--- name: dev:pr-review description: CodeRabbit-style PR review with security scanning, test coverage, and one-click fixes delegates-to: autonomous-agent:pr-reviewer --- # Pull Request Review Command Execute a comprehensive CodeRabbit-style review of a pull request with automated analysis, security scanning, and one-click fixes. ## Usage ```bash /dev:pr-review [PR_NUMBER|BRANCH_NAME] ``` **Examples**: ```bash /dev:pr-review 123 # Review PR #123 /dev:pr-review feature/auth # Review branch against main /dev:pr-review # Review current branch changes ``` ## Workflow ### 1. Initialize Review - Detect PR context (number, branch, or current changes) - Fetch PR metadata (title, author, description) - Extract git diff and commit history ### 2. Delegate to PR Reviewer Agent Execute comprehensive review via `pr-reviewer` agent: ```javascript const review_result = await delegate_to_pr_reviewer({ pr_number: pr_number, pr_data: { title: pr_title, author: pr_author, description: pr_description, files: changed_files, diff: full_diff, commits: commit_history } }); ``` ### 3. Analysis Pipeline The PR reviewer agent executes: **A. Summary Generation** (5-10s): - Change categorization (features, bug fixes, refactoring, etc.) - Files changed count and line statistics - Complexity score calculation **B. Line-by-Line Analysis** (30-60s): - Code quality issues (naming, duplication, complexity) - Best practice violations (SOLID, DRY, error handling) - Performance concerns (N+1 queries, inefficient algorithms) - Type annotations and documentation **C. Security Scan** (20-40s via security-auditor): - OWASP Top 10 vulnerability detection - Input validation checks - Authentication/authorization review - Secrets exposure detection - Dependency vulnerability scan **D. Test Coverage Analysis** (15-30s): - Calculate coverage for changed lines - Identify untested functions - Generate test suggestions - Coverage delta calculation **E. Automated Fix Generation** (10-20s): - Generate one-click fixes for auto-fixable issues - Provide suggestions with explanations - Calculate confidence scores **F. Risk Assessment** (5-10s): - Calculate weighted risk score - Identify risk factors (size, complexity, critical files) - Generate recommendations **G. Related PR Detection** (5-10s): - Find PRs touching same files - Detect similar changes - Identify dependencies ### 4. Report Generation Generate comprehensive review report: ```markdown # Pull Request Review: #{PR_NUMBER} ## 📊 Summary **Risk Level**: {RISK_LEVEL} ({RISK_SCORE}/100) Files: {COUNT} | +{ADDITIONS} -{DELETIONS} | Complexity: {SCORE}/100 ## 🔒 Security ({VULN_COUNT} issues) 🔴 Critical: {COUNT} | 🟠 High: {COUNT} | 🟡 Medium: {COUNT} ## 📈 Test Coverage {COVERAGE}% ({DELTA > 0 ? '+' : ''}{DELTA}%) | Untested: {COUNT} ## 💡 Code Review ({ISSUE_COUNT} issues) {DETAILED_REVIEWS_BY_FILE} ## ⚡ Performance ({ISSUE_COUNT} concerns) {PERFORMANCE_ISSUES} ## 🎯 Recommendations ### Critical ({COUNT}) ### Suggested ({COUNT}) ### Nice to Have ({COUNT}) ## ✅ Approval Checklist - [ ] All critical issues resolved - [ ] Test coverage adequate - [ ] No new vulnerabilities - [ ] Performance acceptable ``` ### 5. Interactive Fix Application Provide one-click fix application: ```python # Auto-fixable issues presented with "Apply Fix" option # User can select fixes to apply # System applies fixes and creates commit ``` ## Skills Integration This command leverages: **ast-analyzer**: - Deep code structure analysis - Complexity calculation - Impact analysis **security-patterns**: - Vulnerability detection patterns - Secure coding guidelines **contextual-pattern-learning**: - Find similar successful PRs - Learn review patterns - Improve accuracy over time **code-analysis**: - Code quality metrics - Best practice validation ## Output Format ### Terminal Output (Tier 1: Concise Summary) ``` ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ PR REVIEW COMPLETE: #{PR_NUMBER} ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📊 Overview Risk Level: {RISK_LEVEL} ({RISK_SCORE}/100) Files: {COUNT} | +{ADDITIONS} -{DELETIONS} Complexity: {SCORE}/100 🔒 Security Analysis 🔴 Critical: {COUNT} | 🟠 High: {COUNT} | 🟡 Medium: {COUNT} Total New Vulnerabilities: {COUNT} 📈 Test Coverage Coverage: {COVERAGE}% ({DELTA > 0 ? '+' : ''}{DELTA}%) Untested Functions: {COUNT} 💡 Top 3 Issues 1. {SEVERITY} - {FILE}:{LINE} - {ISSUE} 2. {SEVERITY} - {FILE}:{LINE} - {ISSUE} 3. {SEVERITY} - {FILE}:{LINE} - {ISSUE} 🎯 Top 3 Recommendations 1. {CRITICAL_RECOMMENDATION} 2. {SUGGESTED_IMPROVEMENT} 3. {NICE_TO_HAVE} ✅ Auto-fixable Issues: {COUNT}/{TOTAL} 📄 Detailed Report: .data/reports/pr-review/pr-{NUMBER}-{DATE}.md ⏱️ Review completed in {DURATION} ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ``` ### Detailed Report (Tier 2: Comprehensive File) Saved to: `.data/reports/pr-review/pr-{NUMBER}-{YYYY-MM-DD}.md` **Full Report Structure**: ```markdown # Pull Request Review: #{PR_NUMBER} **Generated**: {TIMESTAMP} **Review Time**: {DURATION} **Reviewer**: Autonomous PR Review Agent v1.0 --- ## Table of Contents 1. [Summary](#summary) 2. [Security Analysis](#security-analysis) 3. [Test Coverage](#test-coverage) 4. [Code Review](#code-review) 5. [Performance Analysis](#performance-analysis) 6. [Recommendations](#recommendations) 7. [Related PRs](#related-prs) 8. [Approval Checklist](#approval-checklist) --- ## Summary **Title**: {PR_TITLE} **Author**: {AUTHOR} **Status**: {STATUS} **Risk Level**: {RISK_LEVEL} ({RISK_SCORE}/100) ### Changes Overview - **Files Changed**: {COUNT} - **Lines Added**: +{ADDITIONS} - **Lines Removed**: -{DELETIONS} - **Complexity Score**: {SCORE}/100 ### Change Categories - ✨ **Features**: {COUNT} files - {FILE_LIST} - 🐛 **Bug Fixes**: {COUNT} files - {FILE_LIST} - ♻️ **Refactoring**: {COUNT} files - {FILE_LIST} - 📝 **Documentation**: {COUNT} files - {FILE_LIST} - ✅ **Tests**: {COUNT} files - {FILE_LIST} ### Risk Factors | Factor | Score | Weight | Impact | |--------|-------|--------|--------| | Size | {SCORE}/100 | 20% | {IMPACT} | | Complexity | {SCORE}/100 | 25% | {IMPACT} | | Test Coverage | {SCORE}/100 | 25% | {IMPACT} | | Critical Files | {SCORE}/100 | 20% | {IMPACT} | | Security | {SCORE}/100 | 10% | {IMPACT} | --- ## Security Analysis **New Vulnerabilities Detected**: {COUNT} ### Critical Issues (🔴) #### {VULN_TITLE_1} - **File**: `{FILE_PATH}` - **Line**: {LINE_NUMBER} - **Severity**: CRITICAL - **CWE**: CWE-{NUMBER} - {CWE_NAME} - **OWASP**: {OWASP_CATEGORY} **Vulnerable Code**: ```{LANGUAGE} {VULNERABLE_CODE} ``` **Description**: {DETAILED_DESCRIPTION} **Remediation**: ```{LANGUAGE} {FIXED_CODE} ``` **Explanation**: {EXPLANATION} **Auto-fixable**: {YES/NO} [Apply Fix] (One-click button) --- ### High Issues (🟠) {SIMILAR_STRUCTURE} ### Medium Issues (🟡) {SIMILAR_STRUCTURE} ### Low Issues (⚪) {SIMILAR_STRUCTURE} --- ## Test Coverage **Overall Coverage**: {COVERAGE}% ({DELTA > 0 ? '+' : ''}{DELTA}%) - **Changed Lines Coverage**: {CHANGED_LINES_COV}% - **Untested Functions**: {COUNT} ### Coverage by File | File | Before | After | Delta | Untested Functions | |------|--------|-------|-------|-------------------| | {FILE} | {BEFORE}% | {AFTER}% | {DELTA}% | {COUNT} | ### Untested Functions #### {FILE_PATH} - `{FUNCTION_NAME}` (line {LINE}) - `{FUNCTION_NAME}` (line {LINE}) **Suggested Test**: ```{LANGUAGE} {SUGGESTED_TEST_CODE} ``` --- ## Code Review ### {FILE_PATH_1} #### Line {LINE}: {ISSUE_TITLE} **Severity**: {CRITICAL/HIGH/MEDIUM/LOW} **Category**: {CODE_QUALITY/BEST_PRACTICE/PERFORMANCE} **Original Code**: ```{LANGUAGE} {ORIGINAL_CODE} ``` **Issue**: {DETAILED_ISSUE_DESCRIPTION} **Suggested Fix**: ```{LANGUAGE} {SUGGESTED_CODE} ``` **Explanation**: {WHY_THIS_IS_BETTER} **Auto-fixable**: {YES/NO} **Confidence**: {CONFIDENCE}% [Apply Fix] (One-click button) --- ### {FILE_PATH_2} {SIMILAR_STRUCTURE} --- ## Performance Analysis **Potential Performance Impact**: {LOW/MEDIUM/HIGH} ### N+1 Query Issues ({COUNT}) #### {FILE}:{LINE} - {FUNCTION_NAME} **Detected Pattern**: Loop with database query inside **Current Code**: ```{LANGUAGE} {CURRENT_CODE} ``` **Optimized Code**: ```{LANGUAGE} {OPTIMIZED_CODE} ``` **Performance Improvement**: {ESTIMATED_IMPROVEMENT} --- ### Inefficient Algorithms ({COUNT}) {SIMILAR_STRUCTURE} ### Missing Indexes ({COUNT}) {SIMILAR_STRUCTURE} ### Large Data Operations ({COUNT}) {SIMILAR_STRUCTURE} --- ## Recommendations ### 🔴 Critical Actions Required ({COUNT}) 1. **{CRITICAL_ISSUE_1}** - **File**: {FILE} - **Action**: {SPECIFIC_ACTION} - **Impact**: {IMPACT_DESCRIPTION} 2. **{CRITICAL_ISSUE_2}** {SIMILAR_STRUCTURE} --- ### 🟡 Suggested Improvements ({COUNT}) 1. **{IMPROVEMENT_1}** - **File**: {FILE} - **Benefit**: {BENEFIT_DESCRIPTION} - **Effort**: {LOW/MEDIUM/HIGH} 2. **{IMPROVEMENT_2}** {SIMILAR_STRUCTURE} --- ### ⚪ Nice to Have ({COUNT}) 1. **{NICE_TO_HAVE_1}** - **File**: {FILE} - **Benefit**: {MINOR_BENEFIT} --- ## Related PRs ### PRs Touching Same Files - **#{PR_NUMBER}**: {TITLE} - **Author**: {AUTHOR} - **Status**: {STATUS} - **Overlap**: {FILE_COUNT} files - **Potential Conflict**: {YES/NO} ### Similar PRs - **#{PR_NUMBER}**: {TITLE} - **Similarity**: {PERCENTAGE}% - **Lessons Learned**: {INSIGHTS} ### Dependent PRs - **#{PR_NUMBER}**: {TITLE} - **Dependency Type**: {BLOCKS/BLOCKED_BY} --- ## Approval Checklist ### Mandatory Requirements - [ ] All critical security issues resolved - [ ] Test coverage ≥ 70% for changed lines - [ ] No new critical vulnerabilities introduced - [ ] All tests passing - [ ] Documentation updated ### Code Quality - [ ] No code quality issues with severity > MEDIUM - [ ] Best practices followed - [ ] Performance impact acceptable - [ ] No technical debt introduced ### Review Sign-off - [ ] Security review complete - [ ] Performance review complete - [ ] Test coverage adequate - [ ] Code review complete --- ## Review Metadata **Review Generated**: {TIMESTAMP} **Review Time**: {DURATION} **Auto-fixable Issues**: {COUNT}/{TOTAL} **Confidence Score**: {AVERAGE_CONFIDENCE}% **Reviewer Agent**: pr-reviewer v1.0 **Security Scanner**: security-auditor v1.0 **AST Analyzer**: ast-analyzer v1.0 **Pattern Learner**: contextual-pattern-learning v3.0 --- ## One-Click Fixes Available {COUNT} issues can be fixed automatically. Apply all fixes with: ```bash /apply-pr-fixes {PR_NUMBER} ``` Or apply individual fixes: ```bash /apply-fix {ISSUE_ID} ``` --- **End of Report** ``` --- ## Implementation Details ### Git Integration ```python def fetch_pr_data(pr_identifier): """Fetch PR data from git or GitHub CLI.""" if pr_identifier.isdigit(): # Use gh CLI for PR number pr_data = subprocess.run( ["gh", "pr", "view", pr_identifier, "--json", "title,author,body,files,additions,deletions"], capture_output=True ) else: # Use git for branch comparison diff = subprocess.run( ["git", "diff", f"origin/main...{pr_identifier}"], capture_output=True ) commits = subprocess.run( ["git", "log", f"origin/main..{pr_identifier}", "--oneline"], capture_output=True ) return parse_pr_data(pr_data) ``` ### Fix Application ```python def apply_fix(issue_id): """Apply automated fix for specific issue.""" issue = load_issue(issue_id) if not issue.auto_fixable: print("Issue not auto-fixable") return False # Apply Edit tool Edit( file_path=issue.file, old_string=issue.original_code, new_string=issue.suggested_code ) # Run tests to verify test_result = run_tests() if test_result.success: # Create commit git_commit(f"Fix: {issue.title}\n\nAuto-applied fix from PR review") return True else: # Rollback git_checkout(issue.file) return False ``` ## Learning Integration After each PR review, the learning engine captures: 1. **Review Patterns**: - Which issues were found in which file types - Success rate of automated fixes - False positive rates 2. **Project Patterns**: - Common issue patterns in this codebase - Team coding style preferences - Review thoroughness preferences 3. **Performance Metrics**: - Review time by PR size - Issue detection accuracy - Fix application success rate 4. **Continuous Improvement**: - Reduce false positives over time - Improve fix suggestion quality - Personalize review style to team ## Error Handling ```python try: review_result = comprehensive_pr_review(pr_number) except GitError as e: print(f"Git error: {e.message}") print("Ensure you're in a git repository and PR exists") except SecurityScanError as e: print(f"Security scan failed: {e.message}") print("Review will continue with partial results") except Exception as e: print(f"Review failed: {e}") print("Saving partial results...") save_partial_review(partial_data) ``` ## Performance Expectations | PR Size | Files | Lines | Review Time | |---------|-------|-------|-------------| | Small | 1-5 | <200 | 30-60s | | Medium | 6-15 | 200-500 | 1-2min | | Large | 16-30 | 500-1000 | 2-4min | | XLarge | 31+ | 1000+ | 4-8min | ## Follow-up Commands After review: ```bash /apply-pr-fixes {PR_NUMBER} # Apply all auto-fixable issues /apply-fix {ISSUE_ID} # Apply specific fix /dev:pr-review-history # Show review history /learn:analytics # Review performance analytics ``` --- This command provides comprehensive, CodeRabbit-level PR review capabilities with deep integration into the autonomous learning system.