|
| 1 | +framework: "praisonai" |
| 2 | +topic: "Pull Request Code Review Analysis" |
| 3 | + |
| 4 | +roles: |
| 5 | + security_reviewer: |
| 6 | + role: "Security Code Reviewer" |
| 7 | + goal: "Identify security vulnerabilities, authentication issues, input validation problems, and unsafe code practices in the PR changes" |
| 8 | + backstory: "You are a cybersecurity expert specializing in code analysis. You have extensive experience in identifying common security flaws like injection attacks, authentication bypasses, exposed secrets, and unsafe data handling patterns." |
| 9 | + tools: |
| 10 | + - "execute_command" |
| 11 | + |
| 12 | + performance_reviewer: |
| 13 | + role: "Performance Code Reviewer" |
| 14 | + goal: "Analyze code changes for performance implications, identify bottlenecks, inefficient algorithms, and resource usage issues" |
| 15 | + backstory: "You are a performance optimization specialist with deep knowledge of algorithm efficiency, memory management, and system performance. You excel at spotting code that could cause performance degradation." |
| 16 | + tools: |
| 17 | + - "execute_command" |
| 18 | + |
| 19 | + maintainability_reviewer: |
| 20 | + role: "Code Quality & Maintainability Reviewer" |
| 21 | + goal: "Evaluate code structure, readability, documentation, naming conventions, and adherence to best practices" |
| 22 | + backstory: "You are a software engineering expert focused on code quality and maintainability. You ensure code follows established patterns, is well-documented, and will be easy for future developers to understand and modify." |
| 23 | + tools: |
| 24 | + - "execute_command" |
| 25 | + |
| 26 | + lead_reviewer: |
| 27 | + role: "Lead Technical Reviewer" |
| 28 | + goal: "Synthesize all review feedback, make final recommendations, and post comprehensive review comments to the GitHub PR" |
| 29 | + backstory: "You are a senior technical lead responsible for final review decisions. You coordinate input from security, performance, and maintainability reviewers to provide balanced, actionable feedback to the development team." |
| 30 | + tools: |
| 31 | + - "execute_command" |
| 32 | + |
| 33 | +steps: |
| 34 | + - name: security_analysis |
| 35 | + agent: security_reviewer |
| 36 | + action: | |
| 37 | + Analyze the PR diff for security issues: |
| 38 | + 1. Extract PR details: `echo "$PR_DATA"` |
| 39 | + 2. Get changed files: `echo "$CHANGED_FILES"` |
| 40 | + 3. Review full diff: `gh pr diff ${PR_NUMBER}` |
| 41 | + 4. Look for: |
| 42 | + - Hardcoded secrets, API keys, passwords |
| 43 | + - SQL injection vulnerabilities |
| 44 | + - XSS vulnerabilities |
| 45 | + - Authentication/authorization bypasses |
| 46 | + - Unsafe file operations |
| 47 | + - Command injection risks |
| 48 | + - Missing input validation |
| 49 | + - Exposed sensitive data |
| 50 | + 5. Document findings with file paths and line numbers |
| 51 | + expected_output: "Detailed security analysis report with specific vulnerabilities found, severity levels, and remediation suggestions" |
| 52 | + |
| 53 | + - name: performance_analysis |
| 54 | + agent: performance_reviewer |
| 55 | + action: | |
| 56 | + Analyze the PR diff for performance issues: |
| 57 | + 1. Review algorithm complexity changes |
| 58 | + 2. Check for inefficient database queries |
| 59 | + 3. Identify memory leaks or excessive allocations |
| 60 | + 4. Look for hot-path regressions |
| 61 | + 5. Check for blocking I/O operations |
| 62 | + 6. Analyze module-level imports that could slow startup |
| 63 | + 7. Review caching implementations |
| 64 | + 8. Check for recursive operations without termination |
| 65 | + 9. Document performance concerns with impact estimates |
| 66 | + expected_output: "Performance analysis report highlighting bottlenecks, efficiency concerns, and optimization recommendations" |
| 67 | + |
| 68 | + - name: maintainability_analysis |
| 69 | + agent: maintainability_reviewer |
| 70 | + action: | |
| 71 | + Analyze the PR diff for code quality and maintainability: |
| 72 | + 1. Check naming conventions consistency |
| 73 | + 2. Evaluate code structure and organization |
| 74 | + 3. Review documentation completeness |
| 75 | + 4. Check for DRY violations |
| 76 | + 5. Analyze error handling patterns |
| 77 | + 6. Review test coverage for changes |
| 78 | + 7. Check adherence to repository coding standards |
| 79 | + 8. Evaluate API design consistency |
| 80 | + 9. Look for technical debt introduction |
| 81 | + expected_output: "Code quality analysis with specific recommendations for improving maintainability and readability" |
| 82 | + |
| 83 | + - name: final_review |
| 84 | + agent: lead_reviewer |
| 85 | + action: | |
| 86 | + Synthesize all reviews and post final comprehensive feedback: |
| 87 | + 1. Collect input from security, performance, and maintainability reviews |
| 88 | + 2. Prioritize findings by severity (Critical, High, Medium, Low) |
| 89 | + 3. Create structured review comment using this format: |
| 90 | + |
| 91 | + ## 📋 Review Summary |
| 92 | + [2-3 sentence overview and assessment] |
| 93 | + |
| 94 | + ## 🔍 General Feedback |
| 95 | + [Overall patterns and observations] |
| 96 | + |
| 97 | + ## 🎯 Specific Feedback |
| 98 | + ### 🔴 Critical (if any) |
| 99 | + [Security vulnerabilities, breaking changes, major bugs] |
| 100 | + |
| 101 | + ### 🟡 High (if any) |
| 102 | + [Performance issues, design flaws, significant bugs] |
| 103 | + |
| 104 | + ### 🟢 Medium (if any) |
| 105 | + [Code quality improvements, minor optimizations] |
| 106 | + |
| 107 | + ### 🔵 Low (if any) |
| 108 | + [Documentation, naming suggestions, minor refactoring] |
| 109 | + |
| 110 | + ## ✅ Highlights (if any) |
| 111 | + [Positive aspects worth mentioning] |
| 112 | + |
| 113 | + 4. Post comprehensive review: `echo "[REVIEW_CONTENT]" | gh pr comment ${PR_NUMBER} -F -` |
| 114 | + 5. If critical issues found, suggest not merging until resolved |
| 115 | + expected_output: "Final review comment posted to GitHub PR with comprehensive analysis from all reviewers" |
| 116 | + dependencies: [security_analysis, performance_analysis, maintainability_analysis] |
0 commit comments