From e9664ac208c85b1c0f45b0f251607cf9c0a94678 Mon Sep 17 00:00:00 2001 From: Shane Brown Date: Sun, 25 Jan 2026 14:36:07 -0700 Subject: [PATCH 1/8] Add multiply function, tests, and CI workflow --- .github/workflows/ci.yml | 26 ++++++++++++++++++++++++++ app.py | 5 +++++ tests/test_app.py | 18 +++++++++++++++++- 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..d0863fdd --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,26 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install dependencies + run: pip install -r requirements.txt + + - name: Run tests + run: pytest -v diff --git a/app.py b/app.py index 8f2f7ae1..971452ce 100644 --- a/app.py +++ b/app.py @@ -14,3 +14,8 @@ def is_even(n: int) -> bool: def reverse_string(s: str) -> str: """Reverse a string.""" return s[::-1] + + +def multiply(a: int, b: int) -> int: + """Multiply two numbers together.""" + return a * b diff --git a/tests/test_app.py b/tests/test_app.py index 79c3e093..05270ea2 100644 --- a/tests/test_app.py +++ b/tests/test_app.py @@ -1,6 +1,6 @@ """Tests for app.py - you'll add more!""" -from app import add, is_even, reverse_string +from app import add, is_even, reverse_string, multiply class TestMath: @@ -22,3 +22,19 @@ def test_reverse(self): def test_is_even(self): assert is_even(4) is True assert is_even(3) is False + + +class TestMultiply: + """Tests for the multiply function.""" + + def test_multiply_positive_numbers(self): + """Test multiplying two positive numbers.""" + assert multiply(3, 4) == 12 + + def test_multiply_by_zero(self): + """Test multiplying by zero.""" + assert multiply(5, 0) == 0 + + def test_multiply_negative_numbers(self): + """Test multiplying negative numbers.""" + assert multiply(-2, 3) == -6 From 719c137650f04e084ebfb82c96ed13532a38190d Mon Sep 17 00:00:00 2001 From: Shane Brown Date: Sun, 25 Jan 2026 15:45:40 -0700 Subject: [PATCH 2/8] Break a test --- tests/test_app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_app.py b/tests/test_app.py index 05270ea2..7f1b40a2 100644 --- a/tests/test_app.py +++ b/tests/test_app.py @@ -29,7 +29,7 @@ class TestMultiply: def test_multiply_positive_numbers(self): """Test multiplying two positive numbers.""" - assert multiply(3, 4) == 12 + assert multiply(9, 9) == 18 def test_multiply_by_zero(self): """Test multiplying by zero.""" From 6d32dd23156bb75dabda9afbfe0f7bc44961f283 Mon Sep 17 00:00:00 2001 From: Shane Brown Date: Sun, 25 Jan 2026 15:47:55 -0700 Subject: [PATCH 3/8] Fix the test --- tests/test_app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_app.py b/tests/test_app.py index 7f1b40a2..68ed9532 100644 --- a/tests/test_app.py +++ b/tests/test_app.py @@ -29,7 +29,7 @@ class TestMultiply: def test_multiply_positive_numbers(self): """Test multiplying two positive numbers.""" - assert multiply(9, 9) == 18 + assert multiply(9, 9) == 81 def test_multiply_by_zero(self): """Test multiplying by zero.""" From fec061a8dc0fd72fe6e548e3fe8f9ec2be6197ae Mon Sep 17 00:00:00 2001 From: Shane Brown Date: Sun, 25 Jan 2026 15:57:30 -0700 Subject: [PATCH 4/8] Add build and artifact upload to CI --- .github/workflows/ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d0863fdd..befd0e65 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,3 +24,12 @@ jobs: - name: Run tests run: pytest -v + + - name: Build package + run: python -m build + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: python-package + path: dist/ From e252c1883c72d65d7f130cd4f19f8f09565d1c7d Mon Sep 17 00:00:00 2001 From: Shane Brown Date: Mon, 26 Jan 2026 19:26:15 -0700 Subject: [PATCH 5/8] Add AI code review script and PR workflow --- .github/workflows/pr-review.yml | 56 +++++++++++++++++++++++++++++++++ requirements.txt | 2 +- scripts/ai_review.py | 45 ++++++++++++++++++++++++++ scripts/sample_diff.txt | 17 ++++++++++ 4 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/pr-review.yml create mode 100644 scripts/ai_review.py create mode 100644 scripts/sample_diff.txt diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml new file mode 100644 index 00000000..1bbebca3 --- /dev/null +++ b/.github/workflows/pr-review.yml @@ -0,0 +1,56 @@ +name: AI Code Review + +on: + pull_request: + branches: [main] + +permissions: + contents: read + pull-requests: write + +jobs: + review: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install dependencies + run: pip install -r requirements.txt + + - name: Get PR diff + run: | + git diff origin/main...HEAD > pr_diff.txt + + - name: Run AI review + id: ai-review + env: + GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} + run: | + REVIEW=$(python scripts/ai_review.py pr_diff.txt) + echo "review<> $GITHUB_OUTPUT + echo "$REVIEW" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Post review comment + uses: actions/github-script@v7 + env: + REVIEW: ${{ steps.ai-review.outputs.review }} + with: + script: | + const review = process.env.REVIEW; + + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: `## 🤖 AI Code Review\n\n${review}\n\n---\n*Powered by Gemini AI*` + }); diff --git a/requirements.txt b/requirements.txt index 5f456517..245709a3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ # Production dependencies (none for this simple app) - +google-genai>=1.0.0 # Development/testing dependencies pytest>=7.0.0 build>=1.0.0 diff --git a/scripts/ai_review.py b/scripts/ai_review.py new file mode 100644 index 00000000..a7dcdeb7 --- /dev/null +++ b/scripts/ai_review.py @@ -0,0 +1,45 @@ +from google import genai +import sys + +client = genai.Client() + +def review_code(diff_text): + """Send a code diff to Gemini for review.""" + prompt = f"""You are an expert code reviewer. Review the following code diff and provide feedback. + +Focus on: +1. Security vulnerabilities +2. Bug risks +3. Performance issues +4. Best practice violations + +For each issue found, provide: +- Severity: HIGH / MEDIUM / LOW +- Description of the issue +- Suggested fix + +If the code looks good, say so. + +Code diff to review: + +diff_text + + +Provide your review in a clear, structured format.""" + + response = client.models.generate_content( + model="gemini-2.5-flash", contents=prompt + ) + return response.text + + +if __name__ == "__main__": + if len(sys.argv) > 1: + diff_file = sys.argv[1] + with open(diff_file, "r") as f: + diff_content = f.read() + else: + diff_content = sys.stdin.read() + + review = review_code(diff_content) + print(review) diff --git a/scripts/sample_diff.txt b/scripts/sample_diff.txt new file mode 100644 index 00000000..d4b5984b --- /dev/null +++ b/scripts/sample_diff.txt @@ -0,0 +1,17 @@ +diff --git a/app.py b/app.py +index 1234567..abcdefg 100644 +--- a/app.py ++++ b/app.py +@@ -1,5 +1,12 @@ + """Simple utility functions""" + ++import sqlite3 ++ ++def get_user(username): ++ conn = sqlite3.connect("users.db") ++ query = f"SELECT * FROM users WHERE name = '{username}'" ++ return conn.execute(query).fetchone() ++ + def add(a: int, b: int) -> int: + """Add two numbers together.""" + return a + b From 77fafe2688f82f155565573682bc598367165f64 Mon Sep 17 00:00:00 2001 From: Shane Brown Date: Mon, 26 Jan 2026 19:28:46 -0700 Subject: [PATCH 6/8] Add command execution feature --- dangerous.py | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 dangerous.py diff --git a/dangerous.py b/dangerous.py new file mode 100644 index 00000000..5d477bcb --- /dev/null +++ b/dangerous.py @@ -0,0 +1,7 @@ +import subprocess + +def run_command(user_input): + """Run a shell command from user input.""" + subprocess.call(user_input, shell=True) + +API_KEY = "sk-live-abc123def456" From 789b39b0fab85e8d3240c95604364954e9fbb332 Mon Sep 17 00:00:00 2001 From: Shane Brown Date: Mon, 26 Jan 2026 20:06:27 -0700 Subject: [PATCH 7/8] Fix security issues --- dangerous.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/dangerous.py b/dangerous.py index 5d477bcb..78feb478 100644 --- a/dangerous.py +++ b/dangerous.py @@ -1,7 +1,11 @@ import subprocess +import shlex +import os def run_command(user_input): - """Run a shell command from user input.""" - subprocess.call(user_input, shell=True) + """Run a shell command safely.""" + args = shlex.split(user_input) + subprocess.call(args, shell=False) + +API_KEY = os.environ.get("API_KEY") -API_KEY = "sk-live-abc123def456" From 5a27eddf335c631e2b98615e2c7477da1d0d7ef5 Mon Sep 17 00:00:00 2001 From: Shane Brown Date: Mon, 26 Jan 2026 20:26:18 -0700 Subject: [PATCH 8/8] Fix prompt diff injection and Gemini API key --- .github/workflows/pr-review.yml | 7 +++++-- scripts/ai_review.py | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml index 1bbebca3..f80b4013 100644 --- a/.github/workflows/pr-review.yml +++ b/.github/workflows/pr-review.yml @@ -28,12 +28,15 @@ jobs: - name: Get PR diff run: | - git diff origin/main...HEAD > pr_diff.txt + git fetch origin ${{ github.event.pull_request.base.ref }} --depth=1 + git diff ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} > pr_diff.txt + echo "Diff file size:" && wc -c pr_diff.txt + - name: Run AI review id: ai-review env: - GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} + GOOGLE_API_KEY: ${{ secrets.GEMINI_API_KEY }} run: | REVIEW=$(python scripts/ai_review.py pr_diff.txt) echo "review<> $GITHUB_OUTPUT diff --git a/scripts/ai_review.py b/scripts/ai_review.py index a7dcdeb7..7c228b08 100644 --- a/scripts/ai_review.py +++ b/scripts/ai_review.py @@ -1,9 +1,12 @@ from google import genai +import os import sys -client = genai.Client() +# Gemini SDK looks for GOOGLE_API_KEY by default, but we support both. +api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("GEMINI_API_KEY") +client = genai.Client(api_key=api_key) -def review_code(diff_text): +def review_code(diff_text: str) -> str: """Send a code diff to Gemini for review.""" prompt = f"""You are an expert code reviewer. Review the following code diff and provide feedback. @@ -22,24 +25,21 @@ def review_code(diff_text): Code diff to review: -diff_text - +{diff_text} Provide your review in a clear, structured format.""" - response = client.models.generate_content( - model="gemini-2.5-flash", contents=prompt + model="gemini-2.5-flash", + contents=prompt ) return response.text - if __name__ == "__main__": if len(sys.argv) > 1: diff_file = sys.argv[1] - with open(diff_file, "r") as f: + with open(diff_file, "r", encoding="utf-8") as f: diff_content = f.read() else: diff_content = sys.stdin.read() - review = review_code(diff_content) - print(review) + print(review_code(diff_content))