diff --git a/agents/code-reviewer/AGENT.md b/agents/code-reviewer/AGENT.md new file mode 100644 index 0000000..c01e001 --- /dev/null +++ b/agents/code-reviewer/AGENT.md @@ -0,0 +1,98 @@ +# Code Reviewer Agent + +Specialized agent for automated code review of pull requests. Provides immediate, structured feedback on code changes. + +## Skills + +- forgejo +- code-review + +## Capabilities + +This agent can: +- Fetch PR diffs via `fj pr view diff` +- Analyze code for quality issues +- Identify potential bugs and logic errors +- Check for security vulnerabilities +- Evaluate code style and consistency +- Assess test coverage gaps +- Post structured review comments via `fj pr comment` + +## When to Use + +Spawn this agent for: +- Automated review after PR creation (e.g., from `/work-issue`) +- On-demand code review of any PR +- Pre-merge quality checks + +This agent should be spawned asynchronously so it doesn't block the main workflow. + +## Behavior + +### Input + +The agent expects a PR number as input: +``` +Review PR # +``` + +### Review Process + +1. Fetch PR details and diff using `fj pr view diff` +2. Analyze the diff for: + - **Code Quality**: Readability, maintainability, complexity + - **Bugs**: Logic errors, edge cases, null checks + - **Security**: Injection vulnerabilities, auth issues, data exposure + - **Style**: Naming conventions, formatting, consistency + - **Test Coverage**: Missing tests, untested edge cases +3. Generate a structured review comment +4. Post the review via `fj pr comment ""` + +### Review Comment Format + +The agent posts reviews in this structured format: + +```markdown +## AI Code Review + +> This is an automated review generated by the code-reviewer agent. + +### Summary +[Brief overall assessment] + +### Findings + +#### Code Quality +- [Finding 1] +- [Finding 2] + +#### Potential Bugs +- [Finding or "No issues found"] + +#### Security Concerns +- [Finding or "No issues found"] + +#### Style Notes +- [Finding or "Consistent with codebase"] + +#### Test Coverage +- [Finding or "Adequate coverage"] + +### Verdict +[LGTM / Needs Changes / Blocking Issues] +``` + +## Example Usage + +From the main conversation, spawn this agent asynchronously: + +``` +Task: Review PR #42 +Agent: code-reviewer +Background: true +``` + +## Dependencies + +- Requires `fj` CLI to be configured and authenticated +- Uses `code-review` skill for analysis guidelines diff --git a/skills/code-review/SKILL.md b/skills/code-review/SKILL.md new file mode 100644 index 0000000..a91cd3c --- /dev/null +++ b/skills/code-review/SKILL.md @@ -0,0 +1,152 @@ +# Code Review + +Guidelines for reviewing code changes in pull requests. + +## Review Categories + +### Code Quality + +Look for: +- **Readability**: Clear naming, logical structure, appropriate comments +- **Maintainability**: Easy to modify, follows DRY, single responsibility +- **Complexity**: Avoid deep nesting, overly long functions, complex conditionals +- **Dead code**: Unused variables, unreachable code, commented-out blocks + +Questions to ask: +- Can someone unfamiliar with this code understand it quickly? +- Would I be comfortable maintaining this code? +- Does this follow existing patterns in the codebase? + +### Potential Bugs + +Look for: +- **Edge cases**: Empty arrays, null values, boundary conditions +- **Logic errors**: Off-by-one, incorrect operators, inverted conditions +- **Race conditions**: Async operations, shared state +- **Resource leaks**: Unclosed connections, missing cleanup +- **Error handling**: Unhandled exceptions, silent failures + +Questions to ask: +- What happens with unexpected input? +- Are all error paths handled appropriately? +- Could concurrent execution cause issues? + +### Security Concerns + +Look for: +- **Injection**: SQL, command, XSS vulnerabilities +- **Authentication**: Bypasses, weak validation +- **Authorization**: Missing permission checks +- **Data exposure**: Logging secrets, exposing internals +- **Dependencies**: Known vulnerabilities in imports + +Questions to ask: +- Could an attacker exploit this? +- Is user input properly validated and sanitized? +- Are secrets properly protected? + +### Style & Consistency + +Look for: +- **Naming conventions**: Match existing codebase style +- **Formatting**: Consistent indentation, spacing +- **File organization**: Logical grouping, appropriate location +- **Import order**: Following project conventions + +Note: Style issues are lower priority than functional concerns. + +### Test Coverage + +Look for: +- **Missing tests**: New functionality without tests +- **Edge cases**: Boundary conditions not tested +- **Error paths**: Exception handling not verified +- **Integration**: Component interactions not covered + +Questions to ask: +- Would these tests catch a regression? +- Are the assertions meaningful? +- Do tests cover the acceptance criteria? + +## Review Process + +1. **Understand context**: Read PR description and linked issues +2. **High-level scan**: Understand overall structure and approach +3. **Detailed review**: Go through changes file by file +4. **Consider impact**: Think about side effects and dependencies +5. **Provide feedback**: Be constructive and specific + +## Writing Review Comments + +### Be Constructive +- Explain *why* something is an issue +- Suggest alternatives when possible +- Distinguish between blocking issues and suggestions + +### Be Specific +- Reference exact lines or code blocks +- Provide concrete examples +- Link to relevant documentation or patterns + +### Be Kind +- Phrase feedback as questions when appropriate +- Acknowledge good solutions +- Remember there's a person receiving this feedback + +## Verdict Criteria + +### LGTM (Looks Good To Me) +- No blocking issues +- Code meets quality standards +- Tests are adequate +- Ready to merge + +### Needs Changes +- Minor issues that should be addressed +- Style improvements +- Missing tests for edge cases +- Not blocking, but worth fixing + +### Blocking Issues +- Security vulnerabilities +- Logic errors that would cause bugs +- Missing critical functionality +- Breaking changes without migration + +## Review Comment Template + +```markdown +## AI Code Review + +> This is an automated review generated by the code-reviewer agent. + +### Summary +[1-2 sentence overall assessment of the changes] + +### Findings + +#### Code Quality +- [Issue with specific file:line reference and explanation] +- [Or "Code is well-structured and readable"] + +#### Potential Bugs +- [Bug risk with explanation] +- [Or "No obvious issues found"] + +#### Security Concerns +- [Security issue with severity] +- [Or "No security concerns identified"] + +#### Style Notes +- [Style improvement suggestion] +- [Or "Consistent with codebase conventions"] + +#### Test Coverage +- [Missing test scenario] +- [Or "Tests adequately cover changes"] + +### Verdict +**[LGTM / Needs Changes / Blocking Issues]** + +[Brief explanation of verdict] +```