Skip to content

docs: add REVIEW.md for KiloCode automated review guidance#983

Merged
anandgupta42 merged 1 commit into
mainfrom
docs/add-review-md
Jul 5, 2026
Merged

docs: add REVIEW.md for KiloCode automated review guidance#983
anandgupta42 merged 1 commit into
mainfrom
docs/add-review-md

Conversation

@anandgupta42

@anandgupta42 anandgupta42 commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

What this is

Adds a root REVIEW.md that the KiloCode automated code reviewer reads from the PR base branch as repo-specific review guidance. It activates automatically once this merges to main — Kilo just needs the "Use REVIEW.md" setting enabled.

How it was built

Mined from this repo's own history: 172 fix commits (~18 months) and ~90 human PR review comments, condensed into a single ~9,500-character digest evidence base. Every focus area below cites the specific fix commits/PRs that motivated it — no generic advice.

Top focus areas

  • Effect values awaited without being runawait ctx.ask(...)-style calls only awaited the Effect wrapper object without executing it, shipping a real permission-check bypass. Now called out as a Critical pattern to catch.
  • Session/worker/tool lifecycle races (~12 fix commits) — cancel()/idle-state races, worker leaks on invalid --session, stale-file races, DuckDB concurrent-access retries.
  • Fork-merge hygienealtimate_change marker discipline (100% coverage bar) and guidance on when Marker Guard false-positives on deep edits inside already-marked blocks vs. genuine upstream-only API leakage (LanguageModelV3* vs the shipped V2 surface).
  • V2-vs-shipped surface confusion — the fork carries a parallel, unshipped V2 HttpApi (packages/server) alongside the real shipped server (packages/opencode/src/server); several past review findings were false positives against the dead surface.
  • dbt/warehouse connector correctness — the single largest fix-commit cluster (dbt YAML file-kind classification, BigQuery/Snowflake SQL correctness).
  • SQL/HTML injection patterns, config/schema cache invalidation gaps, and cross-platform shell-script assumptions round out the remaining focus areas.

🤖 Generated with Claude Code


Summary by cubic

Adds a root REVIEW.md to guide KiloCode’s automated reviews with repo-specific rules. This reduces false positives (e.g., V2 vs shipped surface) and focuses checks on real risks like unrun Effects and session/worker races.

  • Migration
    • After merge to main, enable “Use REVIEW.md” in Kilo settings to activate.

Written for commit a3be9ae. Summary will update on new commits.

Review in cubic

Summary by CodeRabbit

  • Documentation
    • Added a repository-specific review guide with guidance on what to trust, what to verify in CI, and how to assess issue severity.
    • Included key areas to review carefully, common pitfalls to catch, and project-specific invariants and known exceptions.
    • Clarified review comment formatting and when to skip non-substantive changes.

Built by mining 172 fix commits (18mo) and ~90 human PR review comments
from this repo. Top focus areas: Effect values awaited without being run
(shipped a real permission bypass), session/worker race conditions,
altimate_change marker/fork-merge hygiene, V2-vs-shipped server surface
confusion, and dbt/warehouse connector correctness.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

A new documentation file, REVIEW.md, is added to the repository defining a code review policy: scope boundaries, evidence standards, severity calibration, targeted bug classes, repo invariants, exclusions, and comment formatting rules.

Changes

Review policy documentation

Layer / File(s) Summary
REVIEW.md policy content
REVIEW.md
Adds a new review guide covering trust boundaries vs CI, evidence-first standards, severity levels, targeted bug classes, repo invariants, exclusions, no-auto-edit areas, and comment style rules.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Poem

A rabbit hops with a checklist bright,
REVIEW.md guides review, day and night.
Effects unrun, races untamed,
Markers misused, now clearly named.
Hop, hop, review — done just right! 🐇📄

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description covers the change but misses the required template sections, including PINEAPPLE, Summary, Test Plan, and Checklist. Add PINEAPPLE at the top, then fill in the required Summary, Test Plan, and Checklist sections per the repository template.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main change: adding REVIEW.md for automated review guidance.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/add-review-md

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@kilo-code-bot

kilo-code-bot Bot commented Jul 5, 2026

Copy link
Copy Markdown

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 file)
  • REVIEW.md

Reviewed by glm-5.2 · Input: 24.1K · Output: 2.2K · Cached: 85.4K

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
REVIEW.md (2)

12-13: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Avoid claiming compile-time enforcement.

Marker checks are enforced in CI, not at compile time. That wording overstates the guarantee and may mislead reviewers about when marker failures surface.

🛠 Suggested wording
-- **`Marker Guard`** — presence/format of `altimate_change` marker comments is CI-enforced at compile time (see `#872`, `#904`). Don't flag a *missing* marker as a guess; CI will fail the PR. Do still flag *misuse* (see Focus Areas below) since Marker Guard checks presence, not correctness.
+- **`Marker Guard`** — presence/format of `altimate_change` marker comments is CI-enforced (see `#872`, `#904`). Don't flag a *missing* marker as a guess; CI will fail the PR. Do still flag *misuse* (see Focus Areas below) since Marker Guard checks presence, not correctness.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@REVIEW.md` around lines 12 - 13, The “Marker Guard” note overstates the
guarantee by saying marker presence/format is enforced at compile time; update
the wording in REVIEW.md to say these checks are enforced in CI instead, and
keep the rest of the guidance about not flagging missing markers and not
treating anti-slop output as a merge gate. Use the existing “Marker Guard” and
“anti-slop.yml” bullets as the anchors when revising the phrasing.

16-17: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Exclude REVIEW.md from the docs-only skip.

This blanket exception would make future edits to the review policy itself skip review. Narrow it to generated docs/CHANGELOGs, or explicitly carve out governance docs like REVIEW.md.

🛠 Suggested wording
-- If a PR only touches `.claude/` skills, docs, or trivial config, skip deep review — see Comment style.
+- If a PR only touches `.claude/` skills, generated docs, or trivial config, skip deep review — see Comment style. `REVIEW.md` and other governance docs still need review.

Based on learnings, docs-only diffs can skip deep review, but policy files need an exception.

Also applies to: 69-71

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@REVIEW.md` around lines 16 - 17, The docs-only skip rule in REVIEW.md is too
broad because it would exempt future edits to the review policy itself from
review. Update the policy text near the docs-only exception so it only covers
generated docs, CHANGELOGs, or similarly low-risk artifacts, and explicitly
excludes governance files like REVIEW.md from the skip. Keep the wording aligned
with the existing comment style and make sure the same adjustment is reflected
in the related duplicated guidance referenced by the comment.

Source: Learnings

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@REVIEW.md`:
- Around line 12-13: The “Marker Guard” note overstates the guarantee by saying
marker presence/format is enforced at compile time; update the wording in
REVIEW.md to say these checks are enforced in CI instead, and keep the rest of
the guidance about not flagging missing markers and not treating anti-slop
output as a merge gate. Use the existing “Marker Guard” and “anti-slop.yml”
bullets as the anchors when revising the phrasing.
- Around line 16-17: The docs-only skip rule in REVIEW.md is too broad because
it would exempt future edits to the review policy itself from review. Update the
policy text near the docs-only exception so it only covers generated docs,
CHANGELOGs, or similarly low-risk artifacts, and explicitly excludes governance
files like REVIEW.md from the skip. Keep the wording aligned with the existing
comment style and make sure the same adjustment is reflected in the related
duplicated guidance referenced by the comment.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 11030574-a78a-4ccb-aad7-21a20f813b42

📥 Commits

Reviewing files that changed from the base of the PR and between f0fb1e1 and a3be9ae.

📒 Files selected for processing (1)
  • REVIEW.md

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Re-trigger cubic

@dev-punia-altimate

Copy link
Copy Markdown
Contributor

🤖 Code Review — OpenCodeReview (Gemini) — No Issues Found

No supported files changed.

@anandgupta42 anandgupta42 merged commit 6b1dd22 into main Jul 5, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants