Initial commit

2025-11-30 08:59:04 +08:00
commit c4b6a6c97d
5 changed files with 290 additions and 0 deletions
--- a/.claude-plugin/plugin.json
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,14 @@
 {
  "name": "gitlab-mr-review",
  "description": "Comprehensive GitLab merge request review using MCP tools for automated code analysis",
  "version": "0.1.0",
  "author": {
    "name": "Amir Masoud Ahmadi, Hossein Safari"
  },
  "commands": [
    "./commands"
  ],
  "mcp": [
    "./.mcp.json"
  ]
 }
--- a/.mcp.json
+++ b/.mcp.json
@@ -0,0 +1,12 @@
 {
  "gitlab": {
    "command": "${CLAUDE_PLUGIN_ROOT}/start.sh",
    "args": [
      "${CLAUDE_PLUGIN_ROOT}/server/gitlab.py"
    ],
    "env": {
      "GITLAB_PERSONAL_ACCESS_TOKEN": "${GITLAB_PERSONAL_ACCESS_TOKEN}",
      "GITLAB_API_URL": "${GITLAB_API_URL}"
    }
  }
 }
--- a/README.md
+++ b/README.md
@@ -0,0 +1,3 @@
 # gitlab-mr-review
 Comprehensive GitLab merge request review using MCP tools for automated code analysis
--- a/commands/review-gitlab-mr.md
+++ b/commands/review-gitlab-mr.md
@@ -0,0 +1,212 @@
 ---
 description: Comprehensive GitLab merge request review using MCP tools
 args:
  project_name: Name of the GitLab project (e.g., "gitlab-mr-mcp")
  mr_number: Merge request IID number (e.g., 42)
 ---
 # GitLab Merge Request Review
 You are performing a comprehensive code review of a GitLab merge request using ONLY the GitLab MCP tools available to you. You MUST NOT use bash, git, or any other command-line tools.
 ## Parameters
 - **Project Name**: {{project_name}}
 - **MR Number**: {{mr_number}}
 ## Workflow Instructions
 Follow these steps EXACTLY in order:
 ### Step 1: Find Project ID
 Call the `get_projects` MCP tool to retrieve all projects. Search through the results to find a project matching "{{project_name}}". The match can be:
 - Exact match on project name
 - Match on name_with_namespace
 - Partial match (case-insensitive)
 Extract the numeric project ID from the matching project.
 If no matching project is found, inform the user and STOP.
 ### Step 2: Get File List
 Call `merge_request_changes(project_id={{FOUND_ID}}, merge_request_id={{mr_number}})` to get the list of changed files.
 This will return:
 - MR title and metadata
 - List of files with indices (0, 1, 2, ...)
 - File status (new, modified, deleted, renamed)
 Parse this output to extract:
 - Total number of files changed
 - File indices for each file
 ### Step 3: Fetch ALL File Diffs in Parallel
 **CRITICAL**: Make parallel MCP tool calls to retrieve every single file diff, regardless of how many files there are.
 In a SINGLE message, make multiple `merge_request_file_diff` calls like this:
 - `merge_request_file_diff(project_id={{FOUND_ID}}, merge_request_id={{mr_number}}, file_index=0)`
 - `merge_request_file_diff(project_id={{FOUND_ID}}, merge_request_id={{mr_number}}, file_index=1)`
 - `merge_request_file_diff(project_id={{FOUND_ID}}, merge_request_id={{mr_number}}, file_index=2)`
 - ... continue for ALL files
 **Important**:
 - Do NOT skip any files
 - Do NOT use sequential calls - make them ALL in parallel in one message
 - If there are 200 files, make 200 parallel calls
 - This is the ONLY way to efficiently review large MRs
 ### Step 4: Analyze Each File
 For each file diff retrieved, perform a thorough code review looking for:
 #### Security Issues (CRITICAL Priority)
 - SQL injection vulnerabilities
 - XSS (Cross-Site Scripting) vulnerabilities
 - Command injection risks
 - Hardcoded secrets, API keys, passwords, tokens
 - Insecure cryptography or weak hashing
 - Authentication/authorization bypasses
 - Path traversal vulnerabilities
 - Insecure deserialization
 - CSRF vulnerabilities
 - Information disclosure
 #### Bug Patterns (HIGH Priority)
 - Null/undefined reference errors
 - Off-by-one errors
 - Race conditions or concurrency issues
 - Resource leaks (unclosed files, connections, etc.)
 - Incorrect error handling (swallowing exceptions, wrong error types)
 - Logic errors (wrong conditionals, incorrect operators)
 - Type mismatches or unsafe type conversions
 - Infinite loops or recursion without base case
 - Missing return statements
 - Dead code or unreachable code
 #### Performance Issues (MEDIUM Priority)
 - N+1 query problems
 - Inefficient algorithms (O(n²) where O(n log n) possible)
 - Unnecessary loops or redundant operations
 - Missing database indices
 - Large object allocations in loops
 - Synchronous operations that should be async
 - Memory leaks
 - Missing pagination for large datasets
 - Inefficient data structures
 #### Code Quality Issues (LOW to MEDIUM Priority)
 - Code duplication (DRY violations)
 - Overly complex functions (high cyclomatic complexity)
 - Poor naming (unclear variables, functions, classes)
 - Magic numbers without constants
 - Inconsistent code style
 - Missing or unclear comments for complex logic
 - Long functions that should be split
 - God classes or functions doing too much
 - Tight coupling between modules
 - Missing input validation
 #### Testing & Documentation
 - Missing test coverage for new features
 - Missing test cases for edge cases
 - Breaking changes without tests
 - Missing or outdated documentation
 - Missing error message clarity
 ### Step 5: Generate Comprehensive Report
 Produce a structured markdown report with the following format:
 ```markdown
 # Merge Request Review: [MR Title]
 **Project**: {{project_name}}
 **MR Number**: {{mr_number}}
 **Files Analyzed**: [X files]
 **Total Issues Found**: [Y issues]
 ---
 ## 🔴 Critical Issues
 [List all critical security vulnerabilities here with:]
 - **File**: path/to/file.ext:line_number
 - **Issue**: Brief description
 - **Impact**: Why this is critical
 - **Recommendation**: How to fix
 [If none found, write: "No critical issues found."]
 ---
 ## 🟠 High Priority Issues
 [List all high-priority bugs and problems here with same format]
 [If none found, write: "No high priority issues found."]
 ---
 ## 🟡 Medium Priority Issues
 [List all medium-priority performance and quality issues]
 [If none found, write: "No medium priority issues found."]
 ---
 ## 🟢 Low Priority Issues
 [List all low-priority code quality suggestions]
 [If none found, write: "No low priority issues found."]
 ---
 ## ✅ Positive Observations
 [List good practices, well-written code, good test coverage, etc.]
 ---
 ## 📋 Summary & Recommendations
 [Provide a concise summary of the review]
 **Overall Assessment**: [APPROVE / APPROVE WITH COMMENTS / REQUEST CHANGES / REJECT]
 **Key Actions Required**:
 1. [Action item 1]
 2. [Action item 2]
 ...
 **Optional Improvements**:
 1. [Suggestion 1]
 2. [Suggestion 2]
 ...
 ```
 ## Constraints & Best Practices
 **STRICT RULES**:
 1. ✅ ONLY use GitLab MCP tools (get_projects, merge_request_changes, merge_request_file_diff)
 2. ❌ DO NOT use bash, git, or any command-line tools
 3. ✅ MUST fetch ALL files in parallel (single message, multiple tool calls)
 4. ✅ MUST analyze EVERY file, even if there are 200+ files
 5. ✅ MUST categorize issues by severity (Critical/High/Medium/Low)
 6. ✅ MUST provide specific file paths and line numbers when possible
 7. ✅ MUST provide actionable recommendations
 8. ✅ Be thorough but concise - focus on real issues, not nitpicks
 **Review Philosophy**:
 - Prioritize security and correctness over style
 - Be constructive and educational in feedback
 - Acknowledge good practices when you see them
 - Provide specific, actionable recommendations
 - Consider the context and project type when reviewing
 ---
 Begin the review now following the workflow above.
--- a/plugin.lock.json
+++ b/plugin.lock.json
@@ -0,0 +1,49 @@
 {
  "$schema": "internal://schemas/plugin.lock.v1.json",
  "pluginId": "gh:Synaps-Squad/gitlab-mr-mcp:plugins/gitlab-mr-review",
  "normalized": {
    "repo": null,
    "ref": "refs/tags/v20251128.0",
    "commit": "50c75d0f9ecd56c81cc1ead60a558fd1691a8a7c",
    "treeHash": "c59eea378541110c902438b20c9f6cfcfebe2560365dad7625f0ad0559ad2c9f",
    "generatedAt": "2025-11-28T10:12:50.422117Z",
    "toolVersion": "publish_plugins.py@0.2.0"
  },
  "origin": {
    "remote": "git@github.com:zhongweili/42plugin-data.git",
    "branch": "master",
    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
  },
  "manifest": {
    "name": "gitlab-mr-review",
    "description": "Comprehensive GitLab merge request review using MCP tools for automated code analysis",
    "version": "0.1.0"
  },
  "content": {
    "files": [
      {
        "path": ".mcp.json",
        "sha256": "df049ffe8c55d01685ebad74106f66e143970683250c8851cacc0c5223e0544b"
      },
      {
        "path": "README.md",
        "sha256": "431fcbfcfa563e7129dea5f83b9eec10247c5629b30c087f6c16bab129845739"
      },
      {
        "path": ".claude-plugin/plugin.json",
        "sha256": "e881ea255b92e180a131a17e9ab6d8e4a2692159a046d6dfd681183608901ba2"
      },
      {
        "path": "commands/review-gitlab-mr.md",
        "sha256": "6225b4a775d0b9b3603156e1c7931932d33c7b4c8b53281e485b7ee978c14548"
      }
    ],
    "dirSha256": "c59eea378541110c902438b20c9f6cfcfebe2560365dad7625f0ad0559ad2c9f"
  },
  "security": {
    "scannedAt": null,
    "scannerVersion": null,
    "flags": []
  }
 }
		`@@ -0,0 +1,3 @@`
							`# gitlab-mr-review`

							`Comprehensive GitLab merge request review using MCP tools for automated code analysis`