Release v0.9.2: UI Redesign, Custom LLM Providers, Resumable Reviews & Setup Automation

.dev.vars.example

@@ -1,52 +1,31 @@
-# ──────────────────────────────────────────────────────────────────────────────
-# Codra Environment Configuration Example
-# Copy this file to .dev.vars for local development: cp .dev.vars.example .dev.vars
-# ──────────────────────────────────────────────────────────────────────────────
+# Codra local development environment example
+# Copy this file to .dev.vars for local development.
+# Keep real secrets only in .dev.vars or your deployment secret store.
 
-# --- GitHub App Authentication ---
-# Create at: https://github.com/settings/apps
-APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nREPLACE_WITH_YOUR_GITHUB_APP_PRIVATE_KEY_CONTENT\n-----END RSA PRIVATE KEY-----"
-GITHUB_APP_ID="REPLACE_WITH_YOUR_APP_ID"
-GITHUB_APP_SLUG="REPLACE_WITH_YOUR_APP_SLUG"
-GITHUB_APP_WEBHOOK_SECRET="REPLACE_WITH_YOUR_WEBHOOK_SECRET"
+# --- Integration tests ---
+TEST_DATABASE_URL="postgresql://user:password@localhost:5432/codra"
 
-# --- Dashboard OAuth (GitHub) ---
-# Use the same GitHub App's Client ID/Secret or a separate OAuth App
+# --- LLM provider config encryption ---
+LLM_CONFIG_ENCRYPTION_KEY="REPLACE_WITH_A_LONG_RANDOM_ENCRYPTION_KEY"
+
+# --- GitHub App and OAuth ---
+GITHUB_APP_WEBHOOK_SECRET="REPLACE_WITH_YOUR_WEBHOOK_SECRET"
+GITHUB_APP_ID="REPLACE_WITH_YOUR_APP_ID"
 GITHUB_CLIENT_ID="REPLACE_WITH_YOUR_CLIENT_ID"
 GITHUB_CLIENT_SECRET="REPLACE_WITH_YOUR_CLIENT_SECRET"
-AUTH_CALLBACK_URL="http://localhost:8787/auth/github/callback"
-
-# --- Authorization ---
-# Comma-separated list of GitHub usernames allowed to access the dashboard
-DASHBOARD_ALLOWED_USERS="username1,username2"
-
-# --- AI Intelligence (Gemini) ---
-# Generate at: https://aistudio.google.com/app/apikey
-GEMINI_API_KEY="REPLACE_WITH_YOUR_GEMINI_API_KEY"
-
-# --- Database Connections ---
-
-# 1. Local Development (Used by 'wrangler dev' for the HYPERDRIVE binding)
-# This usually points to a local Postgres instance or a dev branch in Neon.
-CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE="postgresql://user:password@localhost:5432/codra_dev"
-
-# 2. Migrations (Used by 'npm run migrate')
-# This script runs via Node.js and needs a direct connection to the DB you want to migrate.
-DATABASE_URL="postgresql://user:password@localhost:5432/codra_dev"
-
-# 3. Integration Tests (Used by 'npm run test')
-# MUST be a separate database to avoid data loss during test sweeps.
-TEST_DATABASE_URL="postgresql://user:password@localhost:5432/codra_test"
+APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nREPLACE_WITH_YOUR_GITHUB_APP_PRIVATE_KEY_CONTENT\n-----END RSA PRIVATE KEY-----"
 
-# --- Cloudflare DLQ / Queue Management (Required) ---
-# Required for DLQ inspection, replay, and purge via /api/dlq
-# Create or identify the DLQ queue, then set CF_DLQ_ID to that queue's ID.
-# Generate token at https://dash.cloudflare.com/profile/api-tokens (Queues:Edit permission)
-CF_API_TOKEN="REPLACE_WITH_CLOUDFLARE_API_TOKEN"
+# --- Cloudflare API ---
+# Required permissions: Queues Edit for DLQ actions, Workers AI Read for
+# Cloudflare model catalog discovery.
 CF_ACCOUNT_ID="REPLACE_WITH_YOUR_CLOUDFLARE_ACCOUNT_ID"
-CF_DLQ_ID="REPLACE_WITH_YOUR_DLQ_QUEUE_ID"
+CF_API_TOKEN="REPLACE_WITH_CLOUDFLARE_API_TOKEN"
 
-# --- Application Settings ---
+# --- Application URLs and mode ---
 APP_URL="http://localhost:8787"
-BOT_USERNAME="codra-app-dev"
+AUTH_CALLBACK_URL="http://localhost:8787/auth/github/callback"
 ENVIRONMENT="development"
+
+# --- Database connections ---
+DATABASE_URL="postgresql://user:password@localhost:5432/codra_dev"
+CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE="postgresql://user:password@localhost:5432/codra_dev"

.env.test.example

@@ -0,0 +1,20 @@
+# Codra test environment example.
+# Copy to .env.test for local tests. These values are fake and must not be
+# reused for production, staging, or any real external service.
+
+GITHUB_APP_SLUG="codra-test-app"
+GITHUB_APP_WEBHOOK_SECRET="fake-webhook-secret"
+
+GITHUB_CLIENT_ID="fake-dashboard-client-id"
+GITHUB_CLIENT_SECRET="fake-dashboard-client-secret"
+AUTH_CALLBACK_URL="https://codra.test/auth/github/callback"
+DASHBOARD_ALLOWED_USERS="devarshishimpi"
+
+APP_URL="https://codra.test"
+BOT_USERNAME="codra-test-app"
+LLM_CONFIG_ENCRYPTION_KEY="fake-local-llm-config-encryption-key"
+
+# Required. Must point at a disposable Postgres database because tests reset and
+# write data while running.
+DATABASE_URL="postgresql://postgres:postgres@127.0.0.1:5432/codra_test"
+TEST_DATABASE_URL="postgresql://postgres:postgres@127.0.0.1:5432/codra_test"

.github/workflows/ci.yml

@@ -1,12 +1,14 @@
 name: Code Quality
 
 on:
+  workflow_dispatch:
   push:
-    branches:
-      - main
   pull_request:
-    branches:
-      - main
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -16,6 +18,31 @@ jobs:
   verify:
     name: Verify Stability
     runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: postgres:16
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: codra_test
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    env:
+      DATABASE_URL: postgresql://postgres:postgres@127.0.0.1:5432/codra_test
+      TEST_DATABASE_URL: postgresql://postgres:postgres@127.0.0.1:5432/codra_test
+      GITHUB_APP_SLUG: codra-test-app
+      GITHUB_APP_WEBHOOK_SECRET: fake-webhook-secret
+      GITHUB_CLIENT_ID: fake-dashboard-client-id
+      GITHUB_CLIENT_SECRET: fake-dashboard-client-secret
+      AUTH_CALLBACK_URL: https://codra.test/auth/github/callback
+      APP_URL: https://codra.test
+      DASHBOARD_ALLOWED_USERS: devarshishimpi
+      BOT_USERNAME: codra-test-app
 
     steps:
       - name: Checkout repository

.gitignore

@@ -69,6 +69,7 @@ web_modules/
 .env
 .env.*
 !.env.example
+!.env.test.example
 
 # parcel-bundler cache (https://parceljs.org/)
 .cache

CONTRIBUTING.md

@@ -36,7 +36,8 @@ cp .dev.vars.example .dev.vars
 You will need to set up:
 - A GitHub App (for webhooks/checks).
 - A GitHub OAuth App (for dashboard authentication).
-- A Gemini API Key.
+- `LLM_CONFIG_ENCRYPTION_KEY` for encrypting dashboard-managed provider API keys.
+- LLM providers and model credentials from the Settings dashboard.
 - A Hyperdrive local connection string for `wrangler dev`.
 - A direct `DATABASE_URL` for migrations.
 
@@ -52,10 +53,12 @@ npm run dev
 
 ## 🧪 Testing
 
-We use **Vitest** for unit and integration testing. `npm test` runs the non-database tests by default and automatically enables DB integration tests when `TEST_DATABASE_URL` points at a disposable Postgres database.
+We use **Vitest** for unit and integration testing. `npm test` requires a disposable Postgres database, runs migrations against it, and then runs the full test suite.
+
+The test runner loads `.env.test`, `.env.local`, `.env`, `.dev.vars`, and then `.env.test.example`. Override `TEST_DATABASE_URL` in one of the private env files when your local test database does not match the example URL.
 
 ```bash
-# Run all tests
+# Run the full test suite
 npm test
 
 # Run tests in watch mode

README.md

@@ -30,6 +30,8 @@
 
 Codra listens to GitHub pull request events, runs AI-powered review jobs, posts inline findings back to the PR, and gives you a dashboard to inspect jobs, repositories, model routing, review history, and failed queue runs.
 
+> **Beta** -- Codra is under active development. Expect rough edges, missing features, and breaking changes between releases. Feedback and bug reports are welcome via [GitHub Issues](https://github.com/devarshishimpi/codra/issues).
+
 ## Why Codra
 
 - **Own the whole review loop**: Run the GitHub App, Cloudflare Worker, queue, database, model credentials, and dashboard under your own control.
@@ -47,7 +49,7 @@ Codra listens to GitHub pull request events, runs AI-powered review jobs, posts
 - Dead letter queue inspection, replay, and purge workflows
 - GitHub OAuth dashboard authentication
 - External PostgreSQL storage through Cloudflare Hyperdrive
-- Google Gemini and Cloudflare Workers AI model providers
+- Dashboard-managed LLM providers for OpenAI, OpenRouter, Anthropic, Google, and Cloudflare models
 - Repository settings for labels, skipped globs, custom rules, and model routing
 
 ## How It Works
@@ -65,7 +67,7 @@ Codra listens to GitHub pull request events, runs AI-powered review jobs, posts
 - **Dashboard**: React, Vite, Tailwind CSS, Radix UI, Recharts
 - **Data**: PostgreSQL, Cloudflare Hyperdrive, Cloudflare KV
 - **Queues**: Cloudflare Queues with DLQ workflows
-- **Models**: Google Gemini and Cloudflare Workers AI
+- **Models**: OpenAI, OpenRouter, Anthropic, Google, and Cloudflare providers
 - **GitHub**: GitHub App webhooks, checks, reviews, and OAuth
 - **Quality**: TypeScript, Zod, Vitest, Playwright browser tests