Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 71 additions & 26 deletions .github/workflows/cli-skill-review-reusable.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ on:
description: "Pi model"
required: false
type: string
default: "xiaomi/mimo-v2.5"
default: "openrouter/fusion"
thinking_level:
description: "Pi thinking level"
required: false
Expand Down Expand Up @@ -123,38 +123,83 @@ jobs:
mkdir -p ~/.pi/skills
cp -R .cli-skill-infra/cli-skill ~/.pi/skills/

- name: Run Pi agent
- name: Create Pi configuration and run agent
if: ${{ steps.cli_scope.outputs.proceed == 'true' }}
id: pi
uses: shaftoe/pi-coding-agent-action@v2
env:
OPENROUTER_API_KEY: ${{ secrets.llm_token }}
with:
github_token: ${{ secrets.gh_token }}
LLM_TOKEN: ${{ secrets.llm_token }}
GH_TOKEN: ${{ secrets.gh_token }}
PI_MODEL: ${{ inputs.model }}
PI_THINKING_LEVEL: ${{ inputs.thinking_level }}
PI_COMMAND: ${{ inputs.command }}
PI_TARGET_PATH: ${{ inputs.target_path }}
run: |
set -euo pipefail

# Create Pi configuration file with OpenRouter fusion config as default
mkdir -p ~/.pi/config

# Generate Pi config with OpenRouter fusion plugins for analysis
cat > ~/.pi/config/pi.yaml <<EOF
provider: openrouter
model: ${{ inputs.model }}
token: ${{ secrets.llm_token }}
thinking_level: ${{ inputs.thinking_level }}
model: ${PI_MODEL}
thinking_level: ${PI_THINKING_LEVEL}
export_session_html: true
export_session_jsonl: true
prompt: |
Review this pull request. Before starting, use get_issue_or_pr_thread to
fetch any existing review comments so you don't duplicate feedback that
has already been given. Focus on issues, bugs, and security concerns.
Post your findings as a PR review when done.

Run ${{ inputs.command }} from the cli-skill in this repository.

Scope rules:
- If command is /cli-review, perform only CLI standard compliance checks.
- Use .cli-skill-infra/cli-skill/references/cli-standard.md as the sole review standard.

Repository target path: ${{ inputs.target_path }}
plugins:
- id: fusion
analysis_models:
- "~moonshotai/kimi-k2.7-code"
- "~deepseek/deepseek-v3.2"
- "~google/gemini-flash-latest"
model: "~moonshotai/kimi-k2.7-code"
EOF

# Run Pi agent with the specified prompt
pi --config ~/.pi/config/pi.yaml <<'PROMPT_EOF'
Review this pull request. Before starting, use get_issue_or_pr_thread to
fetch any existing review comments so you don't duplicate feedback that
has already been given. Focus on issues, bugs, and security concerns.
Post your findings as a PR review when done.

Run ${PI_COMMAND} from the cli-skill in this repository.

Scope rules:
- If command is /cli-review, perform only CLI standard compliance checks.
- Use .cli-skill-infra/cli-skill/references/cli-standard.md as the sole review standard.

Repository target path: ${PI_TARGET_PATH}

Output requirements:
- Follow the section structure defined in `.cli-skill-infra/cli-skill/references/cli-review-output-format.md` exactly.
- The overall score MUST be computed by running `python3 .cli-skill-infra/scripts/calculate_cli_score.py <json_file>` (fallback: `python3 scripts/calculate_cli_score.py <json_file>`) — do not calculate or estimate it manually.
- Keep findings evidence-based and standards-mapped.
PROMPT_EOF

# Extract session outputs from Pi result (adjust paths based on actual Pi output)
SESSION_HTML=$(find ~ -name "*.html" -path "*pi*session*" -type f | head -1 || echo "")
SESSION_JSONL=$(find ~ -name "*.jsonl" -path "*pi*session*" -type f | head -1 || echo "")

echo "session_html_path=${SESSION_HTML}" >> $GITHUB_OUTPUT
echo "session_jsonl_path=${SESSION_JSONL}" >> $GITHUB_OUTPUT
echo "success=true" >> $GITHUB_OUTPUT

- name: Build PR report from Pi output
if: ${{ steps.cli_scope.outputs.proceed == 'true' && steps.pi.outputs.session_jsonl_path != '' && inputs.post_pr_comment }}
id: report
run: |
set -euo pipefail
python3 .cli-skill-infra/scripts/build-pr-report.py "${{ steps.pi.outputs.session_jsonl_path }}" > pr_report.md
echo "report_path=pr_report.md" >> $GITHUB_OUTPUT

Output requirements:
- Follow the section structure defined in `.cli-skill-infra/cli-skill/references/cli-review-output-format.md` exactly.
- The overall score MUST be computed by running `python3 .cli-skill-infra/scripts/calculate_cli_score.py <json_file>` (fallback: `python3 scripts/calculate_cli_score.py <json_file>`) — do not calculate or estimate it manually.
- Keep findings evidence-based and standards-mapped.
- name: Upsert PR comment
if: ${{ steps.cli_scope.outputs.proceed == 'true' && steps.report.outputs.report_path != '' && inputs.pr_number != '' }}
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ inputs.pr_number }}
body-file: ${{ steps.report.outputs.report_path }}
edit-mode: replace
body-includes: "<!-- cli-review-report -->"

- name: Upload Pi session HTML artifact
if: ${{ steps.cli_scope.outputs.proceed == 'true' && steps.pi.outputs.session_html_path != '' }}
Expand Down
7 changes: 4 additions & 3 deletions cli-skill/commands/cli-review.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ CLI standard compliance review only.
1. Check for the existence of `cli-review/0-cli-discovery-preflight/`. If it does not exist, run `shared/cli-discovery-preflight.md`
2. Use preflight outputs from `cli-review/0-cli-discovery-preflight/`
3. Read `cli-skill/references/cli-standard.md` in full
4. **Phase 1 — Collect all findings (no severity yet).** Walk every rule in the standard. For each rule, check all CLI commands and flags. Record every violation as a plain list entry: `[clause] [evidence]`. Do not assign severity in this phase. Do not stop early. Complete the full standard before moving on.
5. Checkpoint: Before going to Phase 2, make sure that no duplicate findings are listed.
4. **Phase 1 — Collect all findings (no severity yet).** Walk every rule in the standard. For each rule, check all CLI commands and flags. Record every violation as a plain list entry: `[clause] [evidence] [reference to code] [reference to cli standard]`. Do not assign severity in this phase. Do not stop early. Complete the full standard before moving on.
5. Checkpoint: Before going to Phase 2, make sure that no duplicate findings are listed, DO THIS ONLY by analysing the `reference to code`.
6. **Phase 2 — Assign severity.** For each finding collected in Phase 1, assign exactly one severity (`High`, `Medium`, `Low`, or `Unrated`) using the rules in the `## Scope` section. Do not add or remove findings in this phase.
7. Build the score JSON `{"commands": <int>, "issues": [...]}` from the complete, severity-annotated list.
8. Resolve the scoring script path in this exact order and use the first existing path:
Expand Down Expand Up @@ -84,7 +84,7 @@ The `Compliance Matrix` section must include a table with these columns:

- `Standard Clause`
- `Rule Summary`
- `Evidence`
- `Evidence`, include the name of the relevant section of the cli standard by using `reference to cli standard`
- `Severity` (`High`, `Medium`, `Low`, or `Unrated`)
- `Notes`

Expand All @@ -100,6 +100,7 @@ Each finding:

1. Must include the violated clause from `cli-skill/references/cli-standard.md`
2. Must include concrete CLI evidence (command/help/code reference)
3. Must include links to the relevant sections of the CLI standard by using `reference to cli standard` and `https://github.com/canonical/cli-skill/blob/main/cli-skill/references/cli-standard.md` as a base URL
3. Should include whenever possible a remediation action that restores compliance
4. Cite the code block in markdown code format where the violation is detected

Expand Down
Loading