4237a18d09
Phase 1 of the gadfly-games build. Adds a second review engine alongside the majordomo agent loop: for each lens, shell out to the Claude Code CLI (`claude -p`) inside the checked-out repo so it verifies findings with its OWN read tools, then reuse gadfly's verdict-parse + recheck + consolidate + emit pipeline unchanged. - cmd/gadfly/engine.go: new reviewEngine interface with two impls — majordomoEngine (wraps the existing runAgent path) and claudeCodeEngine (exec `claude -p ... --output-format json`, parse `.result`). main.go's runSpecialists/reviewWithSpecialist are now engine-agnostic. - Select via a model id: `claude-code` (CLI default) or `claude-code/<model>` (suffix → --model). Auth inherits from the env: Pro/Max via CLAUDE_CODE_OAUTH_TOKEN (no --bare), else ANTHROPIC_API_KEY. Read-only by default (--permission-mode plan); tunable via GADFLY_CLAUDE_*. - auto-select + delegate worker are majordomo-only and are skipped with this engine (Claude Code does its own legwork). - Dockerfile bundles Node + @anthropic-ai/claude-code (larger image). - Docs: README "Claude Code engine" section + config rows, examples/ claude-code.yml stub, examples/README + CLAUDE.md updated. Honest note that subscription-auth-in-CI is untested here / a ToS gray area. - Bumps the dogfood image pin to :sha-c3d09d3 so gadfly's own PRs now review with the live status board from Phase 3. New engine_test.go covers spec detection, model derivation, and argv building (no live CLI call). gofmt clean, go vet quiet, go test -race green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
72 lines
3.1 KiB
YAML
72 lines
3.1 KiB
YAML
# Gadfly reviewing via the Claude Code CLI engine.
|
|
# Copy to .gitea/workflows/adversarial-review.yml in your repo.
|
|
#
|
|
# Instead of a majordomo model, each lens shells out to the bundled `claude` CLI
|
|
# inside the checked-out repo (it uses its own Read/Grep/Glob tools to verify
|
|
# findings), then Gadfly runs its usual verdict + recheck + consolidate pipeline.
|
|
#
|
|
# Auth: a Pro/Max subscription token from `claude setup-token` (no --bare),
|
|
# stored as the CLAUDE_CODE_OAUTH_TOKEN secret. Falls back to ANTHROPIC_API_KEY
|
|
# if you'd rather pay per-token — set only ONE.
|
|
#
|
|
# Heads-up: this engine is wired but not yet validated end-to-end here, and using
|
|
# subscription auth in automated CI is a gray area in Anthropic's terms — read
|
|
# the README's "Claude Code engine" note before relying on it.
|
|
|
|
name: Adversarial Review (Gadfly)
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, reopened, ready_for_review]
|
|
issue_comment:
|
|
types: [created]
|
|
workflow_dispatch:
|
|
inputs:
|
|
pr_number: { description: "PR number to review", required: true }
|
|
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
pull-requests: write
|
|
|
|
concurrency:
|
|
group: gadfly-${{ github.event.issue.number || github.event.pull_request.number || github.event.inputs.pr_number }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
review:
|
|
# Security: only trusted users may trigger a secret-bearing run via a PR
|
|
# comment. Replace the username(s) below with your maintainers — keep them in
|
|
# sync with GADFLY_ALLOWED_USERS (the in-container belt-and-suspenders check).
|
|
if: >-
|
|
github.event_name != 'issue_comment'
|
|
|| github.actor == 'your-username'
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: docker://gitea.stevedudenhoeffer.com/steve/gadfly:latest
|
|
env:
|
|
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
|
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
|
# --- Claude Code engine ---
|
|
# Pro/Max subscription token (preferred). Or set ANTHROPIC_API_KEY
|
|
# instead for per-token billing — but never both.
|
|
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
|
# ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
|
|
# bare "claude-code" uses the CLI default model; "claude-code/<model>"
|
|
# sets --model (sonnet/opus/haiku, or a full id). One comment per entry.
|
|
GADFLY_MODELS: "claude-code/sonnet"
|
|
# Optional CLI tuning (defaults are read-only-safe):
|
|
# GADFLY_CLAUDE_PERMISSION_MODE: plan # read-only; never edits
|
|
# GADFLY_CLAUDE_ALLOWED_TOOLS: "Read,Grep,Glob"
|
|
# GADFLY_CLAUDE_EXTRA_ARGS: "--max-turns 30"
|
|
GADFLY_ALLOWED_USERS: "your-username"
|
|
# --- event context (leave as-is) ---
|
|
EVENT_NAME: ${{ github.event_name }}
|
|
PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
|
|
PR_BRANCH: ${{ github.head_ref }}
|
|
IS_DRAFT: ${{ github.event.pull_request.draft }}
|
|
COMMENT_BODY: ${{ github.event.comment.body }}
|
|
COMMENT_ID: ${{ github.event.comment.id }}
|
|
ACTOR: ${{ github.actor }}
|