feat: add gh_bot_review tool to parse AI bot findings #22

[four-bytes-robby]

Summary

Implements the gh_bot_review supertool that parses AI bot review comments (coderabbitai, cubic-dev-ai, dependabot) on a PR and extracts structured, actionable findings. Enables agents to autonomously respond to bot feedback in the "bot finds → agent checks → bot verifies" cycle.

Parsers

• coderabbitai: Parses inline comment format (In \@`:\n- Line : `) with type classification (peer_dependency, security, nitpick, meta)
• cubic-dev-ai: Parses XML violation format (<file name="..."><violation location="...:N">P1/P2: description</violation></file>)
• dependabot: Parses bump format (Bumps <pkg> from <old> to <new>)

Args

• pr (number, required): PR number to check
• repo (string, optional): owner/repo format (auto-detected from git remote)
• bot (string, optional): Filter by bot name ("coderabbitai", "cubic-dev-ai", "dependabot", default "all")

Output

JSON array of structured BotFinding objects with: bot, type, severity, file, line, description, suggestion, actionable

Test Results

All 29 tests passing across 4 describe blocks:

• parseCodeRabbit: 12 tests — inline findings, multi-file, type classification, meta fallback, edge cases
• parseCubicDev: 7 tests — XML violations, multi-file, severity extraction, edge cases
• parseDependabot: 5 tests — bump parsing, scoped packages, edge cases
• parseBotContent: 5 tests — routing, unknown bot, empty body

Closes #22

---

Summary by cubic

Adds the gh_bot_review tool to parse bot review comments on a PR and return structured JSON findings. Helps agents quickly triage feedback and act on what matters.

• New Features
  • New gh_bot_review tool wired into supertools registry.
  • Parses coderabbitai (inline), cubic-dev-ai (XML), and dependabot (bump) comment formats.
  • Args: pr (required), repo?, bot? filter; reads both PR reviews and issue comments.
  • Returns an array of findings with: bot, type, severity, file, line, description, suggestion, actionable.

^{Written for commit 9687506. Summary will update on new commits.}

Summary by CodeRabbit

• New Features
  • Added a new tool to retrieve and analyze bot-generated review findings from GitHub pull requests.
  • Supports extraction from CodeRabbit, Cubic Dev, and Dependabot review comments.
  • Results are returned as structured data for further processing.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Recent review info

Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 8c8f234b-f2eb-45ed-96ba-24474351c0cf

Commits

Reviewing files that changed from the base of the PR and between 435ba7d and 9687506.

Files selected for processing (3)

• src/four-opencode-supertools.ts
• src/tools/gh-bot-review.ts
• tests/gh-bot-review.test.ts

---

Walkthrough

Walkthrough

A new gh_bot_review tool is added to the plugin. The tool defines a BotFinding interface and implements per-bot parsers for coderabbitai, cubic-dev-ai, and dependabot. The tool fetches PR reviews and issue comments from the GitHub API, routes each comment through the appropriate parser, and returns structured findings as JSON. A unit test suite covers all parsers and the dispatcher.

Changes

gh_bot_review tool implementation

Layer / File(s)	Summary
BotFinding interface and parser implementations src/tools/gh-bot-review.ts	Defines BotFinding interface; implements parseCodeRabbit with regex block/line extraction and keyword-based meta fallback, classifyCoderabbitFinding for type/severity/suggestion derivation, parseCubicDev for XML <file>/<violation> extraction with P1/P2 severity parsing, parseDependabot for bump statement detection, and parseBotContent dispatcher.
ghBotReviewTool schema, execution, and plugin registration src/tools/gh-bot-review.ts, src/four-opencode-supertools.ts	Declares tool schema with pr, optional repo, and optional bot args; resolves repo, fetches PR reviews and issue comments via runGh with jq projections, defensively parses JSON, filters to supported bots, aggregates findings, and returns JSON or status/error strings. Registers the tool as gh_bot_review in the plugin.
Unit tests for parsers and BotFinding shape tests/gh-bot-review.test.ts	Tests parseCodeRabbit inline extraction, multi-file findings, peer-dependency and security classification, meta fallback, and edge cases; tests parseCubicDev XML violation parsing, severity defaulting, and malformed input; tests parseDependabot bump detection, metadata fields, and empty input; tests parseBotContent routing and unknown-bot behavior; verifies BotFinding field shape.

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant ghBotReviewTool
  participant GitHubAPI
  participant parseBotContent

  Caller->>ghBotReviewTool: execute({ pr, repo, bot })
  ghBotReviewTool->>GitHubAPI: GET /repos/{repo}/pulls/{pr}/reviews (jq)
  GitHubAPI-->>ghBotReviewTool: review items[]
  ghBotReviewTool->>GitHubAPI: GET /repos/{repo}/issues/{pr}/comments (jq)
  GitHubAPI-->>ghBotReviewTool: comment items[]
  loop each bot item
    ghBotReviewTool->>parseBotContent: body, username
    parseBotContent-->>ghBotReviewTool: BotFinding[]
  end
  ghBotReviewTool-->>Caller: JSON findings | "no bot findings" | error string

Loading

Estimated code review effort

3 (Moderate) | ~25 minutes

Possibly related issues

• #22 (feat: add gh_bot_review tool to parse AI bot review findings): This PR directly implements the tool specified in this issue, including the tool name, file path, export name, argument schema, supported bots, parsing formats, and structured BotFinding output shape.

Finishing Touches

Generate docstrings

• Create stacked PR
• Commit on current branch

Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/22-gh-bot-review

Simplify code

• Create PR with simplified code
• Commit simplified code in branch feat/22-gh-bot-review

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install timed out. The project may have too many dependencies for the sandbox.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}