Skip to content

feat(bots): onboard reviewer-bot to pinned databricks-bot-engine#862

Open
eric-wang-1990 wants to merge 5 commits into
mainfrom
onboard-bot-engine
Open

feat(bots): onboard reviewer-bot to pinned databricks-bot-engine#862
eric-wang-1990 wants to merge 5 commits into
mainfrom
onboard-bot-engine

Conversation

@eric-wang-1990

Copy link
Copy Markdown

Summary

Onboards this repo's PR reviewer bot to the upstream
databricks/databricks-bot-engine
using the documented consumer model — a pinned engine SHA + the engine's
reusable workflows — replacing the vendored copy under scripts/. The engine
becomes the single source of truth (matching the databricks-driver-test
consumer).

Design doc: docs/superpowers/specs/2026-07-14-onboard-bot-engine-design.md.

What changed

  • reviewer-bot.yml / reviewer-bot-followup.yml rewritten as thin
    on: + uses: + secrets: callers of the engine's
    reviewer-bot.reusable.yml / reviewer-bot-followup.reusable.yml, pinned to
    engine SHA d780b2da60bb1ac68bb5cd1acb7cabf495b3ff2d (used in both the
    uses: ref and engine-ref:). The engine now owns the fork/open-PR security
    gate, App-token mint, engine/SDK install, MODEL_ENDPOINT construction, and
    loop-prevention — ~250 lines of hand-rolled logic removed.
  • Trigger policy unchanged: every non-fork PR (no label gate).
  • .bot/prompts/review/system.md — repo-specific additive review guidance
    appended to the engine-owned base prompt. (Verified against the engine source
    at the pinned SHA: the consumer file is additive/optional, not the entire
    prompt as the engine README states.)
  • Removed vendored bot code: scripts/reviewer_bot/, scripts/shared/,
    scripts/__init__.py, scripts/requirements-sdk.txt, the reviewer-bot
    unit-tests workflow (its tests import the deleted modules), the
    setup-claude-sdk action, and sdk-smoke.yml (its only consumer).
    setup-jfrog is kept — still used by kernel-e2e + setup-poetry.

⚠️ Required before this works — new secrets

The maintainer must add two repo/org secrets before enabling:

Secret Status Purpose
REVIEW_BOT_APP_ID exists mint bot App token
REVIEW_BOT_APP_PRIVATE_KEY exists "
DATABRICKS_TOKEN exists model auth
DATABRICKS_HOST NEW (replaces MODEL_ENDPOINT) engine builds MODEL_ENDPOINT from it
BOT_ENGINE_PAT NEW read access to the (private) engine repo for REF-mode install

The old MODEL_ENDPOINT secret is no longer consumed.

Verification

  • Both workflow YAMLs parse; no dangling references to any deleted path remain
    (grep clean).
  • Not yet exercised end-to-end: the reusable uses: against the private
    engine repo can't fully resolve in CI until BOT_ENGINE_PAT + DATABRICKS_HOST
    are provisioned. A real review runs on the first non-fork PR after secrets are
    added. This PR is not claimed verified end-to-end.

Rollout

  1. Merge.
  2. Add DATABRICKS_HOST + BOT_ENGINE_PAT secrets.
  3. First non-fork PR exercises the reviewer.
  4. Future engine updates: bump the SHA in both uses: and engine-ref: in
    lockstep across both workflows.

This pull request and its description were written by Isaac.

First of a stacked series migrating the PR-review bot from
databricks-driver-test to this repo. This PR adds only the task-agnostic
foundation (no bot logic, nothing runs on PRs yet):

- scripts/shared/ — the common agent engine (Claude Agent SDK loop/transport,
  security guard, markers, threads, github/git ops). Self-contained; 94 unit
  tests pass under scripts/shared/tests.
- scripts/__init__.py — makes `scripts` importable for `python -m scripts.*`.
- scripts/requirements-sdk.txt — the claude-agent-sdk pin.
- .github/actions/setup-claude-sdk + setup-jfrog — install the SDK (pip) + CLI
  (npm) through Databricks' internal JFrog mirror (the protected runner is
  egress-blocked from pypi.org/npmjs.org).
- .github/workflows/sdk-smoke.yml — manual smoke verifying the SDK/CLI install
  on this repo's runner.

Co-authored-by: Isaac
Signed-off-by: Eric Wang <e.wang@databricks.com>
Second of the stacked reviewer-bot migration. Vendors scripts/reviewer_bot/
(the review loop, finalize_review tool, v2 posting, dedup/reconcile, severity,
validate_findings, observer) and adapts the repo-specific surface for this
Python connector:

- prompts.py: retarget to databricks-sql-python; cite CONTRIBUTING.md (PEP 8 /
  100-char lines, DCO) + README.md; drop the csharp driver-source section,
  specs/*.yaml alignment rules, and CLAUDE.md/.claude landmarks (none here).
  Trim the user-prompt template to PR/diff/open-threads/repo-conventions.
- gather_context.aggregate_repo_rules: read CONTRIBUTING.md (this repo's
  conventions doc) instead of CLAUDE.md/.claude/specs/per-driver files.
- Exploration (read_paths/grep) roots at the PR's own checkout — no driver
  clone (that path is csharp-conditional and never fires here).

Adds .github/workflows/reviewer-bot-unit-tests.yml (protected runner +
setup-poetry + pytest; no secrets — SDK import is guarded). 361 reviewer +
shared tests pass.

The csharp-conditional dead paths (run_review driver-clone, list_driver_source,
the fake_repo/fake_driver_tree fixtures) are left in place for a follow-up
cleanup PR — they never execute on this repo.

Co-authored-by: Isaac
Signed-off-by: Eric Wang <e.wang@databricks.com>
Third of the stacked reviewer-bot migration. Adds the live workflows that run
the bot on PRs:

- reviewer-bot.yml — reviews on pull_request (opened/synchronize/reopened/
  ready_for_review) + manual workflow_dispatch (dry-run capable). Fork-guarded;
  protected runner; mints a peco-review-bot App token; setup-claude-sdk for the
  SDK/CLI install. Reads/explores the PR's own checkout (no driver clone).
- reviewer-bot-followup.yml — responds to pull_request_review_comment with the
  cheap pre-checkout filter + the marker-based loop guards.

Adapted from the driver-test workflows: removed the driver-repo clone auth
(INTEGRATION_TEST_APP_TOKEN — N/A here) and made MODEL_ENDPOINT a secret rather
than a hardcoded workspace URL.

PREREQS (these workflows stay inert until provided):
  - peco-review-bot GitHub App installed on this repo (Pull requests / Issues /
    Contents: Read & Write).
  - Secrets: REVIEW_BOT_APP_ID, REVIEW_BOT_APP_PRIVATE_KEY, MODEL_ENDPOINT;
    DATABRICKS_TOKEN authorized for that serving endpoint.

Co-authored-by: Isaac
Signed-off-by: Eric Wang <e.wang@databricks.com>
Replace the vendored reviewer-bot (scripts/reviewer_bot + scripts/shared)
with thin callers of the databricks-bot-engine reusable workflows, pinned
to engine SHA d780b2da60bb1ac68bb5cd1acb7cabf495b3ff2d and installed in
REF mode. The engine is now the single source of truth.

- reviewer-bot.yml / reviewer-bot-followup.yml: rewritten as on/uses/secrets
  callers of reviewer-bot.reusable.yml / reviewer-bot-followup.reusable.yml.
  The engine owns the fork/open-PR security gate, App-token mint, engine
  install, MODEL_ENDPOINT construction, and loop-prevention.
- Trigger policy unchanged: every non-fork PR (no label gate).
- .bot/prompts/review/system.md: repo-specific ADDITIVE guidance appended to
  the engine-owned reviewer base prompt (verified against the engine source at
  the pinned SHA: additive/optional, not the whole prompt).
- Remove vendored bot code (scripts/reviewer_bot, scripts/shared,
  scripts/__init__.py, scripts/requirements-sdk.txt), the reviewer-bot unit
  tests workflow (tests import the deleted modules), the setup-claude-sdk
  action and sdk-smoke.yml (its only consumer). setup-jfrog is kept (used by
  kernel-e2e + setup-poetry).

New secrets required before enabling: DATABRICKS_HOST (replaces MODEL_ENDPOINT)
and BOT_ENGINE_PAT (read access to the private engine repo).

Co-authored-by: Isaac
Copilot AI review requested due to automatic review settings July 15, 2026 06:39

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants