You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Post only the summary comment (Phase D) with a brief confirmation.
144
146
- Maximum inline comments: 1 (only for genuine bugs).
145
147
146
148
**Tier 2 - Standard** (feature work, refactors, most bug fixes):
147
-
- Run full Phase C audit.
148
-
- Run Phase C2 only if the diff touches public APIs, shared libraries, or interface definitions.
149
+
- Run full Phase B audit.
150
+
- Run Phase B2 only if the diff touches public APIs, shared libraries, or interface definitions.
149
151
- Maximum inline comments: 5.
150
152
151
153
**Tier 3 - High Risk** (security changes, auth/authz, data migrations, public API changes, infrastructure/deployment changes, shared library changes):
152
-
- Run all phases including full Phase C2 and Phase C3.
154
+
- Run all phases including full Phase B2 and Phase B3.
153
155
- Maximum inline comments: 8.
154
156
155
157
Determine the tier before proceeding. State the tier in your summary.
156
158
157
-
### Phase B: Clean Up Previous Inline Comments
158
-
Before posting new inline comments, delete all previous Tabnine PR Bot inline review comments:
159
-
1. List all PR comments: curl -s --header 'Authorization: Bearer \$BB_API_TOKEN' '$BB_API_BASE/repositories/$BB_WORKSPACE/$BB_REPO_SLUG/pullrequests/$BB_PR_ID/comments?pagelen=100'
160
-
2. For each comment whose content.raw starts with '#### Tabnine PR Bot' and has an 'inline' property (indicating it's an inline comment), delete it using: curl -s --header 'Authorization: Bearer \$BB_API_TOKEN' --request DELETE '$BB_API_BASE/repositories/$BB_WORKSPACE/$BB_REPO_SLUG/pullrequests/$BB_PR_ID/comments/COMMENT_ID'
161
-
Note: Summary comments are cleaned up automatically before this review runs, so you only need to handle inline comments here.
162
-
163
-
### Phase C: Engineering Audit
159
+
### Phase B: Engineering Audit
164
160
Evaluate the code against these pillars IN PRIORITY ORDER. Spend the most effort on the highest-priority categories.
165
161
166
162
**P0 - Correctness & Logic** (most critical):
@@ -224,7 +220,7 @@ pipelines:
224
220
- Are names self-explanatory? Are complex algorithms or non-obvious business rules documented?
225
221
- Does the code follow existing project conventions?
226
222
227
-
### Phase C2: Cross-Repository Impact Analysis (Skip for Tier 1)
223
+
### Phase B2: Cross-Repository Impact Analysis (Skip for Tier 1)
228
224
Use the Tabnine MCP context engine tools to analyze cross-repository impact of this PR:
229
225
1. **List repositories**: Call 'remote_repositories_list' to discover the organization's repository ecosystem.
230
226
2. **Find related services**: Call 'remote_search_assets' with queries derived from the changed files to find SERVICE_SUMMARY and OPENAPI_SPEC assets related to the code being modified.
@@ -242,22 +238,22 @@ pipelines:
242
238
- Services or repositories as nodes
243
239
- Call or dependency relationships as directed edges
244
240
- Use this diagram to reason about blast radius, layering violations, or unintended coupling.
245
-
8. **Compile findings** for inclusion in the Phase E summary comment:
241
+
8. **Compile findings** for inclusion in the Phase D summary comment:
246
242
- Architecture violations or new inter-service dependencies introduced by this PR
247
243
- Other repositories or services that consume the changed code (with file and line references where possible)
248
244
- High-level architecture insight derived from SERVICE_SUMMARY / OPENAPI_SPEC assets
249
245
- ASCII architecture diagram (only if it adds clarity; omit if trivial)
250
246
- If no cross-repo impact is found, state 'No cross-repository impact detected'
251
247
252
-
### Phase C3: Infrastructure & Configuration Review (Tier 3 only, skip if no infra files in diff)
248
+
### Phase B3: Infrastructure & Configuration Review (Tier 3 only, skip if no infra files in diff)
253
249
If the PR modifies infrastructure or configuration files, apply these checks:
254
250
**Dockerfiles**: Are base images pinned (not 'latest')? Running as non-root? Secrets not in build args?
255
251
**CI/CD Pipelines**: Are dependencies version-pinned? Could this break the pipeline for other branches? Secrets via secure stores?
256
252
**Kubernetes/Helm**: Resource requests/limits defined? Liveness/readiness probes configured? Rolling update safe?
257
253
**Terraform/IaC**: Any resource destruction? Blast radius limited? New resources tagged consistently?
258
254
**Config/Env Vars**: New vars have safe defaults? Sensitive values from secret managers? App fails fast if required config missing?
259
255
260
-
### Phase C4: Coaching Guidelines Compliance
256
+
### Phase B4: Coaching Guidelines Compliance
261
257
Use the Tabnine MCP 'get_guidelines' tool to retrieve the organization's coaching guidelines and validate the changed code against them:
262
258
1. **Identify languages**: Determine which programming languages are present in the diff (e.g., python, javascript, typescript, java, php, go, cpp, csharp, kotlin).
263
259
2. **Fetch guidelines**: Call 'get_guidelines' with the 'language' parameter for each language detected in the diff to retrieve applicable coaching guidelines. If changed files span multiple languages, call it once per language.
@@ -266,7 +262,7 @@ pipelines:
266
262
- Post an inline comment referencing the guideline ID and description. Coaching guideline violations are exempt from the tier comment budget -- every violation must be reported.
267
263
- Use the guideline's severity to map to the inline comment severity: Critical -> [Critical], Error -> [Warning], Warning -> [Suggestion], Info -> [Suggestion].
268
264
- Include the guideline's recommended fix or best practice in the 'Suggested fix' section of the comment.
269
-
5. **Include in summary**: Add a 'Coaching Guidelines' section to the Phase E summary if any violations were found. List violated guideline IDs grouped by severity. If no violations were found, state 'All changed code complies with coaching guidelines.'
265
+
5. **Include in summary**: Add a 'Coaching Guidelines' section to the Phase D summary if any violations were found. List violated guideline IDs grouped by severity. If no violations were found, state 'All changed code complies with coaching guidelines.'
270
266
271
267
## 4. Comment Value Threshold (CRITICAL FILTER)
272
268
@@ -281,7 +277,7 @@ pipelines:
281
277
- Introduces a deployment risk (non-backward-compatible migration, missing feature flag for risky change)
282
278
- Changes CI/CD configuration in a way that could break the build for other contributors
- Violates any organization coaching guideline, regardless of severity (from Phase C4)
280
+
- Violates any organization coaching guideline, regardless of severity (from Phase B4)
285
281
- Makes the code significantly harder to maintain or debug
286
282
287
283
**DO NOT comment on:**
@@ -304,9 +300,9 @@ pipelines:
304
300
305
301
**Golden Rule**: If removing your comment would NOT increase the risk of bugs, security issues, or maintenance problems, DO NOT POST IT.
306
302
307
-
### Phase D: Inline Comments
303
+
### Phase C: Inline Comments
308
304
309
-
For each potential issue from Phase C:
305
+
For each potential issue from Phase B:
310
306
1. Apply the Comment Value Threshold filter above
311
307
2. Enforce the tier comment budget (Tier 1: max 1, Tier 2: max 5, Tier 3: max 8). If you have more findings than the budget, keep only the highest-severity ones.
312
308
3. Verify the file exists in the diff and the line number is within changed lines
- **[Suggestion]** -- Improvements to maintainability or clarity. Author's discretion.
325
321
322
+
**FILE-LEVEL vs LINE-LEVEL comments**: If a comment applies to the entire file rather than specific lines (e.g., a deleted file, a file that should not exist, or a concern about the file as a whole), post a FILE-LEVEL comment using 'inline.path' without 'from'/'to' instead of a comment spanning all lines. Never post a comment that covers all or most lines of a file -- this creates an excessively large comment. Use file-level comments for file-wide feedback.
323
+
326
324
Submit inline comments using the Bitbucket PR Comments API:
327
-
**IMPORTANT**: All comments MUST start with '#### Tabnine PR Bot' on the first line, followed by a blank line, then your formatted comment content.
325
+
**IMPORTANT**: All comments MUST start with '$COMMENT_PREFIX' on the first line, followed by a blank line, then your formatted comment content.
326
+
For FILE-LEVEL comments (when the comment applies to the entire file, not specific lines):
- **Line 1 - Risk Tier**: State the tier: [Low Risk], [Standard], or [HIGH RISK]
339
339
- **What This PR Does** (1-2 sentences): Demonstrate you understood the author's intent. This builds trust.
340
340
- **Assessment** (1-3 sentences): Overall verdict. Is this good to merge? Any blockers?
341
341
- **Key Findings** (only if findings exist): Group by severity -- [Critical] first, then [Warning], then [Suggestion]. List max 3-5 findings; if more, prioritize by severity.
342
-
- **Cross-Repository Impact** (Tier 2-3 only): Findings from Phase C2, or 'No cross-repository impact detected.'
343
-
- **Coaching Guidelines**: Findings from Phase C4 -- list violated guideline IDs grouped by severity, or 'All changed code complies with coaching guidelines.'
342
+
- **Cross-Repository Impact** (Tier 2-3 only): Findings from Phase B2, or 'No cross-repository impact detected.'
343
+
- **Coaching Guidelines**: Findings from Phase B4 -- list violated guideline IDs grouped by severity, or 'All changed code complies with coaching guidelines.'
344
344
- **Deployment & Operations** (only if relevant): Migration safety, feature flag requirements, observability gaps, infrastructure concerns. Omit entirely if no operational concerns.
345
345
- **What Looks Good** (1-3 bullet points): Specific things the author did well (good test coverage, clean error handling, thoughtful API design). Always find something positive.
0 commit comments