- replace raw assistant-text fallback with structured output normalization
- simplify the review prompt toward a tighter findings-only contract
- add tests for malformed output, safe fallback, and markdown escaping
- Increase per-reviewer max-turns 25→40 (security review hit limit on
large PRs like codex runtime with ~5000 line diff)
- Increase orchestrator max-turns 15→20
- Improve fallback extraction: concatenate ALL assistant messages (not
just last) when reviewer hits turn limit without writing output file
- Add descriptive prefix to fallback output explaining why extraction
was needed (e.g., "hit turn limit", "no execution log")
- Ensures something meaningful is posted even when CI jobs fail
Replace echo with printf '%s\n' for subagent prompt GITHUB_OUTPUT writes
to match the existing main prompt pattern (line 216). Prevents edge case
where echo misinterprets leading -n/-e as flags.
--allowedTools is an approval list (skip permission prompts), redundant
with bypassPermissions. --tools is the actual availability whitelist.
Also simplified tool list: Bash sub-patterns (gh pr diff *, etc.) aren't
supported by --tools. The workflow token has contents:read only, so the
agent physically cannot push/delete/modify the repo even with full Bash.
- Remove --allowedTools from claude_args (redundant with bypassPermissions,
was never actually restricting tools)
- Strengthen orchestrator prompt: MANDATORY/FORBIDDEN language for subagent
dispatch, explicit "you MUST use Agent tool" enforcement
- Increase --max-turns from 20 to 30 (large PRs with 31 files need ~25 turns)
- Explicitly instruct Claude to use Write tool (not Edit/python3 fallback)
- Add READ-ONLY constraint to prevent source code modifications
- Previous run hit error_max_turns at turn 21 despite successfully writing review
Part of #818
- Upgrade review model from glm-5 to glm-5.1
- Add fallback step: if Claude doesn't write pr_review.md, extract
last assistant message from execution output as review content
- Upload claude-execution-output.json as artifact (7-day retention)
so review sessions can be inspected after the job completes
- Publish review comment runs on always() instead of only on success,
so fallback-extracted reviews still get posted
Allows seeing Claude's full output in CI logs instead of the
opaque "full output hidden for security" message. Helps debug
slow reviews and identify bottlenecks.
claude-code-action@v1 auto-updates its bundled Claude Code and Agent SDK.
The custom path_to_claude_code_executable forced the runner's stale CLI
(v2.1.39) to be used instead, causing validateHeaders auth failures when
the SDK updated to 0.2.85. Let the action manage its own installation.
Closes#810
Root cause: Bun's test runner fails to resolve exports from directory
index.ts files during parallel test execution. The api-command/index.ts
imports 8 subcommand modules — if any fail to load during concurrent
test runs, the entire module fails with "Export not found."
Fix: extract createApiCommandHandler into handler.ts (lightweight, only
imports named-command-router). Test imports from handler.ts directly,
bypassing the heavy index.ts that loads all subcommand modules.
Also:
- Remove stale api-command.ts barrel file
- Use explicit /index import paths in source
- Migrate CI validate to self-hosted runner with clean artifact step
- Disable Bun cache (no-cache: true) on self-hosted runner
Review prompt already contains self-contained CCS-specific rules.
Loading project CLAUDE.md caused dev-oriented rules (no-emoji, quality
gates, branching) to leak into review output. --bare makes the review
prompt the sole source of truth and saves ~2K tokens per run.
Multi-platform builds create a manifest index pointing to per-platform
images. The existing labels parameter only sets labels on per-platform
image configs, but GHCR reads annotations from the manifest index for
repository auto-linking. Add index-level annotations so the package
appears under the repo Packages tab instead of only the user profile.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
External PRs could modify review-prompt.md to suppress findings or
manipulate the reviewer. Now loads prompt via git show from the base
branch (origin/dev or origin/main), never from PR-controlled checkout.
Also:
- Fallback prompt upgraded with adversarial framing and severity output
- Use printf instead of echo for content preservation
- Expand deep review trigger to all .github/ files (not just workflows/)
- Warning message now shows '.github/review-prompt.md' instead of just
'review-prompt.md' for easier debugging
- Deep review scope-aware trigger explicitly includes .github/workflows/
alongside auth/, middleware/, security/, crypto/, commands/, shared/
The maintainability gate (process.exit count + sync FS API count) was
a raw grep counter that provided no actionable signal for a CLI tool.
It blocked the v7.53.0 stable release because new features naturally
increased the counts beyond the baseline.
Removed:
- scripts/maintainability-baseline.js
- scripts/maintainability-check.js
- docs/metrics/maintainability-baseline.json
- All maintainability:* npm scripts
- Gate references from release, dev-release, and CI workflows
Quality gates retained: typecheck, eslint, prettier, full test suite.
semantic-release outputs ANSI color codes that break the grep pattern
for detecting "Published GitHub release", causing Discord notifications
to be skipped even on successful releases.
semantic-release needs to push version bump + CHANGELOG commits directly
to main. GITHUB_TOKEN cannot bypass branch protection rules, causing
@semantic-release/git to fail with "push declined due to repository rule
violations". PAT_TOKEN has admin bypass and resolves the issue.