feat(selfhost): wire Codex reviews and secure observability

[JSONbored]

Summary

• Add Codex CLI runtime support for self-hosted reviews while preserving Claude Code and Ollama paths.
• Make provider configuration explicit with CODEX_AI_*, CLAUDE_AI_*, OLLAMA_AI_*, OPENAI_COMPATIBLE_AI_*, OPENAI_AI_*, and ANTHROPIC_AI_* settings instead of shared ambiguous AI knobs.
• Reject deprecated shared AI env knobs at startup with a clear provider-specific migration error so stale AI_MODEL, AI_EFFORT, AI_BASE_URL, AI_API_KEY, or AI_TIMEOUT_MS values cannot silently steer the wrong backend.
• Prefer repo-scoped AGENTS.md for Codex review context while preserving CLAUDE.md fallback and skills loading.
• Restore the maintainer Reviews & PRs Grafana dashboard through a redacted reporting SQLite export instead of direct Grafana access to the live app database.
• Add Codex usage observability, Sentry-facing provider failure context, self-host docs, and default blank optional-profile env values so inactive profiles do not warn.
• Automate self-host Sentry release/source-map handling so release images bake a matching gittensory-selfhost@<version> release id and the release workflow uploads the exact built bundle maps.
• Fix maintainer-lane preflight handling so owner/member/collaborator self-host work is not held solely because repo registration is unavailable, while outside contributors still get the conservative hold.

Closes #1469.

Scope

• The PR title follows type(scope): short summary Conventional Commit format, for example fix(api): restore profile access checks.
• This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
• This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
• I linked an issue, or this is small enough that the summary explains why an issue is not needed.

Validation

• git diff --check
• npm run actionlint
• npm run typecheck
• npm run test:coverage locally; codecov/patch requires >=97% coverage of the lines AND branches you changed (aim for 98%+ on your diff so CI variance does not fail near the threshold). Global coverage is a non-blocking trend with a loose 90% backstop, not the gate.
• npm run test:workers
• npm run build:mcp
• npm run test:mcp-pack
• npm run ui:openapi:check
• npm run ui:lint
• npm run ui:typecheck
• npm run ui:build
• npm audit --audit-level=moderate
• New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

Additional validation:

• npm run test:ci
• npm run typecheck
• npx vitest run test/unit/selfhost-grafana-reporting.test.ts test/unit/selfhost-ai.test.ts test/unit/ai-review-advisory.test.ts
• npx vitest run test/unit/signals-coverage.test.ts test/unit/selfhost-ai.test.ts
• GRAFANA_ADMIN_PASSWORD=placeholder docker compose --profile observability config
• Reporting exporter smoke: missing source creates a valid empty redacted reporting database, real SQLite source exports dashboard-safe review and AI usage rows, quoted paths are handled safely, private review columns are absent, and AI metadata is reduced to repo/PR fields.
• Reporting exporter schema test: current source DBs export estimated_neurons; older source DBs without that column still materialize a valid dashboard-safe estimated_neurons = 0 column.
• node scripts/build-selfhost.mjs --all --sourcemap
• Release workflow source-map invariant: confirmed dist/server.mjs, dist/server.mjs.map, sourceMappingURL=server.mjs.map, non-empty original sources, and sourceRoot=/app/dist.
• Docker build smoke: default self-host image target and runtime-prebuilt release target both build successfully.
• Visual-review release image smoke: runtime-prebuilt with INSTALL_VISUAL_REVIEW=true installs puppeteer-core successfully.
• Release-target image check: confirmed baked GITTENSORY_VERSION, NODE_OPTIONS=--enable-source-maps, dist/server.mjs, dist/server.mjs.map, and source map sourceRoot=/app/dist.
• Grafana dashboard JSON parse check for resource hub, infra, Codex usage, and maintainer dashboards.
• Self-host smoke: rebuilt the app service, confirmed /ready, confirmed Codex review settings and auth mount behavior, confirmed Codex reviews completed, and confirmed Codex token/request metrics increased.

If any required check was skipped, explain why:

• A fresh live-stack redeploy was not repeated for the latest head; the current head is covered by local config, exporter, build, source-map, and image smoke checks.

Safety

• No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
• Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
• Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests.
• API/OpenAPI/MCP behavior is updated and tested where needed.
• UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks.
• Visible UI changes include a UI Evidence section below with JPG/JPEG or PNG screenshots arranged as organized, captioned, clickable thumbnails. SVG screenshots are not used as review evidence. Review-only screenshots or recordings are not committed to the repository.
• Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs.

UI Evidence

State / title	JPG/PNG evidence
Operator Grafana dashboard	Not an app UI surface; verified through Grafana provisioning and datasource checks. The dashboard uses the redacted reporting database instead of direct live database access.

Notes

• Grafana now reads a redacted reporting database produced by reporting-exporter; it does not mount the live application database, and the exporter now mounts the app data volume read-only.
• The reporting export always materializes the dashboard estimated_neurons column. Current source DBs copy the real value; older source DBs without the column export 0 so dashboards remain queryable while operators migrate.
• Deprecated shared AI env vars now fail startup by design. Self-host configs should use provider-specific keys such as CODEX_AI_MODEL, CODEX_AI_EFFORT, CLAUDE_AI_MODEL, CLAUDE_AI_EFFORT, OLLAMA_AI_MODEL, OPENAI_AI_MODEL, and matching provider-specific base URL/key/timeout settings.
• AI usage labels now come from the resolved reviewer plan instead of raw AI_PROVIDER, so uncredentialed or ignored provider entries are not reported as if they actually ran.
• If a self-hoster uses a non-default SQLite path, set GITTENSORY_REPORTING_SOURCE_DB. If the live store is not SQLite, the exporter emits a valid empty reporting database until a compatible reporting source is configured.
• Sentry GitHub code mapping for self-host stack traces should use Stack Trace Root /app and Source Code Root ..
• Official self-host releases require SENTRY_AUTH_TOKEN in the release environment; non-official forks skip Sentry upload when the token is absent.
• Codex USD cost metrics appear only when the CLI output includes a cost field. Token and request metrics are tracked.
• The maintainer-lane preflight change is included here because the production gate blocks this self-host setup PR on unavailable local repo registration. The branch keeps the conservative hold for outside contributors and only turns owner/member/collaborator unavailable-lane status into informational context.
• The self-host queue may remain elevated while historical webhook events drain into the local queue; the worker is processing them and dead-letter count was zero during smoke checks.
• Related roadmap/issues: build(selfhost): make host deploys Git-backed and image-ready #1660, roadmap(selfhost): harden review stack and reduce hosted cost #1667, feat(selfhost): complete Codex reviewer modes and fallbacks #1675, feat(observability): add Codex usage and cost tracking dashboard #1676, chore(cloudflare): inventory legacy hosted resources for cleanup #1668, feat(selfhost): complete review configuration control surface #1680, feat(review): test CodeRabbit-style review controls end to end #1681, docs(selfhost): add complete and minimal review config templates #1682, feat(dashboard): design self-host review config generator #1683, feat(selfhost): expose REES analyzer controls and validation #1684.

[codecov]

Codecov Report

❌ Patch coverage is 96.95058% with 29 lines in your changes missing coverage. Please review.
✅ Project coverage is 95.68%. Comparing base (29da3b1) to head (9bd1a2b).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
src/queue/processors.ts	78.78%	2 Missing and 12 partials ⚠️
src/services/ai-review.ts	93.05%	0 Missing and 5 partials ⚠️
src/github/app.ts	94.28%	0 Missing and 4 partials ⚠️
src/signals/engine.ts	94.02%	0 Missing and 4 partials ⚠️
src/github/backfill.ts	93.75%	0 Missing and 1 partial ⚠️
src/selfhost/ai.ts	99.36%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1678      +/-   ##
==========================================
+ Coverage   95.59%   95.68%   +0.09%     
==========================================
  Files         204      211       +7     
  Lines       22316    22985     +669     
  Branches     8067     8310     +243     
==========================================
+ Hits        21332    21994     +662     
+ Misses        408      402       -6     
- Partials      576      589      +13     

Files with missing lines	Coverage Δ
src/config/gittensory-repo-focus-manifest.ts	100.00% <ø> (ø)
src/db/repositories.ts	96.16% <ø> (ø)
src/db/schema.ts	68.32% <ø> (ø)
src/github/comments.ts	100.00% <100.00%> (+3.22%)	⬆️
src/github/self-authored.ts	100.00% <100.00%> (ø)
src/github/webhook.ts	100.00% <100.00%> (ø)
src/index.ts	94.64% <100.00%> (+2.80%)	⬆️
src/queue/dlq.ts	100.00% <100.00%> (ø)
src/queue/retryable.ts	100.00% <100.00%> (ø)
src/review/ai-notes.ts	100.00% <100.00%> (ø)
... and 27 more

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[superagent-security]

Superagent found 1 security concern(s).

[gittensory-orb]

Caution

🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥

🛑 Gittensory review result - fixes required

_{Review updated: 2026-06-29 16:22:56 UTC}

116 files · 1 AI reviewer · 1 blocker · readiness 75/100 · CI failing · blocked

🛑 Suggested Action - Manual Review

• The AI review flagged a possible must-fix defect below the automatic close-confidence floor, so the gate is held for a human reviewer instead of passed automatically.

Review summary
This wires self-host review execution through provider-specific AI config, Codex/Claude CLI adapters, Redis-backed queues, and redacted reporting dashboards while retiring hosted review execution. The queue and AI changes mostly preserve fail-closed behavior and add useful observability, but the readiness enforcement change breaks the settings contract by leaving a blocking UI/config option that the engine now ignores.

Blockers

• apps/gittensory-ui/src/components/site/app-panels/maintainer-settings.tsx:158 still exposes `qualityGateMode` with `block`, but src/rules/advisory.ts:911 now converts low readiness into a warning for every non-off mode, so an operator selecting block silently gets advisory behavior instead of an enforced check.

Nits — 7 non-blocking

• Dockerfile:49 still installs global CLI packages without a lockfile or artifact verification; `--foreground-scripts` improves visibility, but release images still depend on mutable transitive npm resolution.
• src/selfhost/ai-config.ts:46 treats `codex` as configured even when `createCodexAi` will reject until the explicit unsafe opt-in is set, so boot diagnostics and reviewer labels can advertise a reviewer that will only fail closed.
• src/selfhost/pg-queue.ts:332 and src/selfhost/sqlite-queue.ts:254 intentionally do not increment attempts for rate-limit retries; add a comment or focused test so this non-consuming retry behavior is not mistaken for a dropped retry counter.
• Either restore readiness blocking in src/rules/advisory.ts for `qualityGateMode: block`, or remove/disable the block option for `qualityGateMode` in apps/gittensory-ui/src/components/site/app-panels/maintainer-settings.tsx and the config/docs surfaces that still advertise it.
• For the bundled CLIs in Dockerfile:49, prefer a reproducible install path with committed package metadata, verified binary downloads, or an explicit integrity check before publishing official images.
• PR author also opened the linked issue — Link an issue that was opened by a different contributor, or provide a rationale for why this self-authored issue represents genuine discovery work.
• AI reviewers agree on a likely critical defect: apps/gittensory-ui/src/components/site/app-panels/maintainer-settings.tsx:158 still exposes `qualityGateMode` with `block`, but src/rules/advisory.ts:911 now converts low readiness into a warning for every non-off mode, so an operator selecting block silently gets advisory behavior instead of an enforced check. — Resolve the flagged defect, or override if the AI reviewers are mistaken, then re-run the gate.

Why this is blocked

• apps/gittensory-ui/src/components/site/app-panels/maintainer-settings.tsx:158 still exposes `qualityGateMode` with `block`, but src/rules/advisory.ts:911 now converts low readiness into a warning for every non-off mode, so an operator selecting block silently gets advisory behavior instead of an enforced check.

CI checks failing

• codecov/patch — 96.95% of diff hit (target 97.00%)

Signal	Result	Evidence
Code review	❌ 1 blocker	1 reviewer
Linked issue	✅ Linked	#1469
Related work	⚠️ 2 scoped overlaps	Top overlaps are listed below; lower-confidence bulk is hidden.
Review load	❌ 8/20	Readiness component derived from cached public PR metadata and labels; size label size:L.
Validation evidence	✅ 25/25	PR body includes validation/test evidence.
Open PR queue	❌ 3/10	25 open PR(s), 12 likely reviewable, 13 unlinked.
Contributor context	✅ Confirmed Gittensor contributor	JSONbored; Gittensor profile; 74 PR(s), 280 issue(s).
Gate result	⚠️ Not blocking	Advisory; not blocking this PR.

Review context

• Author: JSONbored
• Role context: owner (maintainer lane)
• Public audience mode: oss maintainer
• Lane context: Repository registration is not available in the local Gittensory cache.
• Public profile languages: Python, TypeScript, JavaScript, Ruby, Go, Kotlin, MDX, Shell
• Official Gittensor activity: 74 PR(s), 280 issue(s).
• Related work: Items reference the same linked issue build(selfhost): Sentry source maps, env docs, and Grafana resource-hub link #1469. (issue #1469)
• Related work: Open PR work references issue build(selfhost): Sentry source maps, env docs, and Grafana resource-hub link #1469. (issue #1469)

Contributor next steps

• Treat this as maintainer-lane context rather than normal contributor-lane activity.
• Review top overlaps.
• Add scope summary.
• Expect slower review.
• No action.
• Check active issues and PRs before submitting.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Review load = cached public PR metadata such as size labels, changed paths, and preflight status.
• Open PR queue = repo-wide review pressure; it is not a PR quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

_{🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed}

---

💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

• Re-run Gittensory review

[superagent-security]

Superagent found 1 security concern(s).

[JSONbored]

@gittensory gate-override Maintainer-lane self-host setup PR: all CI, security, coverage, and self-host smoke checks are green. The remaining blocker is the deployed gate readiness/preflight hold for owner-authored work when repo registration is unavailable, and this PR includes the upstream fix for that false-positive.

[superagent-security]

\nSuperagent found 2 security concern(s).

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	gittensory-ui	9d7d044	Commit Preview URL Branch Preview URL	Jun 29 2026, 11:31 AM

[superagent-security]

Superagent found 2 security concern(s).

[superagent-security]

P2: Docker image build executes npm postinstall scripts from global CLI packages

The Dockerfile installs @anthropic-ai/claude-code and @openai/codex globally via npm install -g without --ignore-scripts, allowing postinstall lifecycle scripts from these packages and their transitive dependencies to execute during the Docker image build.

Add --foreground-scripts to make postinstall execution visible in build logs, and audit the CLI packages and their transitive dependencies with npm audit before image publication. Consider using reproducible installs with a lock file for global dependencies.

AI prompt

Check if this security scanner issue is valid. If so, understand the root cause and fix it. If appropriate, update or add tests. Keep the change focused and preserve intended behavior.

<file name="Dockerfile">
<violation number="1" location="Dockerfile:49">
<priority>P2</priority>
<title>Docker image build executes npm postinstall scripts from global CLI packages</title>
<evidence>The runtime-base stage in the Dockerfile runs npm install -g @anthropic-ai/[email protected] @openai/[email protected] as the unprivileged node user without the --ignore-scripts flag. This executes any postinstall scripts defined in these packages and their transitive dependencies during the Docker build. Because npm install -g does not use a lock file for transitive dependencies, their versions can shift between builds based on upstream semver ranges, increasing supply-chain risk.</evidence>
<recommendation>Add --foreground-scripts to the npm install -g command so postinstall execution is visible in build logs. Run npm audit against the installed CLI packages before image publication. Consider pinning transitive dependency versions by generating and verifying a lock file for the global install, or install the native binaries via direct verified downloads instead of npm to eliminate script execution entirely.</recommendation>
</violation>
</file>

[superagent-security]

P2: Deploy script fetches and runs unpinned Sentry CLI via npx

The self-host deploy script invokes npx -y @sentry/cli@latest multiple times to manage Sentry releases and upload source maps. Using @latest means any compromised Sentry CLI release could execute arbitrary code during deployment with access to SENTRY_AUTH_TOKEN and the mounted project directory.

Pin the Sentry CLI to a specific version (e.g., @sentry/[email protected]) consistent with the release workflow, and verify the installed package integrity before execution. Replace npx -y @sentry/cli@latest with the pinned version throughout the script.

AI prompt

Check if this security scanner issue is valid. If so, understand the root cause and fix it. If appropriate, update or add tests. Keep the change focused and preserve intended behavior.

<file name="scripts/deploy-selfhost-prebuilt.sh">
<violation number="1" location="scripts/deploy-selfhost-prebuilt.sh:158">
<priority>P2</priority>
<title>Deploy script fetches and runs unpinned Sentry CLI via npx</title>
<evidence>The run_sentry_upload function executes npx -y @sentry/cli@latest for releases new, releases set-commits, sourcemaps inject, sourcemaps upload, and releases finalize. The @latest tag fetches the most recent published version without integrity verification. If the Sentry npm package or its dependencies are compromised, arbitrary code executes inside the throwaway Docker container with access to the SENTRY_AUTH_TOKEN environment variable and the $PWD:/work volume mount, allowing modifications to persist on the host filesystem after the container exits.</evidence>
<recommendation>Pin the Sentry CLI version explicitly (e.g., npx -y @sentry/[email protected]) to match the version used in the official release pipeline. Consider installing the CLI via npm ci --ignore-scripts with a local package.json and lock file, or use the official Sentry CLI binary downloaded directly from GitHub releases with checksum verification.</recommendation>
</violation>
</file>