PR Code Review #6043
PR Code Review #6043
Conversation
…d PHP Add three new recipe templates for code review processes: - Flutter/Dart code review with Context7 docs and Flutter AI rules - JavaScript/TypeScript review with Context7 docs and tessl.io registry - PHP review with Context7 docs and modern PHP 8+ best practices Each template includes standard and council mode review workflows Signed-off-by: Valerii Kot <valerii.kot@rimthan.com>
|
🔍 Recipe Security Scan Results ❌ Status: BLOCKED - One or more recipes have MEDIUM risk or higher
📊 Scan Summary:
📋 Individual Recipe Results: 🔗 View detailed scan results in the workflow artifacts. |
- Standardize git diff command to use origin/main...HEAD - Remove redundant uncommitted changes explanation - Update context7 extension configuration from builtin to stdio - Add context7 command details and description Signed-off-by: Valerii Kot <valerii.kot@rimthan.com>
|
🔍 Recipe Security Scan Results ❌ Status: BLOCKED - One or more recipes have MEDIUM risk or higher
📊 Scan Summary:
📋 Individual Recipe Results: 🔗 View detailed scan results in the workflow artifacts. |
Modify review instructions in flutter, php, and js recipes to analyze changes using PR metadata rather than running git commands. This ensures a read-only approach to file examination and improves security by preventing accidental mutations. Signed-off-by: Valerii Kot <valerii.kot@rimthan.com>
|
🔍 Recipe Security Scan Results ❌ Status: BLOCKED - One or more recipes have MEDIUM risk or higher
📊 Scan Summary:
📋 Individual Recipe Results: 🔗 View detailed scan results in the workflow artifacts. |
…emplates - Simplify flutter-pr-code-review.yaml description and instructions - Add new javascript-react-pr-code-review.yaml template - Add new php-pr-code-review.yaml template - Update contact information across files Signed-off-by: Valerii Kot <valerii.kot@rimthan.com>
|
🔍 Recipe Security Scan Results ❌ Status: BLOCKED - One or more recipes have MEDIUM risk or higher
📊 Scan Summary:
📋 Individual Recipe Results: 🔗 View detailed scan results in the workflow artifacts. |
Update the Context7 MCP package to version 1.0.31 and standardize the description across all recipe files to clarify it's the official Upstash server Signed-off-by: Valerii Kot <valerii.kot@rimthan.com>
|
🔍 Recipe Security Scan Results ❌ Status: BLOCKED - One or more recipes have MEDIUM risk or higher
📊 Scan Summary:
📋 Individual Recipe Results: 🔗 View detailed scan results in the workflow artifacts. |
Signed-off-by: Valerii Kot <valerii.kot@rimthan.com>
|
🔍 Recipe Security Scan Results ❌ Status: BLOCKED - One or more recipes have MEDIUM risk or higher
📊 Scan Summary:
📋 Individual Recipe Results: 🔗 View detailed scan results in the workflow artifacts. |
Update code review templates to use text-based labels ([CRITICAL], [WARNING], etc.) instead of emoji indicators for better accessibility and consistency across different platforms. Changes applied to PHP, JavaScript/React, and Flutter review templates. Signed-off-by: Valerii Kot <valerii.kot@rimthan.com>
|
🔍 Recipe Security Scan Results ✅ Status: APPROVED - All recipes passed security scan 📊 Scan Summary:
📋 Individual Recipe Results: 🔗 View detailed scan results in the workflow artifacts. |
There was a problem hiding this comment.
Thanks for these code review recipes! A few issues to address:
1. Interactive vs Headless Conflict
Lines 322-337 define a prompt that asks "which review mode they want" - this is interactive. Per goose docs, prompt is for headless execution and shouldn't ask questions.
Fix: Remove prompt field (keep instructions only for interactive use).
2. Excessive Length (500+ lines)
Existing recipes in this repo: 27-530 lines, most under 300. These are 505-556 lines, with:
- Lines 400-477: YAML comments explaining multi-provider workflows (belongs in docs)
- Lines 62-143 are redundant - the recipe already instructs the AI to fetch best practices from Context7 (lines 23-31)
- Lines 200-321: Prescriptive step-by-step persona instructions
Fix: Remove implementation comments, simplify instructions to reference best practices rather than hardcoding them.
3. Council Mode Adds Complexity
Lines 169-321 implement multi-persona reviews requiring 3-9 separate runs with external wrapper scripts.
Fix: Split into subrecipes or simplify to single-pass review.
Happy to help simplify while preserving the core value. Thoughts?
Remove LLM Council mode instructions and simplify review recipes for Flutter, JavaScript/React, and PHP. Focus on core best practices and Context7 documentation while removing less essential content to make the recipes more concise and maintainable. Signed-off-by: Valerii Kot <valerii.kot@rimthan.com>
|
🔍 Recipe Security Scan Results ✅ Status: APPROVED - All recipes passed security scan 📊 Scan Summary:
📋 Individual Recipe Results: 🔗 View detailed scan results in the workflow artifacts. |
blackgirlbytes
dismissed
clouatre’s stale review
ismissing this review as the requested changes have been addressed in the Dec 15 commit:
✅ prompt field removed (no more interactive/headless conflict)
✅ Recipes reduced from 500+ lines to ~125 lines each
✅ Council Mode removed entirely
Thanks @clouatre for the feedback - it significantly improved the recipe!
…ovider * 'main' of github.com:block/goose: PR Code Review (#6043) fix(docs): use dynamic import for globby ESM module (#6636) chore: trigger CI Document tab completion (#6635) Install goose-mcp crate dependencies (#6632) feat(goose): standardize agent-session-id for session correlation (#6626) chore: tweak release docs (#6571) fix(goose): propagate session_id across providers and MCP (#6584)
* main: docs: ml-based prompt injection detection (#6627) Strip the audience for compacting (#6646) chore(release): release version 1.21.0 (minor) (#6634) add collapsable chat nav (#6649) fix: capitalize Rust in CONTRIBUTING.md (#6640) chore(deps): bump lodash from 4.17.21 to 4.17.23 in /ui/desktop (#6623) Vibe mcp apps (#6569) Add session forking capability (#5882) chore(deps): bump lodash from 4.17.21 to 4.17.23 in /documentation (#6624) fix(docs): use named import for globby v13 (#6639) PR Code Review (#6043) fix(docs): use dynamic import for globby ESM module (#6636) chore: trigger CI Document tab completion (#6635) Install goose-mcp crate dependencies (#6632) feat(goose): standardize agent-session-id for session correlation (#6626)
Signed-off-by: Valerii Kot <valerii.kot@rimthan.com> Signed-off-by: fbalicchia <fbalicchia@cuebiq.com>
* origin/main: Fix GCP Vertex AI global endpoint support for Gemini 3 models (#6187) fix: macOS keychain infinite prompt loop (#6620) chore: reduce duplicate or unused cargo deps (#6630) feat: codex subscription support (#6600) smoke test allow pass for flaky providers (#6638) feat: Add built-in skill for goose documentation reference (#6534) Native images (#6619) docs: ml-based prompt injection detection (#6627) Strip the audience for compacting (#6646) chore(release): release version 1.21.0 (minor) (#6634) add collapsable chat nav (#6649) fix: capitalize Rust in CONTRIBUTING.md (#6640) chore(deps): bump lodash from 4.17.21 to 4.17.23 in /ui/desktop (#6623) Vibe mcp apps (#6569) Add session forking capability (#5882) chore(deps): bump lodash from 4.17.21 to 4.17.23 in /documentation (#6624) fix(docs): use named import for globby v13 (#6639) PR Code Review (#6043) fix(docs): use dynamic import for globby ESM module (#6636) # Conflicts: # Cargo.lock # crates/goose-server/src/routes/session.rs
3 participants
Summary
Add a new recipe for automated Flutter/Dart code review. This recipe leverages official Flutter AI rules and Context7 MCP for real-time documentation to provide expert-level PR reviews covering null safety, state management, architecture patterns, performance, accessibility, and security.
Type of Change
AI Assistance
Testing
Manual testing by running the recipe against Flutter repositories
Validated YAML syntax and structure
Submitting a Recipe?
Email: valerii.kot@rimthan.com