agentic-factory 0.1.0__tar.gz

agentic_factory-0.1.0/.claude/hooks/auto-commit.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+# Auto-commit hook: commits and pushes changes when Claude stops
+# Uses Claude CLI to generate commit messages
+# Exit code 2 = blocking (Claude will respond to fix issues)
+
+HOOK_LOG="${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/hook-debug.log"
+debuglog() {
+    echo "[auto-commit] $(date '+%Y-%m-%d %H:%M:%S') $1" >> "$HOOK_LOG"
+}
+debuglog "=== HOOK STARTED (pid=$$) ==="
+
+# Guard against infinite loop
+if [ -n "$CLAUDE_HOOK_RUNNING" ]; then
+    echo "[auto-commit] Skipping (already in hook)" >&2
+    debuglog "Skipping (CLAUDE_HOOK_RUNNING already set)"
+    exit 0
+fi
+export CLAUDE_HOOK_RUNNING=1
+
+cd "$CLAUDE_PROJECT_DIR"
+
+# Check for uncommitted changes
+if [ -z "$(git status --porcelain)" ]; then
+    echo "[auto-commit] No changes to commit" >&2
+    debuglog "No changes to commit (exit 0)"
+    exit 0
+fi
+
+echo "[auto-commit] Detected uncommitted changes" >&2
+
+# Stage all changes
+git add -A
+
+# Get diff for commit message generation
+diff_summary=$(git diff --cached --stat)
+changed_files=$(git diff --cached --name-only | head -10 | tr '\n' ', ')
+
+echo "[auto-commit] Generating commit message..." >&2
+
+# Try Claude for commit message, fallback to simple message
+commit_msg=$(echo "$diff_summary" | claude -p "Generate a concise git commit message (max 72 chars first line) for these changes. Output ONLY the commit message, no quotes or explanation:" --model sonnet 2>/dev/null) || {
+    commit_msg="WIP: ${changed_files%, }"
+    echo "[auto-commit] Using fallback commit message" >&2
+}
+
+echo "[auto-commit] Committing: $commit_msg" >&2
+
+# Commit (no GPG sign to avoid timeout in automated contexts)
+commit_output=$(git commit --no-gpg-sign -m "$commit_msg
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>" 2>&1) || {
+    echo "" >&2
+    echo "[auto-commit] Pre-commit hook failed:" >&2
+    echo "$commit_output" >&2
+    echo "" >&2
+    echo "Please fix the issues above." >&2
+    exit 2
+}
+
+echo "[auto-commit] Commit successful" >&2
+
+echo "[auto-commit] Pushing to origin..." >&2
+push_output=$(git push -u origin HEAD 2>&1) || {
+    echo "[auto-commit] Push failed: $push_output" >&2
+    echo "[auto-commit] You may need to pull first" >&2
+    exit 0
+}
+
+echo "[auto-commit] Push successful" >&2
+debuglog "=== HOOK FINISHED — push successful (exit 0) ==="
+exit 0

agentic_factory-0.1.0/.claude/hooks/per-edit-fix.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# Per-edit hook: runs fast auto-fixers on changed Python files
+# Triggered by PostToolUse on Edit|Write
+# Exit 0 = success (fixes applied silently)
+# Exit 2 = unfixable issues fed back to Claude
+
+INPUT=$(cat)
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.filePath // empty')
+
+# Only process Python files
+if [[ -z "$FILE_PATH" ]] || [[ "$FILE_PATH" != *.py ]]; then
+    exit 0
+fi
+
+# Verify file exists
+if [[ ! -f "$FILE_PATH" ]]; then
+    exit 0
+fi
+
+ERRORS=""
+
+# 1. Ruff lint with auto-fix (safe fixes only)
+LINT_OUTPUT=$(uv run --no-sync ruff check --fix --quiet "$FILE_PATH" 2>&1)
+LINT_EXIT=$?
+if [ $LINT_EXIT -ne 0 ]; then
+    REMAINING=$(uv run --no-sync ruff check --quiet "$FILE_PATH" 2>&1)
+    if [ -n "$REMAINING" ]; then
+        ERRORS="${ERRORS}LINT (ruff):\n${REMAINING}\n\n"
+    fi
+fi
+
+# 2. Ruff format (always auto-fixes)
+uv run --no-sync ruff format --quiet "$FILE_PATH" 2>&1
+
+# 3. Codespell with auto-fix
+SPELL_OUTPUT=$(uv run --no-sync codespell --quiet-level=2 "$FILE_PATH" 2>&1)
+if [ -n "$SPELL_OUTPUT" ]; then
+    uv run --no-sync codespell --write-changes --quiet-level=2 "$FILE_PATH" 2>/dev/null
+    REMAINING=$(uv run --no-sync codespell --quiet-level=2 "$FILE_PATH" 2>&1)
+    if [ -n "$REMAINING" ]; then
+        ERRORS="${ERRORS}SPELLING (codespell):\n${REMAINING}\n\n"
+    fi
+fi
+
+# Report unfixable issues back to Claude
+if [ -n "$ERRORS" ]; then
+    echo -e "Per-edit check found issues in ${FILE_PATH}:\n${ERRORS}" >&2
+    exit 2
+fi
+
+exit 0

agentic_factory-0.1.0/.claude/hooks/quality-gate.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+# Quality gate hook for Claude Code Stop event
+# Fail-fast: stops at the first failing check, outputs its full stderr/stdout.
+# Exit 2 feeds stderr to Claude for automatic fixing.
+
+set -o pipefail
+
+HOOK_LOG="${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/hook-debug.log"
+debuglog() {
+    echo "[quality-gate] $(date '+%Y-%m-%d %H:%M:%S') $1" >> "$HOOK_LOG"
+}
+debuglog "=== HOOK STARTED (pid=$$) ==="
+
+# Per-tool diagnostic hints for Claude auto-fix.
+# Uses a function instead of associative arrays for bash 3.x compatibility (macOS).
+get_hint() {
+    case "$1" in
+        pytest)      echo "Read the failing test file and the source it tests. Run 'uv run --no-sync pytest path/to/test_file.py::TestClass::test_name -x --tb=long' to see the full traceback. Fix the source code, not the test, unless the test itself is wrong." ;;
+        coverage)    echo "Run 'uv run --no-sync pytest --cov=src/ --cov-report=term-missing' to see which lines are uncovered. Add tests for the uncovered code paths." ;;
+        "ruff check") echo "Run 'uv run --no-sync ruff check src/ tests/ --output-format=full' for detailed explanations. Most issues are auto-fixable with 'uv run --no-sync ruff check --fix'. Read the file at the reported line before editing." ;;
+        "ruff format") echo "Run 'uv run --no-sync ruff format src/ tests/' to auto-fix all formatting issues." ;;
+        codespell)   echo "Fix the typo in the reported file at the reported location. Run 'uv run --no-sync codespell --write-changes FILE' to auto-fix if possible." ;;
+        pyright)     echo "Read the file at the reported line number. Check type annotations, imports, and function signatures. Run 'uv run --no-sync pyright src/path/to/file.py' to re-check a single file after fixing." ;;
+        bandit)      echo "Read the flagged code. Common fixes: use 'secrets' module instead of random for security, avoid shell=True in subprocess calls, use parameterized queries for SQL." ;;
+        vulture)     echo "The reported code is detected as unused (dead code). Read the file to verify it is truly unused. If it is, delete it. If it's used dynamically (e.g. via getattr or as a public API), add it to a vulture whitelist." ;;
+        xenon)       echo "The reported function has cyclomatic complexity grade D or worse (CC > 15). Read the function and extract helper functions to reduce branching." ;;
+        refurb)      echo "Run 'uv run --no-sync refurb --explain ERRCODE' to understand the suggested modernization. These are usually simple one-line replacements." ;;
+        interrogate) echo "The reported module or function is missing a docstring. Add a one-line docstring to each flagged public function/class/module." ;;
+        style-guide) echo "CLI output formatting must follow the style guide: section headings use emoji + click.style(ALL CAPS text, fg=COLOR, bold=True). No ASCII splitter lines." ;;
+        *)           echo "" ;;
+    esac
+}
+
+fail() {
+    local name="$1"
+    local cmd="$2"
+    local output="$3"
+    local hint
+    hint=$(get_hint "$name")
+
+    echo "" >&2
+    echo "QUALITY GATE FAILED [$name]:" >&2
+    echo "Command: $cmd" >&2
+    echo "" >&2
+    echo "$output" >&2
+    echo "" >&2
+    if [ -n "$hint" ]; then
+        echo "Hint: $hint" >&2
+        echo "" >&2
+    fi
+    echo "ACTION REQUIRED: You MUST fix the issue shown above. Do NOT stop or explain — read the failing file, edit the source code to resolve it, and the quality gate will re-run automatically." >&2
+    debuglog "=== FAILED: $name ==="
+    exit 2
+}
+
+run_check() {
+    local name="$1"; shift
+    local cmd="$*"
+    debuglog "Running $name..."
+    OUTPUT=$("$@" 2>&1) || fail "$name" "$cmd" "$OUTPUT"
+}
+
+run_check_nonempty() {
+    local name="$1"; shift
+    local cmd="$*"
+    debuglog "Running $name..."
+    OUTPUT=$("$@" 2>&1)
+    [ -n "$OUTPUT" ] && fail "$name" "$cmd" "$OUTPUT"
+}
+
+# Sync dependencies once upfront
+uv sync --dev --quiet
+
+# Checks ordered by speed and likelihood of failure.
+# [check:pytest]
+run_check        "pytest"         uv run --no-sync pytest -x --tb=short
+# [check:coverage]
+run_check        "coverage"       uv run --no-sync pytest --cov=src/ --cov-report=term --cov-fail-under=60 -q
+# [check:ruff-lint]
+run_check        "ruff check"     uv run --no-sync ruff check src/ tests/
+# [check:ruff-format]
+run_check        "ruff format"    uv run --no-sync ruff format --check src/ tests/
+# [check:codespell]
+run_check_nonempty "codespell"   uv run --no-sync codespell src/ tests/
+# [check:pyright]
+run_check        "pyright"        uv run --no-sync pyright src/
+# [check:bandit]
+run_check        "bandit"         uv run --no-sync bandit -r src/ -q -ll
+# [check:vulture]
+run_check_nonempty "vulture"      uv run --no-sync vulture src/ --min-confidence 80
+# [check:xenon]
+run_check        "xenon"          uv run --no-sync xenon --max-absolute C --max-modules A --max-average A src/
+# [check:refurb]
+run_check_nonempty "refurb"       uv run --no-sync refurb src/ --python-version 3.12
+# [check:interrogate]
+run_check        "interrogate"    uv run --no-sync interrogate src/ -v --fail-under 50 -e tests/
+# [check:style-guide]
+run_check        "style-guide"    "${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/style-guide-check.sh"
+
+debuglog "=== ALL CHECKS PASSED ==="
+exit 0

agentic_factory-0.1.0/.claude/hooks/session-start.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# Session start hook: dependency hygiene checks
+# Runs once when a Claude Code session begins
+# Non-blocking — reports issues but doesn't prevent session start
+
+cd "${CLAUDE_PROJECT_DIR:-.}"
+
+WARNINGS=""
+
+# 1. Dependency hygiene (deptry) — find unused/missing/transitive deps
+DEPTRY_OUTPUT=$(uv run --no-sync deptry . 2>&1)
+DEPTRY_EXIT=$?
+if [ $DEPTRY_EXIT -ne 0 ]; then
+    WARNINGS="${WARNINGS}DEPENDENCY ISSUES (deptry):\n${DEPTRY_OUTPUT}\n\n"
+fi
+
+if [ -n "$WARNINGS" ]; then
+    echo -e "Session start checks found issues:\n${WARNINGS}" >&2
+    echo "These are non-blocking warnings. Consider fixing them during this session." >&2
+    exit 0
+fi
+
+exit 0

agentic_factory-0.1.0/.claude/hooks/style-guide-check.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+# Style guide check for CLI output formatting.
+# Only applies to files using click for CLI output.
+#
+# Rules:
+#   1. No ASCII art splitter lines (===, ---, ***) in click.echo/print calls
+#   2. Section headings must use click.style() with bold=True and a color
+#   3. Section headings should include an emoji
+
+set -euo pipefail
+
+SRC_DIR="${CLAUDE_PROJECT_DIR:-$(git rev-parse --show-toplevel)}/src/"
+
+# Find all Python files that use click
+CLI_FILES=()
+while IFS= read -r -d '' f; do
+    if grep -qE '(import click|from click)' "$f" 2>/dev/null; then
+        CLI_FILES+=("$f")
+    fi
+done < <(find "$SRC_DIR" -name '*.py' -print0 2>/dev/null)
+
+# Exit cleanly if no click-using files found
+[ ${#CLI_FILES[@]} -eq 0 ] && exit 0
+
+ERRORS=()
+
+for f in "${CLI_FILES[@]}"; do
+    [ -f "$f" ] || continue
+    basename=$(basename "$f")
+
+    # Rule 1: No ASCII splitter lines in echo/print calls
+    while IFS= read -r match; do
+        ERRORS+=("$basename: ASCII splitter line detected — use emoji + click.style(ALL CAPS, bold=True) instead: $match")
+    done < <(grep -nE '(echo|print)\(.*"[=\-\*]{3,}' "$f" 2>/dev/null || true)
+
+    # Rule 2: Section heading echo() calls should use click.style with bold
+    while IFS= read -r match; do
+        if echo "$match" | grep -q 'click\.style'; then
+            continue
+        fi
+        ERRORS+=("$basename: Unstyled ALL-CAPS heading — wrap with click.style(..., bold=True, fg=COLOR): $match")
+    done < <(grep -nE 'click\.echo\("[^"]*[A-Z]{3,}[^"]*"\)' "$f" 2>/dev/null || true)
+done
+
+if [ ${#ERRORS[@]} -gt 0 ]; then
+    echo "STYLE GUIDE VIOLATIONS:" >&2
+    echo "" >&2
+    for err in "${ERRORS[@]}"; do
+        echo "  - $err" >&2
+    done
+    echo "" >&2
+    echo "Design rules: Section headings must use emoji + click.style(ALL CAPS text, fg=COLOR, bold=True). No ASCII splitter lines (===, ---, ***)." >&2
+    exit 2
+fi
+
+exit 0

agentic_factory-0.1.0/.claude/settings.json

@@ -0,0 +1,47 @@
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": ".claude/hooks/session-start.sh",
+            "timeout": 30
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": ".claude/hooks/per-edit-fix.sh",
+            "timeout": 30
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": ".claude/hooks/quality-gate.sh",
+            "timeout": 120
+          }
+        ]
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": ".claude/hooks/auto-commit.sh",
+            "timeout": 60
+          }
+        ]
+      }
+    ]
+  }
+}

agentic_factory-0.1.0/.github/actions/run-agent/action.yaml

@@ -0,0 +1,190 @@
+name: "Run Agent"
+description: "Run an AI agent CLI tool with configurable options"
+
+inputs:
+  tool:
+    description: "CLI tool to use: claude-code, opencode, pi-coding-agent"
+    required: true
+  prompt:
+    description: "The task prompt"
+    required: true
+  system-prompt:
+    description: "System prompt / persona"
+    required: false
+    default: ""
+  model:
+    description: "Model to use (tool-specific)"
+    required: false
+    default: ""
+  max-turns:
+    description: "Max agentic turns"
+    required: false
+    default: "10"
+  allowed-tools:
+    description: "Auto-approved tools (comma-separated)"
+    required: false
+    default: "Read,Glob,Grep,WebSearch,WebFetch"
+  timeout-minutes:
+    description: "Hard timeout in minutes"
+    required: false
+    default: "15"
+  post-to:
+    description: "Where to post results: issue, pr, none"
+    required: false
+    default: "none"
+  post-number:
+    description: "Issue/PR number to comment on"
+    required: false
+    default: ""
+
+outputs:
+  result:
+    description: "Agent output"
+    value: ${{ steps.run.outputs.result }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Run agent
+      id: run
+      shell: bash
+      env:
+        TOOL: ${{ inputs.tool }}
+        PROMPT: ${{ inputs.prompt }}
+        SYSTEM_PROMPT: ${{ inputs.system-prompt }}
+        MODEL: ${{ inputs.model }}
+        MAX_TURNS: ${{ inputs.max-turns }}
+        ALLOWED_TOOLS: ${{ inputs.allowed-tools }}
+        TIMEOUT_MINUTES: ${{ inputs.timeout-minutes }}
+      run: |
+        set +e
+        OUTPUT_FILE="${RUNNER_TEMP}/agent-output.txt"
+        TIMEOUT_SECONDS=$((TIMEOUT_MINUTES * 60))
+
+        # Build command based on tool
+        case "${TOOL}" in
+          claude-code)
+            CMD="claude"
+            ARGS="-p"
+            if [ -n "${SYSTEM_PROMPT}" ]; then
+              ARGS="${ARGS} --system-prompt \"${SYSTEM_PROMPT}\""
+            fi
+            if [ -n "${MODEL}" ]; then
+              ARGS="${ARGS} --model ${MODEL}"
+            fi
+            ARGS="${ARGS} --max-turns ${MAX_TURNS}"
+            ARGS="${ARGS} --allowedTools ${ALLOWED_TOOLS}"
+            ;;
+          opencode)
+            CMD="opencode"
+            ARGS="--headless"
+            if [ -n "${MODEL}" ]; then
+              ARGS="${ARGS} --model ${MODEL}"
+            fi
+            ;;
+          pi-coding-agent)
+            CMD="pi-coding-agent"
+            ARGS=""
+            if [ -n "${MODEL}" ]; then
+              ARGS="${ARGS} --model ${MODEL}"
+            fi
+            ;;
+          *)
+            echo "::error::Unknown tool: ${TOOL}"
+            exit 1
+            ;;
+        esac
+
+        # Run with timeout
+        echo "Running: ${CMD} ${ARGS} \"<prompt>\""
+        timeout "${TIMEOUT_SECONDS}" bash -c "${CMD} ${ARGS} \"${PROMPT}\"" > "${OUTPUT_FILE}" 2>&1
+        EXIT_CODE=$?
+
+        if [ ${EXIT_CODE} -eq 124 ]; then
+          echo "::warning::Agent timed out after ${TIMEOUT_MINUTES} minutes"
+          echo "AGENT TIMED OUT after ${TIMEOUT_MINUTES} minutes." >> "${OUTPUT_FILE}"
+        fi
+
+        # Set output
+        RESULT=$(cat "${OUTPUT_FILE}")
+        {
+          echo "result<<AGENT_OUTPUT_EOF"
+          echo "${RESULT}"
+          echo "AGENT_OUTPUT_EOF"
+        } >> "${GITHUB_OUTPUT}"
+
+        echo "exit_code=${EXIT_CODE}" >> "${GITHUB_OUTPUT}"
+
+    - name: Post results
+      if: inputs.post-to != 'none' && inputs.post-number != ''
+      shell: bash
+      env:
+        POST_TO: ${{ inputs.post-to }}
+        POST_NUMBER: ${{ inputs.post-number }}
+        RESULT: ${{ steps.run.outputs.result }}
+        EXIT_CODE: ${{ steps.run.outputs.exit_code }}
+      run: |
+        # Determine status emoji
+        if [ "${EXIT_CODE}" = "0" ]; then
+          STATUS_ICON="✅"
+        elif [ "${EXIT_CODE}" = "124" ]; then
+          STATUS_ICON="⏱️"
+        else
+          STATUS_ICON="❌"
+        fi
+
+        CHAR_COUNT=${#RESULT}
+
+        # Format body
+        if [ ${CHAR_COUNT} -gt 60000 ]; then
+          # Truncate very long output
+          BODY="${STATUS_ICON} **Agent Result**
+
+        <details>
+        <summary>Output (truncated — ${CHAR_COUNT} chars)</summary>
+
+        \`\`\`
+        ${RESULT:0:50000}
+        \`\`\`
+
+        ⚠️ Output truncated. See [full logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
+        </details>"
+        elif [ ${CHAR_COUNT} -gt 4000 ]; then
+          # Collapsible for medium output
+          BODY="${STATUS_ICON} **Agent Result**
+
+        <details>
+        <summary>Output (${CHAR_COUNT} chars)</summary>
+
+        \`\`\`
+        ${RESULT}
+        \`\`\`
+
+        </details>"
+        else
+          # Short output inline
+          BODY="${STATUS_ICON} **Agent Result**
+
+        \`\`\`
+        ${RESULT}
+        \`\`\`"
+        fi
+
+        # Post comment
+        if [ "${POST_TO}" = "pr" ]; then
+          gh pr comment "${POST_NUMBER}" --body "${BODY}"
+        elif [ "${POST_TO}" = "issue" ]; then
+          gh issue comment "${POST_NUMBER}" --body "${BODY}"
+        fi
+
+    - name: Discord notification
+      if: always() && env.DISCORD_WEBHOOK_URL != ''
+      shell: bash
+      env:
+        EXIT_CODE: ${{ steps.run.outputs.exit_code }}
+      run: |
+        if [ "${EXIT_CODE}" = "0" ]; then
+          af-discord send --status success "Agent completed successfully for ${{ github.repository }}#${{ inputs.post-number }}" || true
+        else
+          af-discord send --channel agent-errors --status error "Agent failed (exit ${EXIT_CODE}) for ${{ github.repository }}#${{ inputs.post-number }}" || true
+        fi

agentic_factory-0.1.0/.github/workflows/build-images.yaml

@@ -0,0 +1,60 @@
+name: Build Container Images
+
+on:
+  push:
+    branches: [main]
+    paths: ["images/**"]
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_PREFIX: ghcr.io/ondrasek/agent-runtime
+
+jobs:
+  build-base:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: images/base/Dockerfile
+          push: true
+          tags: |
+            ${{ env.IMAGE_PREFIX }}-base:latest
+            ${{ env.IMAGE_PREFIX }}-base:${{ github.sha }}
+
+  build-tools:
+    needs: build-base
+    strategy:
+      matrix:
+        tool: [claude, opencode, pi]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: images/${{ matrix.tool }}/Dockerfile
+          push: true
+          tags: |
+            ${{ env.IMAGE_PREFIX }}-${{ matrix.tool }}:latest
+            ${{ env.IMAGE_PREFIX }}-${{ matrix.tool }}:${{ github.sha }}

agentic_factory-0.1.0/.github/workflows/ci.yaml

@@ -0,0 +1,64 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+        with:
+          python-version: "3.12"
+      - run: uv sync --dev
+      - run: uv run pytest --cov=src/ --cov-fail-under=60 --cov-report=term-missing --cov-report=xml
+      - uses: codecov/codecov-action@v5
+        with:
+          files: coverage.xml
+        if: github.event_name == 'pull_request'
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+        with:
+          python-version: "3.12"
+      - run: uv sync --dev
+      - run: uv run ruff check src/ tests/
+      - run: uv run ruff format --check src/ tests/
+      - run: uv run codespell src/ tests/
+
+  typecheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+        with:
+          python-version: "3.12"
+      - run: uv sync --dev
+      - run: uv run pyright src/
+
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+        with:
+          python-version: "3.12"
+      - run: uv sync --dev
+      - run: uv run bandit -r src/ -q -ll
+
+  deadcode:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+        with:
+          python-version: "3.12"
+      - run: uv sync --dev
+      - run: uv run vulture src/ --min-confidence 80

agentic_factory-0.1.0/.github/workflows/pypi-publish.yaml

@@ -0,0 +1,21 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: astral-sh/setup-uv@v4
+
+      - name: Build and publish
+        run: uv build && uv publish