chore: add lefthook, PR workflows, and CI standardization (#1)

## Summary
- Add lefthook.yml with gofmt, govet, and conventional commit hooks
- Add PR review workflow (reviewforge) for automated code review
- Add structlint validation workflow for PRs
- Add PR title validation for conventional commits (squash merge
support)
- Standardize test.yml with setup-go@v5 and caching

## Test plan
- [ ] Verify `go test ./...` passes
- [ ] Check workflows render correctly in GitHub Actions tab

Author: machado144

.github/workflows/pr.yml

@@ -0,0 +1,75 @@
+name: PR
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+    branches:
+      - main
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  title:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate PR title follows Conventional Commits
+        env:
+          TITLE: ${{ github.event.pull_request.title }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if echo "$TITLE" | grep -qE "^(feat|fix|docs|style|refactor|test|chore|build|ci|perf|revert)(\(.+\))?(!)?: .+"; then
+            echo "PR title is valid: $TITLE"
+            exit 0
+          fi
+
+          BODY=$(cat <<'COMMENT'
+          ### ⚠️ Invalid PR Title
+
+          PR title must follow the **Conventional Commits** format since we use squash merge:
+
+          ```
+          <type>[optional scope][!]: <description>
+          ```
+
+          **Allowed types:** `feat`, `fix`, `docs`, `style`, `refactor`, `test`, `chore`, `build`, `ci`, `perf`, `revert`
+
+          **Examples:**
+          - `feat: add new feature`
+          - `fix(api): resolve null pointer`
+          - `feat!: breaking change`
+          - `chore(deps): update dependencies`
+          COMMENT
+          )
+
+          # Post comment on PR
+          gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
+            -X POST -f body="$BODY"
+
+          echo "::error::PR title must follow Conventional Commits format"
+          exit 1
+
+  review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: AxeForging/reviewforge@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AI_PROVIDER: gemini
+          AI_MODEL: gemini-2.5-flash
+          AI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+          SHOW_TOKEN_USAGE: true
+          INCREMENTAL: false
+          REVIEW_RULES: concise
+
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: AxeForging/structlint@main
+        with:
+          config: .structlint.yaml
+          comment-on-pr: "true"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -4,8 +4,8 @@ on:
   workflow_dispatch:
     inputs:
       tag:
-        description: 'Release tag (e.g., v1.0.0)'
-        required: true
+        description: 'Release tag (leave empty for auto-bump from conventional commits)'
+        required: false
         type: string
 
 permissions:
@@ -29,15 +29,40 @@ jobs:
       - name: Run tests
         run: go test ./... -v
 
+      - name: Build releaseforge
+        run: make build-local
+
+      - name: Determine version
+        id: version
+        run: |
+          if [ -n "${{ inputs.tag }}" ]; then
+            echo "tag=${{ inputs.tag }}" >> "$GITHUB_OUTPUT"
+          else
+            NEXT=$(./releaseforge bump --quiet)
+            echo "Auto-bumped version: ${NEXT}"
+            echo "tag=${NEXT}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Generate release notes
+        env:
+          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+        run: |
+          PREV_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+          ARGS="generate --use-git-fallback --output /tmp/release-notes.md"
+          if [ -n "$PREV_TAG" ]; then
+            ARGS="$ARGS --git-tag $PREV_TAG --analyze-from-tag"
+          fi
+          ./releaseforge $ARGS
+
       - name: Create and push tag
         run: |
-          git tag ${{ inputs.tag }}
-          git push origin ${{ inputs.tag }}
+          git tag ${{ steps.version.outputs.tag }}
+          git push origin ${{ steps.version.outputs.tag }}
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
         with:
           version: latest
-          args: release --clean
+          args: release --clean --release-notes /tmp/release-notes.md
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/releaseforge.yml

@@ -0,0 +1,66 @@
+name: ReleaseForge
+
+on:
+  workflow_call:
+    inputs:
+      command:
+        description: "Command: bump, generate"
+        type: string
+        default: "bump"
+      tag:
+        description: "Base semver tag"
+        type: string
+        default: ""
+      branch:
+        description: "Target branch"
+        type: string
+        default: "HEAD"
+      provider:
+        description: "LLM provider for generate"
+        type: string
+        default: "gemini"
+      model:
+        description: "LLM model for generate"
+        type: string
+        default: "gemini-2.0-flash"
+      template-name:
+        description: "Built-in template name"
+        type: string
+        default: ""
+      max-commits:
+        description: "Max commits to analyze"
+        type: string
+        default: "200"
+    secrets:
+      api_key:
+        description: "LLM API key (for generate command)"
+        required: false
+    outputs:
+      next-version:
+        description: "Next semver version"
+        value: ${{ jobs.releaseforge.outputs.next-version }}
+
+permissions:
+  contents: read
+
+jobs:
+  releaseforge:
+    runs-on: ubuntu-latest
+    outputs:
+      next-version: ${{ steps.rf.outputs.next-version }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - id: rf
+        uses: AxeForging/releaseforge@main
+        with:
+          command: ${{ inputs.command }}
+          tag: ${{ inputs.tag }}
+          branch: ${{ inputs.branch }}
+          provider: ${{ inputs.provider }}
+          model: ${{ inputs.model }}
+          api-key: ${{ secrets.api_key }}
+          template-name: ${{ inputs.template-name }}
+          max-commits: ${{ inputs.max-commits }}

.github/workflows/test.yml

@@ -2,18 +2,20 @@ name: Test
 
 on:
   push:
-    branches: ["**"]
   pull_request:
+    branches:
+      - main
 
 jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Set up Go
+      - name: Setup Go
         uses: actions/setup-go@v5
         with:
           go-version: '1.24'

.goreleaser.yml

@@ -46,11 +46,7 @@ snapshot:
   version_template: "{{ incpatch .Version }}-next"
 
 changelog:
-  sort: asc
-  filters:
-    exclude:
-      - '^docs:'
-      - '^test:'
+  disable: true
 
 release:
   github:

.structlint.yaml

@@ -0,0 +1,84 @@
+# structlint configuration
+# Validates project directory structure and file naming
+
+dir_structure:
+  allowedPaths:
+    - "."
+    - "actions/**"
+    - "services/**"
+    - "helpers/**"
+    - "domain/**"
+    - "integration/**"
+    - "doc/**"
+    - "dist/**"
+    - ".claude/**"
+    - ".github/**"
+  disallowedPaths:
+    - "vendor/**"
+    - "node_modules/**"
+    - "tmp/**"
+    - "temp/**"
+    - ".git/**"
+    - "*.log"
+  requiredPaths:
+    - "actions"
+    - "services"
+    - "domain"
+
+file_naming_pattern:
+  allowed:
+    - "*.go"
+    - "*.mod"
+    - "*.sum"
+    - "*.yaml"
+    - "*.yml"
+    - "*.json"
+    - "*.toml"
+    - "*.md"
+    - "*.txt"
+    - "*.png"
+    - "*.jpg"
+    - "*.svg"
+    - "README*"
+    - "LICENSE*"
+    - "CHANGELOG*"
+    - "Makefile"
+    - "Dockerfile*"
+    - "*.sh"
+    - ".gitignore"
+    - ".editorconfig"
+    - ".golangci.yml"
+    - ".goreleaser.yml"
+    - ".github/**"
+    - "go.work"
+    - "go.work.sum"
+  disallowed:
+    - "*.env*"
+    - ".env*"
+    - "*.key"
+    - "*.pem"
+    - "*.log"
+    - "*.tmp"
+    - "*.temp"
+    - "*~"
+    - "*.swp"
+    - "*.bak"
+    - ".DS_Store"
+    - "Thumbs.db"
+  required:
+    - "go.mod"
+    - "README.md"
+    - ".gitignore"
+    - "*.go"
+
+ignore:
+  - ".git"
+  - "vendor"
+  - "node_modules"
+  - "bin"
+  - "dist"
+  - ".idea"
+  - ".vscode"
+  - ".DS_Store"
+  - "*.log"
+  - "*.tmp"