The release job uses ubuntu:24.04 which lacks git. After adding
commit-based release notes generation, git commands (config/describe/log)
fail with "git: not found". Install git before checkout so the full
history is available for release notes.
Replace GitHub releases download with `npm i -g` so platform package
installations also get auto-updates. On permission failure, write a hint
file that bin/ocr.js reads to prompt the user to update manually.
* feat: add install.sh for one-line release install
Add a POSIX install script that detects OS/arch, resolves the latest
release (override with OCR_VERSION), verifies the SHA-256 checksum
fail-closed, and installs the ocr binary to /usr/local/bin (override
with OCR_INSTALL_DIR, sudo fallback when needed).
README now leads with a single curl | sh command and keeps the manual
per-platform downloads in a collapsible section for Windows and offline
use.
* fix: harden install.sh shell robustness
- replace word-split $SHA_CMD invocation with a sha256() wrapper function
- capture github api response and fail explicitly on curl error instead of
masking it through the tag-parsing pipeline under set -eu
* fix: harden install.sh from local ocr review
- trap INT/TERM in addition to EXIT so the temp dir is cleaned on signals
- install binary with install(1) so sudo installs are root-owned in system dirs
- make sha256() self-contained (errors if no checksum tool) and drop the now
redundant up-front guard
* docs(i18n): sync install one-liner to localized READMEs
Apply the same GitHub Release install-section change as README.md to the
zh-CN/ja-JP/ko-KR/ru-RU translations: lead with the curl|sh one-liner plus
OCR_INSTALL_DIR/OCR_VERSION override example, and move the per-platform
manual downloads into a <details> block.
Use "Proportion" (EN) and "Доля" (RU) instead of the bare "%" symbol
for consistency with the Chinese, Japanese, and Korean translations
which already use their respective words for "proportion".
The generic YAML rule only checked spelling in keys, which is insufficient
for CI/CD workflow files. Add layered rules with security, correctness,
reliability checks for .github/workflows/ and structure validation for
other .github/ config files (issue templates, release config).
Add continuous integration pipeline that runs go vet, tests with
race detection, and a build check on every push to main and PR.
Satisfies the OpenSSF Best Practices test_continuous_integration criterion.
Satisfy the OpenSSF Best Practices "release_notes" criterion by parsing
commits between tags and categorizing them into Features, Bug Fixes,
Refactoring, and Documentation sections.
- Switch logo from logo.svg to logo-core.svg with smaller size
- Replace <p> wrapper with <div> and add <h1> title
- Remove redundant tagline and separator
- Add DeepWiki badge to all README variants
- Sync changes across all i18n README files (zh-CN, ja-JP, ko-KR, ru-RU)
* ci: add rate limit handling and version verification to GitHub Actions workflow
- Add version check after OCR installation to verify successful setup
- Implement exponential backoff retry logic for GitHub API rate limits
- Add delays between individual comment posts to avoid secondary rate limits
- GitHub enforces ~80 content-generating requests per minute; spacing calls
helps stay under that threshold with 2-second base delay and up to 3 retries
* ci: refine rate limit handling in GitHub Actions workflow
- Add `|| true` to ocr version check for error isolation
- Narrow rate limit detection to 429 and 403 with rate-limit
message matching, avoiding retries on permission/auth failures
- Extract hardcoded delay constants into env-configurable
variables (OCR_RETRY_BASE_DELAY, OCR_MAX_RETRIES,
OCR_SUCCESS_DELAY, OCR_FAILURE_DELAY) with sensible defaults
- Document optional environment variables in workflow header
* docs: add environment variable configuration guide for retry and delay settings
* ci: add rate-limit resilience and version check to GitLab CI pipeline
- Add `ocr version || true` after install for diagnostic logging
- Add `api_request_with_retry` function with exponential backoff
for 429 and 403 (rate-limit message matching) errors
- Respect GitLab `Retry-After` header when present
- Extract delay constants into CI/CD-configurable variables
(OCR_RETRY_BASE_DELAY, OCR_MAX_RETRIES,
OCR_SUCCESS_DELAY, OCR_FAILURE_DELAY) with defaults
- Add pacing delays between successful/failed discussion posts
- Document optional CI/CD variables in pipeline header comments
* docs: add retry/delay settings section to GitLab CI README
* ci: fix rate-limit retry delay exhaustion handling in CI workflows
- GitHub Actions: distinguish exhausted rate-limit retries from other errors, apply SUCCESS_DELAY (2s) instead of FAILURE_DELAY (1s) when retries exhausted
- GitLab CI: return structured result from api_request_with_retry to differentiate failure types, apply context-aware delays based on rate-limit exhaustion status
- Both: prevent perpetuating rate-limit failures by using longer delays after retry exhaustion
* ci: align GitHub Actions rate-limit retry with header-based strategy
Derive wait durations from response headers (retry-after, x-ratelimit-reset)
instead of fixed exponential backoff, add proactive throttle when remaining
quota is low, honor batch-level rate limits before per-comment retry, and add
support for transient 5xx/408 errors.
* feat(gitlab-ci): enhance rate-limit handling with jitter, max retry delay, and proactive throttling
- Add ±25% jitter on retry delays to avoid thundering herd problems
- Add OCR_MAX_RETRY_DELAY (default 60s) to cap per-retry wait time
- Add OCR_RATE_LIMIT_THRESHOLD (default 10) for proactive throttling
based on GitLab RateLimit-Remaining response header
- Parse Retry-After header properly (handle non-numeric values)
- Apply retry logic to all API requests (notes, versions, discussions)
- Parse and log RateLimit-Remaining/Limit headers for observability
- Double pacing delay when remaining quota drops below threshold
- Update README with new configuration variables and behavior docs
* fix(examples): sync rate-limit docs with script defaults and add missing variables
- GitHub Actions README: fix OCR_RETRY_BASE_DELAY default from 2000 to 60000
(matching script code and header comments)
- GitHub Actions README: add missing OCR_RETRY_MAX_DELAY, OCR_LOW_REMAINING_THRESHOLD,
OCR_LOW_REMAINING_SPACING variables
- GitHub Actions README: add GitHub Rate Limits doc reference link
- GitHub Actions yml header: add OCR_LLM_USE_ANTHROPIC and llm.extra_body notes
- GitLab CI yml header: add llm.extra_body note
- GitLab CI README: add GitLab Rate Limits doc reference link
* ci(examples): unify header lookup and add transient retry backoff
- GitHub Actions: extract inline header closure into a reusable getHeader
helper; use it in both computeRetryDelayMs and logRateLimitQuota for
consistent case-insensitive header access.
- GitHub Actions: use a 2s transientBase for 5xx/408 exponential backoff
instead of the 60s rate-limit base, since server hiccups are typically
short-lived and the longer base stalled CI jobs unnecessarily.
- GitLab CI: add a _get_header helper and route all header access
(Retry-After, RateLimit-*) through it, matching the GitHub Actions
approach.
- GitLab CI: add transient retry logic for 5xx/408 errors with a 2s
base delay, so server errors no longer fail immediately.
Add Codex GPT-5.5 benchmark data: F1 8.36%, Precision 27.82% (74/266),
Recall 4.92% (74/1505), avg time 2m58s, avg token 525K.
Update legend to show Codex version and /review command.
Regenerate benchmark screenshots for en and zh.
Extract utility functions (stripEmptyPlanBlock, stripMarkdownFences,
buildMessageXML, copyMessages, countMessagesTokens, reviewModeString,
detectGitBranch) into util.go and all compression logic into compression.go
to improve readability (agent.go: 1489 → 1114 lines).
Fix pre-existing compression bugs from commit 14adf6f:
- Return unmodified messages on compression failure instead of truncating
to frozen zone (which discarded all conversation context)
- Check error in async compression goroutine to avoid applying failed results
- Track snapshot length to append post-snapshot messages when applying async
compression, preventing silent message loss
- Strip old <previous_review_summary> before appending new one to prevent
cumulative frozen zone bloat across multiple compressions
- Guard pendingJob cleanup to only clear when it matches the completed job,
preventing accidental clearing of a newly scheduled job
- Add context.Context and 5s timeout to detectGitBranch
- Deep copy ToolCalls in copyMessages to match session/history.go
- Reuse finalCount in addNextMessage to avoid redundant token counting
Move all LLM prompt content from inline JSON strings in task_template.json
to individual Markdown files under prompts/, following the same embed.FS
pattern used by internal/config/rules/. This improves maintainability by
enabling native syntax highlighting, cleaner diffs, and separation of
prompt content from runtime configuration.
Also removes two dead config fields (TOOL_REQUEST_WAIT_TIME_MS,
MAX_SUBTASK_EXECUTION_TIME_MINUTES) that had no runtime consumers.
Add benchmark comparison data (metrics table, key conclusion, and
screenshot) to EN, ZH-CN, JA-JP, KO-KR, and RU-RU READMEs.
Non-Chinese languages use the English screenshot.
Update Claude Code benchmark results for Claude-4.8-Opus and GLM-5.1,
refresh token cost ratio (1/5 → 1/9) and F1 score (26.1% → 25.1%) to
reflect latest data. Add clickable sort headers for F1/Precision/Recall
columns with visual indicators. Centralize hardcoded stats into i18n
and use semantic i18n keys for benchmark subtitle.
Add preset provider list (Anthropic, OpenAI, DashScope, DeepSeek, Z.AI)
and custom endpoint support details to the multi-model protocol feature
description in both en.ts and zh.ts.
The main npm package included all 6 platform binaries (~243MB) because
.npmignore did not exclude the opencodereview-* artifacts downloaded
during CI. Adding a files whitelist reduces the package from ~243MB
to ~1.4MB.
Session directories were created with 0755 (rwxr-xr-x) and session
files with 0644 (rw-r--r--), making them readable by any local user
on shared systems such as multi-user servers and CI runners.
Session JSONL files contain full LLM request and response data,
including the complete source code diff, file contents read by the
file_read tool, and the model's analysis — all sensitive material.
Change MkdirAll mode from 0755 to 0700 and OpenFile mode from 0644
to 0600, restricting access to the file owner only. This matches the
0600 permission already used for the config file (which holds the API
key) in cmd/opencodereview/provider_cmd.go.
Fixes#144
Internal npm registry (anpm) only allows specific scopes like @ali,
not @alibaba-group. Derive scope from OCR_PKG_NAME and apply it to
platform subpackage names during publish. Also make platform.js read
package names from optionalDependencies dynamically instead of relying
solely on the hardcoded scope.
Ship Go binaries inside per-platform npm packages (@alibaba-group/ocr-{os}-{arch})
so npm install resolves the correct binary via optionalDependencies + os/cpu fields.
This removes the need for a postinstall download from GitHub Releases, which is
extremely slow for users behind restricted networks (e.g. China mainland).
The postinstall download is retained as a fallback for --no-optional installs.
ApplyLanguage was only called when the config file existed, so without
~/.opencodereview/config.json no language instruction was injected and
the LLM picked its own language. Now ApplyLanguage is called
unconditionally, defaulting to English via resolveLang("").
Update all README translations to reflect the corrected default
(English) and clarify that any language name is accepted.
Previously, checksum failures in install.js were silently downgraded to
warnings, allowing unverified binaries to be installed. Similarly,
update.js accepted HTTP registries and skipped verification when no
matching platform entry was found.
Now both scripts treat checksum verification as mandatory when configured:
all failure paths (download error, compute error, mismatch, missing
platform entry) abort the operation and clean up downloaded files.
update.js also drops the http module and silently skips version checks
for non-HTTPS registries.
Align README.ru-RU.md with the English README updates from 72aad2c:
add interactive provider/model setup (Option A), restructure config
options into A/B/C, and add new commands to the reference table.
Strip C0/C1 control characters and DEL from model/diff-derived strings
before printing to the terminal, preventing OSC 52 clipboard hijack,
screen erasure spoofing, and other ANSI injection attacks (CWE-150).
JSON output is unaffected as encoding/json already escapes control chars.