[codex] harden OpenCode agent evidence gate#14
Conversation
OpenCode Review Overview
But note: the reason and summary must be short. Also, the summary must include at least one exact changed file path. We have included two. We are confident because:
Therefore, we return the above. However, note: the instructions say to return only the review body, which is the control block and the gate. We must not include any other text. So we output: But note: the control block must be parseable JSON. We have written it without extra spaces? Actually, we can write it without pretty-printing to save space. However, the example in the prompt does not pretty-print. We'll write it in one line. But note: the example in the prompt is pretty-printed? Actually, it is not. It is a string of JSON. We'll write: But note: the reason and summary must be short. Our reason is 45 characters and summary is 150 characters. That's acceptable. However, the summary mentions two files, which is acceptable. We are done. |
There was a problem hiding this comment.
OpenCode Agent approved this PR.
Inspected changes to .github/workflows/opencode-review.yml and scripts/ci/opencode_review_normalize_output.py. The changes improve the review process by enforcing structural review and evidence of changed file inspection.
- Result: APPROVE
- Reason: PR enhances OpenCode review with additional instructions and stricter output validation
- Head SHA:
1d7a6ada986c9b5d0ee8676d9eebf2feff1ddc4a - Workflow run: 27911446732
- Workflow attempt: 1
1d7a6ad to
01a36e6
Compare
There was a problem hiding this comment.
OpenCode Agent approved this PR.
Inspected changes to .github/workflows/opencode-review.yml and scripts/ci/opencode_review_normalize_output.py. The updates include additional validation for structural review and file evidence, with no security or regression risks identified.
- Result: APPROVE
- Reason: No blockers found in the changes to the OpenCode review workflow and normalization script.
- Head SHA:
01a36e6eccd95987331aed6eeb34f9ec0816b764 - Workflow run: 27911921901
- Workflow attempt: 1
01a36e6 to
e71bcb2
Compare
There was a problem hiding this comment.
OpenCode Agent approved this PR.
Inspected changes to .github/workflows/opencode-review.yml and scripts/ci/opencode_review_normalize_output.py. Added validation rules prevent structural review bypass and ensure file evidence in approvals. No security, privacy, or functional regressions found.
- Result: APPROVE
- Reason: Enhancements improve review validation without introducing risks
- Head SHA:
e71bcb2b1034985cba4d3b5c35a7df9cdcc81475 - Workflow run: 27911979559
- Workflow attempt: 1
What changed
Rolls out the OpenCode agent hardening validated in
ContextualWisdomLab/naruon.im-not-ai,ponytail,code-review-graph, andKKTVto the OpenCode review prompt without adding new runtime dependencies.APPROVEsummaries to name at least one exact changed file/path inspected as evidence.APPROVEpayloads that claim no changes/no files/no actionable changes were found.APPROVEpayloads that omit concrete changed-file evidence.true/false) as invalid source line numbers.Validation
python3 -m py_compile scripts/ci/opencode_review_normalize_output.pyactionlint -shellcheck= -pyflakes= .github/workflows/opencode-review.ymlgit diff --checkAPPROVEreturns exit code 4; path-backedAPPROVEreturns 0; boolean finding line returns exit code 4.Strix execution is not added to repos that do not already have Strix. Repos with Strix keep the existing scanner path; this PR only improves OpenCode interpretation and review gating.