Feat/generic sdk #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Cursor Code Review | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| issues: write | |
| jobs: | |
| code-review: | |
| runs-on: ubuntu-latest | |
| # Skip automated code review for draft PRs | |
| if: github.event.pull_request.draft == false | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Install Cursor CLI | |
| run: | | |
| curl https://cursor.com/install -fsS | bash | |
| echo "$HOME/.cursor/bin" >> $GITHUB_PATH | |
| - name: Configure git identity | |
| run: | | |
| git config user.name "Cursor Agent" | |
| git config user.email "cursoragent@cursor.com" | |
| - name: Perform automated code review | |
| env: | |
| CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }} | |
| MODEL: gpt-5-codex | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BLOCKING_REVIEW: ${{ vars.BLOCKING_REVIEW || 'false' }} | |
| run: | | |
| cursor-agent --force --model "$MODEL" --output-format=text --print 'You are operating in a GitHub Actions runner performing automated code review. The gh CLI is available and authenticated via GH_TOKEN. You may comment on pull requests. | |
| Context: | |
| - Repo: ${{ github.repository }} | |
| - PR Number: ${{ github.event.pull_request.number }} | |
| - PR Head SHA: ${{ github.event.pull_request.head.sha }} | |
| - PR Base SHA: ${{ github.event.pull_request.base.sha }} | |
| - Blocking Review: ${{ env.BLOCKING_REVIEW }} | |
| Objectives: | |
| 1) Re-check existing review comments and reply resolved when addressed. | |
| 2) Review the current PR diff and flag only clear, high-severity issues. | |
| 3) Leave very short inline comments (1-2 sentences) on changed lines only and a brief summary at the end. | |
| Procedure: | |
| - Get existing comments: gh pr view --json comments | |
| - Get diff: gh pr diff | |
| - Get changed files with patches to compute inline positions: gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files --paginate --jq '.[] | {filename,patch}' | |
| - Compute exact inline anchors for each issue (file path + diff position). Comments MUST be placed inline on the changed line in the diff, not as top-level comments. | |
| - Detect prior top-level "no issues" style comments authored by this bot (match bodies like: "✅ no issues", "No issues found", "LGTM"). | |
| - If CURRENT run finds issues and any prior "no issues" comments exist: | |
| - Prefer to remove them to avoid confusion: | |
| - Try deleting top-level issue comments via: gh api -X DELETE repos/${{ github.repository }}/issues/comments/<comment_id> | |
| - If deletion isn't possible, minimize them via GraphQL (minimizeComment) or edit to prefix "[Superseded by new findings]". | |
| - If neither delete nor minimize is possible, reply to that comment: "⚠️ Superseded: issues were found in newer commits". | |
| - If a previously reported issue appears fixed by nearby changes, reply: ✅ This issue appears to be resolved by the recent changes | |
| - Analyze ONLY for: | |
| - Null/undefined dereferences | |
| - Resource leaks (unclosed files or connections) | |
| - Injection (SQL/XSS) | |
| - Concurrency/race conditions | |
| - Missing error handling for critical operations | |
| - Obvious logic errors with incorrect behavior | |
| - Clear performance anti-patterns with measurable impact | |
| - Definitive security vulnerabilities | |
| - Avoid duplicates: skip if similar feedback already exists on or near the same lines. | |
| Commenting rules: | |
| - Max 10 inline comments total; prioritize the most critical issues | |
| - One issue per comment; place on the exact changed line | |
| - All issue comments MUST be inline (anchored to a file and line/position in the PR diff) | |
| - Natural tone, specific and actionable; do not mention automated or high-confidence | |
| - Use emojis: 🚨 Critical 🔒 Security ⚡ Performance ⚠️ Logic ✅ Resolved ✨ Improvement | |
| Submission: | |
| - If there are NO issues to report and an existing top-level comment indicating "no issues" already exists (e.g., "✅ no issues", "No issues found", "LGTM"), do NOT submit another comment. Skip submission to avoid redundancy. | |
| - If there are NO issues to report and NO prior "no issues" comment exists, submit one brief summary comment noting no issues. | |
| - If there ARE issues to report and a prior "no issues" comment exists, ensure that prior comment is deleted/minimized/marked as superseded before submitting the new review. | |
| - If there ARE issues to report, submit ONE review containing ONLY inline comments plus an optional concise summary body. Use the GitHub Reviews API to ensure comments are inline: | |
| - Build a JSON array of comments like: [{ "path": "<file>", "position": <diff_position>, "body": "..." }] | |
| - Submit via: gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews -f event=COMMENT -f body="$SUMMARY" -f comments='[$COMMENTS_JSON]' | |
| - Do NOT use: gh pr review --approve or --request-changes | |
| Blocking behavior: | |
| - If BLOCKING_REVIEW is true and any 🚨 or 🔒 issues were posted: echo "CRITICAL_ISSUES_FOUND=true" >> $GITHUB_ENV | |
| - Otherwise: echo "CRITICAL_ISSUES_FOUND=false" >> $GITHUB_ENV | |
| - Always set CRITICAL_ISSUES_FOUND at the end | |
| ' | |
| - name: Check blocking review results | |
| if: env.BLOCKING_REVIEW == 'true' | |
| run: | | |
| echo "Checking for critical issues..." | |
| echo "CRITICAL_ISSUES_FOUND: ${CRITICAL_ISSUES_FOUND:-unset}" | |
| if [ "${CRITICAL_ISSUES_FOUND:-false}" = "true" ]; then | |
| echo "❌ Critical issues found and blocking review is enabled. Failing the workflow." | |
| exit 1 | |
| else | |
| echo "✅ No blocking issues found." | |
| fi |