PyPI - cicaddy-github - Versions diffs - 0.4.0__tar.gz → 0.5.0__tar.gz - Mend

cicaddy-github 0.4.0tar.gz → 0.5.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

{cicaddy_github-0.4.0/.claude → cicaddy_github-0.5.0/.agents}/skills/cicaddy-action/SKILL.md RENAMED Viewed

@@ -225,7 +225,7 @@ the `safe-to-review` label. The label is auto-removed on new pushes to prevent
 TOCTOU bypasses.
 ```yaml
-- uses: redhat-community-ai-tools/cicaddy-action@v0.4.0
+- uses: redhat-community-ai-tools/cicaddy-action@v0.5.0
   with:
     ai_provider: gemini
     ai_model: gemini-3-flash-preview
@@ -306,6 +306,126 @@ JSON array. Each server object has:
 - The `github_pr` agent updates its PR comment in-place on re-runs
 - Use `gh auth token` to generate a GitHub token quickly
+## Sub-Agent Delegation
+cicaddy-action v0.5.0+ supports AI-powered sub-agent delegation via cicaddy>=0.8.0. When enabled, the framework uses a triage AI to select specialized sub-agents that run in parallel.
+### How It Works
+1. **Triage** — AI analyzes the PR diff/context and selects reviewers (security, architecture, performance, etc.)
+2. **Parallel Execution** — Selected sub-agents run concurrently with focused prompts and filtered tools
+3. **Aggregation** — Results merged into a single PR comment with per-agent sections
+### Configuration
+**Action Inputs:**
+- `delegation_mode`: `none` (default) or `auto`
+- `max_sub_agents`: 1-10 (default: `3`)
+**Environment Variables:**
+- `DELEGATION_MODE`: `none` or `auto`
+- `MAX_SUB_AGENTS`: 1-10 (default: `3`)
+- `SUB_AGENT_MAX_ITERS`: 1-15 (default: `10`)
+- `DELEGATION_AGENTS_DIR`: `.agents/delegation` (custom agent YAML directory)
+- `DELEGATION_AGENTS`: JSON array for inline custom agents
+- `TRIAGE_PROMPT`: Custom triage instructions
+**CLI Flags:**
+```bash
+cicaddy run --env-file .env --delegation-mode auto --max-sub-agents 2
+```
+### Built-in Review Sub-Agents
+For `github_pr` agent type:
+- `security-reviewer` — Auth, crypto, secrets, injection
+- `architecture-reviewer` — Design patterns, module boundaries
+- `api-reviewer` — Endpoints, schemas, versioning
+- `database-reviewer` — Queries, migrations, indexes
+- `ui-reviewer` — Frontend components, accessibility
+- `devops-reviewer` — CI/CD, Docker, deployment
+- `performance-reviewer` — Algorithms, caching, concurrency
+- `general-reviewer` — Catch-all
+### Plugin Hooks
+The `cicaddy.delegation_blocked_tools` entry point blocks write and side-effect operations in sub-agents:
+- Posting PR comments and submitting reviews
+- Merging PRs and managing labels
+- Creating/editing/closing issues
+- Branch and tag operations
+- Sending Slack notifications
+Sub-agents only perform analysis; they cannot modify GitHub state or send notifications.
+### PR Comment Output
+When delegation is active, PR comments include a collapsible metadata block:
+```markdown
+<details><summary>Delegation details: 3 agent(s) succeeded (12.4s)</summary>
+Agents: security-reviewer, architecture-reviewer, api-reviewer
+- **security-reviewer**: PR modifies authentication middleware
+- **architecture-reviewer**: Significant module boundary changes
+- **api-reviewer**: REST endpoint modifications detected
+</details>
+```
+### Custom Sub-Agents
+Define custom agents in `.agents/delegation/review/`:
+```yaml
+# .agents/delegation/review/compliance-reviewer.yaml
+name: compliance-reviewer
+agent_type: review
+persona: compliance engineer
+description: Reviews regulatory compliance impact
+categories: [security, configuration]
+constraints:
+  - Focus on SOC2, GDPR, HIPAA compliance
+  - Flag PII handling changes
+priority: 15
+```
+Or inline via `DELEGATION_AGENTS` JSON env var.
+### GitHub Actions Example
+```yaml
+- uses: redhat-community-ai-tools/cicaddy-action@main
+  with:
+    ai_provider: gemini
+    ai_model: gemini-3-flash-preview
+    ai_api_key: ${{ secrets.AI_API_KEY }}
+    task_file: tasks/pr_review.yml
+    post_pr_comment: 'true'
+    delegation_mode: 'auto'
+    max_sub_agents: '3'
+```
+### Local Development Example
+```bash
+# .env.my-review
+AI_PROVIDER=gemini
+AI_MODEL=gemini-3-flash-preview
+GEMINI_API_KEY=<key>
+GITHUB_TOKEN=<token>
+GITHUB_REPOSITORY=owner/repo
+GITHUB_PR_NUMBER=42
+POST_PR_COMMENT=true
+DELEGATION_MODE=auto
+MAX_SUB_AGENTS=3
+# Run:
+uv run cicaddy run --env-file .env.my-review
+```
+See [docs/delegation.md](../../../docs/delegation.md) for the full specification.
 ## Code Style
 - Python 3.11+ with type hints

{cicaddy_github-0.4.0 → cicaddy_github-0.5.0}/.github/workflows/changelog.yml RENAMED Viewed

@@ -50,7 +50,7 @@ jobs:
           cp "${{ steps.report.outputs.report_html }}" _site/index.html
       - name: Upload Pages artifact
-        uses: actions/upload-pages-artifact@v4
+        uses: actions/upload-pages-artifact@v5
         with:
           path: _site
@@ -63,4 +63,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@v5

{cicaddy_github-0.4.0 → cicaddy_github-0.5.0}/.github/workflows/release.yml RENAMED Viewed

@@ -67,7 +67,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v3
         with:
           generate_release_notes: true

cicaddy_github-0.5.0/AGENTS.md ADDED Viewed

@@ -0,0 +1,211 @@
+# cicaddy-action Development Guidelines
+## Project Overview
+GitHub Action that wraps cicaddy for running AI agent tasks in GitHub Actions workflows. The `cicaddy-github` plugin extends cicaddy with GitHub-specific agents, tools, and configuration.
+## Architecture
+### Plugin System
+This package registers itself with cicaddy's plugin system via entry points in `pyproject.toml`:
+- `cicaddy.agents` — registers GitHub-specific agents (e.g., `GitHubPRAgent`, `GitHubTaskAgent`)
+- `cicaddy.settings_loader` — provides GitHub settings loader
+- `cicaddy.cli_args` / `cicaddy.env_vars` / `cicaddy.validators` — CLI and config extensions
+### Agent Registration
+```python
+# src/cicaddy_github/plugin.py
+def register_agents():
+    from cicaddy.agent.factory import AgentFactory
+    from cicaddy_github.github_integration.agents import GitHubPRAgent, GitHubTaskAgent
+    from cicaddy_github.github_integration.detector import _detect_github_agent_type
+    AgentFactory.register("github_pr", GitHubPRAgent)
+    AgentFactory.register("github_task", GitHubTaskAgent)
+    AgentFactory.register_detector(_detect_github_agent_type, priority=40)
+```
+Detector priority 40 ensures GitHub detection runs before cicaddy's built-in CI detector at priority 50.
+### Project Structure
+```
+cicaddy-action/
+  action.yml                  # GitHub Action definition (inputs/outputs)
+  Dockerfile                  # Container image (python:3.12-slim + uv)
+  entrypoint.sh               # Maps GitHub Action inputs to cicaddy env vars
+  pyproject.toml              # Package config (cicaddy-github plugin)
+  tasks/
+    pr_review.yml             # DSPy task for PR code review
+    changelog_report.yml      # DSPy task for changelog generation
+  src/cicaddy_github/
+    plugin.py                 # Entry points: register_agents, get_cli_args, etc.
+    config/settings.py        # Settings class extending CoreSettings
+    github_integration/
+      agents.py               # GitHubPRAgent, GitHubTaskAgent
+      analyzer.py             # PyGithub wrapper (diff, PR data, comments)
+      detector.py             # Auto-detect agent type from GitHub env
+      tools.py                # Git operations (@tool decorated)
+    security/
+      leak_detector.py        # Secret redaction via detect-secrets
+```
+### Key Subpackages
+| Package | Purpose |
+|---------|---------|
+| `src/cicaddy_github/github_integration/` | GitHub API client, agents, analyzers, tools |
+| `src/cicaddy_github/config/` | GitHub settings (token, repository, PR number) |
+| `src/cicaddy_github/security/` | Secret detection and redaction |
+| `src/cicaddy_github/plugin.py` | Entry point registration for cicaddy plugin system |
+| `tasks/` | DSPy task definitions for PR review and changelog generation |
+### Dependencies
+- Depends on `cicaddy>=0.8.0` (core library) and `PyGithub>=2.1.0`
+- Follows the same agent/factory patterns as the core library
+- Extends `BaseAIAgent` from cicaddy
+## Agent Types
+| Type | Class | Trigger |
+|------|-------|---------|
+| `github_pr` | `GitHubPRAgent` | `GITHUB_EVENT_NAME=pull_request` + `GITHUB_PR_NUMBER` |
+| `github_task` | `GitHubTaskAgent` | `GITHUB_EVENT_NAME` present but not a PR |
+## Sub-Agent Delegation (v0.5.0+)
+Requires cicaddy>=0.8.0. When `DELEGATION_MODE=auto`, the parent agent's `analyze()` method delegates to specialized sub-agents:
+1. **Triage** — AI analyzes the PR diff/context and selects reviewers
+2. **Parallel Execution** — Selected sub-agents run concurrently with focused prompts
+3. **Aggregation** — Results merged into a single PR comment with per-agent sections
+### Plugin Hooks
+The cicaddy-github plugin provides:
+- `cicaddy.delegation_blocked_tools` entry point — blocks write and side-effect operations (posting comments, submitting reviews, merging PRs, sending Slack notifications, etc.) so sub-agents only perform analysis
+- Delegation metadata in PR comments — shows which agents ran, success/failure counts, and execution time in a collapsible details block
+### Configuration
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `DELEGATION_MODE` | `none` | `none` or `auto` |
+| `MAX_SUB_AGENTS` | `3` | Max concurrent sub-agents (1-10) |
+| `SUB_AGENT_MAX_ITERS` | `10` | Iterations per sub-agent (1-15) |
+| `DELEGATION_AGENTS_DIR` | `.agents/delegation` | Custom agent YAML directory (relative to repo root) |
+| `DELEGATION_AGENTS` | (empty) | JSON config for inline custom sub-agent definitions |
+| `TRIAGE_PROMPT` | (empty) | Custom triage instructions |
+Action inputs: `delegation_mode`, `max_sub_agents`
+CLI flags: `--delegation-mode auto --max-sub-agents 2`
+See cicaddy's [sub-agent delegation docs](https://github.com/waynesun09/cicaddy/blob/main/docs/sub-agent-delegation.md) for built-in agents, custom YAML format, and tool filtering.
+## Action Inputs
+All inputs use **underscores** (not hyphens) for Docker container compatibility:
+| Input | Required | Description |
+|-------|----------|-------------|
+| `ai_provider` | Yes | `gemini`, `openai`, `claude`, `anthropic-vertex` |
+| `ai_model` | Yes | Model identifier |
+| `ai_api_key` | No* | AI provider API key (not needed for `anthropic-vertex`) |
+| `vertex_project_id` | No | GCP project ID (required for `anthropic-vertex`) |
+| `cloud_ml_region` | No | Vertex AI region (default: `us-east5`) |
+| `task_file` | No | Path to DSPy YAML task file |
+| `task_prompt` | No | Inline task prompt |
+| `post_pr_comment` | No | Post results as PR comment (default: `false`) |
+| `github_token` | No | GitHub token (default: `${{ github.token }}`) |
+| `mcp_servers_config` | No | JSON array of MCP server configs |
+| `slack_webhook_url` | No | Slack webhook URL |
+| `report_template` | No | Custom HTML report template path |
+| `delegation_mode` | No | `none` (default) or `auto` for sub-agent delegation |
+| `max_sub_agents` | No | Max concurrent sub-agents, 1-10 (default: `3`) |
+*Not required if provider-specific key is set via `env:`.
+## Entrypoint Flow
+`entrypoint.sh` bridges GitHub Action inputs to cicaddy environment:
+1. Exports `AI_PROVIDER` and `AI_MODEL` from `INPUT_*` vars
+2. Maps `INPUT_AI_API_KEY` to provider-specific env var (`GEMINI_API_KEY`, etc.)
+3. Resolves `AI_TASK_FILE` and `REPORT_TEMPLATE` to absolute paths
+4. Extracts `GITHUB_PR_NUMBER` from `GITHUB_REF` (`refs/pull/<N>/merge`)
+5. Creates `.cicaddy/` subdirectory and `cd`s into it (cicaddy writes reports to `../`)
+6. Runs `cicaddy run`
+## Code Quality
+- Run `pre-commit run --files <changed-files>` before committing
+- Run `uv run pytest tests/ -q --cov=src/cicaddy_github` before committing (must pass all tests)
+- Prefer shared/utility modules over code duplication
+- Follow type hints, Google-style docstrings, async where appropriate
+## Git Workflow
+- **Sign commits**: `git commit -s` (DCO sign-off required)
+- Only commit files modified in current session
+- **No "Generated with Claude Code"** or **"Co-Authored-By"** in commits, PR descriptions
+- Ask permission before pushing to remote
+## Python
+- Use `uv` for package management
+- Always use virtual environments
+- Dev install: `uv pip install -e ".[test]"`
+- Run tests: `uv run pytest tests/ -q --cov=src/cicaddy_github`
+- Type checking: `uv run ty check` (if available)
+- Format: `pre-commit run ruff-format --files <changed-files>`
+## Docker
+- Build Docker image: `docker build -t cicaddy-action:test .`
+- Test Docker image: `docker run --rm --entrypoint cicaddy cicaddy-action:test --version`
+## Running Locally
+Create an env file and use `uv run cicaddy run --env-file <file>`:
+```bash
+# AI Provider
+AI_PROVIDER=gemini
+AI_MODEL=gemini-3-flash-preview
+GEMINI_API_KEY=<key>
+# GitHub Configuration
+GITHUB_TOKEN=<token>
+GITHUB_REPOSITORY=owner/repo
+GITHUB_EVENT_NAME=pull_request
+GITHUB_PR_NUMBER=42
+# Agent Settings
+POST_PR_COMMENT=true
+ENABLE_LOCAL_TOOLS=true
+LOCAL_TOOLS_WORKING_DIR=.
+LOG_LEVEL=INFO
+```
+Run with: `uv run cicaddy run --env-file .env.my-review`
+## PR Review Workflow Security
+- The PR review workflow uses `pull_request_target` so secrets are available for fork PRs
+- Internal PRs (same repo) run automatically; fork PRs require the `safe-to-review` label
+- The label is auto-removed on `synchronize` (new pushes from forks) to prevent TOCTOU bypasses
+- The workflow never checks out or executes untrusted PR code — cicaddy fetches the diff via the GitHub API
+## Release Checklist
+- **Bump `version` in `pyproject.toml` BEFORE tagging** — the release workflow builds from the checked-out source, so the `pyproject.toml` version must match the git tag
+- When bumping the version, also update all `cicaddy-action@vX.Y.Z` version references in `README.md` and skills to match the new version
+- Run full test suite: `uv run pytest tests/ -q --cov=src/cicaddy_github`
+- Create release with `gh release create v<version>`
+- PyPI publish is automated via `.github/workflows/release.yml`

cicaddy_github-0.5.0/CLAUDE.md ADDED Viewed

@@ -0,0 +1,9 @@
+# Claude Code Rules
+> **Note**: For comprehensive development guidelines, see [AGENTS.md](AGENTS.md).
+>
+> AGENTS.md contains the full architecture documentation, plugin system details,
+> GitHub Action inputs, entrypoint flow, code quality guidelines, Git workflow,
+> Python setup, Docker usage, and release process.
+>
+> This file is maintained for Claude Code compatibility and will redirect to AGENTS.md.

{cicaddy_github-0.4.0 → cicaddy_github-0.5.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cicaddy-github
-Version: 0.4.0
+Version: 0.5.0
 Summary: GitHub Actions plugin for cicaddy AI agent framework
 Project-URL: Homepage, https://github.com/redhat-community-ai-tools/cicaddy-action
 Project-URL: Repository, https://github.com/redhat-community-ai-tools/cicaddy-action.git
@@ -9,7 +9,7 @@ Author: Wayne Sun
 License: Apache-2.0
 License-File: LICENSE
 Requires-Python: >=3.11
-Requires-Dist: cicaddy>=0.3.0
+Requires-Dist: cicaddy>=0.8.0
 Requires-Dist: detect-secrets>=1.4.0
 Requires-Dist: pygithub>=2.1.0
 Provides-Extra: test
@@ -25,8 +25,10 @@ GitHub Action that wraps [cicaddy](https://github.com/waynesun09/cicaddy) for ru
 ## Features
 - **AI-powered PR reviews** with optional Context7 MCP for up-to-date library documentation
+- **Sub-agent delegation** for parallel specialized reviews (security, architecture, performance, etc.)
+- **Go dependency impact analysis** for Go dependency update PRs with risk classification
 - **Changelog report generation** from git tag diffs and release notes
-- **Multiple AI providers**: Gemini, OpenAI, Claude
+- **Multiple AI providers**: Gemini, OpenAI, Claude, Claude via Vertex AI
 - **Secret redaction** via detect-secrets for safe public outputs
 - **DSPy YAML task definitions** for customizable analysis workflows
@@ -53,19 +55,23 @@ jobs:
   review:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
-      - uses: redhat-community-ai-tools/cicaddy-action@v0.4.0
+      - uses: redhat-community-ai-tools/cicaddy-action@main
         with:
           ai_provider: gemini
           ai_model: gemini-3-flash-preview
           ai_api_key: ${{ secrets.AI_API_KEY }}
           task_file: tasks/pr_review.yml
           post_pr_comment: 'true'
+        env:
+          DELEGATION_MODE: auto
 ```
+> **Sub-Agent Delegation**: When `DELEGATION_MODE` is set to `auto`, the agent uses AI-powered triage to analyze the PR diff and spawns specialized sub-agents in parallel (e.g., code quality, security, performance). Each sub-agent runs with a focused scope and reduced token budget, and their results are aggregated into a single unified review. This produces deeper, more structured reviews compared to single-agent mode. Set `DELEGATION_MODE` to `none` to use a single agent instead. See [docs/delegation.md](docs/delegation.md) for details.
 ### Changelog Report on Release
 ```yaml
@@ -79,11 +85,11 @@ jobs:
   changelog:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
-      - uses: redhat-community-ai-tools/cicaddy-action@v0.4.0
+      - uses: redhat-community-ai-tools/cicaddy-action@main
         with:
           ai_provider: gemini
           ai_model: gemini-3-flash-preview
@@ -91,13 +97,63 @@ jobs:
           task_file: tasks/changelog_report.yml
 ```
+### Go Dependency Impact Analysis
+Analyze Go dependency update PRs (e.g. from Renovate or Dependabot) with
+AI-assisted risk classification. The agent collects dependency diffs,
+usage analysis (via `go mod why`/`go mod graph`), upstream changelogs,
+and security advisories, then posts a structured impact assessment as a
+PR comment.
+```yaml
+name: Go Dependency Impact Analysis
+on:
+  pull_request:
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+permissions:
+  contents: read
+  pull-requests: write
+jobs:
+  dep-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: '1.22'
+      - uses: redhat-community-ai-tools/cicaddy-action@main
+        with:
+          ai_provider: gemini
+          ai_model: gemini-3-flash-preview
+          ai_api_key: ${{ secrets.AI_API_KEY }}
+          task_file: tasks/go_dep_impact_review.yml
+          post_pr_comment: 'true'
+          run_govulncheck: 'true'
+        env:
+          AGENT_TASKS: go_dep_review
+```
+The `AGENT_TASKS: go_dep_review` env var activates the Go dependency review
+agent instead of the default PR code review agent. The `run_govulncheck`
+input enables vulnerability reachability analysis (requires Go and
+govulncheck installed in the runner).
+See [docs/providers.md](docs/providers.md) for provider-specific configuration including Claude via Vertex AI (GCP), OpenAI, and Anthropic API setup.
 ## Inputs
 | Input | Required | Description |
 |-------|----------|-------------|
-| `ai_provider` | Yes | AI provider: `gemini`, `openai`, `claude` |
+| `ai_provider` | Yes | AI provider: `gemini`, `openai`, `claude`, `anthropic-vertex` |
 | `ai_model` | Yes | Model identifier |
-| `ai_api_key` | Yes | AI provider API key |
+| `ai_api_key` | No | AI provider API key (not needed for `anthropic-vertex`) |
+| `vertex_project_id` | No | GCP project ID (required for `anthropic-vertex`) |
+| `cloud_ml_region` | No | Vertex AI region (default: `us-east5`) |
 | `task_file` | No | Path to DSPy YAML task file |
 | `task_prompt` | No | Inline task prompt (alternative to task_file) |
 | `report_template` | No | Path to custom HTML report template |
@@ -105,6 +161,10 @@ jobs:
 | `slack_webhook_url` | No | Slack webhook URL for notifications |
 | `post_pr_comment` | No | Post results as PR comment (default: `false`) |
 | `submit_review` | No | Submit formal PR review with APPROVE/REQUEST_CHANGES (default: `false`) |
+| `run_govulncheck` | No | Run govulncheck for vulnerability reachability analysis (default: `false`) |
+| `dep_review_severity_threshold` | No | Minimum semver bump to analyze: `minor` or `major` (default: `minor`) |
+| `delegation_mode` | No | Enable AI-powered sub-agent delegation: `none` (default) or `auto` |
+| `max_sub_agents` | No | Maximum concurrent sub-agents, 1-10 (default: `3`) |
 | `github_token` | No | GitHub token (default: `${{ github.token }}`) |
 ## Outputs
@@ -117,7 +177,10 @@ jobs:
 ## Custom Tasks
-Create DSPy YAML task files to define custom analysis workflows. See `tasks/changelog_report.yml` and `tasks/pr_review.yml` for examples.
+Create DSPy YAML task files to define custom analysis workflows. See `tasks/` for examples:
+- `tasks/pr_review.yml` — AI code review
+- `tasks/changelog_report.yml` — Changelog generation
+- `tasks/go_dep_impact_review.yml` — Go dependency impact analysis
 ## Local Development
@@ -192,15 +255,28 @@ uv run cicaddy validate --env-file .env.my-review
 | Variable | Required | Description |
 |----------|----------|-------------|
-| `AI_PROVIDER` | Yes | `gemini`, `openai`, or `claude` |
+| `AI_PROVIDER` | Yes | `gemini`, `openai`, `claude`, or `anthropic-vertex` |
 | `AI_MODEL` | Yes | Model identifier (e.g. `gemini-3-flash-preview`) |
-| `GEMINI_API_KEY` / `OPENAI_API_KEY` / `ANTHROPIC_API_KEY` | Yes | API key matching the provider |
+| `GEMINI_API_KEY` / `OPENAI_API_KEY` / `ANTHROPIC_API_KEY` | Yes* | API key matching the provider (*not needed for `anthropic-vertex`) |
+| `ANTHROPIC_VERTEX_PROJECT_ID` | No | GCP project ID (required for `anthropic-vertex`) |
+| `CLOUD_ML_REGION` | No | Vertex AI region (default: `us-east5`) |
 | `GITHUB_TOKEN` | Yes | GitHub personal access token |
 | `GITHUB_REPOSITORY` | Yes | Target repo in `owner/repo` format |
 | `GITHUB_EVENT_NAME` | No | Set to `pull_request` for auto-detection (optional if `GITHUB_PR_NUMBER` is set) |
 | `GITHUB_PR_NUMBER` | Yes | PR number to review |
 | `POST_PR_COMMENT` | No | Post results as PR comment (`true`/`false`) |
+| `AGENT_TASKS` | No | Agent task type (e.g. `go_dep_review` for Go dependency analysis) |
+| `DELEGATION_MODE` | No | `auto` for AI-powered sub-agent delegation, `none` for single-agent (default: `none`) |
+| `MAX_SUB_AGENTS` | No | Max concurrent sub-agents for delegation, 1-10 (default: `3`) |
+| `SUB_AGENT_MAX_ITERS` | No | Max iterations per sub-agent, 1-15 (default: `5`) |
 | `AI_TASK_FILE` | No | Path to DSPy YAML task file for custom workflows |
+| `RUN_GOVULNCHECK` | No | Run govulncheck for reachability analysis (`true`/`false`) |
+| `DELEGATION_MODE` | No | `none` or `auto` for sub-agent delegation |
+| `MAX_SUB_AGENTS` | No | Maximum concurrent sub-agents (default: `3`) |
+| `SUB_AGENT_MAX_ITERS` | No | Max iterations per sub-agent (default: `10`) |
+| `DELEGATION_AGENTS_DIR` | No | Custom agent YAML directory (default: `.agents/delegation`) |
+| `DELEGATION_AGENTS` | No | JSON config for inline custom sub-agents |
+| `TRIAGE_PROMPT` | No | Custom triage instructions |
 | `GIT_DIFF_CONTEXT_LINES` | No | Number of context lines in diffs (default: `10`) |
 | `ENABLE_LOCAL_TOOLS` | No | Enable local git tools (`true`/`false`) |
 | `LOCAL_TOOLS_WORKING_DIR` | No | Working directory for local tools |

cicaddy-github 0.4.0__tar.gz → 0.5.0__tar.gz

cicaddy-github 0.4.0tar.gz → 0.5.0tar.gz