Commit Graph
92 Commits
Author SHA1 Message Date
Tam Nhu Tran cc55b9d794 Merge remote-tracking branch 'origin/dev' into kai/chore/ccs-backlog-project-automation-refresh 2026-03-28 10:17:56 -04:00
Tam Nhu Tran 3ebf17f170 fix(ci): require explicit /review command for AI review reruns 2026-03-28 10:10:31 -04:00
Tam Nhu Tran e6617726cb fix: harden CCS backlog sync pagination and recovery 2026-03-28 09:51:53 -04:00
Tam Nhu Tran b3b3853db0 chore: automate CCS backlog project sync 2026-03-27 17:52:34 -04:00
Tam Nhu Tran 179fa338b8 hotfix(ci): increase max-turns to 30 and enforce Write tool for review output
- Increase --max-turns from 20 to 30 (large PRs with 31 files need ~25 turns)
- Explicitly instruct Claude to use Write tool (not Edit/python3 fallback)
- Add READ-ONLY constraint to prevent source code modifications
- Previous run hit error_max_turns at turn 21 despite successfully writing review

Part of #818
2026-03-27 14:55:22 -04:00
Tam Nhu Tran 0a7fef0368 hotfix(ci): fix AI review performance — bypass permissions, cap turns, reduce thinking
- Add --permission-mode bypassPermissions to eliminate 16+ permission denials per review
- Add --max-turns 20 to prevent runaway 41+ turn sessions
- Replace ultrathink with think (32K→16K thinking tokens) — sufficient for read-only review
- Expand --allowedTools with commonly-tried tools (wc, head, tail, find, git show)
- Remove unnecessary tools (Edit, LS — review shouldn't edit files)
- Reduce timeout from 20 to 15 minutes for faster failure detection

Evidence from run #23659037151: 11.6 min, 41 turns, 16 permission denials, $1.95, failed to write review.

Closes #818
2026-03-27 14:26:21 -04:00
Tam Nhu Tran bb5862f0a0 ci(ai-review): upgrade model, add fallback extraction, preserve logs
- Upgrade review model from glm-5 to glm-5.1
- Add fallback step: if Claude doesn't write pr_review.md, extract
  last assistant message from execution output as review content
- Upload claude-execution-output.json as artifact (7-day retention)
  so review sessions can be inspected after the job completes
- Publish review comment runs on always() instead of only on success,
  so fallback-extracted reviews still get posted
2026-03-27 12:09:24 -04:00
Tam Nhu Tran 6dca069c7d ci(ai-review): enable show_full_output for review visibility
Allows seeing Claude's full output in CI logs instead of the
opaque "full output hidden for security" message. Helps debug
slow reviews and identify bottlenecks.
2026-03-27 12:02:11 -04:00
Tam Nhu Tran 0334f70991 ci(ai-review): remove custom Claude CLI path to prevent version drift
claude-code-action@v1 auto-updates its bundled Claude Code and Agent SDK.
The custom path_to_claude_code_executable forced the runner's stale CLI
(v2.1.39) to be used instead, causing validateHeaders auth failures when
the SDK updated to 0.2.85. Let the action manage its own installation.

Closes #810
2026-03-27 11:55:03 -04:00
Tam Nhu Tran 41a31c8a4f fix(ci): resolve flaky api-command module resolution and migrate to self-hosted runner
Root cause: Bun's test runner fails to resolve exports from directory
index.ts files during parallel test execution. The api-command/index.ts
imports 8 subcommand modules — if any fail to load during concurrent
test runs, the entire module fails with "Export not found."

Fix: extract createApiCommandHandler into handler.ts (lightweight, only
imports named-command-router). Test imports from handler.ts directly,
bypassing the heavy index.ts that loads all subcommand modules.

Also:
- Remove stale api-command.ts barrel file
- Use explicit /index import paths in source
- Migrate CI validate to self-hosted runner with clean artifact step
- Disable Bun cache (no-cache: true) on self-hosted runner
2026-03-26 18:12:32 -04:00
Tam Nhu Tran 57019c1105 ci(ai-review): add --bare flag to prevent CLAUDE.md pollution in reviews
Review prompt already contains self-contained CCS-specific rules.
Loading project CLAUDE.md caused dev-oriented rules (no-emoji, quality
gates, branching) to leak into review output. --bare makes the review
prompt the sole source of truth and saves ~2K tokens per run.
2026-03-26 17:37:47 -04:00
UserandClaude Opus 4.6 9c0dd34896 fix(docker): add index annotations to link GHCR package to repository
Multi-platform builds create a manifest index pointing to per-platform
images. The existing labels parameter only sets labels on per-platform
image configs, but GHCR reads annotations from the manifest index for
repository auto-linking. Add index-level annotations so the package
appears under the repo Packages tab instead of only the user profile.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 23:07:32 -07:00
Tam Nhu Tran ec68de1585 hotfix(ci): reuse runner bun for AI review 2026-03-24 15:32:34 -04:00
Tam Nhu Tran ba4100878c fix(ci): export review runtime paths at run time 2026-03-23 15:58:28 -04:00
Tam Nhu Tran d24efd2863 fix(ci): dedupe AI review comments 2026-03-23 15:53:38 -04:00
Tam Nhu Tran e06e13ad0d fix(ci): close release automation edge cases 2026-03-23 10:57:24 -04:00
Tam Nhu Tran 5616c68471 fix(ci): harden release automation workflows 2026-03-23 10:53:51 -04:00
Tam Nhu Tran 5c1553e6f5 fix(ci): publish docker image from releases 2026-03-23 09:52:59 -04:00
Tam Nhu Tran dcb46356f3 fix(ci): load review prompt from base branch to prevent prompt injection
External PRs could modify review-prompt.md to suppress findings or
manipulate the reviewer. Now loads prompt via git show from the base
branch (origin/dev or origin/main), never from PR-controlled checkout.

Also:
- Fallback prompt upgraded with adversarial framing and severity output
- Use printf instead of echo for content preservation
- Expand deep review trigger to all .github/ files (not just workflows/)
2026-03-16 07:47:59 -04:00
Tam Nhu Tran 78287807f8 fix(ci): use full path in warning and add workflows/ to deep review triggers
- Warning message now shows '.github/review-prompt.md' instead of just
  'review-prompt.md' for easier debugging
- Deep review scope-aware trigger explicitly includes .github/workflows/
  alongside auth/, middleware/, security/, crypto/, commands/, shared/
2026-03-16 07:42:13 -04:00
Tam Nhu Tran b528bcbf35 fix(ci): address code review findings for hardened AI review
Workflow fixes:
- Use randomized heredoc delimiter to prevent output injection
- Add file existence guard with fallback inline prompt
- Use direct cat instead of echo variable (preserves content exactly)

Prompt fixes:
- Add 4 missing CCS rules: TTY/NO_COLOR, idempotent installs,
  dashboard parity, documentation mandatory
- Qualify suppression list to exclude security/correctness/CCS concerns
- Change severity labels from Critical/Medium/Low to High/Medium/Low
  to match maintainer feedback loop parser expectations
2026-03-16 07:38:39 -04:00
Tam Nhu Tran 19f70914a9 feat(ci): harden AI review with adversarial red-team prompt
Extract review prompt to .github/review-prompt.md for maintainability.
Replace generic "comprehensive review" with adversarial attack mindset:
- 3-phase review: Understand -> Attack -> Verify
- Scope-aware depth calibration (quick/standard/deep)
- 25+ concrete critical checklist patterns
- False assumption hunting ("prove it can be null")
- AI-generated code blind spots (hallucinated imports, deprecated APIs)
- CCS-specific constraint enforcement (8 rules)
- Strict approval criteria (APPROVED requires zero critical findings)
- Suppression list to reduce noise on style/formatting
- Output restructured: findings first, strengths last (optional)

Closes #731
2026-03-16 07:28:07 -04:00
Tam Nhu Tran 314053b35c fix(docker): harden release image publishing 2026-03-15 13:28:44 -04:00
User 25bb806ecd feat(docker): publish release images on stable tags 2026-03-11 06:22:57 -07:00
Tam Nhu Tran e6ae052527 fix(ci): remove maintainability baseline gate blocking releases
The maintainability gate (process.exit count + sync FS API count) was
a raw grep counter that provided no actionable signal for a CLI tool.
It blocked the v7.53.0 stable release because new features naturally
increased the counts beyond the baseline.

Removed:
- scripts/maintainability-baseline.js
- scripts/maintainability-check.js
- docs/metrics/maintainability-baseline.json
- All maintainability:* npm scripts
- Gate references from release, dev-release, and CI workflows

Quality gates retained: typecheck, eslint, prettier, full test suite.
2026-03-11 10:52:30 +07:00
Tam Nhu Tran becfc573c9 ci: harden AI review for external PRs 2026-03-07 13:44:32 +07:00
Tam Nhu Tran 6e16f1cf3e fix(ci): strip ANSI codes before detecting published release
semantic-release outputs ANSI color codes that break the grep pattern
for detecting "Published GitHub release", causing Discord notifications
to be skipped even on successful releases.
2026-03-04 02:24:15 +07:00
Tam Nhu Tran 343c36f97d ci(release): use PAT_TOKEN for semantic-release branch protection bypass
semantic-release needs to push version bump + CHANGELOG commits directly
to main. GITHUB_TOKEN cannot bypass branch protection rules, causing
@semantic-release/git to fail with "push declined due to repository rule
violations". PAT_TOKEN has admin bypass and resolves the issue.
2026-03-04 01:42:29 +07:00
Tam Nhu Tran a259d957b1 fix(ci): remove PAT dependency from release workflow checkouts 2026-03-02 21:44:16 +07:00
Tam Nhu Tran b35c85d308 fix(ci): harden release workflows against PAT checkout failures 2026-03-02 21:33:21 +07:00
Tam Nhu Tran fdb32e2c53 fix(maintainability): make gate parallel-pr friendly 2026-02-26 14:46:56 +07:00
Tam Nhu Tran 68405239cd fix: resolve package.json version conflict from main merge 2026-02-24 00:12:56 +07:00
Tam Nhu Tran 0aed60febb fix(ci): enforce parity gate and stabilize test execution 2026-02-23 23:53:09 +07:00
Tam Nhu Tran b6f2d5d249 fix(ci): auto-close released issues in stable release workflow 2026-02-23 22:20:19 +07:00
Tam Nhu Tran 55ecbce3f5 ci(ai-review): switch from CLIProxy to GLM API for code reviews
Route AI code reviews through api.z.ai instead of localhost CLIProxy.
Uses GLM_API_KEY repo secret for authentication.
2026-02-17 01:55:29 +07:00
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
051805074e feat: account safety, quota monitoring, and stability fixes (#530)
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names (#515)

* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names

CLIProxyAPI registry no longer recognizes the gemini-claude-* prefix convention.
Model names in catalog, base config, and user settings are migrated to upstream
claude-* names. Auto-migration in env-builder rewrites existing user settings on
load and persists the change.

Closes #513

* fix: address code review feedback — sync UI layer and add migration tests

- Sync UI isNativeGeminiModel() with backend (remove gemini-claude- exclusion)
- Update UI model catalog agy entries from gemini-claude-* to claude-*
- Update CI/CD workflow and code-reviewer default model names
- Add unit tests for migrateDeprecatedModelNames() logic

* fix(hooks): isolate image type check before error-prone processing (#514)

* fix(hooks): isolate image type check before error-prone processing

Restructure processHook() into two phases so non-image Read calls
never see hook error messages. Phase 1 defensively checks tool name
and file extension, exiting 0 silently on any failure. Phase 2 only
runs for confirmed image/PDF files where errors are relevant.

Closes #511

* fix(hooks): sync image analyzer hook file on every profile launch

Add installImageAnalyzerHook() call to cliproxy executor, matching
the existing installWebSearchHook() pattern. This ensures the .cjs
file in ~/.ccs/hooks/ gets refreshed from the npm package on every
launch, so users receive hook updates after npm update.

* chore(release): 7.41.0-dev.1 [skip ci]

* fix(cliproxy): add fork:true for Claude model aliases in config generator (#523)

Config generator now outputs fork:true for Claude model alias entries,
ensuring both upstream (claude-*) and aliased (gemini-claude-*) model
names appear in /v1/models listings. Also preserves fork flag when
parsing user-added aliases during config regeneration.

Bumps config version to v7 to trigger regeneration on next ccs doctor.

Closes #522

* chore(release): 7.41.0-dev.2 [skip ci]

* feat(cliproxy): add account safety guards to prevent Google account bans (#516)

* feat(cliproxy): add account safety guards to prevent Google account bans

Implements cross-provider isolation to prevent Google from flagging
concurrent OAuth usage across different client IDs (ref: #509, #512).

Three pillars:
1. Auto-pause enforcement at session launch — conflicting accounts in
   other Google OAuth providers are paused so CLIProxyAPI can't use them,
   restored on session exit with crash recovery via auto-paused.json
2. Ban/disable detection — error responses matching Google ban patterns
   auto-pause the affected account to prevent further damage
3. Cross-provider conflict warnings during OAuth registration

Key design decisions:
- PID-based session tracking for crash recovery (dead PID = restore)
- Timestamp comparison prevents restoring ban-paused accounts on exit
- Schema validation on auto-paused.json prevents corrupted state
- Falls back to warn-only when another session is managing isolation

* fix(cliproxy): address code review feedback (attempt 1/5)

- Re-read auto-paused.json before write in enforceProviderIsolation to
  reduce concurrent write race window
- Use actual email from registry for display instead of raw accountId
- Export maskEmail for testability
- Add 27 unit tests covering ban detection, email masking,
  cross-provider duplicate detection, enforcement lifecycle,
  crash recovery, and timestamp-guarded restore

* fix(cliproxy): address remaining review feedback (attempt 2/5)

- Add handleBanDetection test verifying account pause on ban error
- Add warnCrossProviderDuplicates tests (true/false/non-Google)
- Document PID reuse limitation in isPidAlive JSDoc comment

* chore(release): 7.41.0-dev.3 [skip ci]

* feat(cliproxy): runtime quota monitoring during active sessions (#529)

* feat(cliproxy): add runtime quota monitoring during active sessions

Adds adaptive background quota polling to detect and respond to quota
exhaustion during active CLIProxy sessions. Prevents rate-limit-driven
account bans by auto-cooling exhausted accounts and switching defaults.

- Adaptive polling: 300s normal, 60s at 20% threshold, stops at 0%
- Stderr warnings at 20%, boxed exhaustion alerts at 0%
- Cooldown + default switch on exhaustion (existing patterns)
- Configurable via quota_management.runtime_monitor in config.yaml
- Timer.unref() prevents blocking process exit
- monitorStopped guard for in-flight poll safety

Closes #524

* fix: address code review feedback (attempt 1/5)

- M1: Round quotaPercent display with Math.round() to avoid ugly floats
- M2: Rename exhaust_threshold -> exhaustion_threshold for consistency
  with existing auto.exhaustion_threshold config field
- M3: Replace async not.toThrow() with direct await assertion pattern

* fix: address code review feedback (attempt 2/5)

- Remove .claude/agent-memory/ from tracking and add to .gitignore
- Unify cooldown_minutes default to 5 (was 10 in runtime_monitor, 5 in auto)
- Add threshold validation in startQuotaMonitor (warn > exhaustion)
- Document intentional post-switch monitoring gap in code comment

* chore(release): 7.41.0-dev.4 [skip ci]

* fix(cliproxy): mask email in ban detection and fix JSDoc default

- Use maskEmail() in handleBanDetection output for consistency
- Fix cooldown_minutes JSDoc: default is 5, not 10

* chore(release): 7.41.0-dev.5 [skip ci]

* fix(cliproxy): address all review feedback (Low + informational)

- Add sync constraint comment on process.exit handler (executor)
- Add TOCTOU race acceptability comment (account-safety)
- Mask email in handleQuotaExhaustion reason string
- Use realistic exhaustion_threshold (5) in test configs

* chore(release): 7.41.0-dev.6 [skip ci]

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-12 00:48:29 +07:00
Kai (Tam Nhu) TranGitHubCarlos Umanzorgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>semantic-release-bot
0b394933ae feat: hybrid CLIProxy catalog sync + agent teams env fix (#486)
* fix(teams): propagate CLAUDE_CONFIG_DIR to tmux session for agent teammates

When CCS launches Claude with CLAUDE_CONFIG_DIR pointing to the isolated
instance path, agent team teammates spawned via tmux split-window don't
inherit it because tmux creates new panes from its own session environment.
This causes teammates to use ~/.claude/ instead of ~/.ccs/instances/{profile}/,
creating a split-brain in shared state (tasks, teams, mailbox).

Sets key CCS env vars in the tmux session environment via `tmux setenv` so
all new panes inherit the correct config directory.

* refactor(teams): use spawnSync array args instead of execSync string

Avoids shell interpretation of env values by passing args as array
to spawnSync instead of interpolating into a shell command string.

* chore(release): 7.38.0-dev.1 [skip ci]

* feat(cliproxy): add hybrid catalog sync with CLIProxyAPI (#485)

* chore(release): 7.38.0 [skip ci]

## [7.38.0](https://github.com/kaitranntt/ccs/compare/v7.37.1...v7.38.0) (2026-02-07)

### Features

* **release:** v7.38.0 - Extended Context, Qwen Models, Bug Fixes ([#480](https://github.com/kaitranntt/ccs/issues/480)) ([b454834](https://github.com/kaitranntt/ccs/commit/b4548341750804339c87c48259dd8741425d2acf)), closes [#472](https://github.com/kaitranntt/ccs/issues/472) [#474](https://github.com/kaitranntt/ccs/issues/474) [#103](https://github.com/kaitranntt/ccs/issues/103) [#478](https://github.com/kaitranntt/ccs/issues/478) [#482](https://github.com/kaitranntt/ccs/issues/482)

* feat(cliproxy): add hybrid catalog sync with CLIProxyAPI

Add `ccs cliproxy catalog` command family for syncing model catalogs
from CLIProxyAPI's model-definitions endpoint. Cached locally with
24h TTL, merges remote models with static catalog preserving
broken/deprecated flags. Dashboard API endpoint at /api/cliproxy/catalog.

Closes #477

---------

Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net>

* chore(reviewer): upgrade review model from opus 4.5 to opus 4.6

- update default model in code-reviewer.ts
- update REVIEW_MODEL, ANTHROPIC_MODEL, ANTHROPIC_DEFAULT_OPUS_MODEL
  in ai-review.yml workflow
- aligns reviewer with AGY model catalog default

* chore(release): 7.38.0-dev.2 [skip ci]

* fix(hooks): add image analysis env vars for settings-based profiles (#484)

* chore(release): 7.38.0 [skip ci]

## [7.38.0](https://github.com/kaitranntt/ccs/compare/v7.37.1...v7.38.0) (2026-02-07)

### Features

* **release:** v7.38.0 - Extended Context, Qwen Models, Bug Fixes ([#480](https://github.com/kaitranntt/ccs/issues/480)) ([b454834](https://github.com/kaitranntt/ccs/commit/b4548341750804339c87c48259dd8741425d2acf)), closes [#472](https://github.com/kaitranntt/ccs/issues/472) [#474](https://github.com/kaitranntt/ccs/issues/474) [#103](https://github.com/kaitranntt/ccs/issues/103) [#478](https://github.com/kaitranntt/ccs/issues/478) [#482](https://github.com/kaitranntt/ccs/issues/482)

* fix(hooks): add image analysis env vars for settings-based profiles

Image analysis hook was injected into settings files for API profiles
but the CCS_IMAGE_ANALYSIS_* env vars were never set, causing the hook
to skip. Add getImageAnalysisHookEnv() call to both settings-based and
GLMT proxy execution paths, matching CLIProxy profile behavior.

Closes #440

* fix(hooks): add hook env vars to copilot executor

Copilot profile had same gap as settings-based profiles: hooks installed
but webSearch/imageAnalysis env vars and CCS_PROFILE_TYPE never set.
Add missing env var injection matching other profile flows.

---------

Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net>

* chore(release): 7.38.0-dev.3 [skip ci]

---------

Co-authored-by: Carlos Umanzor <cumanzor@gmail.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net>
2026-02-06 23:54:03 -05:00
kaitranntt d8f81b817e revert(ci): restore detailed AI review prompt structure
Reverts to the original guided output format with:
- Visual hierarchy with emojis and separators
- Priority tags (High/Medium/Low)
- Security and code quality checklists
- Ultrathink directive
- Reaction comments for /review triggers
- Model signature in review footer
2026-01-18 15:45:11 -05:00
kaitranntt 65c325d33e fix(ci): disable track_progress for workflow_dispatch events
track_progress is only supported for PR/issue events, not workflow_dispatch.
Made the setting conditional on event type.
2026-01-18 15:33:00 -05:00
kaitranntt a83a87bbc2 fix(ci): use placeholder API key to pass claude-code-action validation
claude-code-action validates that anthropic_api_key is non-empty before
running. CLIProxy ignores this value and uses ANTHROPIC_AUTH_TOKEN for
actual authentication.
2026-01-18 15:30:55 -05:00
kaitranntt bdfc40966a refactor(ci): simplify ai-review to vanilla claude-code-action
- Use anthropics/claude-code-action@v1 directly
- Remove ccs-reviewer wrapper dependency
- Match pr-review-comprehensive.yml pattern
- Keep CLIProxy env vars for model routing
- Restore comprehensive allowedTools for posting
2026-01-18 15:18:17 -05:00
kaitranntt 5e22547f3f refactor(ci): simplify ai-review to use claude-code-action directly
- Remove ccs-reviewer wrapper dependency
- Set ANTHROPIC_BASE_URL directly in env block
- Remove use_cliproxy input (no longer needed)
2026-01-18 14:58:36 -05:00
kaitranntt ac7b324d49 fix(ci): expand ai-review allowedTools to prevent token waste
- Add more allowed bash patterns: gh issue view, gh api, git commands
- Add base tools: Edit, LS for better flexibility
- Update prompt to write pr_review.md in working dir (not /tmp/)
- Add step to Read before Write to avoid security block
- Add explicit rules about avoiding shell operators (||, &&, <<)
- Allow rm pr_review.md for cleanup

Previous run had 9 tool rejections wasting ~5000 tokens due to:
- gh issue view not allowed (only gh pr view was)
- /tmp/ outside working directory
- Write without Read blocked
- Complex shell operators blocked
2026-01-14 13:31:18 -05:00
kaitranntt 7cfd3c1f9d fix(ci): add full CLIProxy env vars for AI review
- Use /api/provider/agy endpoint for proper model routing
- Set ANTHROPIC_DEFAULT_*_MODEL to route Haiku/Sonnet/Opus correctly
- Disable telemetry, error reporting, bug command
- Set max output/thinking tokens
2026-01-14 10:31:37 -05:00
kaitranntt e7dca480d3 fix(ci): add Write tool to allowedTools for PR comment posting
Root cause: Claude's allowedTools pattern matching is literal string
matching. Multiline content in --body breaks the `Bash(gh pr comment *)`
pattern. The Bash(cat *) pattern only matches reading, not writing with
redirection.

Changes:
- Add Write tool to allowedTools (enables temp file creation)
- Remove Bash(cat *) (not needed, Write replaces it)
- Update prompt to require Write + --body-file pattern
- Explicitly warn against inline --body with multiline content

Tested locally: Successfully posted comment using Write + --body-file
2026-01-14 10:06:05 -05:00
kaitranntt 0a27c6a12f fix(ci): expand allowedTools patterns for flexible comment posting
Add Bash(echo *) and Bash(cat *) patterns to allow heredocs and pipes.
This gives the AI reviewer flexibility to use any method for posting
multi-line review comments while remaining safe (shell-operator aware).
2026-01-13 16:43:39 -05:00
kaitranntt edec6f6df2 fix(ci): update allowedTools pattern to prevent token waste on retries
Changed pattern from `Bash(gh pr comment:*)` to `Bash(gh pr comment *)`
to match space-separated args. Updated prompt to discourage heredocs
and pipes which don't match the pattern, causing 6+ retry attempts.
2026-01-13 16:37:43 -05:00
kaitranntt 25d31ce432 fix(ci): prevent AI review self-cancellation with smart concurrency
Root cause: When the bot posts a review comment, GitHub fires an
issue_comment event that joins the same concurrency group and cancels
the in-progress run BEFORE job `if` conditions are evaluated.

Solution: Non-actionable triggers (bot comments, comments without
/review) get a unique per-run group via format('skip-{0}', github.run_id),
while legitimate triggers share the PR-based group for proper
cancellation of outdated reviews.
2026-01-13 16:03:02 -05:00
kaitranntt a2a13fb16e fix(ci): trigger AI review on follow-up commits to PR
- Add `synchronize` event to trigger on new commits pushed to PR
- Add `reopened` event to trigger when PR is reopened
- Update documentation comments to reflect new behavior
- Keep cancel-in-progress to prevent stale reviews

Fixes issue where AI review only ran on PR creation, requiring
manual /review comment for subsequent commits.
2026-01-13 15:52:18 -05:00
kaitranntt 4ef2d4848c fix(ci): simplify AI review workflow by disabling progress tracking
Root cause of cancellations was track_progress posting comments that
triggered new workflow runs. Instead of complex concurrency isolation,
simply disable progress tracking.

Changes:
- track_progress: false (no intermediate comments)
- Simple concurrency: ai-review-<PR_NUMBER>
- Removed extra bot filters (no longer needed)

Result: Clean PRs with just the final review comment.
2026-01-13 14:00:14 -05:00