Automate CI workflows and fix documentation

[riatzukiza]

Summary

• add comprehensive CI workflow with lint/test/mutation/release jobs and a review-response workflow
• correct documentation and specs to reference @openhax/codex and default the release analyzer to the Zen API
• improve codex-metrics response payloads and add Biome config plus new contributing guidance

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (5)

• .github/workflows/review-response.yml is excluded by none and included by none
• spec/branch-protection.md is excluded by none and included by none
• spec/pr-2-conflict-analysis.md is excluded by none and included by none
• spec/review-response-automation.md is excluded by none and included by none
• spec/review-response-cli-fix.md is excluded by none and included by none

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Summary by CodeRabbit

• Style
  • Updated the OAuth authentication page header title to display the package name with an "@" prefix for better branding consistency.

Walkthrough

The changes introduce explicit SSE event stream sequencing for the codex-metrics command, replacing a single payload response with a multi-event stream containing unique identifiers, timestamps, and structured events. Test utilities are updated accordingly to parse and validate these SSE events.

Changes

Cohort / File(s)	Change Summary
SSE Event Streaming Implementation lib/commands/codex-metrics.ts	Refactored response handling to emit a sequence of SSE events (response.created, response.output_text.delta, response.output_item.added, response.output_item.done, response.completed) with unique IDs (responseId, messageId), timestamps, and resolved model. Updated createSsePayload to accept an events array and concatenate per-event data chunks with [DONE] terminator.
Test Infrastructure Updates test/codex-metrics-command.test.ts	Added readSseEvents utility to parse SSE payloads into JSON events. Updated readCommandPayload to extract and validate response.completed event, returning both events array and payload. Refactored all call sites to destructure the new { events, payload } return shape.
Display Update lib/oauth-success.html	Added @ prefix to repository name in OAuth authentication header title.

Sequence Diagram

sequenceDiagram
    participant Client
    participant codex-metrics Command
    participant SSE Stream

    Client->>codex-metrics Command: Execute command
    Note over codex-metrics Command: Generate responseId, messageId, timestamps
    
    codex-metrics Command->>SSE Stream: Emit response.created event
    SSE Stream-->>Client: data: {type, id, created_at, ...}
    
    codex-metrics Command->>SSE Stream: Emit response.output_text.delta event
    SSE Stream-->>Client: data: {type, delta, ...}
    
    codex-metrics Command->>SSE Stream: Emit response.output_item.added event
    SSE Stream-->>Client: data: {type, item, ...}
    
    codex-metrics Command->>SSE Stream: Emit response.output_item.done event
    SSE Stream-->>Client: data: {type, index, ...}
    
    codex-metrics Command->>SSE Stream: Emit response.completed event
    SSE Stream-->>Client: data: {type, status: "completed", ...}
    SSE Stream-->>Client: data: [DONE]

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~35 minutes

• Event sequencing logic: Verify the order of SSE events is correct and consistent with expected OpenAI streaming format
• SSE payload format: Validate that createSsePayload correctly concatenates events and formats data chunks
• Completion event validation: Ensure the completion event is always present and properly extracted in tests; understand failure handling if missing
• Backward compatibility: Confirm no external consumers depend on the old single-payload structure

Possibly related PRs

• Automate CI and review workflows #8: Implements identical multi-event SSE sequencing changes to codex-metrics.ts and corresponding test infrastructure updates, indicating potential overlap or shared intent.

Poem

🌊 Events now flow in ordered streams,
Each SSE payload fulfilling our dreams,
With responseIds and timestamps so clean,
The completion event marks what's been seen,
Tests parse and validate, no stone left unturned! 📋

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title 'Automate CI workflows and fix documentation' does not match the primary changes shown in the raw summary, which focus on restructuring SSE event streaming for codex-metrics and updating OAuth HTML.	Update the title to reflect the main code changes, such as 'Restructure codex-metrics SSE event streaming and update OAuth branding' or adjust the changeset to match the stated CI and documentation goals.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description mentions CI workflows, documentation updates, and Biome config, which align with some stated objectives, though the raw summary shows the actual code changes are primarily SSE event restructuring and minor HTML updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

lib/oauth-success.html (1)

546-552: Branding is mixed between @openhax/codex and OpenCode

The terminal title now uses @openhax/codex, while the document <title> and body text still say "OpenCode". If the intent is to standardize on @openhax/codex, consider aligning the remaining labels; if not, this is harmless but slightly confusing.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f3dd0e1 and 4ea62a5.

⛔ Files ignored due to path filters (31)

• .coderabbit.yaml is excluded by none and included by none
• .github/workflows/ci.yml is excluded by none and included by none
• .github/workflows/review-response.yml is excluded by none and included by none
• CONTRIBUTING.md is excluded by none and included by none
• README.md is excluded by none and included by none
• biome.json is excluded by none and included by none
• config/full-opencode.json is excluded by none and included by none
• config/minimal-opencode.json is excluded by none and included by none
• docs/README.md is excluded by none and included by none
• docs/configuration.md is excluded by none and included by none
• docs/development/CONFIG_FLOW.md is excluded by none and included by none
• docs/development/TESTING.md is excluded by none and included by none
• docs/development/ci.md is excluded by none and included by none
• docs/getting-started.md is excluded by none and included by none
• docs/index.md is excluded by none and included by none
• docs/troubleshooting.md is excluded by none and included by none
• index.ts is excluded by none and included by none
• package.json is excluded by none and included by none
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml and included by none
• scripts/detect-release-type.mjs is excluded by none and included by none
• scripts/review-response-context.mjs is excluded by none and included by none
• scripts/sync-github-secrets.mjs is excluded by none and included by none
• scripts/test-all-models.sh is excluded by none and included by none
• spec/branch-protection.md is excluded by none and included by none
• spec/ci-release-automation.md is excluded by none and included by none
• spec/codex-metrics-sse-fix.md is excluded by none and included by none
• spec/doc-package-name-scope.md is excluded by none and included by none
• spec/github-secret-sync.md is excluded by none and included by none
• spec/opencode-zen-endpoint.md is excluded by none and included by none
• spec/review-response-automation.md is excluded by none and included by none
• spec/review-response-workflow-fix.md is excluded by none and included by none

📒 Files selected for processing (3)

• lib/commands/codex-metrics.ts (2 hunks)
• lib/oauth-success.html (1 hunks)
• test/codex-metrics-command.test.ts (11 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

test/codex-metrics-command.test.ts (1)

lib/commands/codex-metrics.ts (1)

• maybeHandleCodexCommand (36-97)

🔇 Additional comments (2)

test/codex-metrics-command.test.ts (1)

33-49: SSE parsing helpers and updated tests look solid

readSseEvents and readCommandPayload correctly mirror the new createSsePayload format: they strip [DONE], parse only data: chunks, and enforce the presence of a response.completed event. The updated tests that consume { events, payload } validate IDs, status, content, and model fallback in a way that should catch regressions in the SSE sequence or payload shape.

Also applies to: 62-92, 258-359

lib/commands/codex-metrics.ts (1)

130-224: createStaticResponse now streams SSE for both codex-metrics and codex-inspect—inspect has no test coverage

The investigation confirms your concern. Both commands route through the same createStaticResponse function (lines 56–93), which unconditionally returns an SSE stream with text/event-stream headers and a [DONE] sentinel.

Blocker: Zero tests exist for /codex-inspect—all test coverage is for /codex-metrics only. This suggests /codex-inspect was not previously SSE and now implicitly converts to SSE. Without explicit intent documentation or inspect-specific tests, this is a blind spot.

Required confirmation:

• Is the SSE conversion for codex-inspect intentional, or was it an unintended side effect of the shared function?
• Do all consumers of the command (CLI validators, tooling) expect inspect to emit SSE, or do they expect a traditional single-payload response?

If codex-inspect must remain non-SSE or use a different payload shape, extract it into a separate response handler (e.g., createInspectResponse) before merging.