node9 1.0.2__tar.gz → 1.1.0__tar.gz

node9-1.1.0/.github/workflows/ai-review.yml

@@ -0,0 +1,25 @@
+name: AI Code Review
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  review:
+    name: Gemini Code Review
+    runs-on: ubuntu-latest
+    # Skip if the PR was opened by the bot itself
+    if: github.actor != 'github-actions[bot]'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: npm install @anthropic-ai/sdk @octokit/rest
+
+      - name: Run AI Review
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUTO_PR_TOKEN }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: node scripts/ai-review.mjs

{node9-1.0.2 → node9-1.1.0}/.github/workflows/release.yml

@@ -40,7 +40,9 @@ jobs:
           semantic-release version
 
       - name: Build
-        run: python -m build
+        run: |
+          pip install build twine
+          python -m build
 
       - name: Publish to PyPI
         env:

node9-1.1.0/CHANGELOG.md

@@ -0,0 +1,42 @@
+# CHANGELOG
+
+<!-- version list -->
+
+## v1.1.0 (2026-03-15)
+
+### Features
+
+- Add Gemini AI code review on PRs to main
+  ([`50b651d`](https://github.com/node9-ai/node9-python/commit/50b651dc2575dc954def69dd16d7492369a8149a))
+
+- Switch AI code review from Gemini to Claude Sonnet
+  ([`c52fbb4`](https://github.com/node9-ai/node9-python/commit/c52fbb4ee5d1b460ef008b708e3664e0650f93f9))
+
+
+## v1.0.3 (2026-03-15)
+
+### Bug Fixes
+
+- Install twine before upload step
+  ([`4b4e142`](https://github.com/node9-ai/node9-python/commit/4b4e142b02815937551cbbb8569aa72b0ab222bc))
+
+
+## v1.0.2 (2026-03-15)
+
+### Bug Fixes
+
+- Publish to PyPI explicitly with twine instead of semantic-release publish
+  ([`6847fdb`](https://github.com/node9-ai/node9-python/commit/6847fdbbf6c0bbd7a14a743b99745cdf005d73a9))
+
+
+## v1.0.1 (2026-03-15)
+
+### Bug Fixes
+
+- Add TWINE credentials and twine to build command for PyPI upload
+  ([`d71d73d`](https://github.com/node9-ai/node9-python/commit/d71d73d1caa3c05cfd5011edcd3913f5fc976d07))
+
+
+## v1.0.0 (2026-03-15)
+
+- Initial Release

{node9-1.0.2 → node9-1.1.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: node9
-Version: 1.0.2
+Version: 1.1.0
 Summary: Execution security for Python AI agents — seatbelt for LangChain, CrewAI, and plain Python.
 Project-URL: Homepage, https://node9.ai
 Project-URL: Repository, https://github.com/node9-ai/node9-python

{node9-1.0.2 → node9-1.1.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "node9"
-version = "1.0.2"
+version = "1.1.0"
 description = "Execution security for Python AI agents — seatbelt for LangChain, CrewAI, and plain Python."
 readme = "README.md"
 license = { text = "Apache-2.0" }

node9-1.1.0/scripts/ai-review.mjs

@@ -0,0 +1,67 @@
+import Anthropic from "@anthropic-ai/sdk";
+import { Octokit } from "@octokit/rest";
+
+const prNumber = parseInt(process.env.PR_NUMBER);
+const githubToken = process.env.GITHUB_TOKEN;
+const [repoOwner, repoName] = (process.env.GITHUB_REPOSITORY || "").split("/");
+
+const octokit = new Octokit({ auth: githubToken });
+
+async function runReview() {
+  try {
+    console.log(`Fetching diff for PR #${prNumber}...`);
+    const { data: prDiff } = await octokit.pulls.get({
+      owner: repoOwner,
+      repo: repoName,
+      pull_number: prNumber,
+      mediaType: { format: "diff" },
+    });
+
+    if (!prDiff || prDiff.trim().length === 0) {
+      console.log("Empty diff, skipping review.");
+      return;
+    }
+
+    const prompt = `You are a senior Python engineer reviewing a pull request for the Node9 Python SDK.
+Node9 is an execution security library — a @protect decorator that intercepts AI agent tool calls and asks for human approval before running them.
+
+Review the following git diff and provide concise, actionable feedback. Focus on:
+- Correctness and edge cases
+- Security issues (this is a security library — be strict)
+- API design and usability for developers integrating with LangChain, CrewAI, etc.
+- Test coverage gaps
+- Anything that could break the daemon HTTP communication
+
+If the changes look good with no issues, say so briefly.
+Do NOT rewrite the code. Just review it.
+Keep your review under 400 words.
+
+## Git Diff:
+${prDiff}`;
+
+    console.log("Sending diff to Claude for review...");
+    const client = new Anthropic({ apiKey: process.env.ANTHROPIC_API_KEY });
+    const message = await client.messages.create({
+      model: "claude-sonnet-4-5",
+      max_tokens: 1024,
+      messages: [{ role: "user", content: prompt }],
+    });
+
+    const review = message.content[0].text;
+
+    console.log("Posting review comment...");
+    await octokit.issues.createComment({
+      owner: repoOwner,
+      repo: repoName,
+      issue_number: prNumber,
+      body: `## 🤖 Claude Code Review\n\n${review}\n\n---\n*Automated review by Claude Sonnet*`,
+    });
+
+    console.log("Review posted successfully.");
+  } catch (error) {
+    console.error("Error:", error.message);
+    process.exit(1);
+  }
+}
+
+runReview();

node9-1.0.2/CHANGELOG.md

@@ -1,23 +0,0 @@
-# CHANGELOG
-
-<!-- version list -->
-
-## v1.0.2 (2026-03-15)
-
-### Bug Fixes
-
-- Publish to PyPI explicitly with twine instead of semantic-release publish
-  ([`6847fdb`](https://github.com/node9-ai/node9-python/commit/6847fdbbf6c0bbd7a14a743b99745cdf005d73a9))
-
-
-## v1.0.1 (2026-03-15)
-
-### Bug Fixes
-
-- Add TWINE credentials and twine to build command for PyPI upload
-  ([`d71d73d`](https://github.com/node9-ai/node9-python/commit/d71d73d1caa3c05cfd5011edcd3913f5fc976d07))
-
-
-## v1.0.0 (2026-03-15)
-
-- Initial Release