rootcoz 4.0.0__tar.gz

rootcoz-4.0.0/.coderabbit.yaml

@@ -0,0 +1,3 @@
+reviews:
+  auto_review:
+    auto_pause_after_reviewed_commits: 0

rootcoz-4.0.0/.dockerignore

@@ -0,0 +1,40 @@
+# Git
+.git
+.gitignore
+
+# Python
+__pycache__
+*.py[cod]
+*$py.class
+*.so
+.Python
+.venv
+venv
+env
+.eggs
+*.egg-info
+*.egg
+dist
+build
+
+# IDE
+.idea
+.vscode
+*.swp
+*.swo
+
+# Testing
+.pytest_cache
+.coverage
+htmlcov
+.tox
+
+# Misc
+*.log
+*.sqlite
+*.db
+.env
+.env.*
+Dockerfile
+.dockerignore
+.dev

rootcoz-4.0.0/.env.example

@@ -0,0 +1,125 @@
+# Jenkins Job Insight - Environment Variables Template
+
+# ===================
+# Jenkins Configuration (Required)
+# ===================
+JENKINS_URL=https://jenkins.example.com
+JENKINS_USER=your-username
+JENKINS_PASSWORD=your-api-token
+JENKINS_SSL_VERIFY=true
+
+# ===================
+# AI CLI Configuration
+# ===================
+# Choose AI provider (required): "claude", "gemini", or "cursor"
+AI_PROVIDER=claude
+
+# AI model to use (required, applies to any provider)
+# Can also be set per-request in webhook body
+AI_MODEL=your-model-name
+
+# --- Claude CLI Options ---
+
+# Option 1: Direct API key (simplest)
+ANTHROPIC_API_KEY=your-anthropic-api-key
+
+# Option 2: Vertex AI authentication
+# CLAUDE_CODE_USE_VERTEX=1
+# CLOUD_ML_REGION=us-east5
+# ANTHROPIC_VERTEX_PROJECT_ID=your-project-id
+
+# --- Gemini CLI Options ---
+
+# Option 1: API key
+GEMINI_API_KEY=your-gemini-api-key
+
+# Option 2: OAuth (run: gemini auth login)
+# No env vars needed for OAuth
+
+# --- Cursor Agent CLI Options ---
+
+# Choose ONE of the following authentication methods:
+
+# API key
+# CURSOR_API_KEY=your-cursor-api-key
+
+# --- AI CLI Timeout ---
+
+# Timeout for AI CLI calls in minutes (default: 10)
+# Increase for slower models like gpt-5.2
+# AI_CLI_TIMEOUT=10
+
+# ===================
+# Peer Analysis (Optional)
+# ===================
+# Enable multi-AI consensus by configuring peer AI providers
+# PEER_AI_CONFIGS=cursor:gpt-5.4-xhigh,gemini:gemini-2.5-pro
+# PEER_ANALYSIS_MAX_ROUNDS=3
+
+# ===================
+# Logging Configuration
+# ===================
+# Log level: DEBUG, INFO, WARNING, ERROR (default: INFO)
+LOG_LEVEL=INFO
+
+# ===================
+# Optional Defaults (can be overridden per-request in webhook)
+# ===================
+
+# Tests repository URL
+# TESTS_REPO_URL=https://github.com/org/test-repo
+
+# ===================
+# Jira Integration (Optional)
+# ===================
+# Enables searching Jira for existing bugs matching PRODUCT BUG failures.
+# When configured, AI analysis includes search keywords and the system
+# automatically finds potentially matching Jira issues.
+
+# Jira server URL (Cloud or Server/DC)
+# JIRA_URL=https://your-org.atlassian.net
+
+# Personal Access Token (works for both Cloud and Server/DC)
+# JIRA_PAT=your-personal-access-token
+
+# Email for Jira Cloud authentication (determines auth mode):
+#   - If JIRA_EMAIL is set: Cloud auth (Basic with email:PAT)
+#   - If JIRA_EMAIL is not set: Server/DC auth (Bearer PAT)
+# JIRA_EMAIL=your-email@example.com
+
+# JIRA_API_TOKEN is kept for backward compatibility; prefer JIRA_PAT
+# JIRA_API_TOKEN=your-jira-api-token
+
+# Jira project key to scope searches (optional, searches all projects if not set)
+# JIRA_PROJECT_KEY=PROJ
+
+# SSL verification for Jira (set to false for self-signed certs)
+# JIRA_SSL_VERIFY=true
+
+# Maximum Jira results per search (default: 5)
+# JIRA_MAX_RESULTS=5
+
+# ===================
+# GitHub Integration (Optional)
+# ===================
+# GitHub API token for private repo PR status in comments
+# GITHUB_TOKEN=your-github-token
+
+# Explicitly enable/disable GitHub issue creation (overrides auto-detection)
+# When not set, auto-detected from TESTS_REPO_URL and GITHUB_TOKEN
+# ENABLE_GITHUB_ISSUES=true
+
+# ===================
+# Access Control (Optional)
+# ===================
+# Comma-separated list of usernames allowed to create/modify data
+# (submit analyses, add comments, set reviewed, override classifications, etc.)
+# Empty = open access (all users allowed). Admin users always bypass.
+# ALLOWED_USERS=alice,bob,carol
+
+# ===================
+# Development
+# ===================
+
+# Enable debug mode
+DEBUG=false

rootcoz-4.0.0/.flake8

@@ -0,0 +1,14 @@
+[flake8]
+select=M511
+
+exclude =
+    doc,
+    .tox,
+    .git,
+    *.yml,
+    Pipfile.*,
+    docs/*,
+    .cache/*
+
+per-file-ignores =
+    src/rootcoz/cli/main.py:M511

rootcoz-4.0.0/.git

@@ -0,0 +1 @@
+gitdir: /tmp/github-webhook-rootcoz-jizntl1d/.git/worktrees/github-webhook-rootcoz-jizntl1d-worktree-4df6dc48-3349-4ae2-8997-d6fe155c1816

rootcoz-4.0.0/.gitignore

@@ -0,0 +1,63 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+/lib/
+/lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual environments
+.env
+.venv/
+venv/
+ENV/
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+
+# Type checking / linting
+.mypy_cache/
+.ruff_cache/
+
+# Logs
+*.log
+
+# Project specific
+/data/
+
+# Local development directory
+.dev/
+
+# Superpowers development tool artifacts
+.superpowers/
+
+# Frontend
+node_modules/
+frontend/node_modules/
+frontend/dist/
+frontend/.vite/
+
+# Local config
+.envrc
+.claude/
+jji.db

rootcoz-4.0.0/.gitleaks.toml

@@ -0,0 +1,20 @@
+# Gitleaks configuration for rootcoz
+# https://github.com/gitleaks/gitleaks#configuration
+
+[extend]
+# Use the default gitleaks config as a base
+useDefault = true
+
+[allowlist]
+# Allowlist test files that contain fake/mock credentials for unit tests
+paths = [
+    '''\.secrets\.baseline''',
+    '''tests/test_config\.py''',
+    '''tests/test_main\.py''',
+    '''tests/conftest\.py''',
+    '''tests/test_cli_main\.py''',
+    '''tests/test_cli_client\.py''',
+    '''tests/test_auth\.py''',
+    '''tests/test_debug_request_logging\.py''',
+    '''tests/test_feedback\.py''',
+]

rootcoz-4.0.0/.markdownlint.yaml

@@ -0,0 +1,5 @@
+---
+default: true
+MD013:
+  # Number of characters
+  line_length: 120

rootcoz-4.0.0/.pre-commit-config.yaml

@@ -0,0 +1,71 @@
+---
+default_language_version:
+  python: python3
+
+ci:
+  autofix_prs: false
+  autoupdate_commit_msg: "ci: [pre-commit.ci] pre-commit autoupdate"
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-docstring-first
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: detect-private-key
+      - id: mixed-line-ending
+      - id: debug-statements
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md] # Do not process Markdown files.
+        exclude: ^docs/
+      - id: end-of-file-fixer
+        exclude: ^docs/
+      - id: check-ast
+      - id: check-builtin-literals
+      - id: check-toml
+
+  - repo: https://github.com/PyCQA/flake8
+    rev: 7.3.0
+    hooks:
+      - id: flake8
+        args: [--config=.flake8]
+        additional_dependencies:
+          [git+https://github.com/RedHatQE/flake8-plugins.git, flake8-mutable]
+
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        exclude: ^docs/
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.15.11
+    hooks:
+      - id: ruff
+      - id: ruff-format
+
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.30.0
+    hooks:
+      - id: gitleaks
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.20.1
+    hooks:
+      - id: mypy
+        exclude: (tests/)
+        additional_dependencies:
+          [types-requests, types-PyYAML, types-colorama, types-aiofiles, pydantic]
+
+  - repo: https://github.com/pre-commit/mirrors-eslint
+    rev: v10.2.1
+    hooks:
+      - id: eslint
+        files: \.js$
+        exclude: (eslint\.config\.js|^docs/|^frontend/)
+        args: [--fix]
+        additional_dependencies:
+          - eslint@9.38.0

rootcoz-4.0.0/AGENTS.md

@@ -0,0 +1 @@
+CLAUDE.md

rootcoz-4.0.0/CLAUDE.md

@@ -0,0 +1,185 @@
+# Project Coding Principles
+
+## Data Integrity
+
+- Never truncate data arbitrarily (no `[:100]` or `[:2000]` slicing)
+- Preserve full information; let consumers handle their own limits
+
+## No Dead Code
+
+- Use everything you create: imports, variables, clones, instantiations
+- Remove unused code rather than leaving it dormant
+
+## No Duplicate Code — MANDATORY
+
+**ZERO tolerance for duplicate code. This is a hard rule, not a guideline.**
+
+- If the same logic exists in 2+ places, it is a BUG. Extract it immediately.
+- Before writing ANY code, search for existing helpers that do the same thing. Reuse first.
+- This applies to ALL code: Python, JavaScript, CSS, HTML templates, SQL queries.
+- Shared React components → extract to `components/shared/` or `components/ui/`
+- Shared TypeScript logic → extract to `lib/` utilities
+- Shared Python logic → extract functions, base classes, or mixins
+- Copy-paste is NEVER acceptable. Not even "just this once." Not even "it's small."
+- Every PR review will check for duplication. Duplicates found = code rejected.
+
+## Testing — MANDATORY
+
+**`tox` must pass before every commit. No exceptions.**
+
+Run all tests:
+
+```bash
+uvx --with tox-uv tox
+```
+
+This runs both environments:
+- `backend` — Python tests via `uv run pytest tests/ -q`
+- `frontend` — Frontend build (`vite build`) + Vitest tests (`npm test`)
+
+Individual environments:
+
+```bash
+uvx --with tox-uv tox -e backend    # Python only
+uvx --with tox-uv tox -e frontend   # Frontend only
+```
+
+## Smart Context Management
+
+- Prefer structured data (test reports, APIs) over raw logs
+- When raw data is necessary, extract relevant content (errors, failures, warnings) instead of full dumps
+
+## Parallel Execution
+
+- Run independent, stateless operations in parallel
+- Handle failures gracefully: one failure should not crash all parallel tasks
+- Capture exceptions and continue processing
+
+## File Handling
+
+- Preserve user edits when modifying files
+- Add missing elements rather than replacing entire content
+- Never overwrite user customizations
+
+## Communication
+
+- Explain data flow through the system, not just variable locations
+- Show how components connect and interact
+
+## Architecture Rules
+
+### Tech Stack
+
+- **Backend**: Python + FastAPI + TinyDB
+- **Frontend**: Vite + React 19 + TypeScript + Tailwind CSS + shadcn/ui (in `/frontend/`)
+- **AI Integration**: CLI-based (Claude CLI, Gemini CLI, Cursor Agent CLI) — no SDK dependencies, provider-agnostic, `AI_PROVIDER` env var selects provider
+- **CLI**: `rootcoz` CLI tool for querying the API — run `rootcoz --help` for available commands
+
+### Frontend Patterns
+
+- **State**: Page-scoped `useReducer` (e.g., `ReportContext` for the report page) — each page owns its own context; do NOT introduce global state (Redux, Zustand, etc.)
+- **API**: Centralized `api.get/post/put/delete` wrapper in `lib/api.ts` — do NOT use raw `fetch` calls
+- **User identification**: Cookie-based (`rootcoz_username`), display-only — NOT an authentication/authorization boundary
+
+### Auto-Generated Documentation
+
+The `docs/` directory is **auto-generated** by [docsfy](https://github.com/myk-org/docsfy). **NEVER edit files in `docs/` manually** — all changes will be overwritten. To update documentation, modify source code and regenerate with docsfy, or edit `AGENTS.md` / `README.md` for project-level docs.
+
+### AI Tool Access (IMPORTANT)
+
+Never pre-feed data to the AI in the prompt. Give the AI tools (API endpoints, scripts, commands) and let it decide what data it needs.
+
+**DO:**
+- Expose API endpoints the AI can curl
+- Provide skill files documenting available tools
+- Let the AI query, explore, and interpret data on its own
+
+**DON'T:**
+- Pre-query the database and stuff results into the prompt
+- Summarize or filter data before the AI sees it
+- Make decisions about what data the AI needs — let the AI decide
+
+### CLI Parity
+
+Every new API endpoint MUST also be supported via the `rootcoz` CLI tool. When adding a new endpoint:
+1. Add the client method to `src/rootcoz/cli/client.py`
+2. Add the CLI command to `src/rootcoz/cli/main.py`
+3. Add tests for both in `tests/test_cli_client.py` and `tests/test_cli_main.py`
+
+### Failure Deduplication
+
+When multiple tests fail with the same error:
+1. Failures are grouped by error signature (SHA-256 hash of error + stack trace)
+2. Only one AI CLI call per unique error type
+3. Analysis is applied to all failures with matching signature
+
+### Jira Integration (Optional)
+
+When configured, searches Jira for existing bugs matching PRODUCT BUG failures:
+1. AI generates search keywords during analysis
+2. Keywords search Jira (configurable issue type, summary search)
+3. AI evaluates each candidate's relevance
+4. Only relevant matches are attached to the result
+5. Jira errors never crash the pipeline — all failures are swallowed gracefully
+
+### Report Portal Integration (Optional)
+
+When `ENABLE_REPORTPORTAL=true`, users can push test classifications back to Report Portal via the `push-reportportal` endpoint and CLI command.
+
+### Feedback System
+
+Users submit feedback (bugs, feature requests) via the FeedbackDialog component. Feedback is previewed with AI-generated issue content, then created as a GitHub issue. This replaces the old "Report Bug" flow.
+
+### Logging
+
+Uses `python-simple-logger`:
+- INFO: Milestones (job started, AI calls, completed)
+- DEBUG: Detailed operations (response lengths, extracted data)
+- Configured via `LOG_LEVEL` environment variable
+
+## API Design
+
+### Configuration Parity
+
+For request-tunable analysis settings, keep these interfaces in sync:
+1. Environment variable (server-level default)
+2. API payload field (per-request override)
+3. CLI option (command-line flag)
+4. Config file (`~/.config/rootcoz/config.toml` per-server setting)
+
+Client-only transport settings and server-only deployment settings stay scoped to their owning interface.
+
+When adding a new analysis setting:
+1. Add the field to `Settings` in `config.py`
+2. Add the corresponding request field to `BaseAnalysisRequest` (or `AnalyzeRequest`) in `models.py`
+3. Add the field to `_merge_settings()` in `main.py` so request values override env defaults
+4. Add the CLI option to the relevant command in `cli/main.py`
+5. Add the field to `ServerConfig` in `cli/config.py`
+
+Exceptions (server-level only, no payload equivalent):
+- `ADMIN_KEY` — server-only bootstrap secret for admin superuser authentication; never expose via request payloads, CLI flags, or shared config files. Rotating `ADMIN_KEY` only affects the bootstrap admin login — delegated admin API keys use `ROOTCOZ_ENCRYPTION_KEY` for HMAC hashing and are not affected by `ADMIN_KEY` rotation.
+- `ALLOWED_USERS` — server-only comma-separated allow list of usernames permitted to create/modify data; empty = open access (backward compatible); admin users always bypass; never expose via request payloads or CLI flags. Note: this is a trusted-network access guard, not a cryptographic security boundary — enforcement reads the client-supplied `rootcoz_username` cookie, so protection relies on network-level trust rather than server-verified identity
+- `DEBUG` — server reload toggle
+- `ENABLE_GITHUB_ISSUES` — server capability toggle for GitHub issue creation
+- `ENABLE_REPORTPORTAL` — server capability toggle for Report Portal integration
+- `ROOTCOZ_ENCRYPTION_KEY` — server-only secret for at-rest encryption AND HMAC secret for delegated admin API key hashes; never expose via request payloads, CLI flags, or shared config files. **Rotating this key invalidates both encrypted data (tokens) and all stored delegated admin API key hashes** — operators must re-issue delegated admin API keys after rotation
+- `LOG_LEVEL` — server log verbosity
+- `PUBLIC_BASE_URL` — trusted server-only origin for building absolute links; never derive from request headers to prevent host-header injection
+- `METADATA_RULES_FILE` — server-only path to metadata classification rules file
+- `SECURE_COOKIES` — server-only deployment toggle for HTTPS cookie flags (default: True, set False for local HTTP dev)
+- `TRUST_PROXY_HEADERS` — server-only trust toggle for reverse-proxy user identification; only enable behind a trusted proxy
+- `VAPID_CLAIM_EMAIL` — server-only contact email for VAPID claims (Web Push notifications)
+- `VAPID_PRIVATE_KEY` — server-only VAPID private key for Web Push notifications; never expose via request payloads, CLI flags, or shared config files
+- `VAPID_PUBLIC_KEY` — server-only VAPID public key for Web Push notifications; auto-generated with `VAPID_PRIVATE_KEY` if not set
+- Security-sensitive credentials for preview/create-issue endpoints (`GITHUB_TOKEN`, `TESTS_REPO_URL`, Jira credentials, `REPORTPORTAL_URL`, `REPORTPORTAL_API_TOKEN`, `REPORTPORTAL_PROJECT`) — these use deployment config, not per-request overrides
+
+### Sensitive Data Handling
+
+Sensitive data (passwords, API tokens, credentials) must be:
+1. **Encrypted at rest** — use `encrypt_sensitive_fields()` before storing to the database
+2. **Stripped from responses** — use `strip_sensitive_from_response()` before returning to API consumers
+3. **Never logged** — do not log passwords, tokens, or credentials at any log level
+
+Sensitive fields: `jenkins_password`, `jenkins_user`, `jira_api_token`, `jira_pat`, `jira_email`, `github_token`, `tests_repo_token`, `reportportal_api_token`, `vapid_private_key`
+
+Encryption uses Fernet (AES-128-CBC + HMAC-SHA256). Set `ROOTCOZ_ENCRYPTION_KEY` env var for production; falls back to an auto-generated file-based key under `$XDG_DATA_HOME/rootcoz/.encryption_key` (default: `~/.local/share/rootcoz/.encryption_key`) for development.

rootcoz-4.0.0/Dockerfile

@@ -0,0 +1,123 @@
+# Frontend build stage
+FROM node:20-slim AS frontend-builder
+
+WORKDIR /frontend
+
+# Copy package files first for layer caching
+COPY frontend/package.json frontend/package-lock.json ./
+
+# Install dependencies
+RUN npm ci
+
+# Copy frontend source
+COPY frontend/ .
+
+# Build the frontend (vite build only — type checking runs in tox/CI)
+RUN npx vite build
+
+FROM python:3.12-slim AS builder
+
+WORKDIR /app
+
+# Install uv
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
+
+# Install git (needed for gitpython dependency)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy project files
+COPY pyproject.toml uv.lock ./
+COPY src/ src/
+
+# Create venv and install dependencies
+RUN uv sync --frozen --no-dev
+
+# Production stage
+FROM python:3.12-slim
+
+WORKDIR /app
+
+# Install bash (needed for CLI install scripts), git (required at runtime for gitpython), curl (for Claude CLI), and nodejs/npm (for Gemini CLI)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    bash \
+    git \
+    curl \
+    nodejs \
+    npm \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create non-root user, data directory, and set permissions
+# OpenShift runs containers as a random UID in the root group (GID 0)
+RUN useradd --create-home --shell /bin/bash -g 0 appuser \
+    && mkdir -p /data \
+    && chown appuser:0 /data \
+    && chmod -R g+w /data
+
+# Copy uv for runtime
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
+
+# Switch to non-root user for CLI installs
+USER appuser
+
+# Install Claude Code CLI (installs to ~/.local/bin)
+RUN /bin/bash -o pipefail -c "curl -fsSL https://claude.ai/install.sh | bash"
+
+# Install Cursor Agent CLI (installs to ~/.local/bin)
+RUN /bin/bash -o pipefail -c "curl -fsSL https://cursor.com/install | bash"
+
+# Configure npm for non-root global installs and install Gemini CLI
+RUN mkdir -p /home/appuser/.npm-global \
+    && npm config set prefix '/home/appuser/.npm-global' \
+    && npm install -g @google/gemini-cli
+
+# Switch to root for file copies and permission fixes
+USER root
+
+# Copy the virtual environment from builder
+COPY --chown=appuser:0 --from=builder /app/.venv /app/.venv
+
+# Copy project files needed by uv
+COPY --chown=appuser:0 --from=builder /app/pyproject.toml /app/uv.lock ./
+
+# Copy source code
+COPY --chown=appuser:0 --from=builder /app/src /app/src
+
+# Copy built frontend assets from frontend builder
+COPY --chown=appuser:0 --from=frontend-builder /frontend/dist /app/frontend/dist
+
+# Copy entrypoint script
+COPY --chown=appuser:0 entrypoint.sh /app/entrypoint.sh
+RUN chmod +x /app/entrypoint.sh
+
+# Make /app group-writable for OpenShift compatibility
+RUN chmod -R g+w /app
+
+# Make appuser home accessible by OpenShift arbitrary UID
+# Only chmod directories (not files) — files are already group-readable by default.
+# Directories need group write+execute for OpenShift's arbitrary UID (in GID 0)
+# to create config/cache files at runtime.
+RUN find /home/appuser -type d -exec chmod g=u {} + \
+    && npm cache clean --force 2>/dev/null; \
+    rm -rf /home/appuser/.npm/_cacache
+
+# Switch back to non-root user for runtime
+USER appuser
+
+# Ensure CLIs are in PATH
+ENV PATH="/home/appuser/.local/bin:/home/appuser/.npm-global/bin:${PATH}"
+# Set HOME for OpenShift compatibility (random UID has no passwd entry)
+ENV HOME="/home/appuser"
+
+EXPOSE 8000
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD curl -f http://localhost:${PORT:-8000}/health || exit 1
+
+# Use uv run for uvicorn
+# --no-sync prevents uv from attempting to modify the venv at runtime.
+# This is required for OpenShift where containers run as an arbitrary UID
+# and may not have write access to the .venv directory.
+ENTRYPOINT ["/app/entrypoint.sh"]
+CMD ["uv", "run", "--no-sync", "uvicorn", "rootcoz.main:app", "--host", "0.0.0.0"]

rootcoz-4.0.0/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+  - myakove
+reviewers:
+  - myakove