clud-bug 0.6.7 → 0.6.10

package/lib/prompts.js

@@ -65,11 +65,50 @@ the stable system-prompt prefix (you're reading it now) at 10% of
 standard input cost, but variable per-PR content is NOT cached, so
 size discipline on those fetches pays back directly.
 
-  - PR diff: \`gh pr diff "$PR_NUMBER" | head -c "$MAX_DIFF_BYTES"\`
-    (default 80,000 bytes — covers ~95% of real PRs unbruised). If
-    the output looks truncated mid-line, note it in your review and
-    request the omitted hunks via \`gh pr diff "$PR_NUMBER" --name-only\`
-    + a targeted re-fetch of the specific files that need scrutiny.
+  - PR diff (incremental on fix-push — v0.6.10+):
+    On a re-review (not first pass), fetch only the delta between
+    your prior pass and HEAD instead of the full PR. The handshake
+    state lives in your PRIOR SUMMARY COMMENT as an HTML marker:
+    \`<!-- last-reviewed-sha: <sha> -->\`.
+
+    CRITICAL — identifying the PRIOR SUMMARY (not the progress comment):
+    \`anthropics/claude-code-action\` posts an in-progress
+    \`[claude]: Claude Code is working…\` comment BEFORE this prompt
+    runs. That comment IS authored by claude[bot] but is NOT your
+    prior summary — it has no marker. Walking "the LAST claude[bot]
+    comment" would always land on the progress comment and the
+    handshake would never fire. Instead, identify the prior summary
+    by its HEADER LINE: it begins with \`## 🐛 Clud Bug review\`
+    (same anchor the strict-mode gate uses for classification).
+
+    Detection in three steps:
+
+      1. Fetch claude[bot] comments newest-first:
+         \`gh api "repos/$REPO_OWNER/$REPO_NAME/issues/$PR_NUMBER/comments?per_page=100&sort=created&direction=desc"\`
+         Walk them in order; find the FIRST whose body starts
+         (after any \`**Claude finished …**\` preamble the action
+         prepends) with \`## 🐛 Clud Bug review\`. THAT is your prior
+         summary. In its body, look for \`last-reviewed-sha: <sha>\`.
+
+      2. If a SHA was found, verify it's still in HEAD's ancestry:
+         \`git merge-base --is-ancestor <prior_sha> $HEAD_SHA\`
+         (exit 0 = yes, ancestry intact; non-zero = rebased/force-pushed).
+
+      3. Branch:
+           - Marker present AND ancestor intact (well-behaved fix-push):
+             \`git diff <prior_sha>..$HEAD_SHA | head -c "$MAX_DIFF_BYTES"\`
+           - Marker missing OR not an ancestor (first review or rebase):
+             \`gh pr diff "$PR_NUMBER" | head -c "$MAX_DIFF_BYTES"\`
+
+    Default cap is 80,000 bytes — covers ~95% of real PRs unbruised.
+    If output looks truncated mid-line, request the omitted hunks via
+    \`gh pr diff "$PR_NUMBER" --name-only\` + a targeted re-fetch.
+
+    Edge case — span check: if a delta-review surfaces a finding that
+    might affect unchanged code outside the delta (a fix-push edits a
+    function whose callers were fine in the prior pass), do a one-time
+    \`gh pr diff "$PR_NUMBER"\` to confirm before flagging. The
+    incremental view is for fast re-confirmation, not for blind trust.
 
   - Skill files: \`head -c "$MAX_SKILL_BYTES" .claude/skills/<name>/SKILL.md\`
     per file (default 4,000 bytes). Baseline skills fit easily;
@@ -112,6 +151,20 @@ At the end of every review, append a single-line footer:
 If you genuinely cited none, list "[none]" and explain why no
 installed skill applied to this diff.
 
+Incremental-diff handshake (v0.6.10+) — emit the SHA marker:
+At the very end of the summary comment (after the Skills-referenced
+footer, on its own line), append the HTML marker that the next
+review pass will read to decide between full-diff vs incremental:
+
+  <!-- last-reviewed-sha: $HEAD_SHA -->
+
+(\`$HEAD_SHA\` is provided via the workflow env block; literal value
+goes in the comment, not the variable name.) The marker is silent
+to human readers (HTML comment) but load-bearing for cost: every
+subsequent fix-push review re-fetches only the delta since this
+SHA instead of the full PR. If you omit the marker, the next
+review falls back to a full \`gh pr diff\` — correct but wasteful.
+
 Strict-mode header (opt-in): if .claude/skills/.clud-bug.json
 contains { "strictMode": true }, the comment header you post
 MUST signal whether you flagged a critical issue:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clud-bug",
-  "version": "0.6.7",
+  "version": "0.6.10",
   "description": "Skill-driven Claude PR review. Ship a brand-voice skill, get brand reviews. Each finding cites the skill that motivated it. CLI installs the workflow + a baseline kit; add more from skills.sh.",
   "homepage": "https://cludbug.dev",
   "bugs": "https://github.com/thrillmade/clud-bug/issues",

package/templates/workflow-py.yml.tmpl

@@ -56,10 +56,14 @@ jobs:
           PR_NUMBER: ${{ github.event.pull_request.number }}
           REPO_OWNER: ${{ github.repository_owner }}
           REPO_NAME: ${{ github.event.repository.name }}
+          # HEAD_SHA (v0.6.10+) — see workflow.yml.tmpl for design notes.
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
           # Per-section byte budgets — see workflow.yml.tmpl for design notes.
           MAX_DIFF_BYTES: '80000'
           MAX_COMMENT_BYTES: '20000'
           MAX_SKILL_BYTES: '4000'
+          # Thinking-budget cap (v0.6.8) — see workflow.yml.tmpl for design notes.
+          MAX_THINKING_TOKENS: '8000'
           # Stable prefix → CLI auto-cached system layer (10% cost on hits).
           # See workflow.yml.tmpl for design notes.
           APPEND_SYSTEM_PROMPT: |
@@ -69,7 +73,8 @@ jobs:
           track_progress: true
           show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
+            --max-turns 15
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(git diff:*),Bash(git merge-base:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
@@ -79,6 +84,6 @@ jobs:
       # Strict-mode gate — composite action; see workflow.yml.tmpl for design notes.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.7
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.10
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}

package/templates/workflow-ts.yml.tmpl

@@ -56,10 +56,14 @@ jobs:
           PR_NUMBER: ${{ github.event.pull_request.number }}
           REPO_OWNER: ${{ github.repository_owner }}
           REPO_NAME: ${{ github.event.repository.name }}
+          # HEAD_SHA (v0.6.10+) — see workflow.yml.tmpl for design notes.
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
           # Per-section byte budgets — see workflow.yml.tmpl for design notes.
           MAX_DIFF_BYTES: '80000'
           MAX_COMMENT_BYTES: '20000'
           MAX_SKILL_BYTES: '4000'
+          # Thinking-budget cap (v0.6.8) — see workflow.yml.tmpl for design notes.
+          MAX_THINKING_TOKENS: '8000'
           # Stable prefix → CLI auto-cached system layer (10% cost on hits).
           # See workflow.yml.tmpl for design notes.
           APPEND_SYSTEM_PROMPT: |
@@ -69,7 +73,8 @@ jobs:
           track_progress: true
           show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
+            --max-turns 15
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(git diff:*),Bash(git merge-base:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
@@ -79,6 +84,6 @@ jobs:
       # Strict-mode gate — composite action; see workflow.yml.tmpl for design notes.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.7
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.10
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}

package/templates/workflow.yml.tmpl

@@ -82,6 +82,12 @@ jobs:
           PR_NUMBER: ${{ github.event.pull_request.number }}
           REPO_OWNER: ${{ github.repository_owner }}
           REPO_NAME: ${{ github.event.repository.name }}
+          # HEAD_SHA (v0.6.10+) — emitted as `<!-- last-reviewed-sha: ... -->`
+          # marker at the end of every summary comment. The next review pass
+          # reads the marker and switches `gh pr diff` (full) → `git diff
+          # <prior_sha>..HEAD` (delta) when the SHA is still in HEAD's
+          # ancestry. Fix-push reviews ingest only the new bytes.
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
           # Per-section byte budgets (v0.6.4). The system-prompt instructs
           # Claude to cap each per-PR input fetch with `head -c`. Caching
           # covers the stable system prefix; capping covers the variable
@@ -90,6 +96,13 @@ jobs:
           MAX_DIFF_BYTES: '80000'
           MAX_COMMENT_BYTES: '20000'
           MAX_SKILL_BYTES: '4000'
+          # MAX_THINKING_TOKENS caps Claude Code's extended-thinking budget per
+          # turn. Anthropic docs (v0.6.8): "For simpler tasks where deep reasoning
+          # isn't needed, you can reduce costs by lowering MAX_THINKING_TOKENS=8000."
+          # PR review needs some reasoning but not unbounded; default budget is
+          # tens of thousands of tokens. 8000 is the Anthropic-recommended cap
+          # for review-shaped tasks.
+          MAX_THINKING_TOKENS: '8000'
           # APPEND_SYSTEM_PROMPT lands inside the Claude Code CLI's auto-cached
           # system layer (system prompt, tools, conversation history). Anthropic
           # bills cached input tokens at 10% of standard input — within a 5-min
@@ -108,7 +121,8 @@ jobs:
           # measure caching effectiveness post-rollout (per v0.6.3 plan).
           show_full_output: true
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
+            --max-turns 15
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api graphql:*),Bash(gh api repos/:*),Bash(git show:*),Bash(git diff:*),Bash(git merge-base:*),Bash(cat .claude/skills/.clud-bug.json),Bash(cat .claude/skills/*/SKILL.md),Bash(head:*)"
           prompt: |
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
@@ -130,6 +144,6 @@ jobs:
       # Letting the action's own failure fail the check is louder and right.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.7
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.10
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}