Skip to content

Commit 48baef4

Browse files
committed
feat: add Antigravity PR review bot workflow
Setup a read-only code review pipeline using the google-antigravity SDK and GitHub Actions. It triggers on maintainer PR opens or /review comments and leverages the review-pr skill to evaluate quality and architecture.
1 parent f1db067 commit 48baef4

4 files changed

Lines changed: 144 additions & 0 deletions

File tree

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
name: Antigravity Code Review
2+
3+
on:
4+
pull_request_target:
5+
types: [opened]
6+
pull_request_review_comment:
7+
types: [created]
8+
9+
permissions:
10+
pull-requests: write
11+
contents: read
12+
13+
jobs:
14+
review:
15+
runs-on: ubuntu-latest
16+
# Trigger only if:
17+
# 1. It is a pull_request_target event, it is NOT a draft, and the author is a maintainer
18+
# (OWNER, MEMBER, or COLLABORATOR).
19+
# 2. OR it is an pull_request_review_comment event, the comment body has a line starting with "/review",
20+
# and the commenter is a maintainer.
21+
if: >
22+
(github.event_name == 'pull_request_target' && !github.event.pull_request.draft &&
23+
(github.event.pull_request.author_association == 'OWNER' || github.event.pull_request.author_association == 'MEMBER' || github.event.pull_request.author_association == 'COLLABORATOR')) ||
24+
(github.event_name == 'pull_request_review_comment' &&
25+
(startsWith(github.event.comment.body, '/review') || contains(github.event.comment.body, '\n/review')) &&
26+
(github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'COLLABORATOR'))
27+
steps:
28+
- name: Checkout PR Branch (Untrusted)
29+
uses: actions/checkout@v7
30+
with:
31+
ref: refs/pull/${{ github.event.pull_request.number }}/merge
32+
persist-credentials: false
33+
34+
- name: Checkout Trusted Reviewbot (Base Branch)
35+
uses: actions/checkout@v7
36+
with:
37+
sparse-checkout: |
38+
tools/private/reviewbot
39+
path: trusted-reviewbot
40+
41+
- name: Install uv
42+
uses: astral-sh/setup-uv@v8.1.0
43+
44+
- name: Set up Python
45+
run: uv python install 3.13
46+
47+
- name: Install Dependencies
48+
run: |
49+
uv pip install google-antigravity requests
50+
51+
- name: Run Antigravity Review
52+
env:
53+
GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
54+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
55+
run: |
56+
uv run trusted-reviewbot/tools/private/reviewbot/antigravity_review.py \
57+
--prompt trusted-reviewbot/tools/private/reviewbot/prompt.txt
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
import argparse
2+
import asyncio
3+
from pathlib import Path
4+
5+
from google.antigravity import Agent, CapabilitiesConfig, LocalAgentConfig
6+
7+
8+
def parse_args():
9+
parser = argparse.ArgumentParser()
10+
parser.add_argument("--prompt", required=True, help="Path to prompt file")
11+
return parser.parse_args()
12+
13+
14+
async def main():
15+
args = parse_args()
16+
17+
# Read prompt file
18+
prompt = Path(args.prompt).read_text()
19+
20+
# Initialize the Antigravity Agent in read-only mode for security.
21+
# Register the review-pr skill from the local reviewbot folder.
22+
config = LocalAgentConfig(
23+
skills_paths=["tools/private/reviewbot/skills/review-pr"],
24+
capabilities=CapabilitiesConfig(
25+
allow_filesystem_read=True,
26+
allow_filesystem_write=False,
27+
allow_network=False,
28+
),
29+
)
30+
31+
# General coordinator instructions for the reviewer agent.
32+
system_instructions = (
33+
"You are a code review assistant. Use your available skills to perform "
34+
"reviews on pull requests."
35+
)
36+
37+
async with Agent(config, system_instructions=system_instructions) as agent:
38+
response = await agent.chat(prompt)
39+
report = await response.text()
40+
41+
print("--- REVIEW REPORT GENERATED ---")
42+
print(report)
43+
44+
# TODO: Use GITHUB_TOKEN to post the report back to the PR comments.
45+
46+
47+
if __name__ == "__main__":
48+
asyncio.run(main())

tools/private/reviewbot/prompt.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
Use the review-pr skill to review the files modified in this pull request.
2+
Summarize your findings and suggest specific, actionable improvements.
3+
Group your findings into clear, descriptive nits or suggestions.
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
---
2+
name: review-pr
3+
description: Perform a read-only code review on a pull request.
4+
---
5+
6+
# review-pr
7+
8+
You are an expert Starlark, Python, and Bazel code reviewer. Analyze the changed files for
9+
correctness, edge cases, and performance. Focus strictly on logical
10+
correctness, concurrency safety, system architecture, performance bottlenecks,
11+
and resource management. Do not comment on style nits or formatting issues
12+
that an automated formatter can handle. Be constructive and concise.
13+
14+
Follow these checklists during your review:
15+
16+
### General Quality & Architecture Checklist
17+
* **PR Description Audit**: Verify the description contains the Why
18+
(business/technical reason), a brief high level overview of changes,
19+
Issue/Bug Link, and explicit Testing Evidence.
20+
* **Separation of Concerns**: Suggest extracting large hardcoded data structures
21+
(e.g., massive templates, complex regexes) to resource files.
22+
* **Logic Correctness**: Verify calculations, negative values, division-by-zero,
23+
and null safety before member access.
24+
* **Error Handling**: Flag silent failures (e.g., empty except blocks) and
25+
unconditional defaults that override configs.
26+
* **Deterministic Operations**: Sort collections/keys to guarantee
27+
reproducible/deterministic execution.
28+
29+
### Skeptical Critic (Adversarial Specialist Review)
30+
* **Dynamic Filtering**: Filter the PR diff and run only the specialist checks
31+
that have relevant files changed (e.g. skip the C++ checks if only Python
32+
files are modified).
33+
* **Specialist Review Pillars**: Run parallel audits focusing on:
34+
1. Crash Regression: Null safety and resource lifecycle.
35+
2. Performance & Latency: Thread bottlenecks, locks, and network calls.
36+
3. Test Integrity: Coverage validity, change detectors defense.

0 commit comments

Comments
 (0)