# Gadfly reviewing via the Claude Code CLI engine. # Copy to .gitea/workflows/adversarial-review.yml in your repo. # # Instead of a majordomo model, each lens shells out to the bundled `claude` CLI # inside the checked-out repo (it uses its own Read/Grep/Glob tools to verify # findings), then Gadfly runs its usual verdict + recheck + consolidate pipeline. # # Auth: a Pro/Max subscription token from `claude setup-token` (no --bare), # stored as the CLAUDE_CODE_OAUTH_TOKEN secret. Falls back to ANTHROPIC_API_KEY # if you'd rather pay per-token — set only ONE. # # Heads-up: this engine is wired but not yet validated end-to-end here, and using # subscription auth in automated CI is a gray area in Anthropic's terms — read # the README's "Claude Code engine" note before relying on it. name: Adversarial Review (Gadfly) on: pull_request: types: [opened, reopened, ready_for_review] issue_comment: types: [created] workflow_dispatch: inputs: pr_number: { description: "PR number to review", required: true } permissions: contents: read issues: write pull-requests: write concurrency: group: gadfly-${{ github.event.issue.number || github.event.pull_request.number || github.event.inputs.pr_number }} cancel-in-progress: true jobs: review: # Security: only trusted users may trigger a secret-bearing run via a PR # comment. Replace the username(s) below with your maintainers — keep them in # sync with GADFLY_ALLOWED_USERS (the in-container belt-and-suspenders check). if: >- github.event_name != 'issue_comment' || github.actor == 'your-username' runs-on: ubuntu-latest timeout-minutes: 30 steps: - uses: docker://gitea.stevedudenhoeffer.com/steve/gadfly:latest env: GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }} GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} # --- Claude Code engine --- # Pro/Max subscription token (preferred). Or set ANTHROPIC_API_KEY # instead for per-token billing — but never both. CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} # ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} # bare "claude-code" uses the CLI default model; "claude-code/" # sets --model (sonnet/opus/haiku, or a full id). One comment per entry. GADFLY_MODELS: "claude-code/sonnet" # Optional CLI tuning (defaults are read-only-safe): # GADFLY_CLAUDE_PERMISSION_MODE: plan # read-only; never edits # GADFLY_CLAUDE_ALLOWED_TOOLS: "Read,Grep,Glob" # GADFLY_CLAUDE_EXTRA_ARGS: "--max-turns 30" # Alternate backend (EXAMPLE ONLY, not validated): point Claude Code at # an Anthropic-API-compatible proxy (e.g. claude-code-router / LiteLLM in # front of Ollama) to run Ollama models THROUGH the CC harness. The # subprocess env forwards ANTHROPIC_*, so just set these instead of the # token above. Tool-use support depends on the proxy/backend. # ANTHROPIC_BASE_URL: ${{ vars.ANTHROPIC_BASE_URL }} # ANTHROPIC_AUTH_TOKEN: ${{ secrets.ANTHROPIC_AUTH_TOKEN }} GADFLY_ALLOWED_USERS: "your-username" # --- event context (leave as-is) --- EVENT_NAME: ${{ github.event_name }} PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }} PR_BRANCH: ${{ github.head_ref }} IS_DRAFT: ${{ github.event.pull_request.draft }} COMMENT_BODY: ${{ github.event.comment.body }} COMMENT_ID: ${{ github.event.comment.id }} ACTOR: ${{ github.actor }}