feat: code review action

gersmann · gersmann · commit 40a4cb409284 · 2025-09-14T10:30:53.000+02:00
diff --git a/.github/workflows/codex-autoreview.yml b/.github/workflows/codex-autoreview.yml
@@ -0,0 +1,34 @@
+name: Codex Autonomous Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  review:
+    name: Run Codex review
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout PR
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install codex from PyPI (system Python)
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install --upgrade codex-python
+
+      - name: Run Codex autonomous code review
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          CODEX_MODEL: gpt-5
+          CODEX_REASONING_EFFORT: medium
+          DEBUG_CODEREVIEW: 5
+        run: |
+          python3 scripts/codex_autoreview.py
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1,41 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+- `codex/` – Python package (public API in `__init__.py`, config, client, protocol models).
+- `crates/codex_native/` – PyO3 native extension built with maturin (pinned upstream deps).
+- `tests/` – `pytest` tests (`test_*.py`).
+- `scripts/` – codegen helpers (e.g., `generate_protocol_py.py`).
+- `.generated/ts/` – transient TypeScript protocol types. Do not commit hand edits.
+- Generated file: `codex/protocol/types.py` – do not edit; run `make gen-protocol`.
+
+## Build, Test, and Development Commands
+- Create venv: `make venv` then `. .venv/bin/activate`.
+- Format: `make fmt` (ruff format).
+- Lint: `make lint` (ruff check --fix + mypy).
+- Test: `make test` (pytest; skips if no native ext).
+- Build sdist/wheel: `make build` (uv build).
+- Native dev install: `make dev-native` (maturin develop or build+pip install).
+- Generate protocol: `make gen-protocol` (TS → Pydantic models).
+- Prebuild Linux wheels: `make wheelhouse-linux` (manylinux/musllinux via Docker).
+
+## Coding Style & Naming Conventions
+- Python 3.12+; type hints required. Line length target: 100.
+- Run `make fmt && make lint` before commits.
+- Ruff rules: `E,F,I,B,UP` (imports sorted). Mypy: strict-ish (no untyped defs).
+- Naming: modules `snake_case.py`, classes `PascalCase`, functions/vars `snake_case`.
+- Pydantic v2: prefer `BaseModel`; place `model_config = ConfigDict(extra='allow')` at class end.
+
+## Testing Guidelines
+- Framework: `pytest`. Test files: `tests/test_*.py`.
+- Write fast, deterministic tests; mock external I/O. Native-dependent tests already skip when the extension is unavailable.
+- Example: `uv run --group dev pytest -q` (or `make test`).
+
+## Commit & Pull Request Guidelines
+- Use Conventional Commits (e.g., `feat:`, `fix:`, `ci:`, `chore:`). Keep subject ≤72 chars.
+- PRs should include: clear description, linked issues, tests (or rationale), and docs/`CHANGELOG.md` updates when user‑visible.
+- Keep diffs focused; avoid touching generated files.
+
+## Security & Configuration Tips
+- Respect sandbox defaults; avoid introducing commands that assume unrestricted host access.
+- Publishing uses UV/PyPI tokens: `UV_PUBLISH_TOKEN` or `PYPI_API_TOKEN` (see `make publish`).
+- For local previews, you may set `CODEX_HOME` to a temp dir to isolate state.
diff --git a/Makefile b/Makefile
@@ -96,7 +96,7 @@ dev-native:
 #   pip install --only-binary=:all: --no-index --find-links wheelhouse codex-python
 # Requires Docker; for cross-arch builds ensure binfmt/qemu is enabled.
 # -----------------------------------------------------------------------------
-.PHONY: wheelhouse-linux wheelhouse-clean
+.PHONY: wheelhouse-linux wheelhouse-clean wheelhouse-linux-amd64 wheelhouse-linux-arm64 wheelhouse-musl-amd64 wheelhouse-musl-arm64
 
 WHEELHOUSE ?= wheelhouse
 MANYLINUX_X86 ?= quay.io/pypa/manylinux2014_x86_64
@@ -147,3 +147,43 @@ wheelhouse-linux: wheelhouse-clean
 		  $$P -m pip install -U pip maturin && \
 		  PATH=$$HOME/.cargo/bin:$$PATH $$P -m maturin build --release -m /io/crates/codex_native/Cargo.toml -i $$P --compatibility musllinux_1_2 -o /io/$(WHEELHOUSE)'
 	@echo "Wheelhouse contents:" && ls -al $(WHEELHOUSE)
+
+# Build only manylinux x86_64 (useful to avoid cross-arch emulation)
+wheelhouse-linux-amd64: wheelhouse-clean
+	@mkdir -p $(WHEELHOUSE)
+	docker run --rm --platform linux/amd64 -v "$(PWD)":/io $(MANYLINUX_X86) \
+		bash -lc 'set -e; (command -v curl >/dev/null 2>&1 || yum -y install curl); \
+		  curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal; \
+		  . $$HOME/.cargo/env; P=$$(ls -1 /opt/python/cp312*/bin/python | head -n1); \
+		  $$P -m pip install -U pip maturin; \
+		  PATH=$$HOME/.cargo/bin:$$PATH $$P -m maturin build --release -j $$(( $$(nproc) )) -m /io/crates/codex_native/Cargo.toml -i $$P -o /io/$(WHEELHOUSE)'
+
+# Build only manylinux aarch64 (fast on Apple Silicon; slow on x86_64)
+wheelhouse-linux-arm64: wheelhouse-clean
+	@mkdir -p $(WHEELHOUSE)
+	docker run --rm --platform linux/arm64 -v "$(PWD)":/io $(MANYLINUX_ARM) \
+		bash -lc 'set -e; (command -v curl >/dev/null 2>&1 || yum -y install curl); \
+		  curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal; \
+		  . $$HOME/.cargo/env; P=$$(ls -1 /opt/python/cp312*/bin/python | head -n1); \
+		  $$P -m pip install -U pip maturin; \
+		  PATH=$$HOME/.cargo/bin:$$PATH $$P -m maturin build --release -j $$(( $$(nproc) )) -m /io/crates/codex_native/Cargo.toml -i $$P -o /io/$(WHEELHOUSE)'
+
+# Build only musllinux x86_64 (Alpine)
+wheelhouse-musl-amd64: wheelhouse-clean
+	@mkdir -p $(WHEELHOUSE)
+	docker run --rm --platform linux/amd64 -v "$(PWD)":/io $(MUSLLINUX_X86) \
+		bash -lc 'set -e; (command -v curl >/dev/null 2>&1 || apk add --no-cache curl); \
+		  curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal; \
+		  . $$HOME/.cargo/env; P=$$(ls -1 /opt/python/cp312*/bin/python | head -n1); \
+		  $$P -m pip install -U pip maturin; \
+		  PATH=$$HOME/.cargo/bin:$$PATH $$P -m maturin build --release --compatibility musllinux_1_2 -j $$(( $$(nproc) )) -m /io/crates/codex_native/Cargo.toml -i $$P -o /io/$(WHEELHOUSE)'
+
+# Build only musllinux aarch64 (Alpine)
+wheelhouse-musl-arm64: wheelhouse-clean
+	@mkdir -p $(WHEELHOUSE)
+	docker run --rm --platform linux/arm64 -v "$(PWD)":/io $(MUSLLINUX_ARM) \
+		bash -lc 'set -e; (command -v curl >/dev/null 2>&1 || apk add --no-cache curl); \
+		  curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal; \
+		  . $$HOME/.cargo/env; P=$$(ls -1 /opt/python/cp312*/bin/python | head -n1); \
+		  $$P -m pip install -U pip maturin; \
+		  PATH=$$HOME/.cargo/bin:$$PATH $$P -m maturin build --release --compatibility musllinux_1_2 -j $$(( $$(nproc) )) -m /io/crates/codex_native/Cargo.toml -i $$P -o /io/$(WHEELHOUSE)'
diff --git a/scripts/codex_autoreview.py b/scripts/codex_autoreview.py
