feat(ci): reshape ClawReview π¦ into an informative mascot (+ SDK fix)#252
Conversation
The OAuth transport (shipped in ID-Robots#248) installs only the Claude Code CLI, not @anthropic-ai/sdk, but both bot scripts had a static top-level 'import Anthropic from @anthropic-ai/sdk' evaluated at module load regardless of transport β so the live bots on main crash with ERR_MODULE_NOT_FOUND before running. Moved the import into a dynamic import() inside reviewViaSdk/classifyViaSdk, reached only on the API-key fallback. Verified by running the OAuth path with node_modules removed. Same fix rides to beta in ID-Robots#250.
Per direction: ClawReview should be a knowledgeable, friendly crab mascot that greets and orients on issues/PRs β NOT a code reviewer racing CodeRabbit. PR bot (pr-review.mjs): - Dropped severity findings (P1/P2/P3) and pass/fail verdicts β that was the CodeRabbit-racing part. Schema is now summary + kind + touches + neutral 'highlights' (helpful heads-ups, never bug reports) + duplicate hint. - System prompt recast: 'you are the mascot, not a reviewer; CodeRabbit does the line-by-line; produce orientation, never verdicts'. Empty highlights is normal and encouraged. - Comment is now: greeting -> plain-language summary -> 'At a glance' (kind/touches/base/surface + deterministic policy heads-ups) -> optional 'Good to know' -> sign-off that explicitly defers to CodeRabbit. Issue bot (issue-triage.mjs): - Rebranded the triage comment as the same crab mascot (one character across issues + PRs): friendly greeting + summary + at-a-glance labels + next step. - Added DRY_RUN (prints the comment, skips label writes) for local testing. Deterministic policy checks stay β they're genuine ClawBox-specific value (beta-first, bun.lock, sensitive paths) CodeRabbit can't provide β but are now framed as friendly context, not a verdict. Validated end-to-end via the OAuth CLI transport on PR ID-Robots#227 and issue ID-Robots#232.
|
Warning Review limit reached
Next review available in: 32 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review detailsβοΈ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: π Files selected for processing (2)
π WalkthroughWalkthroughThis PR introduces a shared Claude transport module ( ChangesClawReview bot refactor
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant Script
participant callClaude
participant viaClaudeCli
participant viaSdk
Script->>callClaude: request(system, schema, userContent)
alt CLAUDE_CODE_OAUTH_TOKEN set
callClaude->>viaClaudeCli: run claude CLI
viaClaudeCli-->>callClaude: parsed JSON result
else fallback
callClaude->>viaSdk: client.messages.create
viaSdk-->>callClaude: parsed JSON text
end
callClaude-->>Script: validated JSON
sequenceDiagram
participant PRReviewScript
participant callClaude
participant GitHubAPI
PRReviewScript->>callClaude: system, schema, userContent
callClaude-->>PRReviewScript: kind, touches, highlights, duplicate
PRReviewScript->>PRReviewScript: build "At a glance" comment
PRReviewScript->>GitHubAPI: post mascot comment
Possibly related PRs
Suggested reviewers: π₯ Pre-merge checks | β 5β Passed checks (5 passed)
β¨ Finishing Touchesπ§ͺ Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
512x512 crab-only crop of the ClawBox logo (wordmark removed, padded so a circular avatar mask keeps the claws). This is the image to upload when creating the ClawReview GitHub App β a stable raw URL beats the earlier non-square 87x128 crab PNG.
CodeRabbit's 4 actionable findings on the bots:
1+2. app-token step's `if: env.HAS_APP` (both workflows) referenced env the
step sets on ITSELF β a step's if can't see its own step-level env, so
the App token would NEVER mint even with the secrets set. Hoisted
HAS_APP to job-level env (visible to the step if), and scoped the minted
token to only the permissions each bot needs (pull-requests+issues for
review, issues for triage) instead of the full installation grant.
3. parseModelJson + the two transports (CLI/SDK) were duplicated across
pr-review.mjs and issue-triage.mjs. Extracted to scripts/lib/
ai-backend.mjs (callClaude); both bots import it, so the transport stays
in sync. This is the 'first SDK-shape change' trigger the earlier reuse
analysis set for extraction.
4. Static @anthropic-ai/sdk import breaking the OAuth path β already fixed
(lazy import); the shared backend now owns the sole lazy import, so
pr-review.mjs no longer imports the SDK at all.
Validated via the OAuth CLI transport with node_modules removed: both bots
produce their mascot output through the shared backend.
|
@coderabbitai review |
β Action performedReview finished.
|
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and canβt be posted inline due to platform limitations.
β οΈ Outside diff range comments (1)
scripts/issue-triage.mjs (1)
62-72: ποΈ Data Integrity & Integration | π Major | β‘ Quick win
DRY_RUNstill mutates the repo βensure()creates labels before the gate.The
DRY_RUNguard on Line 72 only skipsgh issue edit, but theensure(...)calls on Lines 63, 64, and 69 rungh label createunconditionally. So a "dry" run still creates priority/area/category labels in the repo. This is inconsistent withpr-review.mjs, whoseDRY_RUNreturns before any mutation. Gate the label creation too.π Proposed fix: gate label ensure + edit together
- const prioColor = t.priority === "high" ? "b60205" : t.priority === "medium" ? "fbca04" : "0e8a16"; - ensure(`priority: ${t.priority}`, prioColor, "Auto-triage priority"); - ensure(`area: ${t.area}`, "c5def5", "Auto-triage area"); - // `gh issue edit` applies all labels in one call and fails the whole command - // if ANY is missing β so the category label must exist too, even though - // bug/enhancement/etc. are GitHub defaults (a repo may have deleted them). - const catColor = { bug: "d73a4a", enhancement: "a2eeef", documentation: "0075ca", question: "d876e3", invalid: "e4e669" }[t.category] ?? "ededed"; - ensure(t.category, catColor, "Auto-triage category"); - - const labels = [t.category, `priority: ${t.priority}`, `area: ${t.area}`]; - if (!process.env.DRY_RUN) gh(["issue", "edit", String(number), "--repo", REPO, ...labels.flatMap((l) => ["--add-label", l])]); + const labels = [t.category, `priority: ${t.priority}`, `area: ${t.area}`]; + if (!process.env.DRY_RUN) { + const prioColor = t.priority === "high" ? "b60205" : t.priority === "medium" ? "fbca04" : "0e8a16"; + ensure(`priority: ${t.priority}`, prioColor, "Auto-triage priority"); + ensure(`area: ${t.area}`, "c5def5", "Auto-triage area"); + // `gh issue edit` fails the whole command if ANY label is missing β so the + // category label must exist too (a repo may have deleted the defaults). + const catColor = { bug: "d73a4a", enhancement: "a2eeef", documentation: "0075ca", question: "d876e3", invalid: "e4e669" }[t.category] ?? "ededed"; + ensure(t.category, catColor, "Auto-triage category"); + gh(["issue", "edit", String(number), "--repo", REPO, ...labels.flatMap((l) => ["--add-label", l])]); + }π€ Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/issue-triage.mjs` around lines 62 - 72, The DRY_RUN guard in issue-triage.mjs only protects the gh issue edit call, while the ensure() calls for priority, area, and category still create labels and mutate the repo. Update the triage flow around ensure(), prioColor, catColor, and the labels array so all label creation and the issue edit happen only when DRY_RUN is not set, matching the non-mutating behavior used in pr-review.mjs. Keep the dry-run path fully read-only by gating the entire label setup and gh invocation together.
π€ Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@scripts/lib/ai-backend.mjs`:
- Around line 39-53: The JSON parsing in viaSdk currently assumes the model
returns a bare object string, which can fail on fenced or prose-wrapped JSON.
Update viaSdk in ai-backend.mjs to reuse parseModelJson(text) instead of calling
JSON.parse directly, matching the CLI path behavior while keeping the existing
no-text error handling.
---
Outside diff comments:
In `@scripts/issue-triage.mjs`:
- Around line 62-72: The DRY_RUN guard in issue-triage.mjs only protects the gh
issue edit call, while the ensure() calls for priority, area, and category still
create labels and mutate the repo. Update the triage flow around ensure(),
prioColor, catColor, and the labels array so all label creation and the issue
edit happen only when DRY_RUN is not set, matching the non-mutating behavior
used in pr-review.mjs. Keep the dry-run path fully read-only by gating the
entire label setup and gh invocation together.
πͺ Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
βΉοΈ Review info
βοΈ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: c3dab3be-b672-44f3-a7f4-004c4a86e2d1
β Files ignored due to path filters (1)
.github/assets/clawreview-avatar.pngis excluded by!**/*.png
π Files selected for processing (5)
.github/workflows/issue-triage.yml.github/workflows/pr-review.ymlscripts/issue-triage.mjsscripts/lib/ai-backend.mjsscripts/pr-review.mjs
β¦y dry-run - ai-backend.mjs: viaSdk now uses parseModelJson (tolerant of fenced/wrapped JSON) instead of a bare JSON.parse, matching the CLI path. - issue-triage.mjs: DRY_RUN now gates the whole label block (ensure() + gh issue edit), not just the edit β a dry run is fully read-only.
Reshapes ClawReview from an advisory reviewer into a knowledgeable, friendly mascot that greets and orients on every issue/PR β deliberately not racing CodeRabbit (which keeps doing the line-by-line).
Supersedes #251 β includes that SDK lazy-load hotfix as its first commit.
What changed
DRY_RUNfor local testing.bun.lock, sensitive paths, area labels, dupes) β genuine value CodeRabbit can't provide β now framed as friendly context, not verdicts.@anthropic-ai/sdkis imported lazily so the OAuth-only install path doesn't crash.Validated
End-to-end via the OAuth CLI transport (SDK removed, exactly like CI): PR #227 and issue #232 both produce clean, informative mascot comments.
Auth stays on
CLAUDE_CODE_OAUTH_TOKEN(already set). The crab avatar needs the ClawReview GitHub App (org-admin task, emailed to @yalexx) β the token wiring is already in place and no-ops until the App exists.Summary by CodeRabbit
New Features
Bug Fixes
Chores