Skip to content

feat: improve AI reviewer assumption handling to reduce spam #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LearningCircuit merged 4 commits into from
Nov 9, 2025
Merged

feat: improve AI reviewer assumption handling to reduce spam #13

LearningCircuit merged 4 commits into from
Nov 9, 2025

Conversation

@LearningCircuit
Copy link
Owner

@LearningCircuit LearningCircuit commented Nov 9, 2025

Summary

  • Prevents AI from spamming users with questions about unverifiable issues
  • Makes "skip" the default behavior when context is missing from the diff
  • Only allows clarification questions for critical issues (security, breaking bugs, data loss)
  • Requires explicit labeling of inferences as "Inference (not verified)"

Changes

Updated the AI reviewer prompt in ai-reviewer.sh to handle assumptions more carefully:

  • Default behavior: Skip issues that can't be verified from the diff
  • Critical issues only: Ask for clarification only for security vulnerabilities, breaking bugs, or data loss risks
  • Non-critical inferences: Must be explicitly labeled as "Inference (not verified)"
  • Focus on visible code: Emphasizes reviewing only what's directly in the diff

Test plan

  • Test with a PR that has missing context (e.g., configuration not in diff)
  • Verify AI doesn't ask questions about non-critical missing context
  • Verify AI does ask about critical issues when context is missing
  • Verify inferences are properly labeled when made

@LearningCircuit
feat: improve AI reviewer assumption handling to reduce spam
7063536 
Update the prompt to prevent the AI from spamming users with questions
about unverifiable issues. Changes:
- Default to skipping issues that can't be verified from the diff
- Only ask for clarification on critical issues (security, breaking bugs, data loss)
- Require explicit labeling of inferences as "Inference (not verified)"
- Emphasize focusing on directly visible issues in the diff

This makes reviews more honest and actionable while avoiding noise
from assumptions about code not shown in the diff.
@LearningCircuit LearningCircuit added the ai_code_review Friendly AI Code Review label Nov 9, 2025
@github-actions
Copy link

github-actions bot commented Nov 9, 2025

AI Code Review

Error: AI returned empty response

Review by Friendly AI Reviewer - made with ❤️

@github-actions github-actions bot removed the ai_code_review Friendly AI Code Review label Nov 9, 2025
@LearningCircuit LearningCircuit added the ai_code_review Friendly AI Code Review label Nov 9, 2025
@github-actions
Copy link

github-actions bot commented Nov 9, 2025

AI Code Review

Error: AI returned empty response

Review by Friendly AI Reviewer - made with ❤️

@github-actions github-actions bot removed the ai_code_review Friendly AI Code Review label Nov 9, 2025
@LearningCircuit LearningCircuit added the ai_code_review Friendly AI Code Review label Nov 9, 2025
@github-actions
Copy link

github-actions bot commented Nov 9, 2025

AI Code Review

🔴 Critical Issues

Security Vulnerability - Debug Logging Exposes Sensitive Data

  • .github/workflows/ai-code-reviewer.yml: Unconditional debug output (echo "$AI_RESPONSE") prints raw AI responses containing full code diffs and potentially API keys/tokens to CI logs
  • ai-reviewer.sh: Debug block dumps full API response to stderr when CONTENT is empty, exposing sensitive data in GitHub Actions logs
  • Risk: CI logs may be accessible to unauthorized users or leaked in public repositories; could violate security best practices for secret handling
  • Recommendation: Remove debug code or guard behind strict DEBUG_MODE flag that defaults to false

Cannot Verify from Diff - Please Confirm

  • Debug code is marked "temporarily" in comments but no removal plan is visible. Will this be removed before merge? Merging debug logging to main would create persistent security risk.

🟡 High-Value Improvements

Prompt Enhancement (Excellent)

  • New instructions effectively reduce spam by:
    • Defaulting to skip unverifiable issues
    • Restricting clarification questions to critical issues only (security, breaking bugs, data loss)
    • Requiring explicit "Inference (not verified)" labeling
    • Emphasizing focus on diff-visible code
  • Clear, actionable guidance that should significantly improve review quality

🟢 Code Quality Notes

Best Practices

  • Debug code should use conditional flags (if [ "$DEBUG_MODE" = "true" ]) rather than hardcoded output
  • Consider adding TODO: comments for temporary debug code to prevent accidental permanent merges
  • Prompt structure is well-organized with clear bullet points and hierarchy

Performance

  • No performance impact from changes; debug logging is I/O negligible

Review by Friendly AI Reviewer - made with ❤️

@github-actions github-actions bot added security Auto-created by AI reviewer enhancement New feature or request ci Auto-created by AI reviewer and removed ai_code_review Friendly AI Code Review labels Nov 9, 2025
@LearningCircuit
feat: add structured review format with verdict and overall feedback
7a4f150 
- Require short overall feedback summary at the start (1-2 sentences)
- Enforce one of three verdicts at the end: Approved, Approved with recommendations, or Request changes
- Remove debug logging and restore DEBUG_MODE conditional
- Ensure every review has clear approval status
@LearningCircuit LearningCircuit added the ai_code_review Friendly AI Code Review label Nov 9, 2025
@github-actions
Copy link

github-actions bot commented Nov 9, 2025

AI Code Review

Overall Feedback: The prompt improvements effectively address spam concerns by establishing clear rules for handling missing context and enforcing structured review output. The changes are well-structured and should significantly improve review quality.

Detailed Findings:

  • Prompt Clarity: New instructions explicitly define when to skip issues, when to ask for clarification, and how to label inferences, which directly addresses the PR's spam reduction goal
  • Structured Output: Requiring a short summary, detailed findings, and explicit verdict creates consistent, actionable reviews
  • Verdict Enforcement: Adding instruction Update README.md #4 ensures reviewers will always provide clear approval status
  • Bash Syntax: Proper escaping of internal quotes maintains script integrity
  • Focus on High-Value Issues: Emphasis on "critical issues only" for clarification questions aligns with best practices

✅ Approved

Review by Friendly AI Reviewer - made with ❤️

@github-actions github-actions bot removed the ai_code_review Friendly AI Code Review label Nov 9, 2025
@LearningCircuit LearningCircuit merged commit 7ec19ae into main Nov 9, 2025
1 check passed
@LearningCircuit LearningCircuit deleted the feat/improve-assumption-handling branch November 9, 2025 15:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ci Auto-created by AI reviewer enhancement New feature or request security Auto-created by AI reviewer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LearningCircuit