← Back to Skills Marketplace
aaronz345

Codebase Argus

by Yu Zhang · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ✓ Security Clean
22
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install codebase-argus
Description
Portable Codebase Argus agent playbook for evidence-first multi-agent review of GitHub pull requests, CI failures, GitHub Actions logs, GitHub App webhook re...
README (SKILL.md)

Codebase Argus

Use this portable agent playbook for evidence-first codebase review across GitHub PRs, CI failures, and downstream fork integration work. It works as an OpenClaw/ClawHub skill, Codex project instruction, Claude Code project instruction, or a plain Markdown playbook for any coding agent that can run local shell commands.

Both upstream and downstream workflows can send the same evidence package to one provider or a multi-agent tribunal.

Fast Path

From a Codebase Argus checkout:

npm install
npm run argus -- review owner/repo#123

For private repositories or higher GitHub API limits:

GITHUB_TOKEN=\x3Cread-only-token> npm run argus -- review owner/repo#123

Do not print tokens. Do not write tokens to files.

Upstream PR Review

Default review is deterministic and rule-based:

npm run argus -- review owner/repo#123 --format markdown

Use a policy file when the repository has local rules:

npm run argus -- review owner/repo#123 --policy .codebase-argus.yml

Use API providers when credentials are available in the environment:

OPENAI_API_KEY=\x3Ckey> npm run argus -- review owner/repo#123 --provider openai-api
ANTHROPIC_API_KEY=\x3Ckey> npm run argus -- review owner/repo#123 --provider anthropic-api
GEMINI_API_KEY=\x3Ckey> npm run argus -- review owner/repo#123 --provider gemini-api

Use local CLI providers only in trusted local workspaces:

npm run argus -- review owner/repo#123 --provider codex-cli
npm run argus -- review owner/repo#123 --provider claude-cli
npm run argus -- review owner/repo#123 --provider gemini-cli

For multi-agent review:

npm run argus -- review owner/repo#123 --tribunal openai-api,claude-cli,codex-cli

Treat output as review assistance. Do not approve, merge, push, or post comments automatically unless the user explicitly asks.

CI Failure Review

When the user provides a failing job log or local log file, review it through the same provider system:

npm run argus -- ci-log logs/failure.txt
npm run argus -- ci-log logs/failure.txt --provider codex-cli
npm run argus -- ci-log logs/failure.txt --tribunal codex-cli,claude-cli,gemini-cli

When the user points at a GitHub PR with failing Actions checks, fetch the job logs directly:

GITHUB_TOKEN=\x3Cread-only-token> npm run argus -- ci-github owner/repo#123
GITHUB_TOKEN=\x3Cread-only-token> npm run argus -- ci-github owner/repo#123 --provider codex-cli

Focus on the first failing command, the most likely root cause, and the smallest fix that can be verified locally.

Autofix Plan

Use autofix-plan when the user asks for suggested fixes, safe automatic repair, or a branch plan for narrow mechanical failures:

npm run argus -- autofix-plan owner/repo#123

The plan covers gated lanes such as npm lockfile refreshes, snapshot updates, and formatter/linter fixes. Treat it as a command plan; do not execute, push, or open a PR unless the user explicitly asks.

GitHub App Webhook Review

For automatic PR review, the deployed Next.js server exposes:

POST /api/github/webhook
GET /api/github/app-manifest

Required environment:

GITHUB_WEBHOOK_SECRET=\x3Csecret>
GITHUB_APP_ID=\x3Capp-id>
GITHUB_APP_PRIVATE_KEY=\x3Cpem-or-escaped-pem>

Use GITHUB_APP_PRIVATE_KEY_BASE64 if storing multiline PEM is awkward. The webhook verifies X-Hub-Signature-256, reviews opened, reopened, ready_for_review, and synchronize, ignores draft PRs, posts COMMENT reviews only, and can add inline comments when ARGUS_WEBHOOK_INLINE_COMMENTS=true.

Supported PR comment commands:

/argus help
/argus review
/argus ci
/argus autofix
/argus pause
/argus resume

/argus pause applies argus:paused; automatic review skips PRs with that label. /argus resume removes it.

Do not approve, request changes, merge, push, or post comments outside this configured webhook path unless the user explicitly asks.

What To Look For

Prioritize findings with concrete evidence:

  • failing or pending checks;
  • source changes without matching tests;
  • workflow edits, especially pull_request_target;
  • auth, token, webhook, payment, signature, or route-handling changes;
  • dependency and lockfile changes;
  • large PRs that exceed policy gates;
  • stacked PRs targeting non-default base branches;
  • merge queue states such as blocked, behind, dirty, or unstable;
  • agreement between multiple providers.

Low-confidence model-only claims need manual verification before reporting them as facts.

Downstream Fork Sync And Integration Review

For long-lived fork maintenance, use the downstream CLI first:

npm run argus -- downstream owner/upstream me/fork
npm run argus -- downstream owner/upstream me/fork --upstream-branch main --fork-branch feature/demo

For AI CLI review of merge/rebase risk:

npm run argus -- downstream owner/upstream me/fork --fork-branch feature/demo --provider codex-cli
npm run argus -- downstream owner/upstream me/fork --fork-branch feature/demo --tribunal codex-cli,claude-cli,gemini-cli

When the user explicitly asks the agent to perform the downstream integration, use sync. It prints a dry-run plan unless --execute is present:

npm run argus -- sync owner/upstream me/fork --mode merge --fork-branch feature/demo --test "npm test"
npm run argus -- sync owner/upstream me/fork --mode rebase --fork-branch feature/demo --test "npm test" --execute --push --create-pr

Execution rules:

  • run downstream with a provider or tribunal first for risky branches;
  • prefer a sync branch such as sync/upstream-main;
  • push only with explicit --push;
  • open a PR only with explicit --create-pr;
  • never push directly over the user's original target branch;
  • report failed commands, conflicts, and test output without hiding them.

The downstream prompt must consider both integration paths:

  • merge upstream into the fork, using git merge-tree conflict evidence;
  • rebase the fork on upstream, using temporary worktree rebase simulation;
  • patch-equivalent cleanup candidates from git cherry -v;
  • semantic patch movement from git range-diff;
  • backup, test, and force-with-lease gates before any push.

Use the local dashboard when a human needs to inspect the same evidence visually:

npm run dev

Open the Downstream Fork Sync, Downstream Merge/Rebase Risk, and Downstream Agent Workflow panels. The local analyzer works in .cache/repos and temporary worktrees, and must not push or force-push by itself. Actual sync execution belongs to the CLI sync command and only runs after explicit flags.

Usage Guidance
Before installing, verify the external Codebase Argus checkout, use read-only or least-privileged credentials, restrict any GitHub App to the intended repositories, and only send private code or logs to AI providers if your policy allows it.
Capability Analysis
Type: OpenClaw Skill Name: codebase-argus Version: 0.1.0 The codebase-argus skill is a playbook for an AI agent to perform GitHub PR reviews, CI log analysis, and repository synchronization. While it handles sensitive credentials (GitHub tokens and AI API keys) and performs Git operations, SKILL.md contains multiple explicit safety guardrails, such as instructions to never print tokens, never push/merge without explicit user consent, and avoid overwriting target branches. The requested permissions and environment variables are consistent with its stated purpose of codebase management.
Capability Tags
cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The visible instructions match the stated purpose: GitHub PR review, CI-log review, autofix planning, provider-based review, and webhook comment review. These are broad developer-workflow capabilities, but they are purpose-aligned.
Instruction Scope
The playbook includes explicit limits such as not approving, merging, pushing, or posting comments automatically unless requested, with the configured webhook path as the disclosed automation exception.
Install Mechanism
There is no install spec and no reviewed code in the artifact; the playbook tells users to run npm commands from a Codebase Argus checkout, so users must verify that external checkout before running it.
Credentials
Optional GitHub, GitHub App, and AI-provider credentials are proportionate to the integration. The wallet/purchase capability signals are not supported by visible SKILL.md behavior and appear unrelated to actual use.
Persistence & Privilege
A deployed GitHub App webhook can keep reacting to PR events and posting comment reviews. This is disclosed, scoped to the webhook path, and includes pause/resume controls, but it is ongoing automation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install codebase-argus
  3. After installation, invoke the skill by name or use /codebase-argus
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of Codebase Argus – a portable, evidence-first agent playbook for codebase and CI workflow review. - Enables multi-agent, evidence-driven review of GitHub PRs, CI failures, and downstream fork integration. - Supports multiple review providers (OpenAI, Anthropic, Gemini, Codex), including multi-agent "tribunal" mode. - Handles GitHub App webhooks and `/argus` PR comment commands for automated, rule-based PR and CI review. - Provides structured autofix branch planning for safe, mechanical fixes. - Focuses on security, audit, and test coverage in review findings; emphasizes non-intrusive, user-directed actions. - Designed to work as an OpenClaw/ClawHub skill, with clear CLI usage, provider, and credential options.
Metadata
Slug codebase-argus
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Codebase Argus?

Portable Codebase Argus agent playbook for evidence-first multi-agent review of GitHub pull requests, CI failures, GitHub Actions logs, GitHub App webhook re... It is an AI Agent Skill for Claude Code / OpenClaw, with 22 downloads so far.

How do I install Codebase Argus?

Run "/install codebase-argus" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Codebase Argus free?

Yes, Codebase Argus is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Codebase Argus support?

Codebase Argus is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Codebase Argus?

It is built and maintained by Yu Zhang (@aaronz345); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments