# Send gitlab-code-reviewer to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "gitlab-code-reviewer",
    "name": "gitlab-code-reviewer",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/Neuyazvimyi/gitlab-code-reviewer",
    "canonicalUrl": "https://clawhub.ai/Neuyazvimyi/gitlab-code-reviewer",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/gitlab-code-reviewer",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=gitlab-code-reviewer",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "references/review-guidelines.md",
      "scripts/gitlab_client.py",
      "scripts/ignore_matcher.py",
      "scripts/post_comments.py",
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "gitlab-code-reviewer",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-12T02:33:05.529Z",
      "expiresAt": "2026-05-19T02:33:05.529Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=gitlab-code-reviewer",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=gitlab-code-reviewer",
        "contentDisposition": "attachment; filename=\"gitlab-code-reviewer-1.0.2.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "gitlab-code-reviewer"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/gitlab-code-reviewer"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer",
    "downloadUrl": "https://openagent3.xyz/downloads/gitlab-code-reviewer",
    "agentUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent",
    "manifestUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/gitlab-code-reviewer/agent.md"
  }
}
```
## Documentation

### 1. Read credentials and check token scope

Credentials: ~/.openclaw/credentials/gitlab.json

{
  "token": "glpat-xxx",
  "host": "https://gitlab.com",
  "ignore_patterns": ["*.min.js", "*.lock", "forms/*.json"]
}

Required API scopes:

api — required for posting inline comments
read_api — sufficient for analysis only (no comment posting)

Always run token check first to know upfront whether comments can be posted:

python scripts/gitlab_client.py check-token <mr_url>

Output includes "can_write": true/false. If false, skip step 6 and inform the user that the token needs the api scope to post comments. Do NOT proceed to analysis and then fail at step 6.

### 2. Fetch MR metadata and diff

python scripts/gitlab_client.py fetch-mr   <mr_url>
python scripts/gitlab_client.py fetch-diff <mr_url>

fetch-diff returns a JSON array. Each entry contains new_path, old_path, diff (unified diff text), and boolean flags new_file, deleted_file, renamed_file.

Fallback: if the /diffs endpoint returns HTTP 500 (some self-hosted GitLab instances), the script automatically retries via /changes. No manual intervention needed.

### 3. Filter files

Use ignore_matcher.py to exclude files before analysis:

from ignore_matcher import filter_diffs
reviewable = filter_diffs(all_diffs)   # merges defaults + credentials ignore_patterns

Default ignore patterns (always applied, even without credentials file):
*.min.js, *.min.css, *.lock, package-lock.json, pnpm-lock.yaml, forms/*.json

Binary extensions (.png, .jar, .class, .map, etc.) are always skipped.

### 4. Analyze the diff

Analyze only modified lines (added/removed in the diff). Do not comment on unchanged context lines.
If the total diff is large, process file-by-file and aggregate results.
Read references/review-guidelines.md for all review rules, severity definitions, and comment format.

Focus areas:

Java / Spring Boot — Clean Code, SOLID, transaction boundaries, lazy loading
MongoDB — query correctness, index coverage, atomicity
PostgreSQL — SQL correctness, isolation levels, index/schema migrations
React / TypeScript — hooks correctness, type safety, XSS, stale closures

### 5. Structure the chat summary

Group findings by severity:

## Code Review — <MR title> (<source_branch> → <target_branch>)

### Critical
- \`UserService.java:42\` — Transaction wraps HTTP call; holds DB lock during network I/O.

### Major
- \`OrderRepository.java:87\` — N+1: \`findRolesByUserId\` called inside loop. Use batch query.

### Minor
- \`PaymentDto.java:15\` — Field name \`val\` is not descriptive.

### Decision: Needs changes

Decision options: Pass / Needs changes / Reject

Pass: no Critical or Major findings
Needs changes: one or more Major findings, no Critical
Reject: one or more Critical findings

### 6. Post inline comments to GitLab

Only execute this step if check-token (step 1) returned "can_write": true.

Write comments to a temp JSON file, then post via post_comments.py.
Never use python -c with inline comment bodies — backticks and special characters break shell escaping.

# 1. Write all findings to a JSON file
cat > /tmp/mr_comments.json << 'EOF'
[
  {
    "file_path": "src/main/UserService.java",
    "line": 42,
    "body": "[CRITICAL] Transaction wraps HTTP call...\\n\\nSuggestion:\\n\`\`\`java\\n// fix\\n\`\`\`"
  }
]
EOF

# 2. Post via script
python scripts/post_comments.py <mr_url> /tmp/mr_comments.json

How to determine the correct line number from a diff hunk:

@@ -375,6 +375,8 @@       ← new file starts at line 375
     unchanged line          → 375
     unchanged line          → 376
     unchanged line          → 377
+    added line              → 378  ← use this number
+    added line              → 379

Count from the +A value in @@ -X,Y +A,B @@ for new-file lines.

Each comment body format (from references/review-guidelines.md §8):

[SEVERITY] <one-line issue>

<2-4 sentence explanation referencing the diff.>

Suggestion:
\`\`\`<language>
<corrected snippet>

**Constraints:**
- Do not auto-approve the MR.
- Do not add labels or trigger pipelines.
- Only post comment-type discussions (no approval API calls).
- If a line is not in the diff, the API returns an error — log it and continue with the next comment.
- On HTTP 403 \`insufficient_scope\`, the script stops immediately and prints a fix instruction. Do not retry.

## Behavior Rules

- Strict engineering tone. No emotional language. No generic praise.
- Analyze only the modified code in the diff. Do not speculate about code outside the diff.
- Do not log or persist source code content.
- Respect ignore patterns strictly.
- For large diffs: process per file, deduplicate similar findings across files before final output.

## References

- **Review rules, severity table, comment format**: \`references/review-guidelines.md\`
  - §2 Java & Spring Boot (Clean Code, transactions, N+1, concurrency)
  - §3 MongoDB (queries, indexes, atomicity)
  - §4 PostgreSQL (SQL correctness, isolation, migrations)
  - §5 React & TypeScript (hooks, type safety, security)
  - §6 SOLID & DDD alignment
  - §7 Severity classification table
  - §8 Inline comment format template
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: Neuyazvimyi
- Version: 1.0.2
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-05-12T02:33:05.529Z
- Expires at: 2026-05-19T02:33:05.529Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/gitlab-code-reviewer)
- [Send to Agent page](https://openagent3.xyz/skills/gitlab-code-reviewer/agent)
- [JSON manifest](https://openagent3.xyz/skills/gitlab-code-reviewer/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/gitlab-code-reviewer/agent.md)
- [Download page](https://openagent3.xyz/downloads/gitlab-code-reviewer)