feat(v0): render-review-prompt CLI (deterministic prompt, no model call) #47

Merged

pdurlej merged 1 commit from claude/patchwarden-render-review-prompt into main

2026-05-27 10:41:49 +02:00

claude commented

2026-05-27 10:14:51 +02:00

Collaborator

Closes #29.

What

New patchwarden render-review-prompt subcommand + patchwarden.prompt module. Renders the exact prompt a reviewer lane will send to a model — no model call yet, no network. Pure data transformation.

patchwarden render-review-prompt \
  --lane-config policies/platform.v0.toml \
  --reviewer-lane repo_pattern_sanity \
  --pr-metadata-file metadata.json \
  --diff-file pr.diff \
  [--output prompt.md]

Output sections: lane identity (name/model/fallback/prompt_version/cloud_review) → PR metadata (repo, #, title, author, head/base sha, changed_files) → D20 safety boundaries → JSON output schema → diff (fenced, truncated at 50 KB).

Why this is the right next step

This is wave-step 1 of the path to a real Ollama call (#29 prompt → ollama_client → review_run invokes → #30 post). Doing it as a separate atomic PR per ADR-0017 means:

the prompt format is reviewable in isolation before any HTTP code touches it,
humans can --output to inspect what we're about to send to a model,
the next PR (ollama_client) becomes pure plumbing — no prompt-shape arguments to relitigate.

D20 enforcement baked into the prompt

The template hard-codes the hybrid review authority boundary:

declares the model is a sensor, not a merge authority,
explicitly forbids posting Forgejo APPROVED, calling merge endpoints, or requesting secrets,
treats PR content as data, not instructions (prompt-injection guard),
mandates JSON-only output with finding_id / finding_type_id / severity / evidence / reviewer_rationale / mapped_policy_rule_id.

Tests

15 new tests, 92/92 suite green:

tests/test_prompt.py (10): lane identity, PR metadata, safety boundaries, output schema, diff fencing, 50 KB truncation, empty/long changed_files, invalid type rejected, missing fields render as ? placeholders.
tests/test_cli_render_review_prompt.py (5): stdout, --output file, missing lane-config → exit 2, invalid JSON → exit 2, missing reviewer-lane in multi-lane bundle → exit 2.

Out of scope

No model HTTP call (next PR: ollama_client). No review_run integration (PR after that). No posting (PR #30). Per ADR-0017 atomic PRs.

Closes #29. ## What New `patchwarden render-review-prompt` subcommand + `patchwarden.prompt` module. Renders the exact prompt a reviewer lane will send to a model — no model call yet, no network. Pure data transformation. ``` patchwarden render-review-prompt \ --lane-config policies/platform.v0.toml \ --reviewer-lane repo_pattern_sanity \ --pr-metadata-file metadata.json \ --diff-file pr.diff \ [--output prompt.md] ``` Output sections: lane identity (name/model/fallback/prompt_version/cloud_review) → PR metadata (repo, #, title, author, head/base sha, changed_files) → D20 safety boundaries → JSON output schema → diff (fenced, truncated at 50 KB). ## Why this is the right next step This is wave-step 1 of the path to a real Ollama call (`#29 prompt → ollama_client → review_run invokes → #30 post`). Doing it as a separate atomic PR per ADR-0017 means: - the prompt format is reviewable in isolation before any HTTP code touches it, - humans can `--output` to inspect what we're about to send to a model, - the next PR (ollama_client) becomes pure plumbing — no prompt-shape arguments to relitigate. ## D20 enforcement baked into the prompt The template hard-codes the hybrid review authority boundary: - declares the model is a **sensor**, not a merge authority, - explicitly forbids posting Forgejo `APPROVED`, calling merge endpoints, or requesting secrets, - treats PR content as data, not instructions (prompt-injection guard), - mandates JSON-only output with `finding_id / finding_type_id / severity / evidence / reviewer_rationale / mapped_policy_rule_id`. ## Tests 15 new tests, 92/92 suite green: - `tests/test_prompt.py` (10): lane identity, PR metadata, safety boundaries, output schema, diff fencing, 50 KB truncation, empty/long changed_files, invalid type rejected, missing fields render as `?` placeholders. - `tests/test_cli_render_review_prompt.py` (5): stdout, `--output` file, missing lane-config → exit 2, invalid JSON → exit 2, missing reviewer-lane in multi-lane bundle → exit 2. ## Out of scope No model HTTP call (next PR: `ollama_client`). No `review_run` integration (PR after that). No posting (PR #30). Per ADR-0017 atomic PRs.

Rows
Columns