Files
gadfly/Dockerfile
T
steve 4237a18d09
Build & push image / build-and-push (pull_request) Successful in 46s
Adversarial Review (Gadfly) / review (pull_request) Failing after 30m16s
feat: claude-code reviewer engine (per-lens claude -p shell-out)
Phase 1 of the gadfly-games build. Adds a second review engine alongside
the majordomo agent loop: for each lens, shell out to the Claude Code CLI
(`claude -p`) inside the checked-out repo so it verifies findings with
its OWN read tools, then reuse gadfly's verdict-parse + recheck +
consolidate + emit pipeline unchanged.

- cmd/gadfly/engine.go: new reviewEngine interface with two impls —
  majordomoEngine (wraps the existing runAgent path) and claudeCodeEngine
  (exec `claude -p ... --output-format json`, parse `.result`). main.go's
  runSpecialists/reviewWithSpecialist are now engine-agnostic.
- Select via a model id: `claude-code` (CLI default) or
  `claude-code/<model>` (suffix → --model). Auth inherits from the env:
  Pro/Max via CLAUDE_CODE_OAUTH_TOKEN (no --bare), else ANTHROPIC_API_KEY.
  Read-only by default (--permission-mode plan); tunable via GADFLY_CLAUDE_*.
- auto-select + delegate worker are majordomo-only and are skipped with
  this engine (Claude Code does its own legwork).
- Dockerfile bundles Node + @anthropic-ai/claude-code (larger image).
- Docs: README "Claude Code engine" section + config rows, examples/
  claude-code.yml stub, examples/README + CLAUDE.md updated. Honest note
  that subscription-auth-in-CI is untested here / a ToS gray area.
- Bumps the dogfood image pin to :sha-c3d09d3 so gadfly's own PRs now
  review with the live status board from Phase 3.

New engine_test.go covers spec detection, model derivation, and argv
building (no live CLI call). gofmt clean, go vet quiet, go test -race green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 15:26:57 -04:00

38 lines
1.7 KiB
Docker

# syntax=docker/dockerfile:1
#
# Multi-stage so the private-module credentials (used to fetch the majordomo
# dependency) live ONLY in the build stage via BuildKit secrets and never land
# in the final image. Mirrors mort's Dockerfile secret idiom.
FROM golang:1.26 AS build
ARG GIT_HOST=gitea.stevedudenhoeffer.com
ENV CGO_ENABLED=0 \
GOFLAGS=-mod=mod \
GOSUMDB=off \
GOTOOLCHAIN=auto
ENV GOPRIVATE=${GIT_HOST}/* GONOSUMDB=${GIT_HOST}/*
WORKDIR /src
COPY go.mod go.sum ./
RUN --mount=type=secret,id=REGISTRY_USER \
--mount=type=secret,id=REGISTRY_PASSWORD \
--mount=type=cache,target=/go/pkg/mod \
git config --global url."https://$(cat /run/secrets/REGISTRY_USER):$(cat /run/secrets/REGISTRY_PASSWORD)@${GIT_HOST}/".insteadOf "https://${GIT_HOST}/" \
&& go mod download
COPY . .
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
go build -trimpath -ldflags="-s -w" -o /out/gadfly ./cmd/gadfly
FROM alpine:3.20
RUN apk add --no-cache bash git curl jq ca-certificates nodejs npm
# Bundle the Claude Code CLI so the `claude-code` review engine works out of the
# box (GADFLY_MODELS=claude-code or claude-code/<model>). This adds Node + the
# CLI to the image (notably larger); ollama-only users pay the size but nothing
# else. Auth is provided at runtime via CLAUDE_CODE_OAUTH_TOKEN / ANTHROPIC_API_KEY.
RUN npm install -g @anthropic-ai/claude-code && npm cache clean --force
COPY --from=build /out/gadfly /usr/local/bin/gadfly
COPY scripts /app/scripts
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh /app/scripts/run.sh /app/scripts/status-board.sh /usr/local/bin/gadfly
ENTRYPOINT ["/entrypoint.sh"]