Skip to content

ci: add agent reviewers #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MegaRedHand merged 19 commits into from
Jan 29, 2026
Merged

ci: add agent reviewers #64

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
174261f
feat: add claude settings turning off commit attribution
MegaRedHand Jan 28, 2026
6ca4528
ci: add ChatGPT reviewer
MegaRedHand Jan 28, 2026
1ea78de
ci: add Claude reviewer
MegaRedHand Jan 28, 2026
6d97b7d
ci: add Kimi reviewer
MegaRedHand Jan 28, 2026
cc6a8f5
ci: improve PR review workflows for ethlambda
MegaRedHand Jan 28, 2026
a8846f5
ci: fix chatgpt code review action parameters
MegaRedHand Jan 28, 2026
37f57c6
ci: bump checkout version and remove fetch-depth 0
MegaRedHand Jan 28, 2026
ec9c041
ci: bump claude-code-action to v1
MegaRedHand Jan 28, 2026
2228501
docs: add CLAUDE.md
MegaRedHand Jan 28, 2026
34c5f2f
ci: use official codex action
MegaRedHand Jan 29, 2026
ba4dd5a
ci: pre-fetch base and head refs
MegaRedHand Jan 29, 2026
2c9a41f
chore: remove chatgpt workflow
MegaRedHand Jan 29, 2026
448ecf8
ci: use claude-code for kimi code review
MegaRedHand Jan 29, 2026
e6efe70
Revert "ci: use claude-code for kimi code review"
MegaRedHand Jan 29, 2026
c6dc39f
Revert "chore: remove chatgpt workflow"
MegaRedHand Jan 29, 2026
85659d3
Revert "ci: pre-fetch base and head refs"
MegaRedHand Jan 29, 2026
b2fea8a
Revert "ci: use official codex action"
MegaRedHand Jan 29, 2026
6e7d7c2
ci: put Kimi review in collapsible section
MegaRedHand Jan 29, 2026
eb57870
ci: limit ChatGPT review pr diff to 100k chars
MegaRedHand Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .claude/settings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"attribution": {
"commit": "",
"pr": ""
}
}
20 changes: 20 additions & 0 deletions .github/prompts/pr_review.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
You are a senior code reviewer for ethlambda, a minimalist Lean Ethereum consensus client written in Rust.

Review this PR focusing on:
- Code correctness and potential bugs
- Security vulnerabilities (critical for blockchain code)
- Performance implications
- Rust best practices and idiomatic patterns
- Memory safety and proper error handling
- Code readability and maintainability

Consensus-layer considerations:
- Fork choice (LMD GHOST / 3SF-mini) correctness
- Attestation processing and validation
- Justification and finalization logic
- State transition functions (process_slots, process_block)
- XMSS signature verification and aggregation
- SSZ encoding/decoding correctness

Be concise and specific. Provide line references when suggesting changes.
If the code looks good, acknowledge it briefly.
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

- name: Setup Rust
uses: dtolnay/rust-toolchain@master
Expand All @@ -45,7 +45,7 @@ jobs:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

- name: Download test fixtures
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docker_publish.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v6

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
Expand Down
47 changes: 47 additions & 0 deletions .github/workflows/pr_review_chatgpt.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: PR Review - ChatGPT

on:
pull_request:
types: [opened, synchronize, reopened]
pull_request_review_comment:
Copy link
Copy Markdown

@github-actions github-actions Bot Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

General Feedback

The PR adds a new environment variable MAX_PATCH_LENGTH: 100000. This addition is not related to the core functionalities typically reviewed for consensus clients such as EthLambda. As such, the feedback will focus on the correctness of the integration, potential implications, and overall impact on system performance.

Code Correctness and Potential Bugs

  1. MAX_PATCH_LENGTH: Consider checking how this variable is used within the codebase. Ensure it does not cause unexpected behavior due to assumptions about input sizes. Large values could potentially interfere with memory allocation or performance where this parameter is utilized.

Security Vulnerabilities

  • No direct code handling Ethereum's core functionalities (e.g., fork choice, state transition) is seen in this PR snippet. Ensure that any environment variable like MAX_PATCH_LENGTH doesn't expose the system to buffer overflow or similar vulnerabilities by focusing on well-defined limits and ensuring safe handling of environment variables.

Performance Implications

  • Increasing MAX_PATCH_LENGTH to 100000 may have performance implications depending on how it's used. If it leads to larger allocations or more processing, you may experience performance degradation. Profile or test this change to ensure it doesn't negatively affect critical paths.

Rust Best Practices and Idiomatic Patterns

  • The snippet reviewed doesn't reveal Rust-specific implementation details ... Ensure that any change interacts with the Rust code in an idiomatic way, using the borrow checker and taking advantage of Rust's ownership model.

Memory Safety and Error Handling

  • As this change concerns an environment variable's integration, ensure that all environment variable accesses are safely handled using functions like std::env::var and proper error handling with Result types.

Code Readability and Maintainability

  • The small snippet provided demonstrates good readability in YAML formatting. Ensure the entirety of the code base maintains high standards of readability and that this variable is documented accordingly, giving context to its purpose.

Final Considerations

Without the rest of the codebase, it's crucial to analyze further how this change interacts with process_slots, process_block, or other core functions. Testing high-load scenarios will help determine if MAX_PATCH_LENGTH impacts memory consumption or processing times.

In conclusion, while this change is isolated, ensuring it integrates smoothly with the broader system operationally and performance-wise is crucial.

types: [created]
issue_comment:
types: [created]

permissions:
contents: read
pull-requests: write
Copy link
Copy Markdown

@github-actions github-actions Bot Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes made in the provided snippet appear to be focused on setting environment variables and updating the way parameters are passed to the model for a jobs setup. Here are my comments on the modifications and overall review guidelines:

  • Code Correctness & Potential Bugs: The change simplifies and standardizes the input parameters for the jobs setup. However, ensure that the case sensitivity of environment variable names like MODEL and PROMPT is handled correctly wherever they are used in other parts of the code.

  • Security Vulnerabilities: Ensure the OPENAI_API_KEY is securely handled and not logged or exposed. Always use secrets management best practices to protect sensitive information.

  • Performance Implications: There are no direct performance implications in the changes shown, as these are configuration settings for job execution.

  • Rust Best Practices & Idiomatic Patterns: This section of code does not directly pertain to Rust coding practices but focuses on CI/CD configuration. As such, Rust best practices are not applicable here.

  • Memory Safety & Proper Error Handling: Not applicable for this configuration modification, but ensure in the overall application that secrets and environment variables are not causing any unforeseen memory leaks or unsafe behavior.

  • Code Readability & Maintainability: The refactoring makes parameter names consistent and simplifies the configuration block. This change aids readability.

  • Consensus-layer Considerations: Not directly applicable. Ensure that any changes in the build/test pipeline maintain the integrity of tests related to consensus layer algorithms and logic.

  • SSZ Encoding/Decoding & Others: Ensure all state transition function tests are up-to-date with these config changes to catch any issues early in CI/CD.

Conclusion: While the changes here are minor and seem correct, it's important they are thoroughly tested with the broader application to ensure no environment configuration issues. Additional testing might be necessary beyond what is shown to maintain security and functionality integrity across the system.


concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
chatgpt-review:
name: ChatGPT Code Review
if: |
github.event_name == 'pull_request' ||
(github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '@chatgpt')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@chatgpt'))
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Read review prompt
id: prompt
run: |
PROMPT=$(cat .github/prompts/pr_review.md)
echo "content<<EOF" >> $GITHUB_OUTPUT
echo "$PROMPT" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- name: ChatGPT Code Review
uses: anc95/ChatGPT-CodeReview@6fdbaeafc6f9e0eaebb844f8cfafff67cb2947f0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Copy link
Copy Markdown

@github-actions github-actions Bot Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Comments

Code Correctness & Potential Bugs

  • The transition from using openai/codex-action to anc95/ChatGPT-CodeReview should ensure that the correct environment variables and API configurations are maintained. Verify that OPENAI_API_KEY is properly scoped and won't hit request limits inadvertently due to any possible misconfiguration.

Security Vulnerabilities

  • Storing secrets such as OPENAI_API_KEY and GITHUB_TOKEN in GitHub Actions is a common practice, but it's crucial to ensure these secrets are not exposed or logged in the output. Always review the action logs for any accidental secret disclosure.

Performance Implications

  • Using the anc95/ChatGPT-CodeReview action appears simpler, but review the performance implications such as API response time especially with the increase in model complexity. Ensure that usage fits within any rate limits imposed by OpenAI.

Rust Best Practices & Idiomatic Patterns

  • This PR only modifies the GitHub Actions workflow without any Rust code change. Therefore, no Rust-specific idiomatic patterns were assessed.

Memory Safety & Proper Error Handling

  • Ensure that there is appropriate error handling and logging around API calls, especially during network failure or unexpected responses from the API.

Code Readability & Maintainability

  • The PR improves maintainability by simplifying the actions, however, please add comments to describe the high-level steps of the new workflow for easier understanding to other maintainers.

Consensus-layer Considerations

  • Since this PR only affects GitHub Actions, consensus-layer considerations such as fork choice correctness and attestation processing do not apply here. However, make sure changes do not disrupt any existing release workflows critical for these components.

Overall, this PR introduces a cleaner and potentially more effective way to handle code reviews via automated workflows. Please ensure all preconditions (e.g., the existence of files and correct secrets configuration) are thoroughly checked and validated prior to merging.

OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
MODEL: gpt-4o
LANGUAGE: English
max_tokens: 4096
PROMPT: ${{ steps.prompt.outputs.content }}
49 changes: 49 additions & 0 deletions .github/workflows/pr_review_claude.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: PR Review - Claude

on:
pull_request:
types: [opened, synchronize, reopened]
pull_request_review_comment:
types: [created]
issue_comment:
types: [created]

permissions:
contents: read
pull-requests: write
issues: write
id-token: write

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
claude-review:
name: Claude Code Review
if: |
github.event_name == 'pull_request' ||
(github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Read review prompt
id: prompt
run: |
PROMPT=$(cat .github/prompts/pr_review.md)
echo "content<<EOF" >> $GITHUB_OUTPUT
echo "$PROMPT" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- name: Claude Code Review
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--max-turns 5
--model claude-sonnet-4-20250514
trigger_phrase: "@claude"
prompt: ${{ steps.prompt.outputs.content }}
116 changes: 116 additions & 0 deletions .github/workflows/pr_review_kimi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
name: PR Review - Kimi

on:
pull_request:
types: [opened, synchronize, reopened]
pull_request_review_comment:
types: [created]
issue_comment:
types: [created]

permissions:
contents: read
pull-requests: write

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
kimi-review:
name: Kimi Code Review
if: |
github.event_name == 'pull_request' ||
(github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '@kimi')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@kimi'))
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Read review prompt
id: prompt
run: |
PROMPT=$(cat .github/prompts/pr_review.md)
echo "content<<EOF" >> $GITHUB_OUTPUT
echo "$PROMPT" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- name: Get PR diff
id: diff
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh pr diff ${{ github.event.pull_request.number }} > pr_diff.txt
# Truncate if too large (Kimi has context limits)
head -c 100000 pr_diff.txt > pr_diff_truncated.txt

- name: Kimi Code Review
id: kimi_review
env:
KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }}
PR_TITLE: ${{ github.event.pull_request.title }}
REVIEW_PROMPT: ${{ steps.prompt.outputs.content }}
run: |
if [ -z "$KIMI_API_KEY" ]; then
echo "Error: KIMI_API_KEY secret is not set" > kimi_review.txt
exit 0
fi

DIFF_CONTENT=$(cat pr_diff_truncated.txt)

# Build the request body
REQUEST_BODY=$(jq -n \
--arg diff "$DIFF_CONTENT" \
--arg title "$PR_TITLE" \
--arg prompt "$REVIEW_PROMPT" \
'{
"model": "moonshot-v1-128k",
"messages": [
{
"role": "system",
"content": $prompt
},
{
"role": "user",
"content": ("PR Title: " + $title + "\n\nDiff:\n" + $diff)
}
],
"temperature": 0.3,
"max_tokens": 4096
}')

# Try the API call
HTTP_RESPONSE=$(curl -s -w "\n%{http_code}" https://api.moonshot.ai/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $KIMI_API_KEY" \
-d "$REQUEST_BODY")

HTTP_CODE=$(echo "$HTTP_RESPONSE" | tail -n1)
RESPONSE=$(echo "$HTTP_RESPONSE" | sed '$d')

if [ "$HTTP_CODE" != "200" ]; then
echo "API Error (HTTP $HTTP_CODE): $RESPONSE" > kimi_review.txt
else
# Check for API errors in response
ERROR=$(echo "$RESPONSE" | jq -r '.error.message // empty')
if [ -n "$ERROR" ]; then
echo "API Error: $ERROR" > kimi_review.txt
else
REVIEW=$(echo "$RESPONSE" | jq -r '.choices[0].message.content // "Error: Unexpected API response"')
echo "$REVIEW" > kimi_review.txt
fi
fi

- name: Post review comment
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
REVIEW_CONTENT=$(cat kimi_review.txt)

gh pr comment ${{ github.event.pull_request.number }} --body "## Kimi AI Code Review

$REVIEW_CONTENT

---
*Automated review by Kimi (Moonshot AI)*"
Loading
Loading