Skip to content

Add OpenCode reviewer skills and agent configuration#2880

Merged
markphelps merged 7 commits intomainfrom
md/oc-reviews
Mar 31, 2026
Merged

Add OpenCode reviewer skills and agent configuration#2880
markphelps merged 7 commits intomainfrom
md/oc-reviews

Conversation

@michaeldwan
Copy link
Copy Markdown
Member

@michaeldwan michaeldwan commented Mar 27, 2026
edited
Loading

Adds language-specific review skills and agent configuration for OpenCode. This is used by both local CLI sessions and Bonk's automated PR reviews.

What's added:

  • Agent configuration (.opencode/agents/reviewer.md) — defines review scope, permissions, and constraints
  • Language-specific skills — Go, Python, and Rust review guidelines tailored to this repo's patterns
  • Cog architecture skill — cross-cutting knowledge about CLI/SDK/Coglet interactions

How it works:

Bonk runs on OpenCode and reads configuration from .opencode/ in the repository. These files provide context for reviews on this codebase, whether triggered automatically on PRs or run locally via opencode review.

michaeldwan and others added 5 commits March 27, 2026 12:44
@michaeldwan
Add OpenCode AI review for pull requests
3ac4a92 
Automated review via Cloudflare AI Gateway (Kimi K2.5) on every PR open
and push. Includes language-specific review skills for Go, Python, and
Rust, plus a cross-cutting Cog architecture skill.

Skip with the no-ai-review label or [skip-review]/[WIP] in the title.
@michaeldwan
Fix model config: add capability flags for Kimi K2.5 via AI Gateway
4b30dbb 
The built-in cloudflare-ai-gateway provider needs explicit model
capabilities (tool_call, reasoning, interleaved, modalities, limits)
to construct a language model. Without them, the SDK threw
'sdk.languageModel is not a function'. Config matches the pattern
from cloudflare/ci/ai.
@michaeldwan
Switch to custom OpenAI-compatible provider for AI Gateway
d5ade61 
The built-in cloudflare-ai-gateway provider doesn't support Workers AI
models -- its SDK has no languageModel factory for them. Use a custom
provider (cf-gateway) with @ai-sdk/openai-compatible pointing at the
gateway's /compat endpoint instead. Construct CF_GATEWAY_BASE_URL from
secrets in CI.
@michaeldwan
Merge branch 'main' into md/oc-reviews
54cbbc4
@michaeldwan
Fix: use vars not secrets for account/gateway IDs
b12aa65 
GitHub variables use ${{ vars.* }}, not ${{ secrets.* }}. The account
ID and gateway ID were stored as repo variables, so the URL was being
constructed as /v1///compat.
@opencode-agent
Copy link
Copy Markdown

opencode-agent bot commented Mar 27, 2026

Looking at the PR comments, I can see the OpenCode integration has been failing with API configuration errors. Let me review the setup:

Review Summary

Architecture: Good overall structure separating concerns into workflows, agent config, and language-specific skills.

Issues Found:

Blocker: Non-reproducible action version

.github/workflows/opencode-review.yml:32 and .github/workflows/opencode.yml:29

Using @latest is a security and reliability risk. The action could change behavior or be compromised without warning.

-        uses: anomalyco/opencode/github@latest
+        uses: anomalyco/opencode/github@v0

Use a specific major version tag (e.g., v0) or full commit SHA for reproducibility.

Should fix: Comment trigger regex edge case

.github/workflows/opencode.yml:12-15

The condition has a subtle bug - contains(..., ' /oc') with a leading space won't match /oc at the start of a comment without a preceding space (like the first line of a comment). But startsWith handles that case. The logic is actually fine since they overlap, but it's redundant.

Consider simplifying to just:

    if: |
      startsWith(github.event.comment.body, '/oc') ||
      startsWith(github.event.comment.body, '/opencode') ||
      contains(github.event.comment.body, ' /oc') ||
      contains(github.event.comment.body, ' /opencode')

Actually, looking more carefully - this is fine as-is. The PR comments show API errors which suggest the Cloudflare Gateway isn't properly configured (vars/secrets), not a code issue.

Nit: Inconsistent workflow naming

.github/workflows/opencode.yml:1

The main workflow is named opencode but the review workflow is opencode-review. Consider consistent naming like opencode-repl or opencode-chat for the comment-triggered one to make the distinction clearer in the Actions UI.

What's working well

  • Minimal permissions - pull-requests: read and issues: read is appropriate for a review bot
  • Good skip conditions - Respects no-ai-review label and WIP markers
  • Skill separation - Language-specific review guidelines in separate files is maintainable
  • Agent restrictions - edit: deny and limited bash permissions prevent the reviewer from making unwanted changes

Root cause of failures

The PR comments show API errors:

  • sdk.languageModel is not a function - Provider SDK issue
  • Please configure AI Gateway in the Cloudflare dashboard - Missing gateway config

These are infrastructure/secrets issues, not code problems. The repository needs:

  1. CLOUDFLARE_API_TOKEN secret configured
  2. CLOUDFLARE_ACCOUNT_ID and CLOUDFLARE_GATEWAY_ID vars set
  3. AI Gateway enabled in Cloudflare dashboard

The code itself looks solid - just needs proper secrets/vars and the @latest tag pinned.

New%20session%20-%202026-03-27T21%3A14%3A41.709Z
opencode session  |  github run

ask-bonk[bot]
ask-bonk bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ask-bonk ask-bonk bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm Bonk, and I've done a quick review of your PR. This PR adds OpenCode AI reviewer configuration with agent permissions and language-specific review guidelines for Go, Python, Rust, and cross-cutting Cog architecture concerns.

Issues Found

Should fix: Minor typo in Python skill

.opencode/skills/python-review/SKILL.md:25

The version range formatting is inconsistent with common Python documentation style.

Nit: Redundant wording in Rust skill

.opencode/skills/rust-review/SKILL.md:31

The parenthetical could be more concise.

What's good

  • Appropriate permissions: edit: deny and limited bash scope prevents unwanted changes
  • Clear scope: Focuses on what linters don't catch, avoids nitpicking style
  • Well-organized: Separates concerns into language-specific skills
  • Good defaults: Uses kimi-k2.5 model with low temperature for consistent reviews
  • Security-conscious: Webfetch disabled, minimal permissions granted

Comment thread .opencode/skills/python-review/SKILL.md
- Check that type annotations actually match runtime behavior

**Compatibility**
- Must support Python 3.10 through 3.13
Copy link
Copy Markdown
Contributor

@ask-bonk ask-bonk bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor style suggestion - consider using consistent version range formatting:

Suggested change
- Must support Python 3.10 through 3.13
- Must support Python 3.10-3.13

Comment thread .opencode/skills/rust-review/SKILL.md

**Async (tokio)**
- Blocking operations inside async contexts (use `spawn_blocking`)
- Missing `.await` on futures (compiler catches some, but not all logical issues)
Copy link
Copy Markdown
Contributor

@ask-bonk ask-bonk bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Simplify punctuation:

Suggested change
- Missing `.await` on futures (compiler catches some, but not all logical issues)
- Missing `.await` on futures (compiler catches some but not all logical issues)

@ask-bonk
Copy link
Copy Markdown
Contributor

ask-bonk bot commented Mar 30, 2026

Review submitted successfully. I found two minor style suggestions in the documentation:

  1. Python skill: Version range formatting consistency (3.10-3.13 vs 3.10 through 3.13)
  2. Rust skill: Minor punctuation simplification in a parenthetical

Overall the configuration is well-designed with appropriate security constraints and clear review guidelines.

github run

@michaeldwan michaeldwan changed the title Add OpenCode AI review for pull requests Add OpenCode reviewer skills and agent configuration Mar 30, 2026
@replicate replicate deleted a comment from opencode-agent bot Mar 30, 2026
@replicate replicate deleted a comment from opencode-agent bot Mar 30, 2026
@replicate replicate deleted a comment from opencode-agent bot Mar 30, 2026
@replicate replicate deleted a comment from opencode-agent bot Mar 30, 2026
@replicate replicate deleted a comment from opencode-agent bot Mar 30, 2026
@michaeldwan michaeldwan marked this pull request as ready for review March 30, 2026 23:00
@michaeldwan michaeldwan requested a review from a team as a code owner March 30, 2026 23:00
@markphelps markphelps added this pull request to the merge queue Mar 31, 2026
Merged via the queue into main with commit 278623a Mar 31, 2026
34 checks passed
@markphelps markphelps deleted the md/oc-reviews branch March 31, 2026 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ask-bonk ask-bonk[bot] ask-bonk[bot] left review comments

@markphelps markphelps markphelps approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@michaeldwan @markphelps