public/librenotes
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1230c6a5381d1f8286ba73b42d16d6f4acbd8d1e
librenotes/.wave/pipelines/code-review.yaml
Michael Czechowski fc24f9a8ab Add Wave general-purpose pipelines 
ADR, changelog, code-review, debug, doc-sync, explain, feature,
hotfix, improve, onboard, plan, prototype, refactor, security-scan,
smoke-test, speckit-flow, supervise, test-gen, and more.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 17:02:36 +01:00

166 lines
4.4 KiB
YAML
Raw Blame History

kind: WavePipeline
metadata:
name: code-review
description: "Comprehensive code review for pull requests"
release: true
input:
source: cli
example: "review the authentication module"
steps:
- id: diff-analysis
persona: navigator
workspace:
mount:
- source: ./
target: /project
mode: readonly
exec:
type: prompt
source: |
Analyze the code changes for: {{ input }}
1. Identify all modified files and their purposes
2. Map the change scope (which modules/packages affected)
3. Find related tests that should be updated
4. Check for breaking API changes
Produce a structured result matching the contract schema.
output_artifacts:
- name: diff
path: .wave/output/diff-analysis.json
type: json
handover:
contract:
type: json_schema
source: .wave/output/diff-analysis.json
schema_path: .wave/contracts/diff-analysis.schema.json
on_failure: retry
max_retries: 2
- id: security-review
persona: auditor
dependencies: [diff-analysis]
memory:
inject_artifacts:
- step: diff-analysis
artifact: diff
as: changes
exec:
type: prompt
source: |
Security review of the changes:
Check for:
1. SQL injection, XSS, CSRF vulnerabilities
2. Hardcoded secrets or credentials
3. Insecure deserialization
4. Missing input validation
5. Authentication/authorization gaps
6. Sensitive data exposure
Output findings with severity (CRITICAL/HIGH/MEDIUM/LOW).
output_artifacts:
- name: security
path: .wave/output/security-review.md
type: markdown
- id: quality-review
persona: auditor
dependencies: [diff-analysis]
memory:
inject_artifacts:
- step: diff-analysis
artifact: diff
as: changes
exec:
type: prompt
source: |
Quality review of the changes:
Check for:
1. Error handling completeness
2. Edge cases not covered
3. Code duplication
4. Naming consistency
5. Missing or inadequate tests
6. Performance implications
7. Documentation gaps
Output findings with severity and suggestions.
output_artifacts:
- name: quality
path: .wave/output/quality-review.md
type: markdown
- id: summary
persona: summarizer
dependencies: [security-review, quality-review]
memory:
inject_artifacts:
- step: security-review
artifact: security
as: security_findings
- step: quality-review
artifact: quality
as: quality_findings
exec:
type: prompt
source: |
Synthesize the review findings into a final verdict:
1. Overall assessment (APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION)
2. Critical issues that must be fixed
3. Suggested improvements (optional but recommended)
4. Positive observations
Format as a PR review comment ready to post.
Do NOT include a title/header line — the publish step adds one.
output_artifacts:
- name: verdict
path: .wave/output/review-summary.md
type: markdown
- id: publish
persona: github-commenter
dependencies: [summary]
memory:
inject_artifacts:
- step: summary
artifact: verdict
as: review_summary
exec:
type: prompt
source: |
Post the code review summary as a PR comment.
The original input was: {{ input }}
Extract the PR number or URL from the input.
1. Post the review as a PR comment using:
gh pr comment <PR_NUMBER_OR_URL> --body "## Code Review (Wave Pipeline)
<review content>
---
*Generated by [Wave](https://github.com/re-cinq/wave) code-review pipeline*"
output_artifacts:
- name: publish-result
path: .wave/output/publish-result.json
type: json
handover:
contract:
type: json_schema
source: .wave/output/publish-result.json
schema_path: .wave/contracts/publish-result.schema.json
must_pass: true
on_failure: retry
max_retries: 2
outcomes:
- type: url
extract_from: .wave/output/publish-result.json
json_path: .comment_url
label: "Review Comment"
Reference in New Issue View Git Blame Copy Permalink