[Shadow Audit] Phase 1 Foundation

.github/workflows/glm-review.yml

@@ -0,0 +1,22 @@
+name: GLM OpenCode Review
+
+on:
+  pull_request:
+    branches:
+      - main
+      - dev
+      - build-984-hardening
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: GLM PR Review
+        uses: zhipuai/opencode-github-workflow@main
+        continue-on-error: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GLM_API_KEY: ${{ secrets.GLM_API_KEY }}

.github/workflows/opencode.yml

@@ -0,0 +1,30 @@
+name: opencode-review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+      issues: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: anomalyco/opencode/github@latest
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          model: anthropic/claude-3-5-sonnet-latest
+          use_github_token: true
+          prompt: |
+            Review this pull request:
+            - Check for code quality issues
+            - Look for potential bugs
+            - Suggest improvements

.github/workflows/pr-agent.yml

@@ -0,0 +1,29 @@
+name: CodiumAI PR-Agent
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
+      - dev
+      - build-984-hardening
+  issue_comment:
+    types: [created]
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: CodiumAI PR-Agent
+        uses: The-PR-Agent/pr-agent@main
+        continue-on-error: true
+        env:
+          OPENAI_KEY: ${{ secrets.OPENAI_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/qwen-review.yml

@@ -0,0 +1,22 @@
+name: Qwen Code Review
+
+on:
+  pull_request:
+    branches:
+      - main
+      - dev
+      - build-984-hardening
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Qwen PR Review
+        uses: QwenLM/qwen-code-issue-and-pr-automation@main
+        continue-on-error: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          QWEN_TOKEN: ${{ secrets.QWEN_TOKEN }}

.pr_agent.toml

@@ -0,0 +1,13 @@
+[pr_reviewer]
+extra_instructions = """
+STRICT RULE: C# string literals must be ASCII-only. Flag any Unicode, emojis, or curly quotes.
+STRICT RULE: The `lock(stateLock)` pattern is BANNED. Ensure all state mutations use the Enqueue/FSM model.
+STRICT RULE: Verify that any order replacement uses the two-phase Replace FSM pattern.
+"""
+
+[pr_code_suggestions]
+extra_instructions = """
+STRICT RULE: C# string literals must be ASCII-only. Flag any Unicode, emojis, or curly quotes.
+STRICT RULE: The `lock(stateLock)` pattern is BANNED. Ensure all state mutations use the Enqueue/FSM model.
+STRICT RULE: Verify that any order replacement uses the two-phase Replace FSM pattern.
+"""