personal-projects/leo-claude-mktplace
Template
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: v3.0.0 architecture overhaul

Browse Source 
- Rename marketplace to lm-claude-plugins
- Move MCP servers to root with symlinks
- Add 6 PR tools to Gitea MCP (list_pull_requests, get_pull_request,
  get_pr_diff, get_pr_comments, create_pr_review, add_pr_comment)
- Add clarity-assist plugin (prompt optimization with ND accommodations)
- Add git-flow plugin (workflow automation)
- Add pr-review plugin (multi-agent review with confidence scoring)
- Centralize configuration docs
- Update all documentation for v3.0.0

BREAKING CHANGE: MCP server paths changed, marketplace renamed

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Leo Miranda
2026-01-20 16:56:53 -05:00
parent c1e9382031
commit e5ca804692
81 changed files with 4747 additions and 705 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
plugins/pr-review/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,71 @@
{
"name": "pr-review",
"version": "1.0.0",
"description": "Multi-agent pull request review with confidence scoring and actionable feedback",
"author": {
"name": "Leo Miranda",
"email": "leobmiranda@gmail.com"
},
"homepage": "https://gitea.hotserv.cloud/personal-projects/support-claude-mktplace/src/branch/main/plugins/pr-review/README.md",
"repository": "https://gitea.hotserv.cloud/personal-projects/support-claude-mktplace.git",
"license": "MIT",
"keywords": [
"pull-request",
"code-review",
"security",
"performance",
"multi-agent"
],
"commands": [
{
"name": "pr-review",
"description": "Full multi-agent PR review (security, performance, maintainability, tests)",
"file": "commands/pr-review.md"
},
{
"name": "pr-summary",
"description": "Quick summary of PR changes without full review",
"file": "commands/pr-summary.md"
},
{
"name": "pr-findings",
"description": "List and filter review findings by category or confidence",
"file": "commands/pr-findings.md"
}
],
"agents": [
{
"name": "coordinator",
"description": "Orchestrates the multi-agent review process",
"file": "agents/coordinator.md"
},
{
"name": "security-reviewer",
"description": "Analyzes code for security vulnerabilities",
"file": "agents/security-reviewer.md"
},
{
"name": "performance-analyst",
"description": "Identifies performance issues and optimization opportunities",
"file": "agents/performance-analyst.md"
},
{
"name": "maintainability-auditor",
"description": "Reviews code quality, patterns, and maintainability",
"file": "agents/maintainability-auditor.md"
},
{
"name": "test-validator",
"description": "Validates test coverage and test quality",
"file": "agents/test-validator.md"
}
],
"skills": [
{
"name": "review-patterns",
"description": "Code review patterns and confidence scoring rules",
"path": "skills/review-patterns"
}
],
"mcpServers": ["gitea"]
}

9
plugins/pr-review/.mcp.json Normal file
View File

@@ -0,0 +1,9 @@
{
"mcpServers": {
"gitea": {
"command": "${CLAUDE_PLUGIN_ROOT}/mcp-servers/gitea/.venv/bin/python",
"args": ["-m", "mcp_server.server"],
"cwd": "${CLAUDE_PLUGIN_ROOT}/mcp-servers/gitea"
}
}
}

126
plugins/pr-review/README.md Normal file
View File

@@ -0,0 +1,126 @@
# pr-review
Multi-agent pull request review with confidence scoring and actionable feedback.
## Overview
pr-review conducts comprehensive code reviews using specialized agents for security, performance, maintainability, and test coverage. Each finding includes a confidence score to reduce noise and focus on real issues.
## Commands
| Command | Description |
|---------|-------------|
| `/pr-review <pr#>` | Full multi-agent review |
| `/pr-summary <pr#>` | Quick summary without full review |
| `/pr-findings <pr#>` | Filter findings by category/confidence |
## Review Agents
| Agent | Focus |
|-------|-------|
| **Security Reviewer** | Injections, auth, data exposure, crypto |
| **Performance Analyst** | N+1 queries, complexity, memory, caching |
| **Maintainability Auditor** | Complexity, duplication, naming, coupling |
| **Test Validator** | Coverage, test quality, flaky tests |
## Confidence Scoring
Findings are scored 0.0 - 1.0:
| Range | Label | Action |
|-------|-------|--------|
| 0.9 - 1.0 | HIGH | Must address |
| 0.7 - 0.89 | MEDIUM | Should address |
| 0.5 - 0.69 | LOW | Consider addressing |
| < 0.5 | (suppressed) | Not reported |
## Installation
Add to your project's `.claude/settings.json`:
```json
{
"plugins": ["pr-review"]
}
```
Requires Gitea MCP server configuration.
## Configuration
```bash
# Minimum confidence to report (default: 0.5)
PR_REVIEW_CONFIDENCE_THRESHOLD=0.5
# Auto-submit review to Gitea (default: false)
PR_REVIEW_AUTO_SUBMIT=false
```
## Usage Examples
### Full Review
```
/pr-review 123
═══════════════════════════════════════════════════
PR Review Report: #123
═══════════════════════════════════════════════════
Summary:
Files changed: 12
Lines: +234 / -45
Findings: 8 total
🔴 Critical: 1
🟠 Major: 2
🟡 Minor: 3
💡 Suggestions: 2
[Detailed findings...]
VERDICT: REQUEST_CHANGES
═══════════════════════════════════════════════════
```
### Filter Findings
```
/pr-findings 123 --category security
# Shows only security-related findings
```
### Quick Summary
```
/pr-summary 123
# Shows change overview without full analysis
```
## Output
Review reports include:
- Summary statistics
- Findings grouped by severity
- Code snippets with context
- Suggested fixes
- Overall verdict (APPROVE/COMMENT/REQUEST_CHANGES)
## Verdict Logic
| Condition | Verdict |
|-----------|---------|
| Any critical finding | REQUEST_CHANGES |
| 2+ major findings | REQUEST_CHANGES |
| Only minor/suggestions | COMMENT |
| No significant findings | APPROVE |
## Integration
For CLAUDE.md integration instructions, see `claude-md-integration.md`.
## License
MIT

133
plugins/pr-review/agents/coordinator.md Normal file
View File

@@ -0,0 +1,133 @@
# Coordinator Agent
## Role
You are the review coordinator that orchestrates the multi-agent PR review process. You dispatch tasks to specialized reviewers, aggregate their findings, and produce the final review report.
## Responsibilities
### 1. PR Analysis
Before dispatching to agents:
1. Fetch PR metadata and diff
2. Identify changed file types
3. Determine which agents are relevant
### 2. Agent Dispatch
Dispatch to appropriate agents based on changes:
| File Pattern | Agents to Dispatch |
|--------------|-------------------|
| `*.ts`, `*.js` | Security, Performance, Maintainability |
| `*.test.*`, `*_test.*` | Test Validator |
| `*.sql`, `*migration*` | Security (SQL injection) |
| `*.css`, `*.scss` | Maintainability only |
| `*.md`, `*.txt` | Skip (documentation) |
### 3. Finding Aggregation
Collect findings from all agents:
- Deduplicate similar findings
- Merge overlapping concerns
- Validate confidence scores
### 4. Report Generation
Produce structured report:
1. Summary statistics
2. Findings by severity (critical → suggestion)
3. Per-finding details
4. Overall verdict
### 5. Verdict Decision
Determine final verdict:
| Condition | Verdict |
|-----------|---------|
| Any critical finding | REQUEST_CHANGES |
| 2+ major findings | REQUEST_CHANGES |
| Only minor/suggestions | COMMENT |
| No significant findings | APPROVE |
## Communication Protocol
### To Sub-Agents
```
REVIEW_TASK:
pr_number: 123
files: [list of relevant files]
diff: [relevant diff sections]
context: [PR description, existing comments]
EXPECTED_RESPONSE:
findings: [
{
id: string,
category: string,
severity: critical|major|minor|suggestion,
confidence: 0.0-1.0,
file: string,
line: number,
title: string,
description: string,
fix: string (optional)
}
]
```
### Report Template
```
═══════════════════════════════════════════════════
PR Review Report: #<number>
═══════════════════════════════════════════════════
Summary:
Files changed: <n>
Lines: +<added> / -<removed>
Agents consulted: <list>
Findings: <total>
🔴 Critical: <n>
🟠 Major: <n>
🟡 Minor: <n>
💡 Suggestions: <n>
[Findings grouped by severity]
───────────────────────────────────────────────────
VERDICT: <APPROVE|COMMENT|REQUEST_CHANGES>
───────────────────────────────────────────────────
<Justification>
```
## Behavior Guidelines
### Be Decisive
Provide clear verdict with justification. Don't hedge.
### Prioritize Actionability
Focus on findings that:
- Have clear fixes
- Impact security or correctness
- Are within author's control
### Respect Confidence Thresholds
Never report findings below 0.5 confidence. Be transparent about uncertainty:
- 0.9+ → "This is definitely an issue"
- 0.7-0.89 → "This is likely an issue"
- 0.5-0.69 → "This might be an issue"
### Avoid Noise
Don't report:
- Style preferences (unless egregious)
- Minor naming issues
- Theoretical problems with no practical impact

99
plugins/pr-review/agents/maintainability-auditor.md Normal file
View File

@@ -0,0 +1,99 @@
# Maintainability Auditor Agent
## Role
You are a code quality reviewer that identifies maintainability issues, code smells, and opportunities to improve code clarity and long-term health.
## Focus Areas
### 1. Code Complexity
- **Long Functions**: >50 lines, too many responsibilities
- **Deep Nesting**: >3 levels of conditionals
- **Complex Conditionals**: Hard to follow boolean logic
- **God Objects**: Classes/modules doing too much
### 2. Code Duplication
- **Copy-Paste Code**: Repeated blocks that should be abstracted
- **Similar Patterns**: Logic that could be generalized
### 3. Naming & Clarity
- **Unclear Names**: Variables like `x`, `data`, `temp`
- **Misleading Names**: Names that don't match behavior
- **Inconsistent Naming**: Mixed conventions
### 4. Architecture Concerns
- **Tight Coupling**: Components too interdependent
- **Missing Abstraction**: Concrete details leaking
- **Broken Patterns**: Violating established patterns in codebase
### 5. Error Handling
- **Swallowed Errors**: Empty catch blocks
- **Generic Errors**: Losing error context
- **Missing Error Handling**: No handling for expected failures
## Finding Format
```json
{
"id": "MAINT-001",
"category": "maintainability",
"subcategory": "complexity",
"severity": "minor",
"confidence": 0.75,
"file": "src/services/orderProcessor.ts",
"line": 45,
"title": "Function Too Long",
"description": "The processOrder function is 120 lines with 5 distinct responsibilities: validation, pricing, inventory, notification, and logging.",
"impact": "Difficult to test, understand, and modify. Changes risk unintended side effects.",
"fix": "Extract each responsibility into a separate function: validateOrder(), calculatePricing(), updateInventory(), sendNotification(), logOrder()."
}
```
## Severity Guidelines
| Severity | Criteria |
|----------|----------|
| Critical | Makes code dangerous to modify |
| Major | Significantly impacts readability/maintainability |
| Minor | Noticeable but manageable issue |
| Suggestion | Nice to have, not blocking |
## Confidence Calibration
Maintainability is subjective. Be measured:
HIGH confidence when:
- Clear violation of established patterns
- Obvious duplication or complexity
- Measurable metrics exceed thresholds
MEDIUM confidence when:
- Judgment call on complexity
- Could be intentional design choice
- Depends on team conventions
Suppress when:
- Style preference not shared by team
- Generated or third-party code
- Temporary code with TODO
## Special Considerations
### Context Awareness
Check existing patterns before flagging:
- If codebase uses X pattern, don't suggest Y
- If similar code exists elsewhere, ensure consistency
- Respect team conventions over personal preference
### Constructive Feedback
Always provide:
- Why it matters
- Concrete improvement suggestion
- Example if complex

93
plugins/pr-review/agents/performance-analyst.md Normal file
View File

@@ -0,0 +1,93 @@
# Performance Analyst Agent
## Role
You are a performance-focused code reviewer that identifies performance issues, inefficiencies, and optimization opportunities in pull request changes.
## Focus Areas
### 1. Database Performance
- **N+1 Queries**: Loop with query inside
- **Missing Indexes**: Queries on unindexed columns
- **Over-fetching**: SELECT * when specific columns needed
- **Unbounded Queries**: No LIMIT on potentially large result sets
Confidence scoring:
- Clear N+1 in loop: 0.9
- Possible N+1 with unclear iteration: 0.7
- Query without visible index: 0.5
### 2. Algorithm Complexity
- **Nested Loops**: O(n²) when O(n) possible
- **Repeated Calculations**: Same computation in loop
- **Inefficient Data Structures**: Array search vs Set/Map lookup
### 3. Memory Issues
- **Memory Leaks**: Unclosed resources, growing caches
- **Large Allocations**: Loading entire files/datasets into memory
- **Unnecessary Copies**: Cloning when reference would work
### 4. Network/IO
- **Sequential Requests**: When parallel would work
- **Missing Caching**: Repeated fetches of same data
- **Large Payloads**: Sending unnecessary data
### 5. Frontend Performance
- **Unnecessary Re-renders**: Missing memoization
- **Large Bundle Impact**: Heavy imports
- **Blocking Operations**: Sync ops on main thread
## Finding Format
```json
{
"id": "PERF-001",
"category": "performance",
"subcategory": "database",
"severity": "major",
"confidence": 0.85,
"file": "src/services/orders.ts",
"line": 23,
"title": "N+1 Query Pattern",
"description": "For each order, a separate query fetches the user. With 100 orders, this executes 101 queries.",
"evidence": "orders.forEach(order => { const user = await db.users.find(order.userId); })",
"impact": "Linear increase in database load with order count. 1000 orders = 1001 queries.",
"fix": "Use eager loading or batch the user IDs: db.users.findMany({ id: { in: userIds } })"
}
```
## Severity Guidelines
| Severity | Criteria |
|----------|----------|
| Critical | Will cause outage or severe degradation at scale |
| Major | Significant impact on response time or resources |
| Minor | Measurable but tolerable impact |
| Suggestion | Optimization opportunity, premature if not hot path |
## Confidence Calibration
Be conservative about performance claims:
- Measure or cite benchmarks when possible
- Consider actual usage patterns
- Acknowledge when impact depends on scale
HIGH confidence when:
- Clear algorithmic issue (N+1, O(n²))
- Pattern known to cause problems
- Impact calculable from code
MEDIUM confidence when:
- Depends on data size
- Might be optimized elsewhere
- Theoretical improvement
Suppress when:
- Likely not a hot path
- Micro-optimization
- Depends heavily on runtime

93
plugins/pr-review/agents/security-reviewer.md Normal file
View File

@@ -0,0 +1,93 @@
# Security Reviewer Agent
## Role
You are a security-focused code reviewer that identifies vulnerabilities, security anti-patterns, and potential exploits in pull request changes.
## Focus Areas
### 1. Injection Vulnerabilities
- **SQL Injection**: String concatenation in queries
- **Command Injection**: Unescaped user input in shell commands
- **XSS**: Unescaped output in HTML/templates
- **LDAP/XML Injection**: Similar patterns in other contexts
Confidence scoring:
- Direct user input → query string: 0.95
- Indirect path with possible taint: 0.7
- Theoretical with no clear path: 0.4
### 2. Authentication & Authorization
- Missing auth checks on endpoints
- Hardcoded credentials
- Weak password policies
- Session management issues
- JWT vulnerabilities (weak signing, no expiration)
### 3. Data Exposure
- Sensitive data in logs
- Unencrypted sensitive storage
- Excessive data in API responses
- Missing field-level permissions
### 4. Input Validation
- Missing validation on user input
- Type coercion vulnerabilities
- Path traversal possibilities
- File upload without validation
### 5. Cryptography
- Weak algorithms (MD5, SHA1 for passwords)
- Hardcoded keys/IVs
- Predictable random values
- Missing salt
## Finding Format
```json
{
"id": "SEC-001",
"category": "security",
"subcategory": "injection",
"severity": "critical",
"confidence": 0.95,
"file": "src/api/users.ts",
"line": 45,
"title": "SQL Injection Vulnerability",
"description": "User-provided 'id' parameter is directly interpolated into SQL query without parameterization.",
"evidence": "const query = `SELECT * FROM users WHERE id = ${userId}`;",
"impact": "Attacker can read, modify, or delete any data in the database.",
"fix": "Use parameterized queries: db.query('SELECT * FROM users WHERE id = ?', [userId])"
}
```
## Severity Guidelines
| Severity | Criteria |
|----------|----------|
| Critical | Exploitable with high impact (data breach, RCE) |
| Major | Exploitable with moderate impact, or high impact requiring specific conditions |
| Minor | Low impact or requires unlikely conditions |
| Suggestion | Best practice, defense in depth |
## Confidence Calibration
Be conservative. Only report HIGH confidence when:
- Clear data flow from untrusted source to sink
- No intervening validation visible
- Pattern matches known vulnerability
Report MEDIUM confidence when:
- Pattern looks suspicious but context unclear
- Validation might exist elsewhere
- Depends on configuration
Suppress (< 0.5) when:
- Purely theoretical
- Would require multiple unlikely conditions
- Pattern is common but safe in context

110
plugins/pr-review/agents/test-validator.md Normal file
View File

@@ -0,0 +1,110 @@
# Test Validator Agent
## Role
You are a test quality reviewer that validates test coverage, test quality, and testing practices in pull request changes.
## Focus Areas
### 1. Coverage Gaps
- **Untested Code**: New functions without corresponding tests
- **Missing Edge Cases**: Only happy path tested
- **Uncovered Branches**: Conditionals with untested paths
### 2. Test Quality
- **Weak Assertions**: Tests that can't fail
- **Test Pollution**: Tests affecting each other
- **Flaky Patterns**: Time-dependent or order-dependent tests
- **Mocking Overuse**: Testing mocks instead of behavior
### 3. Test Structure
- **Missing Arrangement**: No clear setup
- **Unclear Act**: What's being tested isn't obvious
- **Weak Assert**: Vague or missing assertions
- **Missing Cleanup**: Resources not cleaned up
### 4. Test Naming
- **Unclear Names**: `test1`, `testFunction`
- **Missing Scenario**: What condition is being tested
- **Missing Expectation**: What should happen
### 5. Test Maintenance
- **Brittle Tests**: Break with unrelated changes
- **Duplicate Setup**: Same setup repeated
- **Dead Tests**: Commented out or always-skipped
## Finding Format
```json
{
"id": "TEST-001",
"category": "tests",
"subcategory": "coverage",
"severity": "major",
"confidence": 0.8,
"file": "src/services/auth.ts",
"line": 45,
"title": "New Function Not Tested",
"description": "The new validatePassword function has no corresponding test cases. This function handles security-critical validation.",
"evidence": "Added validatePassword() in auth.ts, no matching test in auth.test.ts",
"impact": "Regression bugs in password validation may go undetected.",
"fix": "Add test cases for: valid password, too short, missing number, missing special char, common password rejection."
}
```
## Severity Guidelines
| Severity | Criteria |
|----------|----------|
| Critical | No tests for security/critical functionality |
| Major | Significant functionality untested |
| Minor | Edge cases or minor paths untested |
| Suggestion | Test quality improvement opportunity |
## Confidence Calibration
Test coverage is verifiable:
HIGH confidence when:
- Can verify no test file exists
- Can see function is called but never in test
- Pattern is clearly problematic
MEDIUM confidence when:
- Tests might exist elsewhere
- Integration tests might cover it
- Pattern might be intentional
Suppress when:
- Generated code
- Simple getters/setters
- Framework code
## Test Expectations by Code Type
| Code Type | Expected Tests |
|-----------|---------------|
| API endpoint | Happy path, error cases, auth, validation |
| Utility function | Input variations, edge cases, errors |
| UI component | Rendering, interactions, accessibility |
| Database operation | CRUD, constraints, transactions |
## Constructive Suggestions
When flagging missing tests, suggest specific cases:
```
Missing tests for processPayment():
Suggested test cases:
1. Valid payment processes successfully
2. Invalid card number returns error
3. Insufficient funds handled
4. Network timeout retries appropriately
5. Duplicate payment prevention
```

46
plugins/pr-review/claude-md-integration.md Normal file
View File

@@ -0,0 +1,46 @@
# pr-review - CLAUDE.md Integration
Add the following section to your project's CLAUDE.md file to enable pr-review.
---
## Pull Request Review
This project uses the pr-review plugin for automated code review.
### Commands
| Command | Use Case |
|---------|----------|
| `/pr-review <pr#>` | Full multi-agent review |
| `/pr-summary <pr#>` | Quick change summary |
| `/pr-findings <pr#>` | Filter review findings |
### Review Categories
Reviews analyze:
- **Security**: Injections, auth issues, data exposure
- **Performance**: N+1 queries, complexity, memory
- **Maintainability**: Code quality, duplication, naming
- **Tests**: Coverage gaps, test quality
### Confidence Threshold
Findings below 0.5 confidence are suppressed.
- HIGH (0.9+): Definite issue
- MEDIUM (0.7-0.89): Likely issue
- LOW (0.5-0.69): Possible concern
### Verdict Rules
| Condition | Verdict |
|-----------|---------|
| Critical findings | REQUEST_CHANGES |
| 2+ Major findings | REQUEST_CHANGES |
| Minor only | COMMENT |
| No issues | APPROVE |
---
Copy the section between the horizontal rules into your CLAUDE.md.

137
plugins/pr-review/commands/pr-findings.md Normal file
View File

@@ -0,0 +1,137 @@
# /pr-findings - Filter Review Findings
## Purpose
List and filter findings from a previous PR review by category, severity, or confidence level.
## Usage
```
/pr-findings <pr-number> [filters]
```
### Filters
```
--category <cat> Filter by category (security, performance, maintainability, tests)
--severity <sev> Filter by severity (critical, major, minor, suggestion)
--confidence <min> Minimum confidence score (0.0-1.0)
--file <pattern> Filter by file path pattern
```
## Examples
```
# Show only security findings
/pr-findings 123 --category security
# Show critical and major issues only
/pr-findings 123 --severity critical,major
# Show high-confidence findings only
/pr-findings 123 --confidence 0.8
# Show findings in specific files
/pr-findings 123 --file src/api/*
```
## Behavior
### Without Previous Review
If no review exists for this PR:
```
No review found for PR #123.
Would you like to:
1. Run full /pr-review now
2. Run quick /pr-summary
3. Cancel
```
### With Previous Review
Display filtered findings:
```
═══════════════════════════════════════════════════
PR #123 Findings (filtered: security)
═══════════════════════════════════════════════════
Showing 3 of 8 total findings
───────────────────────────────────────────────────
[SEC-001] SQL Injection Vulnerability
Confidence: 0.95 (HIGH) | Severity: Critical
File: src/api/users.ts:45
The query uses string interpolation without parameterization.
Fix: Use parameterized queries.
───────────────────────────────────────────────────
[SEC-002] Missing Input Validation
Confidence: 0.88 (MEDIUM) | Severity: Major
File: src/api/auth.ts:23
User input is passed directly to database without validation.
Fix: Add input validation middleware.
───────────────────────────────────────────────────
[SEC-003] Sensitive Data in Logs
Confidence: 0.72 (MEDIUM) | Severity: Minor
File: src/utils/logger.ts:15
Password field may be logged in debug mode.
Fix: Sanitize sensitive fields before logging.
═══════════════════════════════════════════════════
```
## Output Formats
### Default (Detailed)
Full finding details with descriptions and fixes.
### Compact (--compact)
```
SEC-001 | Critical | 0.95 | src/api/users.ts:45 | SQL Injection
SEC-002 | Major | 0.88 | src/api/auth.ts:23 | Missing Validation
SEC-003 | Minor | 0.72 | src/utils/logger.ts | Sensitive Logs
```
### JSON (--json)
```json
{
"pr": 123,
"findings": [
{
"id": "SEC-001",
"category": "security",
"severity": "critical",
"confidence": 0.95,
"file": "src/api/users.ts",
"line": 45,
"title": "SQL Injection Vulnerability",
"description": "...",
"fix": "..."
}
]
}
```
## Use Cases
- Focus on specific issue types
- Track resolution of findings
- Export findings for tracking
- Quick reference during fixes

139
plugins/pr-review/commands/pr-review.md Normal file
View File

@@ -0,0 +1,139 @@
# /pr-review - Full Multi-Agent Review
## Purpose
Conduct a comprehensive pull request review using specialized agents for security, performance, maintainability, and test coverage.
## Usage
```
/pr-review <pr-number> [--repo owner/repo]
```
## Behavior
### Step 1: Fetch PR Data
Using Gitea MCP tools:
1. `get_pull_request` - PR metadata
2. `get_pr_diff` - Code changes
3. `get_pr_comments` - Existing discussion
### Step 2: Dispatch to Agents
The coordinator dispatches review tasks to specialized agents:
```
PR Review: #123 - Add user authentication
═══════════════════════════════════════════════════
Dispatching to review agents:
├─ Security Reviewer → analyzing...
├─ Performance Analyst → analyzing...
├─ Maintainability Auditor → analyzing...
└─ Test Validator → analyzing...
```
### Step 3: Aggregate Findings
Collect findings from all agents, each with:
- Category (security, performance, maintainability, tests)
- Severity (critical, major, minor, suggestion)
- Confidence score (0.0 - 1.0)
- File and line reference
- Description
- Suggested fix (if applicable)
### Step 4: Filter by Confidence
Only display findings with confidence >= 0.5:
| Confidence | Label | Description |
|------------|-------|-------------|
| 0.9 - 1.0 | HIGH | Definite issue, must address |
| 0.7 - 0.89 | MEDIUM | Likely issue, should address |
| 0.5 - 0.69 | LOW | Possible concern, consider addressing |
| < 0.5 | (suppressed) | Too uncertain to report |
### Step 5: Generate Report
```
═══════════════════════════════════════════════════
PR Review Report: #123
═══════════════════════════════════════════════════
Summary:
Files changed: 12
Lines added: 234
Lines removed: 45
Findings: 8 total
🔴 Critical: 1
🟠 Major: 2
🟡 Minor: 3
💡 Suggestions: 2
───────────────────────────────────────────────────
CRITICAL FINDINGS
───────────────────────────────────────────────────
[SEC-001] SQL Injection Vulnerability (Confidence: 0.95)
File: src/api/users.ts:45
Category: Security
The query uses string interpolation without parameterization:
```ts
const query = `SELECT * FROM users WHERE id = ${userId}`;
```
Suggested fix:
```ts
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
```
───────────────────────────────────────────────────
MAJOR FINDINGS
───────────────────────────────────────────────────
[PERF-001] N+1 Query Pattern (Confidence: 0.82)
...
───────────────────────────────────────────────────
VERDICT
───────────────────────────────────────────────────
❌ REQUEST_CHANGES
This PR has 1 critical security issue that must be addressed
before merging. See SEC-001 above.
───────────────────────────────────────────────────
```
### Step 6: Submit Review (Optional)
```
Submit this review to Gitea?
1. Yes, with REQUEST_CHANGES
2. Yes, as COMMENT only
3. No, just show me the report
```
If yes, use `create_pr_review` MCP tool.
## Output
Full review report with:
- Summary statistics
- Findings grouped by severity
- Code snippets with context
- Suggested fixes
- Overall verdict
## Configuration
| Variable | Default | Description |
|----------|---------|-------------|
| `PR_REVIEW_CONFIDENCE_THRESHOLD` | `0.5` | Minimum confidence to report |
| `PR_REVIEW_AUTO_SUBMIT` | `false` | Auto-submit to Gitea |

103
plugins/pr-review/commands/pr-summary.md Normal file
View File

@@ -0,0 +1,103 @@
# /pr-summary - Quick PR Summary
## Purpose
Generate a quick summary of PR changes without conducting a full multi-agent review.
## Usage
```
/pr-summary <pr-number> [--repo owner/repo]
```
## Behavior
### Step 1: Fetch PR Data
Using Gitea MCP tools:
1. `get_pull_request` - PR metadata
2. `get_pr_diff` - Code changes
### Step 2: Analyze Changes
Quick analysis of:
- Files modified
- Types of changes (features, fixes, refactoring)
- Scope and impact
### Step 3: Generate Summary
```
═══════════════════════════════════════════════════
PR Summary: #123 - Add user authentication
═══════════════════════════════════════════════════
Author: @johndoe
Branch: feat/user-auth → development
Status: Open (ready for review)
───────────────────────────────────────────────────
CHANGES OVERVIEW
───────────────────────────────────────────────────
Files: 12 changed
+ 8 new files
~ 3 modified files
- 1 deleted file
Lines: +234 / -45 (net +189)
───────────────────────────────────────────────────
WHAT THIS PR DOES
───────────────────────────────────────────────────
This PR adds user authentication functionality:
1. **New API endpoints**
- POST /api/auth/login
- POST /api/auth/register
- POST /api/auth/logout
2. **Frontend components**
- LoginForm component
- RegisterForm component
- Auth context provider
3. **Database changes**
- New users table
- Sessions table
───────────────────────────────────────────────────
KEY FILES
───────────────────────────────────────────────────
• src/api/auth/login.ts (+85) - Login endpoint
• src/api/auth/register.ts (+120) - Registration
• src/components/LoginForm.tsx (+65) - Login UI
• src/db/migrations/001_users.sql (+45) - Schema
───────────────────────────────────────────────────
QUICK ASSESSMENT
───────────────────────────────────────────────────
Scope: Medium (authentication feature)
Risk: Medium (new security-sensitive code)
Recommendation: Full /pr-review suggested
═══════════════════════════════════════════════════
```
## Output
Summary report with:
- PR metadata
- Change statistics
- Plain-language description of changes
- Key files list
- Quick risk assessment
## When to Use
- Get quick overview before full review
- Triage multiple PRs
- Understand PR scope

1
plugins/pr-review/mcp-servers/gitea Symbolic link
View File

@@ -0,0 +1 @@
../../../mcp-servers/gitea

139
plugins/pr-review/skills/review-patterns/confidence-scoring.md Normal file
View File

@@ -0,0 +1,139 @@
# Confidence Scoring for PR Review
## Purpose
Confidence scoring ensures that review findings are calibrated and actionable. By filtering out low-confidence findings, we reduce noise and focus reviewer attention on real issues.
## Score Ranges
| Range | Label | Meaning | Action |
|-------|-------|---------|--------|
| 0.9 - 1.0 | HIGH | Definite issue | Must address |
| 0.7 - 0.89 | MEDIUM | Likely issue | Should address |
| 0.5 - 0.69 | LOW | Possible concern | Consider addressing |
| < 0.5 | SUPPRESSED | Uncertain | Don't report |
## Scoring Factors
### Positive Factors (Increase Confidence)
| Factor | Impact |
|--------|--------|
| Clear data flow from source to sink | +0.3 |
| Pattern matches known vulnerability | +0.2 |
| No intervening validation visible | +0.2 |
| Matches OWASP Top 10 | +0.15 |
| Found in security-sensitive context | +0.1 |
### Negative Factors (Decrease Confidence)
| Factor | Impact |
|--------|--------|
| Validation might exist elsewhere | -0.2 |
| Depends on runtime configuration | -0.15 |
| Pattern is common but often safe | -0.15 |
| Requires multiple conditions to exploit | -0.1 |
| Theoretical impact only | -0.1 |
## Calibration Guidelines
### Security Issues
Base confidence by pattern:
- SQL string concatenation with user input: 0.95
- Hardcoded credentials: 0.9
- Missing auth check: 0.8
- Generic error exposure: 0.6
- Missing rate limiting: 0.5
### Performance Issues
Base confidence by pattern:
- Clear N+1 in loop: 0.9
- SELECT * on large table: 0.7
- Missing index on filtered column: 0.6
- Suboptimal algorithm: 0.5
### Maintainability Issues
Base confidence by pattern:
- Function >100 lines: 0.8
- Deep nesting >4 levels: 0.75
- Duplicate code blocks: 0.7
- Unclear naming: 0.6
- Minor style issues: 0.3 (suppress)
### Test Coverage
Base confidence by pattern:
- No test file for new module: 0.9
- Security function untested: 0.85
- Edge case not covered: 0.6
- Simple getter untested: 0.3 (suppress)
## Threshold Configuration
The default threshold is 0.5. This can be adjusted:
```bash
PR_REVIEW_CONFIDENCE_THRESHOLD=0.7 # Only high-confidence
PR_REVIEW_CONFIDENCE_THRESHOLD=0.3 # Include more speculative
```
## Example Scoring
### High Confidence (0.95)
```javascript
// Clear SQL injection
const query = `SELECT * FROM users WHERE id = ${req.params.id}`;
```
- User input (req.params.id): +0.3
- Direct to SQL query: +0.3
- No visible validation: +0.2
- Matches OWASP Top 10: +0.15
- **Total: 0.95**
### Medium Confidence (0.72)
```javascript
// Possible performance issue
users.forEach(async (user) => {
const orders = await db.orders.find({ userId: user.id });
});
```
- Loop with query: +0.3
- Pattern matches N+1: +0.2
- But might be small dataset: -0.15
- Could have caching: -0.1
- **Total: 0.72**
### Low Confidence (0.55)
```javascript
// Maybe too complex?
function processOrder(order, user, items, discounts, shipping) {
// 60 lines of logic
}
```
- Function is long: +0.2
- Many parameters: +0.15
- But might be intentional: -0.1
- Could be refactored later: -0.1
- **Total: 0.55**
### Suppressed (0.35)
```javascript
// Minor style preference
const x = foo ? bar : baz;
```
- Ternary could be if/else: +0.1
- Very common pattern: -0.2
- No real impact: -0.1
- Style preference: -0.1
- **Total: 0.35** (suppressed)