{"id":24247491,"url":"https://github.com/samyuan1990/openai_codeagent-action","last_synced_at":"2025-10-08T20:19:48.930Z","repository":{"id":271877970,"uuid":"914840032","full_name":"SamYuan1990/OpenAI_CodeAgent-action","owner":"SamYuan1990","description":"A Github action which invokes openAI API as GenAI agent and coding in pipeline offline.","archived":false,"fork":false,"pushed_at":"2025-08-04T03:33:03.000Z","size":34576,"stargazers_count":9,"open_issues_count":24,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-04T06:28:45.155Z","etag":null,"topics":["actions","aiagent","lint"],"latest_commit_sha":null,"homepage":"https://samyuan1990.github.io/OpenAI_CodeAgent-action/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SamYuan1990.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-01-10T12:16:30.000Z","updated_at":"2025-07-30T12:45:43.000Z","dependencies_parsed_at":"2025-01-10T13:44:59.492Z","dependency_job_id":"52d7fb9c-25bb-4e64-828c-9dbe4574b448","html_url":"https://github.com/SamYuan1990/OpenAI_CodeAgent-action","commit_stats":null,"previous_names":["samyuan1990/openai_codeagent-action"],"tags_count":4,"template":false,"template_full_name":"actions/javascript-action","purl":"pkg:github/SamYuan1990/OpenAI_CodeAgent-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamYuan1990%2FOpenAI_CodeAgent-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamYuan1990%2FOpenAI_CodeAgent-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamYuan1990%2FOpenAI_CodeAgent-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamYuan1990%2FOpenAI_CodeAgent-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SamYuan1990","download_url":"https://codeload.github.com/SamYuan1990/OpenAI_CodeAgent-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamYuan1990%2FOpenAI_CodeAgent-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000662,"owners_count":26082817,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","aiagent","lint"],"created_at":"2025-01-14T23:54:13.999Z","updated_at":"2025-10-08T20:19:48.924Z","avatar_url":"https://github.com/SamYuan1990.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Hello! OpenAI Code Agent\n\n[![Lint Codebase](https://github.com/SamYuan1990/OpenAI_CodeAgent/actions/workflows/linter.yml/badge.svg)](https://github.com/SamYuan1990/OpenAI_CodeAgent/actions/workflows/linter.yml)\n[![Continuous Integration](https://github.com/SamYuan1990/OpenAI_CodeAgent/actions/workflows/ci.yml/badge.svg)](https://github.com/SamYuan1990/OpenAI_CodeAgent/actions/workflows/ci.yml)\n\n[中文文档](./README_zh.md)\n\nFrom an engineering perspective, for the tasks in our pipeline today, we need to\ngather sufficient information and construct a series of specific instructions.\nBy directly issuing these instructions to the large model, we can avoid\nfine-tuning and RAG (Retrieval-Augmented Generation), thereby integrating the\nlarge model into the pipeline. This approach enables intelligent solutions to\nspecific problems, ultimately achieving the goal of enhancing production\nefficiency.\n\n## Todo after Community over code\n\nIt's very greatful as communitication on Community over code.\n### High level to do\n- [ ] We need to have an AST graph and consider with memory trace.\n- [ ] We need to make each single step as atom as possible, Pluggable to support scan for:\n  - [ ] Static scan scope.\n  - [ ] CVE scan scope.\n  - [ ] OWASP 10 socpe.\n  - [ ] Customer design.\n  - [ ] Provide design for interface, so everyone can contribute a new plugin for us.\n  - [ ] At the interface level, impls context management.\n- [ ] We need test case, can use ebpf based obversibility as DeepFlow MCP may have demo to how it works.\n- [ ] Provide metrics, log for further analysis and audit usage.\n- [ ] Continue support for container, GHA way to run it.\n### To achieve aboves\n- [ ] We need prompts and tested with juice shop as test suits to evaluate our prompts.\n  - [ ] From readme or usage file to start up sandbox for testing as long term memory.\n  - [ ] Go through AST.(in hard code)\n  - [ ] We make 1 from top 10 as case for one term.\n  - [ ] Pluggable by prompts, each prompt has it's own content base same structured output.\n  - [ ] Attack on the sandbox.\n  - [ ] Run a full scan on juice shop to see ROI.\n  - [ ] As it's juice shop, so we can have our total score as final result.\n  - [ ] Consider a realy case, we need LLM to give us the verify steps.\n- [ ] We need a java, golang, or muti language based restful server from prompt to walk through AST graph.\n  - [ ] We need an rest api structure.\n  - [ ] We need sample vul project for ourself base on each language.\n  - [ ] Which inluding graph inovkes, vul cases, points to the vuls types for unit test.\n- [ ] We also need to consider the report format, as security owner should know code path, attack approach, verify result, and a sandbox to reproduce, fix suggestion is optional.\n- [ ] We need test with real CVE(in the past to see if we can works), and also impacts from other CVEs.\n- [ ] Go to test with real case, try to find any.\n\n## Features\n\n| Category                       | Tools        | Language/Target | Scenario                                                 | Example                                                     |\n| ------------------------------ | ------------ | --------------- | -------------------------------------------------------- | ----------------------------------------------------------- |\n| **Unit Test**                  | Jest         | JavaScript      | Auto-generate unit tests to improve coverage             | [Link](./.github/workflows/ExampleJSunittestGenerate.yml)   |\n| **Doc Gen**                    |              | Go              | Generate GoDoc comments via AST analysis                 | [Link](./.github/workflows/ExampleGODocGenerate.yml)        |\n| **CVE Scan with Pod security** | Syft, Bomber | deployment.yaml | Detect CVEs and suggest Pod Security Policy improvements | [Link](./.github/workflows/ExampleCVEToDeployment.yml)      |\n| **CVE Scan with project**      | Syft, Bomber | n/A             | Detect CVEs and the affect to your repo                  | [Link](./.github/workflows/YouOwnCVEDependency.yml)         |\n| **Code Vulnerabilities Scan**  |              | C               | Detect common CVE reasons as null pointer for code       | [Link](./.github/workflows/ExampleCVulnerabilitiesscan.yml) |\n\n### Reuslt:\n\n- CVE Scan with project: we already get 3 confrimed CVE upgrade from a cloud\n  related project.\n- Code Vulnerabilities Scan: we already submit one PR to an Apache project.\n\n## Design\n\nWorkflow Design:  \n![OverAllDesign](./docs/pictures/Design.png)\n\n---\n\n## Non-Functional Metrics\n\n### Logging \u0026 Archiving\n\n- Hash-based tracing (SHA256 of final prompt).\n\n### Metrics\n\n- [x] Per-task tracing\n- [x] Token cost analysis\n- [x] Prompt component analysis (e.g., one-shot vs. ReAct)\n- [ ] Output effectiveness (filtered invalid responses)\n\n---\n\n## Output Examples\n\n| Field               | Description                                   |\n| ------------------- | --------------------------------------------- |\n| avg_prompt_precent  | Average percentage of user intent in prompts  |\n| avg_content_precent | Average percentage of task context in prompts |\n| LLMresponse         | Raw LLM response (single call)                |\n| final_prompt        | Full prompt sent to LLM                       |\n| avg_time_usage      | Average time spend when invoke LLM            |\n| avg_inputToken      | Average input token to LLM                    |\n| avg_outputToken     | Average output token from LLM                 |\n\nAST task output (directory: `./GenAI_output`):\n\n```json\n{\n  \"model\": \"deepseek-chat\",\n  \"final_prompt\": \"...\",\n  \"hashValue\": \"600e13336953ff55998a56a86644a01abfabe33513abcf01b8d945c61664e0c2\",\n  \"response\": \"\",\n  \"prompt_precent\": 12.71,\n  \"content_precent\": 87.03,\n  \"meta\": {\n    \"filename\": \"src/aiagent.js\",\n    \"functionname\": \"calculatePercentage\"\n  }\n}\n```\n\n## Current preformance result\n\n| Metric\\Task               | Document generate | Deployment suggestion | Code enhancement |\n| ------------------------- | ----------------- | --------------------- | ---------------- |\n| Prompt percent            | 16%               | 5.6%                  | 54.2%            |\n| Content percent           | 83%               | 93%                   | 45%              |\n| Output Token              | 430               | 1207                  | 742              |\n| LLM response time(second) | 26                | 61                    | 43               |\n\n---\n\n## Usage Tips\n\n- **Container Run**:\n  ```bash\n  npm install\n  npx local-action . src/main.js .env.example\n  ```\n  or container\n  ```bash\n  docker run -e baseURL=\"https://api.deepseek.com\" \\\n           -e apiKey=\"dummy\" \\\n           -e model=\"deep-seek\" \\\n           -e dirPath=\"/workdir/src\" \\\n           -e dryRun=\"true\" \\\n           -e runType=\"jsunittest\" \\\n           -e maxIterations=1 \\\n           -e deploymentfile= \\\n           -e prompt= \\\n           -e output_path= \\\n           -e githubIssueReport= \\\n           -e token= \\\n           -e GITHUB_REPOSITORY= \\\n           -v \"$(pwd)\":/workdir \\\n           ghcr.io/samyuan1990/openai_codeagent-action:latest\n  ```\n- **Local Run**: You can generate GenAI_output and download it to your local,\n  then use [./localCS](./localCS)'s simple UI to check and review the content.\n  To run localCS, `export apiKey=xxx \u0026\u0026 node server.js`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamyuan1990%2Fopenai_codeagent-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsamyuan1990%2Fopenai_codeagent-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamyuan1990%2Fopenai_codeagent-action/lists"}