clud-bug 0.6.2 → 0.6.4

package/lib/prompts.js

@@ -57,6 +57,32 @@ ${focusBullets}
 Skip style suggestions, minor naming issues, or anything that
 doesn't affect correctness, security, or performance.
 
+Section budgets (token-frugal review — v0.6.4+):
+The workflow sets env vars MAX_DIFF_BYTES / MAX_COMMENT_BYTES /
+MAX_SKILL_BYTES. When fetching content via the Bash tool, cap each
+section with \`head -c\` to keep your context lean. Caching covers
+the stable system-prompt prefix (you're reading it now) at 10% of
+standard input cost, but variable per-PR content is NOT cached, so
+size discipline on those fetches pays back directly.
+
+  - PR diff: \`gh pr diff "$PR_NUMBER" | head -c "$MAX_DIFF_BYTES"\`
+    (default 80,000 bytes — covers ~95% of real PRs unbruised). If
+    the output looks truncated mid-line, note it in your review and
+    request the omitted hunks via \`gh pr diff "$PR_NUMBER" --name-only\`
+    + a targeted re-fetch of the specific files that need scrutiny.
+
+  - Skill files: \`head -c "$MAX_SKILL_BYTES" .claude/skills/<name>/SKILL.md\`
+    per file (default 4,000 bytes). Baseline skills fit easily;
+    bloated user-added skills get truncated.
+
+  - PR comments: \`gh api "repos/$REPO_OWNER/$REPO_NAME/issues/$PR_NUMBER/comments?per_page=20" --jq '.[] | select(.user.login != "claude[bot]")' | head -c "$MAX_COMMENT_BYTES"\`
+    (default 20,000 bytes, 20 most-recent). Skips your own prior
+    comments — the FIX-PUSH FLOW handles those via reviewThreads
+    GraphQL instead.
+
+If you genuinely cannot review safely without the elided content,
+say so plainly in the summary comment instead of speculating.
+
 Skills are not background context — they are review rules with
 authority. Before flagging any finding, scan the loaded skills in
 .claude/skills/ for relevant guidance. If a skill applies, your
@@ -78,8 +104,8 @@ frontmatter at .claude/skills/<name>/SKILL.md. Two values:
 
 Before writing the review, scan each loaded skill's frontmatter
 (the first \`---\`-delimited block of its SKILL.md) to identify
-its review_mode. You can read them with:
-  cat .claude/skills/*/SKILL.md
+its review_mode. Read each one capped at MAX_SKILL_BYTES:
+  head -c "$MAX_SKILL_BYTES" .claude/skills/*/SKILL.md
 
 At the end of every review, append a single-line footer:
   Skills referenced: [skill-name-1, skill-name-2, ...]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clud-bug",
-  "version": "0.6.2",
+  "version": "0.6.4",
   "description": "Skill-driven Claude PR review. Ship a brand-voice skill, get brand reviews. Each finding cites the skill that motivated it. CLI installs the workflow + a baseline kit; add more from skills.sh.",
   "homepage": "https://cludbug.dev",
   "bugs": "https://github.com/thrillmade/clud-bug/issues",

package/templates/workflow-py.yml.tmpl

@@ -54,17 +54,31 @@ jobs:
         if: steps.guard.outputs.skip != 'true'
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO_OWNER: ${{ github.repository_owner }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          # Per-section byte budgets — see workflow.yml.tmpl for design notes.
+          MAX_DIFF_BYTES: '80000'
+          MAX_COMMENT_BYTES: '20000'
+          MAX_SKILL_BYTES: '4000'
+          # Stable prefix → CLI auto-cached system layer (10% cost on hits).
+          # See workflow.yml.tmpl for design notes.
+          APPEND_SYSTEM_PROMPT: |
+            {{REVIEW_PROMPT}}
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           track_progress: true
+          show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md)"
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
-            {{REVIEW_PROMPT}}
+            Review this pull request following the discipline in your
+            system prompt — every rule about skill routing, comment
+            format, the strict-mode header, the two-surface review
+            shape, and the FIX-PUSH FLOW applies.
 
       # Strict-mode gate — composite action; see workflow.yml.tmpl for design notes.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.2
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.4
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}

package/templates/workflow-ts.yml.tmpl

@@ -54,17 +54,31 @@ jobs:
         if: steps.guard.outputs.skip != 'true'
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO_OWNER: ${{ github.repository_owner }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          # Per-section byte budgets — see workflow.yml.tmpl for design notes.
+          MAX_DIFF_BYTES: '80000'
+          MAX_COMMENT_BYTES: '20000'
+          MAX_SKILL_BYTES: '4000'
+          # Stable prefix → CLI auto-cached system layer (10% cost on hits).
+          # See workflow.yml.tmpl for design notes.
+          APPEND_SYSTEM_PROMPT: |
+            {{REVIEW_PROMPT}}
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           track_progress: true
+          show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md)"
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
-            {{REVIEW_PROMPT}}
+            Review this pull request following the discipline in your
+            system prompt — every rule about skill routing, comment
+            format, the strict-mode header, the two-surface review
+            shape, and the FIX-PUSH FLOW applies.
 
       # Strict-mode gate — composite action; see workflow.yml.tmpl for design notes.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.2
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.4
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}

package/templates/workflow.yml.tmpl

@@ -80,13 +80,40 @@ jobs:
         if: steps.guard.outputs.skip != 'true'
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO_OWNER: ${{ github.repository_owner }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          # Per-section byte budgets (v0.6.4). The system-prompt instructs
+          # Claude to cap each per-PR input fetch with `head -c`. Caching
+          # covers the stable system prefix; capping covers the variable
+          # suffix (diff, comments, skills). Override per-repo by setting
+          # these env vars in the consuming workflow if defaults don't fit.
+          MAX_DIFF_BYTES: '80000'
+          MAX_COMMENT_BYTES: '20000'
+          MAX_SKILL_BYTES: '4000'
+          # APPEND_SYSTEM_PROMPT lands inside the Claude Code CLI's auto-cached
+          # system layer (system prompt, tools, conversation history). Anthropic
+          # bills cached input tokens at 10% of standard input — within a 5-min
+          # window, the 2nd+ PR review in any consuming repo hits cache.
+          # See: src/entrypoints/run.ts in claude-code-action — `appendSystemPrompt:
+          # process.env.APPEND_SYSTEM_PROMPT` reads this var, threads it into the
+          # SDK's `systemPrompt.append`. Crucial: keep this content byte-stable
+          # across runs (no PR numbers, timestamps, SHAs) or the cache invalidates.
+          APPEND_SYSTEM_PROMPT: |
+            {{REVIEW_PROMPT}}
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           track_progress: true
+          # show_full_output: exposes cache_read_input_tokens /
+          # cache_creation_input_tokens in the run's result JSON so we can
+          # measure caching effectiveness post-rollout (per v0.6.3 plan).
+          show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md)"
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
-            {{REVIEW_PROMPT}}
+            Review this pull request following the discipline in your
+            system prompt — every rule about skill routing, comment
+            format, the strict-mode header, the two-surface review
+            shape, and the FIX-PUSH FLOW applies.
 
       # Strict-mode gate. Fails the check when the BASE ref's manifest
       # has { "strictMode": true } AND the latest clud-bug review's first
@@ -103,6 +130,6 @@ jobs:
       # Letting the action's own failure fail the check is louder and right.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.2
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.4
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}