{ "schemaVersion": "1.0", "item": { "slug": "gitlab-code-reviewer", "name": "gitlab-code-reviewer", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/Neuyazvimyi/gitlab-code-reviewer", "canonicalUrl": "https://clawhub.ai/Neuyazvimyi/gitlab-code-reviewer", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/gitlab-code-reviewer", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=gitlab-code-reviewer", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "references/review-guidelines.md", "scripts/gitlab_client.py", "scripts/ignore_matcher.py", "scripts/post_comments.py", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "gitlab-code-reviewer", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-12T02:33:05.529Z", "expiresAt": "2026-05-19T02:33:05.529Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=gitlab-code-reviewer", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=gitlab-code-reviewer", "contentDisposition": "attachment; filename=\"gitlab-code-reviewer-1.0.2.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "gitlab-code-reviewer" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/gitlab-code-reviewer" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/gitlab-code-reviewer", "agentPageUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent", "manifestUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent.json", "briefUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "1. Read credentials and check token scope", "body": "Credentials: ~/.openclaw/credentials/gitlab.json\n\n{\n \"token\": \"glpat-xxx\",\n \"host\": \"https://gitlab.com\",\n \"ignore_patterns\": [\"*.min.js\", \"*.lock\", \"forms/*.json\"]\n}\n\nRequired API scopes:\n\napi — required for posting inline comments\nread_api — sufficient for analysis only (no comment posting)\n\nAlways run token check first to know upfront whether comments can be posted:\n\npython scripts/gitlab_client.py check-token \n\nOutput includes \"can_write\": true/false. If false, skip step 6 and inform the user that the token needs the api scope to post comments. Do NOT proceed to analysis and then fail at step 6." }, { "title": "2. Fetch MR metadata and diff", "body": "python scripts/gitlab_client.py fetch-mr \npython scripts/gitlab_client.py fetch-diff \n\nfetch-diff returns a JSON array. Each entry contains new_path, old_path, diff (unified diff text), and boolean flags new_file, deleted_file, renamed_file.\n\nFallback: if the /diffs endpoint returns HTTP 500 (some self-hosted GitLab instances), the script automatically retries via /changes. No manual intervention needed." }, { "title": "3. Filter files", "body": "Use ignore_matcher.py to exclude files before analysis:\n\nfrom ignore_matcher import filter_diffs\nreviewable = filter_diffs(all_diffs) # merges defaults + credentials ignore_patterns\n\nDefault ignore patterns (always applied, even without credentials file):\n*.min.js, *.min.css, *.lock, package-lock.json, pnpm-lock.yaml, forms/*.json\n\nBinary extensions (.png, .jar, .class, .map, etc.) are always skipped." }, { "title": "4. Analyze the diff", "body": "Analyze only modified lines (added/removed in the diff). Do not comment on unchanged context lines.\nIf the total diff is large, process file-by-file and aggregate results.\nRead references/review-guidelines.md for all review rules, severity definitions, and comment format.\n\nFocus areas:\n\nJava / Spring Boot — Clean Code, SOLID, transaction boundaries, lazy loading\nMongoDB — query correctness, index coverage, atomicity\nPostgreSQL — SQL correctness, isolation levels, index/schema migrations\nReact / TypeScript — hooks correctness, type safety, XSS, stale closures" }, { "title": "5. Structure the chat summary", "body": "Group findings by severity:\n\n## Code Review — ()\n\n### Critical\n- `UserService.java:42` — Transaction wraps HTTP call; holds DB lock during network I/O.\n\n### Major\n- `OrderRepository.java:87` — N+1: `findRolesByUserId` called inside loop. Use batch query.\n\n### Minor\n- `PaymentDto.java:15` — Field name `val` is not descriptive.\n\n### Decision: Needs changes\n\nDecision options: Pass / Needs changes / Reject\n\nPass: no Critical or Major findings\nNeeds changes: one or more Major findings, no Critical\nReject: one or more Critical findings" }, { "title": "6. Post inline comments to GitLab", "body": "Only execute this step if check-token (step 1) returned \"can_write\": true.\n\nWrite comments to a temp JSON file, then post via post_comments.py.\nNever use python -c with inline comment bodies — backticks and special characters break shell escaping.\n\n# 1. Write all findings to a JSON file\ncat > /tmp/mr_comments.json << 'EOF'\n[\n {\n \"file_path\": \"src/main/UserService.java\",\n \"line\": 42,\n \"body\": \"[CRITICAL] Transaction wraps HTTP call...\\n\\nSuggestion:\\n```java\\n// fix\\n```\"\n }\n]\nEOF\n\n# 2. Post via script\npython scripts/post_comments.py /tmp/mr_comments.json\n\nHow to determine the correct line number from a diff hunk:\n\n@@ -375,6 +375,8 @@ ← new file starts at line 375\n unchanged line → 375\n unchanged line → 376\n unchanged line → 377\n+ added line → 378 ← use this number\n+ added line → 379\n\nCount from the +A value in @@ -X,Y +A,B @@ for new-file lines.\n\nEach comment body format (from references/review-guidelines.md §8):\n\n[SEVERITY] \n\n<2-4 sentence explanation referencing the diff.>\n\nSuggestion:\n```\n\n\n**Constraints:**\n- Do not auto-approve the MR.\n- Do not add labels or trigger pipelines.\n- Only post comment-type discussions (no approval API calls).\n- If a line is not in the diff, the API returns an error — log it and continue with the next comment.\n- On HTTP 403 `insufficient_scope`, the script stops immediately and prints a fix instruction. Do not retry.\n\n## Behavior Rules\n\n- Strict engineering tone. No emotional language. No generic praise.\n- Analyze only the modified code in the diff. Do not speculate about code outside the diff.\n- Do not log or persist source code content.\n- Respect ignore patterns strictly.\n- For large diffs: process per file, deduplicate similar findings across files before final output.\n\n## References\n\n- **Review rules, severity table, comment format**: `references/review-guidelines.md`\n - §2 Java & Spring Boot (Clean Code, transactions, N+1, concurrency)\n - §3 MongoDB (queries, indexes, atomicity)\n - §4 PostgreSQL (SQL correctness, isolation, migrations)\n - §5 React & TypeScript (hooks, type safety, security)\n - §6 SOLID & DDD alignment\n - §7 Severity classification table\n - §8 Inline comment format template" } ], "body": "GitLab MR Code Review\nWorkflow\n1. Read credentials and check token scope\n\nCredentials: ~/.openclaw/credentials/gitlab.json\n\n{\n \"token\": \"glpat-xxx\",\n \"host\": \"https://gitlab.com\",\n \"ignore_patterns\": [\"*.min.js\", \"*.lock\", \"forms/*.json\"]\n}\n\n\nRequired API scopes:\n\napi — required for posting inline comments\nread_api — sufficient for analysis only (no comment posting)\n\nAlways run token check first to know upfront whether comments can be posted:\n\npython scripts/gitlab_client.py check-token \n\n\nOutput includes \"can_write\": true/false. If false, skip step 6 and inform the user that the token needs the api scope to post comments. Do NOT proceed to analysis and then fail at step 6.\n\n2. Fetch MR metadata and diff\npython scripts/gitlab_client.py fetch-mr \npython scripts/gitlab_client.py fetch-diff \n\n\nfetch-diff returns a JSON array. Each entry contains new_path, old_path, diff (unified diff text), and boolean flags new_file, deleted_file, renamed_file.\n\nFallback: if the /diffs endpoint returns HTTP 500 (some self-hosted GitLab instances), the script automatically retries via /changes. No manual intervention needed.\n\n3. Filter files\n\nUse ignore_matcher.py to exclude files before analysis:\n\nfrom ignore_matcher import filter_diffs\nreviewable = filter_diffs(all_diffs) # merges defaults + credentials ignore_patterns\n\n\nDefault ignore patterns (always applied, even without credentials file): *.min.js, *.min.css, *.lock, package-lock.json, pnpm-lock.yaml, forms/*.json\n\nBinary extensions (.png, .jar, .class, .map, etc.) are always skipped.\n\n4. Analyze the diff\nAnalyze only modified lines (added/removed in the diff). Do not comment on unchanged context lines.\nIf the total diff is large, process file-by-file and aggregate results.\nRead references/review-guidelines.md for all review rules, severity definitions, and comment format.\n\nFocus areas:\n\nJava / Spring Boot — Clean Code, SOLID, transaction boundaries, lazy loading\nMongoDB — query correctness, index coverage, atomicity\nPostgreSQL — SQL correctness, isolation levels, index/schema migrations\nReact / TypeScript — hooks correctness, type safety, XSS, stale closures\n5. Structure the chat summary\n\nGroup findings by severity:\n\n## Code Review — ()\n\n### Critical\n- `UserService.java:42` — Transaction wraps HTTP call; holds DB lock during network I/O.\n\n### Major\n- `OrderRepository.java:87` — N+1: `findRolesByUserId` called inside loop. Use batch query.\n\n### Minor\n- `PaymentDto.java:15` — Field name `val` is not descriptive.\n\n### Decision: Needs changes\n\n\nDecision options: Pass / Needs changes / Reject\n\nPass: no Critical or Major findings\nNeeds changes: one or more Major findings, no Critical\nReject: one or more Critical findings\n6. Post inline comments to GitLab\n\nOnly execute this step if check-token (step 1) returned \"can_write\": true.\n\nWrite comments to a temp JSON file, then post via post_comments.py. Never use python -c with inline comment bodies — backticks and special characters break shell escaping.\n\n# 1. Write all findings to a JSON file\ncat > /tmp/mr_comments.json << 'EOF'\n[\n {\n \"file_path\": \"src/main/UserService.java\",\n \"line\": 42,\n \"body\": \"[CRITICAL] Transaction wraps HTTP call...\\n\\nSuggestion:\\n```java\\n// fix\\n```\"\n }\n]\nEOF\n\n# 2. Post via script\npython scripts/post_comments.py /tmp/mr_comments.json\n\n\nHow to determine the correct line number from a diff hunk:\n\n@@ -375,6 +375,8 @@ ← new file starts at line 375\n unchanged line → 375\n unchanged line → 376\n unchanged line → 377\n+ added line → 378 ← use this number\n+ added line → 379\n\n\nCount from the +A value in @@ -X,Y +A,B @@ for new-file lines.\n\nEach comment body format (from references/review-guidelines.md §8):\n\n[SEVERITY] \n\n<2-4 sentence explanation referencing the diff.>\n\nSuggestion:\n```\n\n\n\n**Constraints:**\n- Do not auto-approve the MR.\n- Do not add labels or trigger pipelines.\n- Only post comment-type discussions (no approval API calls).\n- If a line is not in the diff, the API returns an error — log it and continue with the next comment.\n- On HTTP 403 `insufficient_scope`, the script stops immediately and prints a fix instruction. Do not retry.\n\n## Behavior Rules\n\n- Strict engineering tone. No emotional language. No generic praise.\n- Analyze only the modified code in the diff. Do not speculate about code outside the diff.\n- Do not log or persist source code content.\n- Respect ignore patterns strictly.\n- For large diffs: process per file, deduplicate similar findings across files before final output.\n\n## References\n\n- **Review rules, severity table, comment format**: `references/review-guidelines.md`\n - §2 Java & Spring Boot (Clean Code, transactions, N+1, concurrency)\n - §3 MongoDB (queries, indexes, atomicity)\n - §4 PostgreSQL (SQL correctness, isolation, migrations)\n - §5 React & TypeScript (hooks, type safety, security)\n - §6 SOLID & DDD alignment\n - §7 Severity classification table\n - §8 Inline comment format template" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Neuyazvimyi/gitlab-code-reviewer", "publisherUrl": "https://clawhub.ai/Neuyazvimyi/gitlab-code-reviewer", "owner": "Neuyazvimyi", "version": "1.0.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer", "downloadUrl": "https://openagent3.xyz/downloads/gitlab-code-reviewer", "agentUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent", "manifestUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent.json", "briefUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent.md" } }