pr types

.gitea/workflows/ai-review.yaml

@@ -0,0 +1,44 @@
+name: AI Code Review
+
+on:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+
+jobs:
+  ai-review:
+    runs-on: ubuntu-latest
+
+    env:
+      AI_REVIEW_CONFIG_FILE_YAML: ./shared-prompts/iac/.ai-review.yaml
+      # VCS configuration
+      VCS__PROVIDER: GITEA
+      VCS__PIPELINE__OWNER: ${{ github.repository_owner }}
+      VCS__PIPELINE__REPO: ${{ github.event.repository.name }}
+      VCS__PIPELINE__PULL_NUMBER: ${{ github.event.pull_request.number }}
+      VCS__HTTP_CLIENT__API_URL: https://git.forteapps.net/api/v1
+      VCS__HTTP_CLIENT__API_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }}
+      # Review — disable fallback to see real Gitea API errors
+      REVIEW__INLINE_COMMENT_FALLBACK: "false"
+      # LLM configuration
+      LLM__PROVIDER: CLAUDE
+      LLM__META__MODEL: claude-sonnet-4-20250514
+      LLM__META__MAX_TOKENS: "4096"
+      LLM__HTTP_CLIENT__API_URL: https://api.anthropic.com
+      LLM__HTTP_CLIENT__API_TOKEN: ${{ secrets.ANTHROPIC_API_KEY }}
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        submodules: true
+        fetch-depth: 0
+
+    - name: Run inline review
+      uses: docker://nikitafilonov/ai-review:latest
+      with:
+        args: ai-review run-inline
+
+    - name: Run summary review
+      uses: docker://nikitafilonov/ai-review:latest
+      with:
+        args: ai-review run-summary

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "shared-prompts"]
+	path = shared-prompts
+	url = https://git.forteapps.net/Forte/ai-review-prompts.git

docs/REFERENCE.md

@@ -876,6 +876,84 @@ dind:
 - Gitea admin panel (`/admin/runners`) — runners show as Online
 - Create test workflow in `.gitea/workflows/test.yml` — job executes
 
+### AI Code Review (ai-review)
+
+**Type**: Gitea Actions workflow (`.gitea/workflows/ai-review.yaml`)
+**Trigger**: `pull_request` events (`opened`, `synchronize`)
+**Runner**: `ubuntu-latest` (container: `nikitafilonov/ai-review:latest`)
+
+**Purpose**: Automated AI-powered code review on pull requests using Claude (Anthropic). Posts inline comments on changed lines and a PR summary comment highlighting infrastructure impact.
+
+**Architecture**:
+- Uses [xai-review](https://github.com/nicktechnologies/xai-review) Docker image
+- Shared configuration and prompts live in the `shared-prompts` Git submodule (→ `Forte/ai-review-prompts`)
+- Review mode: `ONLY_ADDED_WITH_CONTEXT` — reviews only new/changed lines plus surrounding context (token-efficient)
+- Agent mode: disabled (one-shot review, no multi-turn reasoning)
+- LLM: Claude Sonnet (`claude-sonnet-4-20250514`)
+
+**Shared Prompts Structure** (submodule: `Forte/ai-review-prompts`):
+```
+shared-prompts/
+  base/
+    security.md          # org-wide security rules (all profiles)
+  iac/
+    .ai-review.yaml      # IaC/GitOps profile config
+    inline.md            # inline review prompt
+    summary.md           # PR summary prompt
+  # future profiles: backend/, frontend/, etc.
+```
+
+**Configuration** (`shared-prompts/iac/.ai-review.yaml`):
+```yaml
+llm:
+  provider: CLAUDE
+  model: claude-sonnet-4-20250514
+vcs:
+  provider: GITEA
+review:
+  mode: ONLY_ADDED_WITH_CONTEXT
+agent:
+  enabled: false
+prompt:
+  inline_prompt_files:            # concatenated in order
+    - ./shared-prompts/base/security.md
+    - ./shared-prompts/iac/inline.md
+  summary_prompt_files:
+    - ./shared-prompts/iac/summary.md
+ignore:
+  - "*.sealed.yaml"
+  - "*.lock"
+  - "docs/**"
+```
+
+**Custom Prompts** (IaC profile):
+- `shared-prompts/base/security.md` — org-wide security rules, concatenated before every inline review prompt
+- `shared-prompts/iac/inline.md` — IaC-specific inline review (YAML, Helm, K8s manifests, shell scripts), max 7 comments
+- `shared-prompts/iac/summary.md` — PR summary: affected services/namespaces, infrastructure impact, security flags
+
+**Prompt composition**: ai-review does not support Jinja includes. Instead, list multiple files under `inline_prompt_files` / `summary_prompt_files` — they are concatenated in order with double newlines.
+
+**Adding a new profile**: Create a new directory (e.g., `backend/`) with its own `.ai-review.yaml`, `inline.md`, and `summary.md`. The `inline_prompt_files` list should include `base/security.md` first, then the profile-specific prompt. Reference it in the consuming repo's workflow: `AI_REVIEW_CONFIG_FILE_YAML=./shared-prompts/backend/.ai-review.yaml`
+
+**Required Secrets** (configure in Gitea repo or org settings):
+
+| Secret | Purpose |
+|--------|---------|
+| `ANTHROPIC_API_KEY` | Claude API key (from Anthropic console) |
+| `AI_REVIEW_TOKEN` | Gitea API token with `write:repository` + `read:repository` scopes (use a bot/service account) |
+
+**Setup Steps**:
+1. Create a Gitea bot/service account and generate an API token with `write:repository` + `read:repository` scopes
+2. Add `AI_REVIEW_TOKEN` secret in Gitea repo settings → Actions → Secrets
+3. Add `ANTHROPIC_API_KEY` secret with your Anthropic API key
+4. Ensure the `shared-prompts` submodule is initialized (`git submodule update --init`)
+5. Push the workflow file — it triggers automatically on PR creation/update
+
+**Verification**:
+- Open a PR with infrastructure changes → workflow runs → inline comments + summary appear
+- Check Gitea Actions tab for workflow run status and logs
+- Monitor Anthropic usage dashboard for token consumption
+
 ### Keycloak Client Registrar
 
 **Type**: CronJob (deployed via Keycloak Helm chart `extraDeploy`)