Reverts to the original guided output format with:
- Visual hierarchy with emojis and separators
- Priority tags (High/Medium/Low)
- Security and code quality checklists
- Ultrathink directive
- Reaction comments for /review triggers
- Model signature in review footer
claude-code-action validates that anthropic_api_key is non-empty before
running. CLIProxy ignores this value and uses ANTHROPIC_AUTH_TOKEN for
actual authentication.
- Use anthropics/claude-code-action@v1 directly
- Remove ccs-reviewer wrapper dependency
- Match pr-review-comprehensive.yml pattern
- Keep CLIProxy env vars for model routing
- Restore comprehensive allowedTools for posting
- Add more allowed bash patterns: gh issue view, gh api, git commands
- Add base tools: Edit, LS for better flexibility
- Update prompt to write pr_review.md in working dir (not /tmp/)
- Add step to Read before Write to avoid security block
- Add explicit rules about avoiding shell operators (||, &&, <<)
- Allow rm pr_review.md for cleanup
Previous run had 9 tool rejections wasting ~5000 tokens due to:
- gh issue view not allowed (only gh pr view was)
- /tmp/ outside working directory
- Write without Read blocked
- Complex shell operators blocked
- Use /api/provider/agy endpoint for proper model routing
- Set ANTHROPIC_DEFAULT_*_MODEL to route Haiku/Sonnet/Opus correctly
- Disable telemetry, error reporting, bug command
- Set max output/thinking tokens
Add Bash(echo *) and Bash(cat *) patterns to allow heredocs and pipes.
This gives the AI reviewer flexibility to use any method for posting
multi-line review comments while remaining safe (shell-operator aware).
Changed pattern from `Bash(gh pr comment:*)` to `Bash(gh pr comment *)`
to match space-separated args. Updated prompt to discourage heredocs
and pipes which don't match the pattern, causing 6+ retry attempts.
Root cause: When the bot posts a review comment, GitHub fires an
issue_comment event that joins the same concurrency group and cancels
the in-progress run BEFORE job `if` conditions are evaluated.
Solution: Non-actionable triggers (bot comments, comments without
/review) get a unique per-run group via format('skip-{0}', github.run_id),
while legitimate triggers share the PR-based group for proper
cancellation of outdated reviews.
- Add `synchronize` event to trigger on new commits pushed to PR
- Add `reopened` event to trigger when PR is reopened
- Update documentation comments to reflect new behavior
- Keep cancel-in-progress to prevent stale reviews
Fixes issue where AI review only ran on PR creation, requiring
manual /review comment for subsequent commits.
Root cause of cancellations was track_progress posting comments that
triggered new workflow runs. Instead of complex concurrency isolation,
simply disable progress tracking.
Changes:
- track_progress: false (no intermediate comments)
- Simple concurrency: ai-review-<PR_NUMBER>
- Removed extra bot filters (no longer needed)
Result: Clean PRs with just the final review comment.
Previous fix was incomplete - both human /review comments and bot
progress comments were issue_comment events sharing the same
concurrency group.
Now includes comment author in concurrency group:
- Human: ai-review-issue_comment-kaitranntt-320
- Bot: ai-review-issue_comment-ccs-agy-reviewer[bot]-320
- PR/dispatch: ai-review-<event>-system-320
This completely isolates bot activity from human-triggered reviews.
Root cause: Bot progress comments triggered issue_comment events,
which created new workflow runs with the same concurrency group,
causing cancel-in-progress to kill the original review.
Fixes:
1. Add event_name to concurrency group (prevents cross-event cancellation)
2. Explicit filter for ccs-agy-reviewer[bot] comments (belt-and-suspenders)
Closes race condition causing 25+ cancelled AI review runs.
Bot progress comments were triggering new workflow runs,
which cancelled in-progress reviews due to concurrency group.
Added check for github.event.comment.user.type != 'Bot'.
Removes synchronize trigger to prevent cancel-on-push issue.
Reviews now trigger:
- Auto: when PR is first opened
- Manual: via /review comment
- Manual: via workflow_dispatch
This prevents pushes to dev from cancelling in-progress reviews.
- Add emojis to review focus areas and output sections
- Use priority color indicators (🔴/🟡/🟢)
- Add ⭐ for exceptional strengths
- Request tables for checklists
- Improve visual scannability
* fix(ci): add persistent logging and remove turn/diff limits for AI review (#298)
- Remove --max-turns limit (unlimited exploration)
- Remove head -8000 diff limit (full diff)
- Add persistent logging to /opt/actions-runner/logs/ai-review/
- Save prompt, stdout, stderr, timing, metadata as separate files
- Add structured metadata.json with run details
- Separate stdout/stderr capture for better debugging
- Include debug info in failure comments (exit code, duration, log path)
- Retry without tool restrictions if first attempt fails
* fix(cliproxy): correct faulty version range to v81-85 and set v89 as stable (#302)
PR #289 incorrectly marked all v81+ as faulty. v89 confirmed stable.
- CLIPROXY_MAX_STABLE_VERSION: 6.6.80-0 → 6.6.89-0
- CLIPROXY_FAULTY_RANGE max: 6.6.999-0 → 6.6.85-0
* ci(github): migrate ai-review to claude-code-action with CLIProxy
- Replace manual claude CLI setup with anthropics/claude-code-action@v1
- Add REVIEW_MODEL env var for centralized model configuration
- Configure ANTHROPIC_BASE_URL for CLIProxy routing
- Enable track_progress for live PR comment updates
- Add model attribution footer instruction
- Restrict tools to gh pr commands, Read, Glob, Grep only
- Simplify workflow from 424 to 55 lines (-369 lines)
* chore(release): 7.16.0-dev.1 [skip ci]
* fix(ci): skip ai-review when secrets unavailable
Add secrets check to job condition to gracefully skip on fork PRs
where CCS_REVIEWER_APP_ID secret is not accessible
* chore(release): 7.16.0-dev.2 [skip ci]
* feat(ci): enable ai-review for fork PRs via pull_request_target
Use pull_request_target event to allow secrets access for fork PRs.
Safe for code review since we only read diff, not execute fork code.
* chore(release): 7.16.0-dev.3 [skip ci]
* fix(ci): disable track_progress for workflow_dispatch
* chore(release): 7.16.0-dev.4 [skip ci]
* fix(ci): clear Claude install locks before each run
* perf(ci): use pre-installed Claude executable on runner
* chore(release): 7.16.0-dev.5 [skip ci]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* fix(ci): add persistent logging and remove turn/diff limits for AI review (#298)
- Remove --max-turns limit (unlimited exploration)
- Remove head -8000 diff limit (full diff)
- Add persistent logging to /opt/actions-runner/logs/ai-review/
- Save prompt, stdout, stderr, timing, metadata as separate files
- Add structured metadata.json with run details
- Separate stdout/stderr capture for better debugging
- Include debug info in failure comments (exit code, duration, log path)
- Retry without tool restrictions if first attempt fails
* fix(cliproxy): correct faulty version range to v81-85 and set v89 as stable (#302)
PR #289 incorrectly marked all v81+ as faulty. v89 confirmed stable.
- CLIPROXY_MAX_STABLE_VERSION: 6.6.80-0 → 6.6.89-0
- CLIPROXY_FAULTY_RANGE max: 6.6.999-0 → 6.6.85-0
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI
- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode
* chore(release): 7.15.0-dev.1 [skip ci]
* refactor(ci): use GitHub App for reviewer identity + new review format
- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only
* chore(release): 7.15.0-dev.2 [skip ci]
* refactor(ci): switch to Claude Code CLI for reviews
- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration
* chore(release): 7.15.0-dev.3 [skip ci]
* chore(release): 7.15.0-dev.4 [skip ci]
* feat(ci): add workflow_dispatch for manual review trigger
* chore(release): 7.15.0-dev.5 [skip ci]
* refactor(cliproxy): add faulty version range infrastructure (#289)
* refactor(cliproxy): add faulty version range infrastructure
- Add CLIPROXY_FAULTY_RANGE constant for marking known buggy versions
- Add isVersionFaulty() helper to version-checker.ts
- Update lifecycle.ts to warn users on faulty versions with upgrade suggestion
- Update health checks to distinguish faulty vs experimental versions
- Update stats routes to include faultyRange in API response
- Skip faulty versions when calculating latestStable
Infrastructure ready for future version promotions. Currently:
- v80 and below: stable
- v81+: marked as faulty (context cancellation bugs)
* chore: trigger review
* chore: re-trigger review
* chore: test PR trigger
* chore(release): 7.15.0-dev.6 [skip ci]
* fix(ci): rename workflow to force GitHub re-registration (#293)
* chore(release): 7.15.0-dev.7 [skip ci]
* fix(ci): use heredoc to avoid YAML parsing issues in workflow (#294)
* chore(release): 7.15.0-dev.8 [skip ci]
* fix(ci): enhance review prompt for better output format (#296)
* fix(ci): enhance review prompt for better output format
- Add emojis for visual hierarchy
- Include model name in review header
- Use severity table with file:line references
- Add summary section and suggestions
* fix: use pipe delimiter in sed to avoid slash issues
* feat(ci): comprehensive AI code review with codebase exploration
Key enhancements:
- Increased max-turns from 3 to 10 for deeper file exploration
- Added Read/Glob/Grep tool access for codebase analysis
- Checkout PR head for full file access during review
- Expanded prompt with 10+ analysis sections matching claudekit-cli quality
- Added fallback handling for review generation failures
- Increased diff limit from 5000 to 8000 lines
- Split prompt into separate step for YAML compatibility
* fix(ci): unify checkout logic for all trigger types
Apply AI review suggestion: use gh pr checkout for all event types
to ensure Read tool sees correct files on manual /review triggers
* feat(ci): force tool usage for comprehensive code review
Key changes:
- Add MANDATORY tool exploration step before writing review
- Explicit instructions to Read each changed file in full
- Require finding and reading test files via Glob
- Require usage search via Grep for breaking change detection
- Increase max-turns from 10 to 15 for deeper exploration
- Enhanced output format with code snippet examples
- Better testing section with specific file references
* fix(ci): add --force flag and retry logic for Claude install
* fix(ci): remove invalid --force flag from install script
* fix(ci): add fallback to claude install --force on lock conflict
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI
- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode
* chore(release): 7.15.0-dev.1 [skip ci]
* refactor(ci): use GitHub App for reviewer identity + new review format
- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only
* chore(release): 7.15.0-dev.2 [skip ci]
* refactor(ci): switch to Claude Code CLI for reviews
- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration
* chore(release): 7.15.0-dev.3 [skip ci]
* chore(release): 7.15.0-dev.4 [skip ci]
* feat(ci): add workflow_dispatch for manual review trigger
* chore(release): 7.15.0-dev.5 [skip ci]
* refactor(cliproxy): add faulty version range infrastructure (#289)
* refactor(cliproxy): add faulty version range infrastructure
- Add CLIPROXY_FAULTY_RANGE constant for marking known buggy versions
- Add isVersionFaulty() helper to version-checker.ts
- Update lifecycle.ts to warn users on faulty versions with upgrade suggestion
- Update health checks to distinguish faulty vs experimental versions
- Update stats routes to include faultyRange in API response
- Skip faulty versions when calculating latestStable
Infrastructure ready for future version promotions. Currently:
- v80 and below: stable
- v81+: marked as faulty (context cancellation bugs)
* chore: trigger review
* chore: re-trigger review
* chore: test PR trigger
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI
- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode
* chore(release): 7.15.0-dev.1 [skip ci]
* refactor(ci): use GitHub App for reviewer identity + new review format
- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only
* chore(release): 7.15.0-dev.2 [skip ci]
* refactor(ci): switch to Claude Code CLI for reviews
- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration
* chore(release): 7.15.0-dev.3 [skip ci]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
- dev versions (X.Y.Z-dev.N) now treated as newer than base release (X.Y.Z)
- reflects convention that dev work is AFTER the release, not before
- update GH Actions message to use 'ccs update --dev' instead of npm install
- update tests to match new semantic
Replaces semantic-release for dev branch with custom script that:
- Bases dev versions on current stable (e.g., 6.7.1-dev.N)
- Increments only the dev number, not the base version
- Keeps GitHub releases, issue tagging, Discord notifications
Changes semantic-release to use the built-in GITHUB_TOKEN instead of
PAT_TOKEN so that release comments appear from github-actions[bot]
instead of the repository owner's personal account.
PAT_TOKEN is still used for checkout to ensure downstream workflows
can be triggered by the release commits.
- stable releases: fetch GH release, post green embed with changelog
- dev releases: post orange embed with version info
- graceful skip if webhook not configured
The native shell installers (install.sh, install.ps1) were removed in the
recent refactor, but the dev-release workflow still tried to update and
commit them, causing CI failures.
- Remove tests from pre-commit hook (keep typecheck+lint only)
- Remove build+validate from prepublishOnly/prepack (CI handles it)
- Add HUSKY=0 to CI commit step to skip hooks
Before: 4 test runs per release (pre-commit, CI validate, prepublishOnly, prepack)
After: 1 test run (CI validate only)
- Add label-pending-release.yml workflow to tag issues when PR created
- Update dev-release.yml to comment and label issues after npm publish
- Labels: pending-release (yellow), released-dev (blue)
- Auto-removes pending-release when released-dev is applied
- validate now uses test:all directly (build already done)
- Added test:ci script for explicit CI usage
- ci.yml now builds UI deps and uses build:all
- dev-release.yml separates build and validate steps
- Reduces build count from 3-4 to 1 per release cycle
- Remove dev branch from semantic-release (main only)
- Add dev-release.yml: simple X.Y.Z-dev.N bump workflow
- Update sync workflow: handle merge conflicts for version files
- Update release.yml: trigger only on main branch
Dev versions now stay at {stable}-dev.N until merged to main.
PR merge commit type (feat/fix) determines actual version bump.
Update CI/CD configuration, documentation, and scripts to use dev as the
primary integration branch instead of beta. Changes include GitHub Actions
workflow triggers, semantic-release configuration, and all relevant
documentation and helper scripts.
The npm publish was failing because:
1. Bun runtime was not installed (prepublishOnly uses bun commands)
2. dist/ was not built before publish
Added:
- oven-sh/setup-bun@v2 action
- bun install step
- bun run build step
* feat: implement native multi-account switching with isolated instances
Add account-based profile management system that enables users to run
multiple Claude accounts concurrently with complete isolation.
Key features:
- Profile registry (~/.ccs/profiles.json) tracks account profiles
- Instance isolation (~/.ccs/instances/<profile>/) for each account
- Auth commands: create, list, show, remove, default
- Backward compatible with settings-based profiles (GLM, Kimi)
- Auto-copies global .claude configs to new instances
Implementation:
- Phase 1: Profile detection logic (account vs settings-based)
- Phase 2: Instance management (initialization, validation)
- Phase 3: Auth CLI commands
- Phase 4: Profile registry CRUD operations
- Phase 5: Execution routing based on profile type
Both lib/ccs (bash) and lib/ccs.ps1 (PowerShell) updated for
cross-platform support.
* fix(ci): add pull_request trigger to satisfy branch protection
The branch protection rule requires "Deploy ccs-installer to CloudFlare"
status check to pass, but the workflow only ran on push to main branch.
This caused PRs to wait indefinitely for a status that never reported.
Changes:
- Add pull_request trigger with same path filters
- Split deployment into conditional steps:
- PR mode: dry-run validation only (--dry-run flag)
- Production: actual deployment (push to main only)
- Keeps same job name to satisfy branch protection requirement
Security:
- No deployment from PR branches (dry-run only)
- Production deploy only when push to main AND ref check
- Secrets used safely in both contexts
This fixes PR #3 which was stuck waiting for status.
* fix(ci): remove path filter from pull_request trigger
The path filter prevented workflow from running on PRs that don't
modify worker/installer files, causing required status check to
never report. This blocked PR #3 indefinitely.
Changes:
- Remove paths filter from pull_request trigger
- Keep paths filter on push to main (optimize deployments)
- Workflow now runs on ALL PRs to satisfy branch protection
Trade-off:
- PRs changing non-worker files will trigger unnecessary dry-run
- But this ensures required status check always reports
- Small cost for reliability and simpler configuration
Alternatives considered:
- Path-aware required checks: Not supported by GitHub
- Remove required check: Loses CI validation
- Add all paths to filter: Makes config brittle