Skip to content

feat: Make Grok CLI a first-class citizen with full plugin + working governance hooks #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
htafolla merged 8 commits into from
May 19, 2026
Merged

feat: Make Grok CLI a first-class citizen with full plugin + working governance hooks #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
1e51353
feat(grok): first-class Grok CLI integration with working governance …
htafolla May 18, 2026
9cb6e5e
fix(grok): resolve ESM __dirname paths, ESLint no-empty in hook, and …
htafolla May 18, 2026
70d1131
fix(tests): relax duration assertion for CI speed, lift Hermes bridge…
htafolla May 18, 2026
4c37f78
fix(inference): add 8s timeout to governance MCP call to prevent hang…
htafolla May 18, 2026
d795492
fix(inference): add 8s timeout to orchestrator MCP call in invokeAgen…
htafolla May 19, 2026
aa41ec6
test: fix state-manager-persistence test to inspect last write instea…
htafolla May 19, 2026
05ec063
ci: gate heavy jobs behind labels + add CI Summary job
htafolla May 19, 2026
c1d3a5a
ci: clean up ci-health dependencies after job gating
htafolla May 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 39 additions & 4 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,12 +101,16 @@ jobs:
run: npm test

# ═══════════════════════════════════════════════════════
# Pipeline Tests
# Pipeline Tests (gated: schedule, needs-pipeline, or ci:full)
# ═══════════════════════════════════════════════════════
test-pipeline:
name: Pipeline Tests
runs-on: ubuntu-latest
needs: test-unit
if: |
github.event_name == 'schedule' ||
contains(github.event.pull_request.labels.*.name, 'needs-pipeline') ||
contains(github.event.pull_request.labels.*.name, 'ci:full')
steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -127,12 +131,16 @@ jobs:
run: npm run test:pipelines

# ═══════════════════════════════════════════════════════
# Consumer Package Test
# Consumer Package Test (gated: schedule, needs-pipeline, or ci:full)
# ═══════════════════════════════════════════════════════
test-package:
name: Package Installation
runs-on: ubuntu-latest
needs: test-pipeline
if: |
github.event_name == 'schedule' ||
contains(github.event.pull_request.labels.*.name, 'needs-pipeline') ||
contains(github.event.pull_request.labels.*.name, 'ci:full')
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down Expand Up @@ -181,12 +189,16 @@ jobs:
node node_modules/strray-ai/scripts/mjs/validate-mcp-connectivity.cjs || true

# ═══════════════════════════════════════════════════════
# Security Audit
# Security Audit (gated: schedule, needs-pipeline, or ci:full)
# ═══════════════════════════════════════════════════════
security:
name: Security Audit
runs-on: ubuntu-latest
needs: test-package
if: |
github.event_name == 'schedule' ||
contains(github.event.pull_request.labels.*.name, 'needs-pipeline') ||
contains(github.event.pull_request.labels.*.name, 'ci:full')
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down Expand Up @@ -245,7 +257,7 @@ jobs:
ci-health:
name: CI Health Monitor
runs-on: ubuntu-latest
needs: [quality, test-unit, test-pipeline, test-package, security, enforcement, docs-build]
needs: [ci-summary, docs-build]
if: always()
steps:
- name: Checkout
Expand Down Expand Up @@ -278,3 +290,26 @@ jobs:
with:
name: ci-health-report
path: .opencode/logs/ci-cd-monitor-report.json

# ═══════════════════════════════════════════════════════
# CI Summary Job (single required status check)
# ═══════════════════════════════════════════════════════
ci-summary:
name: CI Summary
runs-on: ubuntu-latest
needs: [quality, test-unit, enforcement]
if: always()
steps:
- name: Check required jobs status
run: |
echo "Quality: ${{ needs.quality.result }}"
echo "Unit Tests: ${{ needs.test-unit.result }}"
echo "Codex Enforcement: ${{ needs.enforcement.result }}"

if [ "${{ needs.quality.result }}" != "success" ] || \
[ "${{ needs.test-unit.result }}" != "success" ] || \
[ "${{ needs.enforcement.result }}" != "success" ]; then
echo "❌ One or more required jobs failed"
exit 1
fi
echo "✅ All required CI checks passed"
14 changes: 14 additions & 0 deletions .github/workflows/hermes-plugin.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,17 @@ on:
- "src/integrations/hermes-agent/**"
- "hooks/**"
- "scripts/hooks/**"
# Also allow manual triggering via PR label
workflow_dispatch:

jobs:
plugin-python-tests:
name: Python Plugin Tests
runs-on: ubuntu-latest
if: |
github.event_name == 'schedule' ||
contains(github.event.pull_request.labels.*.name, 'needs-hermes') ||
contains(github.event.pull_request.labels.*.name, 'ci:full')
steps:
- uses: actions/checkout@v4

Expand Down Expand Up @@ -45,6 +51,10 @@ jobs:
git-hook-scripts:
name: Git Hook Scripts Validation
runs-on: ubuntu-latest
if: |
github.event_name == 'schedule' ||
contains(github.event.pull_request.labels.*.name, 'needs-hermes') ||
contains(github.event.pull_request.labels.*.name, 'ci:full')
steps:
- uses: actions/checkout@v4

Expand Down Expand Up @@ -98,6 +108,10 @@ jobs:
name: Bridge Hooks Command
runs-on: ubuntu-latest
needs: plugin-python-tests
if: |
github.event_name == 'schedule' ||
contains(github.event.pull_request.labels.*.name, 'needs-hermes') ||
contains(github.event.pull_request.labels.*.name, 'ci:full')
steps:
- uses: actions/checkout@v4

Expand Down
Loading
Loading