chore: update ai-review findings [ai-review-bot][success]

Reviewed-on: #117

.gitea/ai-review/exclusions.json

@@ -319,5 +319,15 @@
   {
     "location": "app/json.test.js:10",
     "suggestion": "`MAX_JSON_BYTES` 是 `json.js` 的內部限制常數，不需要匯出成公開 API。"
+  },
+  {
+    "role": "Maya",
+    "location": "action.yaml:6, action.yaml:12, action.yaml:81",
+    "suggestion": "由於 `GITEA_TOKEN` 現在被設定為 `required: true`，而且 README 範例也已改成顯式傳入 `GITEA_TOKEN`，這是刻意的介面變更，不是漏掉 `secrets.GITEA_TOKEN` fallback 的缺陷；因此不需要另外加整合測試來驗證這個既定行為。"
+  },
+  {
+    "role": "Leo",
+    "location": "action.yaml:80",
+    "suggestion": "在 `runs.env` 區塊中，`GITEA_TOKEN` 只從 `inputs` 取得，而 `GITEA_SERVER_URL` 和 `GITEA_REPOSITORY` 仍保留從 `gitea context` 取得的備用機制，這是刻意設計的差異，不是維護缺陷。"
   }
 ]

.gitea/ai-review/findings.json

@@ -1 +1,23 @@
-[]
+[
+  {
+    "level": "info",
+    "role": "Rex",
+    "location": "action.yaml:18",
+    "suggestion": "引入 GITEA_COMMENT_TOKEN 是一個很好的實踐，遵循最小權限原則。請確保為此 token 配置的權限確實僅限於發布評論。同時，與 GITEA_TOKEN 類似，建議使用者始終從 workflow 的 secrets context 傳遞此 token，以避免硬編碼敏感資料。",
+    "is_new": false
+  },
+  {
+    "level": "info",
+    "role": "Leo",
+    "location": "app/log.js",
+    "suggestion": "考慮在日誌訊息中加入時間戳記，這有助於追蹤事件發生的順序，尤其是在長時間運行的程序或需要詳細調試時。可以在每個日誌函式內部自動添加時間戳記。",
+    "is_new": false
+  },
+  {
+    "level": "info",
+    "role": "Leo",
+    "location": "app/log.js:19",
+    "suggestion": "在 `warn` 函式中使用 `console.warn` 而非 `console.log`。雖然目前功能相同，但 `console.warn` 在某些環境下（例如瀏覽器開發者工具）會以不同的樣式呈現警告訊息，有助於區分不同嚴重程度的日誌。",
+    "is_new": false
+  }
+]

.gitea/workflows/review.yaml

@@ -31,10 +31,11 @@ jobs:
       uses: https://gitea.jsc.idv.tw/actions/code-review@v${{ needs.version.outputs.version }}
       with:
         GITEA_TOKEN: ${{ secrets.RUNNER_TOKEN }}
+        GITEA_COMMENT_TOKEN: ${{ secrets.GITEA_TOKEN }}
         GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }},${{ secrets.GEMINI_API_KEY_1 }},${{ secrets.GEMINI_API_KEY_2 }},${{ secrets.GEMINI_API_KEY_3 }},${{ secrets.GEMINI_API_KEY_4 }},${{ secrets.GEMINI_API_KEY_5 }},${{ secrets.GEMINI_API_KEY_6 }},${{ secrets.GEMINI_API_KEY_7 }},${{ secrets.GEMINI_API_KEY_8 }},${{ secrets.GEMINI_API_KEY_9 }},${{ secrets.GEMINI_API_KEY_10 }},${{ secrets.GEMINI_API_KEY_11 }},${{ secrets.GEMINI_API_KEY_12 }},${{ secrets.GEMINI_API_KEY_13 }},${{ secrets.GEMINI_API_KEY_14 }},${{ secrets.GEMINI_API_KEY_15 }},${{ secrets.GEMINI_API_KEY_16 }},${{ secrets.GEMINI_API_KEY_17 }},${{ secrets.GEMINI_API_KEY_18 }},${{ secrets.GEMINI_API_KEY_19 }}
         GEMINI_BASE_URL: https://generativelanguage.googleapis.com/v1beta
         GEMINI_MODEL: ${{ vars.GEMINI_MODEL }}
     permissions:
       contents: write
       pull-requests: write
-      issues: write
+      issues: write

README.md

@@ -1,8 +1,8 @@
 # 簡介
 
-這是一個 AI Code Review Action。Gitea Workflow 可以使用此 Action 讓 AI 助理根據不同面向分析 Push Request 中變更的內容後，將問題分級 Commnet 到 Push Request 中。
+這是一個 AI Code Review Action。Gitea Workflow 可以使用此 Action 讓 AI 助理根據不同面向分析 Pull Request 中變更的內容後，將問題分級 Comment 到 Pull Request 中。
 
-# 流程(新 Push Request、新 Commit (排除 AI 助理的 Commit) 觸發)
+# 流程(新 Push Request、新 Commit 觸發；若偵測到 AI 助理的自動提交則直接跳過)
 
 1. 服務名稱、模型名稱、角色資訊(個性、符合個性的英文名稱、工作內容)，Comment 到 Push Request
 2. 每個角色個別分析 Git Diff 的內容產生新問題表格(問題等級、角色名稱、問題位置或行數、修改建議)
@@ -11,12 +11,12 @@
 5. 從PR問題表格中取出所有舊問題，依照等級排序後 Comment 到 Push Request
 6. 從PR問題表格中取出所有新問題，排除嚴重等級的問題後 Comment 到 Push Request
 7. 從PR問題表格中取出所有新問題，將每個嚴重等級的問題 Comment 到 Push Request
-8. Commit 問題檔案，將 workspace 中實際存在的同步檔覆蓋到記憶區；workspace 沒有的同步檔就略過，不會刪除記憶區既有內容
-9. 如果PR問題表格中有嚴重問題，則不要讓 workflow 執行成功(exit 1)
+8. Commit 問題檔案，將 workspace 中實際存在的同步檔覆蓋到記憶區；workspace 沒有的同步檔就略過，不會刪除記憶區既有內容。自動提交的 commit message 會帶上 `[ai-review-bot]`，供 workflow 判斷是否要跳過重跑
+9. 如果 PR 問題表格中有嚴重問題，則不要讓 workflow 執行成功(exit 1)
 
 # 設計
 
-1. Gitea 的相關參數如果 inputs 沒有定義，則從 ${{ gitea.* }} 取得
+1. Gitea 相關參數中，`GITEA_TOKEN` 必須由 inputs 明確提供；`GITEA_SERVER_URL`、`GITEA_REPOSITORY`、`PR_NUMBER`、`PR_HEAD_BRANCH`、`PR_BASE_BRANCH` 等欄位若 inputs 沒有定義，則從 `${{ gitea.* }}` 取得
 2. BASE_URL 如果 inputs 沒有定義，則使用預設值
 3. Comment 加上些許 emoji 讓資訊有點活力
 4. 盡量將應用程式放在 ./app，修改 entrypoint.sh 與 Dockerfile 讓程式可以正常運行
@@ -30,10 +30,12 @@
 # 使用說明
 
 1. 在 Gitea 專案中建立 `.gitea/workflows` 資料夾
-2. 在 `.gitea/workflows` 資料夾中建立 `ai-review.yaml'
+2. 在 `.gitea/workflows` 資料夾中建立 `ai-review.yaml`
 3. 在 `ai-review.yaml` 中填入以下內容(選擇一個使用)：
 
-> **權限說明**：此 Action 需要 `contents: write`（寫入 findings.json）、`pull-requests: write`（發佈 PR comment）、`issues: write`（發佈 issue comment）三項權限，為正常運作所必要，無法縮減。
+> **自動提交排除說明**：此 Action 會將自己的 commit message 標記為 `[ai-review-bot][success]` 或 `[ai-review-bot][failure]`，而且 action 執行時會先透過 Gitea API 檢查這次觸發的 PR head commit（優先用 `pull_request.head.sha`）是否含有這個 marker，若有就直接成功結束，避免 bot commit 造成重複觸發。若外層 workflow 也能先檢查一次，效果最好。
+
+> **權限說明**：此 Action 需要 `contents: write`（寫入 findings.json）、`pull-requests: write`（發佈 PR comment）、`issues: write`（發佈 issue comment）三項權限，為正常運作所必要，無法縮減。若你想讓 comment 用不同權限的 token，可額外傳 `GITEA_COMMENT_TOKEN`，其餘 Gitea 操作仍使用 `GITEA_TOKEN`。
 
 ### 1. OpenAI
 ```yaml
@@ -178,7 +180,7 @@ jobs:
       issues: write
 ```
 
-### - Ollama
+### 6. Ollama
 
 ```yaml
 name: AI
@@ -198,7 +200,7 @@ jobs:
     - name: AI Code Review
       uses: https://gitea.jsc.idv.tw/actions/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }}
       with:
-      GITEA_TOKEN: ${{ secrets.RUNNER_TOKEN }}
+        GITEA_TOKEN: ${{ secrets.RUNNER_TOKEN }}
         OLLAMA_BASE_URL: https://ollama.jsc.idv.me/v1
         OLLAMA_MODEL: ${{ vars.OLLAMA_MODEL }}
     permissions:

TODO.md

@@ -2,7 +2,7 @@
 
 ## 階段一：基本流程串接
 - 目標：確保 action 可以被觸發，pipeline 各步驟依序執行，log 出每個主要階段的進入與完成。
-- 驗收：log 中能看到每個階段（如「Step1: pipeline start」、「Step2: findings merge」等）明確訊息，且流程能走完（即使還沒產生 findings）。
+- 驗收：log 中能看到每個階段（如「Step1: Pipeline 啟動」、「Step2: Findings 產生」、「Step3: Findings 合併」等）明確訊息，且流程能走完（即使還沒產生 findings）。
 - 已驗收：`code-review` job 的 log 已完整出現 `Step1` 到 `Step8`，並以 `Pipeline 完成` 結束。
 
 ## 階段二：Git Diff 排除 .gitea/ 資料夾
@@ -15,9 +15,9 @@
 - 驗收：log 中能看到每個角色 findings 數量、合併後 findings 統計，並有「Step3: merged findings total=...」等訊息。
 - 已驗收：log 已顯示 5 個角色皆有分析結果，並出現 `Step3 merged findings total=13`。
 
-## 階段四：AI 去重與角色確認
-- 目標：嘗試呼叫 LLM 進行 findings 去重與角色確認，API 額度不足時要有降級處理 log。
-- 驗收：log 中能看到 deduplication/resolution confirmation 成功或失敗（如 402），降級時有「保留所有問題」等明確訊息。
+## 階段四：AI 語意去重
+- 目標：嘗試呼叫 LLM 進行 findings 語意去重，API 額度不足時要有降級處理 log。
+- 驗收：log 中能看到 `AI 去重: N -> M 筆` 的成功訊息，或在失敗時出現 `AI 去重失敗（...），降級：保留所有問題` 之類的明確訊息。
 - 已驗收：log 已出現 `AI 去重: 13 -> 11 筆`，且程式具備失敗時保留所有問題的降級處理。
 
 ## 階段五：AI 排除問題過濾

action.yaml

@@ -6,6 +6,9 @@ inputs:
   GITEA_TOKEN:
     description: 'Gitea API Token'
     required: true
+  GITEA_COMMENT_TOKEN:
+    description: 'Gitea API Token for posting comments only'
+    required: false
   GITEA_SERVER_URL:
     description: 'Gitea Server URL'
     required: false
@@ -82,10 +85,12 @@ runs:
   env:
     # Gitea context（改為只從 inputs 取得）
     GITEA_TOKEN: ${{ inputs.GITEA_TOKEN }}
+    GITEA_COMMENT_TOKEN: ${{ inputs.GITEA_COMMENT_TOKEN }}
     GITEA_SERVER_URL: ${{ inputs.GITEA_SERVER_URL || gitea.server_url }}
     GITEA_REPOSITORY: ${{ inputs.GITEA_REPOSITORY || gitea.repository }}
     GITEA_SKIP_TLS_VERIFY: ${{ inputs.GITEA_SKIP_TLS_VERIFY }}
     PR_NUMBER: ${{ inputs.PR_NUMBER || gitea.event.pull_request.number }}
+    PR_HEAD_SHA: ${{ inputs.PR_HEAD_SHA || gitea.event.pull_request.head.sha }}
     PR_HEAD_BRANCH: ${{ inputs.PR_HEAD_BRANCH || gitea.event.pull_request.head.ref }}
     PR_BASE_BRANCH: ${{ inputs.PR_BASE_BRANCH || gitea.event.pull_request.base.ref }}
     # LLM

app/comments.js

@@ -2,6 +2,7 @@ import fs from 'fs';
 import path from 'path';
 import { postComment } from './gitea.js';
 import { FINDINGS_PATH } from './config.js';
+import { ok, line } from './log.js';
 
 const LEVEL_EMOJI = { critical: '🔴', warning: '🟡', info: '🔵' };
 const LEVEL_LABEL = { critical: '嚴重', warning: '警告', info: '建議' };
@@ -27,7 +28,7 @@ export function saveFindings(workspace, findings, mirrorDir = null) {
     const fullPath = path.join(targetDir, FINDINGS_PATH);
     fs.mkdirSync(path.dirname(fullPath), { recursive: true });
     fs.writeFileSync(fullPath, JSON.stringify(findings, null, 2) + '\n', 'utf8');
-    console.log(`  ✅ findings 寫入: ${fullPath} (${findings.length} 筆)`);
+    ok(`findings 寫入: ${fullPath} (${findings.length} 筆)`);
   }
 }
 
@@ -37,12 +38,12 @@ export function saveFindings(workspace, findings, mirrorDir = null) {
 export async function postOldFindingsComment(findings) {
   const old = findings.filter(f => !f.is_new);
   if (old.length === 0) {
-    console.log('  無舊問題，跳過');
+    line('無舊問題，跳過');
     return;
   }
   const body = `## 📋 舊有未解決問題（${old.length} 筆）\n\n${buildTable(old)}`;
   await postComment(body);
-  console.log(`  ✅ 舊問題 comment 發布 (${old.length} 筆)`);
+  ok(`舊問題 comment 發布 (${old.length} 筆)`);
 }
 
 /**
@@ -51,12 +52,12 @@ export async function postOldFindingsComment(findings) {
 export async function postNewNonCriticalComment(findings) {
   const items = findings.filter(f => f.is_new && f.level !== 'critical');
   if (items.length === 0) {
-    console.log('  無新的非嚴重問題，跳過');
+    line('無新的非嚴重問題，跳過');
     return;
   }
   const body = `## 🔍 新發現問題（${items.length} 筆）\n\n${buildTable(items)}`;
   await postComment(body);
-  console.log(`  ✅ 新問題（非嚴重）comment 發布 (${items.length} 筆)`);
+  ok(`新問題（非嚴重）comment 發布 (${items.length} 筆)`);
 }
 
 /**
@@ -65,12 +66,12 @@ export async function postNewNonCriticalComment(findings) {
 export async function postNewCriticalComments(findings) {
   const criticals = findings.filter(f => f.is_new && f.level === 'critical');
   if (criticals.length === 0) {
-    console.log('  無新的嚴重問題，跳過');
+    line('無新的嚴重問題，跳過');
     return;
   }
   for (const f of criticals) {
     const body = `## 🚨 嚴重問題\n\n${buildTable([f])}`;
     await postComment(body);
-    console.log(`  ✅ 嚴重問題 comment 發布: [${f.role}] ${f.location}`);
+    ok(`嚴重問題 comment 發布: [${f.role}] ${f.location}`);
   }
 }

app/config.js

@@ -1,8 +1,10 @@
 export const GITEA_TOKEN = process.env.GITEA_TOKEN || '';
+export const GITEA_COMMENT_TOKEN = process.env.GITEA_COMMENT_TOKEN || '';
 export const GITEA_SERVER_URL = process.env.GITEA_SERVER_URL || 'https://gitea.com';
 export const GITEA_REPOSITORY = process.env.GITEA_REPOSITORY || '';
 export const GITEA_SKIP_TLS_VERIFY = process.env.GITEA_SKIP_TLS_VERIFY === 'true';
 export const PR_NUMBER = process.env.PR_NUMBER || '';
+export const PR_HEAD_SHA = process.env.PR_HEAD_SHA || '';
 export const PR_HEAD_BRANCH = process.env.PR_HEAD_BRANCH || '';
 export const PR_BASE_BRANCH = process.env.PR_BASE_BRANCH || '';
 

app/findings.js

@@ -2,6 +2,7 @@ import fs from 'fs';
 import path from 'path';
 import { chatJSON } from './llm.js';
 import { FINDINGS_PATH, EXCLUSIONS_PATH } from './config.js';
+import { line, ok, warn } from './log.js';
 
 const LEVELS = ['critical', 'warning', 'info'];
 
@@ -9,11 +10,11 @@ const LEVELS = ['critical', 'warning', 'info'];
  * 用單一角色分析 diff，回傳 findings 陣列
  */
 export async function analyzeWithRole(role, diff) {
-  console.log(`  [${role.name}] 開始分析...`);
+  line(`[${role.name}] 開始分析`);
   const findings = await chatJSON(role.system_prompt, `以下是 Git Diff 內容：\n\n${diff}`);
   const valid = findings.filter(f => f.level && f.role && f.location && f.suggestion)
     .map(f => ({ ...f, is_new: true }));
-  console.log(`  [${role.name}] 找到 ${valid.length} 個問題`);
+  ok(`[${role.name}] 找到 ${valid.length} 個問題`);
   return valid;
 }
 
@@ -22,14 +23,14 @@ export async function analyzeWithRole(role, diff) {
  */
 function readJSONArray(fullPath, label) {
   if (!fs.existsSync(fullPath)) {
-    console.log(`  ${label}檔案不存在，視為空`);
+    warn(`${label}檔案不存在，視為空`);
     return [];
   }
   try {
     const data = JSON.parse(fs.readFileSync(fullPath, 'utf8'));
     return Array.isArray(data) ? data : [];
   } catch (e) {
-    console.log(`  ⚠️  讀取${label}失敗: ${e.message}，視為空`);
+    warn(`讀取${label}失敗: ${e.message}，視為空`);
     return [];
   }
 }
@@ -53,12 +54,12 @@ export function loadOldFindings(workspace) {
   const old = readJSONArray(fullPath, '舊 findings ').map(f => ({ ...f, is_new: false }));
   if (fs.existsSync(fullPath)) {
     const stat = fs.statSync(fullPath);
-    console.log(`  讀取舊 findings 檔案: ${fullPath}`);
-    console.log(`  舊 findings 檔案資訊: bytes=${stat.size} mtime=${formatFileTime(stat.mtimeMs)} path=${path.relative(workspace, fullPath) || fullPath}`);
+    line(`讀取舊 findings 檔案: ${fullPath}`);
+    line(`舊 findings 檔案資訊: bytes=${stat.size} mtime=${formatFileTime(stat.mtimeMs)} path=${path.relative(workspace, fullPath) || fullPath}`);
   } else {
-    console.log(`  舊 findings 檔案不存在: ${fullPath}`);
+    warn(`舊 findings 檔案不存在: ${fullPath}`);
   }
-  console.log(`  讀取舊 findings: ${old.length} 筆`);
+  ok(`讀取舊 findings: ${old.length} 筆`);
   return old;
 }
 
@@ -74,7 +75,7 @@ export function mergeFindings(oldFindings, newFindings) {
     return true;
   });
   const merged = [...oldFindings, ...deduped];
-  console.log(`  合併結果: 舊=${oldFindings.length} 新(去重後)=${deduped.length} 總計=${merged.length}`);
+  ok(`合併結果: 舊=${oldFindings.length} 新(去重後)=${deduped.length} 總計=${merged.length}`);
   return merged;
 }
 
@@ -91,7 +92,7 @@ export function sortByLevel(findings) {
 function fallback(label, findings, e) {
   const status = e.response?.status;
   const reason = (status === 402 || status === 429) ? `${status} 額度/限流` : e.message;
-  console.log(`  ⚠️  ${label}失敗（${reason}），降級：保留所有問題`);
+  warn(`${label}失敗（${reason}），降級：保留所有問題`);
   return findings;
 }
 
@@ -111,7 +112,7 @@ export async function deduplicateWithAI(findings) {
   try {
     const result = await chatJSON(systemPrompt, JSON.stringify(toAIPayload(findings)));
     if (Array.isArray(result) && result.length > 0) {
-      console.log(`  AI 去重: ${findings.length} -> ${result.length} 筆`);
+      ok(`AI 去重: ${findings.length} -> ${result.length} 筆`);
       // 以 location+suggestion 為 key，將原始 findings 的完整欄位（含 is_new）補回
       const origMap = new Map(findings.map(f => [`${f.location}|${String(f.suggestion).slice(0, 50)}`, f]));
       return result.map(r => origMap.get(`${r.location}|${String(r.suggestion).slice(0, 50)}`) ?? r);
@@ -128,13 +129,13 @@ export async function deduplicateWithAI(findings) {
 export function loadExclusions(workspace, repoState = null) {
   const fullPath = path.join(workspace, EXCLUSIONS_PATH);
   if (!fs.existsSync(fullPath)) {
-    console.log(`  排除問題檔案不存在，視為空: ${fullPath}`);
+    warn(`排除問題檔案不存在，視為空: ${fullPath}`);
     if (repoState) {
       const branch = repoState.branch || 'detached';
       const shortSha = repoState.shortSha || repoState.headSha || 'unknown';
-      console.log(`  來源分支狀態: branch=${branch} commit=${shortSha} commit_time=${repoState.commitTime || 'unknown'}`);
+      line(`來源分支狀態: branch=${branch} commit=${shortSha} commit_time=${repoState.commitTime || 'unknown'}`);
     }
-    console.log('  讀取排除問題: raw=0 normalized=0 筆');
+    ok('讀取排除問題: raw=0 normalized=0 筆');
     return [];
   }
 
@@ -148,14 +149,14 @@ export function loadExclusions(workspace, repoState = null) {
     const branch = repoState?.branch || 'detached';
     const shortSha = repoState?.shortSha || repoState?.headSha || 'unknown';
     const commitTime = repoState?.commitTime || 'unknown';
-    console.log(`  讀取排除問題檔案: ${fullPath}`);
-    console.log(`  來源分支狀態: branch=${branch} commit=${shortSha} commit_time=${commitTime}`);
-    console.log(`  檔案資訊: bytes=${stat.size} mtime=${formatFileTime(stat.mtimeMs)} raw=${rawCount} normalized=${exclusions.length} path=${path.relative(workspace, fullPath) || fullPath}`);
+    line(`讀取排除問題檔案: ${fullPath}`);
+    line(`來源分支狀態: branch=${branch} commit=${shortSha} commit_time=${commitTime}`);
+    line(`檔案資訊: bytes=${stat.size} mtime=${formatFileTime(stat.mtimeMs)} raw=${rawCount} normalized=${exclusions.length} path=${path.relative(workspace, fullPath) || fullPath}`);
   } catch (e) {
-    console.log(`  ⚠️  讀取排除問題失敗: ${e.message}，視為空: ${fullPath}`);
+    warn(`讀取排除問題失敗: ${e.message}，視為空: ${fullPath}`);
     exclusions = [];
   }
-  console.log(`  讀取排除問題: raw=${rawCount} normalized=${exclusions.length} 筆`);
+  ok(`讀取排除問題: raw=${rawCount} normalized=${exclusions.length} 筆`);
   return exclusions;
 }
 
@@ -171,7 +172,7 @@ export function applyExclusions(findings, exclusions) {
     const exPath = ex.location ? String(ex.location).split(':')[0] : null;
     return (!exPath || fPath === exPath) && (!ex.role || ex.role === f.role);
   }));
-  console.log(`  排除過濾: ${before} -> ${filtered.length} 筆（排除 ${before - filtered.length} 筆）`);
+  ok(`排除過濾: ${before} -> ${filtered.length} 筆（排除 ${before - filtered.length} 筆）`);
   return filtered;
 }
 
@@ -190,7 +191,7 @@ export async function filterFalsePositivesWithAI(findings, exclusions = []) {
   try {
     const result = await chatJSON(systemPrompt, JSON.stringify(toAIPayload(findings)));
     if (Array.isArray(result) && result.length > 0) {
-      console.log(`  AI 誤報過濾: ${findings.length} -> ${result.length} 筆`);
+      ok(`AI 誤報過濾: ${findings.length} -> ${result.length} 筆`);
       const origMap = new Map(findings.map(f => [`${f.location}|${String(f.suggestion).slice(0, 50)}`, f]));
       return result.map(r => origMap.get(`${r.location}|${String(r.suggestion).slice(0, 50)}`) ?? r);
     }

app/git.js

@@ -3,10 +3,12 @@ import fs from 'fs';
 import path from 'path';
 import { fileURLToPath } from 'url';
 import { GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_TOKEN, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
+import { line, ok, warn } from './log.js';
 
 const ACTION_ROOT = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..');
 const GENERATED_SYNC_PATHS = [FINDINGS_PATH, '.gitea/ai-review/exclusions.json'];
 const remoteUrl = `${GITEA_SERVER_URL.replace(/\/$/, '')}/${GITEA_REPOSITORY}.git`;
+export const BOT_COMMIT_MARKER = '[ai-review-bot]';
 export const SYNC_PATHS = [
   '.amazonq/rules/triage-findings.md',
   '.codex/skills/triage-findings/SKILL.md',
@@ -58,6 +60,15 @@ export function getRepoState(repoDir, _spawnSync = spawnSync) {
   return { repoDir, branch, headSha, shortSha, commitTime };
 }
 
+export function getHeadCommitMessage(repoDir, _spawnSync = spawnSync) {
+  const run = makeRunner(_spawnSync);
+  return readGitOutput(run, ['show', '-s', '--format=%B', 'HEAD'], repoDir);
+}
+
+export function isBotAutoCommit(repoDir, _spawnSync = spawnSync) {
+  return getHeadCommitMessage(repoDir, _spawnSync).includes(BOT_COMMIT_MARKER);
+}
+
 /**
  * Clone PR head branch to workspace/repo (idempotent)
  */
@@ -68,17 +79,17 @@ export function cloneRepo(workspace, _spawnSync = spawnSync) {
   return withAskpass(workspace, credEnv => {
     if (!fs.existsSync(repoDir)) {
       run(['clone', '--depth=1', '--branch', PR_HEAD_BRANCH, remoteUrl, repoDir], workspace, credEnv);
-      console.log(`  ✅ repo cloned to ${repoDir}`);
+      ok(`repo cloned to ${repoDir}`);
     } else {
       run(['fetch', 'origin', PR_HEAD_BRANCH], repoDir, credEnv);
       run(['checkout', PR_HEAD_BRANCH], repoDir);
-      console.log(`  ✅ repo already exists, fetched latest`);
+      ok('repo already exists, fetched latest');
     }
     return repoDir;
   });
 }
 
-export async function commitAndPush(workspace, repoDir, _spawnSync = spawnSync, sourceRoot = ACTION_ROOT) {
+export async function commitAndPush(workspace, repoDir, _spawnSync = spawnSync, sourceRoot = ACTION_ROOT, reviewOutcome = 'success') {
   const run = makeRunner(_spawnSync);
 
   try {
@@ -120,20 +131,21 @@ export async function commitAndPush(workspace, repoDir, _spawnSync = spawnSync,
 
       const status = run(['status', '--porcelain'], repoDir);
       if (!status) {
-        console.log('  sync files 無變更，跳過 commit');
+        line('sync files 無變更，跳過 commit');
         return;
       }
 
-      const out = run(['commit', '-m', 'chore: update ai-review findings [skip ci]'], repoDir);
+      const outcomeTag = reviewOutcome === 'failure' ? '[failure]' : '[success]';
+      const out = run(['commit', '-m', `chore: update ai-review findings ${BOT_COMMIT_MARKER}${outcomeTag}`], repoDir);
       const commitHash = out.match(/\[.+ ([a-f0-9]+)\]/)?.[1] || 'unknown';
       try {
         run(['push', remoteUrl, PR_HEAD_BRANCH], repoDir, credEnv);
-        console.log(`  ✅ persisted findings  commit=${commitHash}  push=${PR_HEAD_BRANCH}`);
+        ok(`persisted findings commit=${commitHash} push=${PR_HEAD_BRANCH} review_outcome=${reviewOutcome}`);
       } catch (pushErr) {
-        console.log(`  ⚠️  Step7 commit 成功但 push 失敗: commit=${commitHash} push=${PR_HEAD_BRANCH} error=${pushErr.message}`);
+        warn(`Step7 commit 成功但 push 失敗: commit=${commitHash} push=${PR_HEAD_BRANCH} review_outcome=${reviewOutcome} error=${pushErr.message}`);
       }
     });
   } catch (e) {
-    console.log(`  ⚠️  Runner failed: commit/push 失敗: ${e.message}`);
+    warn(`Runner failed: commit/push 失敗: ${e.message}`);
   }
 }

app/git.test.js

@@ -3,7 +3,7 @@ import assert from 'node:assert/strict';
 import fs from 'fs';
 import os from 'os';
 import path from 'path';
-import { commitAndPush, cloneRepo, SYNC_PATHS } from './git.js';
+import { commitAndPush, cloneRepo, SYNC_PATHS, BOT_COMMIT_MARKER, getHeadCommitMessage, isBotAutoCommit } from './git.js';
 
 // --- helpers ---
 function makeTmpWorkspace() {
@@ -60,6 +60,26 @@ describe('commitAndPush', () => {
     }
   });
 
+  it('tags auto commits with the bot marker for workflow filtering', async () => {
+    const spawn = makeSpawn();
+    await commitAndPush(workspace, path.join(workspace, 'repo'), spawn, sourceRoot);
+
+    const commitCall = spawn.calls.find(c => c.args[0] === 'commit');
+    assert.ok(commitCall, 'expected git commit to run');
+    assert.ok(commitCall.args.some(arg => arg.includes(BOT_COMMIT_MARKER)), 'expected commit message to include bot marker');
+    assert.ok(commitCall.args.some(arg => arg.includes('[success]')), 'expected commit message to include success outcome');
+  });
+
+  it('tags failed reviews with the failure outcome marker', async () => {
+    const spawn = makeSpawn();
+    await commitAndPush(workspace, path.join(workspace, 'repo'), spawn, sourceRoot, 'failure');
+
+    const commitCall = spawn.calls.find(c => c.args[0] === 'commit');
+    assert.ok(commitCall, 'expected git commit to run');
+    assert.ok(commitCall.args.some(arg => arg.includes(BOT_COMMIT_MARKER)), 'expected commit message to include bot marker');
+    assert.ok(commitCall.args.some(arg => arg.includes('[failure]')), 'expected commit message to include failure outcome');
+  });
+
   it('uses GIT_ASKPASS env for network operations (fetch, push, clone)', async () => {
     const spawn = makeSpawn();
     await commitAndPush(workspace, path.join(workspace, 'repo'), spawn, sourceRoot);
@@ -232,4 +252,13 @@ describe('cloneRepo', () => {
     const result = cloneRepo(workspace, spawn);
     assert.equal(result, path.join(workspace, 'repo'));
   });
+
+  it('reads head commit message and detects bot auto commits', () => {
+    const spawn = makeSpawn({
+      show: () => ({ status: 0, stdout: `chore: update ai-review findings ${BOT_COMMIT_MARKER}\n`, stderr: '', error: null }),
+    });
+
+    assert.ok(getHeadCommitMessage(workspace, spawn).includes(BOT_COMMIT_MARKER));
+    assert.equal(isBotAutoCommit(workspace, spawn), true);
+  });
 });

app/gitea.js

@@ -1,11 +1,24 @@
 import axios from 'axios';
 import https from 'https';
-import { GITEA_TOKEN, GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_SKIP_TLS_VERIFY, PR_NUMBER } from './config.js';
+import { GITEA_TOKEN, GITEA_COMMENT_TOKEN, GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_SKIP_TLS_VERIFY, PR_NUMBER, PR_HEAD_SHA, PR_HEAD_BRANCH } from './config.js';
+import { line, ok, warn } from './log.js';
 
 const httpsAgent = GITEA_SKIP_TLS_VERIFY ? new https.Agent({ rejectUnauthorized: false }) : undefined;
-const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
+const headers = (token = GITEA_TOKEN) => ({ Authorization: `token ${token}`, 'Content-Type': 'application/json' });
 const api = (path) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${path}`;
 
+function extractCommitMessage(payload) {
+  return payload?.message
+    || payload?.commit?.message
+    || payload?.commit?.commit?.message
+    || '';
+}
+
+export function getBotReviewOutcome(message) {
+  const match = String(message || '').match(/\[ai-review-bot\](?:\[(success|failure)\])?/i);
+  return match?.[1]?.toLowerCase() || 'unknown';
+}
+
 /**
  * 取得 PR 的 Git Diff 內容，已自動排除 .gitea/ 資料夾。
  */
@@ -25,6 +38,69 @@ export async function getPRDiff() {
   ]);
 }
 
+export async function getCommitMessageBySha(sha) {
+  if (!sha) return '';
+  try {
+    const resp = await axios.get(api(`/repos/${GITEA_REPOSITORY}/git/commits/${encodeURIComponent(sha)}`), {
+      headers: headers(),
+      timeout: 30000,
+      httpsAgent,
+    });
+    const message = extractCommitMessage(resp.data);
+    line(`bot-check commit api: sha=${sha} keys=${Object.keys(resp.data || {}).join(',') || 'empty'} message=${message ? 'found' : 'empty'}`);
+    return message;
+  } catch (e) {
+    warn(`bot-check commit api 失敗: sha=${sha} error=${e.message}`);
+    return '';
+  }
+}
+
+export async function getBranchHeadCommitMessage(branch = PR_HEAD_BRANCH) {
+  if (!branch) return '';
+  try {
+    const resp = await axios.get(api(`/repos/${GITEA_REPOSITORY}/branches/${encodeURIComponent(branch)}`), {
+      headers: headers(),
+      timeout: 30000,
+      httpsAgent,
+    });
+    const sha = resp.data?.commit?.id || resp.data?.commit?.sha || '';
+    line(`bot-check branch api: branch=${branch} keys=${Object.keys(resp.data || {}).join(',') || 'empty'} sha=${sha || 'empty'} message=${extractCommitMessage(resp.data?.commit) ? 'found' : 'empty'}`);
+    return await getCommitMessageBySha(sha);
+  } catch (e) {
+    warn(`bot-check branch api 失敗: branch=${branch} error=${e.message}`);
+    return '';
+  }
+}
+
+export async function shouldSkipBotCommit({ sha = PR_HEAD_SHA || process.env.GITHUB_SHA, branch = PR_HEAD_BRANCH } = {}) {
+  line(`bot-check start: PR_HEAD_SHA=${PR_HEAD_SHA || 'empty'} GITHUB_SHA=${process.env.GITHUB_SHA || 'empty'} sha=${sha || 'empty'} branch=${branch || 'empty'}`);
+
+  const shaMessage = await getCommitMessageBySha(sha);
+  if (sha) {
+    line(`bot-check sha: sha=${sha} message=${shaMessage ? 'found' : 'empty'} outcome=${getBotReviewOutcome(shaMessage)}`);
+    if (shaMessage.includes('[ai-review-bot]')) {
+      ok('bot-check matched commit sha marker');
+      return true;
+    }
+  } else {
+    line('bot-check skip sha lookup because sha is empty');
+  }
+
+  const branchMessage = await getBranchHeadCommitMessage(branch);
+  if (branch) {
+    line(`bot-check branch: branch=${branch} head_message=${branchMessage ? 'found' : 'empty'} outcome=${getBotReviewOutcome(branchMessage)}`);
+    if (branchMessage.includes('[ai-review-bot]')) {
+      ok('bot-check matched branch head marker');
+      return true;
+    }
+  } else {
+    line('bot-check skip branch lookup because branch is empty');
+  }
+
+  line('bot-check no [ai-review-bot] marker found');
+  return false;
+}
+
 /**
  * 過濾 diff 內容，移除路徑符合 excludePrefixes 的區塊。
  * 每個區塊以 "diff --git a/<prefix>" 開頭判斷，使用 startsWith 精確比對前綴。
@@ -40,6 +116,10 @@ export function filterDiff(diff, excludePrefixes) {
 }
 
 export async function postComment(body) {
-  const resp = await axios.post(api(`/repos/${GITEA_REPOSITORY}/issues/${PR_NUMBER}/comments`), { body }, { headers: headers(), timeout: 30000, httpsAgent });
+  const resp = await axios.post(
+    api(`/repos/${GITEA_REPOSITORY}/issues/${PR_NUMBER}/comments`),
+    { body },
+    { headers: headers(GITEA_COMMENT_TOKEN || GITEA_TOKEN), timeout: 30000, httpsAgent },
+  );
   return resp.data;
 }

app/gitea.test.js

@@ -1,7 +1,7 @@
 import { describe, it, afterEach, mock } from 'node:test';
 import assert from 'node:assert/strict';
 import axios from 'axios';
-import { getPRDiff, filterDiff, postComment } from './gitea.js';
+import { getPRDiff, filterDiff, postComment, getCommitMessageBySha, getBranchHeadCommitMessage, shouldSkipBotCommit, getBotReviewOutcome } from './gitea.js';
 
 afterEach(() => mock.restoreAll());
 
@@ -56,6 +56,48 @@ describe('gitea', () => {
     mock.method(axios, 'post', async () => { throw new Error('api error'); });
     await assert.rejects(() => postComment('test'), /api error/);
   });
+
+  it('getCommitMessageBySha reads commit message from Gitea API', async () => {
+    let capturedUrl;
+    mock.method(axios, 'get', async (url) => {
+      capturedUrl = url;
+      return { data: { message: 'chore: update ai-review findings [ai-review-bot]' } };
+    });
+    const message = await getCommitMessageBySha('abc123');
+    assert.ok(capturedUrl.includes('/git/commits/abc123'));
+    assert.ok(message.includes('[ai-review-bot]'));
+  });
+
+  it('getBranchHeadCommitMessage reads branch head commit message from Gitea API', async () => {
+    const urls = [];
+    mock.method(axios, 'get', async (url) => {
+      urls.push(url);
+      if (url.includes('/branches/feat%2Ftest')) {
+        return { data: { commit: { id: 'abc123' } } };
+      }
+      return { data: { message: 'chore: update ai-review findings [ai-review-bot]' } };
+    });
+    const message = await getBranchHeadCommitMessage('feat/test');
+    assert.ok(urls.some(url => url.includes('/branches/feat%2Ftest')));
+    assert.ok(urls.some(url => url.includes('/git/commits/abc123')));
+    assert.ok(message.includes('[ai-review-bot]'));
+  });
+
+  it('shouldSkipBotCommit returns true when either sha or branch head is bot commit', async () => {
+    mock.method(axios, 'get', async (url) => {
+      if (url.includes('/git/commits/sha-bot')) {
+        return { data: { message: 'chore: update ai-review findings [ai-review-bot][failure]' } };
+      }
+      if (url.includes('/branches/feat%2Ftest')) {
+        return { data: { commit: { id: 'sha-bot' } } };
+      }
+      return { data: { message: 'regular commit' } };
+    });
+    await assert.equal(await shouldSkipBotCommit({ sha: 'sha-bot', branch: 'feat/test' }), true);
+    assert.equal(getBotReviewOutcome('chore: update ai-review findings [ai-review-bot][failure]'), 'failure');
+    assert.equal(getBotReviewOutcome('chore: update ai-review findings [ai-review-bot][success]'), 'success');
+    assert.equal(getBotReviewOutcome('chore: update ai-review findings [ai-review-bot]'), 'unknown');
+  });
 });
 
 describe('filterDiff', () => {

app/json.js

@@ -1,6 +1,7 @@
 import fs from 'fs';
 import path from 'path';
 import { chat } from './llm.js';
+import { ok, warn, error } from './log.js';
 
 const MAX_JSON_BYTES = 1024 * 1024;
 
@@ -50,25 +51,25 @@ export async function validateJSONArrayFile(fullPath, label, repairer = repairJS
   fs.mkdirSync(path.dirname(fullPath), { recursive: true });
 
   if (!fs.existsSync(fullPath)) {
-    console.log(`  ⚠️  ${label} 不存在，將於驗證後補建`);
+    warn(`${label} 不存在，將於驗證後補建`);
     return { exists: false, valid: false, repaired: false };
   }
 
   try {
     JSON.parse(readJSONText(fullPath, label));
-    console.log(`  ✅ ${label} JSON 格式正確`);
+    ok(`${label} JSON 格式正確`);
     return { exists: true, valid: true, repaired: false };
   } catch (e) {
-    console.error(`  ❌ ${label} JSON 格式錯誤: ${e.message}，嘗試透過 AI 修正...`);
+    error(`${label} JSON 格式錯誤: ${e.message}，嘗試透過 AI 修正...`);
     try {
       const original = readJSONText(fullPath, label);
       const repaired = await repairer(fullPath, label, original);
       fs.writeFileSync(fullPath, repaired.endsWith('\n') ? repaired : `${repaired}\n`, 'utf8');
       JSON.parse(readJSONText(fullPath, label));
-      console.log(`  ✅ ${label} 已由 AI 修正並通過再次驗證`);
+      ok(`${label} 已由 AI 修正並通過再次驗證`);
       return { exists: true, valid: true, repaired: true };
     } catch (repairErr) {
-      console.error(`  ❌ ${label} 修正失敗: ${repairErr.message}`);
+      error(`${label} 修正失敗: ${repairErr.message}`);
       throw repairErr;
     }
   }
@@ -82,6 +83,6 @@ export function ensureJSONArrayFileExists(fullPath, label) {
   if (fs.existsSync(fullPath)) return false;
 
   fs.writeFileSync(fullPath, '[]\n', 'utf8');
-  console.log(`  ⚠️  ${label} 不存在，已建立空陣列`);
+  warn(`${label} 不存在，已建立空陣列`);
   return true;
 }

app/llm.js

@@ -1,11 +1,12 @@
 import axios from 'axios';
 import { getLLMConfig } from './config.js';
+import { line, error } from './log.js';
 
 export async function chat(systemPrompt, userContent) {
   const { provider, apiKeys, baseURL, model } = getLLMConfig();
   if (!provider) throw new Error('未設定任何 LLM API Key');
 
-  console.log(`  [LLM] provider=${provider} model=${model}`);
+  line(`[LLM] provider=${provider} model=${model}`);
 
   const headers = { 'Content-Type': 'application/json' };
   if (provider === 'claude') headers['anthropic-version'] = '2023-06-01';
@@ -21,10 +22,10 @@ export async function chat(systemPrompt, userContent) {
       );
       return resp.data.choices[0].message.content;
     } catch (e) {
-      console.log(`  [LLM] key[${i + 1}/${shuffled.length}] 失敗: ${e.message}`);
+      line(`[LLM] key[${i + 1}/${shuffled.length}] 失敗: ${e.message}`);
     }
   }
-  console.error('  [LLM] 所有 API Key 均失敗，終止流程');
+  error('[LLM] 所有 API Key 均失敗，終止流程');
   process.exit(1);
 }
 
@@ -33,7 +34,7 @@ export async function chatJSON(systemPrompt, userContent) {
   try {
     return JSON.parse(text.trim().replace(/^```[^\n]*\n?/, '').replace(/```$/, '').trim());
   } catch (e) {
-    console.log(`  [LLM] JSON 解析失敗: ${e.message}`);
+    line(`[LLM] JSON 解析失敗: ${e.message}`);
     return [];
   }
 }

app/log.js

@@ -0,0 +1,23 @@
+export function section(title) {
+  console.log(`\n=== ${title} ===`);
+}
+
+export function step(stepName, title) {
+  console.log(`\n[${stepName}] ${title}`);
+}
+
+export function line(message) {
+  console.log(`  - ${message}`);
+}
+
+export function ok(message) {
+  console.log(`  ✓ ${message}`);
+}
+
+export function warn(message) {
+  console.log(`  ! ${message}`);
+}
+
+export function error(message) {
+  console.error(`  x ${message}`);
+}

app/main.js

@@ -1,110 +1,118 @@
 import path from 'path';
 import { GITEA_REPOSITORY, PR_NUMBER, PR_HEAD_BRANCH, PR_BASE_BRANCH, getLLMConfig, FINDINGS_PATH, EXCLUSIONS_PATH } from './config.js';
 import { loadRoles, getRoleIntro } from './roles.js';
-import { getPRDiff, postComment } from './gitea.js';
+import { getPRDiff, postComment, getCommitMessageBySha, getBotReviewOutcome, shouldSkipBotCommit } from './gitea.js';
 import { analyzeWithRole, loadOldFindings, mergeFindings, sortByLevel, deduplicateWithAI, loadExclusions, applyExclusions, filterFalsePositivesWithAI } from './findings.js';
 import { saveFindings, postOldFindingsComment, postNewNonCriticalComment, postNewCriticalComments } from './comments.js';
 import { cloneRepo, commitAndPush, getRepoState } from './git.js';
 import { validateJSONArrayFile, ensureJSONArrayFileExists } from './json.js';
+import { section, step, line, ok, warn, error } from './log.js';
 
 const WORKSPACE = process.env.GITHUB_WORKSPACE || '/workspace';
 
 async function main() {
-  console.log('='.repeat(60));
-  console.log('🚀 Step1: Pipeline 啟動');
-  console.log(`  repo=${GITEA_REPOSITORY}  PR=#${PR_NUMBER}`);
-  console.log(`  ${PR_HEAD_BRANCH} -> ${PR_BASE_BRANCH}`);
+  section('AI Code Review Pipeline');
+  step('Step1', 'Pipeline 啟動');
+  line(`repo=${GITEA_REPOSITORY}  PR=#${PR_NUMBER}`);
+  line(`${PR_HEAD_BRANCH} -> ${PR_BASE_BRANCH}`);
+
+  const headSha = process.env.PR_HEAD_SHA || process.env.GITHUB_SHA || '';
+  const headMessage = await getCommitMessageBySha(headSha);
+  const headOutcome = getBotReviewOutcome(headMessage);
+  line(`head check: sha=${headSha || 'empty'} outcome=${headOutcome}`);
+  if (headMessage.includes('[ai-review-bot]') && headOutcome === 'failure') {
+    error('偵測到 [ai-review-bot][failure]，直接讓 workflow 失敗');
+    section('Pipeline 結束');
+    process.exit(1);
+  }
+
+  if (await shouldSkipBotCommit()) {
+    ok('偵測到 [ai-review-bot] 自動提交，直接完成 action');
+    section('Pipeline 結束');
+    process.exit(0);
+  }
 
   const { provider, baseURL, model } = getLLMConfig();
   if (!provider) {
-    console.error('❌ 未設定任何 LLM API Key，請檢查 action inputs');
+    error('未設定任何 LLM API Key，請檢查 action inputs');
     process.exit(1);
   }
-  console.log(`  LLM: provider=${provider}  model=${model}  base_url=${baseURL}`);
+  line(`LLM: provider=${provider}  model=${model}  base_url=${baseURL}`);
 
   const roles = loadRoles();
-  console.log(`  已載入 ${roles.length} 個角色: [${roles.map(r => r.name).join(', ')}]`);
+  line(`已載入 ${roles.length} 個角色: [${roles.map(r => r.name).join(', ')}]`);
 
   let diff;
   try {
     diff = await getPRDiff();
-    console.log(`  diff 長度: ${diff.length} 字元`);
+    line(`diff 長度: ${diff.length} 字元`);
   } catch (e) {
-    console.error(`  ❌ 取得 diff 失敗: ${e.message}`);
+    error(`取得 diff 失敗: ${e.message}`);
     process.exit(1);
   }
 
   if (!diff.trim()) {
-    console.log('  ⚠️  diff 為空，無需審查');
+    warn('diff 為空，無需審查');
     process.exit(0);
   }
 
   try {
     const intro = getRoleIntro(roles) + `\n\n> 🔍 服務：${provider}  模型：${model}`;
     await postComment(intro);
-    console.log('  ✅ 角色介紹 comment 發布成功');
+    ok('角色介紹 comment 發布成功');
   } catch (e) {
-    console.log(`  ⚠️  comment 發布失敗（繼續執行）: ${e.message}`);
+    warn(`comment 發布失敗（繼續執行）: ${e.message}`);
   }
 
-  // Step2: 各角色分析 diff 產生新 findings
-  console.log('\n📊 Step2: Findings 產生');
+  step('Step2', 'Findings 產生');
   const results = await Promise.allSettled(roles.map(role => analyzeWithRole(role, diff)));
   const newFindings = [];
   for (let i = 0; i < results.length; i++) {
     if (results[i].status === 'fulfilled') {
       newFindings.push(...results[i].value);
     } else {
-      console.log(`  ⚠️  [${roles[i].name}] 分析失敗（跳過）: ${results[i].reason?.message}`);
+      warn(`[${roles[i].name}] 分析失敗（跳過）: ${results[i].reason?.message}`);
     }
   }
-  console.log(`  Step2 完成: 新 findings 總計 ${newFindings.length} 筆`);
+  ok(`Step2 完成: 新 findings 總計 ${newFindings.length} 筆`);
 
-  // Step4: 讀取舊 findings，合併去重（含 AI 語意去重）
-  console.log('\n🔀 Step3: Findings 合併');
-  // Clone repo 以讀取舊 findings 與排除清單
+  step('Step3', 'Findings 合併與語意去重');
   let repoDir;
   try {
     repoDir = cloneRepo(WORKSPACE);
   } catch (e) {
-    console.log(`  ⚠️  clone repo 失敗（繼續執行）: ${e.message}`);
+    warn(`clone repo 失敗（繼續執行）: ${e.message}`);
   }
   const repoState = repoDir ? getRepoState(repoDir) : null;
   if (repoState) {
-    console.log(`  repo 狀態: branch=${repoState.branch || 'detached'} commit=${repoState.shortSha || 'unknown'} commit_time=${repoState.commitTime || 'unknown'} path=${repoState.repoDir}`);
+    line(`repo 狀態: branch=${repoState.branch || 'detached'} commit=${repoState.shortSha || 'unknown'} commit_time=${repoState.commitTime || 'unknown'} path=${repoState.repoDir}`);
   }
   const oldFindings = loadOldFindings(repoDir || WORKSPACE);
   const mergedFindings = mergeFindings(oldFindings, newFindings);
-  console.log(`  Step3 merged findings total=${mergedFindings.length}`);
-
-  console.log('\n🤖 Step3b: AI 語意去重');
+  ok(`Step3 merged findings total=${mergedFindings.length}`);
   const deduped = await deduplicateWithAI(mergedFindings);
   const sorted = sortByLevel(deduped);
-  console.log(`  Step3b dedup findings total=${sorted.length} (critical=${sorted.filter(f=>f.level==='critical').length} warning=${sorted.filter(f=>f.level==='warning').length} info=${sorted.filter(f=>f.level==='info').length})`);
+  ok(`Step3 去重完成: ${mergedFindings.length} -> ${sorted.length} 筆 (critical=${sorted.filter(f=>f.level==='critical').length} warning=${sorted.filter(f=>f.level==='warning').length} info=${sorted.filter(f=>f.level==='info').length})`);
 
-  // Step5: 讀取排除問題檔案，過濾 PR 問題表格，並請 AI 判斷誤報
-  console.log('\n🚫 Step4: AI 排除問題過濾');
-  // 輸入至 findings 用於 AI 誤報過濾，exclusions 同時作為已知誤報參考
+  step('Step4', 'AI 排除問題過濾');
   const exclusions = loadExclusions(repoDir || WORKSPACE, repoState);
   const ruleFiltered = applyExclusions(sorted, exclusions);
   const filtered = await filterFalsePositivesWithAI(ruleFiltered, exclusions);
-  console.log(`  Step4 完成: findings total=${filtered.length}`);
+  ok(`Step4 完成: findings total=${filtered.length}`);
 
-  // Step6: 寫入 findings.json，依序發布 comment
-  console.log('\n📝 Step5: Findings 寫入與 Comment 發布');
+  step('Step5', 'Findings 寫入與 Comment 發布');
   const reviewDir = repoDir || WORKSPACE;
   saveFindings(WORKSPACE, filtered, reviewDir);
   try {
     await postOldFindingsComment(filtered);
     await postNewNonCriticalComment(filtered);
     await postNewCriticalComments(filtered);
-    console.log('  Step5 完成');
+    ok('Step5 完成');
   } catch (e) {
-    console.log(`  ⚠️  comment 發布失敗（繼續執行）: ${e.message}`);
+    warn(`comment 發布失敗（繼續執行）: ${e.message}`);
   }
 
-  // Step7: 驗證 findings.json 與 exclusions.json 為合法 JSON
-  console.log('\n🔎 Step6: JSON 格式驗證');
+  step('Step6', 'JSON 格式驗證');
   const missingPaths = [];
   for (const relPath of [FINDINGS_PATH, EXCLUSIONS_PATH]) {
     const fullPath = path.join(reviewDir, relPath);
@@ -120,24 +128,24 @@ async function main() {
     ensureJSONArrayFileExists(fullPath, relPath);
   }
 
-  // Step7: commit/push findings.json 到來源分支
-  console.log('\n💾 Step7: 記憶區 Commit/Push');
-  await commitAndPush(WORKSPACE, repoDir || WORKSPACE);
+  step('Step7', '記憶區 Commit/Push');
+  const reviewOutcome = filtered.some(f => f.level === 'critical') ? 'failure' : 'success';
+  line(`review outcome=${reviewOutcome}`);
+  await commitAndPush(WORKSPACE, repoDir || WORKSPACE, undefined, undefined, reviewOutcome);
 
-  // Step9: 有 critical 問題則 exit 1
-  console.log('\n🚦 Step8: 嚴重問題檢查');
+  step('Step8', '嚴重問題檢查');
   const criticalCount = filtered.filter(f => f.level === 'critical').length;
   if (criticalCount > 0) {
-    console.log(`  ❌ 發現 ${criticalCount} 個嚴重問題，workflow 結束（exit 1）`);
-    console.log('='.repeat(60));
+    error(`發現 ${criticalCount} 個嚴重問題，workflow 結束（exit 1）`);
+    section('Pipeline 結束');
     process.exit(1);
   }
-  console.log('  ✅ 無嚴重問題');
-  console.log('\n✅ Pipeline 完成');
-  console.log('='.repeat(60));
+  ok('無嚴重問題');
+  ok('Pipeline 完成');
+  section('Pipeline 結束');
 }
 
 main().catch(e => {
-  console.error('❌ Runner failed:', e.message);
+  error(`Runner failed: ${e.message}`);
   process.exit(1);
 });