Skip to content

agent: 添加代码评审 Agent 示例#160

Open
ghost613bb wants to merge 4 commits into
trpc-group:mainfrom
ghost613bb:feat/code-review-agent-92
Open

agent: 添加代码评审 Agent 示例#160
ghost613bb wants to merge 4 commits into
trpc-group:mainfrom
ghost613bb:feat/code-review-agent-92

Conversation

@ghost613bb

@ghost613bb ghost613bb commented Jul 11, 2026

Copy link
Copy Markdown

概要

本 PR 为 #92 新增代码评审 Agent 示例,用于演示 diff 解析、规则检查、沙箱治理、结构化报告、SQLite 持久化和审计记录等能力。

示例支持从 --diff-file--repo-path 读取变更,解析 unified diff 中的文件、hunk、变更行和行号锚点;通过确定性规则生成结构化 findings;在执行沙箱脚本前进行 Filter 治理;支持默认 fake sandbox 和可选 Container sandbox;最终输出 JSON / Markdown 报告,并可将任务、finding、sandbox run、Filter 决策、审计事件和最终报告写入 SQLite。

Fixes #92

主要内容

  • 新增 examples/code_review_agent/ 示例目录。
  • 新增 code-review Skill 包,包含:
    • SKILL.md
    • finding schema 文档
    • 规则说明文档
    • 沙箱策略文档
    • 安全边界文档
    • 白名单沙箱脚本示例
  • 新增 unified diff parser,支持解析变更文件、hunk、上下文行、新增行、删除行和新文件行号。
  • 新增确定性代码评审规则,覆盖:
    • 敏感信息泄漏
    • 安全风险
    • 异步任务问题
    • 资源泄漏
    • 数据库连接生命周期问题
    • 测试缺失
  • 新增 pre-sandbox Filter 治理,覆盖:
    • 脚本白名单
    • 高风险命令拦截
    • 禁止路径拦截
    • 非白名单网络访问拦截
    • 输出预算控制
  • 新增 fake sandbox runtime,用于无 Docker、无 Cube/E2B、无模型 API key 场景下的稳定 dry-run 和 CI 测试。
  • 新增可选 Container sandbox runtime,复用项目已有 ContainerClient 执行白名单脚本,并默认禁用网络访问。
  • 新增 SQLite 存储,记录:
    • review task
    • sandbox run
    • Filter 决策
    • findings / warnings
    • audit events
    • final report
  • 新增 JSON 和 Markdown 报告输出。
  • 新增 review_report.jsonreview_report.md 示例输出。
  • 新增 8 条 fixture diff,覆盖:
    • 无问题 diff
    • 硬编码 secret
    • 异步资源泄漏
    • 数据库连接生命周期问题
    • 测试缺失
    • 重复 finding
    • 沙箱执行失败
    • 敏感信息脱敏

测试

.venv/bin/python -m pytest tests/examples/code_review_agent

结果:

42 passed

已手动验证:

  • 8 条 fixture 均可通过 --sandbox-runtime fake 运行并生成报告。
  • duplicate_secret 中重复 finding 被合并。
  • sandbox_failure fixture 验证模拟的沙箱脚本失败会被记录,且不会中断评审流程。
  • sensitive_redaction 中的 token、password、private key 等敏感信息不会出现在报告或 SQLite 查询结果中。
  • hardcoded_secret.diff 可通过 --sandbox-runtime container --container-image python:3-slim 使用 Container runtime 执行白名单脚本。

Release notes

RELEASE NOTES: 新增代码评审 Agent 示例,支持沙箱治理、Container 执行、SQLite 持久化和结构化报告。

Add design docs and a Skill scaffold for the code review Agent proposal.

Updates trpc-group#92

RELEASE NOTES: Added design documentation and example scaffold for a Skill-based code review Agent.
@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@codecov

codecov Bot commented Jul 11, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@e113610). Learn more about missing BASE report.

Additional details and impacted files
@@            Coverage Diff             @@
##             main        #160   +/-   ##
==========================================
  Coverage        ?   87.54280%           
==========================================
  Files           ?         467           
  Lines           ?       44103           
  Branches        ?           0           
==========================================
  Hits            ?       38609           
  Misses          ?        5494           
  Partials        ?           0           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ghost613bb ghost613bb closed this Jul 11, 2026
@ghost613bb

Copy link
Copy Markdown
Author

I have read the CLA Document and I hereby sign the CLA

Rook1ex added a commit to trpc-group/cla-database that referenced this pull request Jul 11, 2026
@ghost613bb ghost613bb reopened this Jul 11, 2026
This change adds a deterministic code review Agent example that can parse diffs, run fake-model review rules, apply sandbox governance, simulate sandbox execution, persist review data to SQLite, and render JSON and Markdown reports.

It includes fixtures and tests for clean diffs, hard-coded secrets, async task handling, database lifecycle issues, missing tests, duplicate findings, sandbox failures, and secret redaction.

Updates trpc-group#92

RELEASE NOTES: Added a code review Agent dry-run example with fake sandbox execution and SQLite-backed reports.
This change adds allowlisted sandbox script examples and committed sample review reports for the code review Agent example. The scripts provide deterministic diff summary and static-rule smoke checks that can be executed by a sandbox runtime, while the sample reports show the redacted JSON and Markdown output generated from the hard-coded secret fixture.

It also updates the example README to document the sample reports and script layout.

Updates trpc-group#92

RELEASE NOTES: NONE
This change adds an optional Container sandbox runtime for the code review Agent example. The runtime reuses the existing ContainerClient to execute allowlisted sandbox scripts with diff input through stdin, network access disabled, timeout enforcement, output truncation, and structured sandbox run records.

The fake sandbox remains the default deterministic runtime for local tests and CI, while the container runtime provides an isolated execution path for diff summary and static rule scripts.

Updates trpc-group#92

RELEASE NOTES: NONE
@ghost613bb ghost613bb changed the title docs: add code review agent design scaffold agent: 添加代码评审 Agent 示例 Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

基于 Skills + 沙箱 + 数据库存储构建自动代码评审 Agent

1 participant