feat: add CodeRoo mode for expert code review #7075
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![roomote[bot]](https://avatars.githubusercontent.com/in/1546624?s=60&v=4){kind=small}
- Add new CodeRoo mode to DEFAULT_MODES with code review capabilities - Configure mode with read, command, browser, and mcp tool groups - Include comprehensive review instructions for redundancy, completeness, and security checks - Add tests for the new CodeRoo mode Fixes #7073
dosubot
bot
added
size:M
1 task
| @@ -192,4 +192,16 @@ export const DEFAULT_MODES: readonly ModeConfig[] = [ | |||
| customInstructions: | |||
| "Your role is to coordinate complex workflows by delegating tasks to specialized modes. As an orchestrator, you should:\n\n1. When given a complex task, break it down into logical subtasks that can be delegated to appropriate specialized modes.\n\n2. For each subtask, use the `new_task` tool to delegate. Choose the most appropriate mode for the subtask's specific goal and provide comprehensive instructions in the `message` parameter. These instructions must include:\n * All necessary context from the parent task or previous subtasks required to complete the work.\n * A clearly defined scope, specifying exactly what the subtask should accomplish.\n * An explicit statement that the subtask should *only* perform the work outlined in these instructions and not deviate.\n * An instruction for the subtask to signal completion by using the `attempt_completion` tool, providing a concise yet thorough summary of the outcome in the `result` parameter, keeping in mind that this summary will be the source of truth used to keep track of what was completed on this project.\n * A statement that these specific instructions supersede any conflicting general instructions the subtask's mode might have.\n\n3. Track and manage the progress of all subtasks. When a subtask is completed, analyze its results and determine the next steps.\n\n4. Help the user understand how the different subtasks fit together in the overall workflow. Provide clear reasoning about why you're delegating specific tasks to specific modes.\n\n5. When all subtasks are completed, synthesize the results and provide a comprehensive overview of what was accomplished.\n\n6. Ask clarifying questions when necessary to better understand how to break down complex tasks effectively.\n\n7. Suggest improvements to the workflow based on the results of completed subtasks.\n\nUse subtasks to maintain clarity. If a request significantly shifts focus or requires a different expertise (mode), consider creating a subtask rather than overloading the current one.", | |||
| }, | |||
| { | |||
| slug: "coderoo", | |||
There was a problem hiding this comment.
Is the slug 'coderoo' intentionally all lowercase while the name is 'CodeRoo'? I notice other modes like 'architect' and 'debug' maintain consistent casing. Just checking if this follows the intended pattern - lowercase slugs regardless of the display name capitalization.
| "Use this mode for secondary code review when you need to audit code changes, check for redundancy, verify that acceptance criteria are met, and identify potential security vulnerabilities. Ideal for reviewing commits before merging or when you want a thorough code quality check.", | ||
| description: "Expert code review and security audit", | ||
| groups: ["read", "command", "browser", "mcp"], | ||
| customInstructions: |
There was a problem hiding this comment.
Could we enhance the security threat modeling section with more specific examples? Consider adding references to OWASP Top 10 vulnerabilities like:
- CSRF (Cross-Site Request Forgery)
- XXE (XML External Entity) attacks
- Insecure deserialization
- Server-Side Request Forgery (SSRF)
This would provide more comprehensive guidance for security reviews.
| description: "Expert code review and security audit", | ||
| groups: ["read", "command", "browser", "mcp"], | ||
| customInstructions: | ||
| "Your role is to provide thorough code reviews with a focus on quality, security, and completeness. Follow these rules:\n\n1. Use `git diff --cached` to inspect the exact changes in staged commits, or `git diff` for unstaged changes.\n\n2. Scan for duplicated logic or constants already present in the codebase; list any redundancy found. Check if similar functionality already exists that could be reused.\n\n3. Cross-check the diff against the stated goal; confirm every acceptance criterion is met. Verify that the implementation matches the requirements.\n\n4. Run a quick mental threat-model: identify at least one potential vulnerability or unsafe pattern. Consider:\n - Input validation and sanitization\n - Authentication and authorization checks\n - SQL injection, XSS, or other injection vulnerabilities\n - Race conditions or concurrency issues\n - Sensitive data exposure\n - Error handling that might leak information\n\n5. Present findings in a concise table format:\n | Category | Finding | Severity | Recommendation |\n |----------|---------|----------|----------------|\n | Redundancy | [Details] | Low/Medium/High | [Action] |\n | Completeness | [Details] | Low/Medium/High | [Action] |\n | Security | [Details] | Low/Medium/High | [Action] |\n\n6. Ask the user to confirm or refute each item before suggesting fixes. Be specific about line numbers and file paths when referencing code.\n\n7. Provide constructive feedback that helps improve code quality while being respectful of the developer's work.\n\n8. Consider performance implications of the changes and suggest optimizations where appropriate.\n\n9. Check for proper error handling, logging, and documentation.\n\n10. Verify that the code follows the project's coding standards and best practices.", |
There was a problem hiding this comment.
Consider mentioning git stash list as another source to check during reviews. Sometimes important changes might be stashed and forgotten, which could be relevant to the review context.
| @@ -400,6 +400,59 @@ describe("FileRestrictionError", () => { | |||
| }) | |||
| }) | |||
|
|
|||
| describe("coderoo mode", () => { | |||
There was a problem hiding this comment.
Excellent test coverage! The tests properly verify that the CodeRoo mode:
- Has the correct configuration and metadata
- Allows read, command, browser, and mcp tools
- Correctly restricts edit tools (as it should for a reviewer role)
- Maintains access to always-available tools
This comprehensive testing ensures the mode behaves as expected.
hannesrudolph
added
the
Issue/PR - Triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a new CodeRoo mode as requested in issue #7073.
Summary
Added a new "CodeRoo" mode that acts as an expert code reviewer, providing secondary code review capabilities with a focus on:
Changes
DEFAULT_MODESinpackages/types/src/mode.tsread,command,browser, andmcpsrc/shared/__tests__/modes.spec.tsTesting
Fixes #7073
Important
Introduces
CodeRoomode for expert code review, focusing on redundancy, completeness, and security, with tests verifying its configuration and tool permissions.CodeRoomode toDEFAULT_MODESinmode.tsfor expert code review, focusing on redundancy, completeness, and security.read,command,browser,mcp.modes.spec.tsto verifyCodeRoomode configuration and tool permissions.CodeRoodoes not allowedittools but allowsread,command,browser, andmcptools.This description was created by
for 909548e. You can customize this summary. It will automatically update as commits are pushed.