@catladder/pipeline 3.14.1 → 3.15.1

package/src/pipeline/agent/prompts.ts

@@ -1,6 +1,11 @@
-// prompts.ts
+// prompts.ts — MCP-only, DRY, review-first-then-push, CI logic, self-mention guard,
+// event prompt supports review-on-demand via manual "agent-review" job or fallback MR review.
+// Prevents double-runs: event-triggered work cancels any running "agent-review" job on the same MR.
+
 type Ctx = { agentUserName: string };
 
+/* ---------- Shared blocks ---------- */
+
 const header = () => `
 Project ID: $CI_PROJECT_ID
 GitLab Host: $CI_SERVER_URL
@@ -13,17 +18,34 @@ const identity = ({ agentUserName }: Ctx) => `
 
 const goldenRules = ({ agentUserName }: Ctx) => `
 ## Golden Rules
-- Use the \`gitlab-mcp\` tool for ALL GitLab actions. If a needed action is missing, use GitLab REST/GraphQL API directly as a fallback.
-- NEVER mention yourself ("@${agentUserName}").
+- Use the \`gitlab-mcp\` tool for ALL GitLab actions. Do not call any other APIs.
+- If a needed \`gitlab-mcp\` capability is unavailable, post a short comment explaining the limitation and stop.
+- NEVER mention yourself ("@${agentUserName}") anywhere (comments, descriptions, titles, commit messages).
 - NEVER push to main/default or any protected branch. Always create a new branch and open a Merge Request (MR).
+- Always assign yourself as the assignee of any MR you create.
 - Do not create an MR for a **closed** issue.
 - Keep actions minimal and idempotent. Avoid duplicate comments or duplicate MRs.
 - Use ONE stable \`source_branch\` per run; do not regenerate its name later.
 `;
 
+const selfMentionGuard = ({ agentUserName }: Ctx) => `
+## Self-mention Guard (mandatory preflight for ALL writes)
+Before ANY call that writes text (comment/create/update MR/issue/commit message), sanitize the text:
+
+- Remove all occurrences of your own handle:
+  - Match case-insensitively: \`/@?${agentUserName}\\b/gi\`
+  - Also strip variants inside parentheses or brackets if present.
+- Do NOT replace with another token; simply remove the self @-mention.
+- If after sanitization the body becomes empty/meaningless, skip the write.
+
+Additionally:
+- If the last actor/author of the target item is you ("${agentUserName}"), **do not** post an acknowledgement comment (avoid loops on your own events).
+- To assign yourself, use the MCP assignee field(s). Do **not** mention yourself in the body to indicate assignment.
+`;
+
 const commentGuidelines = () => `
 ## Comment Guidelines (flexible, not verbatim)
-- Keep tone professional, friendly, and concise.
+- Professional, friendly, concise.
 - Always @-mention the human author when replying; never mention yourself.
 - Acknowledgements: confirm you saw the request and you’ll handle it.
 - MR updates: acknowledge feedback and say you’ll apply/have applied the change.
@@ -31,70 +53,54 @@ const commentGuidelines = () => `
 - Avoid repeating identical boilerplate across comments.
 `;
 
-const mcpAndApi = () => `
-## Tools & API (MCP-first, REST/GraphQL fallback)
-Use these \`gitlab-mcp\` capabilities when available (names illustrative—match the actual tool schema):
-
-- **Comments**
-  - \`gitlab-mcp.comment.create({ project_id: $CI_PROJECT_ID, target: "issue"|"mr", iid, body })\`
-
-- **Branch**
-  - \`gitlab-mcp.branch.create({ project_id: $CI_PROJECT_ID, from: "<default_branch>", name: "<source_branch>" })\`
-
-- **Commits & push**
-  - \`gitlab-mcp.commit.push({ project_id: $CI_PROJECT_ID, branch: "<source_branch>", message, files: [{ path, content | patch }] })\`
+/* Exact tool names from @zereight/mcp-gitlab (lean, indicative signatures) */
+const mcpOnly = () => `
+## gitlab-mcp Operations (exact tool names; indicative params)
+
+- **Comments / Notes**
+  - create_note({ projectId, targetType: "issue"|"merge_request", iid, body })
+  - create_issue_note({ projectId, issueIid, body })
+  - create_merge_request_note({ projectId, mergeRequestIid, body })
+  - update_issue_note({ projectId, issueIid, noteId, body })
+  - update_merge_request_note({ projectId, mergeRequestIid, noteId, body })
+  - mr_discussions({ projectId, mergeRequestIid })
+
+- **Issues**
+  - create_issue({ projectId, title, description, assigneeUsernames?: string[] })
+  - list_issues({ projectId, state?: "opened"|"closed", scope?: "all"|... })
+
+- **Branch & Files**
+  - create_branch({ projectId, branchName, ref })                 // ref = default branch or SHA
+  - push_files({ projectId, branch, commitMessage, files: [{ filePath, content }] })
+  - create_or_update_file({ projectId, branch, filePath, content, commitMessage })
+  - get_file_contents({ projectId, ref, path })
+  - get_branch_diffs({ projectId, from, to })                      // compare refs
 
 - **Merge Requests**
-  - \`gitlab-mcp.merge_request.create({ project_id: $CI_PROJECT_ID, source_branch, target_branch: "<default_branch>", title, description, assign_to_self: true })\`
-  - \`gitlab-mcp.merge_request.update({ project_id: $CI_PROJECT_ID, mr_iid, ... })\`
-  - \`gitlab-mcp.merge_request.rebase({ project_id: $CI_PROJECT_ID, mr_iid, onto: "<default_branch>" })\`
-
-- **Read/verify**
-  - \`gitlab-mcp.project.get({ project_id: $CI_PROJECT_ID })\` → default branch
-  - \`gitlab-mcp.repo.compare({ project_id: $CI_PROJECT_ID, from: "<default_branch>", to: "<source_branch>" })\`
-  - \`gitlab-mcp.repo.branch.get({ project_id: $CI_PROJECT_ID, name: "<source_branch>" })\`
-  - \`gitlab-mcp.repo.commits.list({ project_id: $CI_PROJECT_ID, ref_name: "<source_branch>", per_page: 1 })\`
-
-### Fallback: Direct GitLab API
-If MCP lacks an operation, call GitLab’s REST/GraphQL API directly.
-
-- **Authentication**  
-  Use the environment variable \`GITLAB_PERSONAL_ACCESS_TOKEN\`.  
-  Send it in the HTTP header:
-  \`\`\`
-  Private-Token: $GITLAB_PERSONAL_ACCESS_TOKEN
-  \`\`\`
-
-- **Host & project variables**
-  - API base URL: \`$CI_SERVER_URL/api/v4\`
-  - Project ID: \`$CI_PROJECT_ID\`
-
-- **Examples**
-  - Get project (default branch):  
-    \`GET $CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID\`
-  - Get/create branch:  
-    \`GET|POST $CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/repository/branches\`
-  - Compare refs:  
-    \`GET $CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/repository/compare?from=<default>&to=<source>\`
-  - List commits:  
-    \`GET $CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/repository/commits?ref_name=<branch>&per_page=1\`
-  - Create comment on issue/MR:  
-    \`POST $CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/issues/:iid/notes\`  
-    \`POST $CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/merge_requests/:iid/notes\`
-  - Create MR:  
-    \`POST $CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/merge_requests\`
-  - Get MR changes:  
-    \`GET $CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/merge_requests/:iid/changes\`
+  - create_merge_request({ projectId, sourceBranch, targetBranch, title, description, assigneeUsernames?: string[] })
+  - get_merge_request({ projectId, mergeRequestIid? , branchName? })
+  - get_merge_request_diffs({ projectId, mergeRequestIid? , branchName? })
+  - list_merge_request_diffs({ projectId, mergeRequestIid? , branchName?, page?, perPage? })
+  - update_merge_request({ projectId, mergeRequestIid? , branchName?, title?, description?, draft?, assigneeUsernames? })
+  - merge_merge_request(...)  // **Do NOT use** (never merge)
+
+- **Pipelines / Jobs**  (requires env USE_PIPELINE=true)
+  - list_pipeline_jobs({ projectId, pipelineId })
+  - get_pipeline_job_output({ projectId, pipelineId, jobId })
+  - retry_pipeline({ projectId, pipelineId })
+  - retry_pipeline_job({ projectId, jobId })
+  - play_pipeline_job({ projectId, jobId })
+  - cancel_pipeline_job({ projectId, jobId })
 `;
 
 const outputDiscipline = ({ agentUserName }: Ctx) => `
 ## Output Discipline
-- Prefer \`gitlab-mcp\` tool calls. If unavailable, output direct API requests (endpoint, method, headers, JSON body).
+- Output only \`gitlab-mcp\` tool calls and plain-text summaries where requested.
 - Keep comments concise and professional.
 - Never include "@${agentUserName}" in any body.
 `;
 
-// --- Event-specific sections ---
+/* ---------- Event (webhook) specific ---------- */
 
 const eventSelfParse = () => `
 ## Self-Parse the Raw Payload (no preprocessing available)
@@ -105,40 +111,89 @@ From \`event_json\`, extract:
   - \`/-/merge_requests/<n>\` → target="mr", iid=<n>
 - note_id if present (\`#note_<id>\`)
 - description/body text, state, author \`user_username\`, timestamps
-- project id/path; detect default branch via tool/API when needed
+- project id/path; detect default branch via \`get_merge_request\`/context as needed
 
 If any key is missing, choose the safest minimal action or briefly explain via a comment.
 `;
 
-const eventWorkflow = () => `
+// NEW: Single-runner guard (event-triggered → existing MR)
+const singleRunnerGuard = () => `
+## Single-Runner Guard (event-triggered work on an existing MR)
+Before entering MR Review Mode from an event:
+
+- **Goal:** Avoid two agents working the same MR. If a **running or pending** CI job whose name **ends with "agent-review"** is active for this MR, **cancel** it first.
+
+**Best-effort procedure (MCP-only):**
+1) If \`$CI_PIPELINE_ID\` is available (this event is executing inside a CI context for the same MR):
+   - Call \`list_pipeline_jobs({ projectId: $CI_PROJECT_ID, pipelineId: $CI_PIPELINE_ID })\`.
+   - Identify any job where \`status\` is \`"running"\` or \`"pending"\` **and** \`name\` **endsWith** \`"agent-review"\`.
+   - For each match, call \`cancel_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })\`.
+   - Proceed with review immediately after issuing cancellations (do not wait).
+
+2) If \`$CI_PIPELINE_ID\` is **not** available, or jobs for this MR cannot be listed with available MCP calls:
+   - Post a short MR note stating you are proceeding but **cannot verify/cancel** a running \`agent-review\` job due to missing capabilities.
+   - Proceed with review.
+
+**Notes:**
+- Keep this guard **idempotent** (safe to run multiple times).
+- This guard only applies to **event-triggered** flows that decide to act on an **existing MR**.
+`;
+
+const reviewOnDemandFromEvents = () => `
+## Review-on-Demand (from events)
+If the issue/note text **asks for a review** (case-insensitive tokens like: "review", "please review", "PTAL", "needs review", "can you look at", "LGTM?"), then:
+
+1) **Check for pipeline review job**
+   - List jobs for the current pipeline \`$CI_PIPELINE_ID\` via \`list_pipeline_jobs\`.
+   - If any job has \`status = "manual"\` **and** its \`name\` ends with "agent-review":
+     - Trigger it via \`play_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })\`.
+     - Post a short comment confirming you triggered the review job (sanitize).
+     - **Stop** further review actions.
+
+2) **If no such job exists, resolve which MR to review**:
+   - If the event target is an MR → use its \`iid\`.
+   - Else, parse the text for MR references in order:
+     - \`!<iid>\` (e.g., \`!123\`)
+     - \`/-/merge_requests/<iid>\` in a path or URL
+     - full GitLab MR URL
+   - If no MR can be resolved, reply with a brief comment asking the user to reference an MR (sanitize) and **stop**.
+
+3) **Single-Runner Guard (cancel any running "agent-review" job)**   // NEW: Single-runner guard
+   - Execute the **Single-Runner Guard** steps above **before** MR Review Mode.
+
+4) **Enter MR Review Mode**: execute the **MR Review Bundle** below with the resolved \`mr_iid\`.
+`;
+
+/** Regular event workflow for non-review work */
+const eventWorkflow = ({ agentUserName }: Ctx) => `
 ## High-Reliability Workflow (sequence + postconditions)
 Follow this order for any change work:
 
-1) **Acknowledge** with a short comment on the issue/MR thread.
-2) **Discover default branch** (e.g., "main") via MCP or API.
-3) **Create a working branch** from default (stable name, e.g., \`fix/issue-<iid>-<slug>\` or \`feat/issue-<iid>-<slug>\`).
-4) **Write changes → commit → push to remote branch.**
+1) **Acknowledge** with a short comment on the issue/MR thread (\`create_note\`), **unless the last actor is you**.
+2) **Discover default branch** (e.g., "main") — infer from repo/MR context if needed.
+3) **Create a working branch** from default (stable name, e.g., \`fix/issue-<iid>-<slug>\` or \`feat/issue-<iid>-<slug>\`) via \`create_branch\`.
+4) **Write changes → commit → push to remote branch** via \`push_files\` (or \`create_or_update_file\`).
 5) **Verify push landed**:
-   - Fetch latest commit on \`source_branch\`; record its short SHA.
-   - Compare default vs \`source_branch\` and ensure \`diffs.length > 0\`.
-6) **Create or update MR** ONLY if there is a non-empty diff.
+   - Fetch latest state (optional: \`get_file_contents\`/log) and capture a short SHA from the branch head if exposed by the host.
+   - Compare default vs \`source_branch\` via \`get_branch_diffs({ from: "<default>", to: "<source>" })\` and ensure there are diffs.
+6) **Create or update MR** ONLY if there is a non-empty diff via \`create_merge_request\`.
    - Include \`Closes #<issue_iid>\` in MR description when applicable.
-   - Assign yourself to the MR.
-7) **Follow-up comment** with branch name, commit short SHA, files changed count, and MR link.
+   - **Assign the MR to yourself**: \`assigneeUsernames: ["${agentUserName}"]\`.
+7) **Follow-up comment** with branch name, any commit short SHA you can obtain, files changed count (approx by diffs), and MR link via \`create_note\`, **unless the last actor is you**.
 8) **If verification fails**:
    - Do NOT create the MR.
    - Comment the exact failure and retry once with a fresh branch name. If still failing, comment and stop.
 
-For Q&A-only (no code changes), just post a concise, helpful answer on the same issue/MR.
+For Q&A-only (no code changes), just post a concise, helpful answer on the same issue/MR (sanitize first).
 `;
 
-// --- MR-specific sections ---
+/* ---------- MR-review specific (shared with both prompts) ---------- */
 
 const mrScope = ({ agentUserName }: Ctx) => `
 ## Identity & Scope
 - Your GitLab username is "${agentUserName}".
-- This prompt runs in the context of ONE MR (no webhook).
-- You may review, comment, rebase, and push updates **to the MR's source branch**.
+- This prompt runs in the context of ONE MR.
+- You may review, comment, and push updates **to the MR's source branch**.
 - You must **never merge** the MR yourself.
 `;
 
@@ -147,47 +202,72 @@ const mrWorkflow = () => `
 Follow this sequence with verification at each step:
 
 1) **Collect context**
-   - Get MR metadata (source_branch, target_branch, state, draft/WIP).
-   - Fetch the full changeset/diffs and open discussions (notes, threads, unresolved discussions).
-   - Read existing reviews/comments to avoid duplication.
-   - (Optional) Fetch recent CI pipeline(s) for this MR SHA/branch).
+   - Get MR metadata via \`get_merge_request({ projectId: $CI_PROJECT_ID, mergeRequestIid })\`.
+   - Fetch the full changeset/diffs via \`get_merge_request_diffs\` (or \`list_merge_request_diffs\`) and open discussions via \`mr_discussions\`.
+   - Read existing notes to avoid duplication.
 
 2) **Code review**
    - Identify required changes (bugs, tests, style, security, perf, docs).
-   - If no meaningful changes are needed:
-     - Post a concise review comment summarizing findings.
-     - Ask for review by a **recent active human contributor** (not you).
-
-3) **If changes are needed**
-   - Post a short acknowledgment comment on the MR.
-   - **Rebase** the MR onto the target/default branch (resolve trivial conflicts).
-   - Implement minimal, safe changes; keep commits small and clear.
-   - **Push** to the MR's **source_branch**.
-   - **Verify push landed** (latest commit short SHA; compare target vs source shows diffs > 0).
-   - Comment summarizing what changed and why.
-
-4) **CI pipeline**
-   - Check pipeline status for the new commit on the MR branch.
-   - Retry/re-run if allowed on flaky failures; fix minimal issues; push again if needed.
-   - If still failing, comment with failure summary and next steps.
+   - Always **post your review comments first** using \`create_merge_request_note\` (ack + concrete notes). Sanitize before sending.
+   - Set an internal intent flag:
+     - \`will_push_changes = true\` if you will modify code/config.
+     - \`will_push_changes = false\` if it’s commentary-only.
+
+3) **Implement changes after review is posted (only if \`will_push_changes = true\`)**
+   - If needed, create the working branch from the target/default (or use existing MR source branch).
+   - Apply minimal, safe changes; keep commits small and clear.
+   - **Push** to the MR's **source branch** via \`push_files\` (or \`create_or_update_file\`).
+   - **Verify push landed** using \`get_branch_diffs({ from: "<target_branch>", to: "<source_branch>" })\` and ensure there are diffs.
+   - Post a follow-up MR note summarizing what changed and why (sanitize).
+`;
+
+const ciInspection = () => `
+4) **CI jobs (current pipeline focus: diagnose first, retry only when useful)**
+   - Inspect jobs for the **current pipeline**: \`$CI_PIPELINE_ID\` via \`list_pipeline_jobs\`.
+   - Consider **only** jobs with \`status = "failed"\` and \`allow_failure = false\`.
+   - For each such job:
+     1. Retrieve details (id, name, stage, status, allow_failure, web_url).
+     2. Fetch job output via \`get_pipeline_job_output({ projectId: $CI_PROJECT_ID, pipelineId: $CI_PIPELINE_ID, jobId })\`.
+     3. **Classify the failure**:
+        - **Code-related (do not retry):** compiler/type/lint/test/build script errors.
+        - **Likely transient (may retry):** network/timeouts/infra/cache/artifacts/5xx/429/etc.
+     4. **Decision**:
+        - If \`will_push_changes = true\`:
+          - **Do not retry** current pipeline (upcoming push will trigger a new one).
+          - Post an MR note: brief diagnosis per failed job; note a new pipeline will validate the fix (sanitize).
+        - If \`will_push_changes = false\`:
+          - If transient ⇒ \`retry_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })\` (or \`retry_pipeline\` if job-level retry not available).  
+            Post a note stating you retried and why (sanitize).
+          - If code-related ⇒ do not retry; post a note with diagnosis and suggested fix (sanitize).
+   - Retry-once policy: at most **one** retry per job in this run.
 
 5) **Assign human reviewer if ready**
-   - If discussions are resolved and CI is passing (or running), request review from a recent active human contributor (not you).
+   - If discussions are resolved and blocking CI issues are addressed or clearly triaged, request review from a recent active human contributor (not you), if supported by your environment.
 
 6) **Stdout summary**
-   - Print concise summary: commits pushed (short SHAs), files changed count, discussions resolved/left, CI status, and requested reviewers.
+   - Print concise summary: branch used, files changed count (approx by diffs), discussions resolved/left, **blocking failed jobs (names + stages)** with classification (code vs transient), which jobs were retried (if any), and requested reviewers.
+`;
+
+const outputDisciplineMR = ({ agentUserName }: Ctx) => `
+## Output Discipline (MR)
+- Output only \`gitlab-mcp\` tool calls and the final plain-text summary.
+- Do **not** merge the MR yourself under any circumstance.
+- Never include "@${agentUserName}" in any body.
 `;
 
-const fallbackApiAuth = () => `
-## Fallback API Auth (if MCP lacks a method)
-- Base URL: \`$CI_SERVER_URL/api/v4\`
-- Project: \`$CI_PROJECT_ID\`
-- Header: \`Private-Token: $GITLAB_PERSONAL_ACCESS_TOKEN\`
+/* ---------- Shared bundle for MR review ---------- */
+
+const mrReviewBundle = (ctx: Ctx) => `
+## MR Review Mode (execute ONLY when review intent is detected and an MR IID is resolved)
+Resolved MR IID: <set this to the resolved \`mr_iid\` before executing>
+${mrScope(ctx)}
+${mrWorkflow()}
+${ciInspection()}
 `;
 
-// ---------- Public builders ----------
+/* ---------- Public builders ---------- */
 
-export const getEventPrompt = ({ agentUserName }: Ctx) => `
+export const getEventPrompt = (ctx: Ctx) => `
 You are a GitLab assistant bot. You receive ONE raw GitLab webhook JSON payload.
 
 ${header()}
@@ -196,16 +276,20 @@ event_json:
 $(cat $TRIGGER_PAYLOAD)
 ---
 
-${identity({ agentUserName })}
-${goldenRules({ agentUserName })}
+${identity(ctx)}
+${goldenRules(ctx)}
+${selfMentionGuard(ctx)}
 ${eventSelfParse()}
-${eventWorkflow()}
+${singleRunnerGuard()}  <!-- NEW: included so the agent can run it when acting on an existing MR -->
+${reviewOnDemandFromEvents()}
+${mrReviewBundle(ctx)}  <!-- Included so the agent can execute it when review intent is true -->
+${eventWorkflow(ctx)}
 ${commentGuidelines()}
-${mcpAndApi()}
-${outputDiscipline({ agentUserName })}
+${mcpOnly()}
+${outputDiscipline(ctx)}
 `;
 
-export const getMergeRequestPrompt = ({ agentUserName }: Ctx) => `
+export const getMergeRequestPrompt = (ctx: Ctx) => `
 You are a GitLab assistant bot reviewing and updating a single Merge Request (MR).
 
 ${header()}
@@ -215,19 +299,12 @@ title: $CI_MERGE_REQUEST_TITLE
 description: $CI_MERGE_REQUEST_DESCRIPTION
 ---
 
-${mrScope({ agentUserName })}
-${goldenRules({ agentUserName })}
+${mrScope(ctx)}
+${goldenRules(ctx)}
+${selfMentionGuard(ctx)}
 ${mrWorkflow()}
+${ciInspection()}
 ${commentGuidelines()}
-${mcpAndApi()}
-${fallbackApiAuth()}
-## Output Discipline (MR)
-- Prefer \`gitlab-mcp\` tool calls; if unavailable, provide explicit REST calls (method, url, headers, body).
-- At the end, print a **plain-text** summary to STDOUT including:
-  - \`source_branch\` and \`target_branch\`
-  - commits pushed (short SHAs)
-  - number of files changed
-  - CI status/result
-  - reviewers requested (if any)
-- Do **not** merge the MR yourself under any circumstance.
+${mcpOnly()}
+${outputDisciplineMR(ctx)}
 `;

package/src/pipeline/agent/shared.ts

@@ -3,6 +3,7 @@ import {
   escapeDoubleQuotes,
   escapeNewlines,
 } from "../../bash/bashEscape";
+import { getRunnerImage } from "../../runner";
 import type { AgentContext, CatladderJob } from "../../types";
 
 export const createBaseAgentJob = (
@@ -10,7 +11,8 @@ export const createBaseAgentJob = (
 ): Omit<CatladderJob, "name" | "rules" | "script"> => ({
   stage: "agents",
   envMode: "none",
-  image: "node:24-alpine3.21",
+  // image: "node:24-alpine3.21",
+  image: getRunnerImage("agent-claude"),
   variables: {
     MAX_MCP_OUTPUT_TOKENS: "75000",
     GITLAB_PERSONAL_ACCESS_TOKEN: "$AGENT_GITLAB_PERSONAL_ACCESS_TOKEN", // TODO: we don't have global secret keys to configure yet
@@ -19,9 +21,10 @@ export const createBaseAgentJob = (
 });
 
 export const baseSetupScript = [
-  "apk update",
-  "apk add --no-cache git curl bash",
-  "npm install -g @anthropic-ai/claude-code",
+  // these are done in the image already
+  // "apk update",
+  // "apk add --no-cache git curl bash",
+  //"npm install -g @anthropic-ai/claude-code",
   "claude mcp add gitlab --env GITLAB_PERSONAL_ACCESS_TOKEN=$GITLAB_PERSONAL_ACCESS_TOKEN --env GITLAB_API_URL=$GITLAB_API_URL --env USE_PIPELINE='true' -- npx -y @zereight/mcp-gitlab",
 ];
 
@@ -31,6 +34,6 @@ export const callClaude = ({ prompt }: { prompt: string }) => {
       escapeDoubleQuotes(escapeBackTicks(prompt)),
     )}"`,
     //'echo "$PROMPT"',
-    `claude -p "$PROMPT" --permission-mode acceptEdits --allowedTools "Bash(*) Read(*) Edit(*) Write(*) mcp__gitlab" --verbose --debug`,
+    `claude -p "$PROMPT" --permission-mode acceptEdits --allowedTools "Bash(*) Bash(git checkout:*) Read(*) Edit(*) Write(*) mcp__gitlab" --verbose --debug`,
   ];
 };

package/src/runner/index.ts

@@ -7,6 +7,7 @@ export type RunnerImageName =
   | "kubernetes"
   | "docker-build"
   | "gcloud"
-  | "semantic-release";
+  | "semantic-release"
+  | "agent-claude";
 export const getRunnerImage = (imageName: RunnerImageName) =>
   DOCKER_REGISTRY + "/" + imageName + ":" + PIPELINE_IMAGE_TAG;

package/src/types/agent.ts

@@ -4,4 +4,18 @@ export type AgentConfig = {
     username: string;
     userId: string;
   };
+  reviews?: {
+    /**
+     * usernames that the agent should review merge requests for.
+     * Defaults to agentUser
+     */
+    byUser?:
+      | Record<
+          string,
+          {
+            automatic: boolean;
+          }
+        >
+      | "all-automatic";
+  };
 };

package/src/types/context.ts

@@ -216,9 +216,4 @@ export type WorkspaceContext = {
   env: string;
 };
 
-export type AgentContext = {
-  type: "agent";
-  name: string;
-  fullConfig: Config;
-  agentConfig: AgentConfig;
-};
+export type { AgentContext } from "../pipeline/agent/createAgentContext";