Initial commit

2025-11-30 08:59:04 +08:00
commit c4b6a6c97d
5 changed files with 290 additions and 0 deletions
--- a/.claude-plugin/plugin.json
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,14 @@
+{
+  "name": "gitlab-mr-review",
+  "description": "Comprehensive GitLab merge request review using MCP tools for automated code analysis",
+  "version": "0.1.0",
+  "author": {
+    "name": "Amir Masoud Ahmadi, Hossein Safari"
+  },
+  "commands": [
+    "./commands"
+  ],
+  "mcp": [
+    "./.mcp.json"
+  ]
+}
--- a/.mcp.json
+++ b/.mcp.json
@@ -0,0 +1,12 @@
+{
+  "gitlab": {
+    "command": "${CLAUDE_PLUGIN_ROOT}/start.sh",
+    "args": [
+      "${CLAUDE_PLUGIN_ROOT}/server/gitlab.py"
+    ],
+    "env": {
+      "GITLAB_PERSONAL_ACCESS_TOKEN": "${GITLAB_PERSONAL_ACCESS_TOKEN}",
+      "GITLAB_API_URL": "${GITLAB_API_URL}"
+    }
+  }
+}
--- a/README.md
+++ b/README.md
@@ -0,0 +1,3 @@
+# gitlab-mr-review
+
+Comprehensive GitLab merge request review using MCP tools for automated code analysis
--- a/commands/review-gitlab-mr.md
+++ b/commands/review-gitlab-mr.md
@@ -0,0 +1,212 @@
+---
+description: Comprehensive GitLab merge request review using MCP tools
+args:
+  project_name: Name of the GitLab project (e.g., "gitlab-mr-mcp")
+  mr_number: Merge request IID number (e.g., 42)
+---
+
+# GitLab Merge Request Review
+
+You are performing a comprehensive code review of a GitLab merge request using ONLY the GitLab MCP tools available to you. You MUST NOT use bash, git, or any other command-line tools.
+
+## Parameters
+- **Project Name**: {{project_name}}
+- **MR Number**: {{mr_number}}
+
+## Workflow Instructions
+
+Follow these steps EXACTLY in order:
+
+### Step 1: Find Project ID
+
+Call the `get_projects` MCP tool to retrieve all projects. Search through the results to find a project matching "{{project_name}}". The match can be:
+- Exact match on project name
+- Match on name_with_namespace
+- Partial match (case-insensitive)
+
+Extract the numeric project ID from the matching project.
+
+If no matching project is found, inform the user and STOP.
+
+### Step 2: Get File List
+
+Call `merge_request_changes(project_id={{FOUND_ID}}, merge_request_id={{mr_number}})` to get the list of changed files.
+
+This will return:
+- MR title and metadata
+- List of files with indices (0, 1, 2, ...)
+- File status (new, modified, deleted, renamed)
+
+Parse this output to extract:
+- Total number of files changed
+- File indices for each file
+
+### Step 3: Fetch ALL File Diffs in Parallel
+
+**CRITICAL**: Make parallel MCP tool calls to retrieve every single file diff, regardless of how many files there are.
+
+In a SINGLE message, make multiple `merge_request_file_diff` calls like this:
+- `merge_request_file_diff(project_id={{FOUND_ID}}, merge_request_id={{mr_number}}, file_index=0)`
+- `merge_request_file_diff(project_id={{FOUND_ID}}, merge_request_id={{mr_number}}, file_index=1)`
+- `merge_request_file_diff(project_id={{FOUND_ID}}, merge_request_id={{mr_number}}, file_index=2)`
+- ... continue for ALL files
+
+**Important**:
+- Do NOT skip any files
+- Do NOT use sequential calls - make them ALL in parallel in one message
+- If there are 200 files, make 200 parallel calls
+- This is the ONLY way to efficiently review large MRs
+
+### Step 4: Analyze Each File
+
+For each file diff retrieved, perform a thorough code review looking for:
+
+#### Security Issues (CRITICAL Priority)
+- SQL injection vulnerabilities
+- XSS (Cross-Site Scripting) vulnerabilities
+- Command injection risks
+- Hardcoded secrets, API keys, passwords, tokens
+- Insecure cryptography or weak hashing
+- Authentication/authorization bypasses
+- Path traversal vulnerabilities
+- Insecure deserialization
+- CSRF vulnerabilities
+- Information disclosure
+
+#### Bug Patterns (HIGH Priority)
+- Null/undefined reference errors
+- Off-by-one errors
+- Race conditions or concurrency issues
+- Resource leaks (unclosed files, connections, etc.)
+- Incorrect error handling (swallowing exceptions, wrong error types)
+- Logic errors (wrong conditionals, incorrect operators)
+- Type mismatches or unsafe type conversions
+- Infinite loops or recursion without base case
+- Missing return statements
+- Dead code or unreachable code
+
+#### Performance Issues (MEDIUM Priority)
+- N+1 query problems
+- Inefficient algorithms (O(n²) where O(n log n) possible)
+- Unnecessary loops or redundant operations
+- Missing database indices
+- Large object allocations in loops
+- Synchronous operations that should be async
+- Memory leaks
+- Missing pagination for large datasets
+- Inefficient data structures
+
+#### Code Quality Issues (LOW to MEDIUM Priority)
+- Code duplication (DRY violations)
+- Overly complex functions (high cyclomatic complexity)
+- Poor naming (unclear variables, functions, classes)
+- Magic numbers without constants
+- Inconsistent code style
+- Missing or unclear comments for complex logic
+- Long functions that should be split
+- God classes or functions doing too much
+- Tight coupling between modules
+- Missing input validation
+
+#### Testing & Documentation
+- Missing test coverage for new features
+- Missing test cases for edge cases
+- Breaking changes without tests
+- Missing or outdated documentation
+- Missing error message clarity
+
+### Step 5: Generate Comprehensive Report
+
+Produce a structured markdown report with the following format:
+
+```markdown
+# Merge Request Review: [MR Title]
+
+**Project**: {{project_name}}
+**MR Number**: {{mr_number}}
+**Files Analyzed**: [X files]
+**Total Issues Found**: [Y issues]
+
+---
+
+## 🔴 Critical Issues
+
+[List all critical security vulnerabilities here with:]
+- **File**: path/to/file.ext:line_number
+- **Issue**: Brief description
+- **Impact**: Why this is critical
+- **Recommendation**: How to fix
+
+[If none found, write: "No critical issues found."]
+
+---
+
+## 🟠 High Priority Issues
+
+[List all high-priority bugs and problems here with same format]
+
+[If none found, write: "No high priority issues found."]
+
+---
+
+## 🟡 Medium Priority Issues
+
+[List all medium-priority performance and quality issues]
+
+[If none found, write: "No medium priority issues found."]
+
+---
+
+## 🟢 Low Priority Issues
+
+[List all low-priority code quality suggestions]
+
+[If none found, write: "No low priority issues found."]
+
+---
+
+## ✅ Positive Observations
+
+[List good practices, well-written code, good test coverage, etc.]
+
+---
+
+## 📋 Summary & Recommendations
+
+[Provide a concise summary of the review]
+
+**Overall Assessment**: [APPROVE / APPROVE WITH COMMENTS / REQUEST CHANGES / REJECT]
+
+**Key Actions Required**:
+1. [Action item 1]
+2. [Action item 2]
+...
+
+**Optional Improvements**:
+1. [Suggestion 1]
+2. [Suggestion 2]
+...
+```
+
+## Constraints & Best Practices
+
+**STRICT RULES**:
+1. ✅ ONLY use GitLab MCP tools (get_projects, merge_request_changes, merge_request_file_diff)
+2. ❌ DO NOT use bash, git, or any command-line tools
+3. ✅ MUST fetch ALL files in parallel (single message, multiple tool calls)
+4. ✅ MUST analyze EVERY file, even if there are 200+ files
+5. ✅ MUST categorize issues by severity (Critical/High/Medium/Low)
+6. ✅ MUST provide specific file paths and line numbers when possible
+7. ✅ MUST provide actionable recommendations
+8. ✅ Be thorough but concise - focus on real issues, not nitpicks
+
+**Review Philosophy**:
+- Prioritize security and correctness over style
+- Be constructive and educational in feedback
+- Acknowledge good practices when you see them
+- Provide specific, actionable recommendations
+- Consider the context and project type when reviewing
+
+---
+
+Begin the review now following the workflow above.
--- a/plugin.lock.json
+++ b/plugin.lock.json
@@ -0,0 +1,49 @@
+{
+  "$schema": "internal://schemas/plugin.lock.v1.json",
+  "pluginId": "gh:Synaps-Squad/gitlab-mr-mcp:plugins/gitlab-mr-review",
+  "normalized": {
+    "repo": null,
+    "ref": "refs/tags/v20251128.0",
+    "commit": "50c75d0f9ecd56c81cc1ead60a558fd1691a8a7c",
+    "treeHash": "c59eea378541110c902438b20c9f6cfcfebe2560365dad7625f0ad0559ad2c9f",
+    "generatedAt": "2025-11-28T10:12:50.422117Z",
+    "toolVersion": "publish_plugins.py@0.2.0"
+  },
+  "origin": {
+    "remote": "git@github.com:zhongweili/42plugin-data.git",
+    "branch": "master",
+    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
+    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
+  },
+  "manifest": {
+    "name": "gitlab-mr-review",
+    "description": "Comprehensive GitLab merge request review using MCP tools for automated code analysis",
+    "version": "0.1.0"
+  },
+  "content": {
+    "files": [
+      {
+        "path": ".mcp.json",
+        "sha256": "df049ffe8c55d01685ebad74106f66e143970683250c8851cacc0c5223e0544b"
+      },
+      {
+        "path": "README.md",
+        "sha256": "431fcbfcfa563e7129dea5f83b9eec10247c5629b30c087f6c16bab129845739"
+      },
+      {
+        "path": ".claude-plugin/plugin.json",
+        "sha256": "e881ea255b92e180a131a17e9ab6d8e4a2692159a046d6dfd681183608901ba2"
+      },
+      {
+        "path": "commands/review-gitlab-mr.md",
+        "sha256": "6225b4a775d0b9b3603156e1c7931932d33c7b4c8b53281e485b7ee978c14548"
+      }
+    ],
+    "dirSha256": "c59eea378541110c902438b20c9f6cfcfebe2560365dad7625f0ad0559ad2c9f"
+  },
+  "security": {
+    "scannedAt": null,
+    "scannerVersion": null,
+    "flags": []
+  }
+}