You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use this manifest to prepare one CodeAgora demo package that shows the same review contract flowing through CLI artifacts, MCP tools, Desktop session UI, and GitHub PR comments/checks.
Demo workspace
Field
Recommended default
Actual value / notes
Ready
Demo repo
examples/vulnerable-api/
[ ]
Absolute demo path
<CodeAgora checkout>/examples/vulnerable-api
[ ]
Demo branch
demo/codeagora-review-contract
[ ]
Base branch / SHA
main at rehearsal start
[ ]
Demo PR number
123 placeholder until live PR exists
[ ]
Provider secret source
OPENROUTER_API_KEY from operator environment or GitHub Actions secret
[ ]
Presenter notes path
docs/for-users/DEMO_RUNBOOK.md
[ ]
Staged diff setup
Use a small staged change in examples/vulnerable-api/ so every surface reviews identical input.
Field
Recommended default
Actual value / notes
Ready
Diff source
Staged git diff
[ ]
Setup command record
git status --short and staged-file list captured as text
[ ]
Staged files
1-3 files with obvious vulnerable API behavior
[ ]
Max diff size
Under 5000 lines for the Action; under 1000-2500 lines for compact providers
[ ]
Review ignore state
.reviewignore reviewed; demo artifacts excluded from the staged diff
[ ]
Reset plan
Clean command or backup patch stored outside the repo
[ ]
Config preset
Field
Recommended default
Actual value / notes
Ready
Config path
.ca/config.json in the demo workspace
[ ]
Preset
Demo Balanced from DEMO_RUNBOOK.md; use Fast only for repeated rehearsal
[ ]
Mode
pragmatic
[ ]
Provider
openrouter
[ ]
Language
ko for Korean-first demo; en for GitHub Actions setup walkthrough
[ ]
Reviewer count
3 reviewers for live CLI/Desktop speed; 5 reviewers for GitHub Action quality setup
v0.1.2 DMG is unsigned, not notarized, and not auto-updatable; Gatekeeper warning is expected
[ ]
Repo selection proof
Screenshot or transcript of selecting examples/vulnerable-api/ with 리뷰 실행
[ ]
Readiness proof
Screenshot of 빠른 리뷰 readiness banner before provider spend
[ ]
Session browsing proof
Screenshot of 세션 opening the CLI/MCP-created session
[ ]
Setup proof
Screenshot of 셋업 provider / GitHub Action / evidence cards
[ ]
Export proof
Markdown, JSON, and SARIF export files from session detail
[ ]
Desktop fallback asset
Pre-recorded screenshots for cockpit/session/setup/export plus a known-good session artifact
[ ]
GitHub PR and Action artifacts
Use a trusted branch PR for the live provider-backed path. Fork PR behavior should be shown only as a documented skipped/degraded fallback unless a maintainer-controlled rerun is available.
Artifact
Recommended value
Actual file / notes
Ready
Workflow file
.github/workflows/codeagora-review.yml in the demo repo
[ ]
Action ref
bssm-oss/CodeAgora@v0.1.2
[ ]
Trigger
pull_request types: opened, synchronize, reopened
[ ]
Permissions
contents: read, pull-requests: write, checks: write; add security-events: write only with SARIF upload