From 55230d9f69d038d44062f2752eb81e90d1cde665 Mon Sep 17 00:00:00 2001 From: latte Date: Sun, 28 Dec 2025 14:44:44 +0000 Subject: [PATCH] fix for commenting on chat, and updating docs. --- docs/feature-ideas.md | 440 ++++++++++++++++++++++++++ tools/ai-review/agents/chat_agent.py | 142 ++++++--- tools/ai-review/agents/issue_agent.py | 5 +- 3 files changed, 539 insertions(+), 48 deletions(-) create mode 100644 docs/feature-ideas.md diff --git a/docs/feature-ideas.md b/docs/feature-ideas.md new file mode 100644 index 0000000..51e54e4 --- /dev/null +++ b/docs/feature-ideas.md @@ -0,0 +1,440 @@ +# Feature Ideas & Roadmap + +This document outlines recommended feature additions for OpenRabbit, ordered by value/effort ratio. + +--- + +## Quick Reference + +| Feature | Value | Effort | Time Estimate | Status | +|---------|-------|--------|---------------|--------| +| [@codebot help Command](#1-codebot-help-command) | HIGH | LOW | 1-2 hours | ⭐ Recommended | +| [Automatic Label Creator](#2-automatic-label-creator) | HIGH | MEDIUM | 2-3 hours | Planned | +| [PR Changelog Generator](#3-pr-changelog-generator) | MEDIUM | MEDIUM | 3-4 hours | Planned | +| [Code Diff Explainer](#4-code-diff-explainer) | MEDIUM-HIGH | MEDIUM | 2-3 hours | Planned | +| [Smart Test Suggestions](#5-smart-test-suggestions) | HIGH | HIGH | 5-6 hours | Planned | +| [@codebot review-again](#6-codebot-review-again) | MEDIUM | LOW | 1-2 hours | Planned | +| [Dependency Update Advisor](#7-dependency-update-advisor) | VERY HIGH | HIGH | 6-8 hours | Planned | + +--- + +## 1. @codebot help Command + +**⭐ HIGHEST PRIORITY - Quick Win** + +### Problem +Users have no way to discover what commands are available. They don't know what the bot can do without reading documentation. + +### Solution +Add a `@codebot help` command that lists all available commands with descriptions and examples. + +### Implementation +- Add `help` to `config.yml` commands list +- Add `_command_help()` method to IssueAgent +- Format response with all commands + descriptions + +### Example Output +```markdown +@username + +**Available @codebot Commands:** + +**Issue Triage & Analysis:** +- `@codebot triage` - Full issue triage with auto-labeling and priority assignment +- `@codebot summarize` - Generate 2-3 sentence summary +- `@codebot explain` - Detailed explanation of the issue +- `@codebot suggest` - Solution suggestions or next steps + +**Interactive Chat:** +- `@codebot [question]` - Ask questions about the codebase + +**Codebase Analysis:** +- `@codebot codebase` - Trigger full codebase health analysis + +**Utility:** +- `@codebot help` - Show this message + +**Examples:** +- `@codebot explain` - Get detailed explanation +- `@codebot how does authentication work?` - Chat about codebase +``` + +### Impact +- Immediate UX improvement +- Reduces support burden +- Makes all future commands discoverable +- Foundation for growth + +### Files to Modify +- `/tools/ai-review/config.yml` +- `/tools/ai-review/agents/issue_agent.py` + +--- + +## 2. Automatic Label Creator + +### Problem +Major setup pain point: users must manually create 10+ labels (`priority: high`, `type: bug`, etc.). Bot silently fails to apply labels if they don't exist. + +### Solution +Add `@codebot setup-labels` command that: +1. Checks which required labels are missing +2. Creates them with proper colors +3. Or provides CLI commands for manual creation + +### Implementation +- Add `setup-labels` command +- Query repository labels via Gitea API +- Compare against required labels in config +- Auto-create missing labels or show creation commands + +### Example Output +```markdown +@username + +**Label Setup Analysis:** + +**Missing Labels:** +- `priority: high` (color: #d73a4a) +- `priority: medium` (color: #fbca04) +- `type: bug` (color: #d73a4a) + +**Creating labels...** +✅ Created `priority: high` +✅ Created `priority: medium` +✅ Created `type: bug` + +All required labels are now set up! +``` + +### Impact +- Removes major setup friction +- Ensures auto-labeling works immediately +- Better onboarding experience + +### Files to Modify +- `/tools/ai-review/config.yml` +- `/tools/ai-review/agents/issue_agent.py` +- `/tools/ai-review/clients/gitea_client.py` (add create_label method) + +--- + +## 3. PR Changelog Generator + +### Problem +Developers spend time writing release notes and changelogs. Bot already analyzes PR content. + +### Solution +Add `@codebot changelog` command that generates human-readable changelog from PR. + +### Implementation +- Add `changelog` command for PRs +- Analyze PR diff + commit messages +- Generate bullet-point summary +- Format for CHANGELOG.md + +### Example Output +```markdown +@username + +**Changelog for PR #123:** + +### Added +- User authentication system with JWT tokens +- Password reset functionality via email + +### Changed +- Updated database schema for user table +- Refactored login endpoint for better error handling + +### Fixed +- Session timeout bug causing premature logouts +- Security vulnerability in password validation + +### Technical Details +- 15 files changed, 450 insertions, 120 deletions +- Main components: auth/, api/users/, database/ +``` + +### Impact +- Saves time on release documentation +- Consistent changelog format +- Can copy-paste into CHANGELOG.md + +### Files to Modify +- `/tools/ai-review/config.yml` +- `/tools/ai-review/agents/pr_agent.py` + +--- + +## 4. Code Diff Explainer + +### Problem +Complex PRs are hard to understand, especially for: +- Non-expert reviewers +- New team members +- Documentation purposes + +### Solution +Add `@codebot explain-diff` command that breaks down what changed in simple terms. + +### Implementation +- Add `explain-diff` command for PRs +- Analyze PR diff section by section +- Generate plain-language explanations +- Identify architectural changes + +### Example Output +```markdown +@username + +**PR Explanation:** + +**Overview:** +This PR adds user authentication to the application using JWT tokens. + +**Key Changes:** + +1. **auth/jwt.py** (new file) + - Creates JSON Web Tokens for authenticated users + - Validates tokens on protected endpoints + - Handles token expiration (24 hour lifetime) + +2. **api/users.py** (modified) + - Added `/login` endpoint that accepts username/password + - Returns JWT token on successful authentication + - Added `/logout` endpoint to invalidate tokens + +3. **database/schema.sql** (modified) + - Added `users` table with columns: id, username, password_hash, email + - Passwords are hashed using bcrypt (secure) + +**Architecture Impact:** +- Introduces authentication layer across all API endpoints +- Adds dependency on PyJWT library +- Requires database migration to create users table +``` + +### Impact +- Makes code review accessible +- Great for learning/onboarding +- Documentation generation + +### Files to Modify +- `/tools/ai-review/config.yml` +- `/tools/ai-review/agents/pr_agent.py` +- `/tools/ai-review/prompts/` (add explain_diff.md) + +--- + +## 5. Smart Test Suggestions + +### Problem +Test coverage is critical but developers often miss edge cases or forget to update tests. + +### Solution +Add `@codebot suggest-tests` command that: +1. Analyzes changed functions/classes +2. Identifies what needs testing +3. Suggests specific test cases + +### Implementation +- Add `suggest-tests` command for PRs +- Parse changed code to identify functions +- Use LLM to suggest test scenarios +- Could integrate with coverage reports + +### Example Output +```markdown +@username + +**Test Suggestions for PR #123:** + +### auth/jwt.py - `create_token()` function + +**Recommended Test Cases:** +1. ✅ Valid user creates token successfully +2. ⚠️ **Missing:** Token expiration after 24 hours +3. ⚠️ **Missing:** Invalid user ID handling +4. ⚠️ **Missing:** Token creation with special characters in username + +### api/users.py - `/login` endpoint + +**Recommended Test Cases:** +1. ✅ Successful login with correct credentials +2. ⚠️ **Missing:** Login with wrong password +3. ⚠️ **Missing:** Login with non-existent user +4. ⚠️ **Missing:** SQL injection attempt in username field +5. ⚠️ **Missing:** Rate limiting after failed attempts + +**Coverage Impact:** +- Current coverage: ~60% +- With suggested tests: ~85% +``` + +### Impact +- Improves test coverage +- Catches edge cases +- Reduces production bugs + +### Files to Modify +- `/tools/ai-review/config.yml` +- `/tools/ai-review/agents/pr_agent.py` +- `/tools/ai-review/prompts/` (add test_suggestions.md) + +--- + +## 6. @codebot review-again + +### Problem +Current workflow: developer fixes issues → pushes commit → bot auto-reviews. Sometimes developers want re-review without creating new commits (e.g., after only changing comments). + +### Solution +Add `@codebot review-again` command that re-runs PR review on current state. + +### Implementation +- Add `review-again` command for PRs +- Re-run PR agent on current diff +- Update existing review comment +- Compare with previous review (show what changed) + +### Example Output +```markdown +@username + +**Re-review Complete:** + +**Previous Review:** 5 issues (2 HIGH, 3 MEDIUM) +**Current Review:** 1 issue (1 MEDIUM) + +✅ Fixed: SQL injection in login endpoint +✅ Fixed: Hardcoded JWT secret +⚠️ Remaining: Missing error handling in password reset + +**Status:** Changes Required → Approved (pending fix) +``` + +### Impact +- Smoother PR workflow +- No unnecessary commits +- Faster feedback loop + +### Files to Modify +- `/tools/ai-review/config.yml` +- `/tools/ai-review/agents/pr_agent.py` + +--- + +## 7. Dependency Update Advisor + +### Problem +Security vulnerabilities often exist in dependencies. Keeping dependencies up-to-date is critical but tedious. + +### Solution +Add `@codebot check-deps` command that: +1. Parses requirements.txt, package.json, etc. +2. Checks for outdated packages +3. Warns about CVEs +4. Suggests upgrade commands + +### Implementation +- Add `check-deps` command +- Support multiple package formats (pip, npm, cargo, go) +- Integrate with vulnerability databases (CVE, npm audit) +- Generate upgrade instructions + +### Example Output +```markdown +@username + +**Dependency Analysis:** + +### Outdated Packages (5) + +| Package | Current | Latest | Severity | +|---------|---------|--------|----------| +| requests | 2.28.0 | 2.31.0 | �� HIGH - CVE-2023-32681 | +| django | 3.2.0 | 4.2.8 | 🟡 MEDIUM - Multiple CVEs | +| flask | 2.0.0 | 3.0.0 | 🟢 LOW - New features | +| pyyaml | 5.4.1 | 6.0.1 | 🔴 HIGH - CVE-2022-38752 | +| sqlalchemy | 1.4.0 | 2.0.23 | 🟢 LOW - Performance improvements | + +### Recommended Actions + +**Immediate (Security Vulnerabilities):** +```bash +pip install --upgrade requests==2.31.0 +pip install --upgrade pyyaml==6.0.1 +pip install --upgrade django==4.2.8 +``` + +**Optional (Feature Updates):** +```bash +pip install --upgrade flask==3.0.0 +pip install --upgrade sqlalchemy==2.0.23 +``` + +### Breaking Changes to Review +- **Django 4.x:** Requires Python 3.8+, check compatibility +- **Flask 3.x:** Async support added, review async patterns +- **SQLAlchemy 2.x:** ORM API changes, review queries + +### Resources +- [requests CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681) +- [pyyaml CVE-2022-38752](https://nvd.nist.gov/vuln/detail/CVE-2022-38752) +``` + +### Impact +- Critical for security +- Keeps projects up-to-date +- Prevents technical debt +- Reduces manual checking + +### Files to Modify +- `/tools/ai-review/config.yml` +- `/tools/ai-review/agents/issue_agent.py` +- Add new module: `/tools/ai-review/dependency_checker.py` + +### External APIs Needed +- PyPI JSON API for Python packages +- npm registry API for JavaScript +- NVD (National Vulnerability Database) for CVEs +- Or use `pip-audit`, `npm audit` CLI tools + +--- + +## Implementation Priority + +### Phase 1: Quick Wins (1-3 hours total) +1. `@codebot help` command +2. `@codebot review-again` command + +### Phase 2: High Impact (5-8 hours total) +3. Automatic Label Creator +4. Code Diff Explainer + +### Phase 3: Strategic Features (10-15 hours total) +5. Smart Test Suggestions +6. PR Changelog Generator +7. Dependency Update Advisor + +--- + +## Contributing + +Have an idea for a new feature? Please: +1. Check if it's already listed here +2. Consider value/effort ratio +3. Open an issue describing: + - Problem it solves + - Proposed solution + - Expected impact + - Example use case + +--- + +## See Also + +- [future_roadmap.md](future_roadmap.md) - Long-term vision (SAST, RAG, etc.) +- [configuration.md](configuration.md) - How to configure existing features +- [agents.md](agents.md) - Current agent capabilities diff --git a/tools/ai-review/agents/chat_agent.py b/tools/ai-review/agents/chat_agent.py index b7b6f04..a3aeffc 100644 --- a/tools/ai-review/agents/chat_agent.py +++ b/tools/ai-review/agents/chat_agent.py @@ -11,9 +11,9 @@ import re from dataclasses import dataclass import requests +from clients.llm_client import ToolCall from agents.base_agent import AgentContext, AgentResult, BaseAgent -from clients.llm_client import ToolCall @dataclass @@ -114,8 +114,10 @@ Repository context: {owner}/{repo} def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self._searxng_url = self.config.get("agents", {}).get("chat", {}).get( - "searxng_url", os.environ.get("SEARXNG_URL", "") + self._searxng_url = ( + self.config.get("agents", {}) + .get("chat", {}) + .get("searxng_url", os.environ.get("SEARXNG_URL", "")) ) def can_handle(self, event_type: str, event_data: dict) -> bool: @@ -133,7 +135,13 @@ Repository context: {owner}/{repo} # Check if this is a chat request (any @ai-bot mention that isn't a specific command) if mention_prefix in comment_body: # Check it's not another specific command - specific_commands = ["summarize", "explain", "suggest", "security", "codebase"] + specific_commands = [ + "summarize", + "explain", + "suggest", + "security", + "codebase", + ] body_lower = comment_body.lower() for cmd in specific_commands: if f"{mention_prefix} {cmd}" in body_lower: @@ -150,18 +158,24 @@ Repository context: {owner}/{repo} """Execute the chat agent.""" self.logger.info(f"Starting chat for {context.owner}/{context.repo}") - # Extract user message + # Extract user message and author if context.event_type == "issue_comment": user_message = context.event_data.get("comment", {}).get("body", "") issue_index = context.event_data.get("issue", {}).get("number") - # Remove the @ai-bot prefix + comment_author = ( + context.event_data.get("comment", {}) + .get("user", {}) + .get("login", "user") + ) + # Remove the @codebot prefix mention_prefix = self.config.get("interaction", {}).get( - "mention_prefix", "@ai-bot" + "mention_prefix", "@codebot" ) user_message = user_message.replace(mention_prefix, "").strip() else: user_message = context.event_data.get("message", "") issue_index = context.event_data.get("issue_number") + comment_author = None if not user_message: return AgentResult( @@ -191,13 +205,10 @@ Repository context: {owner}/{repo} # Post response if this is an issue comment if issue_index: - comment_body = self._format_response(response_content) - self.upsert_comment( - context.owner, - context.repo, - issue_index, - comment_body, - marker=self.CHAT_AI_MARKER, + comment_body = self._format_response(response_content, comment_author) + # Create a new comment instead of upserting to make conversation flow better + self.gitea.create_issue_comment( + context.owner, context.repo, issue_index, comment_body ) actions_taken.append("Posted chat response") @@ -230,21 +241,23 @@ Repository context: {owner}/{repo} return response.content, tools_used # Add assistant message with tool calls - messages.append({ - "role": "assistant", - "content": response.content or "", - "tool_calls": [ - { - "id": tc.id, - "type": "function", - "function": { - "name": tc.name, - "arguments": str(tc.arguments), - }, - } - for tc in response.tool_calls - ], - }) + messages.append( + { + "role": "assistant", + "content": response.content or "", + "tool_calls": [ + { + "id": tc.id, + "type": "function", + "function": { + "name": tc.name, + "arguments": str(tc.arguments), + }, + } + for tc in response.tool_calls + ], + } + ) # Execute each tool call for tool_call in response.tool_calls: @@ -252,11 +265,13 @@ Repository context: {owner}/{repo} tools_used.append(tool_call.name) # Add tool result to messages - messages.append({ - "role": "tool", - "tool_call_id": tool_call.id, - "content": tool_result, - }) + messages.append( + { + "role": "tool", + "tool_call_id": tool_call.id, + "content": tool_result, + } + ) # If we hit max iterations, make one final call without tools self._rate_limit() @@ -357,15 +372,38 @@ Repository context: {owner}/{repo} # Code extensions to search code_extensions = { - ".py", ".js", ".ts", ".go", ".rs", ".java", ".rb", - ".php", ".c", ".cpp", ".h", ".cs", ".swift", ".kt", - ".md", ".yml", ".yaml", ".json", ".toml", + ".py", + ".js", + ".ts", + ".go", + ".rs", + ".java", + ".rb", + ".php", + ".c", + ".cpp", + ".h", + ".cs", + ".swift", + ".kt", + ".md", + ".yml", + ".yaml", + ".json", + ".toml", } # Patterns to ignore ignore_patterns = [ - "node_modules/", "vendor/", ".git/", "__pycache__/", - ".venv/", "dist/", "build/", ".min.js", ".min.css", + "node_modules/", + "vendor/", + ".git/", + "__pycache__/", + ".venv/", + "dist/", + "build/", + ".min.js", + ".min.css", ] def traverse(path: str = ""): @@ -397,6 +435,7 @@ Repository context: {owner}/{repo} def _match_pattern(self, filepath: str, pattern: str) -> bool: """Check if filepath matches a simple glob pattern.""" import fnmatch + return fnmatch.fnmatch(filepath, pattern) def _tool_read_file(self, context: AgentContext, filepath: str) -> str: @@ -458,13 +497,22 @@ Repository context: {owner}/{repo} except requests.exceptions.RequestException as e: return f"Web search failed: {e}" - def _format_response(self, content: str) -> str: + def _format_response(self, content: str, user: str | None = None) -> str: """Format the chat response with disclaimer.""" - lines = [ - f"{self.AI_DISCLAIMER}", - "", - "---", - "", - content, - ] + lines = [] + + # Add user mention if available + if user: + lines.append(f"@{user}") + lines.append("") + + lines.extend( + [ + f"{self.AI_DISCLAIMER}", + "", + "---", + "", + content, + ] + ) return "\n".join(lines) diff --git a/tools/ai-review/agents/issue_agent.py b/tools/ai-review/agents/issue_agent.py index 1c4e325..4490022 100644 --- a/tools/ai-review/agents/issue_agent.py +++ b/tools/ai-review/agents/issue_agent.py @@ -153,14 +153,17 @@ class IssueAgent(BaseAgent): comment = context.event_data.get("comment", {}) issue_index = issue.get("number") comment_body = comment.get("body", "") + comment_author = comment.get("user", {}).get("login", "user") # Parse command from mention command = self._parse_command(comment_body) if command: response = self._handle_command(context, issue, command) + # Add user mention at the top + response_with_mention = f"@{comment_author}\n\n{response}" self.gitea.create_issue_comment( - context.owner, context.repo, issue_index, response + context.owner, context.repo, issue_index, response_with_mention ) return AgentResult( success=True, -- 2.49.1