From eb9c02321c394eb3c3a5483ecaccf10d1c3f48fe Mon Sep 17 00:00:00 2001
From: Gunju Kim <gjkim042@gmail.com>
Date: Sun, 22 Feb 2026 12:05:56 +0000
Subject: [PATCH] Add PR reviewer TaskSpawner for automated code review

Add axon-pr-reviewer.yaml to self-development/, providing automated
PR code review using the existing types: ["pulls"] capability. This
addresses the need to replace third-party PR review bots (cubic-dev-ai)
with Axon's own infrastructure.

The reviewer polls for open PRs labeled ok-to-test, checks out the PR
branch, reads the full diff, runs make verify and make test, and posts
a structured review via the GitHub API. It uses Sonnet for cost
efficiency and includes idempotency guards to skip re-reviewing
unchanged PRs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 self-development/README.md             |  27 +++++
 self-development/axon-pr-reviewer.yaml | 148 +++++++++++++++++++++++++
 2 files changed, 175 insertions(+)
 create mode 100644 self-development/axon-pr-reviewer.yaml

diff --git a/self-development/README.md b/self-development/README.md
index 1d604b5f..c0e593cc 100644
--- a/self-development/README.md
+++ b/self-development/README.md
@@ -8,6 +8,7 @@ These TaskSpawners demonstrate how to orchestrate fully autonomous AI workers th
 - Monitor GitHub issues
 - Investigate and fix problems
 - Create or update pull requests
+- Automatically review pull requests
 - Self-review and iterate on feedback
 - Request human input when blocked
 
@@ -130,6 +131,32 @@ kubectl get taskspawner axon-workers -o yaml
 kubectl logs -l job-name=<job-name> -f
 ```
 
+### axon-pr-reviewer.yaml
+
+This TaskSpawner watches for open pull requests labeled `ok-to-test` and automatically reviews them. It is the first self-development spawner to use `types: ["pulls"]`, demonstrating Axon's PR-driven automation capabilities.
+
+**Key features:**
+- Polls for open PRs with the `ok-to-test` label
+- Checks out the PR branch and reads the full diff
+- Evaluates correctness, testing, code quality, security, and API compatibility
+- Runs `make verify` and `make test` as part of the review
+- Posts a structured review via the GitHub API (APPROVE, REQUEST_CHANGES, or COMMENT)
+- Skips re-reviewing PRs that have no new commits since the last review
+- Uses Sonnet for cost efficiency (reviews are read-heavy, not code-generation)
+- TTL of 30 minutes allows re-review when PRs are updated
+
+**Deploy:**
+```bash
+kubectl apply -f self-development/axon-pr-reviewer.yaml
+```
+
+**How the review cycle works:**
+1. A PR is opened and labeled `ok-to-test`
+2. The spawner discovers the PR and creates a review Task
+3. The agent checks out the PR, reads the diff, runs checks, and posts a review
+4. The Task completes and is cleaned up after 30 minutes (TTL)
+5. If the PR is updated (new commits pushed), the spawner creates a new review Task on the next poll
+
 ### axon-fake-user.yaml
 
 This TaskSpawner runs daily to test the developer experience as if you were a new user.
diff --git a/self-development/axon-pr-reviewer.yaml b/self-development/axon-pr-reviewer.yaml
new file mode 100644
index 00000000..90e09203
--- /dev/null
+++ b/self-development/axon-pr-reviewer.yaml
@@ -0,0 +1,148 @@
+apiVersion: axon.io/v1alpha1
+kind: TaskSpawner
+metadata:
+  name: axon-pr-reviewer
+spec:
+  when:
+    githubIssues:
+      types:
+        - pulls
+      state: open
+      labels:
+        - ok-to-test
+      excludeLabels:
+        - axon/needs-input
+  maxConcurrency: 3
+  taskTemplate:
+    workspaceRef:
+      name: axon-agent
+    model: sonnet
+    type: claude-code
+    ttlSecondsAfterFinished: 1800
+    credentials:
+      type: oauth
+      secretRef:
+        name: axon-credentials
+    podOverrides:
+      resources:
+        requests:
+          cpu: "250m"
+          memory: "512Mi"
+          ephemeral-storage: "2Gi"
+        limits:
+          cpu: "1"
+          memory: "2Gi"
+          ephemeral-storage: "2Gi"
+    agentConfigRef:
+      name: axon-dev-agent
+    promptTemplate: |
+      You are a code reviewer for the Axon project (github.com/axon-core/axon).
+      Your job is to review a pull request and leave a thorough, constructive review.
+
+      ---
+      PR #{{.Number}}: {{.Title}}
+      {{.Body}}
+      {{- if .Comments}}
+
+      Existing conversation:
+      {{.Comments}}
+      {{- end}}
+      ---
+
+      ## Instructions
+
+      ### 1. Check if you already reviewed this PR
+      Run: `gh api repos/axon-core/axon/pulls/{{.Number}}/reviews --jq '.[].user.login'`
+      If your review is already present (look for the bot user), check whether
+      the PR has new commits since your last review:
+        - `gh pr view {{.Number}} --json commits --jq '.commits[-1].oid'`
+        - Compare with the commit SHA mentioned in your previous review comment.
+      If there are no new commits since your last review, exit without posting
+      another review. Do NOT re-review unchanged PRs.
+
+      ### 2. Understand the change
+      - Read the PR description carefully.
+      - Check out the PR branch:
+        `gh pr checkout {{.Number}}`
+      - View the full diff against the base branch:
+        `git diff $(gh pr view {{.Number}} --json baseRefName --jq .baseRefName)...HEAD`
+      - Read every changed file in full (not just the diff) to understand context.
+
+      ### 3. Review the code
+      Evaluate the changes against these criteria:
+
+      **Correctness**
+      - Does the code do what the PR description claims?
+      - Are there edge cases, off-by-one errors, or nil pointer risks?
+      - Are error paths handled properly?
+
+      **Testing**
+      - Are there tests for the new/changed behavior?
+      - Do existing tests still pass? Run: `make test`
+      - Are there gaps in test coverage for important paths?
+
+      **Code quality**
+      - Does the code follow existing patterns in the codebase?
+      - Are names clear and consistent with the project conventions?
+      - Is there unnecessary complexity or over-engineering?
+
+      **Security**
+      - Are there any injection risks (command injection, etc.)?
+      - Are secrets or credentials handled safely?
+      - Are RBAC permissions scoped correctly?
+
+      **API compatibility** (if applicable)
+      - Are CRD changes backward compatible?
+      - Are new fields optional with sensible defaults?
+
+      ### 4. Run checks
+      - `make verify` — lint, fmt, vet checks
+      - `make test` — unit tests
+      Report any failures in your review.
+
+      ### 5. Submit your review
+      Post a review using the GitHub API. Use APPROVE if the PR looks good,
+      REQUEST_CHANGES if there are issues that must be fixed, or COMMENT for
+      suggestions that are not blocking.
+
+      Format your review body as:
+
+      ```
+      🤖 **Axon Agent** @gjkim42
+
+      ## Code Review: PR #{{.Number}}
+
+      **Verdict**: APPROVE / REQUEST_CHANGES / COMMENT
+
+      ### Summary
+      <1-2 sentence summary of the change and your assessment>
+
+      ### Findings
+      <Bulleted list of findings, grouped by severity>
+
+      #### Blocking
+      - <issues that must be fixed>
+
+      #### Suggestions
+      - <non-blocking improvements>
+
+      #### Positive
+      - <things done well — be specific>
+
+      *Reviewed at commit: <HEAD commit SHA>*
+      ```
+
+      Submit the review:
+      ```
+      gh api repos/axon-core/axon/pulls/{{.Number}}/reviews \
+        -f event=<APPROVE|REQUEST_CHANGES|COMMENT> \
+        -f body="<review body>"
+      ```
+
+      ### Important guidelines
+      - Be constructive. Explain WHY something is an issue, not just WHAT.
+      - Distinguish between blocking issues and style preferences.
+      - Do NOT push code or modify the PR branch. Review only.
+      - Do NOT nitpick formatting if `make verify` passes.
+      - Include the commit SHA you reviewed so future runs can detect new commits.
+  pollInterval: 3m