getsentry · szokeasaurusrex · Jan 14, 2026 · Jan 14, 2026 · Jan 14, 2026 · Jan 14, 2026
@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - release/**
+  # Make release builds so we can test the PoC
+  pull_request:
 
 jobs:
   linux:

@@ -0,0 +1,88 @@
+# Implementation Notes: `sentry-cli review` Command
+
+This document captures implementation details, edge cases, and notes for the `sentry-cli review` PoC.
+
+## Current Implementation
+
+The `review` command sends the diff of the most recent commit (HEAD vs HEAD~1) to Sentry's bug prediction API for AI-powered code review.
+
+### Endpoint
+
+`POST /api/0/bug-prediction/cli/`
+
+### Request Format
+
+```json
+{
+  "remote_url": "[email protected]:owner/repo.git",
+  "base_commit_sha": "abc123...",
+  "diff": "<unified diff output>"
+}
+```
+
+### Response Format
+
+```json
+{
+  "predictions": [
+    {
+      "file_path": "src/example.rs",
+      "line_number": 42,
+      "description": "Potential null pointer dereference",
+      "severity": "high",
+      "suggested_fix": "Add null check before accessing"
+    }
+  ]
+}
+```
+
+## Edge Cases
+
+### Handled (with errors)
+
+| Edge Case | Behavior |
+|-----------|----------|
+| Initial commit (no parent) | Error: "HEAD has no parent commit - cannot review initial commit" |
+| Merge commits | Error: "HEAD is a merge commit. Merge commits are not supported for review." |
+| Large diffs (>500KB) | Error with size details |
+| No remote configured | Error: "No remote URL found for 'origin' or 'upstream'" |
+| Empty diff | Error: "No changes found between HEAD and HEAD~1" |
+| Not in a git repository | Error: "Failed to open git repository from current directory" |
+
+### Handled (silently)
+
+| Edge Case | Behavior |
+|-----------|----------|
+| Binary files in diff | Skipped (not included in diff) |
+
+### Not Handled (future work)
+
+| Edge Case | Notes |
+|-----------|-------|
+| Detached HEAD state | Currently works (uses commit SHA) but could be more user-friendly |
+| Rate limiting | No retry logic or rate limit handling |
+| Network timeouts | Uses 10-minute timeout, no retry on failure |
+| Partial/interrupted response | No streaming support |
+| Multiple remotes | Currently only checks "origin" then "upstream" |
+| Shallow clones | May fail if parent commit is not available |
+
+## Configuration
+
+| Setting | Value | Notes |
+|---------|-------|-------|
+| Timeout | 10 minutes | API response expected to take a long time |
+| Max diff size | 500 KB | Per API spec |
+
+## API Changes
+
+Added `with_timeout()` method to `ApiRequest` in `src/api/mod.rs` to support long-running requests.
+
+## Future Considerations
+
+1. **Selecting commits to review**: Currently reviews HEAD vs HEAD~1. Future versions could allow specifying a commit range or reviewing uncommitted changes.
+
+2. **Output formats**: Currently outputs human-readable text. Future versions could support JSON output for machine consumption.
+
+3. **Integration with CI**: Could add options for failing the build based on severity of issues found.
+
+4. **Caching**: Could cache results for the same commit SHA to avoid redundant API calls.
@@ -0,0 +1,34 @@
+The idea is to do a fast PoC, throw away code is OK. To see what we can put together and learn from it. Test the idea out there via GitHub discussion/Discord/Twitter (I'm curious what the community will say/react).. and then we can make a proper plan of how we'd do this "for real"
+the story is: Skill that instructs your coding agent to "check with Sentry for bugs" before opening a PR. So your agent still commits locally, but then calls sentry-cli with the diff, and automatically works on the review comments
+
+Goals:
+
+Understand what changes will be needed for the ideal design in the backend
+
+Authentication alternatives
+
+Async vs sync workflows
+
+Rate limiting
+
+Accessing the source code to run the full bug prediction server-side
+
+Assess if the sentry-cli is the right choice. Some trade offs to take into account:
+
+Pros:
+
+sentry-cli is the CLI of Sentry. That's easier for customers to understand
+
+Already has auth built-in
+
+Battle tested, security reviews
+
+Already in customers machines, bundled via build plugins etc.
+
+Cons:
+
+Build servers download the CLI and its size impact build times. Customers are sensitive to the CLI ever growing size
+
+Doesn't require a completely new implementation of CLI, documentation, new repo/release flows, security review, transport and authentication
+
+The main use case of the CLI today is to run in build servers (release, sourcemap/debug file upload) or production servers ( send-event, cron and log capture). By adding PR review we're adding a development time workflow