Hiddenden/openrabbit
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'fix for commenting on chat, and updating docs.' (#3) from fix/issue-chat into dev

Browse Source 
Reviewed-on: #3
This commit was merged in pull request #3.
This commit is contained in:
Latte
2025-12-28 14:52:46 +00:00
parent 69d9963597 55230d9f69
commit 0910691557
3 changed files with 539 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

440
docs/feature-ideas.md Normal file
View File

@@ -0,0 +1,440 @@
# Feature Ideas & Roadmap
This document outlines recommended feature additions for OpenRabbit, ordered by value/effort ratio.
---
## Quick Reference
| Feature | Value | Effort | Time Estimate | Status |
|---------|-------|--------|---------------|--------|
| [@codebot help Command](#1-codebot-help-command) | HIGH | LOW | 1-2 hours | ⭐ Recommended |
| [Automatic Label Creator](#2-automatic-label-creator) | HIGH | MEDIUM | 2-3 hours | Planned |
| [PR Changelog Generator](#3-pr-changelog-generator) | MEDIUM | MEDIUM | 3-4 hours | Planned |
| [Code Diff Explainer](#4-code-diff-explainer) | MEDIUM-HIGH | MEDIUM | 2-3 hours | Planned |
| [Smart Test Suggestions](#5-smart-test-suggestions) | HIGH | HIGH | 5-6 hours | Planned |
| [@codebot review-again](#6-codebot-review-again) | MEDIUM | LOW | 1-2 hours | Planned |
| [Dependency Update Advisor](#7-dependency-update-advisor) | VERY HIGH | HIGH | 6-8 hours | Planned |
---
## 1. @codebot help Command
**⭐ HIGHEST PRIORITY - Quick Win**
### Problem
Users have no way to discover what commands are available. They don't know what the bot can do without reading documentation.
### Solution
Add a `@codebot help` command that lists all available commands with descriptions and examples.
### Implementation
- Add `help` to `config.yml` commands list
- Add `_command_help()` method to IssueAgent
- Format response with all commands + descriptions
### Example Output
```markdown
@username
**Available @codebot Commands:**
**Issue Triage & Analysis:**
- `@codebot triage` - Full issue triage with auto-labeling and priority assignment
- `@codebot summarize` - Generate 2-3 sentence summary
- `@codebot explain` - Detailed explanation of the issue
- `@codebot suggest` - Solution suggestions or next steps
**Interactive Chat:**
- `@codebot [question]` - Ask questions about the codebase
**Codebase Analysis:**
- `@codebot codebase` - Trigger full codebase health analysis
**Utility:**
- `@codebot help` - Show this message
**Examples:**
- `@codebot explain` - Get detailed explanation
- `@codebot how does authentication work?` - Chat about codebase
```
### Impact
- Immediate UX improvement
- Reduces support burden
- Makes all future commands discoverable
- Foundation for growth
### Files to Modify
- `/tools/ai-review/config.yml`
- `/tools/ai-review/agents/issue_agent.py`
---
## 2. Automatic Label Creator
### Problem
Major setup pain point: users must manually create 10+ labels (`priority: high`, `type: bug`, etc.). Bot silently fails to apply labels if they don't exist.
### Solution
Add `@codebot setup-labels` command that:
1. Checks which required labels are missing
2. Creates them with proper colors
3. Or provides CLI commands for manual creation
### Implementation
- Add `setup-labels` command
- Query repository labels via Gitea API
- Compare against required labels in config
- Auto-create missing labels or show creation commands
### Example Output
```markdown
@username
**Label Setup Analysis:**
**Missing Labels:**
- `priority: high` (color: #d73a4a)
- `priority: medium` (color: #fbca04)
- `type: bug` (color: #d73a4a)
**Creating labels...**
✅ Created `priority: high`
✅ Created `priority: medium`
✅ Created `type: bug`
All required labels are now set up!
```
### Impact
- Removes major setup friction
- Ensures auto-labeling works immediately
- Better onboarding experience
### Files to Modify
- `/tools/ai-review/config.yml`
- `/tools/ai-review/agents/issue_agent.py`
- `/tools/ai-review/clients/gitea_client.py` (add create_label method)
---
## 3. PR Changelog Generator
### Problem
Developers spend time writing release notes and changelogs. Bot already analyzes PR content.
### Solution
Add `@codebot changelog` command that generates human-readable changelog from PR.
### Implementation
- Add `changelog` command for PRs
- Analyze PR diff + commit messages
- Generate bullet-point summary
- Format for CHANGELOG.md
### Example Output
```markdown
@username
**Changelog for PR #123:**
### Added
- User authentication system with JWT tokens
- Password reset functionality via email
### Changed
- Updated database schema for user table
- Refactored login endpoint for better error handling
### Fixed
- Session timeout bug causing premature logouts
- Security vulnerability in password validation
### Technical Details
- 15 files changed, 450 insertions, 120 deletions
- Main components: auth/, api/users/, database/
```
### Impact
- Saves time on release documentation
- Consistent changelog format
- Can copy-paste into CHANGELOG.md
### Files to Modify
- `/tools/ai-review/config.yml`
- `/tools/ai-review/agents/pr_agent.py`
---
## 4. Code Diff Explainer
### Problem
Complex PRs are hard to understand, especially for:
- Non-expert reviewers
- New team members
- Documentation purposes
### Solution
Add `@codebot explain-diff` command that breaks down what changed in simple terms.
### Implementation
- Add `explain-diff` command for PRs
- Analyze PR diff section by section
- Generate plain-language explanations
- Identify architectural changes
### Example Output
```markdown
@username
**PR Explanation:**
**Overview:**
This PR adds user authentication to the application using JWT tokens.
**Key Changes:**
1. **auth/jwt.py** (new file)
- Creates JSON Web Tokens for authenticated users
- Validates tokens on protected endpoints
- Handles token expiration (24 hour lifetime)
2. **api/users.py** (modified)
- Added `/login` endpoint that accepts username/password
- Returns JWT token on successful authentication
- Added `/logout` endpoint to invalidate tokens
3. **database/schema.sql** (modified)
- Added `users` table with columns: id, username, password_hash, email
- Passwords are hashed using bcrypt (secure)
**Architecture Impact:**
- Introduces authentication layer across all API endpoints
- Adds dependency on PyJWT library
- Requires database migration to create users table
```
### Impact
- Makes code review accessible
- Great for learning/onboarding
- Documentation generation
### Files to Modify
- `/tools/ai-review/config.yml`
- `/tools/ai-review/agents/pr_agent.py`
- `/tools/ai-review/prompts/` (add explain_diff.md)
---
## 5. Smart Test Suggestions
### Problem
Test coverage is critical but developers often miss edge cases or forget to update tests.
### Solution
Add `@codebot suggest-tests` command that:
1. Analyzes changed functions/classes
2. Identifies what needs testing
3. Suggests specific test cases
### Implementation
- Add `suggest-tests` command for PRs
- Parse changed code to identify functions
- Use LLM to suggest test scenarios
- Could integrate with coverage reports
### Example Output
```markdown
@username
**Test Suggestions for PR #123:**
### auth/jwt.py - `create_token()` function
**Recommended Test Cases:**
1. ✅ Valid user creates token successfully
2. ⚠️ **Missing:** Token expiration after 24 hours
3. ⚠️ **Missing:** Invalid user ID handling
4. ⚠️ **Missing:** Token creation with special characters in username
### api/users.py - `/login` endpoint
**Recommended Test Cases:**
1. ✅ Successful login with correct credentials
2. ⚠️ **Missing:** Login with wrong password
3. ⚠️ **Missing:** Login with non-existent user
4. ⚠️ **Missing:** SQL injection attempt in username field
5. ⚠️ **Missing:** Rate limiting after failed attempts
**Coverage Impact:**
- Current coverage: ~60%
- With suggested tests: ~85%
```
### Impact
- Improves test coverage
- Catches edge cases
- Reduces production bugs
### Files to Modify
- `/tools/ai-review/config.yml`
- `/tools/ai-review/agents/pr_agent.py`
- `/tools/ai-review/prompts/` (add test_suggestions.md)
---
## 6. @codebot review-again
### Problem
Current workflow: developer fixes issues → pushes commit → bot auto-reviews. Sometimes developers want re-review without creating new commits (e.g., after only changing comments).
### Solution
Add `@codebot review-again` command that re-runs PR review on current state.
### Implementation
- Add `review-again` command for PRs
- Re-run PR agent on current diff
- Update existing review comment
- Compare with previous review (show what changed)
### Example Output
```markdown
@username
**Re-review Complete:**
**Previous Review:** 5 issues (2 HIGH, 3 MEDIUM)
**Current Review:** 1 issue (1 MEDIUM)
✅ Fixed: SQL injection in login endpoint
✅ Fixed: Hardcoded JWT secret
⚠️ Remaining: Missing error handling in password reset
**Status:** Changes Required → Approved (pending fix)
```
### Impact
- Smoother PR workflow
- No unnecessary commits
- Faster feedback loop
### Files to Modify
- `/tools/ai-review/config.yml`
- `/tools/ai-review/agents/pr_agent.py`
---
## 7. Dependency Update Advisor
### Problem
Security vulnerabilities often exist in dependencies. Keeping dependencies up-to-date is critical but tedious.
### Solution
Add `@codebot check-deps` command that:
1. Parses requirements.txt, package.json, etc.
2. Checks for outdated packages
3. Warns about CVEs
4. Suggests upgrade commands
### Implementation
- Add `check-deps` command
- Support multiple package formats (pip, npm, cargo, go)
- Integrate with vulnerability databases (CVE, npm audit)
- Generate upgrade instructions
### Example Output
```markdown
@username
**Dependency Analysis:**
### Outdated Packages (5)
| Package | Current | Latest | Severity |
|---------|---------|--------|----------|
| requests | 2.28.0 | 2.31.0 | <20><> HIGH - CVE-2023-32681 |
| django | 3.2.0 | 4.2.8 | 🟡 MEDIUM - Multiple CVEs |
| flask | 2.0.0 | 3.0.0 | 🟢 LOW - New features |
| pyyaml | 5.4.1 | 6.0.1 | 🔴 HIGH - CVE-2022-38752 |
| sqlalchemy | 1.4.0 | 2.0.23 | 🟢 LOW - Performance improvements |
### Recommended Actions
**Immediate (Security Vulnerabilities):**
```bash
pip install --upgrade requests==2.31.0
pip install --upgrade pyyaml==6.0.1
pip install --upgrade django==4.2.8
```
**Optional (Feature Updates):**
```bash
pip install --upgrade flask==3.0.0
pip install --upgrade sqlalchemy==2.0.23
```
### Breaking Changes to Review
- **Django 4.x:** Requires Python 3.8+, check compatibility
- **Flask 3.x:** Async support added, review async patterns
- **SQLAlchemy 2.x:** ORM API changes, review queries
### Resources
- [requests CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681)
- [pyyaml CVE-2022-38752](https://nvd.nist.gov/vuln/detail/CVE-2022-38752)
```
### Impact
- Critical for security
- Keeps projects up-to-date
- Prevents technical debt
- Reduces manual checking
### Files to Modify
- `/tools/ai-review/config.yml`
- `/tools/ai-review/agents/issue_agent.py`
- Add new module: `/tools/ai-review/dependency_checker.py`
### External APIs Needed
- PyPI JSON API for Python packages
- npm registry API for JavaScript
- NVD (National Vulnerability Database) for CVEs
- Or use `pip-audit`, `npm audit` CLI tools
---
## Implementation Priority
### Phase 1: Quick Wins (1-3 hours total)
1. `@codebot help` command
2. `@codebot review-again` command
### Phase 2: High Impact (5-8 hours total)
3. Automatic Label Creator
4. Code Diff Explainer
### Phase 3: Strategic Features (10-15 hours total)
5. Smart Test Suggestions
6. PR Changelog Generator
7. Dependency Update Advisor
---
## Contributing
Have an idea for a new feature? Please:
1. Check if it's already listed here
2. Consider value/effort ratio
3. Open an issue describing:
- Problem it solves
- Proposed solution
- Expected impact
- Example use case
---
## See Also
- [future_roadmap.md](future_roadmap.md) - Long-term vision (SAST, RAG, etc.)
- [configuration.md](configuration.md) - How to configure existing features
- [agents.md](agents.md) - Current agent capabilities

142
tools/ai-review/agents/chat_agent.py
View File

@@ -11,9 +11,9 @@ import re
from dataclasses import dataclass
import requests
from clients.llm_client import ToolCall
from agents.base_agent import AgentContext, AgentResult, BaseAgent
from clients.llm_client import ToolCall
@dataclass
@@ -114,8 +114,10 @@ Repository context: {owner}/{repo}
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self._searxng_url = self.config.get("agents", {}).get("chat", {}).get(
"searxng_url", os.environ.get("SEARXNG_URL", "")
self._searxng_url = (
self.config.get("agents", {})
.get("chat", {})
.get("searxng_url", os.environ.get("SEARXNG_URL", ""))
)
def can_handle(self, event_type: str, event_data: dict) -> bool:
@@ -133,7 +135,13 @@ Repository context: {owner}/{repo}
# Check if this is a chat request (any @ai-bot mention that isn't a specific command)
if mention_prefix in comment_body:
# Check it's not another specific command
specific_commands = ["summarize", "explain", "suggest", "security", "codebase"]
specific_commands = [
"summarize",
"explain",
"suggest",
"security",
"codebase",
]
body_lower = comment_body.lower()
for cmd in specific_commands:
if f"{mention_prefix} {cmd}" in body_lower:
@@ -150,18 +158,24 @@ Repository context: {owner}/{repo}
"""Execute the chat agent."""
self.logger.info(f"Starting chat for {context.owner}/{context.repo}")
# Extract user message
# Extract user message and author
if context.event_type == "issue_comment":
user_message = context.event_data.get("comment", {}).get("body", "")
issue_index = context.event_data.get("issue", {}).get("number")
# Remove the @ai-bot prefix
comment_author = (
context.event_data.get("comment", {})
.get("user", {})
.get("login", "user")
)
# Remove the @codebot prefix
mention_prefix = self.config.get("interaction", {}).get(
"mention_prefix", "@ai-bot"
"mention_prefix", "@codebot"
)
user_message = user_message.replace(mention_prefix, "").strip()
else:
user_message = context.event_data.get("message", "")
issue_index = context.event_data.get("issue_number")
comment_author = None
if not user_message:
return AgentResult(
@@ -191,13 +205,10 @@ Repository context: {owner}/{repo}
# Post response if this is an issue comment
if issue_index:
comment_body = self._format_response(response_content)
self.upsert_comment(
context.owner,
context.repo,
issue_index,
comment_body,
marker=self.CHAT_AI_MARKER,
comment_body = self._format_response(response_content, comment_author)
# Create a new comment instead of upserting to make conversation flow better
self.gitea.create_issue_comment(
context.owner, context.repo, issue_index, comment_body
)
actions_taken.append("Posted chat response")
@@ -230,21 +241,23 @@ Repository context: {owner}/{repo}
return response.content, tools_used
# Add assistant message with tool calls
messages.append({
"role": "assistant",
"content": response.content or "",
"tool_calls": [
{
"id": tc.id,
"type": "function",
"function": {
"name": tc.name,
"arguments": str(tc.arguments),
},
}
for tc in response.tool_calls
],
})
messages.append(
{
"role": "assistant",
"content": response.content or "",
"tool_calls": [
{
"id": tc.id,
"type": "function",
"function": {
"name": tc.name,
"arguments": str(tc.arguments),
},
}
for tc in response.tool_calls
],
}
)
# Execute each tool call
for tool_call in response.tool_calls:
@@ -252,11 +265,13 @@ Repository context: {owner}/{repo}
tools_used.append(tool_call.name)
# Add tool result to messages
messages.append({
"role": "tool",
"tool_call_id": tool_call.id,
"content": tool_result,
})
messages.append(
{
"role": "tool",
"tool_call_id": tool_call.id,
"content": tool_result,
}
)
# If we hit max iterations, make one final call without tools
self._rate_limit()
@@ -357,15 +372,38 @@ Repository context: {owner}/{repo}
# Code extensions to search
code_extensions = {
".py", ".js", ".ts", ".go", ".rs", ".java", ".rb",
".php", ".c", ".cpp", ".h", ".cs", ".swift", ".kt",
".md", ".yml", ".yaml", ".json", ".toml",
".py",
".js",
".ts",
".go",
".rs",
".java",
".rb",
".php",
".c",
".cpp",
".h",
".cs",
".swift",
".kt",
".md",
".yml",
".yaml",
".json",
".toml",
}
# Patterns to ignore
ignore_patterns = [
"node_modules/", "vendor/", ".git/", "__pycache__/",
".venv/", "dist/", "build/", ".min.js", ".min.css",
"node_modules/",
"vendor/",
".git/",
"__pycache__/",
".venv/",
"dist/",
"build/",
".min.js",
".min.css",
]
def traverse(path: str = ""):
@@ -397,6 +435,7 @@ Repository context: {owner}/{repo}
def _match_pattern(self, filepath: str, pattern: str) -> bool:
"""Check if filepath matches a simple glob pattern."""
import fnmatch
return fnmatch.fnmatch(filepath, pattern)
def _tool_read_file(self, context: AgentContext, filepath: str) -> str:
@@ -458,13 +497,22 @@ Repository context: {owner}/{repo}
except requests.exceptions.RequestException as e:
return f"Web search failed: {e}"
def _format_response(self, content: str) -> str:
def _format_response(self, content: str, user: str | None = None) -> str:
"""Format the chat response with disclaimer."""
lines = [
f"{self.AI_DISCLAIMER}",
"",
"---",
"",
content,
]
lines = []
# Add user mention if available
if user:
lines.append(f"@{user}")
lines.append("")
lines.extend(
[
f"{self.AI_DISCLAIMER}",
"",
"---",
"",
content,
]
)
return "\n".join(lines)

5
tools/ai-review/agents/issue_agent.py
View File

@@ -153,14 +153,17 @@ class IssueAgent(BaseAgent):
comment = context.event_data.get("comment", {})
issue_index = issue.get("number")
comment_body = comment.get("body", "")
comment_author = comment.get("user", {}).get("login", "user")
# Parse command from mention
command = self._parse_command(comment_body)
if command:
response = self._handle_command(context, issue, command)
# Add user mention at the top
response_with_mention = f"@{comment_author}\n\n{response}"
self.gitea.create_issue_comment(
context.owner, context.repo, issue_index, response
context.owner, context.repo, issue_index, response_with_mention
)
return AgentResult(
success=True,