openabdev · shaun-agent · Apr 18, 2026
@@ -0,0 +1,101 @@
+# OpenAB PR-Screening Report Prompt
+
+You are generating a screening report for the OpenAB project board.
+
+## Workflow Context
+
+- Board flow: `Incoming` -> `PR-Screening` -> human or agent follow-up
+- After this screening pass, Masami or Pahud agent will pick up the item for deeper review and possible merge work
+- The purpose of this report is to clarify the item's intent and rewrite the implementation prompt so the next agent has a tighter brief
+
+## Required Output Sections
+
+Produce a Markdown report with exactly these sections, in this order:
+
+1. `Intent`
+2. `Feat`
+3. `Who It Serves`
+4. `Rewritten Prompt`
+5. `Merge Pitch`
+6. `Best-Practice Comparison`
+7. `Implementation Options`
+8. `Comparison Table`
+9. `Recommendation`
+
+## Section Requirements
+
+### Intent
+
+- State what the PR or issue is trying to achieve
+- Call out the user-visible or operator-visible problem being solved
+- Be concrete, not vague
+
+### Feat
+
+- Summarize the behavioral change or feature in plain language
+- Note whether the item is a feature, fix, refactor, docs improvement, or release operation
+
+### Who It Serves
+
+- Identify the primary beneficiary
+- Examples: Discord end users, Slack users, deployers, maintainers, agent runtime operators, reviewers
+
+### Rewritten Prompt
+
+- Rewrite the item into a cleaner implementation brief for a coding agent
+- Make the prompt more specific, more testable, and more mergeable
+- Keep it concise but operational
+
+### Merge Pitch
+
+- Write a short pitch for why this item is worth moving forward
+- Include the risk profile and likely reviewer concern
+
+### Best-Practice Comparison
+
+Compare the proposed direction against these reference systems:
+
+- OpenClaw:
+  - gateway-owned scheduling
+  - durable job persistence
+  - isolated executions
+  - explicit delivery routing
+  - retry/backoff and run logs
+- Hermes Agent:
+  - gateway daemon tick model
+  - file locking to prevent overlap
+  - atomic writes for persisted state
+  - fresh session per scheduled run
+  - self-contained prompts for scheduled tasks
+
+Do not force a comparison where it does not fit. Instead, say which principles are relevant and which are not.
+
+### Implementation Options
+
+- Think of at least 3 ways to implement or evolve the item
+- Each option should be meaningfully different
+- Include one conservative option, one balanced option, and one more ambitious option where possible
+
+### Comparison Table
+
+Add a table comparing the options across:
+
+- Speed to ship
+- Complexity
+- Reliability
+- Maintainability
+- User impact
+- Fit for OpenAB right now
+
+### Recommendation
+
+- Recommend one path
+- Explain why it is the right step for future merge discussion
+- Mention any follow-up split or sequencing if needed
+
+## Tone
+
+- Direct
+- Technical
+- Pragmatic
+- Useful to a maintainer deciding whether to advance the item
@@ -65,3 +65,24 @@ app.kubernetes.io/component: {{ .agent }}
 {{- define "openab.persistenceEnabled" -}}
 {{- if and . .persistence (eq (.persistence.enabled | toString) "false") }}false{{ else }}true{{ end }}
 {{- end }}
+
+{{- define "openab.screeningFullname" -}}
+{{- printf "%s-project-screening" (include "openab.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "openab.screeningLabels" -}}
+helm.sh/chart: {{ include "openab.chart" . }}
+app.kubernetes.io/name: {{ include "openab.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/component: project-screening
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{- define "openab.screeningSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "openab.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/component: project-screening
+{{- end }}
@@ -0,0 +1,14 @@
+{{- if .Values.projectScreening.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "openab.screeningFullname" . }}
+  labels:
+    {{- include "openab.screeningLabels" . | nindent 4 }}
+data:
+  screen_once.sh: |
+    {{- .Files.Get "files/project-screening/screen_once.sh" | nindent 4 }}
+  screening_prompt.md: |
+    {{- .Files.Get "files/project-screening/screening_prompt.md" | nindent 4 }}
+{{- end }}
@@ -0,0 +1,113 @@
+{{- if .Values.projectScreening.enabled }}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "openab.screeningFullname" . }}
+  labels:
+    {{- include "openab.screeningLabels" . | nindent 4 }}
+spec:
+  schedule: {{ .Values.projectScreening.schedule | quote }}
+  suspend: {{ .Values.projectScreening.suspend | default false }}
+  concurrencyPolicy: {{ .Values.projectScreening.concurrencyPolicy | default "Forbid" }}
+  successfulJobsHistoryLimit: {{ .Values.projectScreening.successfulJobsHistoryLimit | default 3 }}
+  failedJobsHistoryLimit: {{ .Values.projectScreening.failedJobsHistoryLimit | default 3 }}
+  jobTemplate:
+    spec:
+      backoffLimit: {{ .Values.projectScreening.backoffLimit | default 0 }}
+      ttlSecondsAfterFinished: {{ .Values.projectScreening.ttlSecondsAfterFinished | default 86400 }}
+      template:
+        metadata:
+          annotations:
+            checksum/config: {{ print (.Files.Get "files/project-screening/screen_once.sh") (.Files.Get "files/project-screening/screening_prompt.md") (.Values.projectScreening | toJson) | sha256sum }}
+          labels:
+            {{- include "openab.screeningSelectorLabels" . | nindent 12 }}
+        spec:
+          restartPolicy: Never
+          {{- with .Values.podSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          containers:
+            - name: project-screening
+              image: {{ .Values.projectScreening.image | quote }}
+              imagePullPolicy: {{ .Values.projectScreening.imagePullPolicy | default "IfNotPresent" }}
+              command:
+                - bash
+                - /opt/openab-project-screening/screen_once.sh
+              env:
+                - name: GH_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: {{ include "openab.screeningFullname" . }}
+                      key: gh-token
+                - name: SENDER_CONTEXT_JSON
+                  value: {{ required "projectScreening.senderContextJson is required when projectScreening.enabled=true" .Values.projectScreening.senderContextJson | quote }}
+                - name: PROJECT_OWNER
+                  value: {{ .Values.projectScreening.project.owner | default "openabdev" | quote }}
+                - name: PROJECT_NUMBER
+                  value: {{ .Values.projectScreening.project.number | default 1 | quote }}
+                - name: INCOMING_STATUS_NAME
+                  value: {{ .Values.projectScreening.project.incomingStatus | default "Incoming" | quote }}
+                - name: SCREENING_STATUS_NAME
+                  value: {{ .Values.projectScreening.project.screeningStatus | default "PR-Screening" | quote }}
+                - name: REPORT_TO_STDOUT
+                  value: {{ .Values.projectScreening.reportToStdout | default true | quote }}
+                - name: PROJECT_QUERY_EXTRA
+                  value: {{ .Values.projectScreening.queryExtra | default "" | quote }}
+                - name: HOME
+                  value: /tmp/openab-project-screening-home
+                - name: WORK_DIR
+                  value: /tmp/openab-project-screening
+                - name: PROMPT_TEMPLATE
+                  value: /opt/openab-project-screening/screening_prompt.md
+                - name: CODEX_AUTH_JSON_SOURCE
+                  value: /opt/openab-project-screening-auth/auth.json
+                {{- if .Values.projectScreening.discordReport.enabled }}
+                - name: DISCORD_BOT_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: {{ .Values.projectScreening.discordReport.secretName | default "openab-kiro-codex" | quote }}
+                      key: {{ .Values.projectScreening.discordReport.secretKey | default "discord-bot-token" | quote }}
+                - name: DISCORD_REPORT_CHANNEL_ID
+                  value: {{ .Values.projectScreening.discordReport.channelId | default "1494378525640097921" | quote }}
+                {{- end }}
+              {{- with $.Values.containerSecurityContext }}
+              securityContext:
+                {{- toYaml . | nindent 16 }}
+              {{- end }}
+              {{- with .Values.projectScreening.resources }}
+              resources:
+                {{- toYaml . | nindent 16 }}
+              {{- end }}
+              volumeMounts:
+                - name: project-screening
+                  mountPath: /opt/openab-project-screening
+                  readOnly: true
+                - name: project-screening-auth
+                  mountPath: /opt/openab-project-screening-auth
+                  readOnly: true
+                - name: tmp
+                  mountPath: /tmp
+          {{- with .Values.projectScreening.nodeSelector }}
+          nodeSelector:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.projectScreening.affinity }}
+          affinity:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.projectScreening.tolerations }}
+          tolerations:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumes:
+            - name: project-screening
+              configMap:
+                name: {{ include "openab.screeningFullname" . }}
+            - name: project-screening-auth
+              secret:
+                secretName: {{ include "openab.screeningFullname" . }}
+            - name: tmp
+              emptyDir: {}
+{{- end }}
@@ -0,0 +1,15 @@
+{{- if .Values.projectScreening.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "openab.screeningFullname" . }}
+  labels:
+    {{- include "openab.screeningLabels" . | nindent 4 }}
+  annotations:
+    "helm.sh/resource-policy": keep
+type: Opaque
+data:
+  gh-token: {{ required "projectScreening.githubToken is required when projectScreening.enabled=true" .Values.projectScreening.githubToken | b64enc | quote }}
+  auth.json: {{ required "projectScreening.codexAuthJson is required when projectScreening.enabled=true" .Values.projectScreening.codexAuthJson | b64enc | quote }}
+{{- end }}
@@ -19,6 +19,44 @@ containerSecurityContext:
     drop:
       - ALL
 
+projectScreening:
+  enabled: false
+  # Runs a one-shot screening pass that:
+  # 1. checks the Incoming project lane
+  # 2. moves the first item to PR-Screening
+  # 3. generates a Codex screening report to stdout/job logs
+  schedule: "*/30 * * * *"
+  suspend: false
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  backoffLimit: 0
+  ttlSecondsAfterFinished: 86400
+  image: ghcr.io/openabdev/openab-codex:latest
+  imagePullPolicy: IfNotPresent
+  project:
+    owner: openabdev
+    number: 1
+    incomingStatus: Incoming
+    screeningStatus: PR-Screening
+  reportToStdout: true
+  queryExtra: ""
+  # Required when enabled. This is passed through to the generated Codex prompt.
+  senderContextJson: ""
+  githubToken: ""
+  # Required when enabled. This should be the contents of ~/.codex/auth.json
+  # from a ChatGPT-authenticated Codex session.
+  codexAuthJson: ""
+  discordReport:
+    enabled: false
+    secretName: "openab-kiro-codex"
+    secretKey: "discord-bot-token"
+    channelId: "1494378525640097921"
+  resources: {}
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
 agents:
   kiro:
     enabled: true    # set to false to skip creating resources for this agent