Nox-Lumen MfgCode hosting integrations
Activation: one natural-language turn
These integrations do not start in a static admin wizard, and users need not manually paste webhook URLs into each forge. The supported flow is:
Describe the goal inside a combo-agent session; the Agent loads the integration skill and handles the rest.
| User says | Skill chosen |
|---|---|
“Watch GitHub repo uu5208/ragbase for PR reviews” | github-integration |
“Connect GitLab project team/backend for auto-review” | gitlab-integration |
“Enable Gitee repo myorg/myapp PR reviews” | gitee-integration |
“Follow Gerrit project platform/core for new patchsets” | gerrit-integration |
| “Review Gerrit change 12345 now” | gerrit-integration |
Each SKILL.md encodes a mandatory pipeline; after the trigger phrase matches the agent runs end-to-end—from collecting credentials to webhook validation. Operators only answer “paste your token.”
Webhook endpoints are generated by the platform; users never hand-type GitHub/GitLab/Gerrit URLs. Agents call *_create_webhook REST helpers (Git hosts) or push webhooks.config (Gerrit meta branch) to register callbacks remotely.
End-to-end picture
Platform matrix
| Forge | Skill | Webhook wiring | Review feedback | Repo search |
|---|---|---|---|---|
| Gerrit | gerrit-integration | Push webhooks.config to refs/meta/config; cron fallback if blocked | ✅ change + inline | — |
| GitLab CE/EE/self-managed | gitlab-integration | REST create hook | ✅ MR threads & discussions | ✅ |
| GitHub / GHE | github-integration | REST create hook | ✅ PR reviews + checks | ✅ |
| Gitee | gitee-integration | REST create hook | ✅ PR comments | ✅ |
Credential checklist (ask_user)
| Forge | Secret | Minimum scope |
|---|---|---|
| Gerrit | HTTP Password | Read + Label: Code-Review; path A also Push refs/meta/config |
| GitLab | glpat_… PAT / project tokens | api, read_repository |
| GitHub | classic/fine-grained PAT | repo or fine scopes for PRs/contents/checks |
| Gitee | PAT | pull_requests, issues, hook |
Never use personal administrator tokens—use project/service accounts or GitHub Apps for revocability.
Internal pipeline (non-negotiable order)
Step 1 — ask_user + connectivity check
After the secure prompt collects a token, immediate *_verify_token calls surface misconfigurations verbatim—no silent retries.
Step 2 — manage_scm_bot
Responsibilities:
- Re-run verification (no DB row without a successful remote proof)
- Insert
tenant_channel_bot - Echo the full callback URL, e.g.,
https://combo.example.com/webhook/github-uu5208-ragbase
Skipping this tool and inventing secrets causes 404 storms—skills document the ban in red lettering.
Step 3 — Provision remote hook
REST path (Git hosts)
Agents never ask users to navigate UI settings.
Git path (Gerrit A)
Projects store hooks in refs/meta/config:
Only subscribe to patchset-created. Adding comment-added/change-merged creates feedback loops—the agent’s own review posts re-fire webhooks. With fnmatch-only filters, omission is the reliable fix (real incident burned six LLM rounds in 20 min).
Cron path (Gerrit B fallback)
Use when webhooks are impossible (missing plugin, policy blocks, air-gapped sandbox):
Choose exactly one of paths A/B upfront (decision table baked into skills). Do not silently hop from A→B without user acknowledgement.
Step 4 — manage_event_trigger binds prompts
prompt literally replays when deliveries arrive—session-driven automation in a nutshell.
Step 5 — curl -I validation (mandatory)
| Result | Meaning |
|---|---|
| 200 / 405 | Route exists (405 expected for GET-only) |
| 404 | DB row missing → escalate |
| Timeout | RAGFLOW_PUBLIC_URL / firewall issue |
git push succeeding on Gerrit does not prove the SaaS ingress is reachable—you still need curl evidence.
Runtime loop post-configuration
scm_tool_context injects PR/change identifiers so tools fire without brittle URL parsing.
Review feedback modes
| Platform | Commentary | Signals |
|---|---|---|
| Gerrit | Inline + summaries | Code-Review / Verified labels |
| GitLab | MR + discussions | approve/request changes |
| GitHub/GHE | Inline + checks | approvals + check suites |
| Gitee | PR threads | textual feedback |
Repo reads happen through REST snapshots—whole clones only if contractual.
Multiple bots / identities
Teams often register discrete bots per estate (GH org A, self-hosted GitLab B, corp Gerrit C). Routing inspects SCM URLs → tenant bot metadata.
Troubleshooting cheatsheet
| Symptom | Fix |
|---|---|
| curl → 404 | Repair manage_scm_bot; don’t forge webhooks blindly |
| Gerrit 403 on review labels | Elevate robot permissions |
| GitHub ephemeral 401 | PAT expiry / GH App clock drift |
| GitLab webhook silent | Enable “Allow local network hooks” |
Missing refs/meta/config locally | run git fetch origin refs/meta/config:refs/remotes/origin/meta/config |
not a registered email | Align git author with gerrit_get_me |
| Infinite review recursion | Restrict config to patchset-created only |
| Massive MR diffs | Use max_diff_kb truncation + targeted reads |
Further reading
- Automotive code review solution
- Automotive reviewer ops guide
- Event triggers
- Cron jobs
- Skills (
gerrit-integration,gitlab-integration,github-integration,gitee-integration)