agent-bot/takt
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
takt/resources/global/en/workflows/review-only.yaml

332 lines
10 KiB
YAML
Raw Blame History

# Review-Only Workflow
# Reviews code or PRs without making any edits
# Local: console output only. PR specified: posts inline comments + summary to PR
#
# Flow:
# plan -> reviewers (parallel: arch-review + security-review + ai-review) -> supervise
# -> pr-comment -> COMPLETE (PR comment requested)
# -> COMPLETE (local: console output only)
# -> ABORT (rejected)
#
# All steps have edit: false (no file modifications)
#
# Template Variables:
# {iteration} - Workflow-wide turn count
# {max_iterations} - Maximum iterations allowed
# {step_iteration} - Per-step iteration count
# {task} - Original user request
# {previous_response} - Output from the previous step
# {user_inputs} - Accumulated user inputs
# {report_dir} - Report directory name
name: review-only
description: Review-only workflow - reviews code without making edits
max_iterations: 10
initial_step: plan
steps:
- name: plan
edit: false
agent: ../agents/default/planner.md
allowed_tools:
- Read
- Glob
- Grep
- WebSearch
- WebFetch
rules:
- condition: Review scope is clear
next: reviewers
- condition: User is asking a question (not a review task)
next: COMPLETE
- condition: Requirements unclear, insufficient info
next: ABORT
appendix: |
Clarifications needed:
- {Question 1}
- {Question 2}
pass_previous_response: true
instruction_template: |
## Previous Response (when returned from supervise)
{previous_response}
Analyze the review request and create a review plan.
**This is a review-only workflow.** No code edits will be made.
Focus on:
1. Identify which files/modules to review
2. Determine review focus areas (architecture, security, AI patterns, etc.)
3. Note any specific concerns mentioned in the request
**If a PR number is mentioned** (e.g., "PR #42"), include it in your plan
so reviewers can focus on the PR's changed files.
- name: reviewers
parallel:
- name: arch-review
edit: false
agent: ../agents/default/architecture-reviewer.md
report:
name: 01-architect-review.md
format: |
```markdown
# Architecture Review
## Result: APPROVE / IMPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
- [x] Structure & Design
- [x] Code Quality
- [x] Change Scope
## Issues (if REJECT)
| # | Location | Issue | Fix |
|---|----------|-------|-----|
| 1 | `src/file.ts:42` | Issue description | Fix method |
## Improvement Suggestions (optional, non-blocking)
- {Future improvement suggestions}
```
**Cognitive load reduction rules:**
- APPROVE + no issues -> Summary only (5 lines or less)
- APPROVE + minor suggestions -> Summary + suggestions (15 lines or less)
- REJECT -> Issues in table format (30 lines or less)
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Focus on **architecture and design** review. Do NOT review AI-specific issues (that's the ai_review step).
Review the code and provide feedback.
- name: security-review
edit: false
agent: ../agents/default/security-reviewer.md
report:
name: 02-security-review.md
format: |
```markdown
# Security Review
## Result: APPROVE / REJECT
## Severity: None / Low / Medium / High / Critical
## Check Results
| Category | Result | Notes |
|----------|--------|-------|
| Injection | - | - |
| Auth/Authz | - | - |
| Data Protection | - | - |
| Dependencies | - | - |
## Vulnerabilities (if REJECT)
| # | Severity | Type | Location | Fix |
|---|----------|------|----------|-----|
| 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
## Warnings (non-blocking)
- {Security recommendations}
```
**Cognitive load reduction rules:**
- No issues -> Check table only (10 lines or less)
- Warnings -> + Warnings 1-2 lines (15 lines or less)
- Vulnerabilities -> + Table format (30 lines or less)
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Perform security review on the code. Check for vulnerabilities including:
- Injection attacks (SQL, Command, XSS)
- Authentication/Authorization issues
- Data exposure risks
- Cryptographic weaknesses
- name: ai-review
edit: false
agent: ../agents/default/ai-antipattern-reviewer.md
report:
name: 03-ai-review.md
format: |
```markdown
# AI-Generated Code Review
## Result: APPROVE / REJECT
## Summary
{One sentence summarizing result}
## Verified Items
| Aspect | Result | Notes |
|--------|--------|-------|
| Assumption validity | - | - |
| API/Library existence | - | - |
| Context fit | - | - |
| Scope | - | - |
## Issues (if REJECT)
| # | Category | Location | Issue |
|---|----------|----------|-------|
| 1 | Hallucinated API | `src/file.ts:23` | Non-existent method |
```
**Cognitive load reduction rules:**
- No issues -> Summary 1 line + check table only (10 lines or less)
- Issues found -> + Issues in table format (25 lines or less)
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Review the code for AI-specific issues:
- Assumption validation
- Plausible but wrong patterns
- Context fit with existing codebase
- Scope creep detection
rules:
- condition: all("approved")
next: supervise
- condition: any("needs_fix")
next: supervise
- name: supervise
edit: false
agent: ../agents/default/supervisor.md
report:
- Review Summary: 04-review-summary.md
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved, PR comment requested
next: pr-comment
- condition: approved
next: COMPLETE
- condition: rejected
next: ABORT
pass_previous_response: true
instruction_template: |
## Review Results
{previous_response}
**This is a review-only workflow.** Do NOT run tests or builds.
Your role is to synthesize the review results and produce a final summary.
**Tasks:**
1. Read all review reports in the Report Directory
2. Synthesize findings from architecture, security, and AI reviews
3. Produce a consolidated review summary with overall verdict
4. Determine routing:
- If the task mentions posting to a PR (e.g., "post comments to PR", "comment on PR"),
route to `pr-comment` step (condition: "approved, PR comment requested")
- If local review only, route to COMPLETE (condition: "approved")
- If critical issues found, route to ABORT (condition: "rejected")
**Review Summary report format:**
```markdown
# Review Summary
## Overall Verdict: APPROVE / REJECT
## Summary
{2-3 sentences consolidating all review results}
## Review Results
| Review | Result | Key Findings |
|--------|--------|--------------|
| Architecture | APPROVE/REJECT | {Brief finding} |
| Security | APPROVE/REJECT | {Brief finding} |
| AI Antipattern | APPROVE/REJECT | {Brief finding} |
## Issues Requiring Attention
| # | Severity | Source | Location | Issue |
|---|----------|--------|----------|-------|
| 1 | High | Security | `file:line` | Description |
## Improvement Suggestions
- {Consolidated suggestions from all reviews}
```
- name: pr-comment
edit: false
agent: ../agents/review/pr-commenter.md
allowed_tools:
- Read
- Glob
- Grep
- Bash
rules:
- condition: Comments posted
next: COMPLETE
- condition: Failed to post comments
next: COMPLETE
pass_previous_response: true
instruction_template: |
## Review Summary
{previous_response}
Post the review results to the PR as comments.
**Procedure:**
1. Extract the PR number from the task description
2. Read all review reports in the Report Directory:
- `01-architect-review.md` (Architecture review)
- `02-security-review.md` (Security review)
- `03-ai-review.md` (AI antipattern review)
- `04-review-summary.md` (Consolidated summary)
3. Filter findings by severity and post inline comments for Critical/High/Medium
4. Post a summary comment with the following format:
```
## Automated Review Summary
{Overall verdict and summary from 04-review-summary.md}
### Review Results
| Review | Result |
|--------|--------|
| Architecture | {result} |
| Security | {result} |
| AI Antipattern | {result} |
### Key Findings
{Bulleted list of important findings}
### Improvement Suggestions
{Consolidated suggestions}
---
*Generated by [takt](https://github.com/toruticas/takt) review-only workflow*
```
Reference in New Issue View Git Blame Copy Permalink