diff --git a/.github/praisonai-reviewer.yaml b/.github/praisonai-reviewer.yaml new file mode 100644 index 000000000..ac9f77fc7 --- /dev/null +++ b/.github/praisonai-reviewer.yaml @@ -0,0 +1,116 @@ +framework: "praisonai" +topic: "Pull Request Code Review Analysis" + +roles: + security_reviewer: + role: "Security Code Reviewer" + goal: "Identify security vulnerabilities, authentication issues, input validation problems, and unsafe code practices in the PR changes" + backstory: "You are a cybersecurity expert specializing in code analysis. You have extensive experience in identifying common security flaws like injection attacks, authentication bypasses, exposed secrets, and unsafe data handling patterns." + tools: + - "execute_command" + + performance_reviewer: + role: "Performance Code Reviewer" + goal: "Analyze code changes for performance implications, identify bottlenecks, inefficient algorithms, and resource usage issues" + backstory: "You are a performance optimization specialist with deep knowledge of algorithm efficiency, memory management, and system performance. You excel at spotting code that could cause performance degradation." + tools: + - "execute_command" + + maintainability_reviewer: + role: "Code Quality & Maintainability Reviewer" + goal: "Evaluate code structure, readability, documentation, naming conventions, and adherence to best practices" + backstory: "You are a software engineering expert focused on code quality and maintainability. You ensure code follows established patterns, is well-documented, and will be easy for future developers to understand and modify." + tools: + - "execute_command" + + lead_reviewer: + role: "Lead Technical Reviewer" + goal: "Synthesize all review feedback, make final recommendations, and post comprehensive review comments to the GitHub PR" + backstory: "You are a senior technical lead responsible for final review decisions. You coordinate input from security, performance, and maintainability reviewers to provide balanced, actionable feedback to the development team." + tools: + - "execute_command" + +steps: + - name: security_analysis + agent: security_reviewer + action: | + Analyze the PR diff for security issues: + 1. Extract PR details: `echo "$PR_DATA"` + 2. Get changed files: `echo "$CHANGED_FILES"` + 3. Review full diff: `gh pr diff ${PR_NUMBER}` + 4. Look for: + - Hardcoded secrets, API keys, passwords + - SQL injection vulnerabilities + - XSS vulnerabilities + - Authentication/authorization bypasses + - Unsafe file operations + - Command injection risks + - Missing input validation + - Exposed sensitive data + 5. Document findings with file paths and line numbers + expected_output: "Detailed security analysis report with specific vulnerabilities found, severity levels, and remediation suggestions" + + - name: performance_analysis + agent: performance_reviewer + action: | + Analyze the PR diff for performance issues: + 1. Review algorithm complexity changes + 2. Check for inefficient database queries + 3. Identify memory leaks or excessive allocations + 4. Look for hot-path regressions + 5. Check for blocking I/O operations + 6. Analyze module-level imports that could slow startup + 7. Review caching implementations + 8. Check for recursive operations without termination + 9. Document performance concerns with impact estimates + expected_output: "Performance analysis report highlighting bottlenecks, efficiency concerns, and optimization recommendations" + + - name: maintainability_analysis + agent: maintainability_reviewer + action: | + Analyze the PR diff for code quality and maintainability: + 1. Check naming conventions consistency + 2. Evaluate code structure and organization + 3. Review documentation completeness + 4. Check for DRY violations + 5. Analyze error handling patterns + 6. Review test coverage for changes + 7. Check adherence to repository coding standards + 8. Evaluate API design consistency + 9. Look for technical debt introduction + expected_output: "Code quality analysis with specific recommendations for improving maintainability and readability" + + - name: final_review + agent: lead_reviewer + action: | + Synthesize all reviews and post final comprehensive feedback: + 1. Collect input from security, performance, and maintainability reviews + 2. Prioritize findings by severity (Critical, High, Medium, Low) + 3. Create structured review comment using this format: + + ## 📋 Review Summary + [2-3 sentence overview and assessment] + + ## 🔍 General Feedback + [Overall patterns and observations] + + ## 🎯 Specific Feedback + ### 🔴 Critical (if any) + [Security vulnerabilities, breaking changes, major bugs] + + ### 🟡 High (if any) + [Performance issues, design flaws, significant bugs] + + ### 🟢 Medium (if any) + [Code quality improvements, minor optimizations] + + ### 🔵 Low (if any) + [Documentation, naming suggestions, minor refactoring] + + ## ✅ Highlights (if any) + [Positive aspects worth mentioning] + + 4. Post comprehensive review: `echo "[REVIEW_CONTENT]" | gh pr comment ${PR_NUMBER} -F -` + 5. If critical issues found, suggest not merging until resolved + expected_output: "Final review comment posted to GitHub PR with comprehensive analysis from all reviewers" + dependencies: [security_analysis, performance_analysis, maintainability_analysis] diff --git a/.github/workflows/praisonai-pr-review.yml b/.github/workflows/praisonai-pr-review.yml new file mode 100644 index 000000000..0f27ba97c --- /dev/null +++ b/.github/workflows/praisonai-pr-review.yml @@ -0,0 +1,68 @@ +name: PraisonAI PR Reviewer + +on: + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + issue_comment: + types: [created] + workflow_dispatch: + inputs: + pr_number: + description: 'Pull Request Number' + required: true + type: string + +jobs: + review: + runs-on: ubuntu-latest + if: > + (github.event_name == 'pull_request' && github.event.pull_request.draft == false) || + github.event_name == 'workflow_dispatch' || + (github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '@praisonai') && + github.actor != 'github-actions[bot]' && + github.event.comment.user.type != 'Bot' && + (github.event.comment.author_association == 'OWNER' || + github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'COLLABORATOR')) + + steps: + - name: Determine checkout ref + id: dest + run: | + if [ "${{ github.event_name }}" = "issue_comment" ]; then + echo "ref=refs/pull/${{ github.event.issue.number }}/head" >> "$GITHUB_OUTPUT" + elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then + echo "ref=refs/pull/${{ inputs.pr_number }}/head" >> "$GITHUB_OUTPUT" + else + echo "ref=${{ github.event.pull_request.head.sha }}" >> "$GITHUB_OUTPUT" + fi + + - name: Checkout Repository + uses: actions/checkout@v4 + with: + ref: ${{ steps.dest.outputs.ref }} + fetch-depth: 0 + + - name: Generate GitHub App Token + id: generate_token + uses: tibdex/github-app-token@v2 + with: + app_id: ${{ secrets.PRAISONAI_APP_ID }} + private_key: ${{ secrets.PRAISONAI_APP_PRIVATE_KEY }} + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install PraisonAI + run: pip install "praisonai[all]" + + - name: Run PraisonAI PR Review + env: + GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} + run: | + praisonai agents --file .github/praisonai-reviewer.yaml diff --git a/examples/yaml/pr-reviewer/README.md b/examples/yaml/pr-reviewer/README.md new file mode 100644 index 000000000..2d7961ab1 --- /dev/null +++ b/examples/yaml/pr-reviewer/README.md @@ -0,0 +1,236 @@ +# PraisonAI PR Reviewer Integration Guide + +This guide provides step-by-step instructions for integrating PraisonAI as an automated PR reviewer in your GitHub CI/CD pipeline. + +## Overview + +PraisonAI PR Reviewer implements a **Zero-Code, Multi-Agent PR Review System** that deploys specialized agents to analyze pull requests from multiple perspectives: + +- 🔐 **Security Reviewer**: Identifies vulnerabilities and security issues +- ⚡ **Performance Reviewer**: Analyzes for bottlenecks and inefficiencies +- 📋 **Maintainability Reviewer**: Evaluates code quality and best practices +- 👨‍💼 **Lead Reviewer**: Synthesizes feedback and posts comprehensive reviews + +## Architecture + +This integration follows PraisonAI's **Agent-Centric** and **Protocol-Driven Core** design principles: + +``` +GitHub PR → @praisonai trigger → Multi-Agent Workflow → Comprehensive Review +``` + +The solution leverages: +- **GitHub Actions** for CI/CD orchestration +- **PraisonAI CLI** for agent execution +- **YAML Configuration** for agent team definition +- **GitHub CLI** for PR interaction + +## Prerequisites + +1. **Repository Setup**: + - GitHub repository with Actions enabled + - Required secrets configured (see [Secrets Configuration](#secrets-configuration)) + +2. **PraisonAI Installation**: + - The workflow automatically installs PraisonAI via `pip install praisonai` + - No additional dependencies required + +3. **GitHub App/Token**: + - GitHub App with required permissions OR + - Personal Access Token with `repo` and `pull_requests` permissions + +## Installation Steps + +### Step 1: Copy Agent Configuration + +The agent configuration is already provided at: +``` +.github/praisonai-reviewer.yaml +``` + +This file defines the multi-agent team and their specific responsibilities. + +### Step 2: Create GitHub Workflow + +**IMPORTANT**: Due to GitHub App permissions, the workflow file must be manually created. + +1. Copy the template from: + ``` + examples/yaml/praisonai-pr-review.yml.template + ``` + +2. Save it as: + ``` + .github/workflows/praisonai-pr-review.yml + ``` + +### Step 3: Configure Secrets + +Add the following secrets to your repository (`Settings > Secrets and variables > Actions`): + +| Secret | Description | Required | +|--------|-------------|----------| +| `PRAISONAI_APP_ID` | GitHub App ID | Yes (if using GitHub App) | +| `PRAISONAI_APP_PRIVATE_KEY` | GitHub App private key | Yes (if using GitHub App) | +| `OPENAI_API_KEY` | OpenAI API key for LLM access | Yes | + +**Alternative**: Use `GH_TOKEN` instead of GitHub App if you prefer PAT authentication. + +### Step 4: Update Review Chain (Optional) + +The review chain documentation has been updated to include PraisonAI: +``` +CodeRabbit/Qodo → Gemini/PraisonAI (parallel) → Copilot → Claude (final) +``` + +This ensures PraisonAI integrates seamlessly with existing review workflows. + +## Usage + +### Manual Trigger + +1. **Workflow Dispatch**: + - Go to `Actions > PraisonAI PR Review > Run workflow` + - Enter the PR number to review + +### Automatic Trigger + +1. **Comment Trigger**: + - Comment `@praisonai` on any pull request + - Only repository owners, members, and collaborators can trigger + +2. **With Instructions**: + - `@praisonai focus on security vulnerabilities` + - `@praisonai check performance and memory usage` + - `@praisonai review for maintainability issues` + +## Expected Output + +When triggered, PraisonAI will post a comprehensive review with this structure: + +```markdown +## 📋 Review Summary +[Brief overview and assessment] + +## 🔍 General Feedback +[Overall patterns and observations] + +## 🎯 Specific Feedback +### 🔴 Critical +[Security vulnerabilities, breaking changes, major bugs] + +### 🟡 High +[Performance issues, design flaws, significant bugs] + +### 🟢 Medium +[Code quality improvements, minor optimizations] + +### 🔵 Low +[Documentation, naming suggestions, minor refactoring] + +## ✅ Highlights +[Positive aspects worth mentioning] + +--- +*Review completed by PraisonAI Multi-Agent Team* +``` + +## Integration with Existing Workflows + +PraisonAI integrates seamlessly with the existing review chain: + +1. **Parallel Execution**: Runs alongside Gemini for faster reviews +2. **No Conflicts**: Uses unique trigger (`@praisonai`) to avoid interference +3. **Complementary Analysis**: Provides different perspectives from other tools +4. **Chain Continuation**: Claude final review incorporates PraisonAI feedback + +## Troubleshooting + +### Common Issues + +1. **Authentication Errors**: + - Verify `PRAISONAI_APP_ID` and `PRAISONAI_APP_PRIVATE_KEY` secrets are correctly set + - Ensure GitHub App has required permissions + +2. **PraisonAI Installation Fails**: + - Check if Python setup step completed successfully + - Verify internet connectivity for pip installation + +3. **Agent Execution Fails**: + - Check `OPENAI_API_KEY` secret is valid + - Verify agent configuration YAML syntax + +4. **Permission Denied**: + - Ensure triggering user has required repository permissions + - Check workflow file permissions configuration + +### Debug Steps + +1. **Check Workflow Logs**: + - Go to `Actions > PraisonAI PR Review` + - Click on failed run to see detailed logs + +2. **Validate Configuration**: + - Ensure `.github/praisonai-reviewer.yaml` syntax is valid + - Test agent configuration locally if possible + +3. **Test Manual Trigger**: + - Use workflow dispatch to isolate comment trigger issues + +## Advanced Configuration + +### Custom Agent Teams + +Modify `.github/praisonai-reviewer.yaml` to: +- Add specialized agents (e.g., Architecture Reviewer) +- Adjust agent responsibilities +- Customize review output format + +### Integration with External Tools + +Extend agents to integrate with: +- Code quality tools (SonarQube, CodeClimate) +- Security scanners (Snyk, SAST tools) +- Performance profilers + +### Environment-Specific Reviews + +Configure different agent teams for: +- Backend vs Frontend changes +- Different programming languages +- Specific project domains + +## Performance Considerations + +- **Execution Time**: Typically 3-5 minutes for comprehensive review +- **Rate Limits**: Respects GitHub API and OpenAI rate limits +- **Cost**: Uses OpenAI API - monitor usage for cost control +- **Parallel Execution**: Agents run concurrently for efficiency + +## Security + +- **Secret Handling**: All credentials stored securely in GitHub Secrets +- **Permissions**: Minimal required permissions for workflow execution +- **Code Access**: Review-only access, no code modification capabilities +- **Audit Trail**: All reviews logged in GitHub Actions logs + +## Contributing + +To improve the PraisonAI PR Reviewer: + +1. **Agent Enhancement**: Improve agent prompts and capabilities +2. **Workflow Optimization**: Enhance GitHub Actions workflow +3. **Documentation**: Update guides and troubleshooting info +4. **Integration**: Add support for additional tools and platforms + +## Support + +For issues and questions: +1. Check this guide first +2. Review GitHub Actions logs +3. Open issue in PraisonAI repository +4. Tag with `ci/cd` and `pr-review` labels + +--- + +*Generated as part of PraisonAI CI/CD PR Reviewer Integration (Issue #1329)* \ No newline at end of file diff --git a/examples/yaml/praisonai-pr-review.yml.template b/examples/yaml/praisonai-pr-review.yml.template new file mode 100644 index 000000000..0f27ba97c --- /dev/null +++ b/examples/yaml/praisonai-pr-review.yml.template @@ -0,0 +1,68 @@ +name: PraisonAI PR Reviewer + +on: + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + issue_comment: + types: [created] + workflow_dispatch: + inputs: + pr_number: + description: 'Pull Request Number' + required: true + type: string + +jobs: + review: + runs-on: ubuntu-latest + if: > + (github.event_name == 'pull_request' && github.event.pull_request.draft == false) || + github.event_name == 'workflow_dispatch' || + (github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '@praisonai') && + github.actor != 'github-actions[bot]' && + github.event.comment.user.type != 'Bot' && + (github.event.comment.author_association == 'OWNER' || + github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'COLLABORATOR')) + + steps: + - name: Determine checkout ref + id: dest + run: | + if [ "${{ github.event_name }}" = "issue_comment" ]; then + echo "ref=refs/pull/${{ github.event.issue.number }}/head" >> "$GITHUB_OUTPUT" + elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then + echo "ref=refs/pull/${{ inputs.pr_number }}/head" >> "$GITHUB_OUTPUT" + else + echo "ref=${{ github.event.pull_request.head.sha }}" >> "$GITHUB_OUTPUT" + fi + + - name: Checkout Repository + uses: actions/checkout@v4 + with: + ref: ${{ steps.dest.outputs.ref }} + fetch-depth: 0 + + - name: Generate GitHub App Token + id: generate_token + uses: tibdex/github-app-token@v2 + with: + app_id: ${{ secrets.PRAISONAI_APP_ID }} + private_key: ${{ secrets.PRAISONAI_APP_PRIVATE_KEY }} + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install PraisonAI + run: pip install "praisonai[all]" + + - name: Run PraisonAI PR Review + env: + GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} + run: | + praisonai agents --file .github/praisonai-reviewer.yaml diff --git a/src/praisonai-agents/.agent/workflows/review-chain.md b/src/praisonai-agents/.agent/workflows/review-chain.md index 0bb02f189..02985d857 100644 --- a/src/praisonai-agents/.agent/workflows/review-chain.md +++ b/src/praisonai-agents/.agent/workflows/review-chain.md @@ -13,9 +13,11 @@ CodeRabbit (@coderabbitai) ─── auto for human PRs, triggered via comment f Qodo (/review) ─── auto for human PRs, triggered via comment for bot PRs +PraisonAI (@praisonai) ─── triggered via comment + ↓ (~3-5 min) ↓ (auto triggers Claude on completion) Copilot (@copilot) ─── triggered ONLY after CodeRabbit or Qodo post their review ↓ -Claude (@claude) ─── triggered ONLY after Copilot OR Gemini finishes (final reviewer) +Claude (@claude) ─── triggered ONLY after Copilot OR Gemini OR PraisonAI finishes (final reviewer) ``` ## Workflow Files @@ -23,6 +25,7 @@ Claude (@claude) ─── triggered ONLY after Copilot OR Gemini fini | File | Trigger | Does what | |------|---------|-----------| | `auto-pr-comment.yml` | `issue_comment`, `pull_request_review`, `pull_request:opened` | Triggers Copilot after CodeRabbit/Qodo finish. For bot PRs: triggers CodeRabbit+Qodo+Gemini first. | +| `praisonai-pr-review.yml` | `issue_comment`, `workflow_dispatch` | PraisonAI multi-agent PR review triggered by @praisonai mentions. | | `chain-claude-after-copilot.yml` | `pull_request_review:submitted`, `issue_comment` | Triggers Claude after Copilot reviews, AND automatically after Gemini Code Assist finishes fixing issues/PRs. | | `claude.yml` | `issue_comment`, `pull_request_review_comment`, `issues:assigned/labeled` | Claude responds to @claude mentions. | @@ -30,6 +33,17 @@ Claude (@claude) ─── triggered ONLY after Copilot OR Gemini fini CodeRabbit and Qodo skip `github-actions[bot]` authored PRs by default. The `bot-pr-trigger-reviews` job in `auto-pr-comment.yml` explicitly triggers them via comments. +## PraisonAI Integration + +PraisonAI provides multi-agent PR review capabilities through the native PraisonAI agent framework. When triggered with `@praisonai`, it deploys a team of specialized agents: + +- **Security Reviewer**: Analyzes for vulnerabilities, authentication issues, and unsafe code practices +- **Performance Reviewer**: Identifies bottlenecks, inefficient algorithms, and resource usage issues +- **Maintainability Reviewer**: Evaluates code quality, documentation, and adherence to best practices +- **Lead Reviewer**: Synthesizes feedback and posts comprehensive review comments + +The workflow uses the agent configuration at `.github/praisonai-reviewer.yaml` and leverages the `praisonai` CLI for execution. + ## Key rules - **Copilot ignores bot comments.** All `@copilot` mentions MUST use `GH_TOKEN` (not `GITHUB_TOKEN`) so comments post as `MervinPraison`.