Issue/fix 65#1
Conversation
…risk - Add ReviewerRecommendationAgent (LangGraph, 3 nodes: fetch, risk, recommend) - Deterministic risk scoring: file count, sensitive paths, test coverage, contributor status - CODEOWNERS + commit history expertise profiling for reviewer candidates - LLM-powered ranking with graceful fallback if LLM unavailable - /risk and /reviewers slash commands in PR comments - get_commits_for_file() added to GitHub API client - 46 unit tests covering nodes, formatters, and slash command handling
…issing risk signals
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 33 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 18 Violations Found 🔴 Critical Severity (6)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (3)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (8)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1626 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1626 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py ⚪ Info Severity (1)Validates if files in the event match or don't match a patternNo files available to check against pattern 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 32 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 21 Violations Found 🔴 Critical Severity (6)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (3)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (10)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1637 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1637 > 300) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Validates if the PR has all required labelsMissing required labels: feature-flag Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1637 > 500) Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py ⚪ Info Severity (2)Validates if files in the event match or don't match a patternNo files available to check against pattern Validates if files in the event match or don't match a patternNo files available to check against pattern 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
…ded notifications
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 35 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 21 Violations Found 🔴 Critical Severity (6)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (3)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (10)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1650 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1650 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Validates if the PR has all required labelsMissing required labels: feature-flag Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1650 > 500) Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py ⚪ Info Severity (2)Validates if files in the event match or don't match a patternNo files available to check against pattern Validates if files in the event match or don't match a patternNo files available to check against pattern 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 34 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 21 Violations Found 🔴 Critical Severity (6)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (4)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (8)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1844 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1844 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py ⚪ Info Severity (3)Validates if files in the event match or don't match a patternNo files available to check against pattern Validates if files in the event match or don't match a patternNo files available to check against pattern Validates if files in the event match or don't match a patternNo files available to check against pattern 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 33 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 22 Violations Found 🔴 Critical Severity (8)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (4)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (9)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1848 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Validates if the PR has the minimum number of approvalsPR has 0 approvals, requires 2 Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (1848 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Ensures PRs that modify source code also include a CHANGELOG or .changeset addition.Source code was modified without a corresponding CHANGELOG update. Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py ⚪ Info Severity (1)Validates if files in the event match or don't match a patternNo files available to check against pattern 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
- Assign recommended reviewers to PR via request_reviewers() GitHub API call - Persist contributor expertise profiles to .watchflow/expertise.json with retry on 409 conflict for concurrent PR race condition - Use stored expertise profiles to boost candidates with cross-PR history - Apply time-decay to stale CODEOWNERS owners (no recent commits → +2 not +5) - Scale reviewer count by risk level: low→1, medium→2, high/critical→3 - Infer implicit ownership from Watchflow rule paths when no CODEOWNERS exists - Fix CODEOWNERS team bug: split @org/team slugs from individual @user logins so team slugs go to team_reviewers API field, not reviewers (prevents 422) - Move _REVIEWER_COUNT to module level - Upgrade expertise write failure log to warning with branch protection hint - Add 64 unit tests covering all new behaviors including team/individual split, expertise persistence, time-decay, risk-based count, and rule-inferred ownership Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 32 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 17 Violations Found 🔴 Critical Severity (6)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (3)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (6)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (3297 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (3297 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py ⚪ Info Severity (2)Validates if files in the event match or don't match a patternNo files available to check against pattern Validates if files in the event match or don't match a patternNo files available to check against pattern 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 35 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 14 Violations Found 🔴 Critical Severity (4)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (3)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (6)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (3302 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (3302 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py ⚪ Info Severity (1)Validates if files in the event match or don't match a patternNo files available to check against pattern 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 2 Violations Found 🟠 High Severity (1)Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (1)Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 32 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 18 Violations Found 🔴 Critical Severity (8)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (3)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (7)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (3367 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the current time is within allowed hoursAction attempted outside allowed hours (current: 7:00, allowed: {'allowed_hours': [9, 10, 11, 14, 15, 16], 'timezone': 'Europe/Athens'}) Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (3367 > 300) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
Watchflow: Translation summary (AI rule files)Translation summary:
Could not be translated:
…and 34 more. This comment was automatically posted by Watchflow. |
🛡️ Watchflow Governance ChecksStatus: ❌ 19 Violations Found 🔴 Critical Severity (8)Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['secret', 'password'] detected in src/agents/reviewer_recommendation_agent/nodes.py Detects hardcoded secrets, API keys, or sensitive data in PR diffs.Security-sensitive patterns ['token'] detected in src/integrations/github/api.py 🟠 High Severity (3)When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis When a PR modifies paths that have owners defined in CODEOWNERS, the corresponding code owners must be added as reviewersCode owners for modified paths must be added as reviewers: dkargatzis Requires approvals from members of specific GitHub teams.Missing approvals from required teams: backend, security 🟡 Medium Severity (7)Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (3412 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the current time is within allowed hoursAction attempted outside allowed hours (current: 13:00, allowed: {'allowed_hours': [9, 10, 11, 14, 15, 16], 'timezone': 'Europe/Athens'}) Validates that total lines changed (additions + deletions) in a PR do not exceed a maximum; enforces a maximum LOC per pull request.Pull request exceeds maximum lines changed (3412 > 500) Validates if the PR title matches a specific patternPR title 'Issue/fix 65' does not match required pattern '^feat|^fix|^docs|^style|^refactor|^test|^chore|^perf|^ci|^build|^revert' Validates if the PR has all required labelsMissing required labels: area/, type/ Checks if code changes contain restricted patterns or fail to contain required patterns.Restricted patterns ['# type: ignore'] found in added lines of src/agents/reviewer_recommendation_agent/nodes.py ⚪ Info Severity (1)Validates if files in the event match or don't match a patternNo files available to check against pattern 💡 Reply with Thanks for using Watchflow! It's completely free for OSS and private repositories. You can also self-host it easily. |
1 participant
Implementation Summary - Issue warestack#65
AI-powered reviewer recommendation based on code ownership rules and risk assessment
What was added
New agent: ReviewerRecommendationAgent, LangGraph-based agent with 3 nodes:
Slash commands in PR comments:
Risk signals implemented
Reviewer scoring
GitHub integration
Files changed
Constraints met