Runcastle

Parallel Planner with Adversarial Review

MIT2 downloads

by castellan-demo

v1.0.0
Homepage ↗

Plans parallelizable GitHub issues, implements each on its own branch in parallel, then runs an adversarial Codex review with a per-branch fix loop before merging.

Topology

Disclosures

Disclosures — declared side-effect surface

Everything below runs on your machine or inside the sandbox when you use this workflow. Mismatches between these declarations and the actual code block publishing.

Host hooks

Commands executed on YOUR host machine by Sandcastle lifecycle hooks.

  • cp .env.example .env

Sandbox hooks

Commands executed inside the sandbox container.

  • npm install

Network access

Runs `gh` inside the sandbox to list and read issues labelled `Sandcastle` on the current repository.

Shell expansion

Prompt files contain !`command` blocks — the agent CLI executes these commands at prompt-load time. They are highlighted amber in the prompt files below.

Files

Diff vs the stock Sandcastle 0.12.0 template Dockerfile — green lines were added by the author, red lines were removed from stock.

+# Sandbox image for the Parallel Planner with Adversarial Review workflow.
+# Extends the stock Sandcastle template with the GitHub CLI (for the gh issue
+# loop) and the Codex CLI (for the reviewer agent).
FROM node:22-bookworm
-# System dependencies.
+# System dependencies used by the agents and the gh issue loop.
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
curl \
jq \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
-# Claude Code CLI (the agent runtime).
-RUN npm install -g @anthropic-ai/claude-code
+# GitHub CLI — used by the !`gh ...` shell-expansion blocks in the prompts.
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+ | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+ && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
+ > /etc/apt/sources.list.d/github-cli.list \
+ && apt-get update && apt-get install -y --no-install-recommends gh \
+ && rm -rf /var/lib/apt/lists/*
+# Agent CLIs: Claude Code (planner + implementers) and Codex (reviewer).
+RUN npm install -g @anthropic-ai/claude-code @openai/codex
+
# Non-root agent user. `sandcastle docker build-image` aligns AGENT_UID/GID to
# the host user via --build-arg to avoid permission errors on bind mounts.
ARG AGENT_UID=1000
ARG AGENT_GID=1000
RUN groupadd --gid ${AGENT_GID} agent \
&& useradd --uid ${AGENT_UID} --gid ${AGENT_GID} --create-home --shell /bin/bash agent
USER agent
WORKDIR /workspace
Show full Dockerfile (highlighted)
# Sandbox image for the Parallel Planner with Adversarial Review workflow.
# Extends the stock Sandcastle template with the GitHub CLI (for the gh issue
# loop) and the Codex CLI (for the reviewer agent).
FROM node:22-bookworm

# System dependencies used by the agents and the gh issue loop.
RUN apt-get update && apt-get install -y --no-install-recommends \
      git \
      curl \
      jq \
      ca-certificates \
 && rm -rf /var/lib/apt/lists/*

# GitHub CLI — used by the !`gh ...` shell-expansion blocks in the prompts.
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
      | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
 && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
      > /etc/apt/sources.list.d/github-cli.list \
 && apt-get update && apt-get install -y --no-install-recommends gh \
 && rm -rf /var/lib/apt/lists/*

# Agent CLIs: Claude Code (planner + implementers) and Codex (reviewer).
RUN npm install -g @anthropic-ai/claude-code @openai/codex

# Non-root agent user. `sandcastle docker build-image` aligns AGENT_UID/GID to
# the host user via --build-arg to avoid permission errors on bind mounts.
ARG AGENT_UID=1000
ARG AGENT_GID=1000
RUN groupadd --gid ${AGENT_GID} agent \
 && useradd --uid ${AGENT_UID} --gid ${AGENT_GID} --create-home --shell /bin/bash agent

USER agent
WORKDIR /workspace

README

Parallel Planner with Adversarial Review

A three-stage review pipeline: an Opus planner groups your open issues into independent work items, a fan-out of Sonnet implementers builds each item on its own branch in parallel, and a Codex reviewer adversarially reviews each branch with a fix loop before you merge.

Topology

plan ──▶ impl (xN) ──▶ review ──┐
              ▲                  │
              └──── fix loop ◀───┘
                                 └──▶ merge

The impl node is a fan-out: one implementer runs per planned work item, each on agent/issue-<n>. The reviewer runs on the same branch and loops back to fix problems it finds until it emits <promise>APPROVED</promise>.

Disclosures

  • Host hook: cp .env.example .env (on worktree ready) seeds the sandbox env file.
  • Sandbox hook: npm install (on sandbox ready) installs dependencies.
  • Shell expansion: the prompts use !`gh ...` and !`git ...` blocks to pull live issue text and diffs into context. This is why usesShellExpansion is true.
  • Network: gh reaches GitHub to list and read issues labelled Sandcastle.

Prompt arguments

implement-prompt.md and review-prompt.md take an {{ISSUE_NUMBER}} argument supplied per branch, and use the built-in {{SOURCE_BRANCH}} / {{TARGET_BRANCH}} placeholders that Sandcastle injects automatically.

Requirements

Set CLAUDE_CODE_OAUTH_TOKEN and OPENAI_API_KEY (and GITHUB_TOKEN for private repos) in .sandcastle/.env, build the image, then run the entrypoint.