Skip to content

feat: add reusable cursor-review workflow + centralized assets#1

Merged
mattmillerai merged 1 commit into
mainfrom
feat/cursor-review-reusable
Jun 2, 2026
Merged

feat: add reusable cursor-review workflow + centralized assets#1
mattmillerai merged 1 commit into
mainfrom
feat/cursor-review-reusable

Conversation

@mattmillerai

Copy link
Copy Markdown
Contributor

Extracts the label-triggered multi-model Cursor review out of the private consumer repos (cloud, comfy-cloud-mcp-server) into one shared reusable workflow here — single source of truth, no per-repo drift.

Why

cursor-review was copy-ported into each consumer repo. The copies drift (e.g. the severity feature landed in cloud but not comfy-cloud-mcp-server, and a verbatim re-copy then failed the consumer's markdown formatter). Centralizing ends that: consumers carry only a thin caller.

What's here

  • .github/workflows/cursor-review.yml — reusable workflow_call workflow. Same job graph as the private original: gate → diff-size → 8-cell panel (4 labs × adversarial/edge-case) → judge consolidate → Slack start/complete DMs. Repo-specific knobs are now inputs:
    • judge_model (default claude-opus-4-7-thinking-xhigh)
    • diff_size_cap (default 5000)
    • review_label (default cursor-review)
    • diff_excludes (generic default; consumers pass their generated/vendored paths)
    • workflows_ref (which ref of this repo to load assets from)
    • secrets: CURSOR_API_KEY (required), SLACK_BOT_TOKEN (optional)
  • .github/cursor-review/ — the trusted review logic: prompt-adversarial.md, prompt-edge-case.md, prompt-judge.md, extract-findings.py, post-review.py, slack-notify.sh.

Trust model (improved)

The private original git show'd the prompts/scripts from the consumer's base SHA (trusted-but-in-PR-repo). Here the workflow loads them by checking out this repo (public, pinned via workflows_ref), so a PR in the consumer repo can't influence what runs at all. The diff under review still comes from the PR head; the logic doesn't.

Severity

The bundled post-review.py + prompts include the CodeRabbit-style severity categorization (🔴 critical / 🟠 high / 🟡 medium / 🟢 low / ⚪ nit badges + a summary count table), so this is the latest version — it supersedes the in-flight per-repo severity port.

Validation

actionlint clean (exit 0); post-review.py / extract-findings.py compile.

Rollout

  1. Merge this.
  2. comfy-cloud-mcp-server migrates to a thin caller (separate PR, depends on this) and deletes its local copies.
  3. cloud migrates next (follow-up; cloud-team review).
  4. Move the floating v1 tag once reviewed so callers can pin to @v1.

🤖 Generated with Claude Code

Extracts the label-triggered multi-model Cursor review out of the private
consumer repos (cloud, comfy-cloud-mcp-server) into one shared, versioned
reusable workflow so there's a single source of truth and no per-repo
drift.

- .github/workflows/cursor-review.yml — reusable `workflow_call` workflow.
  Same job graph as the private original (gate → diff-size → 8-cell panel →
  judge consolidate → Slack notify). Repo-specific knobs are now inputs:
  judge_model, diff_size_cap, review_label, diff_excludes, workflows_ref.
  Secrets: CURSOR_API_KEY (required), SLACK_BOT_TOKEN (optional).
- .github/cursor-review/ — the prompts (adversarial / edge-case / judge),
  extract-findings.py, post-review.py, slack-notify.sh. These are the
  trusted review logic. The workflow loads them by checking out THIS repo
  (public, pinned via workflows_ref) rather than git-show'ing them from the
  consumer's base SHA — a tighter trust boundary (a PR in the consumer repo
  can't touch what runs) and the thing that ends the copy-drift.
- post-review.py / prompts carry the CodeRabbit-style severity
  categorization (critical/high/medium/low/nit badges + summary table).

Validated with actionlint (clean) and py_compile.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@mattmillerai mattmillerai merged commit 9a695c3 into main Jun 2, 2026
2 checks passed
@mattmillerai mattmillerai deleted the feat/cursor-review-reusable branch June 2, 2026 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant