Massive Improvements & MVP Patches
This commit is contained in:
Space-Banane
@@ -15,11 +15,13 @@ class Settings(BaseSettings):
|
||||
gitea_bot_username: str = Field(alias="GITEA_BOT_USERNAME")
|
||||
gitea_webhook_secret: SecretStr = Field(alias="GITEA_WEBHOOK_SECRET")
|
||||
|
||||
openai_api_key: SecretStr = Field(alias="OPENAI_API_KEY")
|
||||
openai_api_key: SecretStr | None = Field(default=None, alias="OPENAI_API_KEY")
|
||||
openai_project_id: str | None = Field(default=None, alias="OPENAI_PROJECT_ID")
|
||||
openai_org_id: str | None = Field(default=None, alias="OPENAI_ORG_ID")
|
||||
openai_review_model: str = Field(default="gpt-5.3-codex", alias="OPENAI_REVIEW_MODEL")
|
||||
openai_reasoning_effort: Literal["none", "low", "medium", "high"] = Field(default="high", alias="OPENAI_REASONING_EFFORT")
|
||||
codex_auth_mode: Literal["api_key", "chatgpt"] = Field(default="api_key", alias="CODEX_AUTH_MODE")
|
||||
codex_auth_json_path: str | None = Field(default=None, alias="CODEX_AUTH_JSON_PATH")
|
||||
|
||||
allowed_repos: str = Field(alias="ALLOWED_REPOS")
|
||||
cooldown_seconds: int = Field(default=60, alias="COOLDOWN_SECONDS")
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import asyncio
|
||||
import json
|
||||
import logging
|
||||
from contextlib import asynccontextmanager
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
||||
from fastapi import Depends, FastAPI, Header, HTTPException, Request, status
|
||||
@@ -26,10 +28,56 @@ logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def _validate_required_env(settings: Settings) -> None:
|
||||
if not settings.openai_api_key.get_secret_value().strip():
|
||||
if settings.codex_auth_mode != "api_key":
|
||||
return
|
||||
api_key = settings.openai_api_key.get_secret_value() if settings.openai_api_key else ""
|
||||
if not api_key.strip():
|
||||
raise RuntimeError("OPENAI_API_KEY is required")
|
||||
|
||||
|
||||
def _configured_auth_json_path(settings: Settings) -> Path:
|
||||
raw_path = settings.codex_auth_json_path.strip() if settings.codex_auth_json_path else "~/.codex/auth.json"
|
||||
return Path(raw_path).expanduser()
|
||||
|
||||
|
||||
def _log_startup_identity(settings: Settings) -> None:
|
||||
logger.info(
|
||||
"Bot startup identity: username=%s gitea_base_url=%s auth_mode=%s",
|
||||
settings.gitea_bot_username,
|
||||
settings.gitea_base_url,
|
||||
settings.codex_auth_mode,
|
||||
)
|
||||
|
||||
|
||||
def _log_startup_auth_json_status(settings: Settings) -> None:
|
||||
if settings.codex_auth_mode != "chatgpt":
|
||||
logger.info("Codex auth configuration: mode=api_key (auth.json not used)")
|
||||
return
|
||||
|
||||
auth_path = _configured_auth_json_path(settings)
|
||||
try:
|
||||
content = auth_path.read_text(encoding="utf-8")
|
||||
parsed = json.loads(content)
|
||||
except FileNotFoundError:
|
||||
logger.warning("Codex auth configuration: mode=chatgpt auth.json missing path=%s", auth_path)
|
||||
return
|
||||
except json.JSONDecodeError as exc:
|
||||
logger.warning("Codex auth configuration: mode=chatgpt invalid auth.json path=%s error=%s", auth_path, exc.msg)
|
||||
return
|
||||
except OSError as exc:
|
||||
logger.warning("Codex auth configuration: mode=chatgpt auth.json unreadable path=%s error=%s", auth_path, exc)
|
||||
return
|
||||
|
||||
root_type = type(parsed).__name__
|
||||
configured_mode = parsed.get("auth_mode") if isinstance(parsed, dict) else None
|
||||
logger.info(
|
||||
"Codex auth configuration: mode=chatgpt auth.json valid path=%s root_type=%s auth_mode=%s",
|
||||
auth_path,
|
||||
root_type,
|
||||
configured_mode or "unknown",
|
||||
)
|
||||
|
||||
|
||||
def _extract_pr_event(payload: dict[str, Any], event_name: str) -> tuple[str, int, str, int, str] | None:
|
||||
repository = payload.get("repository", {})
|
||||
repo = repository.get("full_name")
|
||||
@@ -68,6 +116,8 @@ def _extract_pr_event(payload: dict[str, Any], event_name: str) -> tuple[str, in
|
||||
async def lifespan(app: FastAPI):
|
||||
settings = get_settings()
|
||||
_validate_required_env(settings)
|
||||
_log_startup_identity(settings)
|
||||
_log_startup_auth_json_status(settings)
|
||||
Base.metadata.create_all(bind=get_engine())
|
||||
|
||||
stop_event = asyncio.Event()
|
||||
@@ -119,7 +169,23 @@ async def gitea_webhook(
|
||||
comment_body = str(payload.get("comment", {}).get("body", "")).strip()
|
||||
parsed_command = parse_command(comment_body)
|
||||
if not parsed_command:
|
||||
logger.info(
|
||||
"Webhook ignored: no @codex review command repo=%s pr=%s comment_id=%s sender=%s",
|
||||
repo,
|
||||
pr_number,
|
||||
comment_id,
|
||||
sender_username,
|
||||
)
|
||||
return {"accepted": False, "reason": "no codex command"}
|
||||
if parsed_command.name != "review":
|
||||
logger.info(
|
||||
"Webhook without @codex review command repo=%s pr=%s comment_id=%s sender=%s parsed_command=%s",
|
||||
repo,
|
||||
pr_number,
|
||||
comment_id,
|
||||
sender_username,
|
||||
parsed_command.name,
|
||||
)
|
||||
|
||||
if repo not in settings.allowed_repo_set:
|
||||
return {"accepted": False, "reason": "repo not allowed"}
|
||||
|
||||
@@ -3,6 +3,19 @@ from __future__ import annotations
|
||||
from gitea_codex_bot.types import ParsedCommand
|
||||
|
||||
|
||||
def _inject_head_sha_marker(head_sha: str, body: str) -> str:
|
||||
marker = f"<!-- codex-review:head_sha={head_sha} -->"
|
||||
stripped = body.strip()
|
||||
if not stripped:
|
||||
return marker
|
||||
if stripped.startswith("<!-- codex-review:head_sha="):
|
||||
lines = stripped.splitlines()
|
||||
if lines:
|
||||
lines[0] = marker
|
||||
return "\n".join(lines).strip()
|
||||
return f"{marker}\n{stripped}"
|
||||
|
||||
|
||||
def format_queue_ack(head_sha: str) -> str:
|
||||
short_sha = head_sha[:7]
|
||||
return f"👀 Codex review queued for commit `{short_sha}`."
|
||||
@@ -21,6 +34,10 @@ def format_unsupported_ack(command: ParsedCommand) -> str:
|
||||
|
||||
|
||||
def format_result_comment(head_sha: str, result: dict) -> str:
|
||||
markdown_comment = result.get("markdown_comment")
|
||||
if isinstance(markdown_comment, str) and markdown_comment.strip():
|
||||
return _inject_head_sha_marker(head_sha, markdown_comment)
|
||||
|
||||
verdict = result.get("verdict", "has_issues")
|
||||
confidence = float(result.get("confidence", 0.0))
|
||||
summary = str(result.get("summary", "No summary returned."))
|
||||
@@ -47,4 +64,4 @@ def format_result_comment(head_sha: str, result: dict) -> str:
|
||||
f" Suggestion: {suggestion}" if suggestion else " Suggestion: n/a",
|
||||
]
|
||||
)
|
||||
return "\n".join(lines).strip()
|
||||
return _inject_head_sha_marker(head_sha, "\n".join(lines).strip())
|
||||
|
||||
@@ -124,7 +124,8 @@ def _build_prompt(
|
||||
' "verdict": "correct" | "has_issues",\n'
|
||||
' "confidence": 0.0,\n'
|
||||
' "summary": "...",\n'
|
||||
' "findings": [{"severity":"low|medium|high|critical","file":"...","line_start":1,"line_end":1,"title":"...","body":"...","suggestion":"..."}]\n'
|
||||
' "findings": [{"severity":"low|medium|high|critical","file":"...","line_start":1,"line_end":1,"title":"...","body":"...","suggestion":"..."}],\n'
|
||||
' "markdown_comment": "Full markdown comment body to post to Gitea. Include clear section breaks and blank lines."\n'
|
||||
"}\n\n"
|
||||
f"PR URL: {pr.html_url}\n"
|
||||
f"Mode: {mode}\n"
|
||||
@@ -138,8 +139,11 @@ def _build_prompt(
|
||||
|
||||
|
||||
def _call_openai_review(settings: Settings, prompt: str) -> dict[str, Any]:
|
||||
api_key = settings.openai_api_key.get_secret_value() if settings.openai_api_key else ""
|
||||
if not api_key.strip():
|
||||
raise ReviewError("OPENAI_API_KEY is required for API-key review mode.")
|
||||
headers: dict[str, str] = {
|
||||
"Authorization": f"Bearer {settings.openai_api_key.get_secret_value()}",
|
||||
"Authorization": f"Bearer {api_key}",
|
||||
"Content-Type": "application/json",
|
||||
}
|
||||
if settings.openai_org_id:
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import base64
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
import shlex
|
||||
import subprocess
|
||||
import uuid
|
||||
from pathlib import Path
|
||||
@@ -11,6 +16,9 @@ from gitea_codex_bot.services.gitea import GiteaClient
|
||||
from gitea_codex_bot.services.reviewer import normalize_review_result, prepare_review_prompt, run_review_for_pr
|
||||
from gitea_codex_bot.types import ParsedCommand
|
||||
|
||||
CONTAINER_CODEX_HOME = "/root/.codex"
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def run_review_ephemeral(
|
||||
settings: Settings,
|
||||
@@ -22,11 +30,58 @@ def run_review_ephemeral(
|
||||
gitea = GiteaClient(settings)
|
||||
prompt, _diff_context, _repo_cfg = prepare_review_prompt(settings, gitea, repo, pr_number, command)
|
||||
container_name = f"codex-review-{uuid.uuid4().hex[:12]}"
|
||||
install_and_run = (
|
||||
"set -euo pipefail; "
|
||||
"npm install -g @openai/codex >/tmp/codex-install.log 2>&1; "
|
||||
"codex exec --json -m gpt-5"
|
||||
install_and_run = _build_install_and_run_command(settings)
|
||||
extra_env: dict[str, str] = {}
|
||||
if settings.codex_auth_mode == "chatgpt":
|
||||
extra_env["CODEX_AUTH_JSON_B64"] = _load_codex_auth_json_b64(settings)
|
||||
cmd = _build_docker_command(settings, container_name=container_name, install_and_run=install_and_run)
|
||||
try:
|
||||
completed = subprocess.run(
|
||||
cmd,
|
||||
input=prompt,
|
||||
text=True,
|
||||
check=False,
|
||||
capture_output=True,
|
||||
timeout=settings.max_review_minutes * 60,
|
||||
env={**os.environ, **extra_env},
|
||||
)
|
||||
if completed.returncode != 0:
|
||||
raise RuntimeError(_format_runner_failure(completed))
|
||||
parsed = _parse_codex_exec_stdout(completed.stdout)
|
||||
return normalize_review_result(parsed)
|
||||
except Exception as exc:
|
||||
if settings.codex_auth_mode == "chatgpt":
|
||||
logger.warning("Ephemeral chatgpt runner failed, skipping API-key fallback: %s", exc)
|
||||
return _chatgpt_runner_failure_result(exc)
|
||||
result, _repo_cfg = run_review_for_pr(settings, gitea, repo, pr_number, command)
|
||||
return result
|
||||
|
||||
|
||||
def _build_install_and_run_command(settings: Settings) -> str:
|
||||
steps = ["set -euo pipefail"]
|
||||
if settings.codex_auth_mode == "chatgpt":
|
||||
steps.extend(
|
||||
[
|
||||
f"mkdir -p {CONTAINER_CODEX_HOME}",
|
||||
'printf "%s" "$CODEX_AUTH_JSON_B64" | base64 -d > /root/.codex/auth.json',
|
||||
f"chmod 600 {CONTAINER_CODEX_HOME}/auth.json",
|
||||
]
|
||||
)
|
||||
steps.extend(
|
||||
[
|
||||
"apt-get update >/tmp/apt-update.log 2>&1 && apt-get install -y --no-install-recommends ca-certificates >/tmp/apt-install.log 2>&1 || { rc=$?; echo 'ca-certificates install failed'; tail -n 80 /tmp/apt-update.log || true; tail -n 80 /tmp/apt-install.log || true; exit $rc; }",
|
||||
"npm install -g @openai/codex >/tmp/codex-install.log 2>&1 || { rc=$?; echo 'codex install failed'; tail -n 200 /tmp/codex-install.log || true; exit $rc; }",
|
||||
]
|
||||
)
|
||||
model = settings.openai_review_model.strip()
|
||||
if model:
|
||||
steps.append(f"codex exec --skip-git-repo-check --json -m {shlex.quote(model)}")
|
||||
else:
|
||||
steps.append("codex exec --skip-git-repo-check --json")
|
||||
return "; ".join(steps)
|
||||
|
||||
|
||||
def _build_docker_command(settings: Settings, *, container_name: str, install_and_run: str) -> list[str]:
|
||||
cmd = [
|
||||
"docker",
|
||||
"run",
|
||||
@@ -35,32 +90,87 @@ def run_review_ephemeral(
|
||||
"--name",
|
||||
container_name,
|
||||
"-e",
|
||||
"OPENAI_API_KEY",
|
||||
"-e",
|
||||
"OPENAI_ORG_ID",
|
||||
"-e",
|
||||
"OPENAI_PROJECT_ID",
|
||||
"-e",
|
||||
"CODEX_DISABLE_TELEMETRY=1",
|
||||
settings.review_runner_image,
|
||||
"bash",
|
||||
"-lc",
|
||||
install_and_run,
|
||||
]
|
||||
try:
|
||||
completed = subprocess.run(
|
||||
cmd,
|
||||
input=prompt,
|
||||
text=True,
|
||||
check=True,
|
||||
capture_output=True,
|
||||
timeout=settings.max_review_minutes * 60,
|
||||
if settings.codex_auth_mode == "chatgpt":
|
||||
cmd.extend(
|
||||
[
|
||||
"-e",
|
||||
f"CODEX_HOME={CONTAINER_CODEX_HOME}",
|
||||
"-e",
|
||||
"CODEX_AUTH_JSON_B64",
|
||||
]
|
||||
)
|
||||
parsed = _parse_codex_exec_stdout(completed.stdout)
|
||||
return normalize_review_result(parsed)
|
||||
except Exception:
|
||||
result, _repo_cfg = run_review_for_pr(settings, gitea, repo, pr_number, command)
|
||||
return result
|
||||
else:
|
||||
cmd.extend(
|
||||
[
|
||||
"-e",
|
||||
"OPENAI_API_KEY",
|
||||
"-e",
|
||||
"OPENAI_ORG_ID",
|
||||
"-e",
|
||||
"OPENAI_PROJECT_ID",
|
||||
]
|
||||
)
|
||||
cmd.extend([settings.review_runner_image, "bash", "-lc", install_and_run])
|
||||
return cmd
|
||||
|
||||
|
||||
def _chatgpt_runner_failure_result(exc: Exception) -> dict[str, Any]:
|
||||
message = str(exc).strip() or exc.__class__.__name__
|
||||
summary = f"ChatGPT auth runner failed before review execution. Error: {message}"
|
||||
return {
|
||||
"verdict": "has_issues",
|
||||
"confidence": 0.6,
|
||||
"summary": summary,
|
||||
"findings": [
|
||||
{
|
||||
"severity": "high",
|
||||
"file": "runner",
|
||||
"line_start": 1,
|
||||
"line_end": 1,
|
||||
"title": "Ephemeral chatgpt review runner failed",
|
||||
"body": message,
|
||||
"suggestion": "Check ephemeral runner logs for model/auth/network issues, then rerun @codex review.",
|
||||
}
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
def _format_runner_failure(completed: subprocess.CompletedProcess[str]) -> str:
|
||||
stdout_tail = _tail_text(completed.stdout)
|
||||
stderr_tail = _tail_text(completed.stderr)
|
||||
message = f"ephemeral runner exited with code {completed.returncode}"
|
||||
if stdout_tail:
|
||||
message = f"{message}; stdout_tail={stdout_tail}"
|
||||
if stderr_tail:
|
||||
message = f"{message}; stderr_tail={stderr_tail}"
|
||||
return message
|
||||
|
||||
|
||||
def _tail_text(text: str, limit: int = 1200) -> str:
|
||||
compact = " ".join(text.split())
|
||||
if len(compact) <= limit:
|
||||
return compact
|
||||
return f"...{compact[-limit:]}"
|
||||
|
||||
|
||||
def _resolve_codex_auth_json_path(settings: Settings) -> Path:
|
||||
raw_path = settings.codex_auth_json_path.strip() if settings.codex_auth_json_path else "~/.codex/auth.json"
|
||||
path = Path(raw_path).expanduser()
|
||||
if not path.exists() or not path.is_file():
|
||||
raise FileNotFoundError(
|
||||
f"CODEX_AUTH_MODE=chatgpt requires a readable auth.json file. Checked path: {path}"
|
||||
)
|
||||
return path.resolve()
|
||||
|
||||
|
||||
def _load_codex_auth_json_b64(settings: Settings) -> str:
|
||||
auth_path = _resolve_codex_auth_json_path(settings)
|
||||
content = auth_path.read_text(encoding="utf-8")
|
||||
# Validate JSON before handing it to the ephemeral runner.
|
||||
json.loads(content)
|
||||
return base64.b64encode(content.encode("utf-8")).decode("ascii")
|
||||
|
||||
|
||||
def ensure_workdir(path: str) -> Path:
|
||||
@@ -84,9 +194,35 @@ def _parse_codex_exec_stdout(stdout: str) -> dict[str, Any]:
|
||||
extracted = _extract_text(payload)
|
||||
if extracted:
|
||||
last_text = extracted
|
||||
parsed = _parse_review_json_from_text(extracted)
|
||||
if parsed:
|
||||
return parsed
|
||||
if not last_text:
|
||||
raise RuntimeError("codex exec output did not include parseable JSON text")
|
||||
return json.loads(last_text)
|
||||
raise RuntimeError("codex exec output did not include parseable review payload text")
|
||||
raise RuntimeError(f"codex exec output text did not contain review JSON; text_tail={_tail_text(last_text, 400)}")
|
||||
|
||||
|
||||
def _parse_review_json_from_text(text: str) -> dict[str, Any] | None:
|
||||
candidates: list[str] = [text.strip()]
|
||||
fenced = re.search(r"```(?:json)?\s*(\{.*\})\s*```", text, flags=re.DOTALL | re.IGNORECASE)
|
||||
if fenced:
|
||||
candidates.append(fenced.group(1).strip())
|
||||
start = text.find("{")
|
||||
end = text.rfind("}")
|
||||
if start != -1 and end != -1 and end > start:
|
||||
candidates.append(text[start : end + 1].strip())
|
||||
seen: set[str] = set()
|
||||
for candidate in candidates:
|
||||
if not candidate or candidate in seen:
|
||||
continue
|
||||
seen.add(candidate)
|
||||
try:
|
||||
payload = json.loads(candidate)
|
||||
except json.JSONDecodeError:
|
||||
continue
|
||||
if isinstance(payload, dict) and {"verdict", "summary", "findings"}.issubset(payload.keys()):
|
||||
return payload
|
||||
return None
|
||||
|
||||
|
||||
def _extract_text(payload: Any) -> str | None:
|
||||
@@ -99,6 +235,8 @@ def _extract_text(payload: Any) -> str | None:
|
||||
if text:
|
||||
return text
|
||||
for value in payload.values():
|
||||
if not isinstance(value, (dict, list)):
|
||||
continue
|
||||
text = _extract_text(value)
|
||||
if text:
|
||||
return text
|
||||
|
||||
@@ -4,6 +4,7 @@ import asyncio
|
||||
import logging
|
||||
from typing import Any
|
||||
|
||||
import httpx
|
||||
from sqlalchemy import select
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
@@ -110,7 +111,18 @@ def process_one_job(settings: Settings) -> bool:
|
||||
with session_factory() as session:
|
||||
comment_id = get_persistent_review_comment_id(session, job.repo, job.pr_number)
|
||||
if comment_id:
|
||||
gitea.edit_issue_comment(job.repo, comment_id, comment_body)
|
||||
try:
|
||||
gitea.edit_issue_comment(job.repo, comment_id, comment_body)
|
||||
except httpx.HTTPStatusError as exc:
|
||||
if exc.response.status_code != 404:
|
||||
raise
|
||||
logger.warning(
|
||||
"Persistent review comment not found; posting a new one repo=%s pr=%s old_comment_id=%s",
|
||||
job.repo,
|
||||
job.pr_number,
|
||||
comment_id,
|
||||
)
|
||||
comment_id = gitea.post_issue_comment(job.repo, job.pr_number, comment_body)
|
||||
else:
|
||||
comment_id = gitea.post_issue_comment(job.repo, job.pr_number, comment_body)
|
||||
upsert_persistent_review_comment_id(
|
||||
|
||||
Reference in New Issue
Block a user