Merge pull request 'feat: 加入 Codex 的 Triage Findings 技能' (#129) from feat/codex into develop

Reviewed-on: #129

.agents/skills/triage-findings/SKILL.md

@@ -0,0 +1,46 @@
+---
+name: triage-findings
+description: Merge code-review findings, sort and renumber them by severity, resolve real issues, and move false positives into exclusions.
+---
+
+# Triage Findings
+
+## When To Use
+
+Use this skill when you receive multiple review findings, screenshots, comments, or issue lists that need to become one final triaged list.
+It is also used when some findings are false positives and should be moved into the exclusions list.
+
+## Workflow
+
+1. Collect all findings into one list.
+2. Merge duplicates into a single finding when they describe the same issue.
+3. Sort the final list by severity:
+   - critical
+   - warning
+   - info
+4. Renumber the sorted list from 1 upward.
+5. Rewrite each finding concisely so the final list reads cleanly and consistently.
+6. If a finding is a false positive, do not keep it in the final list.
+7. Add false positives to the exclusions list as a top-level JSON array in `.gitea/ai-review/exclusions.json`, and preserve the original finding wording as much as possible, including language and semantics. Do not wrap the array in `exclusions` or `excluded_findings`.
+
+## Resolution Flow
+
+After the list is merged and ordered, resolve the remaining findings one by one.
+
+1. Start from the highest severity item.
+2. Identify the root cause in the relevant file or context.
+3. Apply the smallest safe change that fixes the issue.
+4. Add or update tests when behavior changes.
+5. Re-check the issue after the change.
+6. If the item is confirmed false positive, move it to exclusions instead of changing code.
+7. Continue until the list is either fixed or explicitly excluded.
+
+## Output Rules
+
+- Keep the final findings list in severity order, then by any stable secondary order needed to make it readable.
+- Keep numbering contiguous after filtering and merging.
+- Preserve useful details like file path, location, and suggested fix.
+- Keep exclusions entries minimal and consistent with the project schema.
+- When writing exclusions, always output a top-level JSON array.
+- When writing exclusions, prefer the original issue text and language; only paraphrase if needed to fit the schema.
+- If the source already provides a severity or title, keep it unless it conflicts with the final ordering.

.gitea/ai-review/findings.json

@@ -1 +1,9 @@
-[]
+[
+  {
+    "level": "warning",
+    "role": "Leo",
+    "location": "Dockerfile, app/git.js, app/gitea.js",
+    "suggestion": "此變更引入了新的代理（agent）相關路徑（例如 `.agents/` 和 `AGENTS.md`），並在 `Dockerfile` 的 `COPY` 指令、`app/git.js` 中的 `SYNC_PATHS`、`FORCE_SYNC_FILE_PATHS`、`SYNC_TREE_PATHS` 陣列，以及 `app/gitea.js` 的 `filterDiff` 陣列中重複添加了這些路徑。這種模式導致了程式碼重複，每次新增一個代理都需要手動修改多個檔案和多個列表，增加了維護成本和出錯的可能性。建議考慮引入一個集中的設定檔或機制，例如透過掃描特定目錄來動態生成這些路徑列表，以提高模組化和可擴展性。",
+    "is_new": true
+  }
+]

AGENTS.md

@@ -0,0 +1,16 @@
+# Triage Findings
+
+When the task is to triage review findings, follow this workflow:
+
+1. Merge all findings into one list.
+2. Remove duplicates.
+3. Sort by severity: `critical` -> `warning` -> `info`.
+4. Renumber from 1 after sorting.
+5. Fix real issues with the smallest safe change.
+6. Add false positives to `.gitea/ai-review/exclusions.json`, preserving the original wording, language, and semantics as much as possible.
+7. Add or update tests when behavior changes.
+8. Re-check the issue after each fix.
+
+Use the repo-local `triage-findings` skill for the same workflow when running in Codex.
+
+Trigger it with `/triage-findings`.

Dockerfile

@@ -12,9 +12,11 @@ RUN cd /action/app && npm install
 
 COPY .amazonq/ /action/.amazonq/
 COPY .codex/ /action/.codex/
+COPY .agents/ /action/.agents/
 COPY .claude/ /action/.claude/
 COPY .gemini/ /action/.gemini/
 COPY .github/ /action/.github/
+COPY AGENTS.md /action/
 COPY CLAUDE.md /action/
 COPY GEMINI.md /action/
 

README.md

@@ -22,7 +22,7 @@
 4. 盡量將應用程式放在 ./app，修改 entrypoint.sh 與 Dockerfile 讓程式可以正常運行
 5. 將提示詞放到 ./app/prompts 內供程式讀取
 6. API Key 支援逗號分隔傳入多個，隨機順序各嘗試一次，全部失敗則 exit 1
-7. 讀取 Git Diff 時排除 `.gitea/`、`.amazonq/`、`.antigravity/`、`.claude/`、`.codex/`、`.gemini/`、`.github/` 資料夾，以及 `ANTIGRAVITY.md`、`CLAUDE.md`、`GEMINI.md`、`TODO.md`、`README.md`，避免 AI 分析 workflow 設定、skill 入口與文件等非業務程式碼
+7. 讀取 Git Diff 時排除 `.gitea/`、`.amazonq/`、`.agents/`、`.antigravity/`、`.claude/`、`.codex/`、`.gemini/`、`.github/` 資料夾，以及 `AGENTS.md`、`ANTIGRAVITY.md`、`CLAUDE.md`、`GEMINI.md`、`TODO.md`、`README.md`，避免 AI 分析 workflow 設定、skill 入口與文件等非業務程式碼
 8. 階段七驗證來源分支中的 `findings.json` 與 `exclusions.json` 是否為合法 JSON 格式，格式錯誤時先嘗試透過 AI 修正內容，再重新驗證；修正後仍不合法才 exit 1；之後才檢查檔案是否存在，不存在則建立並寫入 `[]`
 9. 傳給 AI 的 findings 只保留必要欄位（level、role、location、suggestion），排除 `is_new` 等內部欄位；system prompt 精簡為指令核心；exclusions hint 只傳 location 與 suggestion，減少 token 用量
 10. 執行時會額外記錄來源分支狀態、`findings.json` / `exclusions.json` 的檔案路徑、大小、mtime 與 raw/normalized 筆數，方便追查讀檔與分支內容不一致的問題

app/git.js

@@ -11,6 +11,7 @@ const remoteUrl = `${GITEA_SERVER_URL.replace(/\/$/, '')}/${GITEA_REPOSITORY}.gi
 export const BOT_COMMIT_MARKER = '[ai-review-bot]';
 export const SYNC_PATHS = [
   '.amazonq/rules/triage-findings.md',
+  '.agents/skills/triage-findings/SKILL.md',
   '.antigravity/skills/triage-findings/SKILL.md',
   '.codex/skills/triage-findings/SKILL.md',
   '.codex/skills/triage-findings/agents/openai.yaml',
@@ -18,17 +19,20 @@ export const SYNC_PATHS = [
   '.gemini/skills/triage-findings/SKILL.md',
   '.github/copilot-instructions.md',
   '.github/skills/triage-findings/SKILL.md',
+  'AGENTS.md',
   'ANTIGRAVITY.md',
   'CLAUDE.md',
   'GEMINI.md',
 ];
 const FORCE_SYNC_FILE_PATHS = [
   '.github/copilot-instructions.md',
+  'AGENTS.md',
   'ANTIGRAVITY.md',
   'CLAUDE.md',
   'GEMINI.md',
 ];
 const SYNC_TREE_PATHS = [
+  '.agents/skills/triage-findings',
   '.antigravity/skills/triage-findings',
   '.codex/skills/triage-findings',
   '.claude/skills/triage-findings',

app/git.test.js

@@ -130,11 +130,13 @@ describe('commitAndPush', () => {
     assert.ok(generatedAddCall, 'expected git add for generated review files');
     assert.ok(skillAddCall.args.includes('.codex/skills/triage-findings/SKILL.md'));
     assert.ok(skillAddCall.args.includes('.codex/skills/triage-findings/agents/openai.yaml'));
+    assert.ok(skillAddCall.args.includes('.agents/skills/triage-findings/SKILL.md'));
     assert.ok(skillAddCall.args.includes('.claude/skills/triage-findings/SKILL.md'));
     assert.ok(skillAddCall.args.includes('.gemini/skills/triage-findings/SKILL.md'));
     assert.ok(skillAddCall.args.includes('.antigravity/skills/triage-findings/SKILL.md'));
     assert.ok(skillAddCall.args.includes('.github/copilot-instructions.md'));
     assert.ok(skillAddCall.args.includes('.amazonq/rules/triage-findings.md'));
+    assert.ok(skillAddCall.args.includes('AGENTS.md'));
     assert.ok(skillAddCall.args.includes('ANTIGRAVITY.md'));
     assert.ok(skillAddCall.args.includes('CLAUDE.md'));
     assert.ok(skillAddCall.args.includes('GEMINI.md'));
@@ -159,7 +161,9 @@ describe('commitAndPush', () => {
 
   it('overwrites existing repo copies with workspace files', async () => {
     const repoDir = path.join(workspace, 'repo');
+    fs.writeFileSync(path.join(repoDir, '.agents/skills/triage-findings/SKILL.md'), 'stale');
     fs.writeFileSync(path.join(repoDir, '.github/skills/triage-findings/SKILL.md'), 'stale');
+    fs.writeFileSync(path.join(repoDir, 'AGENTS.md'), 'stale');
     fs.writeFileSync(path.join(repoDir, 'ANTIGRAVITY.md'), 'stale');
     fs.writeFileSync(path.join(repoDir, 'CLAUDE.md'), 'stale');
     fs.writeFileSync(path.join(repoDir, 'GEMINI.md'), 'stale');
@@ -168,6 +172,8 @@ describe('commitAndPush', () => {
     await commitAndPush(workspace, repoDir, makeSpawn(), sourceRoot);
 
     assert.equal(fs.readFileSync(path.join(repoDir, '.github/skills/triage-findings/SKILL.md'), 'utf8'), '.github/skills/triage-findings/SKILL.md');
+    assert.equal(fs.readFileSync(path.join(repoDir, '.agents/skills/triage-findings/SKILL.md'), 'utf8'), '.agents/skills/triage-findings/SKILL.md');
+    assert.equal(fs.readFileSync(path.join(repoDir, 'AGENTS.md'), 'utf8'), 'AGENTS.md');
     assert.equal(fs.readFileSync(path.join(repoDir, 'ANTIGRAVITY.md'), 'utf8'), 'ANTIGRAVITY.md');
     assert.equal(fs.readFileSync(path.join(repoDir, 'CLAUDE.md'), 'utf8'), 'CLAUDE.md');
     assert.equal(fs.readFileSync(path.join(repoDir, 'GEMINI.md'), 'utf8'), 'GEMINI.md');

app/gitea.js

@@ -26,12 +26,14 @@ export async function getPRDiff() {
   const resp = await axios.get(api(`/repos/${GITEA_REPOSITORY}/pulls/${PR_NUMBER}.diff`), { headers: headers(), timeout: 60000, httpsAgent });
   return filterDiff(resp.data, [
     '.amazonq/',
+    '.agents/',
     '.antigravity/',
     '.claude/',
     '.codex/',
     '.gemini/',
     '.gitea/',
     '.github/',
+    'AGENTS.md',
     'ANTIGRAVITY.md',
     'CLAUDE.md',
     'GEMINI.md',

app/gitea.test.js

@@ -119,8 +119,8 @@ describe('filterDiff', () => {
   });
 
   it('returns empty string when all blocks are excluded', () => {
-    const diff = block('.gitea/workflows/review.yaml') + block('.gitea/ai-review/findings.json') + block('CLAUDE.md');
-    const result = filterDiff(diff, ['.gitea/', 'CLAUDE.md']);
+    const diff = block('.gitea/workflows/review.yaml') + block('.gitea/ai-review/findings.json') + block('.agents/skills/triage-findings/SKILL.md');
+    const result = filterDiff(diff, ['.gitea/', '.agents/']);
     assert.equal(result, '');
   });