Skip to content

docs: README クイックスタートを更新#1

Closed
s977043 wants to merge 6 commits into
mainfrom
docs/update-readme
Closed

docs: README クイックスタートを更新#1
s977043 wants to merge 6 commits into
mainfrom
docs/update-readme

Conversation

@s977043

@s977043 s977043 commented Sep 25, 2025

Copy link
Copy Markdown
Owner

概要

  • README にプロジェクト概要・クイックスタート・貢献手順を追加
  • GitHub Actions サンプルを ai-review-kit 用ワークフローに差し替え
  • ドキュメント編集/検証手順と主要ディレクトリの説明を追記

テスト

  • 未実施(ドキュメントのみの変更)

Copilot AI review requested due to automatic review settings September 25, 2025 23:10
@vercel

vercel Bot commented Sep 25, 2025

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
ai-review-kit Ready Ready Preview Comment Nov 1, 2025 4:12am

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello @s977043, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

このプルリクエストは、README.mdファイルを大幅に更新し、プロジェクトの目的、クイックスタート手順、および貢献ガイドラインを明確にすることを目的としています。特に、AIコードレビューの導入と運用に関するフレームワークとしての役割を強調し、GitHub Actions を利用した新しいクイックスタートを提供することで、ユーザーがより迅速にプロジェクトを開始できるように改善されています。

Highlights

  • プロジェクト概要の更新: プロジェクトの説明が、AIコードレビューのフレームワークとナレッジベースとしての役割、およびDocusaurusを用いたベストプラクティスの体系化を強調するように詳細化されました。
  • クイックスタートガイドの刷新: 従来のPythonリンターの例から、専用の「AI Review Kit」GitHub Actions を使用した導入手順へとクイックスタートが全面的に更新され、より簡潔なセットアップが可能になりました。
  • ドキュメント関連情報の追加: ドキュメントの編集・検証方法、主要ディレクトリの構成、および詳細な貢献ガイドラインに関する新しいセクションが追加され、リポジトリの利用と貢献が容易になりました。
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refreshes the README quickstart documentation to better align with the project's current structure and purpose. The changes shift focus from a generic AI code review system to a specific framework with Docusaurus documentation.

  • Updated project description to emphasize the Docusaurus-based documentation and knowledge base approach
  • Replaced Python-based linting quickstart with GitHub Actions AI review workflow
  • Added structured sections for documentation editing, directory overview, and contribution guidelines
Comments suppressed due to low confidence (1)

README.md:1

  • The term '抽象者' appears to be a typo. It should likely be '担当者' (person in charge) or '専門者' (specialist) based on the context of AppSec professionals.
# AI Review Kit

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread README.md Outdated

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

このプルリクエストは、README.mdを更新し、より正確で有用なクイックスタートガイドを提供するものです。以前のガイドは一般的なPythonリンターに関するものでしたが、新しいガイドはai-review-kitプロジェクトに特化し、そのGitHub Actionを使用するものになっています。また、新しいREADMEにはプロジェクトのテーマ、ローカルでの開発手順、ディレクトリ構造に関するセクションも追加されており、新規ユーザーやコントリビューターにとっての入り口として、ドキュメントの品質が大幅に向上しています。

レビューの中で、GitHub Actionsのサンプルコードに古いバージョンのactions/checkoutactions/setup-nodeが使われている点を指摘しました。パフォーマンスとセキュリティを向上させるため、最新のメジャーバージョン(v4)に更新することを提案しています。

全体として、これはプロジェクトのドキュメントに対する素晴らしい改善です。

Comment thread README.md Outdated
Comment on lines +27 to +29
- uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

GitHub Actionsのバージョンを更新することをお勧めします。

  • actions/checkoutv4 が利用可能です。
  • actions/setup-nodev4 が利用可能です。

主要なバージョン(例:@v4)を指定することで、破壊的変更を避けつつ、最新の機能やセキュリティパッチを自動的に取り込むことができます。1

Suggested change
- uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4

Style Guide References

Footnotes

  1. GitHub Actionsでは、セキュリティと安定性の観点から、アクションを特定のバージョンに固定することが推奨されています。メジャーバージョンタグ(例: v4)を使用すると、最新のマイナーバージョンとパッチバージョンが自動的に適用され、セキュリティ修正などが反映されます。常に最新のメジャーバージョンを利用することがベストプラクティスです。

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.


Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread README.md Outdated
Comment on lines +27 to +29
- uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3

Copilot AI Sep 25, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using outdated action versions. Consider updating to actions/checkout@v4 and actions/setup-node@v4 for better security and performance.

Suggested change
- uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4

Copilot uses AI. Check for mistakes.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Comment thread README.md Outdated
Comment on lines +33 to +36
uses: s977043/ai-review-kit-action@v1
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install pylint
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Run pylint
run: |
pylint $(git ls-files '*.py') --fail-under=8.0
github-token: ${{ secrets.GITHUB_TOKEN }}
openai-api-key: ${{ secrets.OPENAI_API_KEY }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P1] Document fork-secret limitation in quickstart workflow

The quickstart workflow triggers on pull_request and passes OPENAI_API_KEY from repository secrets to the action. GitHub does not expose repository secrets to workflows triggered from forked pull requests, so following these instructions verbatim will cause the job to fail for every external contribution without an obvious workaround. Consider adding a note or guard (e.g., run only on push or use pull_request_target with scoped permissions) so teams adopting this example do not end up with a permanently failing check on forked PRs.

Useful? React with 👍 / 👎.

@s977043 s977043 requested a review from Copilot September 25, 2025 23:12

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

README.md:1

  • The term '抽象者' (abstractor) appears to be a typo. This should likely be '担当者' (person in charge) or '専門者' (specialist) in the context of AppSec professionals.
# AI Review Kit

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@s977043 s977043 changed the title docs: refresh readme quickstart docs: README クイックスタートを更新 Sep 25, 2025
Co-authored-by: Copilot <[email protected]>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread README.md Outdated
Comment on lines +33 to +34
# TODO: Replace with your actual action reference
uses: s977043/ai-review-kit-action@v1 # <--- Replace with your action

Copilot AI Oct 26, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The TODO comment on line 33 says to replace with 'your actual action reference', but line 34 already contains a specific action reference 's977043/ai-review-kit-action@v1'. This creates confusion about whether this is a placeholder or an actual reference. Either remove the TODO and clarify that this is an example, or use a clearly generic placeholder like 'your-org/your-action@v1'.

Suggested change
# TODO: Replace with your actual action reference
uses: s977043/ai-review-kit-action@v1 # <--- Replace with your action
uses: s977043/ai-review-kit-action@v1

Copilot uses AI. Check for mistakes.
Comment thread README.md Outdated
このプロジェクトはコミュニティの力で成長します。新しいチェック項目やエージェントの実装例、ドキュメントの改善など、あらゆる貢献を歓迎します。詳しくは [`CONTRIBUTING.md`](CONTRIBUTING.md) を参照してください。
## 🤝 コントリビューション
- 変更提案の前に [`CONTRIBUTING.md`](CONTRIBUTING.md) と `docs/governance/CONTRIBUTING.md` を確認してください。
- 作業範囲や禁止事項は `AGENTS.md` に記載されています。編集前に必ず確認します。

Copilot AI Oct 26, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Corrected verb tense from '確認します' to '確認してください' for consistency with imperative form used in other bullet points.

Suggested change
- 作業範囲や禁止事項は `AGENTS.md` に記載されています。編集前に必ず確認します
- 作業範囲や禁止事項は `AGENTS.md` に記載されています。編集前に必ず確認してください

Copilot uses AI. Check for mistakes.
Masatake Komine added 2 commits November 1, 2025 02:24
- 日本語の動詞形式を統一 ('確認します' → '確認してください')
- アクション参照のコメントを明確化
- フォークPRでのsecrets利用に関する警告を追加
Vercelデプロイ失敗の原因となっていた scripts/postbuild.js への
参照を削除。このファイルは存在しないためビルドが失敗していた。

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread README.md Outdated

### ワークフローファイルの作成
リポジトリのルートに `.github/workflows/lint.yml` を作成して以下を記述してください。
> **⚠️ 重要**: フォークされたリポジトリからのPRでは、GitHub がセキュリティ上の理由でリポジトリのsecretsを公開しません。外部コントリビューターからのPRでレビューを実行する場合は、`pull_request_target` イベントの使用を検討するか、適切な権限スコープを設定してください。詳細は [GitHub Docs](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions) を参照してください。

Copilot AI Oct 31, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The warning about pull_request_target should be more explicit about the security implications. Using pull_request_target with untrusted code can allow malicious PRs to access repository secrets. Consider adding a warning that when using pull_request_target, the workflow should not checkout or execute code from the PR without additional security measures.

Suggested change
> **⚠️ 重要**: フォークされたリポジトリからのPRでは、GitHub がセキュリティ上の理由でリポジトリのsecretsを公開しません。外部コントリビューターからのPRでレビューを実行する場合は、`pull_request_target` イベントの使用を検討するか、適切な権限スコープを設定してください。詳細は [GitHub Docs](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions) を参照してください。
> **⚠️ 重要**: フォークされたリポジトリからのPRでは、GitHub がセキュリティ上の理由でリポジトリのsecretsを公開しません。外部コントリビューターからのPRでレビューを実行する場合は、`pull_request_target` イベントの使用を検討するか、適切な権限スコープを設定してください。

Copilot uses AI. Check for mistakes.
@s977043

s977043 commented Nov 1, 2025

Copy link
Copy Markdown
Owner Author

PR #2で同様の内容(より新しいクイックスタート)がマージされたため、このPRを閉じます。

@s977043 s977043 closed this Nov 1, 2025
s977043 added a commit that referenced this pull request Feb 21, 2026
- Remove unused `import matter from 'gray-matter'` (Copilot #4)
- Add explicit ID collision deduplication in convertAgentSkillToRR()
  so duplicate frontmatter IDs get `-2` suffix instead of silent
  overwrite (Sentry #1, Copilot #2)
- Resolve fromPath relative to projectRoot instead of CWD in
  discoverAgentSkillPaths() (Copilot #3)
- Clarify --to help text for import/export subcommands (Gemini #5)
- Add test for colliding explicit IDs

Co-Authored-By: Claude Opus 4.6 <[email protected]>
@s977043 s977043 deleted the docs/update-readme branch April 25, 2026 23:29
s977043 added a commit that referenced this pull request May 25, 2026
* docs(runbook): add release-smoke.md (codex final-pass review item #3)

Close the third drift item from Codex's final-pass review (after the
v0.51.0–v0.55.0 sprint). Items #1 and #2 already landed:
- #1 README Epic 1 status drift (PR #889)
- #2 risk-map example (PR #896)
- #3 release smoke runbook (this PR)

Add docs/runbook/release-smoke.md as a sibling to docs/runbook/dev.md.
It is not a release runbook (release-please handles tagging), but the
smoke test that confirms a fresh tag installs cleanly for an adopter.

Sections
- When to run: post release-please merge, post dependabot prod-dep
  bump, pre announcement.
- What it verifies: lint/tests/skills validate, river run dry-run,
  npm pack --dry-run, npm audit --omit=dev, GitHub Release presence.
- Smoke sequence: single bash block, all commands must exit 0.
- Release confirmation via gh: tagName / publishedAt / changelog body.
- When the smoke fails: concrete recovery moves for the 5 common
  failure modes (lockfile drift, dist staleness, audit vuln, release
  404, skill loader error), pointing at the existing docs and PRs
  that document each fix.
- Out of scope: cross-platform install, npx river try, real LLM, Vercel.

No code change.

Refs: PRs #889, #896 (sibling Codex final-pass items),
docs/development/npm-distribution-design.md, AGENT_LEARNINGS.md
gh-api empty-commit entry.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

* docs(runbook): apply gemini PR #897 review on release-smoke

Both gemini comments are valid; apply.

1. Resolve TAG via the upstream GitHub Release instead of the local
   package.json. The previous form trusted that the operator had
   already pulled main after the release-please merge; if they had
   not, the local package.json could point at the previous
   version and the smoke would run against the wrong commit. Use
   `gh release view --json tagName --jq .tagName` so the upstream
   release is the source of truth.

2. The "feedback_release_please_workflow_race.md memory if available"
   pointer was misleading — that file is Claude's internal memory,
   not a repo doc. Replace with a concrete pointer to the
   AGENT_LEARNINGS.md 2026-05-24 entry that actually carries the
   gh-api empty-commit pattern in the repo.

No content change beyond these two clarifications.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
s977043 added a commit that referenced this pull request Jun 29, 2026
…alidation

- Consume positional target path after subcommand in review parse block (#1)
- Pass targetPath to routeReviewMode (#1)
- Warn instead of silently dropping riskMap load errors (#3)
- Reject unsupported --format values with exit code 3 (#7)

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
s977043 added a commit that referenced this pull request Jun 30, 2026
…1324)

* feat: add Review Mode Router for risk-based review depth selection

- Add `src/lib/review-mode-router.mjs`: routeReviewMode() and
  formatRouterResultMarkdown() — pure heuristic, no LLM calls
- Add `tests/review-mode-router.test.mjs`: 17 unit tests (all pass)
- Add `river review route` CLI subcommand (--format json|markdown)
- Add `docs/development/review-mode-router-design.md`: design doc

Routing priority: risk-map require_human_review > escalate >
migration/schema > large diff (≥20 files or ≥500 lines) >
infra/config > docs/test-only > standard (default).

Fixes #1323

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix: cli route handler path parsing, riskMap error handling, format validation

- Consume positional target path after subcommand in review parse block (#1)
- Pass targetPath to routeReviewMode (#1)
- Warn instead of silently dropping riskMap load errors (#3)
- Reject unsupported --format values with exit code 3 (#7)

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* docs: sync review-policy.md SSoT with Review Mode Router vocabulary

Add mode taxonomy (light/standard/team/human-required), routing triggers,
and CLI usage for `river review route`. Closes SSoT gap from PR #1324 (#4).

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix(review-mode-router): address second review cycle findings

- fix: river review route without --format flags defaulted to parsed.output='text'
  and always exited code 3; use formatExplicit/outputExplicit to default to json
- fix: quote targetPath in buildNextCommand when path contains spaces
- refactor: hasAnyFiles now uses fileCount > 0 (dedup with existing var)
- docs: add comment to Rule 5 guard explaining suppression intent
- docs: add §8 Review Mode Router section to review-policy.en.md (SSoT sync)
- docs: update review-mode-router-design.md — add targetPath to RouterInput,
  narrow confidence to 'high'|'medium', parameterize nextCommand examples

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* build: rebuild action dist after cli.mjs changes

src/cli.mjs is bundled into runners/github-action/dist/index.mjs via ncc.
Rebuild required after route handler and format validation fixes.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix(review-mode-router): address CodeQL and Gemini bot review findings

- fix: escape backslashes before double-quotes in buildNextCommand
  (CodeQL: incomplete string escaping in shell command suggestion)
- fix: treat unknown file types as substantive to prevent incorrect
  demotion to light mode (Gemini: .rs/.py files classified as unknown
  were erroneously routed to light)
- test: add unknown-file-only → standard mode regression test
- build: rebuild action dist

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

---------

Co-authored-by: Claude Sonnet 4.6 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants