# Feature Ideas & Roadmap This document outlines recommended feature additions for OpenRabbit, ordered by value/effort ratio. --- ## Quick Reference | Feature | Value | Effort | Time Estimate | Status | |---------|-------|--------|---------------|--------| | [@codebot help Command](#1-codebot-help-command) | HIGH | LOW | 1-2 hours | ⭐ Recommended | | [Automatic Label Creator](#2-automatic-label-creator) | HIGH | MEDIUM | 2-3 hours | Planned | | [PR Changelog Generator](#3-pr-changelog-generator) | MEDIUM | MEDIUM | 3-4 hours | Planned | | [Code Diff Explainer](#4-code-diff-explainer) | MEDIUM-HIGH | MEDIUM | 2-3 hours | Planned | | [Smart Test Suggestions](#5-smart-test-suggestions) | HIGH | HIGH | 5-6 hours | Planned | | [@codebot review-again](#6-codebot-review-again) | MEDIUM | LOW | 1-2 hours | Planned | | [Dependency Update Advisor](#7-dependency-update-advisor) | VERY HIGH | HIGH | 6-8 hours | Planned | --- ## 1. @codebot help Command **⭐ HIGHEST PRIORITY - Quick Win** ### Problem Users have no way to discover what commands are available. They don't know what the bot can do without reading documentation. ### Solution Add a `@codebot help` command that lists all available commands with descriptions and examples. ### Implementation - Add `help` to `config.yml` commands list - Add `_command_help()` method to IssueAgent - Format response with all commands + descriptions ### Example Output ```markdown @username **Available @codebot Commands:** **Issue Triage & Analysis:** - `@codebot triage` - Full issue triage with auto-labeling and priority assignment - `@codebot summarize` - Generate 2-3 sentence summary - `@codebot explain` - Detailed explanation of the issue - `@codebot suggest` - Solution suggestions or next steps **Interactive Chat:** - `@codebot [question]` - Ask questions about the codebase **Codebase Analysis:** - `@codebot codebase` - Trigger full codebase health analysis **Utility:** - `@codebot help` - Show this message **Examples:** - `@codebot explain` - Get detailed explanation - `@codebot how does authentication work?` - Chat about codebase ``` ### Impact - Immediate UX improvement - Reduces support burden - Makes all future commands discoverable - Foundation for growth ### Files to Modify - `/tools/ai-review/config.yml` - `/tools/ai-review/agents/issue_agent.py` --- ## 2. Automatic Label Creator ### Problem Major setup pain point: users must manually create 10+ labels (`priority: high`, `type: bug`, etc.). Bot silently fails to apply labels if they don't exist. ### Solution Add `@codebot setup-labels` command that: 1. Checks which required labels are missing 2. Creates them with proper colors 3. Or provides CLI commands for manual creation ### Implementation - Add `setup-labels` command - Query repository labels via Gitea API - Compare against required labels in config - Auto-create missing labels or show creation commands ### Example Output ```markdown @username **Label Setup Analysis:** **Missing Labels:** - `priority: high` (color: #d73a4a) - `priority: medium` (color: #fbca04) - `type: bug` (color: #d73a4a) **Creating labels...** ✅ Created `priority: high` ✅ Created `priority: medium` ✅ Created `type: bug` All required labels are now set up! ``` ### Impact - Removes major setup friction - Ensures auto-labeling works immediately - Better onboarding experience ### Files to Modify - `/tools/ai-review/config.yml` - `/tools/ai-review/agents/issue_agent.py` - `/tools/ai-review/clients/gitea_client.py` (add create_label method) --- ## 3. PR Changelog Generator ### Problem Developers spend time writing release notes and changelogs. Bot already analyzes PR content. ### Solution Add `@codebot changelog` command that generates human-readable changelog from PR. ### Implementation - Add `changelog` command for PRs - Analyze PR diff + commit messages - Generate bullet-point summary - Format for CHANGELOG.md ### Example Output ```markdown @username **Changelog for PR #123:** ### Added - User authentication system with JWT tokens - Password reset functionality via email ### Changed - Updated database schema for user table - Refactored login endpoint for better error handling ### Fixed - Session timeout bug causing premature logouts - Security vulnerability in password validation ### Technical Details - 15 files changed, 450 insertions, 120 deletions - Main components: auth/, api/users/, database/ ``` ### Impact - Saves time on release documentation - Consistent changelog format - Can copy-paste into CHANGELOG.md ### Files to Modify - `/tools/ai-review/config.yml` - `/tools/ai-review/agents/pr_agent.py` --- ## 4. Code Diff Explainer ### Problem Complex PRs are hard to understand, especially for: - Non-expert reviewers - New team members - Documentation purposes ### Solution Add `@codebot explain-diff` command that breaks down what changed in simple terms. ### Implementation - Add `explain-diff` command for PRs - Analyze PR diff section by section - Generate plain-language explanations - Identify architectural changes ### Example Output ```markdown @username **PR Explanation:** **Overview:** This PR adds user authentication to the application using JWT tokens. **Key Changes:** 1. **auth/jwt.py** (new file) - Creates JSON Web Tokens for authenticated users - Validates tokens on protected endpoints - Handles token expiration (24 hour lifetime) 2. **api/users.py** (modified) - Added `/login` endpoint that accepts username/password - Returns JWT token on successful authentication - Added `/logout` endpoint to invalidate tokens 3. **database/schema.sql** (modified) - Added `users` table with columns: id, username, password_hash, email - Passwords are hashed using bcrypt (secure) **Architecture Impact:** - Introduces authentication layer across all API endpoints - Adds dependency on PyJWT library - Requires database migration to create users table ``` ### Impact - Makes code review accessible - Great for learning/onboarding - Documentation generation ### Files to Modify - `/tools/ai-review/config.yml` - `/tools/ai-review/agents/pr_agent.py` - `/tools/ai-review/prompts/` (add explain_diff.md) --- ## 5. Smart Test Suggestions ### Problem Test coverage is critical but developers often miss edge cases or forget to update tests. ### Solution Add `@codebot suggest-tests` command that: 1. Analyzes changed functions/classes 2. Identifies what needs testing 3. Suggests specific test cases ### Implementation - Add `suggest-tests` command for PRs - Parse changed code to identify functions - Use LLM to suggest test scenarios - Could integrate with coverage reports ### Example Output ```markdown @username **Test Suggestions for PR #123:** ### auth/jwt.py - `create_token()` function **Recommended Test Cases:** 1. ✅ Valid user creates token successfully 2. ⚠️ **Missing:** Token expiration after 24 hours 3. ⚠️ **Missing:** Invalid user ID handling 4. ⚠️ **Missing:** Token creation with special characters in username ### api/users.py - `/login` endpoint **Recommended Test Cases:** 1. ✅ Successful login with correct credentials 2. ⚠️ **Missing:** Login with wrong password 3. ⚠️ **Missing:** Login with non-existent user 4. ⚠️ **Missing:** SQL injection attempt in username field 5. ⚠️ **Missing:** Rate limiting after failed attempts **Coverage Impact:** - Current coverage: ~60% - With suggested tests: ~85% ``` ### Impact - Improves test coverage - Catches edge cases - Reduces production bugs ### Files to Modify - `/tools/ai-review/config.yml` - `/tools/ai-review/agents/pr_agent.py` - `/tools/ai-review/prompts/` (add test_suggestions.md) --- ## 6. @codebot review-again ### Problem Current workflow: developer fixes issues → pushes commit → bot auto-reviews. Sometimes developers want re-review without creating new commits (e.g., after only changing comments). ### Solution Add `@codebot review-again` command that re-runs PR review on current state. ### Implementation - Add `review-again` command for PRs - Re-run PR agent on current diff - Update existing review comment - Compare with previous review (show what changed) ### Example Output ```markdown @username **Re-review Complete:** **Previous Review:** 5 issues (2 HIGH, 3 MEDIUM) **Current Review:** 1 issue (1 MEDIUM) ✅ Fixed: SQL injection in login endpoint ✅ Fixed: Hardcoded JWT secret ⚠️ Remaining: Missing error handling in password reset **Status:** Changes Required → Approved (pending fix) ``` ### Impact - Smoother PR workflow - No unnecessary commits - Faster feedback loop ### Files to Modify - `/tools/ai-review/config.yml` - `/tools/ai-review/agents/pr_agent.py` --- ## 7. Dependency Update Advisor ### Problem Security vulnerabilities often exist in dependencies. Keeping dependencies up-to-date is critical but tedious. ### Solution Add `@codebot check-deps` command that: 1. Parses requirements.txt, package.json, etc. 2. Checks for outdated packages 3. Warns about CVEs 4. Suggests upgrade commands ### Implementation - Add `check-deps` command - Support multiple package formats (pip, npm, cargo, go) - Integrate with vulnerability databases (CVE, npm audit) - Generate upgrade instructions ### Example Output ```markdown @username **Dependency Analysis:** ### Outdated Packages (5) | Package | Current | Latest | Severity | |---------|---------|--------|----------| | requests | 2.28.0 | 2.31.0 | �� HIGH - CVE-2023-32681 | | django | 3.2.0 | 4.2.8 | 🟡 MEDIUM - Multiple CVEs | | flask | 2.0.0 | 3.0.0 | 🟢 LOW - New features | | pyyaml | 5.4.1 | 6.0.1 | 🔴 HIGH - CVE-2022-38752 | | sqlalchemy | 1.4.0 | 2.0.23 | 🟢 LOW - Performance improvements | ### Recommended Actions **Immediate (Security Vulnerabilities):** ```bash pip install --upgrade requests==2.31.0 pip install --upgrade pyyaml==6.0.1 pip install --upgrade django==4.2.8 ``` **Optional (Feature Updates):** ```bash pip install --upgrade flask==3.0.0 pip install --upgrade sqlalchemy==2.0.23 ``` ### Breaking Changes to Review - **Django 4.x:** Requires Python 3.8+, check compatibility - **Flask 3.x:** Async support added, review async patterns - **SQLAlchemy 2.x:** ORM API changes, review queries ### Resources - [requests CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681) - [pyyaml CVE-2022-38752](https://nvd.nist.gov/vuln/detail/CVE-2022-38752) ``` ### Impact - Critical for security - Keeps projects up-to-date - Prevents technical debt - Reduces manual checking ### Files to Modify - `/tools/ai-review/config.yml` - `/tools/ai-review/agents/issue_agent.py` - Add new module: `/tools/ai-review/dependency_checker.py` ### External APIs Needed - PyPI JSON API for Python packages - npm registry API for JavaScript - NVD (National Vulnerability Database) for CVEs - Or use `pip-audit`, `npm audit` CLI tools --- ## Implementation Priority ### Phase 1: Quick Wins (1-3 hours total) 1. `@codebot help` command 2. `@codebot review-again` command ### Phase 2: High Impact (5-8 hours total) 3. Automatic Label Creator 4. Code Diff Explainer ### Phase 3: Strategic Features (10-15 hours total) 5. Smart Test Suggestions 6. PR Changelog Generator 7. Dependency Update Advisor --- ## Contributing Have an idea for a new feature? Please: 1. Check if it's already listed here 2. Consider value/effort ratio 3. Open an issue describing: - Problem it solves - Proposed solution - Expected impact - Example use case --- ## See Also - [future_roadmap.md](future_roadmap.md) - Long-term vision (SAST, RAG, etc.) - [configuration.md](configuration.md) - How to configure existing features - [agents.md](agents.md) - Current agent capabilities