mindforge-cc 11.5.0 → 11.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/mindforge/skill-tdd.md +53 -0
- package/.agent/mindforge/skills-index.md +118 -0
- package/.agent/mindforge/systematic-debug.md +60 -0
- package/.agent/skills/1password-skill/SKILL.md +156 -0
- package/.agent/skills/1password-skill/references/cli-examples.md +31 -0
- package/.agent/skills/1password-skill/references/get-started.md +21 -0
- package/.agent/skills/article-illustrator/SKILL.md +199 -0
- package/.agent/skills/article-illustrator/references/prompt-construction.md +426 -0
- package/.agent/skills/article-illustrator/references/style-presets.md +80 -0
- package/.agent/skills/article-illustrator/references/styles.md +224 -0
- package/.agent/skills/article-illustrator/references/usage.md +50 -0
- package/.agent/skills/article-illustrator/references/workflow.md +332 -0
- package/.agent/skills/arxiv/SKILL.md +275 -0
- package/.agent/skills/blogwatcher/SKILL.md +130 -0
- package/.agent/skills/code-wiki/SKILL.md +438 -0
- package/.agent/skills/code-wiki/templates/README.md +31 -0
- package/.agent/skills/code-wiki/templates/architecture.md +30 -0
- package/.agent/skills/code-wiki/templates/getting-started.md +47 -0
- package/.agent/skills/code-wiki/templates/module.md +38 -0
- package/.agent/skills/codebase-inspection/SKILL.md +109 -0
- package/.agent/skills/comic-creator/SKILL.md +240 -0
- package/.agent/skills/comic-creator/references/analysis-framework.md +176 -0
- package/.agent/skills/comic-creator/references/auto-selection.md +71 -0
- package/.agent/skills/comic-creator/references/base-prompt.md +98 -0
- package/.agent/skills/comic-creator/references/character-template.md +180 -0
- package/.agent/skills/comic-creator/references/ohmsha-guide.md +85 -0
- package/.agent/skills/comic-creator/references/partial-workflows.md +106 -0
- package/.agent/skills/comic-creator/references/storyboard-template.md +143 -0
- package/.agent/skills/comic-creator/references/workflow.md +401 -0
- package/.agent/skills/concept-diagrams/SKILL.md +355 -0
- package/.agent/skills/concept-diagrams/references/dashboard-patterns.md +43 -0
- package/.agent/skills/concept-diagrams/references/infrastructure-patterns.md +144 -0
- package/.agent/skills/concept-diagrams/references/physical-shape-cookbook.md +42 -0
- package/.agent/skills/creative-ideation/SKILL.md +144 -0
- package/.agent/skills/creative-ideation/references/full-prompt-library.md +110 -0
- package/.agent/skills/devops-cli/SKILL.md +149 -0
- package/.agent/skills/devops-cli/references/app-discovery.md +112 -0
- package/.agent/skills/devops-cli/references/authentication.md +59 -0
- package/.agent/skills/devops-cli/references/cli-reference.md +104 -0
- package/.agent/skills/devops-cli/references/running-apps.md +171 -0
- package/.agent/skills/devops-watchers/SKILL.md +103 -0
- package/.agent/skills/docker-management/SKILL.md +273 -0
- package/.agent/skills/domain-intel/SKILL.md +96 -0
- package/.agent/skills/duckduckgo-search/SKILL.md +230 -0
- package/.agent/skills/github-auth/SKILL.md +240 -0
- package/.agent/skills/github-code-review/SKILL.md +474 -0
- package/.agent/skills/github-code-review/references/review-output-template.md +74 -0
- package/.agent/skills/github-issues/SKILL.md +363 -0
- package/.agent/skills/github-issues/templates/bug-report.md +35 -0
- package/.agent/skills/github-issues/templates/feature-request.md +31 -0
- package/.agent/skills/github-pr-workflow/SKILL.md +360 -0
- package/.agent/skills/github-pr-workflow/references/ci-troubleshooting.md +183 -0
- package/.agent/skills/github-pr-workflow/references/conventional-commits.md +71 -0
- package/.agent/skills/github-pr-workflow/templates/pr-body-bugfix.md +35 -0
- package/.agent/skills/github-pr-workflow/templates/pr-body-feature.md +33 -0
- package/.agent/skills/github-repo-management/SKILL.md +509 -0
- package/.agent/skills/github-repo-management/references/github-api-cheatsheet.md +161 -0
- package/.agent/skills/godmode/SKILL.md +396 -0
- package/.agent/skills/godmode/references/jailbreak-templates.md +128 -0
- package/.agent/skills/godmode/references/refusal-detection.md +142 -0
- package/.agent/skills/hyperframes/SKILL.md +182 -0
- package/.agent/skills/hyperframes/references/cli.md +185 -0
- package/.agent/skills/hyperframes/references/composition.md +129 -0
- package/.agent/skills/hyperframes/references/features.md +289 -0
- package/.agent/skills/hyperframes/references/gsap.md +136 -0
- package/.agent/skills/hyperframes/references/troubleshooting.md +137 -0
- package/.agent/skills/hyperframes/references/website-to-video.md +145 -0
- package/.agent/skills/jupyter-live-kernel/SKILL.md +160 -0
- package/.agent/skills/kanban-orchestrator/SKILL.md +209 -0
- package/.agent/skills/kanban-worker/SKILL.md +188 -0
- package/.agent/skills/llm-wiki/SKILL.md +499 -0
- package/.agent/skills/meme-generation/SKILL.md +122 -0
- package/.agent/skills/node-inspect-debugger/SKILL.md +312 -0
- package/.agent/skills/obsidian/SKILL.md +60 -0
- package/.agent/skills/osint-investigation/SKILL.md +269 -0
- package/.agent/skills/osint-investigation/templates/source-template.md +59 -0
- package/.agent/skills/oss-forensics/SKILL.md +422 -0
- package/.agent/skills/oss-forensics/references/evidence-types.md +89 -0
- package/.agent/skills/oss-forensics/references/github-archive-guide.md +184 -0
- package/.agent/skills/oss-forensics/references/investigation-templates.md +131 -0
- package/.agent/skills/oss-forensics/references/recovery-techniques.md +164 -0
- package/.agent/skills/oss-forensics/templates/forensic-report.md +151 -0
- package/.agent/skills/oss-forensics/templates/malicious-package-report.md +43 -0
- package/.agent/skills/parallel-cli/SKILL.md +384 -0
- package/.agent/skills/pinggy-tunnel/SKILL.md +302 -0
- package/.agent/skills/pixel-art/SKILL.md +209 -0
- package/.agent/skills/pixel-art/references/palettes.md +49 -0
- package/.agent/skills/plan/SKILL.md +331 -0
- package/.agent/skills/polymarket/SKILL.md +75 -0
- package/.agent/skills/polymarket/references/api-endpoints.md +220 -0
- package/.agent/skills/python-debugpy/SKILL.md +368 -0
- package/.agent/skills/requesting-code-review/SKILL.md +273 -0
- package/.agent/skills/research-paper-writing/SKILL.md +2367 -0
- package/.agent/skills/research-paper-writing/references/autoreason-methodology.md +394 -0
- package/.agent/skills/research-paper-writing/references/checklists.md +434 -0
- package/.agent/skills/research-paper-writing/references/citation-workflow.md +563 -0
- package/.agent/skills/research-paper-writing/references/experiment-patterns.md +728 -0
- package/.agent/skills/research-paper-writing/references/human-evaluation.md +476 -0
- package/.agent/skills/research-paper-writing/references/paper-types.md +481 -0
- package/.agent/skills/research-paper-writing/references/reviewer-guidelines.md +433 -0
- package/.agent/skills/research-paper-writing/references/sources.md +191 -0
- package/.agent/skills/research-paper-writing/references/writing-guide.md +474 -0
- package/.agent/skills/research-paper-writing/templates/README.md +251 -0
- package/.agent/skills/rest-graphql-debug/SKILL.md +507 -0
- package/.agent/skills/s6-container-supervision/SKILL.md +171 -0
- package/.agent/skills/scrapling/SKILL.md +328 -0
- package/.agent/skills/sherlock/SKILL.md +186 -0
- package/.agent/skills/simplify-code/SKILL.md +168 -0
- package/.agent/skills/skill-authoring/SKILL.md +158 -0
- package/.agent/skills/spike/SKILL.md +190 -0
- package/.agent/skills/subagent-driven-development/SKILL.md +345 -0
- package/.agent/skills/subagent-driven-development/references/context-budget-discipline.md +53 -0
- package/.agent/skills/subagent-driven-development/references/gates-taxonomy.md +93 -0
- package/.agent/skills/systematic-debugging/SKILL.md +360 -0
- package/.agent/skills/test-driven-development/SKILL.md +336 -0
- package/.agent/skills/video-orchestrator/SKILL.md +194 -0
- package/.agent/skills/video-orchestrator/references/examples.md +227 -0
- package/.agent/skills/video-orchestrator/references/intake.md +166 -0
- package/.agent/skills/video-orchestrator/references/kanban-setup.md +278 -0
- package/.agent/skills/video-orchestrator/references/monitoring.md +180 -0
- package/.agent/skills/video-orchestrator/references/role-archetypes.md +298 -0
- package/.agent/skills/video-orchestrator/references/tool-matrix.md +317 -0
- package/.agent/skills/web-pentest/SKILL.md +332 -0
- package/.agent/skills/web-pentest/references/bypass-techniques.md +133 -0
- package/.agent/skills/web-pentest/references/exploitation-techniques.md +204 -0
- package/.agent/skills/web-pentest/references/scope-enforcement.md +110 -0
- package/.agent/skills/web-pentest/references/vuln-taxonomy.md +81 -0
- package/.agent/skills/web-pentest/templates/authorization.md +69 -0
- package/.agent/skills/web-pentest/templates/pentest-report.md +178 -0
- package/.claude/commands/mindforge/skill-tdd.md +53 -0
- package/.claude/commands/mindforge/skills-index.md +118 -0
- package/.claude/commands/mindforge/systematic-debug.md +60 -0
- package/.mindforge/config.json +2 -2
- package/.mindforge/memory/sync-manifest.json +1 -1
- package/.mindforge/skills/arxiv/SKILL.md +294 -0
- package/.mindforge/skills/blogwatcher/SKILL.md +147 -0
- package/.mindforge/skills/code-wiki/SKILL.md +457 -0
- package/.mindforge/skills/codebase-inspection/SKILL.md +126 -0
- package/.mindforge/skills/concept-diagrams/SKILL.md +373 -0
- package/.mindforge/skills/creative-ideation/SKILL.md +162 -0
- package/.mindforge/skills/domain-intel/SKILL.md +116 -0
- package/.mindforge/skills/duckduckgo-search/SKILL.md +249 -0
- package/.mindforge/skills/github-code-review/SKILL.md +493 -0
- package/.mindforge/skills/github-issues/SKILL.md +382 -0
- package/.mindforge/skills/github-pr-workflow/SKILL.md +379 -0
- package/.mindforge/skills/jupyter-live-kernel/SKILL.md +179 -0
- package/.mindforge/skills/kanban-orchestrator/SKILL.md +227 -0
- package/.mindforge/skills/kanban-worker/SKILL.md +206 -0
- package/.mindforge/skills/meme-generation/SKILL.md +141 -0
- package/.mindforge/skills/obsidian/SKILL.md +80 -0
- package/.mindforge/skills/osint-investigation/SKILL.md +288 -0
- package/.mindforge/skills/oss-forensics/SKILL.md +421 -0
- package/.mindforge/skills/pixel-art/SKILL.md +228 -0
- package/.mindforge/skills/plan/SKILL.md +350 -0
- package/.mindforge/skills/requesting-code-review/SKILL.md +292 -0
- package/.mindforge/skills/research-paper-writing/SKILL.md +2384 -0
- package/.mindforge/skills/scrapling/SKILL.md +345 -0
- package/.mindforge/skills/sherlock/SKILL.md +203 -0
- package/.mindforge/skills/simplify-code/SKILL.md +187 -0
- package/.mindforge/skills/spike/SKILL.md +209 -0
- package/.mindforge/skills/subagent-driven-development/SKILL.md +364 -0
- package/.mindforge/skills/systematic-debugging/SKILL.md +379 -0
- package/.mindforge/skills/test-driven-development/SKILL.md +355 -0
- package/.mindforge/skills/web-pentest/SKILL.md +327 -0
- package/CHANGELOG.md +88 -0
- package/MINDFORGE.md +3 -3
- package/README.md +38 -3
- package/RELEASENOTES.md +100 -0
- package/bin/dashboard/api-router.js +10 -1
- package/bin/governance/approve.js +5 -1
- package/bin/memory/federated-sync.js +11 -2
- package/bin/memory/knowledge-capture.js +10 -1
- package/bin/memory/pillar-health-tracker.js +9 -1
- package/bin/review/ads-engine.js +2 -2
- package/bin/security/trust-boundaries.js +5 -0
- package/docs/getting-started.md +42 -5
- package/package.json +1 -1
|
@@ -0,0 +1,493 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: github-code-review
|
|
3
|
+
description: "Review PRs: diffs, inline comments via gh or REST."
|
|
4
|
+
version: 1.1.0
|
|
5
|
+
status: stable
|
|
6
|
+
min_mindforge_version: 11.5.1
|
|
7
|
+
triggers: github code review, review PR github, pull request review workflow, review pull request, github PR review, code review github, github review, pr code review, review github changes, github review workflow, code review on github, review pr changes
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# GitHub Code Review
|
|
11
|
+
|
|
12
|
+
Perform code reviews on local changes before pushing, or review open PRs on GitHub. Most of this skill uses plain `git` — the `gh`/`curl` split only matters for PR-level interactions.
|
|
13
|
+
|
|
14
|
+
## Prerequisites
|
|
15
|
+
|
|
16
|
+
- Authenticated with GitHub (see `github-auth` skill)
|
|
17
|
+
- Inside a git repository
|
|
18
|
+
|
|
19
|
+
### Setup (for PR interactions)
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
if command -v gh &>/dev/null && gh auth status &>/dev/null; then
|
|
23
|
+
AUTH="gh"
|
|
24
|
+
else
|
|
25
|
+
AUTH="git"
|
|
26
|
+
if [ -z "$GITHUB_TOKEN" ]; then
|
|
27
|
+
if _agent_env="${AGENT_HOME:-$HOME/.agent}/.env"; [ -f "$_agent_env" ] && grep -q "^GITHUB_TOKEN=" "$_agent_env"; then
|
|
28
|
+
GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" "$_agent_env" | head -1 | cut -d= -f2 | tr -d '\n\r')
|
|
29
|
+
elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then
|
|
30
|
+
GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|')
|
|
31
|
+
fi
|
|
32
|
+
fi
|
|
33
|
+
fi
|
|
34
|
+
|
|
35
|
+
REMOTE_URL=$(git remote get-url origin)
|
|
36
|
+
OWNER_REPO=$(echo "$REMOTE_URL" | sed -E 's|.*github\.com[:/]||; s|\.git$||')
|
|
37
|
+
OWNER=$(echo "$OWNER_REPO" | cut -d/ -f1)
|
|
38
|
+
REPO=$(echo "$OWNER_REPO" | cut -d/ -f2)
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## 1. Reviewing Local Changes (Pre-Push)
|
|
44
|
+
|
|
45
|
+
This is pure `git` — works everywhere, no API needed.
|
|
46
|
+
|
|
47
|
+
### Get the Diff
|
|
48
|
+
|
|
49
|
+
```bash
|
|
50
|
+
# Staged changes (what would be committed)
|
|
51
|
+
git diff --staged
|
|
52
|
+
|
|
53
|
+
# All changes vs main (what a PR would contain)
|
|
54
|
+
git diff main...HEAD
|
|
55
|
+
|
|
56
|
+
# File names only
|
|
57
|
+
git diff main...HEAD --name-only
|
|
58
|
+
|
|
59
|
+
# Stat summary (insertions/deletions per file)
|
|
60
|
+
git diff main...HEAD --stat
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### Review Strategy
|
|
64
|
+
|
|
65
|
+
1. **Get the big picture first:**
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
git diff main...HEAD --stat
|
|
69
|
+
git log main..HEAD --oneline
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
2. **Review file by file** — use `read_file` on changed files for full context, and the diff to see what changed:
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
git diff main...HEAD -- src/auth/login.py
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
3. **Check for common issues:**
|
|
79
|
+
|
|
80
|
+
```bash
|
|
81
|
+
# Debug statements, TODOs, console.logs left behind
|
|
82
|
+
git diff main...HEAD | grep -n "print(\|console\.log\|TODO\|FIXME\|HACK\|XXX\|debugger"
|
|
83
|
+
|
|
84
|
+
# Large files accidentally staged
|
|
85
|
+
git diff main...HEAD --stat | sort -t'|' -k2 -rn | head -10
|
|
86
|
+
|
|
87
|
+
# Secrets or credential patterns
|
|
88
|
+
git diff main...HEAD | grep -in "password\|secret\|api_key\|token.*=\|private_key"
|
|
89
|
+
|
|
90
|
+
# Merge conflict markers
|
|
91
|
+
git diff main...HEAD | grep -n "<<<<<<\|>>>>>>\|======="
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
4. **Present structured feedback** to the user.
|
|
95
|
+
|
|
96
|
+
### Review Output Format
|
|
97
|
+
|
|
98
|
+
When reviewing local changes, present findings in this structure:
|
|
99
|
+
|
|
100
|
+
```
|
|
101
|
+
## Code Review Summary
|
|
102
|
+
|
|
103
|
+
### Critical
|
|
104
|
+
- **src/auth.py:45** — SQL injection: user input passed directly to query.
|
|
105
|
+
Suggestion: Use parameterized queries.
|
|
106
|
+
|
|
107
|
+
### Warnings
|
|
108
|
+
- **src/models/user.py:23** — Password stored in plaintext. Use bcrypt or argon2.
|
|
109
|
+
- **src/api/routes.py:112** — No rate limiting on login endpoint.
|
|
110
|
+
|
|
111
|
+
### Suggestions
|
|
112
|
+
- **src/utils/helpers.py:8** — Duplicates logic in `src/core/utils.py:34`. Consolidate.
|
|
113
|
+
- **tests/test_auth.py** — Missing edge case: expired token test.
|
|
114
|
+
|
|
115
|
+
### Looks Good
|
|
116
|
+
- Clean separation of concerns in the middleware layer
|
|
117
|
+
- Good test coverage for the happy path
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
---
|
|
121
|
+
|
|
122
|
+
## 2. Reviewing a Pull Request on GitHub
|
|
123
|
+
|
|
124
|
+
### View PR Details
|
|
125
|
+
|
|
126
|
+
**With gh:**
|
|
127
|
+
|
|
128
|
+
```bash
|
|
129
|
+
gh pr view 123
|
|
130
|
+
gh pr diff 123
|
|
131
|
+
gh pr diff 123 --name-only
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
**With git + curl:**
|
|
135
|
+
|
|
136
|
+
```bash
|
|
137
|
+
PR_NUMBER=123
|
|
138
|
+
|
|
139
|
+
# Get PR details
|
|
140
|
+
curl -s \
|
|
141
|
+
-H "Authorization: token $GITHUB_TOKEN" \
|
|
142
|
+
https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \
|
|
143
|
+
| python3 -c "
|
|
144
|
+
import sys, json
|
|
145
|
+
pr = json.load(sys.stdin)
|
|
146
|
+
print(f\"Title: {pr['title']}\")
|
|
147
|
+
print(f\"Author: {pr['user']['login']}\")
|
|
148
|
+
print(f\"Branch: {pr['head']['ref']} -> {pr['base']['ref']}\")
|
|
149
|
+
print(f\"State: {pr['state']}\")
|
|
150
|
+
print(f\"Body:\n{pr['body']}\")"
|
|
151
|
+
|
|
152
|
+
# List changed files
|
|
153
|
+
curl -s \
|
|
154
|
+
-H "Authorization: token $GITHUB_TOKEN" \
|
|
155
|
+
https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/files \
|
|
156
|
+
| python3 -c "
|
|
157
|
+
import sys, json
|
|
158
|
+
for f in json.load(sys.stdin):
|
|
159
|
+
print(f\"{f['status']:10} +{f['additions']:-4} -{f['deletions']:-4} {f['filename']}\")"
|
|
160
|
+
```
|
|
161
|
+
|
|
162
|
+
### Check Out PR Locally for Full Review
|
|
163
|
+
|
|
164
|
+
This works with plain `git` — no `gh` needed:
|
|
165
|
+
|
|
166
|
+
```bash
|
|
167
|
+
# Fetch the PR branch and check it out
|
|
168
|
+
git fetch origin pull/123/head:pr-123
|
|
169
|
+
git checkout pr-123
|
|
170
|
+
|
|
171
|
+
# Now you can use read_file, search_files, run tests, etc.
|
|
172
|
+
|
|
173
|
+
# View diff against the base branch
|
|
174
|
+
git diff main...pr-123
|
|
175
|
+
```
|
|
176
|
+
|
|
177
|
+
**With gh (shortcut):**
|
|
178
|
+
|
|
179
|
+
```bash
|
|
180
|
+
gh pr checkout 123
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
### Leave Comments on a PR
|
|
184
|
+
|
|
185
|
+
**General PR comment — with gh:**
|
|
186
|
+
|
|
187
|
+
```bash
|
|
188
|
+
gh pr comment 123 --body "Overall looks good, a few suggestions below."
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
**General PR comment — with curl:**
|
|
192
|
+
|
|
193
|
+
```bash
|
|
194
|
+
curl -s -X POST \
|
|
195
|
+
-H "Authorization: token $GITHUB_TOKEN" \
|
|
196
|
+
https://api.github.com/repos/$OWNER/$REPO/issues/$PR_NUMBER/comments \
|
|
197
|
+
-d '{"body": "Overall looks good, a few suggestions below."}'
|
|
198
|
+
```
|
|
199
|
+
|
|
200
|
+
### Leave Inline Review Comments
|
|
201
|
+
|
|
202
|
+
**Single inline comment — with gh (via API):**
|
|
203
|
+
|
|
204
|
+
```bash
|
|
205
|
+
HEAD_SHA=$(gh pr view 123 --json headRefOid --jq '.headRefOid')
|
|
206
|
+
|
|
207
|
+
gh api repos/$OWNER/$REPO/pulls/123/comments \
|
|
208
|
+
--method POST \
|
|
209
|
+
-f body="This could be simplified with a list comprehension." \
|
|
210
|
+
-f path="src/auth/login.py" \
|
|
211
|
+
-f commit_id="$HEAD_SHA" \
|
|
212
|
+
-f line=45 \
|
|
213
|
+
-f side="RIGHT"
|
|
214
|
+
```
|
|
215
|
+
|
|
216
|
+
**Single inline comment — with curl:**
|
|
217
|
+
|
|
218
|
+
```bash
|
|
219
|
+
# Get the head commit SHA
|
|
220
|
+
HEAD_SHA=$(curl -s \
|
|
221
|
+
-H "Authorization: token $GITHUB_TOKEN" \
|
|
222
|
+
https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \
|
|
223
|
+
| python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])")
|
|
224
|
+
|
|
225
|
+
curl -s -X POST \
|
|
226
|
+
-H "Authorization: token $GITHUB_TOKEN" \
|
|
227
|
+
https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/comments \
|
|
228
|
+
-d "{
|
|
229
|
+
\"body\": \"This could be simplified with a list comprehension.\",
|
|
230
|
+
\"path\": \"src/auth/login.py\",
|
|
231
|
+
\"commit_id\": \"$HEAD_SHA\",
|
|
232
|
+
\"line\": 45,
|
|
233
|
+
\"side\": \"RIGHT\"
|
|
234
|
+
}"
|
|
235
|
+
```
|
|
236
|
+
|
|
237
|
+
### Submit a Formal Review (Approve / Request Changes)
|
|
238
|
+
|
|
239
|
+
**With gh:**
|
|
240
|
+
|
|
241
|
+
```bash
|
|
242
|
+
gh pr review 123 --approve --body "LGTM!"
|
|
243
|
+
gh pr review 123 --request-changes --body "See inline comments."
|
|
244
|
+
gh pr review 123 --comment --body "Some suggestions, nothing blocking."
|
|
245
|
+
```
|
|
246
|
+
|
|
247
|
+
**With curl — multi-comment review submitted atomically:**
|
|
248
|
+
|
|
249
|
+
```bash
|
|
250
|
+
HEAD_SHA=$(curl -s \
|
|
251
|
+
-H "Authorization: token $GITHUB_TOKEN" \
|
|
252
|
+
https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \
|
|
253
|
+
| python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])")
|
|
254
|
+
|
|
255
|
+
curl -s -X POST \
|
|
256
|
+
-H "Authorization: token $GITHUB_TOKEN" \
|
|
257
|
+
https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews \
|
|
258
|
+
-d "{
|
|
259
|
+
\"commit_id\": \"$HEAD_SHA\",
|
|
260
|
+
\"event\": \"COMMENT\",
|
|
261
|
+
\"body\": \"Code review from
|
|
262
|
+
\"comments\": [
|
|
263
|
+
{\"path\": \"src/auth.py\", \"line\": 45, \"body\": \"Use parameterized queries to prevent SQL injection.\"},
|
|
264
|
+
{\"path\": \"src/models/user.py\", \"line\": 23, \"body\": \"Hash passwords with bcrypt before storing.\"},
|
|
265
|
+
{\"path\": \"tests/test_auth.py\", \"line\": 1, \"body\": \"Add test for expired token edge case.\"}
|
|
266
|
+
]
|
|
267
|
+
}"
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
Event values: `"APPROVE"`, `"REQUEST_CHANGES"`, `"COMMENT"`
|
|
271
|
+
|
|
272
|
+
The `line` field refers to the line number in the *new* version of the file. For deleted lines, use `"side": "LEFT"`.
|
|
273
|
+
|
|
274
|
+
---
|
|
275
|
+
|
|
276
|
+
## 3. Review Checklist
|
|
277
|
+
|
|
278
|
+
When performing a code review (local or PR), systematically check:
|
|
279
|
+
|
|
280
|
+
### Correctness
|
|
281
|
+
- Does the code do what it claims?
|
|
282
|
+
- Edge cases handled (empty inputs, nulls, large data, concurrent access)?
|
|
283
|
+
- Error paths handled gracefully?
|
|
284
|
+
|
|
285
|
+
### Security
|
|
286
|
+
- No hardcoded secrets, credentials, or API keys
|
|
287
|
+
- Input validation on user-facing inputs
|
|
288
|
+
- No SQL injection, XSS, or path traversal
|
|
289
|
+
- Auth/authz checks where needed
|
|
290
|
+
|
|
291
|
+
### Code Quality
|
|
292
|
+
- Clear naming (variables, functions, classes)
|
|
293
|
+
- No unnecessary complexity or premature abstraction
|
|
294
|
+
- DRY — no duplicated logic that should be extracted
|
|
295
|
+
- Functions are focused (single responsibility)
|
|
296
|
+
|
|
297
|
+
### Testing
|
|
298
|
+
- New code paths tested?
|
|
299
|
+
- Happy path and error cases covered?
|
|
300
|
+
- Tests readable and maintainable?
|
|
301
|
+
|
|
302
|
+
### Performance
|
|
303
|
+
- No N+1 queries or unnecessary loops
|
|
304
|
+
- Appropriate caching where beneficial
|
|
305
|
+
- No blocking operations in async code paths
|
|
306
|
+
|
|
307
|
+
### Documentation
|
|
308
|
+
- Public APIs documented
|
|
309
|
+
- Non-obvious logic has comments explaining "why"
|
|
310
|
+
- README updated if behavior changed
|
|
311
|
+
|
|
312
|
+
---
|
|
313
|
+
|
|
314
|
+
## 4. Pre-Push Review Workflow
|
|
315
|
+
|
|
316
|
+
When the user asks you to "review the code" or "check before pushing":
|
|
317
|
+
|
|
318
|
+
1. `git diff main...HEAD --stat` — see scope of changes
|
|
319
|
+
2. `git diff main...HEAD` — read the full diff
|
|
320
|
+
3. For each changed file, use `read_file` if you need more context
|
|
321
|
+
4. Apply the checklist above
|
|
322
|
+
5. Present findings in the structured format (Critical / Warnings / Suggestions / Looks Good)
|
|
323
|
+
6. If critical issues found, offer to fix them before the user pushes
|
|
324
|
+
|
|
325
|
+
---
|
|
326
|
+
|
|
327
|
+
## 5. PR Review Workflow (End-to-End)
|
|
328
|
+
|
|
329
|
+
When the user asks you to "review PR #N", "look at this PR", or gives you a PR URL, follow this recipe:
|
|
330
|
+
|
|
331
|
+
### Step 1: Set up environment
|
|
332
|
+
|
|
333
|
+
```bash
|
|
334
|
+
source "${AGENT_HOME:-$HOME/.agent}/skills/github/github-auth/scripts/gh-env.sh"
|
|
335
|
+
# Or run the inline setup block from the top of this skill
|
|
336
|
+
```
|
|
337
|
+
|
|
338
|
+
### Step 2: Gather PR context
|
|
339
|
+
|
|
340
|
+
Get the PR metadata, description, and list of changed files to understand scope before diving into code.
|
|
341
|
+
|
|
342
|
+
**With gh:**
|
|
343
|
+
```bash
|
|
344
|
+
gh pr view 123
|
|
345
|
+
gh pr diff 123 --name-only
|
|
346
|
+
gh pr checks 123
|
|
347
|
+
```
|
|
348
|
+
|
|
349
|
+
**With curl:**
|
|
350
|
+
```bash
|
|
351
|
+
PR_NUMBER=123
|
|
352
|
+
|
|
353
|
+
# PR details (title, author, description, branch)
|
|
354
|
+
curl -s -H "Authorization: token $GITHUB_TOKEN" \
|
|
355
|
+
https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER
|
|
356
|
+
|
|
357
|
+
# Changed files with line counts
|
|
358
|
+
curl -s -H "Authorization: token $GITHUB_TOKEN" \
|
|
359
|
+
https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER/files
|
|
360
|
+
```
|
|
361
|
+
|
|
362
|
+
### Step 3: Check out the PR locally
|
|
363
|
+
|
|
364
|
+
This gives you full access to `read_file`, `search_files`, and the ability to run tests.
|
|
365
|
+
|
|
366
|
+
```bash
|
|
367
|
+
git fetch origin pull/$PR_NUMBER/head:pr-$PR_NUMBER
|
|
368
|
+
git checkout pr-$PR_NUMBER
|
|
369
|
+
```
|
|
370
|
+
|
|
371
|
+
### Step 4: Read the diff and understand changes
|
|
372
|
+
|
|
373
|
+
```bash
|
|
374
|
+
# Full diff against the base branch
|
|
375
|
+
git diff main...HEAD
|
|
376
|
+
|
|
377
|
+
# Or file-by-file for large PRs
|
|
378
|
+
git diff main...HEAD --name-only
|
|
379
|
+
# Then for each file:
|
|
380
|
+
git diff main...HEAD -- path/to/file.py
|
|
381
|
+
```
|
|
382
|
+
|
|
383
|
+
For each changed file, use `read_file` to see full context around the changes — diffs alone can miss issues visible only with surrounding code.
|
|
384
|
+
|
|
385
|
+
### Step 5: Run automated checks locally (if applicable)
|
|
386
|
+
|
|
387
|
+
```bash
|
|
388
|
+
# Run tests if there's a test suite
|
|
389
|
+
python -m pytest 2>&1 | tail -20
|
|
390
|
+
# or: npm test, cargo test, go test ./..., etc.
|
|
391
|
+
|
|
392
|
+
# Run linter if configured
|
|
393
|
+
ruff check . 2>&1 | head -30
|
|
394
|
+
# or: eslint, clippy, etc.
|
|
395
|
+
```
|
|
396
|
+
|
|
397
|
+
### Step 6: Apply the review checklist (Section 3)
|
|
398
|
+
|
|
399
|
+
Go through each category: Correctness, Security, Code Quality, Testing, Performance, Documentation.
|
|
400
|
+
|
|
401
|
+
### Step 7: Post the review to GitHub
|
|
402
|
+
|
|
403
|
+
Collect your findings and submit them as a formal review with inline comments.
|
|
404
|
+
|
|
405
|
+
**With gh:**
|
|
406
|
+
```bash
|
|
407
|
+
# If no issues — approve
|
|
408
|
+
gh pr review $PR_NUMBER --approve --body "Reviewed by
|
|
409
|
+
|
|
410
|
+
# If issues found — request changes with inline comments
|
|
411
|
+
gh pr review $PR_NUMBER --request-changes --body "Found a few issues — see inline comments."
|
|
412
|
+
```
|
|
413
|
+
|
|
414
|
+
**With curl — atomic review with multiple inline comments:**
|
|
415
|
+
```bash
|
|
416
|
+
HEAD_SHA=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
|
|
417
|
+
https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER \
|
|
418
|
+
| python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])")
|
|
419
|
+
|
|
420
|
+
# Build the review JSON — event is APPROVE, REQUEST_CHANGES, or COMMENT
|
|
421
|
+
curl -s -X POST \
|
|
422
|
+
-H "Authorization: token $GITHUB_TOKEN" \
|
|
423
|
+
https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER/reviews \
|
|
424
|
+
-d "{
|
|
425
|
+
\"commit_id\": \"$HEAD_SHA\",
|
|
426
|
+
\"event\": \"REQUEST_CHANGES\",
|
|
427
|
+
\"body\": \"##
|
|
428
|
+
\"comments\": [
|
|
429
|
+
{\"path\": \"src/auth.py\", \"line\": 45, \"body\": \"🔴 **Critical:** User input passed directly to SQL query — use parameterized queries.\"},
|
|
430
|
+
{\"path\": \"src/models.py\", \"line\": 23, \"body\": \"⚠️ **Warning:** Password stored without hashing.\"},
|
|
431
|
+
{\"path\": \"src/utils.py\", \"line\": 8, \"body\": \"💡 **Suggestion:** This duplicates logic in core/utils.py:34.\"}
|
|
432
|
+
]
|
|
433
|
+
}"
|
|
434
|
+
```
|
|
435
|
+
|
|
436
|
+
### Step 8: Also post a summary comment
|
|
437
|
+
|
|
438
|
+
In addition to inline comments, leave a top-level summary so the PR author gets the full picture at a glance. Use the review output format from `references/review-output-template.md`.
|
|
439
|
+
|
|
440
|
+
**With gh:**
|
|
441
|
+
```bash
|
|
442
|
+
gh pr comment $PR_NUMBER --body "$(cat <<'EOF'
|
|
443
|
+
## Code Review Summary
|
|
444
|
+
|
|
445
|
+
**Verdict: Changes Requested** (2 issues, 1 suggestion)
|
|
446
|
+
|
|
447
|
+
### 🔴 Critical
|
|
448
|
+
- **src/auth.py:45** — SQL injection vulnerability
|
|
449
|
+
|
|
450
|
+
### ⚠️ Warnings
|
|
451
|
+
- **src/models.py:23** — Plaintext password storage
|
|
452
|
+
|
|
453
|
+
### 💡 Suggestions
|
|
454
|
+
- **src/utils.py:8** — Duplicated logic, consider consolidating
|
|
455
|
+
|
|
456
|
+
### ✅ Looks Good
|
|
457
|
+
- Clean API design
|
|
458
|
+
- Good error handling in the middleware layer
|
|
459
|
+
|
|
460
|
+
---
|
|
461
|
+
*Reviewed by
|
|
462
|
+
EOF
|
|
463
|
+
)"
|
|
464
|
+
```
|
|
465
|
+
|
|
466
|
+
### Step 9: Clean up
|
|
467
|
+
|
|
468
|
+
```bash
|
|
469
|
+
git checkout main
|
|
470
|
+
git branch -D pr-$PR_NUMBER
|
|
471
|
+
```
|
|
472
|
+
|
|
473
|
+
### Decision: Approve vs Request Changes vs Comment
|
|
474
|
+
|
|
475
|
+
- **Approve** — no critical or warning-level issues, only minor suggestions or all clear
|
|
476
|
+
- **Request Changes** — any critical or warning-level issue that should be fixed before merge
|
|
477
|
+
- **Comment** — observations and suggestions, but nothing blocking (use when you're unsure or the PR is a draft)
|
|
478
|
+
|
|
479
|
+
## Mandatory actions when this skill is active
|
|
480
|
+
|
|
481
|
+
Before applying this skill:
|
|
482
|
+
- [ ] Read the task requirements fully before acting
|
|
483
|
+
- [ ] Confirm you understand the goal and constraints
|
|
484
|
+
- [ ] Check for existing work or prior context in the codebase
|
|
485
|
+
|
|
486
|
+
While working:
|
|
487
|
+
- [ ] Follow the methodology described above step by step
|
|
488
|
+
- [ ] Document any decisions or findings as you go
|
|
489
|
+
|
|
490
|
+
After completing:
|
|
491
|
+
- [ ] Self-check: does the output satisfy the original requirement?
|
|
492
|
+
- [ ] Verify no regressions or unintended side effects
|
|
493
|
+
|