clud-bug 0.6.3 → 0.6.5

package/lib/prompts.js

@@ -57,6 +57,32 @@ ${focusBullets}
 Skip style suggestions, minor naming issues, or anything that
 doesn't affect correctness, security, or performance.
 
+Section budgets (token-frugal review — v0.6.4+):
+The workflow sets env vars MAX_DIFF_BYTES / MAX_COMMENT_BYTES /
+MAX_SKILL_BYTES. When fetching content via the Bash tool, cap each
+section with \`head -c\` to keep your context lean. Caching covers
+the stable system-prompt prefix (you're reading it now) at 10% of
+standard input cost, but variable per-PR content is NOT cached, so
+size discipline on those fetches pays back directly.
+
+  - PR diff: \`gh pr diff "$PR_NUMBER" | head -c "$MAX_DIFF_BYTES"\`
+    (default 80,000 bytes — covers ~95% of real PRs unbruised). If
+    the output looks truncated mid-line, note it in your review and
+    request the omitted hunks via \`gh pr diff "$PR_NUMBER" --name-only\`
+    + a targeted re-fetch of the specific files that need scrutiny.
+
+  - Skill files: \`head -c "$MAX_SKILL_BYTES" .claude/skills/<name>/SKILL.md\`
+    per file (default 4,000 bytes). Baseline skills fit easily;
+    bloated user-added skills get truncated.
+
+  - PR comments: \`gh api "repos/$REPO_OWNER/$REPO_NAME/issues/$PR_NUMBER/comments?per_page=20" --jq '.[] | select(.user.login != "claude[bot]")' | head -c "$MAX_COMMENT_BYTES"\`
+    (default 20,000 bytes, 20 most-recent). Skips your own prior
+    comments — the FIX-PUSH FLOW handles those via reviewThreads
+    GraphQL instead.
+
+If you genuinely cannot review safely without the elided content,
+say so plainly in the summary comment instead of speculating.
+
 Skills are not background context — they are review rules with
 authority. Before flagging any finding, scan the loaded skills in
 .claude/skills/ for relevant guidance. If a skill applies, your
@@ -78,8 +104,8 @@ frontmatter at .claude/skills/<name>/SKILL.md. Two values:
 
 Before writing the review, scan each loaded skill's frontmatter
 (the first \`---\`-delimited block of its SKILL.md) to identify
-its review_mode. You can read them with:
-  cat .claude/skills/*/SKILL.md
+its review_mode. Read each one capped at MAX_SKILL_BYTES:
+  head -c "$MAX_SKILL_BYTES" .claude/skills/*/SKILL.md
 
 At the end of every review, append a single-line footer:
   Skills referenced: [skill-name-1, skill-name-2, ...]
@@ -186,6 +212,42 @@ On a first-time review, "resolved from prior" and "still
 open" are both 0. On follow-up reviews after a fix-push,
 "resolved from prior" should typically be positive.
 
+Stats header (required, immediately under **This round:**):
+Lead with ONE single-line stats header that uses severity emoji
+so agents re-reading this comment on a future review pass can
+triage at a glance (and skip parsing the body on the common
+zero-findings case). Three tiers:
+
+  🔴 important — bugs / security / perf / missing test coverage
+  🟡 nit       — minor suggestions, style nits, observations
+  🟣 pre-existing — issues that pre-date this PR (not its author's
+                    fault, but worth surfacing for awareness)
+
+Emit exactly this shape on the line immediately after **This round:**:
+
+  Found: N 🔴 / N 🟡 / N 🟣
+
+When all three are 0 the entire substantive body is optional —
+agents reading this header on a future re-review can stop here.
+
+Per-finding format (severity emoji + collapsible reasoning):
+Each finding in critical/minor/per-skill sections uses this
+write-time-compressed format. The summary line is the load-bearing
+claim; the long-form reasoning lives in a \`<details>\` block that
+humans expand inline (GitHub renders it natively) but future agent
+re-reads can skip token-cheaply.
+
+  🔴 [skill-name]: One-line claim (file:line).
+  <details><summary>Reasoning</summary>
+
+  Longer explanation: evidence anchors, suggested fix, edge cases.
+
+  </details>
+
+Use 🔴 for important findings (the ones strict-mode gates on),
+🟡 for nits, 🟣 for pre-existing issues. The severity emoji
+makes the finding's tier scannable without parsing prose.
+
 Per-skill scan block (required, immediately under the status line):
 After the **This round:** counters, emit a "### Per-skill scan"
 section with ONE line per loaded skill — even silent ones. This

package/lib/skills.js

@@ -537,6 +537,29 @@ export function selectReviewBody(comments, botLogin) {
 // passing — which is the right posture: if the bot didn't post a review
 // with the strict-mode header, there's nothing for the gate to fail on.
 // "Loud failure for missing manifest" is handled upstream in the composite.
+// Extract the v0.6.5+ stats header line "Found: N 🔴 / N 🟡 / N 🟣"
+// from a review comment body. Returns {important, nit, preExisting} when
+// found, null otherwise. The header lets agents reading the comment on a
+// re-review triage at a glance — on the common zero-findings case, the
+// header IS the entire substantive payload, so an ingest can short-circuit
+// without parsing the body.
+//
+// The match is intentionally permissive on whitespace around the slashes
+// and tolerates 1+ digits for each count. Severity emoji are matched
+// literally — a future bot revision that changes the emoji would break
+// this parser loudly, which is the intended behavior (catches drift).
+export function extractStatsHeader(comment) {
+  if (typeof comment !== 'string' || !comment) return null;
+  const re = /Found:\s*(\d+)\s*🔴\s*\/\s*(\d+)\s*🟡\s*\/\s*(\d+)\s*🟣/u;
+  const m = comment.match(re);
+  if (!m) return null;
+  return {
+    important: parseInt(m[1], 10),
+    nit: parseInt(m[2], 10),
+    preExisting: parseInt(m[3], 10),
+  };
+}
+
 export function isCriticalReviewHeader(headerLine) {
   if (typeof headerLine !== 'string') return false;
   return /Clud Bug review — critical findings/.test(headerLine);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clud-bug",
-  "version": "0.6.3",
+  "version": "0.6.5",
   "description": "Skill-driven Claude PR review. Ship a brand-voice skill, get brand reviews. Each finding cites the skill that motivated it. CLI installs the workflow + a baseline kit; add more from skills.sh.",
   "homepage": "https://cludbug.dev",
   "bugs": "https://github.com/thrillmade/clud-bug/issues",

package/templates/workflow-py.yml.tmpl

@@ -54,6 +54,12 @@ jobs:
         if: steps.guard.outputs.skip != 'true'
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO_OWNER: ${{ github.repository_owner }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          # Per-section byte budgets — see workflow.yml.tmpl for design notes.
+          MAX_DIFF_BYTES: '80000'
+          MAX_COMMENT_BYTES: '20000'
+          MAX_SKILL_BYTES: '4000'
           # Stable prefix → CLI auto-cached system layer (10% cost on hits).
           # See workflow.yml.tmpl for design notes.
           APPEND_SYSTEM_PROMPT: |
@@ -63,7 +69,7 @@ jobs:
           track_progress: true
           show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md)"
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
@@ -73,6 +79,6 @@ jobs:
       # Strict-mode gate — composite action; see workflow.yml.tmpl for design notes.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.3
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.5
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}

package/templates/workflow-ts.yml.tmpl

@@ -54,6 +54,12 @@ jobs:
         if: steps.guard.outputs.skip != 'true'
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO_OWNER: ${{ github.repository_owner }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          # Per-section byte budgets — see workflow.yml.tmpl for design notes.
+          MAX_DIFF_BYTES: '80000'
+          MAX_COMMENT_BYTES: '20000'
+          MAX_SKILL_BYTES: '4000'
           # Stable prefix → CLI auto-cached system layer (10% cost on hits).
           # See workflow.yml.tmpl for design notes.
           APPEND_SYSTEM_PROMPT: |
@@ -63,7 +69,7 @@ jobs:
           track_progress: true
           show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md)"
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
@@ -73,6 +79,6 @@ jobs:
       # Strict-mode gate — composite action; see workflow.yml.tmpl for design notes.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.3
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.5
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}

package/templates/workflow.yml.tmpl

@@ -80,6 +80,16 @@ jobs:
         if: steps.guard.outputs.skip != 'true'
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO_OWNER: ${{ github.repository_owner }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          # Per-section byte budgets (v0.6.4). The system-prompt instructs
+          # Claude to cap each per-PR input fetch with `head -c`. Caching
+          # covers the stable system prefix; capping covers the variable
+          # suffix (diff, comments, skills). Override per-repo by setting
+          # these env vars in the consuming workflow if defaults don't fit.
+          MAX_DIFF_BYTES: '80000'
+          MAX_COMMENT_BYTES: '20000'
+          MAX_SKILL_BYTES: '4000'
           # APPEND_SYSTEM_PROMPT lands inside the Claude Code CLI's auto-cached
           # system layer (system prompt, tools, conversation history). Anthropic
           # bills cached input tokens at 10% of standard input — within a 5-min
@@ -98,7 +108,7 @@ jobs:
           # measure caching effectiveness post-rollout (per v0.6.3 plan).
           show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md)"
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
@@ -120,6 +130,6 @@ jobs:
       # Letting the action's own failure fail the check is louder and right.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.3
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.5
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}