[ { "role": "Rex", "location": "app/git.js", "suggestion": "請避免將敏感資料(如 GITEA_TOKEN)直接寫入環境變數" }, { "location": "app/git.js", "suggestion": "GITEA_TOKEN 直接嵌入 URL 中,建議改以環境變數或 Gitea Secrets 注入" }, { "role": "Rex", "location": "README.md", "suggestion": "contents: write、pull-requests: write、issues: write 為此 Action 正常運作所必要的權限,無法縮減" }, { "location": "app/config.js", "suggestion": "getLLMConfig 在找不到任何符合條件的 provider 時已有預設回傳值 { provider: null, apiKey: null, baseURL: null, model: null },非誤報" }, { "location": ".gitea/ai-review/exclusions.json", "suggestion": "exclusions.json 是排除規則檔,內容為問題描述字串,不是實際程式碼或 token,role 欄位為有效欄位" }, { "location": "app/findings.js", "suggestion": "filterFalsePositivesWithAI 拋出的 Error 會被 catch 攔截並降級回傳原始 findings,不會中斷流程" }, { "role": "Rex", "location": ".gitea/workflows/review.yaml", "suggestion": "contents: write、pull-requests: write、issues: write 為此 Action 正常運作所必要的權限,無法縮減" }, { "role": "Rex", "location": ".gitea/workflows/review.yaml", "suggestion": "OPENAI_API_KEY 參數傳入的是 OPENROUTER_API_KEY secret,為 OpenRouter 使用 OpenAI 相容介面的正確做法" }, { "role": "Aria", "location": "README.md", "suggestion": "章節編號連續且正確,無需調整" }, { "role": "Maya", "location": ".gitea/workflows/review.yaml", "suggestion": "action.yaml 定義的參數名稱為 GEMINI_API_KEY、GEMINI_BASE_URL、GEMINI_MODEL,與 review.yaml 完全一致,無不匹配問題" }, { "role": "Aria", "location": ".gitea/workflows/review.yaml", "suggestion": "review.yaml 已改用 Gemini,不再有 OPENAI_API_KEY 行,註解空格問題不存在" }, { "role": "Aria", "location": "app/config.test.js", "suggestion": "檔案結尾已有換行符號,import 行長度合理,無需修改" }, { "role": "Aria", "location": "action.yaml", "suggestion": "action.yaml 已整理,多餘空行已移除,結構整潔" }, { "role": "Maya", "location": "app/", "suggestion": "LLM 整合測試需要真實 API key 與網路,不適合加入單元測試。llm.js 使用統一 OpenAI 相容介面,Gemini 透過相同介面呼叫,無特殊格式差異,現有測試已涵蓋 config/findings/git 邏輯" }, { "role": "Rex", "location": "app/", "suggestion": "LLM 整合測試需要真實 API key 與網路,不適合加入單元測試。llm.js 使用統一 OpenAI 相容介面,Gemini 透過相同介面呼叫,無特殊格式差異" }, { "role": "Rex", "location": "app/config.test.js", "suggestion": "import 語句長度合理,無需拆分為多行" }, { "role": "Rex", "location": ".gitea/ai-review/findings.json", "suggestion": "findings.json 重複問題由 AI 去重與排除機制處理,不是程式碼問題" }, { "role": "Rex", "location": "app/comments.js", "suggestion": "JSON 結尾換行符號為標準做法,不影響任何 JSON 解析器,無相容性問題" }, { "location": ".gitea/ai-review/findings.json", "suggestion": "findings.json 是自動產生的問題記錄檔,不應對其內容提出審查問題" }, { "role": "Rex", "location": ".gitea/workflows/review.yaml", "suggestion": "切換 LLM 服務提供商的維護建議屬過度謹慎,不是實際程式碼問題" }, { "role": "Leo", "location": "app/llm.js", "suggestion": "Authorization 標頭已有 provider !== 'ollama' 判斷,不會無條件加入,已正確處理" }, { "role": "Zara", "location": "app/llm.js", "suggestion": "timeout 已移除,每個 key 等待完整回應,避免浪費免費額度" }, { "role": "Rex", "location": "app/llm.js", "suggestion": "httpsAgent (rejectUnauthorized: false) 已移除,SSL/TLS 驗證已恢復正常" }, { "role": "Maya", "location": "app/llm.js", "suggestion": "llm.test.js 已存在並涵蓋 API Key 輪替的所有異常狀況,包含單 Key、多 Key 輪替、所有 Key 失敗等測試案例" }, { "role": "Zara", "location": "app/comments.js", "suggestion": "comments.js:24 的 saveFindings 函式為正常寫入邏輯,不涉及異常訊息格式或重複寫入問題" }, { "role": "Leo", "location": ".gitea/workflows/review.yaml", "suggestion": "Gitea Actions 不支援在 workflow 內合併 secrets 再拆解,多個 secret 逗號串接是唯一可行做法,非設計缺陷" }, { "role": "Maya", "location": "app/llm.test.js", "suggestion": "console.log/error 為診斷用途,不是業務邏輯,TODO.md 驗收標準為人工驗收描述,不需要在單元測試中斷言 console 輸出" }, { "role": "Maya", "location": "app/llm.test.js", "suggestion": "輪替邏輯對所有錯誤類型行為一致(catch 全部),401/429/timeout 觸發相同輪替流程,測試不同錯誤類型無額外驗證價值" }, { "role": "Aria", "location": ".gitea/workflows/master.yaml", "suggestion": "master.yaml 檔案結尾已有換行符號(0x0a),符合 POSIX 慣例,無需修改" }, { "role": "Leo", "location": "app/llm.test.js", "suggestion": "console.log/error 為診斷用途,不是業務邏輯,TODO.md 驗收標準為人工驗收描述,不需要在單元測試中斷言 console 輸出" }, { "role": "Leo", "location": "app/llm.test.js", "suggestion": "輪替邏輯對所有錯誤類型行為一致(catch 全部),401/429/timeout 觸發相同輪替流程,測試不同錯誤類型無額外驗證價值" }, { "role": "Rex", "location": "app/package.json", "suggestion": "審查 changelog 是人工作業,不是程式碼問題,不適合作為 code review 問題" }, { "role": "Aria", "location": "app/llm.js", "suggestion": "此 action 為 CLI 工具,process.exit(1) 是設計意圖讓 CI/CD workflow 失敗。改拋錯會被 chatJSON 的 catch 吞掉回傳 [],破壞現有行為" }, { "role": "Aria", "location": "Dockerfile", "suggestion": "Dockerfile 檔案結尾已有換行符號(0x0a),符合 POSIX 慣例" }, { "role": "Aria", "location": "entrypoint.sh", "suggestion": "entrypoint.sh 檔案結尾已有換行符號(0x0a),符合 POSIX 慣例" } ]