github Factory-AI/droid-action v5

2 days ago

What's Changed

Review Depth Presets

  • New review_depth input with shallow and deep presets (#66)
    • deep (default): uses gpt-5.2 with high reasoning effort for thorough reviews
    • shallow: uses kimi-k2-0711 for fast, cost-effective reviews
    • Explicit review_model/reasoning_effort still override depth presets

Security Review Overhaul

  • Security review as a skill running concurrently with code review (#71)
  • Use CLI builtin security-review skill instead of manual prompt construction, matching the same pattern as code review (#71)
  • STRIDE-based threat modeling — automatically generates a STRIDE threat model when .factory/threat-model.md is missing (#69)

Suggestion Blocks

  • Configurable suggestion blocks via new include_suggestions input parameter (#52)
  • Add suggestion block guidance, allow insert-only suggestions, and keep anchors consistent across phases

Custom Review Guidelines

  • Support custom review guidelines via review-guidelines skill (#49)
  • Add size cap and truncation for review guidelines (#50)

Batched Review Comments

  • Batch all review comments into a single submit_review call instead of posting individually, reducing API noise and improving atomicity (#58)

Consolidated Review Summary

  • Consolidate review summary into a tracking comment instead of a separate PR review body (#55)

Review Skill Overhaul

  • Use CLI builtin review skill instead of fetching methodology from GitHub, making templates thin wrappers that delegate structure to the review skill (#60, #64)
  • Move review guidelines from prompt injection to skill invocation for cleaner separation of concerns
  • Always use two-pass validator — removed single-pass review flow entirely (#59)

New Inputs

  • review_depth — choose between shallow and deep review presets
  • include_suggestions — control whether suggestion blocks are included in review comments

Bug Fixes & Improvements

  • Fix: create prompt file when both automatic_review and automatic_security_review are set (#70)
  • Fix: bump internal CI workflow from @v3 to @dev (#74)
  • Forward review_model and reasoning_effort to validator step (#42)
  • Pin upload-artifact to v4.6.2 SHA (#43)
  • Strict deduplication rules in validator prompt
  • Remove redundant anchor rejection rule from validator

Full Changelog: v4...v5

Don't miss a new droid-action release

NewReleases is sending notifications on new releases.