mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
0e74b03d9cc851cff2d87aab038183427a5fcc28
stack/docs/CODEX-READY.md
Jason Woltje 6521cba735
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
feat: add flexible docker-compose architecture with profiles 
- Add OpenBao services to docker-compose.yml with profiles (openbao, full)
- Add docker-compose.build.yml for local builds vs registry pulls
- Make PostgreSQL and Valkey optional via profiles (database, cache)
- Create example compose files for common deployment scenarios:
  - docker/docker-compose.example.turnkey.yml (all bundled)
  - docker/docker-compose.example.external.yml (all external)
  - docker/docker.example.hybrid.yml (mixed deployment)
- Update documentation:
  - Enhance .env.example with profiles and external service examples
  - Update README.md with deployment mode quick starts
  - Add deployment scenarios to docs/OPENBAO.md
  - Create docker/DOCKER-COMPOSE-GUIDE.md with comprehensive guide
- Clean up repository structure:
  - Move shell scripts to scripts/ directory
  - Move documentation to docs/ directory
  - Move docker compose examples to docker/ directory
- Configure for external Authentik with internal services:
  - Comment out Authentik services (using external OIDC)
  - Comment out unused volumes for disabled services
  - Keep postgres, valkey, openbao as internal services

This provides a flexible deployment architecture supporting turnkey,
production (all external), and hybrid configurations via Docker Compose
profiles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 16:55:33 -06:00

178 lines
4.7 KiB
Markdown
Raw Blame History

# Codex Review — Ready to Commit
**Repository:** mosaic-stack (Mosaic Stack platform)
**Branch:** develop
**Date:** 2026-02-07
## Files Ready to Commit
```bash
cd ~/src/mosaic-stack
git status
```
**New files:**
- `.woodpecker/` — Complete Codex review CI pipeline
- `codex-review.yml` — Pipeline configuration
- `README.md` — Setup and troubleshooting guide
- `schemas/code-review-schema.json` — Code review output schema
- `schemas/security-review-schema.json` — Security review output schema
- `CODEX-SETUP.md` — Complete setup guide with activation steps
## What This Adds
### Independent AI Review System
- **Code quality review** — Correctness, testing, performance, code quality
- **Security review** — OWASP Top 10, secrets detection, injection flaws
- **Structured output** — JSON findings with severity levels
- **CI integration** — Automatic PR blocking on critical issues
### Works Alongside Existing CI
The main `.woodpecker.yml` handles:
- TypeScript type checking
- ESLint linting
- Vitest unit tests
- Playwright integration tests
- Docker builds
The new `.woodpecker/codex-review.yml` handles:
- AI-powered code review
- AI-powered security review
Both must pass for PR to be mergeable.
## Commit Command
```bash
cd ~/src/mosaic-stack
# Add Codex files
git add .woodpecker/ CODEX-SETUP.md
# Commit
git commit -m "feat: Add Codex AI review pipeline for automated code/security reviews
Add Woodpecker CI pipeline for independent AI-powered code quality and
security reviews on every pull request using OpenAI's Codex CLI.
Features:
- Code quality review (correctness, testing, performance, documentation)
- Security review (OWASP Top 10, secrets, injection, auth gaps)
- Parallel execution for fast feedback
- Fails on blockers or critical/high security findings
- Structured JSON output with actionable remediation steps
Integration:
- Runs independently from main CI pipeline
- Both must pass for PR merge
- Uses global scripts from ~/.claude/scripts/codex/
Files added:
- .woodpecker/codex-review.yml — Pipeline configuration
- .woodpecker/schemas/ — JSON schemas for structured output
- .woodpecker/README.md — Setup and troubleshooting
- CODEX-SETUP.md — Complete activation guide
To activate:
1. Add 'codex_api_key' secret to Woodpecker CI (ci.mosaicstack.dev)
2. Create a test PR to verify pipeline runs
3. Review findings in CI logs
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>"
# Push
git push
```
## Post-Push Actions
### 1. Add Woodpecker Secret
- Go to https://ci.mosaicstack.dev
- Navigate to `mosaic/stack` repository
- Settings → Secrets
- Add: `codex_api_key` = (your OpenAI API key)
- Select events: Pull Request, Manual
### 2. Test the Pipeline
```bash
# Create test branch
git checkout -b test/codex-review
echo "# Test change" >> README.md
git add README.md
git commit -m "test: Trigger Codex review"
git push -u origin test/codex-review
# Create PR (using tea CLI for Gitea)
tea pr create --title "Test: Codex Review Pipeline" \
--body "Testing automated AI code and security reviews"
```
### 3. Verify Pipeline Runs
- Check CI at https://ci.mosaicstack.dev
- Look for `code-review` and `security-review` steps
- Verify structured findings in logs
- Test that critical/high findings block merge
## Local Testing (Optional)
Before pushing, test locally:
```bash
cd ~/src/mosaic-stack
# Review uncommitted changes
~/.claude/scripts/codex/codex-code-review.sh --uncommitted
# Review against develop
~/.claude/scripts/codex/codex-code-review.sh -b develop
```
## Already Tested
**Tested on calibr repo commit `fab30ec`:**
- Successfully identified merge-blocking lint regression
- Correctly categorized as blocker severity
- Provided actionable remediation steps
- High confidence (0.98)
This validates the entire Codex review system.
## Benefits
**Independent review** — Separate AI model from Claude sessions
**Security-first** — OWASP coverage + CWE IDs
**Actionable** — Specific file/line references with fixes
**Fast** — 15-60 seconds per review
**Fail-safe** — Blocks merges on critical issues
**Reusable** — Global scripts work across all repos
## Documentation
- **Setup guide:** `CODEX-SETUP.md` (this repo)
- **Pipeline README:** `.woodpecker/README.md` (this repo)
- **Global scripts:** `~/.claude/scripts/codex/README.md`
- **Test results:** `~/src/calibr/TEST-RESULTS.md` (calibr repo test)
## Next Repository
After mosaic-stack, the Codex review system can be added to:
- Any repository with Woodpecker CI
- Any repository with GitHub Actions (using `openai/codex-action`)
- Local-only usage via the global scripts
Just copy `.woodpecker/` directory and add the API key secret.
---
_Ready to commit and activate! 🚀_
Reference in New Issue View Git Blame Copy Permalink