fix: git.js 改用 spawnSync 直接呼叫 git binary（避免 /bin/sh ENOENT）

Co-authored-by: Copilot <copilot@github.com>

.gitea/workflows/master.yaml

@@ -1,10 +1,11 @@
+name: CD
 on:
   push:
     branches:
     - master
 jobs:
   version:
-    name: "CD > 計算版本號"
+    name: 計算版本號
     runs-on: ubuntu
     outputs:
       version: ${{ steps.version.outputs.version }}
@@ -13,14 +14,14 @@ jobs:
       id: version
       uses: https://gitea.jsc.idv.tw/actions/calculate-version@${{ vars.ACTION_CALCULATE_VERSION }}
   release:
-    name: "CD > 發布專案"
+    name: 發布專案
     runs-on: ubuntu
     needs: version
     steps:
     - name: 發布專案
       uses: akkuman/gitea-release-action@${{ vars.ACTION_RELEASE_VERSION }}
       with:
-        tag_name: "v${{ needs.version.outputs.version }}"
+        tag_name: v${{ needs.version.outputs.version }}
     - name: 清理成品
       uses: https://gitea.jsc.idv.tw/actions/cleanup-release@${{ vars.ACTION_CLEANUP_RELEASE_VERSION }}
       with:

.gitea/workflows/review.yaml

@@ -0,0 +1,36 @@
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  version:
+    name: 計算版本號
+    runs-on: ubuntu
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+    steps:
+    - name: 計算版本號
+      id: version
+      uses: https://gitea.jsc.idv.tw/actions/calculate-version@${{ vars.ACTION_CALCULATE_VERSION }}
+      with:
+        IS_BETA: true
+    - name: 標註版本號
+      uses: akkuman/gitea-release-action@${{ vars.ACTION_RELEASE_VERSION }}
+      with:
+        name: code-review v${{ steps.version.outputs.version }}
+        tag_name: v${{ steps.version.outputs.version }}
+        target_commitish: ${{ github.head_ref }}
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    needs: [version]
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@v${{ needs.version.outputs.version }}
+      with:
+        OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+        OPENAI_BASE_URL: https://openrouter.ai/api/v1
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write

Dockerfile

@@ -1,10 +1,15 @@
-FROM alpine:latest
+FROM node:20-slim
 
-# 安裝必要的工具
-RUN apk add --no-cache --no-check-certificate bash
-    
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /action
+
+COPY app/ /action/app/
 COPY entrypoint.sh /entrypoint.sh
 
-RUN chmod +x /entrypoint.sh
+RUN cd /action/app && npm install && \
+    chmod +x /entrypoint.sh
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1,274 @@
+# 簡介
+
+這是一個 AI Code Review Action。Gitea Workflow 可以使用此 Action 讓 AI 助理根據不同面向分析 Push Request 中變更的內容後，將問題分級 Commnet 到 Push Request 中。
+
+# 流程(新 Push Request、新 Commit (排除 AI 助理的 Commit) 觸發)
+
+1. 服務名稱、模型名稱、角色資訊(個性、符合個性的英文名稱、工作內容)，Comment 到 Push Request
+2. 每個角色個別分析 Git Diff 的內容產生新問題表格(問題等級、角色名稱、問題位置或行數、修改建議)
+3. 讀取所有未解決的舊問題(問題檔案存在於使用此 Action 的專案固定位置)加上新問題後，去除重複產生本次 Push Request 的問題表格(PR問題表格)覆蓋問題檔案
+4. 從PR問題表格中取出所有舊問題，依照等級排序後 Comment 到 Push Request
+5. 從PR問題表格中取出所有新問題，排除嚴重等級的問題後 Comment 到 Push Request
+6. 從PR問題表格中取出所有新問題，將每個嚴重等級的問題 Comment 到 Push Request
+7. Commit 問題檔案
+8. 如果PR問題表格中有嚴重問題，則不要讓 workflow 執行成功(exit 1)
+
+# 設計
+
+1. Gitea 的相關參數如果 inputs 沒有定義，則從 ${{ gitea.* }} 取得
+2. BASE_URL 如果 inputs 沒有定義，則使用預設值
+3. Comment 加上些許 emoji 讓資訊有點活力
+4. 盡量將應用程式放在 ./app，修改 entrypoint.sh 與 Dockerfile 讓程式可以正常運行
+5. 將提示詞放到 ./app/prompts 內供程式讀取
+
+# 使用說明
+
+1. 在 Gitea 專案中建立 `.gitea/workflows` 資料夾
+2. 在 `.gitea/workflows` 資料夾中建立 `ai-review.yaml'
+3. 在 `ai-review.yaml` 中填入以下內容(選擇一個使用)：
+
+### 1. OpenAI（OpenRouter）
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        # Github (h3285@evertrust.com.tw)
+        # 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
+        OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+        OPENAI_BASE_URL: https://openrouter.ai/api/v1
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 2. Anthropic Claude
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        CLAUDE_API_KEY: ${{ secrets.CLAUDE_API_KEY }}
+        CLAUDE_BASE_URL: https://api.anthropic.com/v1
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 3. Google Gemini
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+        GEMINI_BASE_URL: https://generativelanguage.googleapis.com/v1beta
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 4. Amazon Q
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        AMAZONQ_API_KEY: ${{ secrets.AMAZONQ_API_KEY }}
+        AMAZONQ_BASE_URL: https://q.api.aws
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 5. SonarQube
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        SONARQUBE_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+        SONARQUBE_URL: https://sonarqube.example.com
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 6. Kilo Code
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        KILO_API_KEY: ${{ secrets.KILO_API_KEY }}
+        KILO_BASE_URL: https://api.kilocode.com/v1
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 7. Roo Code
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        ROO_API_KEY: ${{ secrets.ROO_API_KEY }}
+        ROO_BASE_URL: https://api.roocode.com/v1
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 8. Cline
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        CLINE_API_KEY: ${{ secrets.CLINE_API_KEY }}
+        CLINE_BASE_URL: https://api.cline.dev/v1
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 9. Continue
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        CONTINUE_API_KEY: ${{ secrets.CONTINUE_API_KEY }}
+        CONTINUE_BASE_URL: https://api.continue.dev/v1
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### 10. Kade
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+      uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+      with:
+        KADE_API_KEY: ${{ secrets.KADE_API_KEY }}
+        KADE_BASE_URL: https://api.kade.dev/v1
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+```
+
+### - Ollama
+
+```yaml
+name: AI
+on:
+  pull_request:
+    types: [opened, synchronize]
+jobs:
+  code-review:
+    name: 'Code Review'
+    runs-on: ubuntu
+    steps:
+    - name: AI Code Review
+        uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
+        with:
+          OLLAMA_BASE_URL: ${{ vars.OLLAMA_BASE_URL }}
+          OLLAMA_MODEL: ${{ vars.OLLAMA_MODEL }}
+    permissions:
+      contents: write
+      pull-requests: write
+
+      issues: write
+```

TODO.md

@@ -0,0 +1,32 @@
+# 開發階段 TODO
+
+## 階段一：基本流程串接
+- 目標：確保 action 可以被觸發，pipeline 各步驟依序執行，log 出每個主要階段的進入與完成。
+- 驗收：log 中能看到每個階段（如「Step1: pipeline start」、「Step2: findings merge」等）明確訊息，且流程能走完（即使還沒產生 findings）。
+- 完成
+
+## 階段二：Findings 產生與合併
+- 目標：各角色（style/security/performance/maintainability/testing）能產生 findings，並正確合併新舊 findings。
+- 驗收：log 中能看到每個角色 findings 數量、合併後 findings 統計，並有「Step3: merged findings total=...」等訊息。
+
+## 階段三：AI 去重與角色確認
+- 目標：嘗試呼叫 LLM 進行 findings 去重與角色確認，API 額度不足時要有降級處理 log。
+- 驗收：log 中能看到 deduplication/resolution confirmation 成功或失敗（如 402），降級時有「保留所有問題」等明確訊息。
+
+## 階段四：findings 寫入與 comment 發布
+- 目標：findings.jsonl 正確寫入，comment 發布順序正確（舊問題→非嚴重→嚴重），每步有 log。
+- 驗收：log 中能看到 findings 寫入、comment sync 的詳細訊息與順序。
+
+## 階段五：記憶區 commit/push 與錯誤處理
+- 目標：記憶區能成功 commit/push，錯誤時有明確 log，流程結束有總結訊息。
+- 驗收：log 有「persisted findings」、「commit=...」、「push=...」等訊息，錯誤時有「Runner failed: ...」等明確錯誤說明。
+
+## 階段六：阻擋嚴重問題 PR（第 8 點）
+- 目標：如果 PR 問題表格中有嚴重（critical）問題，workflow 需直接 exit 1，不讓流程成功。
+- 驗收：log 中能看到「critical 問題存在，workflow 結束（exit 1）」等明確訊息，且 workflow 狀態為失敗。
+
+---
+
+每個階段都會加上明確的 log，並確保即使部分功能未完成也能降級執行、不會中斷 pipeline。
+
+每次執行後請貼 log，我會協助 debug。

action.yaml

@@ -1,20 +1,159 @@
-name: 'Docker Action Template'
-description: 'Docker Action 範本'
+name: 'AI Code Review'
+description: 'AI 多角色 Code Review Action，自動分析 PR 並發布問題 Comment'
 author: 'Jeffery'
 inputs:
-  runner_token:
-    description: 'Gitea Runner Token'
-    required: true
-  text:
-    description: '輸入的文字'
-    default: "Hello, World!"
-outputs:
-  text:
-    description: '輸出的文字'
+  # Gitea 相關（可從 gitea context 自動取得）
+  GITEA_TOKEN:
+    description: 'Gitea API Token'
+    required: false
+  GITEA_SERVER_URL:
+    description: 'Gitea Server URL'
+    required: false
+  GITEA_REPOSITORY:
+    description: 'Gitea Repository (owner/repo)'
+    required: false
+  PR_NUMBER:
+    description: 'Pull Request Number'
+    required: false
+  PR_HEAD_BRANCH:
+    description: 'PR 來源分支'
+    required: false
+  PR_BASE_BRANCH:
+    description: 'PR 目標分支'
+    required: false
+
+  # OpenAI-compatible
+  OPENAI_API_KEY:
+    description: 'OpenAI / OpenRouter API Key'
+    required: false
+  OPENAI_BASE_URL:
+    description: 'OpenAI-compatible Base URL'
+    required: false
+    default: 'https://openrouter.ai/api/v1'
+  OPENAI_MODEL:
+    description: 'OpenAI-compatible Model Name'
+    required: false
+
+  # Anthropic Claude
+  CLAUDE_API_KEY:
+    description: 'Anthropic Claude API Key'
+    required: false
+  CLAUDE_BASE_URL:
+    description: 'Claude Base URL'
+    required: false
+  CLAUDE_MODEL:
+    description: 'Claude Model Name'
+    required: false
+
+  # Google Gemini
+  GEMINI_API_KEY:
+    description: 'Google Gemini API Key'
+    required: false
+  GEMINI_BASE_URL:
+    description: 'Gemini Base URL'
+    required: false
+  GEMINI_MODEL:
+    description: 'Gemini Model Name'
+    required: false
+
+  # Ollama
+  OLLAMA_BASE_URL:
+    description: 'Ollama Base URL'
+    required: false
+  OLLAMA_MODEL:
+    description: 'Ollama Model Name'
+    required: false
+
+  # Amazon Q
+  AMAZONQ_API_KEY:
+    description: 'Amazon Q API Key'
+    required: false
+  AMAZONQ_BASE_URL:
+    description: 'Amazon Q Base URL'
+    required: false
+
+  # SonarQube
+  SONARQUBE_TOKEN:
+    description: 'SonarQube Token'
+    required: false
+  SONARQUBE_URL:
+    description: 'SonarQube URL'
+    required: false
+
+  # Kilo Code
+  KILO_API_KEY:
+    description: 'Kilo Code API Key'
+    required: false
+  KILO_BASE_URL:
+    description: 'Kilo Code Base URL'
+    required: false
+
+  # Roo Code
+  ROO_API_KEY:
+    description: 'Roo Code API Key'
+    required: false
+  ROO_BASE_URL:
+    description: 'Roo Code Base URL'
+    required: false
+
+  # Cline
+  CLINE_API_KEY:
+    description: 'Cline API Key'
+    required: false
+  CLINE_BASE_URL:
+    description: 'Cline Base URL'
+    required: false
+
+  # Continue
+  CONTINUE_API_KEY:
+    description: 'Continue API Key'
+    required: false
+  CONTINUE_BASE_URL:
+    description: 'Continue Base URL'
+    required: false
+
+  # Kade
+  KADE_API_KEY:
+    description: 'Kade API Key'
+    required: false
+  KADE_BASE_URL:
+    description: 'Kade Base URL'
+    required: false
+
 runs:
   using: 'docker'
   image: 'Dockerfile'
   env:
-    GITEA_SERVER_URL: ${{ gitea.server_url }}
-    GITEA_REPOSITORY: ${{ gitea.repository }}
-    RUNNER_TOKEN: ${{ inputs.runner_token || secrets.GITEA_TOKEN || secrets.RUNNER_TOKEN }}
+    # Gitea context（優先用 inputs，否則從 gitea context 取）
+    GITEA_TOKEN: ${{ inputs.GITEA_TOKEN || secrets.GITEA_TOKEN }}
+    GITEA_SERVER_URL: ${{ inputs.GITEA_SERVER_URL || gitea.server_url }}
+    GITEA_REPOSITORY: ${{ inputs.GITEA_REPOSITORY || gitea.repository }}
+    PR_NUMBER: ${{ inputs.PR_NUMBER || gitea.event.pull_request.number }}
+    PR_HEAD_BRANCH: ${{ inputs.PR_HEAD_BRANCH || gitea.event.pull_request.head.ref }}
+    PR_BASE_BRANCH: ${{ inputs.PR_BASE_BRANCH || gitea.event.pull_request.base.ref }}
+    # LLM
+    OPENAI_API_KEY: ${{ inputs.OPENAI_API_KEY }}
+    OPENAI_BASE_URL: ${{ inputs.OPENAI_BASE_URL }}
+    OPENAI_MODEL: ${{ inputs.OPENAI_MODEL }}
+    CLAUDE_API_KEY: ${{ inputs.CLAUDE_API_KEY }}
+    CLAUDE_BASE_URL: ${{ inputs.CLAUDE_BASE_URL }}
+    CLAUDE_MODEL: ${{ inputs.CLAUDE_MODEL }}
+    GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }}
+    GEMINI_BASE_URL: ${{ inputs.GEMINI_BASE_URL }}
+    GEMINI_MODEL: ${{ inputs.GEMINI_MODEL }}
+    OLLAMA_BASE_URL: ${{ inputs.OLLAMA_BASE_URL }}
+    OLLAMA_MODEL: ${{ inputs.OLLAMA_MODEL }}
+    AMAZONQ_API_KEY: ${{ inputs.AMAZONQ_API_KEY }}
+    AMAZONQ_BASE_URL: ${{ inputs.AMAZONQ_BASE_URL }}
+    SONARQUBE_TOKEN: ${{ inputs.SONARQUBE_TOKEN }}
+    SONARQUBE_URL: ${{ inputs.SONARQUBE_URL }}
+    KILO_API_KEY: ${{ inputs.KILO_API_KEY }}
+    KILO_BASE_URL: ${{ inputs.KILO_BASE_URL }}
+    ROO_API_KEY: ${{ inputs.ROO_API_KEY }}
+    ROO_BASE_URL: ${{ inputs.ROO_BASE_URL }}
+    CLINE_API_KEY: ${{ inputs.CLINE_API_KEY }}
+    CLINE_BASE_URL: ${{ inputs.CLINE_BASE_URL }}
+    CONTINUE_API_KEY: ${{ inputs.CONTINUE_API_KEY }}
+    CONTINUE_BASE_URL: ${{ inputs.CONTINUE_BASE_URL }}
+    KADE_API_KEY: ${{ inputs.KADE_API_KEY }}
+    KADE_BASE_URL: ${{ inputs.KADE_BASE_URL }}

app/comments.js

@@ -0,0 +1,70 @@
+import fs from 'fs';
+import path from 'path';
+import { postComment } from './gitea.js';
+import { FINDINGS_PATH } from './config.js';
+
+const LEVEL_EMOJI = { critical: '🔴', warning: '🟡', info: '🔵' };
+const LEVEL_LABEL = { critical: '嚴重', warning: '警告', info: '建議' };
+
+function findingRow(f) {
+  return `| ${LEVEL_EMOJI[f.level] || ''} ${LEVEL_LABEL[f.level] || f.level} | ${f.role} | ${f.location} | ${f.suggestion} |`;
+}
+
+function buildTable(findings) {
+  const rows = findings.map(findingRow).join('\n');
+  return `| 等級 | 審查員 | 位置 | 建議 |\n|------|--------|------|------|\n${rows}`;
+}
+
+/**
+ * 寫入 findings.json 到 workspace
+ */
+export function saveFindings(workspace, findings) {
+  const fullPath = path.join(workspace, FINDINGS_PATH);
+  fs.mkdirSync(path.dirname(fullPath), { recursive: true });
+  fs.writeFileSync(fullPath, JSON.stringify(findings, null, 2), 'utf8');
+  console.log(`  ✅ findings 寫入: ${fullPath} (${findings.length} 筆)`);
+}
+
+/**
+ * 發布所有舊問題 comment（一次發布，依等級排序）
+ */
+export async function postOldFindingsComment(findings) {
+  const old = findings.filter(f => !f.is_new);
+  if (old.length === 0) {
+    console.log('  無舊問題，跳過');
+    return;
+  }
+  const body = `## 📋 舊有未解決問題（${old.length} 筆）\n\n${buildTable(old)}`;
+  await postComment(body);
+  console.log(`  ✅ 舊問題 comment 發布 (${old.length} 筆)`);
+}
+
+/**
+ * 發布新問題中非 critical 的 comment（一次發布）
+ */
+export async function postNewNonCriticalComment(findings) {
+  const items = findings.filter(f => f.is_new && f.level !== 'critical');
+  if (items.length === 0) {
+    console.log('  無新的非嚴重問題，跳過');
+    return;
+  }
+  const body = `## 🔍 新發現問題（${items.length} 筆）\n\n${buildTable(items)}`;
+  await postComment(body);
+  console.log(`  ✅ 新問題（非嚴重）comment 發布 (${items.length} 筆)`);
+}
+
+/**
+ * 每個新 critical 問題各發一個 comment
+ */
+export async function postNewCriticalComments(findings) {
+  const criticals = findings.filter(f => f.is_new && f.level === 'critical');
+  if (criticals.length === 0) {
+    console.log('  無新的嚴重問題，跳過');
+    return;
+  }
+  for (const f of criticals) {
+    const body = `## 🚨 嚴重問題\n\n| 審查員 | 位置 | 建議 |\n|--------|------|------|\n| ${f.role} | ${f.location} | ${f.suggestion} |`;
+    await postComment(body);
+    console.log(`  ✅ 嚴重問題 comment 發布: [${f.role}] ${f.location}`);
+  }
+}

app/config.js

@@ -0,0 +1,27 @@
+export const GITEA_TOKEN = process.env.GITEA_TOKEN || '';
+export const GITEA_SERVER_URL = process.env.GITEA_SERVER_URL || 'https://gitea.com';
+export const GITEA_REPOSITORY = process.env.GITEA_REPOSITORY || '';
+export const PR_NUMBER = process.env.PR_NUMBER || '';
+export const PR_HEAD_BRANCH = process.env.PR_HEAD_BRANCH || '';
+export const PR_BASE_BRANCH = process.env.PR_BASE_BRANCH || '';
+
+export const FINDINGS_PATH = '.gitea/ai-review/findings.json';
+
+export function getLLMConfig() {
+  const checks = [
+    ['openai',   process.env.OPENAI_API_KEY,   process.env.OPENAI_BASE_URL || 'https://api.openai.com/v1',   process.env.OPENAI_MODEL || 'gpt-4o-mini'],
+    ['claude',   process.env.CLAUDE_API_KEY,   process.env.CLAUDE_BASE_URL || 'https://api.anthropic.com/v1', process.env.CLAUDE_MODEL || 'claude-3-haiku-20240307'],
+    ['gemini',   process.env.GEMINI_API_KEY,   process.env.GEMINI_BASE_URL || 'https://generativelanguage.googleapis.com/v1beta', process.env.GEMINI_MODEL || 'gemini-1.5-flash'],
+    ['ollama',   'ollama',                      process.env.OLLAMA_BASE_URL,  process.env.OLLAMA_MODEL],
+    ['amazonq',  process.env.AMAZONQ_API_KEY,  process.env.AMAZONQ_BASE_URL || 'https://q.api.aws', process.env.OPENAI_MODEL || 'amazon-q'],
+    ['kilo',     process.env.KILO_API_KEY,     process.env.KILO_BASE_URL || 'https://api.kilocode.com/v1', process.env.OPENAI_MODEL || 'kilo-default'],
+    ['roo',      process.env.ROO_API_KEY,      process.env.ROO_BASE_URL || 'https://api.roocode.com/v1', process.env.OPENAI_MODEL || 'roo-default'],
+    ['cline',    process.env.CLINE_API_KEY,    process.env.CLINE_BASE_URL || 'https://api.cline.dev/v1', process.env.OPENAI_MODEL || 'cline-default'],
+    ['continue', process.env.CONTINUE_API_KEY, process.env.CONTINUE_BASE_URL || 'https://api.continue.dev/v1', process.env.OPENAI_MODEL || 'continue-default'],
+    ['kade',     process.env.KADE_API_KEY,     process.env.KADE_BASE_URL || 'https://api.kade.dev/v1', process.env.OPENAI_MODEL || 'kade-default'],
+  ];
+  for (const [provider, key, baseURL, model] of checks) {
+    if (key && baseURL) return { provider, apiKey: key, baseURL, model };
+  }
+  return { provider: null, apiKey: null, baseURL: null, model: null };
+}

app/findings.js

@@ -0,0 +1,95 @@
+import fs from 'fs';
+import path from 'path';
+import { chatJSON } from './llm.js';
+import { FINDINGS_PATH } from './config.js';
+
+const LEVELS = ['critical', 'warning', 'info'];
+
+/**
+ * 用單一角色分析 diff，回傳 findings 陣列
+ */
+export async function analyzeWithRole(role, diff) {
+  console.log(`  [${role.name}] 開始分析...`);
+  const findings = await chatJSON(role.system_prompt, `以下是 Git Diff 內容：\n\n${diff}`);
+  // 確保每筆都有必要欄位，並標記為新問題
+  const valid = findings.filter(f => f.level && f.role && f.location && f.suggestion)
+    .map(f => ({ ...f, is_new: true }));
+  console.log(`  [${role.name}] 找到 ${valid.length} 個問題`);
+  return valid;
+}
+
+/**
+ * 讀取舊 findings（從 workspace 的 FINDINGS_PATH）
+ */
+export function loadOldFindings(workspace) {
+  const fullPath = path.join(workspace, FINDINGS_PATH);
+  if (!fs.existsSync(fullPath)) {
+    console.log('  舊 findings 檔案不存在，視為空');
+    return [];
+  }
+  try {
+    const data = JSON.parse(fs.readFileSync(fullPath, 'utf8'));
+    const old = (Array.isArray(data) ? data : []).map(f => ({ ...f, is_new: false }));
+    console.log(`  讀取舊 findings: ${old.length} 筆`);
+    return old;
+  } catch (e) {
+    console.log(`  ⚠️  讀取舊 findings 失敗: ${e.message}，視為空`);
+    return [];
+  }
+}
+
+/**
+ * 合併新舊 findings，以 (role + location + suggestion前50字) 為 key 去除重複
+ * 舊問題保留，新問題若與舊問題重複則捨棄
+ */
+export function mergeFindings(oldFindings, newFindings) {
+  const key = f => `${f.role}|${f.location}|${String(f.suggestion).slice(0, 50)}`;
+  const seen = new Set(oldFindings.map(key));
+  const deduped = newFindings.filter(f => {
+    if (seen.has(key(f))) return false;
+    seen.add(key(f));
+    return true;
+  });
+  const merged = [...oldFindings, ...deduped];
+  console.log(`  合併結果: 舊=${oldFindings.length} 新(去重後)=${deduped.length} 總計=${merged.length}`);
+  return merged;
+}
+
+/**
+ * 依等級排序（critical > warning > info）
+ */
+export function sortByLevel(findings) {
+  return [...findings].sort((a, b) => LEVELS.indexOf(a.level) - LEVELS.indexOf(b.level));
+}
+
+/**
+ * 呼叫 LLM 進行語意去重，回傳去重後的 findings
+ * 失敗時降級回傳原始 findings
+ */
+export async function deduplicateWithAI(findings) {
+  if (findings.length === 0) return findings;
+
+  const systemPrompt = `你是一位程式碼審查問題去重專家。
+給你一份問題清單（JSON 陣列），請移除語意重複的問題（即使描述文字不同，但指的是同一個問題）。
+保留等級較高的版本，優先保留 critical > warning > info。
+只回傳去重後的 JSON 陣列，不要有其他文字。`;
+
+  const userContent = `以下是問題清單，請去除語意重複的項目：\n\n${JSON.stringify(findings, null, 2)}`;
+
+  try {
+    const result = await chatJSON(systemPrompt, userContent);
+    if (Array.isArray(result) && result.length > 0) {
+      console.log(`  AI 去重: ${findings.length} -> ${result.length} 筆`);
+      return result;
+    }
+    throw new Error('AI 回傳空陣列');
+  } catch (e) {
+    const status = e.response?.status;
+    if (status === 402 || status === 429) {
+      console.log(`  ⚠️  AI 去重失敗（${status} 額度/限流），降級：保留所有問題`);
+    } else {
+      console.log(`  ⚠️  AI 去重失敗（${e.message}），降級：保留所有問題`);
+    }
+    return findings;
+  }
+}

app/git.js

@@ -0,0 +1,38 @@
+import { spawnSync } from 'child_process';
+import { GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_TOKEN, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
+
+function git(args, cwd) {
+  const result = spawnSync('git', args, { cwd, encoding: 'utf8' });
+  if (result.error) throw result.error;
+  if (result.status !== 0) throw new Error(result.stderr || result.stdout);
+  return (result.stdout || '').trim();
+}
+
+/**
+ * Commit findings.json 並 push 到 PR 來源分支
+ */
+export function commitAndPush(workspace) {
+  const repoDir = `${workspace}/${GITEA_REPOSITORY}`;
+  const remoteUrl = GITEA_SERVER_URL.replace(/\/$/, '').replace('https://', `https://${GITEA_TOKEN}@`) + `/${GITEA_REPOSITORY}.git`;
+
+  try {
+    git(['config', 'user.email', 'ai-review[bot]@gitea'], repoDir);
+    git(['config', 'user.name', 'AI Review Bot'], repoDir);
+    git(['fetch', 'origin', PR_HEAD_BRANCH], repoDir);
+    git(['checkout', PR_HEAD_BRANCH], repoDir);
+    git(['add', FINDINGS_PATH], repoDir);
+
+    const status = git(['status', '--porcelain'], repoDir);
+    if (!status) {
+      console.log('  findings.json 無變更，跳過 commit');
+      return;
+    }
+
+    const out = git(['commit', '-m', 'chore: update ai-review findings [skip ci]'], repoDir);
+    const commitHash = out.match(/\[.+ ([a-f0-9]+)\]/)?.[1] || 'unknown';
+    git(['push', remoteUrl, PR_HEAD_BRANCH], repoDir);
+    console.log(`  ✅ persisted findings  commit=${commitHash}  push=${PR_HEAD_BRANCH}`);
+  } catch (e) {
+    console.log(`  ⚠️  Runner failed: commit/push 失敗: ${e.message}`);
+  }
+}

app/gitea.js

@@ -0,0 +1,17 @@
+import axios from 'axios';
+import https from 'https';
+import { GITEA_TOKEN, GITEA_SERVER_URL, GITEA_REPOSITORY, PR_NUMBER } from './config.js';
+
+const httpsAgent = new https.Agent({ rejectUnauthorized: false });
+const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
+const api = (path) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${path}`;
+
+export async function getPRDiff() {
+  const resp = await axios.get(api(`/repos/${GITEA_REPOSITORY}/pulls/${PR_NUMBER}.diff`), { headers: headers(), timeout: 60000, httpsAgent });
+  return resp.data;
+}
+
+export async function postComment(body) {
+  const resp = await axios.post(api(`/repos/${GITEA_REPOSITORY}/issues/${PR_NUMBER}/comments`), { body }, { headers: headers(), timeout: 30000, httpsAgent });
+  return resp.data;
+}

app/llm.js

@@ -0,0 +1,36 @@
+import axios from 'axios';
+import https from 'https';
+import { getLLMConfig } from './config.js';
+
+const httpsAgent = new https.Agent({ rejectUnauthorized: false });
+
+export async function chat(systemPrompt, userContent) {
+  const { provider, apiKey, baseURL, model } = getLLMConfig();
+  if (!provider) throw new Error('未設定任何 LLM API Key');
+
+  console.log(`  [LLM] provider=${provider} model=${model}`);
+
+  const headers = {
+    'Content-Type': 'application/json',
+    'Authorization': `Bearer ${apiKey}`,
+  };
+  if (provider === 'claude') headers['anthropic-version'] = '2023-06-01';
+
+  const resp = await axios.post(
+    `${baseURL.replace(/\/$/, '')}/chat/completions`,
+    { model, messages: [{ role: 'system', content: systemPrompt }, { role: 'user', content: userContent }], temperature: 0.2 },
+    { headers, timeout: 120000, httpsAgent }
+  );
+  return resp.data.choices[0].message.content;
+}
+
+export async function chatJSON(systemPrompt, userContent) {
+  try {
+    let text = await chat(systemPrompt, userContent);
+    text = text.trim().replace(/^```[^\n]*\n?/, '').replace(/```$/, '').trim();
+    return JSON.parse(text);
+  } catch (e) {
+    console.log(`  [LLM] 解析失敗: ${e.message}`);
+    return [];
+  }
+}

app/main.js

@@ -0,0 +1,113 @@
+import { GITEA_REPOSITORY, PR_NUMBER, PR_HEAD_BRANCH, PR_BASE_BRANCH, getLLMConfig } from './config.js';
+import { loadRoles, getRoleIntro } from './roles.js';
+import { getPRDiff, postComment } from './gitea.js';
+import { analyzeWithRole, loadOldFindings, mergeFindings, sortByLevel, deduplicateWithAI } from './findings.js';
+import { saveFindings, postOldFindingsComment, postNewNonCriticalComment, postNewCriticalComments } from './comments.js';
+import { commitAndPush } from './git.js';
+
+const WORKSPACE = process.env.GITHUB_WORKSPACE || '/workspace';
+
+async function main() {
+  console.log('='.repeat(60));
+  console.log('🚀 Step1: Pipeline 啟動');
+  console.log(`  repo=${GITEA_REPOSITORY}  PR=#${PR_NUMBER}`);
+  console.log(`  ${PR_HEAD_BRANCH} -> ${PR_BASE_BRANCH}`);
+
+  // 偵測 LLM
+  const { provider, baseURL, model } = getLLMConfig();
+  if (!provider) {
+    console.error('❌ 未設定任何 LLM API Key，請檢查 action inputs');
+    process.exit(1);
+  }
+  console.log(`  LLM: provider=${provider}  model=${model}  base_url=${baseURL}`);
+
+  // 載入角色
+  const roles = loadRoles();
+  console.log(`  已載入 ${roles.length} 個角色: [${roles.map(r => r.name).join(', ')}]`);
+
+  // 取得 PR diff
+  console.log('\n📋 Step1: 取得 PR Diff');
+  let diff;
+  try {
+    diff = await getPRDiff();
+    console.log(`  diff 長度: ${diff.length} 字元`);
+  } catch (e) {
+    console.error(`  ❌ 取得 diff 失敗: ${e.message}`);
+    process.exit(1);
+  }
+
+  if (!diff.trim()) {
+    console.log('  ⚠️  diff 為空，無需審查');
+    process.exit(0);
+  }
+
+  // 發布角色介紹 comment
+  console.log('\n💬 Step1: 發布角色介紹 Comment');
+  try {
+    const intro = getRoleIntro(roles) + `\n\n> 🔍 服務：${provider}  模型：${model}`;
+    await postComment(intro);
+    console.log('  ✅ 角色介紹 comment 發布成功');
+  } catch (e) {
+    console.log(`  ⚠️  comment 發布失敗（繼續執行）: ${e.message}`);
+  }
+
+  // Step2: 各角色分析 diff 產生新 findings
+  console.log('\n📊 Step2: Findings 產生');
+  const newFindings = [];
+  for (const role of roles) {
+    try {
+      const found = await analyzeWithRole(role, diff);
+      newFindings.push(...found);
+    } catch (e) {
+      console.log(`  ⚠️  [${role.name}] 分析失敗（跳過）: ${e.message}`);
+    }
+  }
+  console.log(`  Step2 完成: 新 findings 總計 ${newFindings.length} 筆`);
+
+  // Step3: 讀取舊 findings，合併去重
+  console.log('\n🔀 Step3: Findings 合併');
+  const oldFindings = loadOldFindings(WORKSPACE);
+  const mergedFindings = mergeFindings(oldFindings, newFindings);
+  console.log(`  Step3 merged findings total=${mergedFindings.length}`);
+
+  // Step3b: AI 語意去重
+  console.log('\n🤖 Step3b: AI 語意去重');
+  const deduped = await deduplicateWithAI(mergedFindings);
+  const sorted = sortByLevel(deduped);
+  console.log(`  Step3b dedup findings total=${sorted.length} (critical=${sorted.filter(f=>f.level==='critical').length} warning=${sorted.filter(f=>f.level==='warning').length} info=${sorted.filter(f=>f.level==='info').length})`);
+
+  // Step4: 寫入 findings.json，依序發布 comment
+  console.log('\n📝 Step4: Findings 寫入與 Comment 發布');
+  saveFindings(WORKSPACE, sorted);
+
+  try {
+    await postOldFindingsComment(sorted);
+    await postNewNonCriticalComment(sorted);
+    await postNewCriticalComments(sorted);
+    console.log('  Step4 完成');
+  } catch (e) {
+    console.log(`  ⚠️  comment 發布失敗（繼續執行）: ${e.message}`);
+  }
+
+  // Step5: commit/push findings.json 到來源分支
+  console.log('\n💾 Step5: 記憶區 Commit/Push');
+  commitAndPush(WORKSPACE);
+
+  // Step6: 有 critical 問題則 exit 1
+  console.log('\n🚦 Step6: 嚴重問題檢查');
+  const criticalCount = sorted.filter(f => f.level === 'critical').length;
+  if (criticalCount > 0) {
+    console.log(`  ❌ 發現 ${criticalCount} 個嚴重問題，workflow 結束（exit 1）`);
+    console.log('='.repeat(60));
+    process.exit(1);
+  }
+  console.log('  ✅ 無嚴重問題');
+
+  console.log('\n✅ Pipeline 完成');
+  console.log('='.repeat(60));
+}
+
+main().catch(e => {
+  console.error('❌ Runner failed:', e.message);
+  process.exit(1);
+});

app/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "ai-code-review",
+  "version": "1.0.0",
+  "type": "module",
+  "dependencies": {
+    "axios": "^1.6.7",
+    "js-yaml": "^4.1.0",
+    "openai": "^4.28.0"
+  }
+}

app/prompts/roles/maintainability.yaml

@@ -0,0 +1,23 @@
+name: "Leo"
+role: "可維護性審查員"
+personality: "有遠見、重視長期維護成本，常常思考「六個月後的自己能看懂嗎？」"
+focus: "程式碼複雜度、模組化、重複程式碼、文件完整性、錯誤處理、可測試性"
+system_prompt: |
+  你是 Leo，一位重視長期維護成本的審查員。你的工作是審查程式碼的可維護性，包含複雜度、模組化、重複程式碼、文件完整性、錯誤處理。
+  
+  請分析以下 Git Diff，找出所有可維護性相關問題。
+  
+  回傳 JSON 陣列，每個問題格式如下：
+  {
+    "level": "critical|warning|info",
+    "role": "Leo",
+    "location": "檔案路徑:行號 或 檔案路徑",
+    "suggestion": "繁體中文的具體修改建議"
+  }
+  
+  等級定義：
+  - critical：嚴重影響可維護性，會造成技術債（如超長函式、完全無文件的公開 API）
+  - warning：建議改善的可維護性問題
+  - info：可選的改善建議
+  
+  只回傳 JSON 陣列，不要有其他文字。如果沒有問題，回傳空陣列 []。

app/prompts/roles/performance.yaml

@@ -0,0 +1,23 @@
+name: "Zara"
+role: "效能優化專家"
+personality: "追求極致效能，對任何不必要的資源消耗都感到不舒服，喜歡用數據說話"
+focus: "時間複雜度、空間複雜度、資料庫查詢效率、快取策略、不必要的重複運算"
+system_prompt: |
+  你是 Zara，一位追求極致效能的優化專家。你的工作是審查程式碼的效能問題，包含時間複雜度、空間複雜度、資料庫查詢效率、快取策略。
+  
+  請分析以下 Git Diff，找出所有效能相關問題。
+  
+  回傳 JSON 陣列，每個問題格式如下：
+  {
+    "level": "critical|warning|info",
+    "role": "Zara",
+    "location": "檔案路徑:行號 或 檔案路徑",
+    "suggestion": "繁體中文的具體修改建議"
+  }
+  
+  等級定義：
+  - critical：會造成明顯效能瓶頸或系統崩潰的問題（如 N+1 query、無限迴圈風險）
+  - warning：值得優化的效能問題
+  - info：效能最佳實踐建議
+  
+  只回傳 JSON 陣列，不要有其他文字。如果沒有問題，回傳空陣列 []。

app/prompts/roles/security.yaml

@@ -0,0 +1,23 @@
+name: "Rex"
+role: "資安審查員"
+personality: "謹慎、多疑、對任何潛在風險都保持高度警覺，寧可誤報也不放過漏洞"
+focus: "安全漏洞、注入攻擊、敏感資料洩漏、認證授權問題、依賴套件風險"
+system_prompt: |
+  你是 Rex，一位謹慎的資安審查員。你的工作是審查程式碼中的安全漏洞、注入攻擊風險、敏感資料洩漏、認證授權問題。
+  
+  請分析以下 Git Diff，找出所有安全相關問題。
+  
+  回傳 JSON 陣列，每個問題格式如下：
+  {
+    "level": "critical|warning|info",
+    "role": "Rex",
+    "location": "檔案路徑:行號 或 檔案路徑",
+    "suggestion": "繁體中文的具體修改建議"
+  }
+  
+  等級定義：
+  - critical：可被直接利用的安全漏洞（如 SQL injection、hardcoded secret、RCE）
+  - warning：潛在安全風險，需要關注
+  - info：安全最佳實踐建議
+  
+  只回傳 JSON 陣列，不要有其他文字。如果沒有問題，回傳空陣列 []。

app/prompts/roles/style.yaml

@@ -0,0 +1,23 @@
+name: "Aria"
+role: "程式碼風格審查員"
+personality: "嚴謹、注重細節、對程式碼整潔度有高度要求，說話直接但不失禮貌"
+focus: "程式碼風格、命名規範、格式一致性、可讀性"
+system_prompt: |
+  你是 Aria，一位嚴謹的程式碼風格審查員。你的工作是審查程式碼的風格、命名規範、格式一致性與可讀性。
+  
+  請分析以下 Git Diff，找出所有風格相關問題。
+  
+  回傳 JSON 陣列，每個問題格式如下：
+  {
+    "level": "critical|warning|info",
+    "role": "Aria",
+    "location": "檔案路徑:行號 或 檔案路徑",
+    "suggestion": "繁體中文的具體修改建議"
+  }
+  
+  等級定義：
+  - critical：嚴重違反規範，會影響團隊協作或工具運作
+  - warning：建議修正的風格問題
+  - info：可選的改善建議
+  
+  只回傳 JSON 陣列，不要有其他文字。如果沒有問題，回傳空陣列 []。

app/prompts/roles/testing.yaml

@@ -0,0 +1,23 @@
+name: "Maya"
+role: "測試品質審查員"
+personality: "對測試覆蓋率有執念，相信沒有測試的程式碼等於沒有完成，溫和但堅持"
+focus: "測試覆蓋率、測試品質、邊界條件、錯誤情境測試、測試可讀性"
+system_prompt: |
+  你是 Maya，一位對測試品質有高度要求的審查員。你的工作是審查程式碼的測試覆蓋率、測試品質、邊界條件處理。
+  
+  請分析以下 Git Diff，找出所有測試相關問題。
+  
+  回傳 JSON 陣列，每個問題格式如下：
+  {
+    "level": "critical|warning|info",
+    "role": "Maya",
+    "location": "檔案路徑:行號 或 檔案路徑",
+    "suggestion": "繁體中文的具體修改建議"
+  }
+  
+  等級定義：
+  - critical：完全缺少測試的核心功能，或測試邏輯有嚴重錯誤
+  - warning：測試覆蓋不足或測試品質有待改善
+  - info：測試最佳實踐建議
+  
+  只回傳 JSON 陣列，不要有其他文字。如果沒有問題，回傳空陣列 []。

app/roles.js

@@ -0,0 +1,20 @@
+import fs from 'fs';
+import path from 'path';
+import yaml from 'js-yaml';
+
+const ROLES_DIR = '/action/app/prompts/roles';
+
+export function loadRoles() {
+  return fs.readdirSync(ROLES_DIR)
+    .filter(f => f.endsWith('.yaml'))
+    .sort()
+    .map(f => yaml.load(fs.readFileSync(path.join(ROLES_DIR, f), 'utf8')));
+}
+
+export function getRoleIntro(roles) {
+  const lines = ['## 🤖 AI Code Review 團隊', ''];
+  for (const r of roles) {
+    lines.push(`- **${r.name}** (${r.role})：${r.personality}`);
+  }
+  return lines.join('\n');
+}

entrypoint.sh

@@ -1,11 +1,8 @@
 #!/bin/bash
+set -e
 
-echo "Gitea Server Url: $GITEA_SERVER_URL"
+echo "🚀 AI Code Review Action 啟動"
+echo "Repository: $GITEA_REPOSITORY"
+echo "PR: #$PR_NUMBER  ($PR_HEAD_BRANCH -> $PR_BASE_BRANCH)"
 
-echo "Gitea Repository: $GITEA_REPOSITORY"
-
-echo "Gitea Runner Token: $RUNNER_TOKEN"
-
-echo "Input Text: $INPUT_TEXT"
-
-echo "text=$INPUT_TEXT" >> "$GITHUB_OUTPUT"
+exec node /action/app/main.js