1.4 KiB
1.4 KiB
TODO
Open Items By Priority
P0 (Critical)
- True isolated runner flow: clone/fetch/checkout PR branch inside the ephemeral container itself, not on host before prompt generation.
- Remove host-side fallback path for review execution or gate it behind explicit
ALLOW_HOST_FALLBACKto avoid silently bypassing isolation. - Add integration test that proves runner container receives repo+PR context and executes review for the exact PR head SHA.
P1 (Important)
WEBHOOK_MODEis currently informational only; add runtime validation/check endpoint that confirms expected webhook scope (repoorglobal) is actually configured in Gitea by host admin.- Make review model configurable via env (for example
OPENAI_REVIEW_MODEL) instead of hardcodinggpt-5. - Add retries/backoff for
codex execbootstrap (npm install -g @openai/codex) to reduce transient network/setup failures. - Add end-to-end test path against live Gitea + MariaDB + docker runner (webhook -> queue -> runner -> PR comment update).
P2 (Nice to have)
- Add explicit env docs for reverse-proxy deployment (
BASE_PUBLIC_URL, trusted headers). - Add per-repo command policy in
.codex-review.ymlfor enabling/disabling commands (review,fix,explain,rerun). - Add structured log redaction tests to ensure PAT/keys never appear in logs/comments.