fix: always pass prompt via stdin to satisfy cagent exec's required prompt arg (#46)

Signed-off-by: Derek Misler <derek.misler@docker.com>

Author: derekmisler

action.yml

@@ -494,12 +494,12 @@ runs:
         echo "Using agent: $AGENT"
         ARGS+=("$AGENT")
 
-        # Add prompt if provided (pass via stdin to avoid "Argument list too long" errors)
+        # Always pass prompt via stdin to satisfy cagent exec's required prompt arg
+        ARGS+=("-")
         if [ -n "$PROMPT_INPUT" ]; then
-          ARGS+=("-")
           echo "Running cagent with ${#ARGS[@]} arguments (prompt via stdin)"
         else
-          echo "Running cagent with ${#ARGS[@]} arguments (no prompt)"
+          echo "Running cagent with ${#ARGS[@]} arguments (empty prompt via stdin)"
         fi
 
         # Track execution time
@@ -508,23 +508,14 @@ runs:
         # SECURE: Direct execution with quoted arguments (no eval!)
         set +e  # Don't exit on command failure
         if [ "$TIMEOUT" != "0" ]; then
-          if [ -n "$PROMPT_INPUT" ]; then
-            printf '%s\n' "$PROMPT_INPUT" | timeout "$TIMEOUT" "$GITHUB_WORKSPACE/cagent" "${ARGS[@]}" 2>&1 | tee "$OUTPUT_FILE"
-          else
-            timeout "$TIMEOUT" "$GITHUB_WORKSPACE/cagent" "${ARGS[@]}" 2>&1 | tee "$OUTPUT_FILE"
-          fi
+          printf '%s\n' "$PROMPT_INPUT" | timeout "$TIMEOUT" "$GITHUB_WORKSPACE/cagent" "${ARGS[@]}" 2>&1 | tee "$OUTPUT_FILE"
           EXIT_CODE=$?
           if [ $EXIT_CODE -eq 124 ]; then
             echo "::error::Agent execution timed out after $TIMEOUT seconds"
           fi
         else
-          if [ -n "$PROMPT_INPUT" ]; then
-            printf '%s\n' "$PROMPT_INPUT" | "$GITHUB_WORKSPACE/cagent" "${ARGS[@]}" 2>&1 | tee "$OUTPUT_FILE"
-            EXIT_CODE=${PIPESTATUS[0]}
-          else
-            "$GITHUB_WORKSPACE/cagent" "${ARGS[@]}" 2>&1 | tee "$OUTPUT_FILE"
-            EXIT_CODE=$?
-          fi
+          printf '%s\n' "$PROMPT_INPUT" | "$GITHUB_WORKSPACE/cagent" "${ARGS[@]}" 2>&1 | tee "$OUTPUT_FILE"
+          EXIT_CODE=${PIPESTATUS[0]}
         fi
         set -e
 

review-pr/README.md

@@ -8,34 +8,6 @@ AI-powered pull request review using a multi-agent system. Analyzes code changes
 
 Add `.github/workflows/pr-review.yml` to your repo with this **minimal but safe setup**:
 
-```yaml
-name: PR Review
-on:
-  issue_comment: # Enables /review command in PR comments
-    types: [created]
-  pull_request_review_comment: # Captures feedback on review comments for learning
-    types: [created]
-  pull_request_target: # Triggers auto-review on PR open; uses base branch context so secrets work with forks
-    types: [ready_for_review, opened]
-
-permissions:
-  contents: read
-
-jobs:
-  review:
-    uses: docker/cagent-action/.github/workflows/review-pr.yml@latest
-    # Scoped to the job so other jobs in this workflow aren't over-permissioned
-    permissions:
-      contents: read # Read repository files and PR diffs
-      pull-requests: write # Post review comments and approve/request changes
-      issues: write # Create security incident issues if secrets are detected in output
-    secrets:
-      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-      CAGENT_ORG_MEMBERSHIP_TOKEN: ${{ secrets.CAGENT_ORG_MEMBERSHIP_TOKEN }} # PAT with read:org scope; gates auto-reviews to org members only
-      CAGENT_REVIEWER_APP_ID: ${{ secrets.CAGENT_REVIEWER_APP_ID }} # GitHub App ID; reviews appear as your app instead of github-actions[bot]
-      CAGENT_REVIEWER_APP_PRIVATE_KEY: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }} # GitHub App private key; paired with App ID above
-```
-
 > **Why explicit secrets instead of `secrets: inherit`?** This follows the principle of least privilege — the called workflow only receives the secrets it actually needs, not every secret in your repository. This is the recommended approach for public repos and security-conscious teams.
 
 ### Customizing for your organization