public/code-crispies
2
1
Fork 0
Code Issues Pull Requests 1 Actions Activity
Files
main
code-crispies/.wave/pipelines/gh-pr-review.yaml

179 lines
4.8 KiB
YAML
Raw Permalink Blame History

kind: WavePipeline
metadata:
name: gh-pr-review
description: "GitHub pull request code review with automated security and quality analysis"
release: true
input:
source: cli
example: "review the authentication module"
steps:
- id: diff-analysis
persona: navigator
workspace:
mount:
- source: ./
target: /project
mode: readonly
exec:
type: prompt
source: |
Analyze the code changes for: {{ input }}
1. Identify all modified files and their purposes
2. Map the change scope (which modules/packages affected)
3. Find related tests that should be updated
4. Check for breaking API changes
Produce a structured result matching the contract schema.
output_artifacts:
- name: diff
path: .wave/output/diff-analysis.json
type: json
handover:
contract:
type: json_schema
source: .wave/output/diff-analysis.json
schema_path: .wave/contracts/diff-analysis.schema.json
on_failure: retry
max_retries: 2
- id: security-review
persona: reviewer
dependencies: [diff-analysis]
memory:
inject_artifacts:
- step: diff-analysis
artifact: diff
as: changes
exec:
type: prompt
source: |
Security review of the PR changes.
Check for:
1. SQL injection, XSS, CSRF vulnerabilities
2. Hardcoded secrets or credentials
3. Insecure deserialization
4. Missing input validation
5. Authentication/authorization gaps
6. Sensitive data exposure
Output findings with severity (CRITICAL/HIGH/MEDIUM/LOW).
output_artifacts:
- name: security
path: .wave/output/security-review.md
type: markdown
handover:
contract:
type: non_empty_file
source: .wave/output/security-review.md
- id: quality-review
persona: reviewer
dependencies: [diff-analysis]
memory:
inject_artifacts:
- step: diff-analysis
artifact: diff
as: changes
exec:
type: prompt
source: |
Quality review of the PR changes.
Check for:
1. Error handling completeness
2. Edge cases not covered
3. Code duplication
4. Naming consistency
5. Missing or inadequate tests
6. Performance implications
7. Documentation gaps
Output findings with severity and suggestions.
output_artifacts:
- name: quality
path: .wave/output/quality-review.md
type: markdown
handover:
contract:
type: non_empty_file
source: .wave/output/quality-review.md
- id: summary
persona: summarizer
dependencies: [security-review, quality-review]
memory:
inject_artifacts:
- step: security-review
artifact: security
as: security_findings
- step: quality-review
artifact: quality
as: quality_findings
exec:
type: prompt
source: |
Synthesize the review findings into a final verdict.
Produce a unified review with:
1. Overall assessment (APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION)
2. Critical issues that must be fixed
3. Suggested improvements (optional but recommended)
4. Positive observations
Format as a PR review comment ready to post.
Do NOT include a title/header line — the publish step adds one.
output_artifacts:
- name: verdict
path: .wave/output/review-summary.md
type: markdown
handover:
contract:
type: non_empty_file
source: .wave/output/review-summary.md
- id: publish
persona: github-commenter
dependencies: [summary]
memory:
inject_artifacts:
- step: summary
artifact: verdict
as: review_summary
exec:
type: prompt
source: |
Post the code review summary as a PR comment.
The original input was: {{ input }}
Extract the PR number or URL from the input.
1. Post the review as a PR comment using:
gh pr comment <PR_NUMBER_OR_URL> --body "## Code Review (Wave Pipeline)
<review content>
---
*Generated by [Wave](https://github.com/re-cinq/wave) gh-pr-review pipeline*"
output_artifacts:
- name: publish-result
path: .wave/output/publish-result.json
type: json
handover:
contract:
type: json_schema
source: .wave/output/publish-result.json
schema_path: .wave/contracts/gh-pr-comment-result.schema.json
must_pass: true
on_failure: retry
max_retries: 2
outcomes:
- type: url
extract_from: .wave/output/publish-result.json
json_path: .comment_url
label: "Review Comment"
Reference in New Issue View Git Blame Copy Permalink