coderev-cli 1.0.20 → 1.0.22

package/README.md

@@ -736,6 +736,37 @@ coderev review --pr 42 --inline
 - 执行内容：对比 PR 的 diff → coderev 审查 → 结果回贴到 PR 评论
 - 效果：每个 PR 自动获得一份 AI 审查报告
 
+或使用 GitHub Actions Marketplace 中的 Action：
+
+```yaml
+steps:
+  - uses: jishuanjimingtian/coderev@v1
+    with:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+      api-key: ${{ secrets.DEEPSEEK_API_KEY }}
+```
+
+### GitLab CI
+
+使用 `coderev init --gitlab-ci` 一键生成配置，或直接将 `templates/.gitlab-ci.yml` 复制到项目根目录。
+
+**变量配置**（GitLab → Settings → CI/CD → Variables）：
+
+| 变量 | 必填 | 说明 |
+|------|------|------|
+| `DEEPSEEK_API_KEY` | ✅ | AI 提供商的 API Key |
+| `GITLAB_TOKEN` | 可选 | GitLab PAT（api scope），用于自动发布 MR 评论 |
+| `CODEREV_CONFIDENCE` | 可选 | 置信度阈值，默认 60 |
+| `CODEREV_MODE` | 可选 | 审查模式：full / security / bugs / quality |
+| `CODEREV_BLAME` | 可选 | 启用 git blame：true / false |
+| `CODEREV_BLOCK` | 可选 | 发现问题时阻塞 MR：true / false |
+
+**工作流过程**：
+1. MR 创建/更新时自动触发
+2. 生成 MR diff → coderev 3 Agent 并行审查
+3. 审查结果作为 MR 评论自动发布（需 GITLAB_TOKEN）
+4. 如开启 `CODEREV_BLOCK`，发现问题时 pipeline 失败
+
 ### 自定义 CI 集成
 
 在任意 CI 管道中：
@@ -805,6 +836,10 @@ A：可以，审查时加 `--no-cache` 参数即可跳过缓存。
 A：在 `.coderevrc.json` 的 `rules.custom` 数组中添加。详见上方「自定义规则」章节。
 
 ---
+## Contributing
+
+欢迎贡献！详见 [CONTRIBUTING.md](CONTRIBUTING.md)
+
 ## License
 
 MIT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coderev-cli",
-  "version": "1.0.20",
+  "version": "1.0.22",
   "description": "Multi-agent AI code review for git -- parallel agents with confidence scoring",
   "main": "src/index.js",
   "bin": {
@@ -35,6 +35,7 @@
   },
   "files": [
     "src/",
+    "templates/",
     "README.md",
     ".env.example"
   ],

package/src/cli.js

@@ -639,7 +639,9 @@ fi
 program
   .command('init')
   .description('Create a default coderev config file')
-  .action(() => {
+  .option('--gitlab-ci', 'Generate a .gitlab-ci.yml template for GitLab CI/CD review')
+  .option('--github-action', 'Generate a GitHub Actions workflow for PR review')
+  .action((options) => {
     const fs = require('fs');
     const path = require('path');
     const defaultConfig = {
@@ -708,6 +710,121 @@ build/
       fs.writeFileSync(hintPath, hintContent);
       console.log(chalk.green(`✔ Default .coderevhint created at ${hintPath}`));
     }
+
+    // --gitlab-ci: generate GitLab CI template
+    if (options.gitlabCi) {
+      const ciPath = path.join(process.cwd(), '.gitlab-ci.yml');
+      if (fs.existsSync(ciPath)) {
+        console.log(chalk.yellow(`⚠ .gitlab-ci.yml already exists. Skipping.`));
+      } else {
+        const templatePath = path.join(__dirname, '..', 'templates', '.gitlab-ci.yml');
+        if (fs.existsSync(templatePath)) {
+          fs.copyFileSync(templatePath, ciPath);
+          console.log(chalk.green(`✔ GitLab CI template created at ${ciPath}`));
+        } else {
+          // Fallback: inline the template content
+          const ciContent = `# coderev — Multi-Agent AI Code Review for GitLab CI
+# Quick start:
+#   1. Set CI variable DEEPSEEK_API_KEY in GitLab → Settings → CI/CD → Variables
+#   2. (Optional) Set GITLAB_TOKEN for auto-posting MR comments
+
+stages:
+  - review
+
+coderev-review:
+  stage: review
+  image: node:20-alpine
+  needs: []
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: never
+  before_script:
+    - npm install -g coderev-cli
+    - command -v git >/dev/null 2>&1 || apk add --no-cache git
+  script:
+    - |
+      if [ -n "$CI_MERGE_REQUEST_DIFF_BASE_SHA" ]; then
+        git diff $CI_MERGE_REQUEST_DIFF_BASE_SHA...$CI_COMMIT_SHA > /tmp/coderev-mr.diff
+      else
+        git diff HEAD~1 > /tmp/coderev-mr.diff
+      fi
+    - cat /tmp/coderev-mr.diff | coderev review --output markdown --ci --min-confidence 60 > /tmp/coderev-output.md
+    - cat /tmp/coderev-output.md
+  artifacts:
+    when: always
+    paths:
+      - /tmp/coderev-output.md
+    expire_in: 7 days
+`;
+          fs.writeFileSync(ciPath, ciContent);
+          console.log(chalk.green(`✔ GitLab CI template created at ${ciPath}`));
+        }
+      }
+      console.log(chalk.blue('  Next steps:'));
+      console.log(chalk.blue('  1. Go to GitLab → Settings → CI/CD → Variables'));
+      console.log(chalk.blue('  2. Add variable DEEPSEEK_API_KEY with your API key'));
+      console.log(chalk.blue('  3. (Optional) Add GITLAB_TOKEN with api scope for MR comments'));
+      console.log(chalk.blue('  4. Push to GitLab — coderev runs on every MR!'));
+    }
+
+    // --github-action: generate GitHub Actions workflow
+    if (options.githubAction) {
+      const gaDir = path.join(process.cwd(), '.github', 'workflows');
+      const gaPath = path.join(gaDir, 'coderev.yml');
+      if (fs.existsSync(gaPath)) {
+        console.log(chalk.yellow(`⚠ ${gaPath} already exists. Skipping.`));
+      } else {
+        const templatePath = path.join(__dirname, '..', 'templates', 'github-action.yml');
+        if (fs.existsSync(templatePath)) {
+          fs.mkdirSync(gaDir, { recursive: true });
+          fs.copyFileSync(templatePath, gaPath);
+          console.log(chalk.green(`✔ GitHub Actions workflow created at ${gaPath}`));
+        } else {
+          // Fallback: write minimal workflow
+          const gaContent = `name: coderev AI Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  coderev:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm install -g coderev-cli
+      - run: |
+          git diff \${{ github.event.pull_request.base.sha }}...\${{ github.event.pull_request.head.sha }} > /tmp/coderev-pr.diff
+      - env:
+          DEEPSEEK_API_KEY: \${{ secrets.DEEPSEEK_API_KEY }}
+        run: |
+          cat /tmp/coderev-pr.diff | coderev review --output markdown --ci --min-confidence 60 > /tmp/coderev-report.md
+      - uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: coderev-review
+          path: /tmp/coderev-report.md
+`;
+          fs.mkdirSync(gaDir, { recursive: true });
+          fs.writeFileSync(gaPath, gaContent);
+          console.log(chalk.green(`✔ GitHub Actions workflow created at ${gaPath}`));
+        }
+      }
+      console.log(chalk.blue('  Next steps:'));
+      console.log(chalk.blue('  1. Go to GitHub → Settings → Secrets and variables → Actions'));
+      console.log(chalk.blue('  2. Add secret DEEPSEEK_API_KEY with your API key'));
+      console.log(chalk.blue('  3. Push to GitHub — coderev reviews every PR!'));
+    }
   });
 
 // ── Serve (GitHub App) ────────────────────────────────────────────

package/templates/.gitlab-ci.yml

@@ -0,0 +1,134 @@
+# =============================================================================
+# coderev — Multi-Agent AI Code Review for GitLab CI
+# =============================================================================
+#
+# This template runs coderev on every merge request, using 3 parallel AI agents
+# (Security / Bug / Quality) with confidence scoring.
+#
+# QUICK START:
+#   1. Copy this file to your repo as .gitlab-ci.yml
+#   2. Set CI variable DEEPSEEK_API_KEY in GitLab → Settings → CI/CD → Variables
+#   3. (Optional) Set GITLAB_TOKEN for private repos or to post review comments
+#
+# VARIABLES (set in GitLab CI/CD Settings):
+#   DEEPSEEK_API_KEY  (required)  AI provider API key
+#   GITLAB_TOKEN       (optional) GitLab PAT for posting MR comments (api scope)
+#   CODEREV_PROVIDER   (optional) AI provider: deepseek | openai (default: deepseek)
+#   CODEREV_MODEL      (optional) Model name (default: deepseek-chat)
+#   CODEREV_CONFIDENCE (optional) Min confidence 0-100 (default: 60)
+#   CODEREV_MODE       (optional) Review mode: full | security | bugs | quality
+#   CODEREV_BLAME      (optional) Enable git blame: "true" | "false" (default: false)
+#   CODEREV_BLOCK      (optional) Block MR on issues: "true" | "false" (default: false)
+# =============================================================================
+
+stages:
+  - review
+
+coderev-review:
+  stage: review
+  image: node:20-alpine
+  needs: []
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: never
+  before_script:
+    # Install coderev and dependencies
+    - npm install -g coderev-cli
+    # Ensure git is configured for diff generation
+    - command -v git >/dev/null 2>&1 || apk add --no-cache git
+  script:
+    # ── Generate MR diff ──
+    - |
+      echo "📋 Generating diff for merge request..."
+      if [ -n "$CI_MERGE_REQUEST_DIFF_BASE_SHA" ]; then
+        git diff $CI_MERGE_REQUEST_DIFF_BASE_SHA...$CI_COMMIT_SHA > /tmp/coderev-mr.diff
+      elif [ -n "$CI_MERGE_REQUEST_TARGET_BRANCH_SHA" ]; then
+        git diff $CI_MERGE_REQUEST_TARGET_BRANCH_SHA...$CI_COMMIT_SHA > /tmp/coderev-mr.diff
+      else
+        echo "⚠️  Could not determine MR base. Reviewing working tree..."
+        git diff HEAD~1 > /tmp/coderev-mr.diff
+      fi
+      echo "Debug: Diff saved ($(wc -c < /tmp/coderev-mr.diff) bytes)"
+
+    # ── Build CLI args ──
+    - |
+      CODEREV_ARGS=""
+
+      # Output format
+      CODEREV_ARGS="$CODEREV_ARGS --output markdown"
+
+      # Provider
+      PROVIDER="${CODEREV_PROVIDER:-deepseek}"
+
+      # Mode filter
+      case "${CODEREV_MODE:-full}" in
+        security) CODEREV_ARGS="$CODEREV_ARGS --audit" ;;
+        bugs)     CODEREV_ARGS="$CODEREV_ARGS --agents bugs" ;;
+        quality)  CODEREV_ARGS="$CODEREV_ARGS --agents quality" ;;
+      esac
+
+      # Confidence threshold
+      CONFIDENCE="${CODEREV_CONFIDENCE:-60}"
+      CODEREV_ARGS="$CODEREV_ARGS --min-confidence $CONFIDENCE"
+
+      # Git blame
+      if [ "${CODEREV_BLAME:-false}" = "true" ]; then
+        CODEREV_ARGS="$CODEREV_ARGS --blame"
+      fi
+
+      # CI mode (block MR on issues)
+      if [ "${CODEREV_BLOCK:-false}" = "true" ]; then
+        CODEREV_ARGS="$CODEREV_ARGS --ci"
+      fi
+
+    # ── Run coderev ──
+    - |
+      echo "🔍 Running coderev multi-agent review..."
+      export DEEPSEEK_API_KEY="${DEEPSEEK_API_KEY}"
+      export OPENAI_API_KEY="${OPENAI_API_KEY:-$DEEPSEEK_API_KEY}"
+      cat /tmp/coderev-mr.diff | coderev review $CODEREV_ARGS > /tmp/coderev-output.md 2>/tmp/coderev-stderr.txt
+      REVIEW_EXIT_CODE=$?
+      echo "Debug: review exit code = $REVIEW_EXIT_CODE"
+
+    # ── Post review as MR comment (if GITLAB_TOKEN is set) ──
+    - |
+      if [ -n "$GITLAB_TOKEN" ] && [ -n "$CI_MERGE_REQUEST_IID" ]; then
+        echo "💬 Posting review comment to MR !$CI_MERGE_REQUEST_IID ..."
+
+        # Read and escape the review output for JSON
+        REVIEW_BODY=$(cat /tmp/coderev-output.md | python3 -c "import sys,json; print(json.dumps(sys.stdin.read()))" 2>/dev/null || \
+                      node -e "const fs=require('fs');console.log(JSON.stringify(fs.readFileSync('/tmp/coderev-output.md','utf8')))")
+
+        # Post via GitLab API
+        curl -s -X POST \
+          "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests/${CI_MERGE_REQUEST_IID}/notes" \
+          --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" \
+          --header "Content-Type: application/json" \
+          --data "{\"body\": $REVIEW_BODY}" \
+          > /tmp/coderev-post-response.json 2>/tmp/coderev-curl-stderr.txt
+
+        if [ $? -eq 0 ]; then
+          echo "✅ Review comment posted to MR !$CI_MERGE_REQUEST_IID"
+        else
+          echo "⚠️  Failed to post comment (check GITLAB_TOKEN scope: api)"
+        fi
+      else
+        echo "ℹ️  GITLAB_TOKEN not set — skipping MR comment. Review output:"
+        cat /tmp/coderev-output.md
+      fi
+
+    # ── Exit with review status (CI mode) ──
+    - |
+      if [ "${CODEREV_BLOCK:-false}" = "true" ] && [ $REVIEW_EXIT_CODE -ne 0 ]; then
+        echo "🚫 Issues found! Blocking MR. Fix issues or lower CODEREV_CONFIDENCE."
+        exit 1
+      fi
+      echo "✅ coderev review complete."
+
+  artifacts:
+    when: always
+    paths:
+      - /tmp/coderev-output.md
+      - /tmp/coderev-stderr.txt
+    expire_in: 7 days

package/templates/github-action.yml

@@ -0,0 +1,143 @@
+# coderev — Multi-Agent AI Code Review for GitHub Actions
+# Quick start:
+#   1. Copy this file to .github/workflows/coderev.yml
+#      Or run: npx coderev-cli init --github-action
+#   2. Set Secrets: DEEPSEEK_API_KEY in Settings → Secrets and variables → Actions
+#   3. (Optional) Set GITHUB_TOKEN is auto-provided, no setup needed
+#
+# Usage:
+#   - Review on every PR: default trigger
+#   - Block merging on issues: enable CODEREV_BLOCK or comment with coderev status
+#
+# Variables (set in workflow or as env):
+#   CODEREV_PROVIDER     AI provider (default: deepseek)
+#   CODEREV_MODEL        Model name (default: deepseek-chat)
+#   CODEREV_CONFIDENCE   Minimum confidence 0-100 (default: 60)
+#   CODEREV_BLOCK        Block PR on issues (default: false)
+#   CODEREV_BLAME        Enable git blame context (default: false)
+#   CODEREV_MODE         Review mode: comment | check (default: comment)
+
+name: coderev AI Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: 'Git ref to review (branch/commit)'
+        required: false
+
+permissions:
+  contents: read
+  pull-requests: write
+  checks: write
+
+jobs:
+  coderev:
+    name: AI Code Review
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install coderev
+        run: npm install -g coderev-cli
+
+      - name: Generate diff
+        id: diff
+        run: |
+          if [ -n "${{ github.event.pull_request.base.sha }}" ]; then
+            git diff ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} > /tmp/coderev-pr.diff
+          else
+            git diff HEAD~1 > /tmp/coderev-pr.diff
+          fi
+          echo "Diff size: $(wc -c < /tmp/coderev-pr.diff) bytes"
+
+      - name: Run coderev review
+        id: review
+        env:
+          DEEPSEEK_API_KEY: ${{ secrets.DEEPSEEK_API_KEY }}
+          CODEREV_PROVIDER: ${{ env.CODEREV_PROVIDER || 'deepseek' }}
+          CODEREV_MODEL: ${{ env.CODEREV_MODEL || 'deepseek-chat' }}
+        run: |
+          BLAME_FLAG=""
+          if [ "${{ env.CODEREV_BLAME || 'false' }}" = "true" ]; then
+            BLAME_FLAG="--blame"
+          fi
+
+          cat /tmp/coderev-pr.diff | coderev review \
+            --output markdown \
+            --ci $BLAME_FLAG \
+            --min-confidence ${{ env.CODEREV_CONFIDENCE || '60' }} \
+            > /tmp/coderev-report.md 2>/tmp/coderev-stderr.log
+
+          echo "Exit code: $?"
+
+      - name: Post review as PR comment
+        if: github.event_name == 'pull_request' && env.CODEREV_MODE != 'check'
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: coderev-review
+          path: /tmp/coderev-report.md
+
+      - name: Post review as GitHub Check
+        if: env.CODEREV_MODE == 'check'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const report = fs.readFileSync('/tmp/coderev-report.md', 'utf8');
+
+            // Parse score from report
+            const scoreMatch = report.match(/\*\*Score:\*\*\s*(\d+)\/100/);
+            const score = scoreMatch ? parseInt(scoreMatch[1]) : 0;
+            const conclusion = score >= 80 ? 'success' : score >= 50 ? 'neutral' : 'failure';
+
+            // Count issues
+            const issueMatches = report.match(/\*\*ERROR\*\*/g);
+            const warnMatches = report.match(/\*\*WARNING\*\*/g);
+
+            await github.rest.checks.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              name: 'coderev AI Review',
+              head_sha: context.payload.pull_request?.head?.sha || context.sha,
+              status: 'completed',
+              conclusion: conclusion,
+              output: {
+                title: `Code Review: ${score}/100`,
+                summary: report.substring(0, 65535),
+                annotations: []
+              }
+            });
+
+      - name: Block on issues (optional)
+        if: env.CODEREV_BLOCK == 'true'
+        run: |
+          SCORE=$(grep -oP '\*\*Score:\*\*\s*\K\d+' /tmp/coderev-report.md || echo 0)
+          if [ "$SCORE" -lt 60 ]; then
+            echo "⛔ Score $SCORE/100 below threshold (60). Blocking PR."
+            cat /tmp/coderev-report.md
+            exit 1
+          fi
+          echo "✅ Score $SCORE/100 — passed."
+
+      - name: Upload review artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: coderev-report
+          path: |
+            /tmp/coderev-report.md
+            /tmp/coderev-stderr.log
+          retention-days: 7