Skip to content

Add review_before_push tool: independent second opinion before commits#97

Open
babyblueviper1 wants to merge 1 commit into
HKUDS:mainfrom
babyblueviper1:add-invinoveritas-review-tool
Open

Add review_before_push tool: independent second opinion before commits#97
babyblueviper1 wants to merge 1 commit into
HKUDS:mainfrom
babyblueviper1:add-invinoveritas-review-tool

Conversation

@babyblueviper1

Copy link
Copy Markdown

Summary

New tool, review_before_push (autoagent/tools/invinoveritas_review.py) — fits alongside get_diff/stage_files/push_changes in github_ops.py. Gets the current diff and sends it to invinoveritas, an independent, model-agnostic second-opinion reviewer, returning a structured verdict (approve / approve_with_concerns / reject) + ranked issues before the agent pushes.

Auto-discovered by the existing import_tools_recursively() in tools/__init__.py — no other files changed.

Free registration (/register) returns an api_key with trial calls per tool; no crypto/payment setup needed to try it.

Verified before submitting

Not a mock — planted a real SQL-injection diff and confirmed the live /review endpoint catches it:

verdict: reject, confidence: 0.95
issue: [blocker] SQL injection vulnerability due to direct interpolation
       of `user_id` into the SQL query -> use parameterized queries

Ran the actual submitted function end-to-end (stubbed context_variables/env.run_command so it doesn't need the full docker/local environment, but the review-calling logic itself is the real, unmodified code) — confirmed output formatting and the two edge cases (no diff to review, INVINOVERITAS_API_KEY unset).

Disclosure

We (invinoveritas) already have a merged PR in HKUDS/Vibe-Trading (#330 — an advisory /review provider follow-up), so this isn't a cold intro — flagging the existing relationship for transparency.

Happy to adjust naming/placement/style to match project conventions more closely.

New tool (autoagent/tools/invinoveritas_review.py), auto-discovered by
the existing import_tools_recursively() mechanism in tools/__init__.py
-- no other files changed.

Fits naturally alongside get_diff/stage_files/push_changes in
github_ops.py: gets the current diff (same git command get_diff() uses),
sends it to invinoveritas (https://api.babyblueviper.com) -- an
independent, model-agnostic reviewer -- and returns a structured verdict
(approve / approve_with_concerns / reject) + ranked issues before the
agent pushes. Free registration returns an api_key with trial calls; no
crypto/payment setup needed to try it.

Verified before submitting (real diff, real live API, not a mock):
- Planted a genuine SQL-injection diff and confirmed the live /review
  endpoint catches it: verdict=reject, confidence=0.95, blocker issue
  with the exact vulnerable line named.
- Ran the actual function file end-to-end (stubbed context_variables/
  env.run_command so it doesn't need the full docker/local environment
  setup, but the review-calling logic itself is the real, unmodified
  code) and confirmed the output formatting, including the two edge
  cases: no diff to review, and INVINOVERITAS_API_KEY unset.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant