Merge pull request #92 from LAA-Software-Engineering/feat/pr-review-demo-example

feat: PR review demo with offline GitHub tools, policy trace, and integration tests

Author: leo-aa88

README.md

@@ -25,6 +25,8 @@ Most agent stacks today bury prompts, tool wiring, and permissions in applicatio
 
 The full product vision, YAML spec v0, and architecture are documented in [**`docs/DESIGN_DOC.md`**](docs/DESIGN_DOC.md).
 
+**Featured walkthrough:** declarative PR review with a **policy-blocked** (simulated) GitHub comment — no API keys required — in [**`examples/pr-review-demo/README.md`**](examples/pr-review-demo/README.md).
+
 ---
 
 ## Mental model
@@ -228,6 +230,7 @@ The **recommended implementation phases** are outlined in **section 20** of [`do
 ## Documentation
 
 - **[`docs/DESIGN_DOC.md`](docs/DESIGN_DOC.md)** — design document v0 (problem statement, spec, CLI, engine, state model, testing strategy, MVP vs end state, section 23 recommendation).  
+- **[`examples/pr-review-demo/README.md`](examples/pr-review-demo/README.md)** — end-to-end demo: structured review output, traceable run, **approval-gated** write (`validate` → `plan` → `apply` → `run` → `logs`).
 - **[`docs/EXAMPLES.md`](docs/EXAMPLES.md)** — copy-paste YAML and CLI examples (`init`, mock vs OpenAI, workflows, environment overlays).  
 - **[`CODE_OF_CONDUCT.md`](CODE_OF_CONDUCT.md)** — Contributor Covenant 2.1; participation expectations and reporting.  
 - **License:** [MIT](LICENSE)  

examples/pr-review-demo/README.md

@@ -0,0 +1,92 @@
+# PR review demo (policy-gated GitHub comment)
+
+This example shows **why a declarative control plane beats ad-hoc glue code** for agent workflows that touch the outside world.
+
+## What it demonstrates
+
+- **Workflow as data** — `workflows/pr-review.yaml` reads like a runbook: fetch PR context → review → post a comment.
+- **Structured agent output** — the reviewer must return JSON validated by `schemas/review-output.json` (summary + findings), not an unparseable blob.
+- **First-class policy** — `policies/guarded-writes.yaml` lists which tool `uses` strings require explicit approval.
+- **Safe-by-default writes** — the `post_comment` step calls a **simulated** native GitHub tool (`tools/github.yaml`). Without approval, **policy blocks the call** before any side effect.
+- **Traceable behavior** — `agentctl logs` shows normal step progress plus a **`policy.denied`** event on the blocked step.
+
+## Why this matters
+
+In a typical script, “call the model, then maybe post to GitHub” is buried in code paths that are hard to review, diff, and audit. Here, **permissions and sequencing are YAML** you can put in code review, and the runtime **enforces** them with **exit codes** and **SQLite traces**.
+
+## Project layout
+
+| Path | Role |
+|------|------|
+| `project.yaml` | Imports resources; defaults to `mock` model (no API keys). |
+| `workflows/pr-review.yaml` | Three steps: `fetch_pr`, `review_diff`, `post_comment`. |
+| `agents/reviewer.yaml` | Reviewer instructions + output schema. |
+| `tools/github.yaml` | `native` tool; operations are implemented offline in the binary. |
+| `policies/guarded-writes.yaml` | Requires `--approve` for `tool.github.pull_request.post_comment`. |
+| `schemas/*.json` | JSON Schema for workflow input and agent output. |
+| `fixtures/sample-pr.json` | Sample input (no GitHub network or tokens). |
+
+## Prerequisites
+
+Build `agentctl` from the repo root (`make build`) or use a release binary on your `PATH`.
+
+## How to run
+
+From the **repository root** (paths below assume that):
+
+```bash
+agentctl validate --project examples/pr-review-demo
+agentctl plan --project examples/pr-review-demo --state /tmp/pr-review-state.db
+agentctl apply --project examples/pr-review-demo --state /tmp/pr-review-state.db --auto-approve
+```
+
+### Default run (comment blocked)
+
+```bash
+agentctl run workflow/pr-review \
+  --project examples/pr-review-demo \
+  --state /tmp/pr-review-state.db \
+  --input-file examples/pr-review-demo/fixtures/sample-pr.json
+```
+
+- Exit code **5** = policy denial (by design).
+- Inspect the trace (use the printed **Run ID**):
+
+```bash
+agentctl logs --project examples/pr-review-demo --state /tmp/pr-review-state.db --run <run-id>
+```
+
+You should see steps through `review_diff`, then **`policy.denied`** on `post_comment` with reason **`approval_required`**.
+
+### Optional: allow the write (full success)
+
+```bash
+agentctl run workflow/pr-review \
+  --project examples/pr-review-demo \
+  --state /tmp/pr-review-state.db \
+  --input-file examples/pr-review-demo/fixtures/sample-pr.json \
+  --approve tool.github.pull_request.post_comment
+```
+
+This records a simulated comment result (still **no** real GitHub traffic).
+
+## Expected highlights
+
+1. **`fetch_pr`** completes — native tool normalizes the `pr` object from input JSON.
+2. **`review_diff`** completes — mock model returns fixed structured JSON that satisfies the schema.
+3. **`post_comment`** is **blocked** unless approved — CLI prints a clear **policy** line naming the gated `uses` string.
+
+## Design note (no real GitHub)
+
+`pull_request.fetch` and `pull_request.post_comment` are **offline** native operations: they exist so the workflow and policy strings look like a real integration while the demo stays repeatable in CI and on laptops without tokens.
+
+## Compared to one-off code
+
+| Concern | This demo | Typical script |
+|--------|-----------|----------------|
+| Order of operations | Workflow YAML | Implicit control flow |
+| “Can we post?” | Policy resource + trace | Easy to forget a guard |
+| Model output shape | JSON Schema on the agent | String parsing / hope |
+| Audit trail | `agentctl logs` | Printf / none |
+
+For broader patterns, see [`docs/EXAMPLES.md`](../../docs/EXAMPLES.md) and [`docs/DESIGN_DOC.md`](../../docs/DESIGN_DOC.md).

examples/pr-review-demo/agents/reviewer.yaml

@@ -0,0 +1,27 @@
+apiVersion: agentic.dev/v0
+kind: Agent
+metadata:
+  name: reviewer
+spec:
+  model: mock/gpt-4
+  policy: guarded-writes
+  constraints:
+    timeoutSeconds: 120
+  instructions: |
+    You review pull requests for risky changes. The user message is JSON with a "pull_request"
+    object (title, body, files_changed, etc.).
+
+    Respond with one JSON object only (no markdown, no code fences). Use exactly this shape:
+    {
+      "summary": "<one line overview>",
+      "findings": [
+        {
+          "severity": "high" | "medium" | "low" | "info",
+          "file": "<path or label>",
+          "title": "<short issue title>",
+          "evidence": "<what in the PR suggests this>"
+        }
+      ]
+    }
+  output:
+    schema: ./schemas/review-output.json

examples/pr-review-demo/fixtures/sample-pr.json

@@ -0,0 +1,10 @@
+{
+  "pr": {
+    "title": "Add user CSV export",
+    "number": 42,
+    "head_ref": "feature/export",
+    "base_ref": "main",
+    "body": "Adds an admin endpoint that exports users to CSV.",
+    "files_changed": ["db/query.py", "api/handlers.go"]
+  }
+}

examples/pr-review-demo/policies/guarded-writes.yaml

@@ -0,0 +1,11 @@
+apiVersion: agentic.dev/v0
+kind: Policy
+metadata:
+  name: guarded-writes
+spec:
+  execution:
+    maxWallClockSeconds: 300
+    maxTotalCostUsd: 5
+  approvals:
+    requiredFor:
+      - tool.github.pull_request.post_comment

examples/pr-review-demo/project.yaml

@@ -0,0 +1,18 @@
+apiVersion: agentic.dev/v0
+kind: Project
+metadata:
+  name: pr-review-demo
+spec:
+  imports:
+    - ./policies/guarded-writes.yaml
+    - ./tools/github.yaml
+    - ./agents/reviewer.yaml
+    - ./workflows/pr-review.yaml
+  defaults:
+    policy: guarded-writes
+    model: mock/gpt-4
+    runtime: local
+  providers:
+    models:
+      mock:
+        type: mock

examples/pr-review-demo/schemas/pr-review-input.json

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "type": "object",
+  "required": ["pr"],
+  "properties": {
+    "pr": {
+      "type": "object",
+      "additionalProperties": true
+    }
+  },
+  "additionalProperties": true
+}

examples/pr-review-demo/schemas/review-output.json

@@ -0,0 +1,26 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "type": "object",
+  "required": ["summary", "findings"],
+  "properties": {
+    "summary": { "type": "string" },
+    "findings": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["severity", "file", "title", "evidence"],
+        "properties": {
+          "severity": {
+            "type": "string",
+            "enum": ["high", "medium", "low", "info"]
+          },
+          "file": { "type": "string" },
+          "title": { "type": "string" },
+          "evidence": { "type": "string" }
+        },
+        "additionalProperties": false
+      }
+    }
+  },
+  "additionalProperties": false
+}

examples/pr-review-demo/tools/github.yaml

@@ -0,0 +1,6 @@
+apiVersion: agentic.dev/v0
+kind: Tool
+metadata:
+  name: github
+spec:
+  type: native

examples/pr-review-demo/workflows/pr-review.yaml

@@ -0,0 +1,34 @@
+apiVersion: agentic.dev/v0
+kind: Workflow
+metadata:
+  name: pr-review
+spec:
+  description: |
+    Offline demo: load PR-shaped JSON, run a structured review, then attempt to post a comment.
+    The comment step is gated by policy unless you pass --approve for the exact uses string.
+  policy: guarded-writes
+  input:
+    schema: ./schemas/pr-review-input.json
+  steps:
+    - id: fetch_pr
+      uses: tool.github.pull_request.fetch
+      with:
+        pr: ${input.pr}
+    - id: review_diff
+      agent: reviewer
+      with:
+        pull_request: ${steps.fetch_pr.output.pull_request}
+    - id: post_comment
+      uses: tool.github.pull_request.post_comment
+      with:
+        body: |
+          ## Automated review
+
+          ${steps.review_diff.output.summary}
+
+          ${steps.review_diff.output.findings}
+  output:
+    value:
+      pull_request: ${steps.fetch_pr.output.pull_request}
+      review: ${steps.review_diff.output}
+      comment: ${steps.post_comment.output}