@probelabs/visor 0.1.124 → 0.1.126

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (195) hide show
  1. package/dist/config.d.ts.map +1 -1
  2. package/dist/docs/DEPLOYMENT.md +117 -11
  3. package/dist/docs/GITHUB_CHECKS.md +18 -4
  4. package/dist/docs/NPM_USAGE.md +112 -39
  5. package/dist/docs/action-reference.md +63 -9
  6. package/dist/docs/advanced-ai.md +58 -51
  7. package/dist/docs/ai-configuration.md +99 -11
  8. package/dist/docs/ai-custom-tools-usage.md +70 -33
  9. package/dist/docs/ai-custom-tools.md +50 -27
  10. package/dist/docs/architecture.md +1232 -0
  11. package/dist/docs/bot-transports-rfc.md +13 -3
  12. package/dist/docs/ci-cli-mode.md +116 -8
  13. package/dist/docs/claude-code.md +111 -41
  14. package/dist/docs/command-provider.md +37 -15
  15. package/dist/docs/commands.md +252 -6
  16. package/dist/docs/configuration.md +138 -4
  17. package/dist/docs/contributing.md +737 -0
  18. package/dist/docs/custom-tools.md +39 -8
  19. package/dist/docs/dashboards/README.md +33 -19
  20. package/dist/docs/debug-visualizer-progress.md +14 -13
  21. package/dist/docs/debug-visualizer-rfc.md +14 -13
  22. package/dist/docs/debug-visualizer.md +30 -5
  23. package/dist/docs/debugging.md +73 -8
  24. package/dist/docs/default-output-schema.md +24 -20
  25. package/dist/docs/dependencies.md +75 -21
  26. package/dist/docs/dev-playbook.md +85 -9
  27. package/dist/docs/engine-pause-resume-rfc.md +11 -11
  28. package/dist/docs/engine-state-machine-plan.md +10 -3
  29. package/dist/docs/event-driven-github-integration-rfc.md +20 -11
  30. package/dist/docs/event-triggers.md +95 -6
  31. package/dist/docs/execution-statistics-rfc.md +16 -4
  32. package/dist/docs/fact-validator-gap-analysis.md +12 -1
  33. package/dist/docs/fact-validator-implementation-plan.md +19 -11
  34. package/dist/docs/fail-if.md +116 -11
  35. package/dist/docs/failure-conditions-implementation.md +40 -6
  36. package/dist/docs/failure-conditions-schema.md +243 -87
  37. package/dist/docs/failure-routing-rfc.md +43 -18
  38. package/dist/docs/failure-routing.md +80 -23
  39. package/dist/docs/faq.md +836 -0
  40. package/dist/docs/foreach-dependency-propagation.md +32 -15
  41. package/dist/docs/github-ops.md +6 -5
  42. package/dist/docs/glossary.md +322 -0
  43. package/dist/docs/goto-forward-run-plan.md +23 -10
  44. package/dist/docs/guides/criticality-modes.md +15 -13
  45. package/dist/docs/guides/fault-management-and-contracts.md +8 -5
  46. package/dist/docs/guides/workflow-style-guide.md +17 -8
  47. package/dist/docs/http.md +102 -3
  48. package/dist/docs/human-input-provider.md +20 -36
  49. package/dist/docs/index.md +206 -0
  50. package/dist/docs/lifecycle-hooks.md +322 -2
  51. package/dist/docs/limits.md +20 -5
  52. package/dist/docs/liquid-templates.md +86 -14
  53. package/dist/docs/loop-routing-refactor.md +4 -2
  54. package/dist/docs/mcp-provider.md +53 -19
  55. package/dist/docs/mcp.md +27 -1
  56. package/dist/docs/memory.md +7 -2
  57. package/dist/docs/migration.md +596 -0
  58. package/dist/docs/observability.md +227 -6
  59. package/dist/docs/output-formats.md +388 -9
  60. package/dist/docs/output-history.md +36 -6
  61. package/dist/docs/performance.md +510 -4
  62. package/dist/docs/pluggable.md +95 -4
  63. package/dist/docs/proposals/snapshot-scope-execution.md +6 -5
  64. package/dist/docs/providers/git-checkout.md +16 -14
  65. package/dist/docs/providers/noop.md +696 -0
  66. package/dist/docs/recipes.md +8 -9
  67. package/dist/docs/rfc/git-checkout-step.md +3 -1
  68. package/dist/docs/rfc/on_init-hook.md +18 -5
  69. package/dist/docs/rfc/workspace-isolation.md +16 -0
  70. package/dist/docs/roadmap/criticality-implementation-tasks.md +27 -27
  71. package/dist/docs/router-patterns.md +155 -43
  72. package/dist/docs/schema-templates.md +51 -15
  73. package/dist/docs/script.md +162 -13
  74. package/dist/docs/sdk.md +46 -12
  75. package/dist/docs/security.md +464 -5
  76. package/dist/docs/slack-integration.md +481 -0
  77. package/dist/docs/tag-filtering.md +60 -20
  78. package/dist/docs/telemetry-setup.md +157 -46
  79. package/dist/docs/test-framework-rfc.md +37 -36
  80. package/dist/docs/testing/assertions.md +92 -4
  81. package/dist/docs/testing/ci.md +56 -7
  82. package/dist/docs/testing/cli.md +57 -15
  83. package/dist/docs/testing/cookbook.md +53 -20
  84. package/dist/docs/testing/dsl-reference.md +110 -9
  85. package/dist/docs/testing/fixtures-and-mocks.md +28 -3
  86. package/dist/docs/testing/flows.md +59 -4
  87. package/dist/docs/testing/getting-started.md +14 -13
  88. package/dist/docs/testing/troubleshooting.md +39 -2
  89. package/dist/docs/timeouts.md +174 -18
  90. package/dist/docs/troubleshooting.md +176 -6
  91. package/dist/docs/workflow-creation-guide.md +101 -3
  92. package/dist/docs/workflows.md +138 -41
  93. package/dist/examples/README.md +169 -4
  94. package/dist/examples/ai-custom-tools-simple.yaml +2 -3
  95. package/dist/examples/cron-webhook-config.yaml +15 -0
  96. package/dist/examples/forEach-example.yaml +6 -0
  97. package/dist/examples/git-checkout-basic.yaml +4 -0
  98. package/dist/examples/git-checkout-compare.yaml +6 -0
  99. package/dist/examples/git-checkout-cross-repo.yaml +7 -0
  100. package/dist/examples/http-integration-config.yaml +30 -0
  101. package/dist/examples/https-server-config.yaml +15 -0
  102. package/dist/examples/mcp-provider-example.yaml +10 -10
  103. package/dist/examples/transform-example.yaml +3 -0
  104. package/dist/examples/webhook-pipeline-config.yaml +18 -0
  105. package/dist/examples/workflows/workflow-composition-example.yaml +4 -0
  106. package/dist/frontends/slack-frontend.d.ts +2 -0
  107. package/dist/frontends/slack-frontend.d.ts.map +1 -1
  108. package/dist/generated/config-schema.d.ts +11 -7
  109. package/dist/generated/config-schema.d.ts.map +1 -1
  110. package/dist/generated/config-schema.json +11 -7
  111. package/dist/index.js +3127 -974
  112. package/dist/output/traces/{run-2026-01-28T16-15-24-569Z.ndjson → run-2026-01-31T16-37-22-321Z.ndjson} +84 -84
  113. package/dist/output/traces/{run-2026-01-28T16-16-09-757Z.ndjson → run-2026-01-31T16-38-06-031Z.ndjson} +1013 -1013
  114. package/dist/providers/ai-check-provider.d.ts +9 -2
  115. package/dist/providers/ai-check-provider.d.ts.map +1 -1
  116. package/dist/providers/command-check-provider.d.ts.map +1 -1
  117. package/dist/providers/mcp-custom-sse-server.d.ts +17 -1
  118. package/dist/providers/mcp-custom-sse-server.d.ts.map +1 -1
  119. package/dist/providers/workflow-check-provider.d.ts.map +1 -1
  120. package/dist/providers/workflow-tool-executor.d.ts +68 -0
  121. package/dist/providers/workflow-tool-executor.d.ts.map +1 -0
  122. package/dist/sdk/{check-provider-registry-AQ3JETBG.mjs → check-provider-registry-3KI5RKXT.mjs} +6 -5
  123. package/dist/sdk/check-provider-registry-IYILYY35.mjs +28 -0
  124. package/dist/sdk/chunk-2CPMMNIX.mjs +1459 -0
  125. package/dist/sdk/chunk-2CPMMNIX.mjs.map +1 -0
  126. package/dist/sdk/chunk-5LI6T4O3.mjs +3600 -0
  127. package/dist/sdk/chunk-5LI6T4O3.mjs.map +1 -0
  128. package/dist/sdk/{chunk-YLQ4UN62.mjs → chunk-A4PGHURG.mjs} +6838 -6257
  129. package/dist/sdk/chunk-A4PGHURG.mjs.map +1 -0
  130. package/dist/sdk/chunk-EXFGO4FX.mjs +147 -0
  131. package/dist/sdk/chunk-EXFGO4FX.mjs.map +1 -0
  132. package/dist/sdk/chunk-PJ7K5UFC.mjs +17732 -0
  133. package/dist/sdk/chunk-PJ7K5UFC.mjs.map +1 -0
  134. package/dist/sdk/{chunk-BHZ4CKUS.mjs → chunk-PXFIALUH.mjs} +77 -8
  135. package/dist/sdk/chunk-PXFIALUH.mjs.map +1 -0
  136. package/dist/sdk/{chunk-PVITVJ6J.mjs → chunk-RTKJXNZS.mjs} +32 -9
  137. package/dist/sdk/chunk-RTKJXNZS.mjs.map +1 -0
  138. package/dist/sdk/chunk-VW2GBXQT.mjs +606 -0
  139. package/dist/sdk/chunk-VW2GBXQT.mjs.map +1 -0
  140. package/dist/sdk/{config-RQQPMLRD.mjs → config-5AUYQFHE.mjs} +2 -2
  141. package/dist/sdk/config-6CUVEH7H.mjs +16 -0
  142. package/dist/sdk/config-6CUVEH7H.mjs.map +1 -0
  143. package/dist/sdk/{github-frontend-6Q4BISZX.mjs → github-frontend-BZ4N3BFZ.mjs} +7 -3
  144. package/dist/sdk/github-frontend-BZ4N3BFZ.mjs.map +1 -0
  145. package/dist/sdk/host-4MT3EW2I.mjs +52 -0
  146. package/dist/sdk/{host-P5NQICP7.mjs → host-NYWXLIFC.mjs} +2 -2
  147. package/dist/sdk/host-NYWXLIFC.mjs.map +1 -0
  148. package/dist/sdk/{routing-DEY2AIXM.mjs → routing-6R42GXUO.mjs} +2 -2
  149. package/dist/sdk/routing-6R42GXUO.mjs.map +1 -0
  150. package/dist/sdk/routing-7FXPULTO.mjs +24 -0
  151. package/dist/sdk/routing-7FXPULTO.mjs.map +1 -0
  152. package/dist/sdk/sdk.d.mts +3 -1
  153. package/dist/sdk/sdk.d.ts +3 -1
  154. package/dist/sdk/sdk.js +12163 -11204
  155. package/dist/sdk/sdk.js.map +1 -1
  156. package/dist/sdk/sdk.mjs +14 -10
  157. package/dist/sdk/sdk.mjs.map +1 -1
  158. package/dist/sdk/slack-frontend-JUT3TYVC.mjs +821 -0
  159. package/dist/sdk/slack-frontend-JUT3TYVC.mjs.map +1 -0
  160. package/dist/sdk/workflow-check-provider-H3CUOLUD.mjs +28 -0
  161. package/dist/sdk/workflow-check-provider-H3CUOLUD.mjs.map +1 -0
  162. package/dist/sdk/workflow-check-provider-YUNNF4KC.mjs +28 -0
  163. package/dist/sdk/workflow-check-provider-YUNNF4KC.mjs.map +1 -0
  164. package/dist/sdk/workflow-registry-KFWSDSLM.mjs +12 -0
  165. package/dist/sdk/workflow-registry-KFWSDSLM.mjs.map +1 -0
  166. package/dist/slack/socket-runner.d.ts +2 -0
  167. package/dist/slack/socket-runner.d.ts.map +1 -1
  168. package/dist/state-machine/context/workflow-inputs.d.ts +20 -0
  169. package/dist/state-machine/context/workflow-inputs.d.ts.map +1 -0
  170. package/dist/state-machine/dispatch/execution-invoker.d.ts.map +1 -1
  171. package/dist/state-machine/dispatch/foreach-processor.d.ts.map +1 -1
  172. package/dist/state-machine/dispatch/stats-manager.d.ts.map +1 -1
  173. package/dist/state-machine/states/level-dispatch.d.ts.map +1 -1
  174. package/dist/state-machine/states/routing.d.ts +2 -1
  175. package/dist/state-machine/states/routing.d.ts.map +1 -1
  176. package/dist/traces/{run-2026-01-28T16-15-24-569Z.ndjson → run-2026-01-31T16-37-22-321Z.ndjson} +84 -84
  177. package/dist/traces/{run-2026-01-28T16-16-09-757Z.ndjson → run-2026-01-31T16-38-06-031Z.ndjson} +1013 -1013
  178. package/dist/types/config.d.ts +3 -1
  179. package/dist/types/config.d.ts.map +1 -1
  180. package/dist/utils/human-id.d.ts +12 -0
  181. package/dist/utils/human-id.d.ts.map +1 -0
  182. package/dist/utils/worktree-manager.d.ts +3 -0
  183. package/dist/utils/worktree-manager.d.ts.map +1 -1
  184. package/dist/workflow-executor.d.ts.map +1 -1
  185. package/dist/workflow-registry.d.ts +1 -0
  186. package/dist/workflow-registry.d.ts.map +1 -1
  187. package/package.json +2 -2
  188. package/dist/sdk/chunk-BHZ4CKUS.mjs.map +0 -1
  189. package/dist/sdk/chunk-PVITVJ6J.mjs.map +0 -1
  190. package/dist/sdk/chunk-YLQ4UN62.mjs.map +0 -1
  191. package/dist/sdk/github-frontend-6Q4BISZX.mjs.map +0 -1
  192. /package/dist/sdk/{check-provider-registry-AQ3JETBG.mjs.map → check-provider-registry-3KI5RKXT.mjs.map} +0 -0
  193. /package/dist/sdk/{config-RQQPMLRD.mjs.map → check-provider-registry-IYILYY35.mjs.map} +0 -0
  194. /package/dist/sdk/{routing-DEY2AIXM.mjs.map → config-5AUYQFHE.mjs.map} +0 -0
  195. /package/dist/sdk/{host-P5NQICP7.mjs.map → host-4MT3EW2I.mjs.map} +0 -0
@@ -1,12 +1,12 @@
1
1
  # RFC: Bot Transports for Visor (Slack-first)
2
2
 
3
- Status: Draft
3
+ Status: Implemented
4
4
 
5
5
  This RFC proposes a Slack integration built on the event-bus/state-machine engine. The first iteration focuses on:
6
6
  - A Slack frontend that subscribes to engine events and posts an evolving message per group (e.g., overview, review).
7
7
  - Simple configuration via `frontends` in the workflow config, e.g.
8
8
 
9
- ```
9
+ ```yaml
10
10
  frontends:
11
11
  - name: slack
12
12
  config:
@@ -19,5 +19,15 @@ Design notes:
19
19
  - No placeholder/queued messages are posted; only content-producing events produce/modify messages.
20
20
  - Messages are updated in-place (using `chat.update`) keyed by group. We do not rely on hidden markers in message text.
21
21
  - Debounce/coalescing reduces API churn during bursts; terminal state forces an immediate flush.
22
- - Future work will add inbound Slack handling (webhooks) to trigger workflows and attach conversation context.
22
+ - Inbound Slack handling is now implemented via Socket Mode (`src/slack/socket-runner.ts`) to trigger workflows and attach conversation context.
23
+
24
+ ## Implementation
25
+
26
+ The Slack integration is implemented across these key files:
27
+ - `src/frontends/slack-frontend.ts` - Frontend that subscribes to engine events
28
+ - `src/frontends/host.ts` - Frontend host that manages lifecycle
29
+ - `src/slack/client.ts` - Lightweight Slack Web API wrapper
30
+ - `src/slack/socket-runner.ts` - Socket Mode for inbound Slack events
31
+ - `src/slack/adapter.ts` - Slack adapter for message handling
32
+ - `src/slack/markdown.ts` - Markdown to Slack mrkdwn conversion
23
33
 
@@ -1,8 +1,10 @@
1
1
  # Run Modes in CI (including GitHub Actions)
2
2
 
3
- Visor now defaults to CLI mode everywhere (no auto-detection). To enable GitHub-specific behavior (comments, checks), pass `--mode github-actions` or set the action input `mode: github-actions`.
3
+ Visor defaults to CLI mode everywhere (no auto-detection). To enable GitHub-specific behavior (comments, checks API), pass `--mode github-actions` or set the action input `mode: github-actions`.
4
4
 
5
- Examples (GitHub Actions CLI mode):
5
+ ## Basic CLI Mode (Default)
6
+
7
+ In CLI mode, Visor runs standalone without GitHub integration. This is ideal for local development, CI pipelines, or any environment where you want direct output.
6
8
 
7
9
  ```yaml
8
10
  jobs:
@@ -15,20 +17,126 @@ jobs:
15
17
  OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
16
18
  ```
17
19
 
18
- GitHub Actions behavior (comments/checks):
20
+ ## GitHub Actions Mode
21
+
22
+ To enable GitHub-specific features (PR comments, GitHub Checks API):
19
23
 
20
24
  ```yaml
21
25
  jobs:
22
- visor-cli:
26
+ visor-github:
27
+ runs-on: ubuntu-latest
28
+ steps:
29
+ - uses: actions/checkout@v4
30
+ - run: npx -y @probelabs/visor@latest --mode github-actions --config .visor.yaml
31
+ env:
32
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
33
+ OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
34
+ ```
35
+
36
+ ## CI-Relevant CLI Options
37
+
38
+ | Option | Description | Example |
39
+ |--------|-------------|---------|
40
+ | `--config <path>` | Path to configuration file | `--config .visor.yaml` |
41
+ | `-o, --output <format>` | Output format: `table`, `json`, `markdown`, `sarif` | `--output sarif` |
42
+ | `--output-file <path>` | Write output to file instead of stdout | `--output-file results.json` |
43
+ | `--timeout <ms>` | Timeout in milliseconds (default: 1200000 / 20 min) | `--timeout 300000` |
44
+ | `--max-parallelism <n>` | Max parallel checks (default: 3) | `--max-parallelism 5` |
45
+ | `--fail-fast` | Stop execution on first failure | `--fail-fast` |
46
+ | `--tags <tags>` | Run only checks with these tags (comma-separated) | `--tags security,fast` |
47
+ | `--exclude-tags <tags>` | Skip checks with these tags | `--exclude-tags slow` |
48
+ | `--event <type>` | Simulate GitHub event type | `--event pr_opened` |
49
+ | `--analyze-branch-diff` | Analyze diff vs base branch | `--analyze-branch-diff` |
50
+ | `--debug` | Enable debug output | `--debug` |
51
+ | `-v, --verbose` | Increase verbosity | `--verbose` |
52
+ | `-q, --quiet` | Reduce output to warnings/errors | `--quiet` |
53
+ | `--mode <mode>` | Run mode: `cli` or `github-actions` | `--mode github-actions` |
54
+
55
+ ## SARIF Output for GitHub Code Scanning
56
+
57
+ Generate SARIF output for integration with GitHub's code scanning feature:
58
+
59
+ ```yaml
60
+ jobs:
61
+ visor-security:
62
+ runs-on: ubuntu-latest
63
+ steps:
64
+ - uses: actions/checkout@v4
65
+ - run: npx -y @probelabs/visor@latest --check security --output sarif --output-file results.sarif
66
+ env:
67
+ OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
68
+ - uses: github/codeql-action/upload-sarif@v3
69
+ with:
70
+ sarif_file: results.sarif
71
+ ```
72
+
73
+ ## Environment Variables
74
+
75
+ ### AI Provider Keys
76
+
77
+ Set one of the following based on your AI provider:
78
+
79
+ | Variable | Provider |
80
+ |----------|----------|
81
+ | `OPENAI_API_KEY` | OpenAI GPT models |
82
+ | `ANTHROPIC_API_KEY` | Anthropic Claude models |
83
+ | `GOOGLE_API_KEY` | Google Gemini models |
84
+ | `AWS_ACCESS_KEY_ID` + `AWS_SECRET_ACCESS_KEY` + `AWS_REGION` | AWS Bedrock |
85
+ | `AWS_BEDROCK_API_KEY` | AWS Bedrock (API key auth) |
86
+
87
+ ### GitHub Integration
88
+
89
+ | Variable | Description |
90
+ |----------|-------------|
91
+ | `GITHUB_TOKEN` | Required for `--mode github-actions` |
92
+
93
+ ## Exit Codes
94
+
95
+ - `0` - Success, no critical issues found
96
+ - `1` - Critical issues found or execution error
97
+
98
+ ## Example: Full CI Pipeline
99
+
100
+ ```yaml
101
+ jobs:
102
+ visor-review:
23
103
  runs-on: ubuntu-latest
24
104
  steps:
25
105
  - uses: actions/checkout@v4
26
- - run: npx -y @probelabs/visor@latest --mode github-actions --config .visor.yaml --output json
106
+ with:
107
+ fetch-depth: 0 # Full history for branch diff analysis
108
+
109
+ - name: Run Visor Code Review
110
+ run: |
111
+ npx -y @probelabs/visor@latest \
112
+ --config .visor.yaml \
113
+ --output json \
114
+ --output-file visor-results.json \
115
+ --analyze-branch-diff \
116
+ --timeout 600000 \
117
+ --fail-fast
27
118
  env:
28
119
  OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
120
+
121
+ - name: Upload Results
122
+ uses: actions/upload-artifact@v4
123
+ if: always()
124
+ with:
125
+ name: visor-results
126
+ path: visor-results.json
29
127
  ```
30
128
 
31
- Notes:
129
+ ## Notes
130
+
131
+ - In CLI mode, GitHub credentials are not required. Provide your AI provider keys as environment variables.
132
+ - If you want PR comments/checks, use `--mode github-actions` with `GITHUB_TOKEN`.
133
+ - Use `--output-file` for reliable file output instead of shell redirection (`> file`).
134
+ - The `--fail-fast` flag is useful in CI to stop early when issues are found.
135
+ - Use `--quiet` to reduce noise in CI logs when only warnings/errors matter.
136
+
137
+ ## Related Documentation
32
138
 
33
- - In CLI mode, GitHub credentials aren’t required. Provide your AI provider keys as env vars (e.g., `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, etc.).
34
- - If you want PR comments/checks, run with `--mode github-actions` or use the published action with `with: mode: github-actions`.
139
+ - [Configuration](./configuration.md) - Full configuration reference
140
+ - [Output Formats](./output-formats.md) - Details on output format options
141
+ - [Event Triggers](./event-triggers.md) - GitHub event filtering
142
+ - [Tag Filtering](./tag-filtering.md) - Selective check execution with tags
@@ -1,34 +1,50 @@
1
- ## 🤖 Claude Code Provider
1
+ ## Claude Code Provider
2
2
 
3
- Visor includes advanced integration with Claude Code SDK, providing powerful AI-driven code analysis with MCP (Model Context Protocol) tools and subagent support.
3
+ Visor includes advanced integration with the Claude Code SDK, providing powerful AI-driven code analysis with MCP (Model Context Protocol) tools and subagent support.
4
4
 
5
5
  ### Features
6
6
 
7
- - Advanced AI Analysis: Leverages Claude Code's sophisticated understanding
8
- - MCP Tools: Built-in and custom tools for specialized analysis
9
- - Subagents: Delegate specific tasks to specialized agents
10
- - Streaming Responses: Real-time feedback during analysis
11
- - Flexible Permissions: Granular control over tool usage
7
+ - **Advanced AI Analysis**: Leverages Claude Code's sophisticated understanding
8
+ - **MCP Tools**: Custom tools for specialized analysis via MCP servers
9
+ - **Subagents**: Delegate specific tasks to specialized agents
10
+ - **Session Reuse**: Continue conversations across dependent checks
11
+ - **Flexible Permissions**: Granular control over tool usage
12
12
 
13
- ### Configuration
13
+ ### Configuration Options
14
+
15
+ The `claude_code` configuration block supports the following options:
16
+
17
+ | Option | Type | Description |
18
+ |--------|------|-------------|
19
+ | `allowedTools` | `string[]` | List of tool names Claude can use (e.g., `['Grep', 'Read', 'WebSearch']`) |
20
+ | `maxTurns` | `number` | Maximum conversation turns (default: 5) |
21
+ | `systemPrompt` | `string` | Custom system prompt for the analysis |
22
+ | `mcpServers` | `object` | MCP server configurations (see below) |
23
+ | `subagent` | `string` | Path to a subagent definition file |
24
+ | `hooks` | `object` | Lifecycle hooks (`onStart`, `onEnd`, `onError`) |
25
+
26
+ ### Basic Example
14
27
 
15
28
  ```yaml
16
29
  steps:
17
- claude_comprehensive:
30
+ claude_security_review:
18
31
  type: claude-code
19
- prompt: "Perform a comprehensive security and performance review"
20
- tags: ["comprehensive", "security", "performance", "slow", "remote"]
32
+ prompt: "Perform a comprehensive security review"
21
33
  claude_code:
22
34
  allowedTools: ['Grep', 'Read', 'WebSearch']
23
35
  maxTurns: 5
24
36
  systemPrompt: "You are an expert security auditor"
37
+ ```
38
+
39
+ ### Example with MCP Servers
25
40
 
41
+ ```yaml
42
+ steps:
26
43
  claude_with_mcp:
27
44
  type: claude-code
28
45
  prompt: "Analyze code complexity and architecture"
29
- tags: ["architecture", "complexity", "comprehensive", "remote"]
30
46
  claude_code:
31
- allowedTools: ['analyze_file_structure', 'calculate_complexity']
47
+ allowedTools: ['Read', 'Grep', 'custom_tool']
32
48
  mcpServers:
33
49
  custom_analyzer:
34
50
  command: "node"
@@ -37,38 +53,92 @@ steps:
37
53
  ANALYSIS_MODE: "deep"
38
54
  ```
39
55
 
40
- ### Built-in MCP Tools
41
-
42
- - analyze_file_structure: Analyzes project organization
43
- - detect_patterns: Identifies code patterns and anti-patterns
44
- - calculate_complexity: Computes complexity metrics
45
- - suggest_improvements: Provides improvement recommendations
46
-
47
- ### Custom MCP Servers
48
-
49
- Create `.mcp.json` in your project root:
50
-
51
- ```json
52
- {
53
- "mcpServers": {
54
- "security_scanner": {
55
- "command": "python",
56
- "args": ["./tools/security_scanner.py"],
57
- "env": {
58
- "SCAN_DEPTH": "full"
59
- }
60
- }
61
- }
62
- }
56
+ ### MCP Server Configuration
57
+
58
+ Each MCP server entry supports:
59
+
60
+ | Option | Type | Required | Description |
61
+ |--------|------|----------|-------------|
62
+ | `command` | `string` | Yes | The command to spawn the MCP server |
63
+ | `args` | `string[]` | No | Command line arguments |
64
+ | `env` | `object` | No | Environment variables for the server process |
65
+
66
+ ### Subagents
67
+
68
+ Use the `subagent` option to delegate tasks to specialized agents:
69
+
70
+ ```yaml
71
+ steps:
72
+ claude_comprehensive:
73
+ type: claude-code
74
+ prompt: "Perform a comprehensive code review"
75
+ claude_code:
76
+ subagent: "./.claude/agents/code-reviewer.md"
77
+ maxTurns: 10
63
78
  ```
64
79
 
65
- ### Environment Setup
80
+ ### Hooks
66
81
 
67
- ```bash
68
- # Install Claude Code CLI (required)
69
- npm install -g @anthropic-ai/claude-code
82
+ Lifecycle hooks allow custom processing at different stages:
83
+
84
+ ```yaml
85
+ steps:
86
+ claude_with_hooks:
87
+ type: claude-code
88
+ prompt: "Review the code"
89
+ claude_code:
90
+ hooks:
91
+ onStart: "echo 'Starting review'"
92
+ onEnd: "echo 'Review complete'"
93
+ onError: "./scripts/handle-error.sh"
94
+ ```
95
+
96
+ ### Session Reuse
97
+
98
+ Reuse Claude Code sessions across dependent checks for context continuity:
99
+
100
+ ```yaml
101
+ steps:
102
+ initial_analysis:
103
+ type: claude-code
104
+ prompt: "Analyze the code structure"
105
+ claude_code:
106
+ maxTurns: 3
107
+
108
+ follow_up:
109
+ type: claude-code
110
+ prompt: "Based on the previous analysis, suggest improvements"
111
+ depends_on: [initial_analysis]
112
+ reuse_ai_session: true
113
+ ```
114
+
115
+ ### Environment Variables
70
116
 
71
- # Set API key (optional - uses local Claude Code if available)
117
+ The provider requires an API key via one of these environment variables:
118
+
119
+ ```bash
120
+ # Option 1: Claude Code specific key
72
121
  export CLAUDE_CODE_API_KEY=your-api-key
122
+
123
+ # Option 2: General Anthropic API key
124
+ export ANTHROPIC_API_KEY=your-api-key
125
+ ```
126
+
127
+ ### Required Dependencies
128
+
129
+ Install the Claude Code SDK:
130
+
131
+ ```bash
132
+ npm install @anthropic/claude-code-sdk @modelcontextprotocol/sdk
73
133
  ```
74
134
 
135
+ ### Complete Example
136
+
137
+ See [examples/claude-code-config.yaml](../examples/claude-code-config.yaml) for a comprehensive configuration example.
138
+
139
+ ### Related Documentation
140
+
141
+ - [MCP Support for AI Providers](./mcp.md) - General MCP configuration
142
+ - [AI Configuration](./ai-configuration.md) - Standard AI provider configuration
143
+ - [Configuration](./configuration.md) - General configuration reference
144
+
@@ -29,12 +29,18 @@ steps:
29
29
  | `transform` | string | No | Liquid template to transform output |
30
30
  | `transform_js` | string | No | JavaScript expression to transform output (evaluated in sandbox) |
31
31
  | `env` | object | No | Environment variables to pass to the command |
32
- | `timeout` | number | No | Command timeout in seconds (default: 60) |
32
+ | `timeout` | number | No | Command timeout in milliseconds (default: 60000, i.e., 60 seconds) |
33
33
  | `depends_on` | array | No | Other checks this depends on |
34
34
  | `forEach` | object | No | Run command for each item in a collection |
35
35
  | `group` | string | No | Group name for organizing results |
36
36
  | `on` | array | No | Events that trigger this check |
37
+ | `if` | string | No | Condition expression - check runs only if true |
38
+ | `fail_if` | string | No | Condition expression - check fails if true |
39
+ | `on_fail` | object | No | Failure routing configuration (retry, goto, run) |
40
+ | `on_success` | object | No | Success routing configuration |
41
+ | `continue_on_failure` | boolean | No | Allow dependents to run even if this step fails |
37
42
  | `tags` | array | No | Tags for filtering checks |
43
+ | `output_format` | string | No | Output parsing hint: `"json"` or `"text"` |
38
44
 
39
45
  ## Auto‑JSON Access (no JSON.parse needed)
40
46
 
@@ -304,26 +310,26 @@ steps:
304
310
 
305
311
  ### Timeout Configuration
306
312
 
307
- Configure longer timeouts for commands that take more time:
313
+ Configure longer timeouts for commands that take more time. Timeout is specified in milliseconds:
308
314
 
309
315
  ```yaml
310
316
  steps:
311
317
  build-project:
312
318
  type: command
313
319
  exec: "npm run build"
314
- timeout: 300 # 5 minutes
320
+ timeout: 300000 # 5 minutes (300,000 ms)
315
321
  group: build
316
322
 
317
323
  quick-lint:
318
324
  type: command
319
325
  exec: "eslint src/"
320
- timeout: 30 # 30 seconds
326
+ timeout: 30000 # 30 seconds (30,000 ms)
321
327
  group: quality
322
328
 
323
329
  long-test-suite:
324
330
  type: command
325
331
  exec: "npm run test:e2e"
326
- timeout: 600 # 10 minutes
332
+ timeout: 600000 # 10 minutes (600,000 ms)
327
333
  group: testing
328
334
  ```
329
335
 
@@ -337,7 +343,7 @@ steps:
337
343
  outdated-deps:
338
344
  type: command
339
345
  exec: "npm outdated --json || true"
340
- timeout: 120 # 2 minutes for npm operations
346
+ timeout: 120000 # 2 minutes (120,000 ms) for npm operations
341
347
  group: dependencies
342
348
  tags: [dependencies, maintenance]
343
349
 
@@ -351,7 +357,7 @@ steps:
351
357
  echo '{"vulnerabilities": {}}'
352
358
  fi
353
359
  depends_on: [outdated-deps]
354
- timeout: 180 # 3 minutes for audit
360
+ timeout: 180000 # 3 minutes (180,000 ms) for audit
355
361
  transform: |
356
362
  {
357
363
  "critical": {{ output.metadata.vulnerabilities.critical | default: 0 }},
@@ -366,12 +372,12 @@ steps:
366
372
 
367
373
  The command provider handles errors gracefully:
368
374
 
369
- 1. **Command failures** - Non-zero exit codes are captured as errors
370
- 2. **Timeout** - Commands timeout after 60 seconds by default
375
+ 1. **Command failures** - Non-zero exit codes are captured as errors (`ruleId: command/execution_error`)
376
+ 2. **Timeout** - Commands timeout after 60 seconds (60000ms) by default (`ruleId: command/timeout`)
371
377
  3. **Buffer limits** - Output is limited to 10MB
372
- 4. **Transform errors** - Invalid transforms are reported as issues
378
+ 4. **Transform errors** - Invalid Liquid or JavaScript transforms are reported as issues (`ruleId: command/transform_error` or `command/transform_js_error`)
373
379
 
374
- Example error output:
380
+ Example error output for execution failure:
375
381
  ```json
376
382
  {
377
383
  "issues": [
@@ -387,6 +393,22 @@ Example error output:
387
393
  }
388
394
  ```
389
395
 
396
+ Example error output for timeout:
397
+ ```json
398
+ {
399
+ "issues": [
400
+ {
401
+ "file": "command",
402
+ "line": 0,
403
+ "ruleId": "command/timeout",
404
+ "message": "Command execution timed out after 60000 milliseconds",
405
+ "severity": "error",
406
+ "category": "logic"
407
+ }
408
+ ]
409
+ }
410
+ ```
411
+
390
412
  ## Security Considerations
391
413
 
392
414
  ### ⚠️ CRITICAL: Command Injection Prevention
@@ -480,7 +502,7 @@ steps:
480
502
 
481
503
  3. **Secrets Management**:
482
504
  ```yaml
483
- checks:
505
+ steps:
484
506
  # BAD - Don't echo secrets
485
507
  bad-secret:
486
508
  type: command
@@ -494,7 +516,7 @@ steps:
494
516
 
495
517
  4. **File System Access** - Commands run with the same permissions as the visor process:
496
518
  ```yaml
497
- checks:
519
+ steps:
498
520
  # Be careful with file operations
499
521
  file-check:
500
522
  type: command
@@ -508,7 +530,7 @@ steps:
508
530
  cat "$FILE"
509
531
  ```
510
532
 
511
- 5. **Timeout Protection** - Commands timeout after 60 seconds by default (configurable via `timeout` field)
533
+ 5. **Timeout Protection** - Commands timeout after 60000 milliseconds (60 seconds) by default (configurable via `timeout` field in milliseconds)
512
534
  6. **Output Limits** - Command output is limited to 10MB to prevent memory exhaustion
513
535
 
514
536
  ## Integration with Other Providers
@@ -556,4 +578,4 @@ steps:
556
578
 
557
579
  ## Comparison with Script Provider
558
580
 
559
- Note: There is no "script" provider. The `command` provider is used for executing shell commands. If you see references to a "script" type in error messages or old documentation, use `type: command` instead.
581
+ The `script` provider executes JavaScript in a secure sandbox, while the `command` provider executes shell commands. Use `command` for running external tools and shell commands; use `script` for JavaScript logic with direct access to PR context, outputs, and memory helpers. See [Script Provider](./script.md) for details.