From fb2fb3d628c830c338c3271f3d982a21c539dc4d Mon Sep 17 00:00:00 2001 From: Siddharth <90757474+Siddharth114@users.noreply.github.com> Date: Fri, 27 Mar 2026 09:26:51 +0530 Subject: [PATCH] review agent --- agents/Siddharth114-review-agent/README.md | 199 ++++++++++++++++++ .../Siddharth114-review-agent/metadata.json | 15 ++ 2 files changed, 214 insertions(+) create mode 100644 agents/Siddharth114-review-agent/README.md create mode 100644 agents/Siddharth114-review-agent/metadata.json diff --git a/agents/Siddharth114-review-agent/README.md b/agents/Siddharth114-review-agent/README.md new file mode 100644 index 0000000..931dced --- /dev/null +++ b/agents/Siddharth114-review-agent/README.md @@ -0,0 +1,199 @@ +# Code Review Agent + +An AI-powered code reviewer built with [Lyzr ADK](https://docs.lyzr.ai/lyzr-adk/overview) and packaged as a [GitAgent](https://github.com/open-gitagent/gitagent). + +Reviews GitHub Pull Requests and raw code snippets for **quality**, **security vulnerabilities**, and **best practices** — giving structured, severity-rated feedback like a senior engineer would. + +--- + +## Architecture + +``` +┌─────────────────────────────────────────────────────┐ +│ Code Review Agent │ +│ (Lyzr ADK · claude-sonnet-4-6) │ +│ │ +│ ┌──────────────────┐ ┌────────────────────────┐ │ +│ │ fetch-github-pr │ │ analyze-code-quality │ │ +│ │ GitHub REST API │ │ static analysis rules │ │ +│ └──────────────────┘ └────────────────────────┘ │ +│ │ +│ ┌─────────────────────┐ │ +│ │ check-security │ │ +│ │ OWASP / CWE rules │ │ +│ └─────────────────────┘ │ +│ │ +│ Knowledge Base: code-review-guidelines.md │ +└─────────────────────────────────────────────────────┘ +``` + +### Components + +| Component | Description | +|-----------|-------------| +| `main.py` | Lyzr ADK agent setup + interactive CLI | +| `skills/fetch-github-pr/` | GitHub REST API integration — fetches PR diff + metadata | +| `skills/analyze-code-quality/` | Static analysis: function length, nesting, naming, magic numbers | +| `skills/check-security/` | OWASP Top 10 pattern scanner with CWE references | +| `knowledge/` | Code review principles + security guidelines (RAG seed) | + +--- + +## Setup + +### 1. Clone the repository + +```bash +git clone +cd code-review-agent +``` + +### 2. Install dependencies + +```bash +pip install -r requirements.txt +``` + +### 3. Configure environment + +```bash +cp .env.example .env +``` + +Edit `.env`: +``` +LYZR_API_KEY=your_lyzr_api_key_here # Required +GITHUB_TOKEN=your_github_token_here # Optional, increases rate limit +``` + +Get your Lyzr API key at [studio.lyzr.ai](https://studio.lyzr.ai/). + +--- + +## Usage + +### Interactive CLI + +```bash +python main.py +``` + +``` +Code Review Agent ready. +Commands: + — review a pull request + file — review a local file + — review raw code (end with '---' on its own line) + quit / exit — exit + +>>> https://github.com/owner/repo/pull/42 +Reviewing... + +## Summary +... + +## Issues Found +[CRITICAL] Hardcoded Secret Detected (CWE-798) — line 14 + → Store secrets in environment variables or a secrets manager... + +## Verdict +Score: 6/10 — Address the hardcoded credential before merging. +``` + +### Review a specific PR + +```bash +python main.py --pr https://github.com/owner/repo/pull/42 +``` + +### Review a local file + +```bash +python main.py --file src/auth.py +``` + +--- + +## Output Format + +Every review is structured consistently: + +``` +## Summary +What the code does and overall impression. + +## Issues Found +[CRITICAL] — <location> + Risk: <what can go wrong> + Fix: <how to fix it> + +[WARNING] ... +[INFO] ... + +## Suggestions +Optional improvements. + +## Verdict +Score: N/10 — One-sentence recommendation. +``` + +**Severity levels:** + +| Level | Meaning | Action | +|-------|---------|--------| +| `[CRITICAL]` | Security vulnerability or correctness bug | Block merge | +| `[WARNING]` | Likely future bug or serious maintainability issue | Fix before merge | +| `[INFO]` | Style, readability, minor improvement | Optional | + +--- + +## Security Checks (OWASP Top 10 / CWE) + +| Vulnerability | Severity | CWE | +|--------------|----------|-----| +| Hardcoded secrets | CRITICAL | CWE-798 | +| SQL injection | CRITICAL | CWE-89 | +| Command injection | CRITICAL | CWE-78 | +| `eval`/`exec` with input | CRITICAL | CWE-95 | +| Path traversal | CRITICAL | CWE-22 | +| Insecure deserialization | CRITICAL | CWE-502 | +| Weak hashing (MD5/SHA-1) | WARNING | CWE-326 | +| Debug mode in production | WARNING | CWE-489 | +| Missing input validation | WARNING | CWE-20 | + +--- + +## GitAgent + +This agent is packaged in the [GitAgent standard](https://github.com/open-gitagent/gitagent) for framework-agnostic portability. + +### Validate + +```bash +npm install -g gitagent +gitagent validate -d . +gitagent info +``` + +### Export for other frameworks + +```bash +gitagent export --format openai +gitagent export --format crewai +gitagent export --format lyzr +``` + +--- + +## Built With + +- [Lyzr ADK](https://docs.lyzr.ai/lyzr-adk/overview) — Agent Development Kit +- [GitAgent](https://github.com/open-gitagent/gitagent) — Open agent standard +- [GitHub REST API](https://docs.github.com/en/rest) — PR data fetching +- Claude Sonnet 4.6 — LLM backbone + +--- + +## License + +MIT \ No newline at end of file diff --git a/agents/Siddharth114-review-agent/metadata.json b/agents/Siddharth114-review-agent/metadata.json new file mode 100644 index 0000000..cc21cca --- /dev/null +++ b/agents/Siddharth114-review-agent/metadata.json @@ -0,0 +1,15 @@ +{ + "name": "Code Review Agent", + "author": "Siddharth114", + "description": "A code reviewer built with Lyzr ADK and packaged as a GitAgent.", + "repository": "https://github.com/Siddharth114/lyzr-review-agent", + "path": "", + "version": "1.0.0", + "category": "developer-tools", + "tags": [], + "license": "MIT", + "model": "claude-sonnet-4-5-20250929", + "adapters": ["claude-code", "system-prompt"], + "icon": false, + "banner": false +} \ No newline at end of file