@groupby/ai-dev 0.5.0 → 0.5.3

package/teams/snpd/skills/council-review/references/reviewer-prompt.md

@@ -0,0 +1,99 @@
+# Reviewer Prompt Template
+
+You are one member of a 3-model code review council. Your job is to independently
+review the code changes below and produce high-signal findings. Another process
+will compare your review against two other models' reviews to find consensus.
+
+## Your Review Constraints
+
+- **Only flag things that genuinely matter.** Bugs, security issues, logic errors,
+  performance problems, missing error handling, test gaps for changed code.
+- **Never comment on style, formatting, naming preferences, or trivial matters**
+  unless they cause a real problem (e.g., a misleading variable name that could
+  cause a bug).
+- **Be specific.** Always include the file path, approximate line range, and a
+  concrete description of the problem.
+- **Suggest a fix** when possible. Don't just say "this is wrong" — say what to do.
+- **Don't be redundant.** If two issues share the same root cause, report it once.
+- **Respect repo-specific rules.** The project context below includes this repo's
+  own conventions, technology profile, and CI expectations. Review against THOSE
+  rules, not generic best practices. Do not assume patterns from other repos.
+
+## Project Context
+
+{PROJECT_CONTEXT}
+
+This context was discovered from the repo's own guidance files, CI workflows,
+build configuration, and technology markers. If the context mentions specific
+patterns (e.g., Micronaut DI, tenant isolation, cache key format), verify the
+diff follows them. If the context is silent on something, don't invent rules.
+
+## Technology Profile
+
+{TECHNOLOGY_PROFILE}
+
+## Change Classification
+
+{CHANGE_CLASSIFICATION}
+
+## Review Focus Areas (from repo's CI/review config)
+
+Review against these standard areas, but weight them based on the change
+classification above:
+
+1. **Code quality:** single responsibility, clarity, maintainability, unnecessary
+   complexity/nesting, redundant abstractions, local style conventions.
+2. **Security:** auth, authorization, tenant isolation, input validation, secrets,
+   sensitive data exposure.
+3. **Performance:** database/query shape, cache behavior, external calls,
+   async/blocking boundaries, memory/resource lifecycle.
+4. **Testing:** adequate coverage for changed code, edge cases, missing scenarios.
+5. **Documentation:** README/docs/OpenAPI/API docs accuracy when behavior changes.
+
+## Changed Files Summary
+
+{DIFF_STAT}
+
+## Full Diff
+
+{DIFF}
+
+## Output Format
+
+Return your findings as a structured list. Each finding must follow this exact format:
+
+```
+### Finding <N>
+- **File:** <path/to/file>
+- **Lines:** <start>-<end> (approximate)
+- **Severity:** P1 | P2 | P3
+- **Category:** bug | security | performance | design | test-gap | error-handling | concurrency | data-integrity
+- **Summary:** <one-line summary>
+- **Details:** <1-3 sentences explaining the issue>
+- **Suggestion:** <concrete fix or action>
+```
+
+### Severity Guide
+
+- **P1 — Critical:** Likely bug, security vulnerability, data loss, crash, race condition,
+  or production incident. Must fix before merge.
+- **P2 — Important:** Behavior regression, missing important test, incorrect error handling,
+  performance issue under realistic load. Should fix before merge.
+- **P3 — Minor:** Low-risk test gap, minor inefficiency, documentation inaccuracy.
+  Nice to fix but not blocking.
+
+### What NOT to Report
+
+- Style or formatting preferences
+- "Consider renaming X" suggestions
+- "Add a comment explaining Y" suggestions
+- Import ordering
+- Trailing whitespace
+- Suggestions that don't prevent a real problem
+
+If you find zero genuine issues, return:
+
+```
+### No Issues Found
+The changes look correct. No bugs, security issues, or significant concerns identified.
+```

package/teams/snpd/skills/council-review/references/technology-profiles.md

@@ -0,0 +1,54 @@
+# Technology Profiles
+
+Apply a profile **only** when discovered in the current repo's files.
+Do not carry assumptions from one repo to another.
+
+## Java / Micronaut
+
+- Check the Java version from workflow and Gradle config (do not assume 21 — some repos use 17).
+- Use Micronaut compile-time DI patterns; avoid Spring Boot assumptions unless the repo is Spring-based.
+- Prefer constructor injection and the Lombok annotations already used locally.
+- Follow the repo's `var` rule (many Rezolve Java repos use `var` for new variables created with `new`).
+- Check `@Singleton` vs `@Context` scope, `@Named` qualifiers, `@ExecuteOn` boundaries.
+- Verify blocking operations are not on the event loop thread.
+
+## JOOQ / Flyway / Database
+
+- Migration names and generated classes matter — check naming conventions.
+- Check tenant isolation on queries and mutation side effects (events, audit logs).
+- Verify transaction boundaries and connection management.
+
+## Search Services
+
+- Check strategy and engine selection order.
+- Ensure request builders, filters, refinements, biasing, pagination, and response builders preserve behavior.
+- For Google Retail: check proto conversion, request fields, fallback behavior.
+- For Mongo Atlas Search: check aggregation stages, index assumptions, field paths, unsupported Google-only features.
+- For Redis caches: check key composition, tenant/collection/area isolation, TTLs, skip-cache paths.
+
+## Mongo Data / Indexing
+
+- Check collection and tenant scoping.
+- Check aggregation pipeline correctness, projections, variant/inventory handling.
+- Check index definition generation, conditional indexing, feature flags.
+
+## Authentication / Security
+
+- Check token validation, claims, expiration, signature algorithms, public endpoint boundaries.
+- Check Redis key storage, key rotation, secret handling.
+- Check Pub/Sub credential update idempotency.
+
+## Go / Python / Node
+
+- Prefer repo-provided commands from Makefile, package files, workflow files, or docs.
+- Keep tests close to the changed package/module.
+- Check schema/serialization compatibility and environment variable handling.
+- Do not import Java/Micronaut assumptions into these repos.
+
+## General (all profiles)
+
+- **Code quality:** Single responsibility, clarity, maintainability, unnecessary complexity.
+- **Security:** Auth, authorization, tenant isolation, input validation, secrets.
+- **Performance:** Database/query shape, cache behavior, external calls, async/blocking.
+- **Testing:** Adequate coverage for changed code, edge cases, no superfluous tests.
+- **Documentation:** README/docs/OpenAPI accuracy when behavior changes.

package/teams/snpd/skills/council-review/scripts/summarize_review_config.py

@@ -0,0 +1,226 @@
+#!/usr/bin/env python3
+"""Summarize PR review and CI configuration for a repository.
+
+Repo-agnostic: takes the repository root as its argument (defaults to the current
+directory) and works on any project. Uses only the Python standard library so it
+can run in sandboxes without installing PyYAML or other dependencies.
+"""
+
+from __future__ import annotations
+
+import argparse
+import re
+from pathlib import Path
+
+
+GUIDANCE_FILES = [
+    ".github/copilot-instructions.md",
+    "CLAUDE.md",
+    "AGENTS.md",
+    "README.md",
+    "docs/conventions.md",
+    "docs/project-rule.md",
+    "docs/source-control.md",
+]
+
+REVIEW_FILES = [
+    ".github/workflows/claude-pr-review.yml",
+    ".github/workflows/claude.yml",
+    ".github/workflows/build-pr.yaml",
+    ".github/PULL_REQUEST_TEMPLATE.md",
+    ".github/CODEOWNERS",
+]
+
+BUILD_FILES = [
+    "build.gradle",
+    "build.gradle.kts",
+    "settings.gradle",
+    "gradle.properties",
+    "pom.xml",
+    "go.mod",
+    "Makefile",
+    "pyproject.toml",
+    "requirements.txt",
+    "package.json",
+]
+
+KEYWORDS = [
+    "Micronaut",
+    "Java 21",
+    "Java 17",
+    "Spring",
+    "Lombok",
+    "Spock",
+    "JUnit",
+    "Mockito",
+    "Testcontainers",
+    "JOOQ",
+    "jOOQ",
+    "Flyway",
+    "PostgreSQL",
+    "Mongo",
+    "Redis",
+    "Google Retail",
+    "Command Center",
+    "Pub/Sub",
+    "BigQuery",
+    "LaunchDarkly",
+    "ANTLR",
+    "Kafka",
+    "JWT",
+    "Docker",
+    "Jib",
+]
+
+
+def read(path: Path) -> str:
+    try:
+        return path.read_text(errors="replace")
+    except FileNotFoundError:
+        return ""
+
+
+def existing(root: Path, paths: list[str]) -> list[Path]:
+    return [root / path for path in paths if (root / path).exists()]
+
+
+def first_match(pattern: str, text: str) -> str | None:
+    match = re.search(pattern, text, re.MULTILINE)
+    return match.group(1).strip() if match else None
+
+
+def command_lines(text: str) -> list[str]:
+    commands: list[str] = []
+    for line in text.splitlines():
+        stripped = line.strip()
+        candidate = stripped
+        if stripped.startswith("run:"):
+            candidate = stripped.removeprefix("run:").strip()
+        if re.match(r"^(\.?/gradlew|gradle|mvn|make|go\s+test|pytest|npm|pnpm|yarn|docker)\b", candidate):
+            commands.append(candidate)
+    return commands
+
+
+def pr_checkboxes(text: str) -> list[str]:
+    checks = []
+    for line in text.splitlines():
+        if re.match(r"\s*-\s+\[[ xX]\]", line):
+            checks.append(line.strip())
+    return checks
+
+
+def collect_keywords(text: str) -> list[str]:
+    found = []
+    lower_text = text.lower()
+    for keyword in KEYWORDS:
+        if keyword.lower() in lower_text:
+            found.append(keyword)
+    normalized = []
+    seen = set()
+    for keyword in found:
+        key = keyword.lower()
+        if key not in seen:
+            seen.add(key)
+            normalized.append(keyword)
+    return sorted(normalized, key=str.lower)
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description=__doc__)
+    parser.add_argument("repo", nargs="?", default=".", help="Repository root")
+    args = parser.parse_args()
+
+    root = Path(args.repo).resolve()
+    print(f"# PR Review Configuration Summary\n")
+    print(f"Repository: `{root}`\n")
+
+    review_files = existing(root, REVIEW_FILES)
+    guidance_files = existing(root, GUIDANCE_FILES)
+    build_files = existing(root, BUILD_FILES)
+
+    print("## Files Found\n")
+    for title, files in [
+        ("Review/CI", review_files),
+        ("Guidance", guidance_files),
+        ("Build", build_files),
+    ]:
+        print(f"### {title}")
+        if files:
+            for path in files:
+                print(f"- `{path.relative_to(root)}`")
+        else:
+            print("- none")
+        print()
+
+    claude_text = read(root / ".github/workflows/claude-pr-review.yml")
+    if not claude_text:
+        claude_text = read(root / ".github/workflows/claude.yml")
+    build_text = read(root / ".github/workflows/build-pr.yaml")
+    pr_template = read(root / ".github/PULL_REQUEST_TEMPLATE.md")
+    codeowners = read(root / ".github/CODEOWNERS")
+    guidance_text = "\n\n".join(read(path) for path in guidance_files)
+    build_texts = "\n\n".join(read(path) for path in build_files)
+
+    print("## Claude Review\n")
+    if claude_text:
+        triggers = re.findall(r"types:\s*\[([^\]]+)\]", claude_text)
+        model = first_match(r"--model\s+([^\s]+)", claude_text)
+        print(f"- Workflow present: yes")
+        print(f"- Trigger type lists: {', '.join(triggers) if triggers else 'not parsed'}")
+        print(f"- Model: {model or 'not parsed'}")
+        print("- Standard focus areas present:")
+        for area in ["Code Quality", "Security", "Performance", "Testing", "Documentation"]:
+            print(f"  - {area}: {'yes' if area in claude_text else 'not found'}")
+    else:
+        print("- Workflow present: no")
+    print()
+
+    print("## PR CI Commands\n")
+    commands = command_lines(build_text)
+    if commands:
+        for command in commands:
+            print(f"- `{command}`")
+    else:
+        print("- none parsed")
+    print()
+
+    java_version = first_match(r"java-version:\s*['\"]?([^'\"\n]+)", build_text)
+    if java_version:
+        print(f"Java version from PR workflow: `{java_version}`\n")
+
+    print("## PR Template Checks\n")
+    checks = pr_checkboxes(pr_template)
+    if checks:
+        for check in checks:
+            print(f"- {check}")
+    else:
+        print("- none")
+    print()
+
+    print("## CODEOWNERS\n")
+    owners = [line.strip() for line in codeowners.splitlines() if line.strip() and not line.strip().startswith("#")]
+    if owners:
+        for owner in owners:
+            print(f"- `{owner}`")
+    else:
+        print("- none")
+    print()
+
+    print("## Detected Keywords\n")
+    keywords = collect_keywords("\n\n".join([guidance_text, build_texts, claude_text, build_text]))
+    if keywords:
+        for keyword in keywords:
+            print(f"- {keyword}")
+    else:
+        print("- none")
+    print()
+
+    print("## Suggested Next Steps\n")
+    print("- Review changed files against the discovered keywords and guidance files.")
+    print("- Run targeted tests first, then the PR build command if feasible.")
+    print("- Run `git diff --check` before final output.")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())