@ozzylabs/feedradar 0.1.4 → 0.1.6

package/dist/templates/feedradar.md

@@ -24,7 +24,7 @@ radar watch run
 # (c) あとは AI エージェントに頼む (次セクション)
 ```
 
-`source add` と `watch run` は scheduler 連携を想定して CLI のままです。`--with-actions` / `--with-routines` を付けて init すれば、GitHub Actions / Claude Routines で定期実行する雛形が出ます。
+`source add` と `watch run` は scheduler 連携を想定して CLI のままです。`--with-actions` / `--with-routines` を付けて init すれば、GitHub Actions / Claude Routines で定期実行する雛形が出ます。後から workflow を追加 / cadence 切替 / watch + 自動 research の連鎖が必要になったら `radar workflow generate watch | combined` で後追い生成できます ([ADR-0014](https://github.com/ozzy-labs/feedradar/blob/main/docs/adr/0014-workflow-generate-and-auto-research-safety.md))。
 
 ## 主要操作: エージェントに頼む
 
@@ -111,19 +111,34 @@ slash で直接呼ぶなら:
 エージェントを起動しない自動化文脈では CLI を直接呼びます。`radar <subcommand> --help` で全コマンドのヘルプが出ます。
 
 ```bash
-radar source add <id> --kind <rss|html|html-js|github-releases|npm-registry> --url <url> [options]
+radar source add <id> --kind <rss|html|html-js|github-releases|npm-registry|json-feed|json-api> --url <url> [options]
+radar source add <id> --recipe <name> [--keywords ... --tags ... --name ...]  # バンドル recipe で 1 行追加 (ADR-0012)
 radar source list
+radar source recipes                                  # バンドル recipe を一覧表示
 radar source test <id> [--limit N] [--show-content]
 radar source remove <id>
-radar watch run [--source <id>] [--bootstrap]
-radar research <item-id> --agent <agent>
+radar watch run [--source <id>] [--bootstrap | --backfill [--max-pages N]] [-v|--verbose | -q|--quiet]
+radar research <item-id> --agent <agent> [--verbose | --quiet]    # 進捗表示・stdout pass-through は --verbose で有効化 (ADR-0015)
 radar research --digest <item-id> <item-id> ... [--agent <agent>]   # 複数 item を 1 digest にまとめる (ADR-0011)
-radar review <research-id> --agent <agent>
-radar update <research-id> --agent <agent>
+radar review <research-id> --agent <agent> [--verbose | --quiet]
+radar update <research-id> --agent <agent> [--verbose | --quiet]
 radar dismiss <item-id>
+radar research --batch [--max-items N] [--filter-tags <list>] [--agent <agent>] [--verbose | --quiet]  # detected を一括 research (ADR-0014)
+radar workflow generate watch [--cron "<expr>"] [--agent <agent>] [--output <path>]            # GitHub Actions watch 雛形を後追い生成 (ADR-0014)
+radar workflow generate combined [--watch-cron "<expr>"] [--max-items N] [--filter-tags <list>] [--agent <agent>] [--output <path>]   # watch + 自動 research を --max-items ハードキャップ付きで生成 (ADR-0014)
 ```
 
-定期実行の雛形 (GitHub Actions / Claude Routines) は `radar init --with-actions` / `--with-routines` で生成できます。
+JSON API は recipe ベースで、`kind: json-api` を選んで `pagination` を YAML に書く（[ADR-0012](https://github.com/ozzy-labs/feedradar/blob/main/docs/adr/0012-json-api-adapter-and-recipe-strategy.md)）。JSON Feed 1.0 / 1.1 標準に準拠したサイトは URL だけで動く zero-config kind (`kind: json-feed`)。過去の全件取り込みは `radar watch run --backfill` を使う (kind: json-api / github-releases / npm-registry 対応)。
+
+長時間実行コマンド (`research` / `review` / `update` / `watch run --backfill` / html-js fetch / `source test`) は stderr に phase markers + spinner + 副次メトリクス (`stdout` / `output` / `page x/N`) を表示します（[ADR-0015](https://github.com/ozzy-labs/feedradar/blob/main/docs/adr/0015-progress-reporting-ux.md)）。挙動切替は env > flag > TTY auto-detect の優先順:
+
+- `--verbose`（または `-v`）: agent CLI / Playwright の stdout/stderr を pass-through。デバッグや「フリーズに見える」ときの第一手
+- `--quiet`（または `-q`）: reporter を完全に黙らせ、CLI の従来 1 行ログだけ残す
+- `RADAR_NO_PROGRESS=1`（env）: 上記より強い escape hatch。CI script で flag を消さずに reporter だけ off にしたいケース向け
+
+詳細・トラブルシュート（`Agent running [mm:ss]` で動いていないように見える時の対処等）は [docs/user-guide.md → 進捗表示 / verbose / quiet](https://github.com/ozzy-labs/feedradar/blob/main/docs/user-guide.md#進捗表示--verbose--quiet) を参照。
+
+定期実行の雛形 (GitHub Actions / Claude Routines) は `radar init --with-actions` / `--with-routines` で初回 bootstrap として生成できます。後追いで cadence 切替 / 複数 workflow 共存 / `combined` (watch + 自動 research) を追加したい場合は `radar workflow generate <type>` ([ADR-0014](https://github.com/ozzy-labs/feedradar/blob/main/docs/adr/0014-workflow-generate-and-auto-research-safety.md)) を使います。`combined` は `--max-items` ハードキャップを YAML literal + CLI default の二重防御で焼き込むため、暴走 feed (publisher 側 bug / `--backfill` 事故) による LLM cost 爆発を設計レベルで遮断します。
 
 ## このディレクトリのレイアウト
 
@@ -154,7 +169,7 @@ radar dismiss <item-id>
 
 ## セキュリティ警告
 
-FeedRadar が fetch する外部 feed (RSS / HTML / HTML (JS rendered, `kind: html-js`) / GitHub Releases / npm registry) は **untrusted** として扱われます ([ADR-0009](https://github.com/ozzy-labs/feedradar/blob/main/docs/adr/0009-untrusted-external-content-handling.md))。攻撃者が feed 内容に prompt injection を仕込む可能性があるため:
+FeedRadar が fetch する外部 feed (RSS / HTML / HTML (JS rendered, `kind: html-js`) / GitHub Releases / npm registry / JSON Feed / JSON API) は **untrusted** として扱われます ([ADR-0009](https://github.com/ozzy-labs/feedradar/blob/main/docs/adr/0009-untrusted-external-content-handling.md))。攻撃者が feed 内容に prompt injection を仕込む可能性があるため:
 
 - 信頼できる公式 source のみ登録するのが第一の防御線
 - `sources/<id>.yaml` の `trustLevel: trusted` で個別 opt-in 可 (既定 `untrusted`)

package/dist/templates/workflows/combined.template.yaml.tmpl

@@ -0,0 +1,110 @@
+# `radar workflow generate combined` template (ADR-0014 D2 / D3 / D4 / D5).
+#
+# Chains `radar watch run` -> "skip if no new items" guard -> `radar research
+# --batch` -> `git commit/push --rebase` retry inside a single job so the
+# detection-to-research delay collapses to one cron tick instead of two
+# stacked workflows.
+#
+# Placeholders rendered by `src/cli/workflow/generate-combined.ts`:
+#   {{cron}}        — schedule cron expression (default "0 0 * * *")
+#   {{maxItems}}    — `--max-items` hard cap (ADR-0014 D3a; default 10)
+#   {{filterTags}}  — `--filter-tags` arg as a single CLI literal (empty when
+#                     filtering is off so the line collapses to bare `--batch`)
+#   {{agent}}       — agent id literal (claude-code|codex-cli|gemini-cli|copilot)
+#   {{secretsBlock}} — agent-specific `env:` body (no shared default; the
+#                     CLI generator selects one of four prebuilt fragments,
+#                     never injecting OAuth tokens per ADR-0014 D5)
+#
+# Hard-cap rationale: this YAML embeds `--max-items {{maxItems}}` as a literal
+# so a workflow audit shows the cap without needing to re-read CLI source.
+# The CLI re-enforces the cap (`RESEARCH_BATCH_DEFAULT_MAX_ITEMS` in
+# `src/cli/research.ts`) so even hand-edited YAML cannot blow it inside one
+# invocation (ADR-0014 D3a 二重防御).
+
+name: feedradar-combined
+
+on:
+  schedule:
+    - cron: "{{cron}}"
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+
+concurrency:
+  # Type-scoped concurrency group: watch-only and combined workflows must not
+  # serialize each other (different cadence, different scope), so each type
+  # has its own `feedradar-<type>-${{ github.ref }}` group.
+  group: feedradar-combined-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  combined:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout workspace
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: true
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22.21"
+
+      - name: Install FeedRadar
+        run: npm install -g @ozzylabs/feedradar
+
+      - name: Run watch
+        env:
+{{secretsBlock}}
+        run: radar watch run
+
+      - name: Skip research when no new items
+        id: detect_changes
+        # ADR-0014: skip the research step entirely when `watch run` produced
+        # no new items. Otherwise a runaway-detection cap would still burn a
+        # full `radar research --batch` invocation (template load, item walk)
+        # on a fresh-empty queue.
+        run: |
+          if [ -z "$(git status --porcelain items/)" ]; then
+            echo "no new items in items/; skipping research step"
+            echo "has_changes=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "has_changes=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run research on detected items (capped at {{maxItems}}, agent={{agent}})
+        if: steps.detect_changes.outputs.has_changes == 'true'
+        env:
+{{secretsBlock}}
+        # `--batch` walks items/ for status=detected, applies the filter-tags
+        # allow-list, and stops once `--max-items` reports are written. The CLI
+        # re-enforces the cap so a hand-edited YAML cannot exceed it.
+        run: radar research --batch --status detected --max-items {{maxItems}}{{filterTags}} --agent {{agent}}
+
+      - name: Commit and push with retry
+        if: steps.detect_changes.outputs.has_changes == 'true'
+        # ADR-0014 D4: three-attempt push with `git pull --rebase --autostash`
+        # between failures. Tuned for two concurrent feedradar workflows (e.g.
+        # watch-hourly + combined-weekly) racing on items/ / state/ / research/.
+        run: |
+          git config user.name "feedradar-bot"
+          git config user.email "feedradar-bot@users.noreply.github.com"
+          git add items/ state/ research/
+          if git diff --cached --quiet; then
+            echo "nothing staged; exiting cleanly"
+            exit 0
+          fi
+          git commit -m "chore(feedradar): combined watch + research $(date -u +%Y-%m-%d)"
+          for attempt in 1 2 3; do
+            if git push origin "${GITHUB_REF_NAME}"; then
+              exit 0
+            fi
+            echo "push failed (attempt ${attempt}/3), rebasing..."
+            git pull --rebase --autostash origin "${GITHUB_REF_NAME}"
+          done
+          echo "push failed after 3 attempts" >&2
+          exit 1

package/dist/templates/workflows/watch.template.yaml.tmpl

@@ -0,0 +1,103 @@
+# GitHub Actions scaffold generated by `radar workflow generate watch`.
+# Edit the cron schedule, sources, and commit message to match your workflow.
+# Auth policy: API key only (ADR-0004 / ADR-0014). The Claude Code OAuth token
+# is forbidden for unattended workflows per Anthropic's usage policy.
+#
+# This template is the placeholder-driven, post-init regeneration variant of
+# `src/templates/workflows/watch.yaml`. The latter is emitted by
+# `radar init --with-actions` for first-time workspace bootstrap and is
+# preserved verbatim for backward compatibility (ADR-0014 D1). Differences:
+#
+#   - Cron schedule, output path, and agent secret name are substituted by
+#     `generate-watch.ts` from CLI flags before the file is written.
+#   - `concurrency.group` is scoped to `feedradar-watch-` so multiple workflow
+#     types (watch / combined) can run side by side without cancelling each
+#     other; ADR-0014 D4 push-conflict mitigation pairs with the rebase retry
+#     below.
+#   - `Commit and push with retry` step has up to 3 `git pull --rebase`
+#     retries to recover from concurrent cron pushes (ADR-0014 D4).
+
+name: feedradar-watch
+
+on:
+  schedule:
+    - cron: "{{cron}}"
+  workflow_dispatch: {}
+
+permissions:
+  # Required to commit detected items / state back to the workspace branch.
+  contents: write
+
+concurrency:
+  # Per-type group so `watch` and `combined` workflows don't cancel each other.
+  # Same-type concurrent firings still serialize via this group.
+  group: feedradar-watch-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  watch:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout workspace
+        uses: actions/checkout@v4
+        with:
+          # Need history so we can rebase on top of concurrent pushes.
+          fetch-depth: 0
+          persist-credentials: true
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          # Node 22.21+ (or 24.5+) is required so radar can auto-detect
+          # HTTPS_PROXY / HTTP_PROXY and respawn with --use-env-proxy.
+          node-version: "22.21"
+
+      - name: Install FeedRadar
+        # Pin to a release once you've decided on a version; this scaffold
+        # installs the latest published build.
+        run: npm install -g @ozzylabs/feedradar
+
+      - name: Run watch
+        env:
+          # Authenticate against the agent API per ADR-0004 / ADR-0014 D5.
+          # The secret name below follows the per-agent convention; see the
+          # post-generation stdout for the exact secret you must add.
+          {{agentEnvKey}}: ${{ secrets.{{agentEnvKey}} }}
+          # Raises GitHub REST API rate limit from 60 → 5000 req/h for the
+          # github-releases adapter (ADR-0002 / Phase 3).
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: radar watch run
+
+      - name: Commit and push with retry
+        # Persist updates to items/ and state/ so the next scheduled run can
+        # diff against the previous lastSeenIds. Routines / Actions both
+        # fresh-clone, so state must live in git.
+        #
+        # Push conflict mitigation (ADR-0014 D4): if another workflow (e.g.
+        # combined.yaml) pushed concurrently, `git push` fails with
+        # non-fast-forward. We retry up to 3 times, rebasing on each attempt;
+        # autostash keeps any unindexed bot-side changes safe across the
+        # rebase. 4+ attempts indicate a structural problem (branch
+        # protection, token failure, true merge conflict) so we fail fast
+        # instead of retrying further.
+        run: |
+          set -euo pipefail
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          if git diff --quiet items/ state/; then
+            echo "no changes detected; skipping commit"
+            exit 0
+          fi
+          git add items/ state/
+          git commit -m "chore(watch): detected items $(date -u +%Y-%m-%d)"
+          for attempt in 1 2 3; do
+            if git push origin "${GITHUB_REF_NAME}"; then
+              echo "push succeeded on attempt ${attempt}"
+              exit 0
+            fi
+            echo "push failed (attempt ${attempt}/3), rebasing..."
+            git pull --rebase --autostash origin "${GITHUB_REF_NAME}"
+          done
+          echo "push failed after 3 attempts" >&2
+          exit 1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ozzylabs/feedradar",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "Multi-agent CLI that watches blogs and release feeds, then turns keyword hits into Markdown research reports",
   "type": "module",
   "publishConfig": {
@@ -8,7 +8,6 @@
   },
   "files": [
     "dist",
-    "dist/skills",
     "LICENSE",
     "README.md"
   ],