latte
55230d9f69
All checks were successful
Enterprise AI Code Review / ai-review (pull_request) Successful in 20s
12 KiB
12 KiB
Feature Ideas & Roadmap
This document outlines recommended feature additions for OpenRabbit, ordered by value/effort ratio.
Quick Reference
| Feature | Value | Effort | Time Estimate | Status |
|---|---|---|---|---|
| @codebot help Command | HIGH | LOW | 1-2 hours | ⭐ Recommended |
| Automatic Label Creator | HIGH | MEDIUM | 2-3 hours | Planned |
| PR Changelog Generator | MEDIUM | MEDIUM | 3-4 hours | Planned |
| Code Diff Explainer | MEDIUM-HIGH | MEDIUM | 2-3 hours | Planned |
| Smart Test Suggestions | HIGH | HIGH | 5-6 hours | Planned |
| @codebot review-again | MEDIUM | LOW | 1-2 hours | Planned |
| Dependency Update Advisor | VERY HIGH | HIGH | 6-8 hours | Planned |
1. @codebot help Command
⭐ HIGHEST PRIORITY - Quick Win
Problem
Users have no way to discover what commands are available. They don't know what the bot can do without reading documentation.
Solution
Add a @codebot help command that lists all available commands with descriptions and examples.
Implementation
- Add
helptoconfig.ymlcommands list - Add
_command_help()method to IssueAgent - Format response with all commands + descriptions
Example Output
@username
**Available @codebot Commands:**
**Issue Triage & Analysis:**
- `@codebot triage` - Full issue triage with auto-labeling and priority assignment
- `@codebot summarize` - Generate 2-3 sentence summary
- `@codebot explain` - Detailed explanation of the issue
- `@codebot suggest` - Solution suggestions or next steps
**Interactive Chat:**
- `@codebot [question]` - Ask questions about the codebase
**Codebase Analysis:**
- `@codebot codebase` - Trigger full codebase health analysis
**Utility:**
- `@codebot help` - Show this message
**Examples:**
- `@codebot explain` - Get detailed explanation
- `@codebot how does authentication work?` - Chat about codebase
Impact
- Immediate UX improvement
- Reduces support burden
- Makes all future commands discoverable
- Foundation for growth
Files to Modify
/tools/ai-review/config.yml/tools/ai-review/agents/issue_agent.py
2. Automatic Label Creator
Problem
Major setup pain point: users must manually create 10+ labels (priority: high, type: bug, etc.). Bot silently fails to apply labels if they don't exist.
Solution
Add @codebot setup-labels command that:
- Checks which required labels are missing
- Creates them with proper colors
- Or provides CLI commands for manual creation
Implementation
- Add
setup-labelscommand - Query repository labels via Gitea API
- Compare against required labels in config
- Auto-create missing labels or show creation commands
Example Output
@username
**Label Setup Analysis:**
**Missing Labels:**
- `priority: high` (color: #d73a4a)
- `priority: medium` (color: #fbca04)
- `type: bug` (color: #d73a4a)
**Creating labels...**
✅ Created `priority: high`
✅ Created `priority: medium`
✅ Created `type: bug`
All required labels are now set up!
Impact
- Removes major setup friction
- Ensures auto-labeling works immediately
- Better onboarding experience
Files to Modify
/tools/ai-review/config.yml/tools/ai-review/agents/issue_agent.py/tools/ai-review/clients/gitea_client.py(add create_label method)
3. PR Changelog Generator
Problem
Developers spend time writing release notes and changelogs. Bot already analyzes PR content.
Solution
Add @codebot changelog command that generates human-readable changelog from PR.
Implementation
- Add
changelogcommand for PRs - Analyze PR diff + commit messages
- Generate bullet-point summary
- Format for CHANGELOG.md
Example Output
@username
**Changelog for PR #123:**
### Added
- User authentication system with JWT tokens
- Password reset functionality via email
### Changed
- Updated database schema for user table
- Refactored login endpoint for better error handling
### Fixed
- Session timeout bug causing premature logouts
- Security vulnerability in password validation
### Technical Details
- 15 files changed, 450 insertions, 120 deletions
- Main components: auth/, api/users/, database/
Impact
- Saves time on release documentation
- Consistent changelog format
- Can copy-paste into CHANGELOG.md
Files to Modify
/tools/ai-review/config.yml/tools/ai-review/agents/pr_agent.py
4. Code Diff Explainer
Problem
Complex PRs are hard to understand, especially for:
- Non-expert reviewers
- New team members
- Documentation purposes
Solution
Add @codebot explain-diff command that breaks down what changed in simple terms.
Implementation
- Add
explain-diffcommand for PRs - Analyze PR diff section by section
- Generate plain-language explanations
- Identify architectural changes
Example Output
@username
**PR Explanation:**
**Overview:**
This PR adds user authentication to the application using JWT tokens.
**Key Changes:**
1. **auth/jwt.py** (new file)
- Creates JSON Web Tokens for authenticated users
- Validates tokens on protected endpoints
- Handles token expiration (24 hour lifetime)
2. **api/users.py** (modified)
- Added `/login` endpoint that accepts username/password
- Returns JWT token on successful authentication
- Added `/logout` endpoint to invalidate tokens
3. **database/schema.sql** (modified)
- Added `users` table with columns: id, username, password_hash, email
- Passwords are hashed using bcrypt (secure)
**Architecture Impact:**
- Introduces authentication layer across all API endpoints
- Adds dependency on PyJWT library
- Requires database migration to create users table
Impact
- Makes code review accessible
- Great for learning/onboarding
- Documentation generation
Files to Modify
/tools/ai-review/config.yml/tools/ai-review/agents/pr_agent.py/tools/ai-review/prompts/(add explain_diff.md)
5. Smart Test Suggestions
Problem
Test coverage is critical but developers often miss edge cases or forget to update tests.
Solution
Add @codebot suggest-tests command that:
- Analyzes changed functions/classes
- Identifies what needs testing
- Suggests specific test cases
Implementation
- Add
suggest-testscommand for PRs - Parse changed code to identify functions
- Use LLM to suggest test scenarios
- Could integrate with coverage reports
Example Output
@username
**Test Suggestions for PR #123:**
### auth/jwt.py - `create_token()` function
**Recommended Test Cases:**
1. ✅ Valid user creates token successfully
2. ⚠️ **Missing:** Token expiration after 24 hours
3. ⚠️ **Missing:** Invalid user ID handling
4. ⚠️ **Missing:** Token creation with special characters in username
### api/users.py - `/login` endpoint
**Recommended Test Cases:**
1. ✅ Successful login with correct credentials
2. ⚠️ **Missing:** Login with wrong password
3. ⚠️ **Missing:** Login with non-existent user
4. ⚠️ **Missing:** SQL injection attempt in username field
5. ⚠️ **Missing:** Rate limiting after failed attempts
**Coverage Impact:**
- Current coverage: ~60%
- With suggested tests: ~85%
Impact
- Improves test coverage
- Catches edge cases
- Reduces production bugs
Files to Modify
/tools/ai-review/config.yml/tools/ai-review/agents/pr_agent.py/tools/ai-review/prompts/(add test_suggestions.md)
6. @codebot review-again
Problem
Current workflow: developer fixes issues → pushes commit → bot auto-reviews. Sometimes developers want re-review without creating new commits (e.g., after only changing comments).
Solution
Add @codebot review-again command that re-runs PR review on current state.
Implementation
- Add
review-againcommand for PRs - Re-run PR agent on current diff
- Update existing review comment
- Compare with previous review (show what changed)
Example Output
@username
**Re-review Complete:**
**Previous Review:** 5 issues (2 HIGH, 3 MEDIUM)
**Current Review:** 1 issue (1 MEDIUM)
✅ Fixed: SQL injection in login endpoint
✅ Fixed: Hardcoded JWT secret
⚠️ Remaining: Missing error handling in password reset
**Status:** Changes Required → Approved (pending fix)
Impact
- Smoother PR workflow
- No unnecessary commits
- Faster feedback loop
Files to Modify
/tools/ai-review/config.yml/tools/ai-review/agents/pr_agent.py
7. Dependency Update Advisor
Problem
Security vulnerabilities often exist in dependencies. Keeping dependencies up-to-date is critical but tedious.
Solution
Add @codebot check-deps command that:
- Parses requirements.txt, package.json, etc.
- Checks for outdated packages
- Warns about CVEs
- Suggests upgrade commands
Implementation
- Add
check-depscommand - Support multiple package formats (pip, npm, cargo, go)
- Integrate with vulnerability databases (CVE, npm audit)
- Generate upgrade instructions
Example Output
@username
**Dependency Analysis:**
### Outdated Packages (5)
| Package | Current | Latest | Severity |
|---------|---------|--------|----------|
| requests | 2.28.0 | 2.31.0 | <20><> HIGH - CVE-2023-32681 |
| django | 3.2.0 | 4.2.8 | 🟡 MEDIUM - Multiple CVEs |
| flask | 2.0.0 | 3.0.0 | 🟢 LOW - New features |
| pyyaml | 5.4.1 | 6.0.1 | 🔴 HIGH - CVE-2022-38752 |
| sqlalchemy | 1.4.0 | 2.0.23 | 🟢 LOW - Performance improvements |
### Recommended Actions
**Immediate (Security Vulnerabilities):**
```bash
pip install --upgrade requests==2.31.0
pip install --upgrade pyyaml==6.0.1
pip install --upgrade django==4.2.8
Optional (Feature Updates):
pip install --upgrade flask==3.0.0
pip install --upgrade sqlalchemy==2.0.23
Breaking Changes to Review
- Django 4.x: Requires Python 3.8+, check compatibility
- Flask 3.x: Async support added, review async patterns
- SQLAlchemy 2.x: ORM API changes, review queries
Resources
### Impact
- Critical for security
- Keeps projects up-to-date
- Prevents technical debt
- Reduces manual checking
### Files to Modify
- `/tools/ai-review/config.yml`
- `/tools/ai-review/agents/issue_agent.py`
- Add new module: `/tools/ai-review/dependency_checker.py`
### External APIs Needed
- PyPI JSON API for Python packages
- npm registry API for JavaScript
- NVD (National Vulnerability Database) for CVEs
- Or use `pip-audit`, `npm audit` CLI tools
---
## Implementation Priority
### Phase 1: Quick Wins (1-3 hours total)
1. `@codebot help` command
2. `@codebot review-again` command
### Phase 2: High Impact (5-8 hours total)
3. Automatic Label Creator
4. Code Diff Explainer
### Phase 3: Strategic Features (10-15 hours total)
5. Smart Test Suggestions
6. PR Changelog Generator
7. Dependency Update Advisor
---
## Contributing
Have an idea for a new feature? Please:
1. Check if it's already listed here
2. Consider value/effort ratio
3. Open an issue describing:
- Problem it solves
- Proposed solution
- Expected impact
- Example use case
---
## See Also
- [future_roadmap.md](future_roadmap.md) - Long-term vision (SAST, RAG, etc.)
- [configuration.md](configuration.md) - How to configure existing features
- [agents.md](agents.md) - Current agent capabilities