gemini-code-assist[bot] commented on code in PR #450: URL: https://github.com/apache/tvm-ffi/pull/450#discussion_r2808229141
########## .claude/skills/tvm-ffi-code-review/SKILL.md: ########## @@ -0,0 +1,239 @@ +<!--- Licensed to the Apache Software Foundation (ASF) under one --> +<!--- or more contributor license agreements. See the NOTICE file --> +<!--- distributed with this work for additional information --> +<!--- regarding copyright ownership. The ASF licenses this file --> +<!--- to you under the Apache License, Version 2.0 (the --> +<!--- "License"); you may not use this file except in compliance --> +<!--- with the License. You may obtain a copy of the License at --> + +<!--- http://www.apache.org/licenses/LICENSE-2.0 --> + +<!--- Unless required by applicable law or agreed to in writing, --> +<!--- software distributed under the License is distributed on an --> +<!--- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --> +<!--- KIND, either express or implied. See the License for the --> +<!--- specific language governing permissions and limitations --> +<!--- under the License. --> + +--- +name: tvm-ffi-code-review +description: Run parallel code reviews using Claude Code and OpenAI Codex reviewers. Produces a unified, prioritized review report with actionable findings from multiple AI models. +disable-model-invocation: true +argument-hint: "[pr | branch:<name> | commit:<sha> | staged | unstaged]" +allowed-tools: Bash(git *), Bash(gh *), Read, Grep, Glob, Task, AskUserQuestion +--- + +# Multi-Model Code Review + +Review code changes using two independent AI reviewers in parallel — **Claude Code** and **OpenAI Codex** — then synthesize their findings into a single prioritized report. + +## Prerequisites + +- **Codex CLI** must be installed and authenticated (`npm install -g @openai/codex` or equivalent). If unavailable, the skill gracefully falls back to Claude-only review. Review Comment:  The prerequisite for the Codex CLI appears to be incorrect. The npm package `@openai/codex` is not an official or widely-used tool, and the original Codex models have been superseded. This instruction is likely to fail for users and should be updated to specify a verifiable tool and a current, available OpenAI model (e.g., a GPT-4 variant) and the correct method to invoke it. ########## .claude/skills/tvm-ffi-code-review/SKILL.md: ########## @@ -0,0 +1,239 @@ +<!--- Licensed to the Apache Software Foundation (ASF) under one --> +<!--- or more contributor license agreements. See the NOTICE file --> +<!--- distributed with this work for additional information --> +<!--- regarding copyright ownership. The ASF licenses this file --> +<!--- to you under the Apache License, Version 2.0 (the --> +<!--- "License"); you may not use this file except in compliance --> +<!--- with the License. You may obtain a copy of the License at --> + +<!--- http://www.apache.org/licenses/LICENSE-2.0 --> + +<!--- Unless required by applicable law or agreed to in writing, --> +<!--- software distributed under the License is distributed on an --> +<!--- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --> +<!--- KIND, either express or implied. See the License for the --> +<!--- specific language governing permissions and limitations --> +<!--- under the License. --> + +--- +name: tvm-ffi-code-review +description: Run parallel code reviews using Claude Code and OpenAI Codex reviewers. Produces a unified, prioritized review report with actionable findings from multiple AI models. +disable-model-invocation: true +argument-hint: "[pr | branch:<name> | commit:<sha> | staged | unstaged]" +allowed-tools: Bash(git *), Bash(gh *), Read, Grep, Glob, Task, AskUserQuestion +--- + +# Multi-Model Code Review + +Review code changes using two independent AI reviewers in parallel — **Claude Code** and **OpenAI Codex** — then synthesize their findings into a single prioritized report. + +## Prerequisites + +- **Codex CLI** must be installed and authenticated (`npm install -g @openai/codex` or equivalent). If unavailable, the skill gracefully falls back to Claude-only review. + +## Step 1: Determine review scope + +Parse `$ARGUMENTS` to determine what to review. If the argument is empty or ambiguous, prompt the user with `AskUserQuestion` to choose a scope. + +### Supported scopes + +| Argument | Diff command | Description | +|----------|-------------|-------------| +| `pr` (default) | `git diff $(git merge-base HEAD <main-branch>)...HEAD` | All changes in the current PR/branch since it diverged from the main branch. Auto-detects the main branch (`main` or `master`). | +| `branch:<name>` | `git diff <name>...HEAD` | Changes relative to the named branch. | +| `commit:<sha>` | `git diff <sha>...HEAD` | Changes since the given commit. | +| `staged` | `git diff --cached` | Only staged (indexed) changes. | +| `unstaged` | `git diff` | Only unstaged working-tree changes. | + +### Scope resolution logic + +1. If `$ARGUMENTS` is empty, default to `pr` scope. +2. If `$ARGUMENTS` matches one of the keywords above, use that scope. +3. If `$ARGUMENTS` looks like a branch name or commit SHA (doesn't match a keyword), treat it as `branch:<arg>` for backward compatibility. +4. If the argument is ambiguous or the ref doesn't exist, ask the user: + +``` +AskUserQuestion: + question: "What would you like to review?" + options: + - "Current PR (all commits since diverging from main)" + - "Against a specific branch" + - "Since a specific commit" + - "Staged changes only" +``` + +### Gather the diff + +Once the scope is resolved, run: + +```bash +git diff --stat <resolved-diff-args> +git diff --unified=5 <resolved-diff-args> +``` + +Store the diff output and the list of changed files. If the diff exceeds ~5000 lines, identify the most critical files and note that the review covers a subset. + +## Step 2: Launch both reviewers in parallel + +Use the **Task** tool to launch **both** reviewers simultaneously — two parallel Task calls in a single response. + +### Claude Code Reviewer + +``` +Task(subagent_type: "claude-code-reviewer", model: "opus") +``` + +- **Model**: Claude Opus 4.6 (`claude-opus-4-6`) with high reasoning effort. +- Prompt the subagent with: + - The full unified diff + - The list of changed files + - The shared review instruction below + +### Codex Code Reviewer + +``` +Task(subagent_type: "codex-code-reviewer") +``` + +- **Model**: GPT-5.3 Codex (`gpt-5.3-codex-xhigh`). Pass this as a model hint in the prompt to the subagent: "Use model gpt-5.3-codex-xhigh for this review." +- Prompt the subagent with: + - The full unified diff + - The list of changed files + - The shared review instruction below + +### Shared review instruction + +Both reviewers receive the **same** instruction so their findings are directly comparable: + +> Review this diff thoroughly. For each finding, provide: severity (critical/high/medium/low/nit), file path, line number, category, description, and a suggested fix or code snippet. +> +> Cover all of the following areas: +> - **Correctness**: Logic errors, off-by-one mistakes, wrong return values, missing edge cases, race conditions +> - **Security**: Injection vulnerabilities, buffer overflows, unsafe deserialization, improper input validation, credential exposure +> - **Performance**: Unnecessary allocations, O(n^2) where O(n) is possible, redundant I/O, missing caching opportunities +> - **API design**: Confusing interfaces, breaking changes, poor naming, missing or misleading documentation +> - **Maintainability**: Dead code, excessive complexity, poor separation of concerns, missing abstractions or premature abstractions +> - **Concurrency**: Data races, deadlocks, unsafe shared state, missing synchronization +> - **Error handling**: Swallowed exceptions, missing error propagation, unclear failure modes, resource leaks +> - **Best practices**: Violations of language idioms, style inconsistencies with the surrounding codebase, deprecated API usage + +> **Optional — Gemini Reviewer**: If a third opinion is desired, also launch `Task(subagent_type: "gemini-code-reviewer")` in the same parallel batch. Requires `gemini` CLI to be installed. + +## Step 3: Present individual reviewer results + +After both reviewers return, print each reviewer's full response **verbatim** under its own heading before any synthesis. This lets the user see the raw output from each model. + +Format: + +```markdown +--- + +## Claude Code Review + +<full response from the claude-code-reviewer subagent, verbatim> + +--- + +## Codex Code Review + +<full response from the codex-code-reviewer subagent, verbatim> + +--- +``` + +If a reviewer failed or was unavailable, print a note in its section explaining why (e.g., "Codex CLI not found — skipped."). + +## Step 4: Synthesize into a unified report + +After presenting individual results, merge their findings into one combined report. + +**Synthesis rules:** +1. **Deduplicate**: If both reviewers flag the same issue (same file, similar line range, same category), merge into a single "consensus" finding — these get elevated confidence. +2. **Sort by severity**: critical > high > medium > low > nit. +3. **Preserve provenance**: Tag each finding with its source (Claude, Codex, or Consensus). +4. **Keep actionable details**: Preserve suggested fixes, code snippets, and unified diff patches. +5. **Note divergences**: If reviewers disagree on severity or approach, present both perspectives. +6. **Graceful degradation**: If one reviewer failed (e.g., Codex CLI not installed), note it and present results from the available reviewer only. + +### Output format + +```markdown +--- + +## Synthesized Code Review Report + +**Scope**: `<scope description>` | **Files changed**: N | **Reviewers**: Claude Code, Codex + +### Consensus Findings +Issues flagged by both reviewers (high confidence): +- **file:line** — description (severity) — suggested fix + +### Critical / High +| # | File:Line | Category | Finding | Source | Suggested Fix | +|---|-----------|----------|---------|--------|---------------| + +### Medium +| # | File:Line | Category | Finding | Source | Suggested Fix | +|---|-----------|----------|---------|--------|---------------| + +### Low / Nits +- ... + +### Reviewer Divergences +Cases where reviewers disagree (if any) — present both perspectives. +``` + +## Step 5: Offer to publish review to GitHub + +After presenting the synthesized report, if the review scope is `pr` and the current branch has an open pull request, offer to publish the review as inline GitHub PR review comments. + +Ask the user: + +``` +AskUserQuestion: + question: "Would you like to publish this review as inline comments on the GitHub PR?" + options: + - "Yes — post as inline review comments" + - "No — keep local only" +``` + +If the user declines, stop here. Otherwise, submit a pull request review with inline comments placed on the relevant diff lines. This requires: + +1. **Detect the PR number and repo**: Run `gh pr view --json number,headRefOid` and `gh repo view --json nameWithOwner -q .nameWithOwner` to get the PR number, head SHA, and `{owner}/{repo}`. +2. **Map findings to diff positions**: For each finding that has a specific file and line number, verify that line appears in the PR diff (`gh pr diff`). Only lines that are part of the diff can receive inline comments. +3. **Build a JSON payload file**: Write the full review payload to a temporary JSON file. **IMPORTANT**: Do NOT use `--field 'comments=[...]'` — `gh api --field` treats array values as strings, causing a 422 error. Always use `--input` with a JSON file instead. +4. **Submit as a single review**: Use the GitHub API with `--input` to submit all comments atomically as one review. + +#### Payload format + +Write a JSON file (e.g., `/tmp/claude/review-payload.json`) with this structure: Review Comment:  Using a hardcoded temporary file path like `/tmp/claude/review-payload.json` is not robust. It can lead to race conditions if the skill is run concurrently or permission errors if the directory doesn't exist. It's safer to generate a unique temporary file path using a utility like `mktemp`. Example: ```bash PAYLOAD_FILE=$(mktemp) gh api ... --input "$PAYLOAD_FILE" # Clean up the temporary file after use rm "$PAYLOAD_FILE" ``` ########## .claude/skills/tvm-ffi-code-review/SKILL.md: ########## @@ -0,0 +1,239 @@ +<!--- Licensed to the Apache Software Foundation (ASF) under one --> +<!--- or more contributor license agreements. See the NOTICE file --> +<!--- distributed with this work for additional information --> +<!--- regarding copyright ownership. The ASF licenses this file --> +<!--- to you under the Apache License, Version 2.0 (the --> +<!--- "License"); you may not use this file except in compliance --> +<!--- with the License. You may obtain a copy of the License at --> + +<!--- http://www.apache.org/licenses/LICENSE-2.0 --> + +<!--- Unless required by applicable law or agreed to in writing, --> +<!--- software distributed under the License is distributed on an --> +<!--- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --> +<!--- KIND, either express or implied. See the License for the --> +<!--- specific language governing permissions and limitations --> +<!--- under the License. --> + +--- +name: tvm-ffi-code-review +description: Run parallel code reviews using Claude Code and OpenAI Codex reviewers. Produces a unified, prioritized review report with actionable findings from multiple AI models. +disable-model-invocation: true +argument-hint: "[pr | branch:<name> | commit:<sha> | staged | unstaged]" +allowed-tools: Bash(git *), Bash(gh *), Read, Grep, Glob, Task, AskUserQuestion +--- + +# Multi-Model Code Review + +Review code changes using two independent AI reviewers in parallel — **Claude Code** and **OpenAI Codex** — then synthesize their findings into a single prioritized report. + +## Prerequisites + +- **Codex CLI** must be installed and authenticated (`npm install -g @openai/codex` or equivalent). If unavailable, the skill gracefully falls back to Claude-only review. + +## Step 1: Determine review scope + +Parse `$ARGUMENTS` to determine what to review. If the argument is empty or ambiguous, prompt the user with `AskUserQuestion` to choose a scope. + +### Supported scopes + +| Argument | Diff command | Description | +|----------|-------------|-------------| +| `pr` (default) | `git diff $(git merge-base HEAD <main-branch>)...HEAD` | All changes in the current PR/branch since it diverged from the main branch. Auto-detects the main branch (`main` or `master`). | +| `branch:<name>` | `git diff <name>...HEAD` | Changes relative to the named branch. | +| `commit:<sha>` | `git diff <sha>...HEAD` | Changes since the given commit. | +| `staged` | `git diff --cached` | Only staged (indexed) changes. | +| `unstaged` | `git diff` | Only unstaged working-tree changes. | + +### Scope resolution logic + +1. If `$ARGUMENTS` is empty, default to `pr` scope. +2. If `$ARGUMENTS` matches one of the keywords above, use that scope. +3. If `$ARGUMENTS` looks like a branch name or commit SHA (doesn't match a keyword), treat it as `branch:<arg>` for backward compatibility. +4. If the argument is ambiguous or the ref doesn't exist, ask the user: + +``` +AskUserQuestion: + question: "What would you like to review?" + options: + - "Current PR (all commits since diverging from main)" + - "Against a specific branch" + - "Since a specific commit" + - "Staged changes only" +``` + +### Gather the diff + +Once the scope is resolved, run: + +```bash +git diff --stat <resolved-diff-args> +git diff --unified=5 <resolved-diff-args> +``` + +Store the diff output and the list of changed files. If the diff exceeds ~5000 lines, identify the most critical files and note that the review covers a subset. + +## Step 2: Launch both reviewers in parallel + +Use the **Task** tool to launch **both** reviewers simultaneously — two parallel Task calls in a single response. + +### Claude Code Reviewer + +``` +Task(subagent_type: "claude-code-reviewer", model: "opus") +``` + +- **Model**: Claude Opus 4.6 (`claude-opus-4-6`) with high reasoning effort. +- Prompt the subagent with: + - The full unified diff + - The list of changed files + - The shared review instruction below + +### Codex Code Reviewer + +``` +Task(subagent_type: "codex-code-reviewer") +``` + +- **Model**: GPT-5.3 Codex (`gpt-5.3-codex-xhigh`). Pass this as a model hint in the prompt to the subagent: "Use model gpt-5.3-codex-xhigh for this review." Review Comment:  The model names `Claude Opus 4.6 (claude-opus-4-6)` and `GPT-5.3 Codex (gpt-5.3-codex-xhigh)` do not correspond to any publicly available models. This is misleading and sets incorrect expectations for users. Please use the official identifiers for current models (e.g., `claude-3-opus-20240229`) or clearly state that these are illustrative placeholders. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
