diff --git a/.conductor/GITHUB_TOKEN_SETUP.md b/.conductor/GITHUB_TOKEN_SETUP.md index 38e105f..93be86e 100644 --- a/.conductor/GITHUB_TOKEN_SETUP.md +++ b/.conductor/GITHUB_TOKEN_SETUP.md @@ -11,6 +11,8 @@ When you install Code Conductor in your project: - **Limitations**: Can't trigger other workflows, rate limited - **Optional upgrade**: Create a PAT for enhanced features (see below) +**Important**: The workflows generated by setup.py are configured to use `github.token` by default. This is the recommended approach for most users. + ### 2. For Code Conductor Development (Maintainers Only) The ryanmac/code-conductor repository itself uses: - **Token name**: `CONDUCTOR_GITHUB_TOKEN` diff --git a/.github/ISSUE_TEMPLATE/conductor-task.yml b/.github/ISSUE_TEMPLATE/conductor-task.yml index 1a46d5b..cb68a54 100644 --- a/.github/ISSUE_TEMPLATE/conductor-task.yml +++ b/.github/ISSUE_TEMPLATE/conductor-task.yml @@ -1,144 +1,72 @@ -name: 🎯 Conductor Task -description: Create a new task for AI agent coordination -title: "[Task] " +name: Conductor Task +description: Create a new task for agent coordination +title: "[TASK] " labels: ["conductor:task"] body: - - type: markdown - attributes: - value: | - ## 🎼 Create a Conductor Task - - This template helps you create a structured task that can be automatically processed by Code-Conductor agents. - - **Note**: Adding the `conductor:task` label will automatically convert this issue into a task. - - type: input - id: task_title + id: title attributes: label: Task Title - description: A clear, concise title for the task - placeholder: "Implement user authentication system" + description: Brief description of what needs to be done + placeholder: "Implement user authentication" validations: required: true - type: textarea id: description attributes: - label: Description - description: Detailed description of what needs to be accomplished + label: Task Description + description: Detailed description of the task placeholder: | - Create a secure user authentication system with the following features: - - User registration and login - - Password hashing with bcrypt - - JWT token management - - Session persistence - - Password reset functionality + Implement JWT-based authentication with: + - Login endpoint + - Logout endpoint + - Token refresh mechanism validations: required: true - type: dropdown - id: effort + id: priority attributes: - label: Estimated Effort - description: How much work is this task? + label: Priority options: - - small (< 4 hours) - - medium (4-16 hours) - - large (> 16 hours) + - High + - Medium + - Low validations: required: true - - type: checkboxes - id: required_skills - attributes: - label: Required Skills - description: What specialized skills are needed? (Leave empty for general dev tasks) - options: - - label: DevOps (deployment, infrastructure, CI/CD) - - label: Security (authentication, encryption, compliance) - - label: UI/UX Design (interface design, user experience) - - label: Rust Development (systems programming, performance) - - label: Database (optimization, migrations, architecture) - - - type: textarea - id: files - attributes: - label: Files Involved - description: List the files that will be modified (one per line) - placeholder: | - src/auth/models.py - src/auth/views.py - src/auth/serializers.py - tests/test_auth.py - requirements.txt - - - type: textarea - id: specifications + - type: input + id: effort attributes: - label: Specifications - description: Link to design docs, API specs, or detailed requirements - placeholder: | - - API Documentation: docs/auth-api.md - - Database Schema: docs/auth-schema.sql - - Security Requirements: docs/security-requirements.md + label: Estimated Effort + description: Rough estimate (small/medium/large) + placeholder: "medium" - - type: textarea - id: best_practices + - type: input + id: skills attributes: - label: Best Practices - description: Important guidelines and coding standards to follow - placeholder: | - - Follow Django REST framework conventions - - Use type hints for all function signatures - - Implement comprehensive error handling - - Add logging for all authentication events - - Follow OWASP security guidelines + label: Required Skills + description: Comma-separated list of required skills (leave empty for general dev) + placeholder: "security, backend" - type: textarea id: success_criteria attributes: label: Success Criteria - description: How will we know this task is complete? + description: How will we know when this task is complete? placeholder: | - **Tests**: All tests pass with 95% code coverage - **Security**: Passes security audit checklist - **Performance**: Login completes in under 200ms - **Documentation**: All API endpoints documented - **Code Review**: Approved by security team member + - All authentication endpoints working + - Tests written with 100% coverage + - Security review passed + validations: + required: true - type: textarea id: dependencies attributes: label: Dependencies - description: Other tasks or issues that must be completed first + description: List any tasks or PRs this depends on placeholder: | - - Issue #123: Database migration system - - Task user_model_001: User model updates - - - type: checkboxes - id: acknowledgments - attributes: - label: Acknowledgments - description: Please confirm you understand how Conductor tasks work - options: - - label: I understand this will be converted to an agent task automatically - required: true - - label: I have provided enough detail for an AI agent to complete this work - required: true - - label: I will monitor the progress and provide feedback as needed - required: true - - - type: markdown - attributes: - value: | - --- - - ## 🚀 What Happens Next? - - 1. **Task Creation**: This issue will be automatically converted to a conductor task - 2. **Agent Assignment**: Available agents can claim this task via the bootstrap script - 3. **Isolation**: Work happens in isolated git worktrees to prevent conflicts - 4. **Progress**: Monitor via GitHub Actions and system health checks - 5. **Completion**: Agent creates PR when task is finished - - 📚 **Learn more**: [Code-Conductor Documentation](docs/USAGE.md) \ No newline at end of file + - PR#123 (Database schema) + - Task#456 (User model) diff --git a/.github/workflows/conductor-cleanup.yml b/.github/workflows/conductor-cleanup.yml new file mode 100644 index 0000000..d510614 --- /dev/null +++ b/.github/workflows/conductor-cleanup.yml @@ -0,0 +1,35 @@ +name: Conductor Cleanup + +on: + schedule: + - cron: '0 */6 * * *' # Every 6 hours + workflow_dispatch: + +jobs: + cleanup-stale-work: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.12' + + - name: Install dependencies + run: | + pip install pyyaml + + - name: Clean up abandoned worktrees + run: | + python .conductor/scripts/cleanup-worktrees.py + + - name: Archive completed tasks + run: | + python .conductor/scripts/archive-completed.py + + - name: Commit cleanup changes + uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: '🧹 Cleanup stale work and archive completed tasks' + file_pattern: '.conductor/*.json' diff --git a/.github/workflows/pr-review-tasks.yml b/.github/workflows/pr-review-tasks.yml index fbd7f67..dc7d01f 100644 --- a/.github/workflows/pr-review-tasks.yml +++ b/.github/workflows/pr-review-tasks.yml @@ -32,7 +32,7 @@ jobs: id: check uses: actions/github-script@v7 with: - github-token: ${{ secrets.CONDUCTOR_GITHUB_TOKEN }} + github-token: ${{ secrets.CONDUCTOR_GITHUB_TOKEN || github.token }} script: | let shouldReview = false; let prNumber = null; @@ -141,7 +141,7 @@ jobs: - name: Setup GitHub CLI run: | - echo "${{ secrets.CONDUCTOR_GITHUB_TOKEN }}" > token.txt + echo "${{ secrets.CONDUCTOR_GITHUB_TOKEN || github.token }}" > token.txt gh auth login --with-token < token.txt rm -f token.txt @@ -157,7 +157,7 @@ jobs: gh label create "${name}" --color "${color}" --description "${desc}" || true done env: - GH_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN || github.token }} - name: Create review task issue run: | @@ -166,8 +166,8 @@ jobs: --repo "${{ github.repository }}" \ --event-type "${{ github.event_name }}" env: - GH_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN }} - GITHUB_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN || github.token }} + GITHUB_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN || github.token }} - name: Add acknowledgment comment if: github.event_name == 'issue_comment' @@ -175,7 +175,7 @@ jobs: gh pr comment ${{ github.event.issue.number }} \ --body "✅ Review task created! An AI agent will claim and complete the code review." env: - GH_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN || github.token }} - name: Remove needs-review label if: github.event_name == 'pull_request' @@ -184,4 +184,4 @@ jobs: gh pr edit ${{ needs.check-review-needed.outputs.pr_number }} \ --remove-label "needs-review" || true env: - GH_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN }} \ No newline at end of file + GH_TOKEN: ${{ secrets.CONDUCTOR_GITHUB_TOKEN || github.token }} \ No newline at end of file diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml new file mode 100644 index 0000000..e178a61 --- /dev/null +++ b/.github/workflows/pr-review.yml @@ -0,0 +1,55 @@ +name: AI Code Review + +on: + pull_request: + types: [opened, synchronize, reopened] + pull_request_review_comment: + types: [created, edited] + issue_comment: + types: [created] + +permissions: + contents: read + pull-requests: write + issues: write + +jobs: + ai-review: + name: AI Code Review + runs-on: ubuntu-latest + # Skip if PR is from a bot or if skip-review label is present + if: | + github.event.pull_request && + github.event.pull_request.user.type != 'Bot' && + !contains(github.event.pull_request.labels.*.name, 'skip-review') + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.12' + + - name: Install dependencies + run: | + pip install pyyaml requests + + - name: Run AI Code Review + env: + GH_TOKEN: ${{ github.token }} + PR_NUMBER: ${{ github.event.pull_request.number }} + run: | + # Simple AI review trigger + echo "🔍 AI Code Review triggered for PR #$PR_NUMBER" + + # Check if code-reviewer role exists + if [ -f ".conductor/roles/code-reviewer.md" ]; then + echo "✅ Code reviewer role found" + # The actual review would be done by the code-reviewer agent + # This workflow just ensures the infrastructure is in place + else + echo "⚠️ Code reviewer role not configured" + fi diff --git a/CHANGELOG.md b/CHANGELOG.md index e66e854..e9068d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -59,6 +59,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - 🐛 Glob pattern support for .NET project detection (*.csproj) - 🔒 Code-reviewer role always included in auto-configuration - 📋 Demo tasks only created if none exist +- 🔧 **GitHub Token Configuration**: Fixed workflow token issues for user projects + - User projects now correctly use `github.token` instead of `CONDUCTOR_GITHUB_TOKEN` + - Updated conductor-init.sh to not copy workflow files during installation + - setup.py now generates all necessary workflows including PR review workflow + - Prevents "Input required and not supplied: github-token" errors in user projects ## [2.0.0] - 2025-07-23 diff --git a/CLAUDE.md b/CLAUDE.md index 9669a6f..3d95b3d 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -291,18 +291,21 @@ GOOD: This prevents both external (GitHub issues) and internal (todo list) duplication. -## GitHub Authentication Setup +## GitHub Authentication -Code Conductor requires a GitHub token with appropriate permissions for managing issues, pull requests, and labels. +Code Conductor uses GitHub's built-in authentication for all operations. No manual token setup is required for most users! -### Quick Setup -1. Create a GitHub Personal Access Token with `repo` scope at https://github.com/settings/tokens -2. Add it as `CONDUCTOR_GITHUB_TOKEN` in your repository's Settings → Secrets → Actions -3. The token is automatically passed to all conductor scripts +### Default Setup (Recommended) +The workflows generated by Code Conductor automatically use GitHub Actions' built-in `${{ github.token }}`, which provides: +- ✅ Read/write access to issues, pull requests, and code +- ✅ Ability to create and manage labels +- ✅ No setup required - works out of the box! -### Required Permissions -- **repo** scope (includes all repository permissions) -- Optional: **workflow** scope if modifying GitHub Actions +### Advanced Setup (Optional) +Only create a Personal Access Token if you need: +- Higher API rate limits (5,000/hour instead of 1,000/hour) +- Cross-repository access +- Ability to trigger other workflows For detailed setup instructions and troubleshooting, see [.conductor/GITHUB_TOKEN_SETUP.md](.conductor/GITHUB_TOKEN_SETUP.md). diff --git a/README.md b/README.md index f5ad2ae..5499cd5 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ I need to move faster. Install Code Conductor into this project so we can run mu Execute: bash <(curl -fsSL https://raw.githubusercontent.com/ryanmac/code-conductor/main/conductor-init.sh) ``` -Claude Code will handle everything—installation, configuration, even creating your first task roadmap. **[See more power prompts →](CLAUDE_CODE_PROMPT.md)** +Claude Code will handle everything—installation, configuration, even creating your first task roadmap. **No GitHub token setup required!** The system uses GitHub's built-in authentication automatically. **[See more power prompts →](CLAUDE_CODE_PROMPT.md)** ## 🎯 **90% Stack Coverage - Your Tech is Supported** @@ -127,7 +127,7 @@ python setup.py ./install.sh --auto ``` -**That's it.** Now create a GitHub Issue with `conductor:task` label, launch an agent via [Conductor.build](https://conductor.build) (macOS only as of 2024-07-22) or terminal workflow (all platforms), and watch it work. +**That's it.** No GitHub token setup required—the system uses GitHub Actions' built-in authentication. Now create a GitHub Issue with `conductor:task` label, launch an agent via [Conductor.build](https://conductor.build) (macOS only as of 2024-07-22) or terminal workflow (all platforms), and watch it work. ## 🔄 **Upgrading Code Conductor** @@ -528,6 +528,7 @@ matrix_builds: [ubuntu, macos, windows] - Run `python .conductor/scripts/dependency-check.py` - Ensure GitHub CLI is authenticated: `gh auth status` - Check git repository is clean: `git status` +- Note: No GitHub token setup required—workflows use built-in authentication **File conflicts** - System prevents these automatically diff --git a/conductor-init.sh b/conductor-init.sh index 7caed13..8f6c13c 100644 --- a/conductor-init.sh +++ b/conductor-init.sh @@ -181,13 +181,9 @@ if [ "$IS_UPGRADE" = true ]; then exit 1 } - # Update workflow files - mkdir -p .github/workflows - cp -r "$TEMP_DIR/.github/workflows" ".github/" || { - echo -e "${RED}❌ Failed to update workflows.${NC}" - rm -rf "$TEMP_DIR" "$BACKUP_DIR" - exit 1 - } + # Note: We do NOT copy workflow files during upgrade + # Workflows are generated by setup.py with proper token configuration + echo -e "${YELLOW}📝 Workflow files will be regenerated with correct configuration...${NC}" # Update root files cp "$TEMP_DIR/setup.py" . || { @@ -587,6 +583,7 @@ case "$ENV_CHOICE" in echo " • Conductor will handle task claiming and worktree setup automatically" echo " • Use the built-in terminal for git operations" echo " • AI code reviews happen automatically on PRs" + echo " • No GitHub token setup needed—uses built-in authentication" echo "" echo "📚 Learn more: https://conductor.build" ;; @@ -664,6 +661,7 @@ if [ "$IS_UPGRADE" = true ]; then echo " • Role definitions (.conductor/roles/)" echo " • GitHub workflows (.github/workflows/)" echo " • Setup and configuration tools" + echo " • Token configuration (no manual setup needed)" echo "" echo "✅ What was preserved:" echo " • Your project configuration (.conductor/config.yaml)" @@ -727,6 +725,7 @@ else echo " ✅ AI code-reviewer for all PRs" echo " ✅ Specialized roles: ${CONFIGURED_ROLES}" echo " ✅ Demo tasks ready in Conductor" + echo " ✅ No GitHub token setup required" echo "" echo "📚 Documentation: https://github.com/ryanmac/code-conductor" echo "🐛 Report issues: https://github.com/ryanmac/code-conductor/issues" diff --git a/setup.py b/setup.py index 08ce0a0..e4ea3cb 100755 --- a/setup.py +++ b/setup.py @@ -1300,6 +1300,69 @@ def create_github_workflows(self): f.write(cleanup_workflow) print(f"✓ Created {cleanup_file}") + # PR Review workflow for AI-powered code reviews + pr_review_workflow = """name: AI Code Review + +on: + pull_request: + types: [opened, synchronize, reopened] + pull_request_review_comment: + types: [created, edited] + issue_comment: + types: [created] + +permissions: + contents: read + pull-requests: write + issues: write + +jobs: + ai-review: + name: AI Code Review + runs-on: ubuntu-latest + # Skip if PR is from a bot or if skip-review label is present + if: | + github.event.pull_request && + github.event.pull_request.user.type != 'Bot' && + !contains(github.event.pull_request.labels.*.name, 'skip-review') + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.12' + + - name: Install dependencies + run: | + pip install pyyaml requests + + - name: Run AI Code Review + env: + GH_TOKEN: ${{ github.token }} + PR_NUMBER: ${{ github.event.pull_request.number }} + run: | + # Simple AI review trigger + echo "🔍 AI Code Review triggered for PR #$PR_NUMBER" + + # Check if code-reviewer role exists + if [ -f ".conductor/roles/code-reviewer.md" ]; then + echo "✅ Code reviewer role found" + # The actual review would be done by the code-reviewer agent + # This workflow just ensures the infrastructure is in place + else + echo "⚠️ Code reviewer role not configured" + fi +""" + + pr_review_file = workflows_dir / "pr-review.yml" + with open(pr_review_file, "w") as f: + f.write(pr_review_workflow) + print(f"✓ Created {pr_review_file}") + # Create issue template issue_template_dir = self.project_root / ".github" / "ISSUE_TEMPLATE" issue_template_dir.mkdir(parents=True, exist_ok=True) diff --git a/tests/test_workflow_generation.py b/tests/test_workflow_generation.py new file mode 100644 index 0000000..7637fe9 --- /dev/null +++ b/tests/test_workflow_generation.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python3 +"""Test workflow generation uses correct GitHub token configuration.""" + +import tempfile +import shutil +import sys +import pytest +from pathlib import Path + +# Add the parent directory to the path so we can import setup +sys.path.insert(0, str(Path(__file__).parent.parent)) + +from setup import ConductorSetup + + +def test_generated_workflows_use_github_token(): + """Test that generated workflows use github.token, not CONDUCTOR_GITHUB_TOKEN.""" + with tempfile.TemporaryDirectory() as tmpdir: + # Create a minimal project structure + project_path = Path(tmpdir) / "test-project" + project_path.mkdir() + + # Initialize git repo + import subprocess + + subprocess.run(["git", "init"], cwd=project_path, capture_output=True) + + # Create minimal package.json to trigger stack detection + package_json = project_path / "package.json" + package_json.write_text( + '{"name": "test-project", "dependencies": {"react": "^18.0.0"}}' + ) + + # Run setup in the test project directory + import os + + original_cwd = os.getcwd() + try: + os.chdir(project_path) + setup = ConductorSetup() + setup.create_github_workflows() + finally: + os.chdir(original_cwd) + + # Check conductor.yml + conductor_workflow = project_path / ".github" / "workflows" / "conductor.yml" + assert ( + conductor_workflow.exists() + ), f"Workflow not found at {conductor_workflow}" + + content = conductor_workflow.read_text() + # Should use github.token + assert "${{ github.token }}" in content + # Should NOT use CONDUCTOR_GITHUB_TOKEN + assert "CONDUCTOR_GITHUB_TOKEN" not in content + + # Check pr-review.yml + pr_review_workflow = project_path / ".github" / "workflows" / "pr-review.yml" + assert pr_review_workflow.exists() + + pr_content = pr_review_workflow.read_text() + # Should use github.token + assert "${{ github.token }}" in pr_content + # Should NOT use CONDUCTOR_GITHUB_TOKEN + assert "CONDUCTOR_GITHUB_TOKEN" not in pr_content + + # Check cleanup workflow + cleanup_workflow = ( + project_path / ".github" / "workflows" / "conductor-cleanup.yml" + ) + assert cleanup_workflow.exists() + + cleanup_content = cleanup_workflow.read_text() + # Cleanup workflow doesn't need GH_TOKEN, but should not have CONDUCTOR_GITHUB_TOKEN + assert "CONDUCTOR_GITHUB_TOKEN" not in cleanup_content + + +def test_no_workflow_copy_during_install(): + """Verify that conductor-init.sh doesn't copy workflow files.""" + init_script = Path(__file__).parent.parent / "conductor-init.sh" + assert init_script.exists() + + content = init_script.read_text() + + # Should NOT copy workflow files + assert 'cp -r "$TEMP_DIR/.github/workflows"' not in content + + # Should have a note about workflow generation + assert ( + "Workflow files will be regenerated" in content + or "workflows are generated by setup.py" in content + ) + + +if __name__ == "__main__": + test_generated_workflows_use_github_token() + test_no_workflow_copy_during_install() + print("✅ All workflow generation tests passed!")