Skip to content

docs(readme): add /install-code-review setup and expand security review instructions#80

Merged
factory-sagar merged 7 commits into
devfrom
docs/readme-security-install-code-review
Apr 28, 2026
Merged

docs(readme): add /install-code-review setup and expand security review instructions#80
factory-sagar merged 7 commits into
devfrom
docs/readme-security-install-code-review

Conversation

@factory-nizar
Copy link
Copy Markdown
Contributor

@factory-nizar factory-nizar commented Apr 28, 2026

Summary

Updates the README to make security review and the guided installer easier to discover.

Changes

  • New Quick Setup with /install-code-review section under Installation, describing the guided CLI flow and pointing at the Automated Code Review guide and GitHub App installation guide.
  • Existing manual setup steps are kept under a new Manual Setup subheading.
  • droid-review.yml sample now includes automatic_security_review: true so users get code review + security review concurrently out of the box.
  • Expanded @droid security description with STRIDE / OWASP coverage and a clearer note about automatic_security_review.
  • Expanded @droid security --full with a complete cron-triggered workflow example using security_scan_schedule and security_scan_days.

No code changes — README only.

@factory-droid
Copy link
Copy Markdown
Contributor

factory-droid Bot commented Apr 28, 2026
edited
Loading

Droid finished @factory-nizar's task —— View job

Droid review complete.

PR #80 currently changes only README.md; all candidate inline comments targeted paths that are no longer in the PR diff, so no inline review comments were posted.

@factory-nizar @factory-droid
docs(readme): add /install-code-review setup and expand security revi…
c4be064 
…ew instructions

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@factory-nizar factory-nizar force-pushed the docs/readme-security-install-code-review branch from ae19391 to c4be064 Compare April 28, 2026 17:43
@factory-nizar @factory-droid
docs(readme): pin workflow examples to @main instead of @v5
0e0d9d5 
The /install-code-review installer generates workflows pinned to @main, so
align the README examples for consistency.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@factory-nizar factory-nizar mentioned this pull request Apr 28, 2026
Merged
factory-nizar and others added 5 commits April 28, 2026 11:36
@factory-nizar @factory-droid
docs(readme): drop internal 'Updating Review Models' section
a22d92e 
The section showed users the source-level REVIEW_DEPTH_PRESETS object and
told them to edit src/utils/review-depth.ts -- but droid-action consumers
can't change Factory-managed defaults from their workflow. The Review Depth
table just above already shows the current shallow/deep defaults, and the
YAML examples already show how to pin a specific model via review_model.

Replace the section with a one-line note that the defaults are managed by
Factory and may change, and that review_model is the way to pin a specific
model in a workflow.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@factory-nizar @factory-droid
docs(readme): clarify review_model accepts CLI model IDs (short or ve…
a37f4aa 
…rsioned)

The third YAML example used 'claude-sonnet-4-5-20250929' without explaining
that review_model takes any model identifier supported by 'droid exec --model'.
Add a sentence pointing to the CLI reference's available-models list and noting
that both short forms (claude-sonnet-4-6) and versioned forms
(claude-sonnet-4-5-20250929) work, with the difference being whether the ID
floats with the latest minor or pins to a specific release.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@factory-nizar @factory-droid
docs(readme): use short model-ID forms in review_model example
915e661 
Replace the versioned 'claude-sonnet-4-5-20250929' example with the short
'claude-sonnet-4-6' and drop the explainer about versioned IDs. Short forms
are the recommended path -- they float with the latest minor and are easier
to remember; versioned IDs are still valid but unnecessary noise here.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@factory-nizar @factory-droid
docs(readme): add sample model table for review_model
70c4d51 
Replace the inline three-example list with a small table of common model IDs
(Anthropic Opus/Sonnet/Haiku, OpenAI GPT-5.5/5.5-pro/5.3-codex, Kimi K2.6)
each with a one-line note on when to pick it. Easier for users to skim than
a sentence with parenthetical examples.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@factory-nizar @factory-droid
docs(readme): drop notes column from review_model sample list
7bf5107 
Just list the model IDs without descriptions -- the CLI reference is the
canonical source for what each model is.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
factory-sagar
factory-sagar approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@factory-sagar factory-sagar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@factory-sagar factory-sagar merged commit 8ea31f3 into dev Apr 28, 2026
@factory-sagar factory-sagar deleted the docs/readme-security-install-code-review branch April 28, 2026 18:52
This was referenced Apr 28, 2026
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@factory-sagar factory-sagar factory-sagar approved these changes

@jonathan-factory jonathan-factory Awaiting requested review from jonathan-factory

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@factory-nizar @factory-sagar