

sorry for the sentry issues

Click here to see this code in our pastebin.

that's a dump of what we currently have in the bot documentation storage

Oh hey

Tanks

wait why can't .src be used in #1035199133436354600 channels

would be useful here: https://discord.com/channels/267624335836053506/1428518628055187497

.src src

https://github.com/python-discord/sir-lancebot/blob/85771ca1f6b5ef01016ba3661553fad5216ebf70/bot/exts/core/source.py#L20

bot/exts/core/source.py line 20

@whitelist_override(channels=WHITELISTED_CHANNELS+(Channels.community_meta, Channels.dev_contrib))```

And that’s

https://github.com/python-discord/sir-lancebot/blob/85771ca1f6b5ef01016ba3661553fad5216ebf70/bot/constants.py#L313-L322

bot/constants.py lines 313 to 322

# Whitelisted channels
WHITELISTED_CHANNELS = (
    Channels.bot_commands,
    Channels.sir_lancebot_playground,
    Channels.off_topic_0,
    Channels.off_topic_1,
    Channels.off_topic_2,
    Channels.voice_chat_0,
    Channels.voice_chat_1,
)```

Nice comment

huh /docs worked and then I restrted bot and now it's gone

I got it on video

but I deleted it

😭

Here's a chat log

now it does not even work /docs isnt even a command now

oh and I ended up making another command called docs_slash because hybrid seems to not be working? Probably will try to make hybrid after separate command works.

#community-meta message
make .src available in #1035199133436354600

There's an existing issue for this, regarding .latex

https://github.com/python-discord/sir-lancebot/issues/1695

I don't see why it shouldn't be allowed either

Which is waiting on one of the devops members of pydis to approve ...

https://github.com/python-discord/bot-core/pull/305

That seems a little overarching, requiring devops to approve every release seems flawed

seems fine

changes a matching file

I suppose we actually need to add python help to the whitelisted channels

latex should work fine

Yah but this is one of those times having a _version.py file where the version is dynamically grabbed from would make sense

Joe.... https://github.com/python-discord/bot-core/pull/305/files#diff-b7f8a8784d5eff6e6b1b2c2529b831cd86132c49699fe48e0d23c17ad4e2d7deR7

yea at the time we started this poetry did not support this

fixed

Poetry still doesn't support it

At least poetry now sorta allows using a different backend

well there is https://pypi.org/project/poetry-dynamic-versioning/

you used to have to install it as a global plugin and now you can have it be project specific

mark built something excellent for snekbox

https://github.com/python-discord/snekbox/blob/main/scripts/version.py

fixed

@fallen patrol relevant to the multiple interpreters issue https://github.com/python-discord/snekbox/pull/248

also takes snekbox CI time from like 30-40 minutes to like 3-4

Why are they pre built custom rather than using PBS?

no JIT builds from PBS last I checked (without just using their script to build stuff, which is a more complex version of what we are currently doing)

Why does only PyDis get more than one Python version?

for this specific case where we've got a fairly select few versions and pyenv builds them easily with pretty simple direct access to the flags we may as well just build them ourselves — and we're doing it on a schedule anyway

because we shouldn't pick versions on behalf of downstream users

downstream users can do what they want, or just copy our version (and our image is public anyway)

right now there is no rhyme nor reason to why a version appears in snekbox

Now I gotta make an image builder repo lol but actually probably better than what I have now

I think snekbox should support python versions

Or it needs to be documented very cleanly how to add a new tool + use it

@fallen patrol You can use the PyDis image

for reference -- the python-builds repo is just what snekbox already does but pulled out into a separate repo

which is why there are README changes about adding new interpreters to /snekbin/ in that PR

Python builds doesn't add snekbox, yeah?

Cause I am slightly confused about wait NVM I forget that python is python and not rust. Python isn't a self contained binary, it requires the stdlib lol

no, python-builds is generic but does build into a snekbox format, so the binaries are dumped into /snekbin/ and have an ELF runpath of /snekbin/

Should we make the paste bin DM's for invocation of !eval on non-snekbox channels opt-in?

Ive seen lots of people complain

do you have any links to this? I'm curious what people are complaining about

and it's probably not worth having as an opt-in, we either have it or we scrap that, it's not something worth tracking and we don't hold the context long enough to have a delete button that people can opt-in to post-redirection (and I think adding that would be massively overcomplicated)

I think I saw someone in #python-discussion a while ago though I don't exactly remember when

I got DMed by the bot a few minutes ago and remembered this

i found one complaint with a bit of searching, I think generally we shouldn't roll things back based solely on one complaint of new behaviour. if people are that pressed they can ignore/block the bot but generally it remains a useful (and requested) feature

wait what why?

It's often dropped without any other context to people with questions. So it creates a not-great environment.

the link itself has the context needed

In-person, it would be rude to just walk in to a group and ask a question. On the internet that's not the case, but the change in expectation is not always clear. We'd rather people explain rather than just drop a link and then get no help

Sure, but if a person is like "I have a question, does anyone know X?" and then only gets a link to "dontasktoask", that's not the server culture we want.

It's off putting and not welcoming

how did you make it like this?

can I have the config?

btw I am new to emacs

https://github.com/doomemacs/doomemacs

ah, thanks! Ill look into it

Does pydis still participate in hacktoberfest?

No, it seemed positive on paper but doesn't create the right incentives and places a burden on maintainers

hacktoberfest in a nutshell lol

Oh hai Alec

What do I actually get from Hacktoberfest anyways?

well there's no shirt anymore iirc lol

There is

ah they are incentivizing crap again

excellent

I was only wondering cause I noticed I'd made some pulls to pydis this month and was wondering if I could get the hacktoberfest-accepted label on them

oh yeah that's fine

https://github.com/python-discord/bot/pull/3408 is the only one

Thanks joe

i added to 3409 as well

-# I might as well go submit a patch for https://github.com/python-discord/bot/issues/3403

can i get myself a free shirt here let's see

You are a maintainer at pydis so your pulls don't count

devastating

Not seeing what you expect here? Hacktoberfest profiles only show contributor activity, not maintainer activity (we calculate this after Hacktoberfest ends). Profiles update once every 15 minutes if you're loading the page often, or once every 6 hours in the background.

I have 40 pending pulls that I made to my own repos so they won't count once they check that which is hilarious

But ye, do you mind if I submit a quality patch for this?

yea go for it

if it lets you just review request me when you submit

i can't remember if you can or not as a non-maintainer

either way I'll look out for it

Sounds good. Lemme get a test bot configured again, pain

Iirc it's been a while, botstrap should make it easier

yea botstrap does make it not so bad

why does @radiant merlin and @slow bone have the presence intent?

also if you see this joe, how do you want https://www.pythondiscord.com/pages/guides/pydis-guides/contributing/bot.md/#appendix-full-env-file-options to be updated?

Its missing fakeredis and a lot of other variables

i'm not sure why modmail needs it, may just be that it was run at a time where the bot was requesting all intents and we enabled it by default

probably same with big brother though less sure why that's necessary

(I'm already preparing a MR to site due to a broken link + bot uses python 3.13 now)

eh tbf you could probably fix the broken link on your end

https://blog.pythondiscord.com/post/statistics-infrastructure

huh

interesting

that's now https://blog.pythondiscord.com/post/statistics-infrastructure-at-python-discord/

ye

hey joe you mind if i submit a pull to fix that and the python 3.12 -> 3.13 for bot?

go for it

I'm collecting the changes locally before I pr it

nice nice

yay

good lord

ratelimited.me

discord that's impressive:

you gave me a 403 to fetch a webhook with admin

oh

because the IDs are hardcoded in botstrap..... hm

huh

that sounds

against the idea of botstrap lol

its because I wasn't working with big brother

when i got this line i thought that botstrap completed because "its just a warning"

its actually fatal

https://github.com/python-discord/bot/blob/d21c2c7d6660a547a3c232cbf0b10be971c32fea/botstrap.py#L54-L60

botstrap.py lines 54 to 60

log.warning(f"Couldn't find key: {item} in dict: {self.name} ")
log.warning(
    "Please make sure to follow our contribution guideline "
    "https://www.pythondiscord.com/pages/guides/pydis-guides/contributing/bot/ "
    "to guarantee a successful run of botstrap "
)
sys.exit(-1)```

lol

changed it to fatal so i don't forget for now

now i just get this lol

do templates include emojis?

hmmm

they might not actually

i mean

fwiw I didn't use the template

ah lol

or well, I did.... 3 years ago

looks like just channels, roles, perms and some settings

are emojis stored in a github repo somewhere?

cause we could upgrade to app emojis

I was looking for code that I wrote a while ago but I couldn't find it, maybe someone would remember better

It was to I believe check code jam qualifiers, it did some very cursed stuff to load the code by embedding it in a larger snippet, does that ring a bell to anybody?

There's no way it's the next PR I check lmfao

Oooh it was on forms

https://github.com/python-discord/forms-backend/pull/63

Thank you for y'all's magical brain waves

I see conflicting information on this guide:

Note: This script will overwrite the .env.server file. We suggest you put any configuration not generated by this script in to .env instead

In your .env.server file, set urls_site_api="http://localhost:8000/api". If you wish to keep using http://web:8000/api, then COMPOSE_PROJECT_NAME has to be set.

To configure the bot manually, you will only need to set inside the .env.server file the values for the channels, roles, categories, etc. that are used by the component you are developing.

they are in a separate discord server

and the bootstrap script doesn't set the emojis, iirc

yeah that looks like it should point to .env instead

aight I'll add it to my pr

how can i add an adomination to a page on the site?

to the contribution docs ?

yeah

Add {: .notification .is-warning } underneath the warning

https://raw.githubusercontent.com/python-discord/site/refs/heads/main/pydis_site/apps/content/resources/guides/pydis-guides/contributing/sir-lancebot.md

thanks

If it's multiline, i think you need to denote it with ---

There should be another example in the same file

pain

I have a really old test guild

i'm sure its fine

Pydis Core Developers -> Core Developers
Domain Lead -> Domain Leads
Moderation Team -> Mod Team

but just for test server

what could be going on here?

did you use the template ?

I did.... 3 years ago

:^)

Yeah that's invalid

use the new one

https://discord.new/zmHtscpYN9E3

looking into https://github.com/python-discord/bot/issues/3402 and I actually can't figure out how to trigger that error

Please react with ✅ to upload your file(s) to our paste bin, which is more accessible for some users.

🤔

on my test server it deleted my message and dmed me as well

which was confusing UI

is this no longer used on @stable mountain?

you can upload txt files now

is your clone out of date?

Nope

my most recent commit is 88574889

https://github.com/python-discord/bot/blob/88574889/bot/exts/filtering/_filter_lists/extension.py

is this file disabled in prod?

or no, I see

so apparently Attachment.content_type seems to be just from the file extension

it seems that this filter is no longer used here, seems I can also upload binary files

-# if you're wondering, that is the tr binary from gnu coreutils

lol yea i thought it was

hmmm

that's probably not intended but also isn't inherently harmful

uploading a UNIX binary is kind of pointless because to run it you'd need to set the +x bit when you download it

whereas .exe etc automatically have execution available

or ./tr

not without the execute bit

oh good .exe is still blocked

i looked more into it and its anything with text/plain that gets previewed in discord

yea

and discord sets it so weirdly

the same binary, with .txt appended

elf my beloved

so let me see...

huh okay

can't recreate that locally

-# that took more work than I expected
https://github.com/python-discord/bot/pull/3413

breaking attachment types was somewhat difficult lmao

...can i submit a pull to quiet bot strap?

@tame pebble used the new guild:

this would be in the template needing an update

lol yeah that is excessive

but presumably yeah it's just third party loggers being set to debug

except because its botstrap I haven't configured anything yet

I decided for fixing stuff on the contributing guide i would return to the roots of a confused new developer trying to set up the bot for the first time and would see how easy it is to use

yea no I agree it needs fixing -- just shouldn't be too crazy of a fix

this is a nice idea

its difficult lol

there's at least a few other things that can be fixed/provided in botstrap

i will create an issue for this lol

-# oh the things I'll do for a t-shirt

seems to properly work on https://github.com/onerandomusername/ghre-tester/blob/9be3025d879813db5f6524338002539ad0264e45/README.md%3Fplain%3D1#L1

README.md%3Fplain%3D1 line 1

# oh no```

except for that text not being decoded

that.... hm

@timid sentinel with patch

yes

@patent pivot can you show me where that founders role lies in the role hierarchy in pydis ?

I will add it to the template

it shouldn't matter tbh

uhhh I think it's below admins above mods

cheers bg

no problems bby

holy shit there's 18250 people with the announcements role????

and lol the cloudflare bot being here

-# oh wait no thats a cloudflare employee

Try with %3f instead of %3F the URL you paste though.

!role Announcements

context: user installed app

used it to get the role order

can you try again

oh

I think I just misread the code

@tame pebble it needs to be synced

this can be seen with https://discord.new/zmHtscpYN9E3

I did sync

aside from one tiny error

Did it again now