← 返回 Skills 市场
aaronz345

Codebase Argus

作者 Yu Zhang · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ✓ 安全检测通过
22
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install codebase-argus
功能描述
Portable Codebase Argus agent playbook for evidence-first multi-agent review of GitHub pull requests, CI failures, GitHub Actions logs, GitHub App webhook re...
使用说明 (SKILL.md)

Codebase Argus

Use this portable agent playbook for evidence-first codebase review across GitHub PRs, CI failures, and downstream fork integration work. It works as an OpenClaw/ClawHub skill, Codex project instruction, Claude Code project instruction, or a plain Markdown playbook for any coding agent that can run local shell commands.

Both upstream and downstream workflows can send the same evidence package to one provider or a multi-agent tribunal.

Fast Path

From a Codebase Argus checkout:

npm install
npm run argus -- review owner/repo#123

For private repositories or higher GitHub API limits:

GITHUB_TOKEN=\x3Cread-only-token> npm run argus -- review owner/repo#123

Do not print tokens. Do not write tokens to files.

Upstream PR Review

Default review is deterministic and rule-based:

npm run argus -- review owner/repo#123 --format markdown

Use a policy file when the repository has local rules:

npm run argus -- review owner/repo#123 --policy .codebase-argus.yml

Use API providers when credentials are available in the environment:

OPENAI_API_KEY=\x3Ckey> npm run argus -- review owner/repo#123 --provider openai-api
ANTHROPIC_API_KEY=\x3Ckey> npm run argus -- review owner/repo#123 --provider anthropic-api
GEMINI_API_KEY=\x3Ckey> npm run argus -- review owner/repo#123 --provider gemini-api

Use local CLI providers only in trusted local workspaces:

npm run argus -- review owner/repo#123 --provider codex-cli
npm run argus -- review owner/repo#123 --provider claude-cli
npm run argus -- review owner/repo#123 --provider gemini-cli

For multi-agent review:

npm run argus -- review owner/repo#123 --tribunal openai-api,claude-cli,codex-cli

Treat output as review assistance. Do not approve, merge, push, or post comments automatically unless the user explicitly asks.

CI Failure Review

When the user provides a failing job log or local log file, review it through the same provider system:

npm run argus -- ci-log logs/failure.txt
npm run argus -- ci-log logs/failure.txt --provider codex-cli
npm run argus -- ci-log logs/failure.txt --tribunal codex-cli,claude-cli,gemini-cli

When the user points at a GitHub PR with failing Actions checks, fetch the job logs directly:

GITHUB_TOKEN=\x3Cread-only-token> npm run argus -- ci-github owner/repo#123
GITHUB_TOKEN=\x3Cread-only-token> npm run argus -- ci-github owner/repo#123 --provider codex-cli

Focus on the first failing command, the most likely root cause, and the smallest fix that can be verified locally.

Autofix Plan

Use autofix-plan when the user asks for suggested fixes, safe automatic repair, or a branch plan for narrow mechanical failures:

npm run argus -- autofix-plan owner/repo#123

The plan covers gated lanes such as npm lockfile refreshes, snapshot updates, and formatter/linter fixes. Treat it as a command plan; do not execute, push, or open a PR unless the user explicitly asks.

GitHub App Webhook Review

For automatic PR review, the deployed Next.js server exposes:

POST /api/github/webhook
GET /api/github/app-manifest

Required environment:

GITHUB_WEBHOOK_SECRET=\x3Csecret>
GITHUB_APP_ID=\x3Capp-id>
GITHUB_APP_PRIVATE_KEY=\x3Cpem-or-escaped-pem>

Use GITHUB_APP_PRIVATE_KEY_BASE64 if storing multiline PEM is awkward. The webhook verifies X-Hub-Signature-256, reviews opened, reopened, ready_for_review, and synchronize, ignores draft PRs, posts COMMENT reviews only, and can add inline comments when ARGUS_WEBHOOK_INLINE_COMMENTS=true.

Supported PR comment commands:

/argus help
/argus review
/argus ci
/argus autofix
/argus pause
/argus resume

/argus pause applies argus:paused; automatic review skips PRs with that label. /argus resume removes it.

Do not approve, request changes, merge, push, or post comments outside this configured webhook path unless the user explicitly asks.

What To Look For

Prioritize findings with concrete evidence:

  • failing or pending checks;
  • source changes without matching tests;
  • workflow edits, especially pull_request_target;
  • auth, token, webhook, payment, signature, or route-handling changes;
  • dependency and lockfile changes;
  • large PRs that exceed policy gates;
  • stacked PRs targeting non-default base branches;
  • merge queue states such as blocked, behind, dirty, or unstable;
  • agreement between multiple providers.

Low-confidence model-only claims need manual verification before reporting them as facts.

Downstream Fork Sync And Integration Review

For long-lived fork maintenance, use the downstream CLI first:

npm run argus -- downstream owner/upstream me/fork
npm run argus -- downstream owner/upstream me/fork --upstream-branch main --fork-branch feature/demo

For AI CLI review of merge/rebase risk:

npm run argus -- downstream owner/upstream me/fork --fork-branch feature/demo --provider codex-cli
npm run argus -- downstream owner/upstream me/fork --fork-branch feature/demo --tribunal codex-cli,claude-cli,gemini-cli

When the user explicitly asks the agent to perform the downstream integration, use sync. It prints a dry-run plan unless --execute is present:

npm run argus -- sync owner/upstream me/fork --mode merge --fork-branch feature/demo --test "npm test"
npm run argus -- sync owner/upstream me/fork --mode rebase --fork-branch feature/demo --test "npm test" --execute --push --create-pr

Execution rules:

  • run downstream with a provider or tribunal first for risky branches;
  • prefer a sync branch such as sync/upstream-main;
  • push only with explicit --push;
  • open a PR only with explicit --create-pr;
  • never push directly over the user's original target branch;
  • report failed commands, conflicts, and test output without hiding them.

The downstream prompt must consider both integration paths:

  • merge upstream into the fork, using git merge-tree conflict evidence;
  • rebase the fork on upstream, using temporary worktree rebase simulation;
  • patch-equivalent cleanup candidates from git cherry -v;
  • semantic patch movement from git range-diff;
  • backup, test, and force-with-lease gates before any push.

Use the local dashboard when a human needs to inspect the same evidence visually:

npm run dev

Open the Downstream Fork Sync, Downstream Merge/Rebase Risk, and Downstream Agent Workflow panels. The local analyzer works in .cache/repos and temporary worktrees, and must not push or force-push by itself. Actual sync execution belongs to the CLI sync command and only runs after explicit flags.

安全使用建议
Before installing, verify the external Codebase Argus checkout, use read-only or least-privileged credentials, restrict any GitHub App to the intended repositories, and only send private code or logs to AI providers if your policy allows it.
功能分析
Type: OpenClaw Skill Name: codebase-argus Version: 0.1.0 The codebase-argus skill is a playbook for an AI agent to perform GitHub PR reviews, CI log analysis, and repository synchronization. While it handles sensitive credentials (GitHub tokens and AI API keys) and performs Git operations, SKILL.md contains multiple explicit safety guardrails, such as instructions to never print tokens, never push/merge without explicit user consent, and avoid overwriting target branches. The requested permissions and environment variables are consistent with its stated purpose of codebase management.
能力标签
cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials
能力评估
Purpose & Capability
The visible instructions match the stated purpose: GitHub PR review, CI-log review, autofix planning, provider-based review, and webhook comment review. These are broad developer-workflow capabilities, but they are purpose-aligned.
Instruction Scope
The playbook includes explicit limits such as not approving, merging, pushing, or posting comments automatically unless requested, with the configured webhook path as the disclosed automation exception.
Install Mechanism
There is no install spec and no reviewed code in the artifact; the playbook tells users to run npm commands from a Codebase Argus checkout, so users must verify that external checkout before running it.
Credentials
Optional GitHub, GitHub App, and AI-provider credentials are proportionate to the integration. The wallet/purchase capability signals are not supported by visible SKILL.md behavior and appear unrelated to actual use.
Persistence & Privilege
A deployed GitHub App webhook can keep reacting to PR events and posting comment reviews. This is disclosed, scoped to the webhook path, and includes pause/resume controls, but it is ongoing automation.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install codebase-argus
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /codebase-argus 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of Codebase Argus – a portable, evidence-first agent playbook for codebase and CI workflow review. - Enables multi-agent, evidence-driven review of GitHub PRs, CI failures, and downstream fork integration. - Supports multiple review providers (OpenAI, Anthropic, Gemini, Codex), including multi-agent "tribunal" mode. - Handles GitHub App webhooks and `/argus` PR comment commands for automated, rule-based PR and CI review. - Provides structured autofix branch planning for safe, mechanical fixes. - Focuses on security, audit, and test coverage in review findings; emphasizes non-intrusive, user-directed actions. - Designed to work as an OpenClaw/ClawHub skill, with clear CLI usage, provider, and credential options.
元数据
Slug codebase-argus
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Codebase Argus 是什么?

Portable Codebase Argus agent playbook for evidence-first multi-agent review of GitHub pull requests, CI failures, GitHub Actions logs, GitHub App webhook re... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 22 次。

如何安装 Codebase Argus?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install codebase-argus」即可一键安装,无需额外配置。

Codebase Argus 是免费的吗?

是的,Codebase Argus 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Codebase Argus 支持哪些平台?

Codebase Argus 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Codebase Argus?

由 Yu Zhang(@aaronz345)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论