feat: CI PR review — --graph-only, --run-tool, pr_context markdown, GH Action

Enables codegraph as a GitHub Action that posts a code-graph PR review
comment on every PR, with no embeddings and no API keys.

New server flags (main.rs):
  --graph-only      skip embedding generation entirely (no ONNX model
                    load, 10-50× faster index). Structural tools only.
  --run-tool <name> one-shot: index, run one tool, print result, exit.
                    No MCP stdio handshake. Pairs with --tool-args.
  --tool-args <json> arguments for --run-tool (default {}).

pr_context (server.rs):
  - format:"markdown" → ready-to-post PR comment (risk emoji, blast
    radius, test gaps, stale docs, suggested reviewers, commit hint).
    The --run-tool path prints the markdown field raw for CI piping.
  - Fixed functions_changed to count only modified functions (was
    counting every function in changed files — reported 683 vs actual 29).
  - Test functions excluded from test-gap list (a test doesn't need
    its own coverage).
  - Dedup test gaps by (function, file) — incremental indexing leaves
    duplicate nodes.

GitHub Action (.github/workflows/codegraph-pr.yml):
  - pull_request trigger, fetch-depth:0 (required for git diff base...HEAD)
  - npm install codegraph, run graph-only pr_context, post/update PR
    comment via github-script + GITHUB_TOKEN (no secrets needed)
  - Updates existing comment instead of spamming new ones

README: GitHub Action section + --graph-only/--run-tool flag docs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: anvanster

.github/workflows/codegraph-pr.yml

@@ -0,0 +1,75 @@
+# CodeGraph PR Review — posts a code-graph analysis comment on every PR.
+#
+# Runs graph-only (no embeddings, no ONNX model) so it's fast and light:
+# typically completes in well under a minute even on large repos.
+#
+# Copy this file into your own repo at .github/workflows/codegraph-pr.yml
+# No secrets or API keys required — uses the built-in GITHUB_TOKEN.
+name: CodeGraph PR Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout (full history)
+        uses: actions/checkout@v4
+        with:
+          # fetch-depth: 0 is REQUIRED — pr_context runs
+          # `git diff <base>...HEAD`, which needs the base branch history.
+          # The default shallow clone breaks the diff.
+          fetch-depth: 0
+
+      - name: Install CodeGraph
+        run: npm install -g @astudioplus/codegraph-mcp
+
+      - name: Run PR review
+        id: review
+        run: |
+          # Resolve the npm-installed binary for this platform
+          BIN="$(npm root -g)/@astudioplus/codegraph-mcp/bin/codegraph-server-linux-x64"
+          chmod +x "$BIN"
+          "$BIN" \
+            --graph-only \
+            --run-tool codegraph_pr_context \
+            --tool-args "{\"baseBranch\":\"${{ github.base_ref }}\",\"format\":\"markdown\"}" \
+            > review.md 2>/dev/null || echo "CodeGraph review failed" > review.md
+
+      - name: Post or update PR comment
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const body = fs.readFileSync('review.md', 'utf8');
+            const marker = '## 🔍 CodeGraph PR Review';
+
+            // Find an existing CodeGraph comment to update (avoids comment spam)
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+            const existing = comments.find(c => c.body.startsWith(marker));
+
+            if (existing) {
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: existing.id,
+                body,
+              });
+            } else {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body,
+              });
+            }

README.md

@@ -47,6 +47,26 @@ to grep / multi-file reads. Maps natural-language intent to the right
 Setup is `cp <agent>/codegraph.md ~/<agent>/` (one line per agent — see
 the rules repo's README).
 
+### GitHub Action — PR review in CI
+
+Drop a workflow into your repo to get an automatic code-graph analysis
+comment on every PR — blast radius, test gaps, stale docs, suggested
+reviewers. Runs **graph-only** (no embeddings, no ONNX model), so it's
+fast and needs no API keys — just the built-in `GITHUB_TOKEN`.
+
+Copy [`.github/workflows/codegraph-pr.yml`](.github/workflows/codegraph-pr.yml)
+into your repo. The core invocation is a single command:
+
+```bash
+codegraph-server --graph-only \
+  --run-tool codegraph_pr_context \
+  --tool-args '{"baseBranch":"main","format":"markdown"}'
+```
+
+This prints a ready-to-post markdown comment. The `--graph-only` flag
+skips embedding generation (10-50× faster indexing); `--run-tool` runs
+one tool and exits without the MCP stdio handshake — ideal for scripting.
+
 ---
 
 ## Configuration
@@ -61,6 +81,8 @@ the rules repo's README).
 | `--full-body-embedding` | `true` | Embed full function body (~50 lines) for better semantic search and duplicate detection |
 | `--max-files <n>` | 5000 | Maximum files to index |
 | `--profile <name>` | `all` | Filter the exposed MCP tool surface to a named subset (see below) |
+| `--graph-only` | off | Skip embedding generation — build the graph and serve structural tools only. No ONNX model load, 10-50× faster indexing. Semantic search unavailable. For CI / one-shot graph queries. |
+| `--run-tool <name>` | — | One-shot mode: index, run a single tool, print its result, exit. No MCP handshake. Pair with `--tool-args '<json>'`. |
 
 #### `--profile` — narrow the MCP tool surface
 

crates/codegraph-server/src/main.rs

@@ -72,6 +72,25 @@ struct Args {
     /// MCP mode only — LSP mode ignores this.
     #[arg(long)]
     profile: Option<String>,
+
+    /// Skip embedding generation — build the graph and serve structural
+    /// tools only. The ONNX model is never loaded (faster startup, lower
+    /// memory, ~10-50× faster indexing). Semantic search and similarity
+    /// tools are unavailable. Ideal for CI / one-shot graph queries.
+    #[arg(long)]
+    graph_only: bool,
+
+    /// One-shot mode: index the workspace, run a single tool, print its
+    /// JSON result to stdout, and exit. No MCP stdio handshake. Pair with
+    /// --tool-args for arguments and --graph-only for CI speed. Example:
+    ///   codegraph-server --graph-only --run-tool codegraph_pr_context \
+    ///     --tool-args '{"baseBranch":"main","format":"markdown"}'
+    #[arg(long)]
+    run_tool: Option<String>,
+
+    /// JSON arguments for --run-tool (default: {}).
+    #[arg(long, default_value = "{}")]
+    tool_args: String,
 }
 
 /// Re-entrancy guard for the panic hook. A second panic during hook
@@ -168,6 +187,53 @@ async fn main() {
     // before any RocksDB open so the LOCK release path is wired up first.
     spawn_signal_listeners();
 
+    // One-shot tool mode: index, run a single tool, print JSON, exit.
+    if let Some(tool_name) = args.run_tool.clone() {
+        let workspaces = if args.workspace.is_empty() {
+            vec![std::env::current_dir().expect("Failed to get current directory")]
+        } else {
+            args.workspace.clone()
+        };
+        let embedding_model = match args.embedding_model.as_str() {
+            "jina-code-v2" => codegraph_memory::CodeGraphEmbeddingModel::JinaCodeV2,
+            "granite-97m" | "granite" | "granite-97m-multilingual-r2" => {
+                codegraph_memory::CodeGraphEmbeddingModel::Granite97mMultilingualR2
+            }
+            _ => codegraph_memory::CodeGraphEmbeddingModel::BgeSmall,
+        };
+        let tool_args: serde_json::Value = serde_json::from_str(&args.tool_args)
+            .unwrap_or_else(|e| {
+                eprintln!("Invalid --tool-args JSON: {e}");
+                std::process::exit(2);
+            });
+
+        let mut server = codegraph_server::mcp::McpServer::new(
+            workspaces,
+            args.exclude.clone(),
+            args.max_files,
+            embedding_model,
+            args.full_body_embedding,
+        )
+        .with_graph_only(args.graph_only);
+
+        match server.run_single_tool(&tool_name, Some(tool_args)).await {
+            Ok(result) => {
+                // If the tool returned a markdown field, print it raw —
+                // CI pipes it straight into a PR comment. Otherwise print JSON.
+                if let Some(md) = result.get("markdown").and_then(|v| v.as_str()) {
+                    println!("{md}");
+                } else {
+                    println!("{}", serde_json::to_string_pretty(&result).unwrap_or_default());
+                }
+            }
+            Err(e) => {
+                eprintln!("Tool '{tool_name}' failed: {e}");
+                std::process::exit(1);
+            }
+        }
+        return;
+    }
+
     if args.mcp {
         // MCP mode
         let workspaces = if args.workspace.is_empty() {
@@ -211,7 +277,8 @@ async fn main() {
             embedding_model,
             args.full_body_embedding,
         )
-        .with_tool_profile(tool_profile);
+        .with_tool_profile(tool_profile)
+        .with_graph_only(args.graph_only);
         if let Err(e) = server.run().await {
             tracing::error!("MCP server error: {}", e);
             std::process::exit(1);