feat: add automated CEP resync workflow

[marcusrbrown]

Summary

• add automated CEP resync workflow with precheck gating and dry-run hard stop
• align sync-cep command prompt and integration tests with headless CI usage
• document the dry-run integration issue and fix in docs/solutions

Testing

• bun run build
• bun run typecheck
• bun run lint
• bun test

[fro-bot]

Code Review: Automated CEP Resync Workflow

Summary

This PR adds an automated CEP (Compound Engineering Plugin) resync workflow that periodically checks for upstream changes and can automatically sync them. The implementation is well-structured with proper gating, dry-run support, and comprehensive testing.

Build & Test Status

All checks pass:

• ✅ Build: Bundled 14 modules in 4ms

  index.js 17.38 KB (entry point)
  index-bky4p9gw.js 21.1 KB (chunk)
  cli.js 4.96 KB (entry point) - Success

• ✅ TypeScript: - No errors

• ✅ Linting: Checked 52 files in 74ms. No fixes applied. - No issues

• ✅ Tests: bun test v1.3.9 (cf6cdbbb)
  OpenCode available: true - 339 tests pass

Architecture Overview

The PR introduces four main components:

1. GitHub Actions Workflow ()

   • Scheduled (daily) + manual trigger
   • Two-phase: precheck → sync
   • Exit code gating: 0=no changes, 1=changes detected, 2=errors
   • Rate-limit handling with exponential backoff

2. Precheck Script ()

   • Fetches upstream CEP repository tree
   • Computes SHA-256 content hashes
   • Detects: hash changes, new upstream, deletions
   • Supports multi-file skill hashing
   • Retry logic for 429/403 responses

3. Command Wrapper ()

   • Hard stop for mode (no tools called)
   • Enforces headless CI output format
   • Precheck summary parsing

4. Manifest Updates ()

   • Added field
   • Added array for multi-file definitions
   • New helper functions: ,

Code Quality

Strengths:

• Comprehensive unit tests (455 lines) with good coverage of edge cases
• Integration tests for workflow simulation
• Proper error handling with typed errors
• TypeScript strict mode compliance
• Clear separation of concerns

Minor Observations

1. Pinned action commits - The workflow pins to specific commit SHAs (, ). This is good for security reproducibility but may require manual updates. Consider documenting update process.

2. Fro-bot agent reference - Uses . This is appropriate for a CI automation workflow.

3. Precheck step timeout - The precheck step lacks an explicit timeout. The job has a 10-minute timeout, but the step itself could theoretically hang. Consider adding to the precheck step for faster failure detection.

Testing Coverage

The test suite covers:

• Path mapping to definition keys
• Multi-file skill hashing
• Hash change detection
• Converter version changes
• New upstream/deletion detection
• Wildcard override skipping
• Error handling and retry logic
• Rate limit handling (429, 403)
• Integration with OpenCode command system

Conclusion

The implementation is solid with proper CI/CD practices. The hard-stop dry-run mechanism is particularly well-designed - it prevents accidental modifications in CI and ensures deterministic output.

Approval: APPROVED

[fro-bot]

Code Review: Automated CEP Resync Workflow

Summary

This PR adds an automated CEP (Compound Engineering Plugin) resync workflow that periodically checks for upstream changes and can automatically sync them. The implementation is well-structured with proper gating, dry-run support, and comprehensive testing.

Build & Test Status

All checks pass:

• Build: Success
• TypeScript: No errors
• Linting: No issues
• Tests: 339 tests pass

Architecture Overview

The PR introduces four main components:

1. GitHub Actions Workflow (.github/workflows/sync-cep.yaml)

   • Scheduled (daily) + manual trigger
   • Two-phase: precheck → sync
   • Exit code gating: 0=no changes, 1=changes detected, 2=errors
   • Rate-limit handling with exponential backoff

2. Precheck Script (scripts/check-cep-upstream.ts)

   • Fetches upstream CEP repository tree
   • Computes SHA-256 content hashes
   • Detects: hash changes, new upstream, deletions
   • Supports multi-file skill hashing
   • Retry logic for 429/403 responses

3. Command Wrapper (.opencode/commands/sync-cep.md)

   • Hard stop for --dry-run mode (no tools called)
   • Enforces headless CI output format
   • Precheck summary parsing

4. Manifest Updates (src/lib/manifest.ts)

   • Added converter_version field
   • Added files array for multi-file definitions
   • New helper functions: listDefinitionsBySource, getUpstreamHashes

Code Quality

Strengths:

• Comprehensive unit tests (455 lines) with good coverage of edge cases
• Integration tests for workflow simulation
• Proper error handling with typed errors
• TypeScript strict mode compliance
• Clear separation of concerns

Minor Observations

1. Pinned action commits - The workflow pins to specific commit SHAs. This is good for security reproducibility but may require manual updates. Consider documenting update process.

2. Fro-bot agent reference - Uses fro-bot/agent@c21289d8a8d2e792628debb75578cdbb2f3ace00. This is appropriate for a CI automation workflow.

3. Precheck step timeout - The precheck step lacks an explicit timeout. The job has a 10-minute timeout, but the step itself could theoretically hang. Consider adding timeout-minutes: 5 to the precheck step for faster failure detection.

Testing Coverage

The test suite covers:

• Path mapping to definition keys
• Multi-file skill hashing
• Hash change detection
• Converter version changes
• New upstream/deletion detection
• Wildcard override skipping
• Error handling and retry logic
• Rate limit handling (429, 403)
• Integration with OpenCode command system

Conclusion

The implementation is solid with proper CI/CD practices. The hard-stop dry-run mechanism is particularly well-designed - it prevents accidental modifications in CI and ensures deterministic output.

Approval: APPROVED

---

Run Summary

Field	Value
Event	pull_request
Repository	marcusrbrown/systematic
Run ID	22076485347
Cache	miss
Session	ses_397dbc3f5ffeRZEMJNhTuWluZD