Phase 6: CI workflow

[tinkermonkey]

Create the GitHub Actions workflow file that runs the fast test suite on every PR and push, and the live Claude test suite on pushes to main only. The live job depends on the fast job succeeding, and injects ANTHROPIC_API_KEY from repository secrets.

Requirements

• Create .github/workflows/ci.yml with two jobs:
  • test job: triggers on pull_request (all branches) and push to main; runs npm ci, npm run typecheck, npm test; Node 20; timeout-minutes: 5; caches node_modules via actions/setup-node cache
  • test-live job: triggers on push to main only (if: github.event_name == 'push' && github.ref == 'refs/heads/main'); needs: test (does not run if fast tests fail); runs npm ci, npm run test:live; injects ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}; timeout-minutes: 10
• test-live job must exit 0 when ANTHROPIC_API_KEY secret is not configured (live tests skip gracefully, do not fail the job)
• continue-on-error: false for the test-live job — live test failures on main are a blocking signal
• No workflow_dispatch trigger (can be added later)
• Document (in PR description or commit message) that ANTHROPIC_API_KEY must be added to repository secrets as a manual one-time step

Design Guidance

Implements the 'CI Architecture' section of the architecture design. The two-job structure, needs: test dependency, secret names, timeout values, and Node version are all specified in the architecture's workflow YAML design. The rationale for not including CLAUDE_CODE_OAUTH_TOKEN in CI initially is also documented in the architecture.

Acceptance Criteria

• .github/workflows/ci.yml exists and is valid YAML
• A simulated PR event triggers only the test job (not test-live)
• A push to main triggers both jobs, with test-live waiting for test to pass
• test job completes within 5 minutes on a clean runner
• test-live job completes within 10 minutes
• If ANTHROPIC_API_KEY secret is absent, test-live job exits 0 (skipped tests, no failure)
• node_modules is cached between workflow runs on the same branch
• Code is reviewed and approved

Dependencies

Phase 1, Phase 3

[tinkermonkey]

Implementation

---

Summary

Created .github/workflows/ci.yml with two jobs:

• test: Runs on all pull_request events and push to main. Executes npm ci, npm run typecheck, npm test on Node 20 with a 5-minute timeout. node_modules is cached via actions/setup-node's built-in cache: npm.

• test-live: Runs only on push to main (if: github.event_name == 'push' && github.ref == 'refs/heads/main'), after test passes (needs: test). Executes npm ci, npm run test:live with ANTHROPIC_API_KEY injected from repository secrets, 10-minute timeout, continue-on-error: false.

Key behavioral notes:

• If ANTHROPIC_API_KEY secret is absent, the env var is an empty string. The live tests use describe.skipIf(!hasCredentials) and vitest.config.live.ts sets passWithNoTests: true, so the job exits 0 gracefully.
• Manual one-time step required: Add ANTHROPIC_API_KEY to repository secrets under Settings → Secrets and variables → Actions to enable live test execution on main.

---

Generated by Orchestrator Bot 🤖
Processed by the senior_software_engineer agent

[tinkermonkey]

🔄 Starting Review Cycle

Reviewer: Code Reviewer
Maker: Senior Software Engineer
Max Iterations: 5

The automated maker-checker review cycle is now starting. The reviewer will evaluate the work, and if changes are needed, the maker will be automatically re-invoked with feedback.

---

Review cycle initiated by Switchyard

[tinkermonkey]

Code Review

---

I've now thoroughly reviewed the implementation. Here is my assessment:

---

Status

APPROVED

Issues Found

Critical (Must Fix)

None

High Priority (Should Fix)

None

Observations (Informational)

The implementation is clean, minimal, and correctly matches all requirements:

1. Valid YAML: Confirmed via Python yaml.safe_load — parses without error.

2. Two-job structure: test and test-live are both present with correct configurations.

3. Trigger conditions: pull_request (all branches) and push to main are correctly specified via the on: block. The test-live job correctly uses if: github.event_name == 'push' && github.ref == 'refs/heads/main' to restrict it to main pushes only.

4. Job dependency: needs: test on test-live ensures the live job waits for fast tests to pass.

5. Timeout values: test has timeout-minutes: 5, test-live has timeout-minutes: 10 — matches requirements exactly.

6. Node 20 + npm cache: Both jobs use actions/setup-node@v4 with node-version: 20 and cache: npm. This satisfies the node_modules caching requirement.

7. Step commands: test runs npm ci, npm run typecheck, npm test. test-live runs npm ci, npm run test:live. Both match requirements.

8. Secret injection: ANTHROPIC_API_KEY is injected at job-level env from secrets.ANTHROPIC_API_KEY. This is correct and makes it available to all steps.

9. Graceful skip when secret absent: When ANTHROPIC_API_KEY is not configured, GitHub Actions sets the env var to an empty string. The live tests use describe.skipIf(!claudeAvailable || !hasCredentials) where hasCredentials checks !!process.env.ANTHROPIC_API_KEY. Combined with passWithNoTests: true in vitest.config.live.ts, the job exits 0 — no test failures.

10. continue-on-error: false: Explicitly set, matching requirements. Live test failures on main are a blocking signal.

11. No workflow_dispatch: Correctly omitted per requirements.

12. Documentation of secret setup: The commit message says "Complete work for issue Phase 6: CI workflow #9" without documenting the manual ANTHROPIC_API_KEY setup step. However, the maker output describes it, and the requirement says "in PR description or commit message" — the PR description can still satisfy this when the PR is created.

13. Action versions: Uses actions/checkout@v4 and actions/setup-node@v4 — current stable major versions, pinned appropriately.

14. No unnecessary complexity: The file is 42 lines, straightforward, no extra abstractions or unnecessary features.

Source Artefact Updates

None

---

Generated by Orchestrator Bot 🤖
Processed by the code_reviewer agent

[tinkermonkey]

Review Cycle Complete

Status: APPROVED

Iterations: 1/5

Maker: Senior Software Engineer

Reviewer: Code Reviewer

Review approved after 1 iteration(s)

---

Automated review cycle by Switchyard

[tinkermonkey]

Starting Repair Cycle (Testing)

Agent: Senior Software Engineer

Test Types: compilation, unit, integration, ci

Max Iterations: 100

Container: Isolated Docker container
Branch: feature/issue-2-add-full-suite-of-live-integra

The automated test-fix-validate cycle is now starting in a containerized environment. Tests will be run, and if failures are detected, the agent will automatically fix them and re-run tests until all tests pass.

---

Repair cycle initiated by Switchyard

[tinkermonkey]

✅ Repair Cycle Complete

Container: repair-cycle-code-wrapper-9-f3f4e2dc

Exit Code: 0

Total Agent Calls: 11

Duration: 485.0s

• compilation: ✅ PASSED (1 iterations)
• unit: ✅ PASSED (1 iterations)
• integration: ✅ PASSED (1 iterations)
• ci: ✅ PASSED (3 iterations)

---

Repair cycle executed by Switchyard (containerized)