feat(bots): onboard reviewer-bot to pinned databricks-bot-engine#862
Open
eric-wang-1990 wants to merge 5 commits into
Open
feat(bots): onboard reviewer-bot to pinned databricks-bot-engine#862eric-wang-1990 wants to merge 5 commits into
eric-wang-1990 wants to merge 5 commits into
Conversation
First of a stacked series migrating the PR-review bot from databricks-driver-test to this repo. This PR adds only the task-agnostic foundation (no bot logic, nothing runs on PRs yet): - scripts/shared/ — the common agent engine (Claude Agent SDK loop/transport, security guard, markers, threads, github/git ops). Self-contained; 94 unit tests pass under scripts/shared/tests. - scripts/__init__.py — makes `scripts` importable for `python -m scripts.*`. - scripts/requirements-sdk.txt — the claude-agent-sdk pin. - .github/actions/setup-claude-sdk + setup-jfrog — install the SDK (pip) + CLI (npm) through Databricks' internal JFrog mirror (the protected runner is egress-blocked from pypi.org/npmjs.org). - .github/workflows/sdk-smoke.yml — manual smoke verifying the SDK/CLI install on this repo's runner. Co-authored-by: Isaac Signed-off-by: Eric Wang <e.wang@databricks.com>
Second of the stacked reviewer-bot migration. Vendors scripts/reviewer_bot/ (the review loop, finalize_review tool, v2 posting, dedup/reconcile, severity, validate_findings, observer) and adapts the repo-specific surface for this Python connector: - prompts.py: retarget to databricks-sql-python; cite CONTRIBUTING.md (PEP 8 / 100-char lines, DCO) + README.md; drop the csharp driver-source section, specs/*.yaml alignment rules, and CLAUDE.md/.claude landmarks (none here). Trim the user-prompt template to PR/diff/open-threads/repo-conventions. - gather_context.aggregate_repo_rules: read CONTRIBUTING.md (this repo's conventions doc) instead of CLAUDE.md/.claude/specs/per-driver files. - Exploration (read_paths/grep) roots at the PR's own checkout — no driver clone (that path is csharp-conditional and never fires here). Adds .github/workflows/reviewer-bot-unit-tests.yml (protected runner + setup-poetry + pytest; no secrets — SDK import is guarded). 361 reviewer + shared tests pass. The csharp-conditional dead paths (run_review driver-clone, list_driver_source, the fake_repo/fake_driver_tree fixtures) are left in place for a follow-up cleanup PR — they never execute on this repo. Co-authored-by: Isaac Signed-off-by: Eric Wang <e.wang@databricks.com>
Third of the stacked reviewer-bot migration. Adds the live workflows that run
the bot on PRs:
- reviewer-bot.yml — reviews on pull_request (opened/synchronize/reopened/
ready_for_review) + manual workflow_dispatch (dry-run capable). Fork-guarded;
protected runner; mints a peco-review-bot App token; setup-claude-sdk for the
SDK/CLI install. Reads/explores the PR's own checkout (no driver clone).
- reviewer-bot-followup.yml — responds to pull_request_review_comment with the
cheap pre-checkout filter + the marker-based loop guards.
Adapted from the driver-test workflows: removed the driver-repo clone auth
(INTEGRATION_TEST_APP_TOKEN — N/A here) and made MODEL_ENDPOINT a secret rather
than a hardcoded workspace URL.
PREREQS (these workflows stay inert until provided):
- peco-review-bot GitHub App installed on this repo (Pull requests / Issues /
Contents: Read & Write).
- Secrets: REVIEW_BOT_APP_ID, REVIEW_BOT_APP_PRIVATE_KEY, MODEL_ENDPOINT;
DATABRICKS_TOKEN authorized for that serving endpoint.
Co-authored-by: Isaac
Signed-off-by: Eric Wang <e.wang@databricks.com>
Co-authored-by: Isaac
Replace the vendored reviewer-bot (scripts/reviewer_bot + scripts/shared) with thin callers of the databricks-bot-engine reusable workflows, pinned to engine SHA d780b2da60bb1ac68bb5cd1acb7cabf495b3ff2d and installed in REF mode. The engine is now the single source of truth. - reviewer-bot.yml / reviewer-bot-followup.yml: rewritten as on/uses/secrets callers of reviewer-bot.reusable.yml / reviewer-bot-followup.reusable.yml. The engine owns the fork/open-PR security gate, App-token mint, engine install, MODEL_ENDPOINT construction, and loop-prevention. - Trigger policy unchanged: every non-fork PR (no label gate). - .bot/prompts/review/system.md: repo-specific ADDITIVE guidance appended to the engine-owned reviewer base prompt (verified against the engine source at the pinned SHA: additive/optional, not the whole prompt). - Remove vendored bot code (scripts/reviewer_bot, scripts/shared, scripts/__init__.py, scripts/requirements-sdk.txt), the reviewer-bot unit tests workflow (tests import the deleted modules), the setup-claude-sdk action and sdk-smoke.yml (its only consumer). setup-jfrog is kept (used by kernel-e2e + setup-poetry). New secrets required before enabling: DATABRICKS_HOST (replaces MODEL_ENDPOINT) and BOT_ENGINE_PAT (read access to the private engine repo). Co-authored-by: Isaac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Onboards this repo's PR reviewer bot to the upstream
databricks/databricks-bot-engineusing the documented consumer model — a pinned engine SHA + the engine's
reusable workflows — replacing the vendored copy under
scripts/. The enginebecomes the single source of truth (matching the
databricks-driver-testconsumer).
Design doc:
docs/superpowers/specs/2026-07-14-onboard-bot-engine-design.md.What changed
reviewer-bot.yml/reviewer-bot-followup.ymlrewritten as thinon:+uses:+secrets:callers of the engine'sreviewer-bot.reusable.yml/reviewer-bot-followup.reusable.yml, pinned toengine SHA
d780b2da60bb1ac68bb5cd1acb7cabf495b3ff2d(used in both theuses:ref andengine-ref:). The engine now owns the fork/open-PR securitygate, App-token mint, engine/SDK install,
MODEL_ENDPOINTconstruction, andloop-prevention — ~250 lines of hand-rolled logic removed.
.bot/prompts/review/system.md— repo-specific additive review guidanceappended to the engine-owned base prompt. (Verified against the engine source
at the pinned SHA: the consumer file is additive/optional, not the entire
prompt as the engine README states.)
scripts/reviewer_bot/,scripts/shared/,scripts/__init__.py,scripts/requirements-sdk.txt, the reviewer-botunit-tests workflow (its tests import the deleted modules), the
setup-claude-sdkaction, andsdk-smoke.yml(its only consumer).setup-jfrogis kept — still used bykernel-e2e+setup-poetry.The maintainer must add two repo/org secrets before enabling:
REVIEW_BOT_APP_IDREVIEW_BOT_APP_PRIVATE_KEYDATABRICKS_TOKENDATABRICKS_HOSTMODEL_ENDPOINT)MODEL_ENDPOINTfrom itBOT_ENGINE_PATThe old
MODEL_ENDPOINTsecret is no longer consumed.Verification
(grep clean).
uses:against the privateengine repo can't fully resolve in CI until
BOT_ENGINE_PAT+DATABRICKS_HOSTare provisioned. A real review runs on the first non-fork PR after secrets are
added. This PR is not claimed verified end-to-end.
Rollout
DATABRICKS_HOST+BOT_ENGINE_PATsecrets.uses:andengine-ref:inlockstep across both workflows.
This pull request and its description were written by Isaac.