local version of the PR reviewer

[derekmisler]

Summary

• Adds local development support to the PR reviewer agent, allowing developers to run reviews on their local branches without posting to GitHub.
• Publishes the agent to Docker Hub on release
• Updates cagent to v1.23.4.

Changes

• review-pr/agents/pr-review.yaml: Added welcome message and enhanced diff gathering to include PR metadata (title, body, author, files) for better context during reviews
• review-pr/README.md: Updated "Running Locally" section with instructions for using the agent from Docker Hub via agentcatalog/review-pr
• .github/workflows/release.yml: Added publish-agent job to push the review-pr agent to Docker Hub on release, including README upload
• action.yml, review-pr/action.yml, .github/workflows/review-pr.yml: Updated default cagent version from v1.23.1 to v1.23.4
• README.md: Updated documentation to reflect cagent v1.23.4 and clarified that extra-args passes to cagent run instead of cagent exec
• action.yml: Changed command from cagent exec to cagent run --exec to align with updated cagent CLI

How to Test

• Run cagent run agentcatalog/review-pr "Review my changes" from a local git repository to verify the agent diffs against the base branch and outputs review findings
• Trigger a release workflow to verify the agent publishes successfully to Docker Hub
• Test the PR review workflow on a pull request to ensure cagent v1.23.4 works correctly

Screen.recording.mp4

Closes: https://github.com/docker/gordon/issues/154

[derekmisler]

/describe

[docker-agent]

✅ PR description has been generated and updated!

[derekmisler]

/describe

[docker-agent]

✅ PR description has been generated and updated!

[docker-agent]

Review Summary

Found 3 potential issues in the new release workflow code that could affect the reliability of the Docker Hub publishing step. The main concerns are around error handling for the Docker Hub API interactions and a potential race condition with concurrent releases.

All issues are in added code and relate to the new publish-agent job. The rest of the changes (version updates, documentation changes, and agent instruction updates) look good.

[derekmisler]

/review

[docker-agent]

Review Summary

Reviewed the changes for adding local PR reviewer support and Docker Hub publishing. Found 1 high-severity security issue in the release workflow that should be addressed.

Key Finding

• Security: The cagent binary is downloaded and executed without checksum verification, which could allow code injection via MITM or compromised releases.

What looks good

• The workflow properly validates secrets before use
• Error handling with set -e is consistently applied
• The PR reviewer agent improvements for local usage are well-structured
• Version updates to v1.23.4 are consistent across files

[derekmisler]

i know this PR is focused on running it locally, but i just love the output when running in CI: https://github.com/docker/cagent-action/actions/runs/22196041387