All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
-
Stale PR data in CODEOWNERS checks --
PullRequestEnrichernow re-fetches PR details viaGET /repos/:owner/:repo/pulls/:numbefore buildingevent_data, replacing the webhook payload'srequested_reviewers(and other point-in-time fields) with the current state. Fixes a race where asynchronizewebhook processed just before areview_requestedwebhook would see a stalerequested_reviewerslist and incorrectly flagPathHasCodeOwnerCondition/RequireCodeOwnerReviewersConditionviolations. Falls back to the webhook payload if the refresh fails. -
FilePatternCondition._get_changed_filesimplementation -- Replaced stub that always returned[]with a working implementation that extracts file paths from enriched PR data (changed_fileslist of dicts or plain strings) and push event commits (added/modified/removedarrays with deduplication). Added unit tests covering all extraction paths.
- Blocking sleep in LLM condition -- Replaced
time.sleep()withawait asyncio.sleep()inLLMAssistedretry backoff to avoid freezing the event loop during LLM retries.
-
AI-powered reviewer recommendation --
/reviewersslash command suggests the best reviewers for a PR based on CODEOWNERS ownership, commit history expertise, Watchflow rule severity, and current review load. Supports--forceflag to bypass cooldown. Recommended reviewers are automatically assigned to the PR via the GitHub API. -
PR risk assessment --
/riskslash command posts a detailed risk breakdown (size, sensitive paths, test coverage, contributor history, revert detection, dependency changes, breaking changes, and matched Watchflow rule severity). Applieswatchflow:risk-{level}labels automatically. -
Contributor expertise profiles -- reviewer expertise is persisted to
.watchflow/expertise.jsonacross PRs and used to boost candidates with cross-PR historical ownership. -
CODEOWNERS + rule integration -- CODEOWNERS individual users and
@org/teamentries are handled separately; team slugs are passed to GitHub'steam_reviewersAPI field to prevent 422 errors. When no CODEOWNERS exists, high/critical Watchflow rule path matches infer implicit ownership from commit history. -
Load balancing -- reviewers with heavy recent review queues are penalised; reviewer count scales with risk level (low→1, medium→2, high/critical→3). Stale CODEOWNERS owners (no recent commits) receive a reduced score.
-
Description-diff alignment --
DescriptionDiffAlignmentConditionuses the configured AI provider (OpenAI / Bedrock / Vertex AI) to verify that the PR description semantically matches the actual code changes. First LLM-backed condition in Watchflow; adds ~1-3s latency. Gracefully skips (no violation) if the LLM is unavailable.
- Diff pattern scanning --
DiffPatternConditionchecks added lines in PR diffs against user-defined restricted regex patterns (e.g.console\.log,TODO:). Violations include the filename and matched patterns. - Security pattern detection --
SecurityPatternConditionflags hardcoded secrets, API keys, and sensitive data in PR diffs with CRITICAL severity. Both conditions share a new_PatchPatternConditionbase class to eliminate duplication. - Unresolved review comments gate --
UnresolvedCommentsConditionblocks PR merges when unresolved (non-outdated) review comment threads exist, using GraphQLreviewThreadsdata from the enricher. - Test coverage enforcement --
TestCoverageConditionrequires that PRs modifying source files also touch test files matching a configurable regex pattern (test_file_pattern). - Comment response time SLA --
CommentResponseTimeConditionflags unresolved review threads that have exceeded a configurable hour-based SLA (max_comment_response_time_hours). - Signed commits verification --
SignedCommitsConditionensures all commits in a PR are cryptographically signed (GPG/SSH/S/MIME), for regulated environments that require commit provenance. - Changelog requirement --
ChangelogRequiredConditionblocks PRs that modify source code without a correspondingCHANGELOGor.changesetupdate. - Self-approval prevention --
NoSelfApprovalConditionenforces separation of duties by preventing PR authors from approving their own code (CRITICAL severity). - Cross-team approval --
CrossTeamApprovalConditionrequires approvals from members of specified GitHub teams before merge. Uses a simplifiedrequested_teamscheck (full team-membership resolution via GraphQL is tracked for a future iteration). - Diff parsing utilities -- New
src/rules/utils/diff.pymodule withextract_added_lines,extract_removed_lines, andmatch_patterns_in_patchfor reusable patch analysis. - CODEOWNERS parser -- New
src/rules/utils/codeowners.pywithCodeOwnersParserclass supporting glob-to-regex conversion, owner lookup, and critical-file detection. CODEOWNERS content is now fetched dynamically from the GitHub API instead of reading from disk. - Webhook handlers for review events --
PullRequestReviewEventHandlerandPullRequestReviewThreadEventHandlerre-evaluate PR rules when reviews are submitted/dismissed or threads are resolved/unresolved. - Review thread enrichment --
PullRequestEnrichernow fetchesreviewThreadsvia GraphQL and attaches them to the event context, enablingUnresolvedCommentsConditionandCommentResponseTimeCondition. - Full rule evaluation wiring -- All new conditions are registered in
ConditionRegistry(AVAILABLE_CONDITIONS,RULE_ID_TO_CONDITION) with correspondingRuleIDenum values, violation-text mappings, and human-readable descriptions so they are routed through the fast condition-class evaluation path and support acknowledgment workflows.
- GraphQL client consolidation -- Removed the standalone
graphql_client.pymodule; all GraphQL operations now go through the unifiedGitHubAPIclass with Pydantic-typed response models. - CODEOWNERS fetched from API --
PathHasCodeOwnerConditionandRequireCodeOwnerReviewersConditionnow receive CODEOWNERS content via the event context (fetched by the enricher) rather than reading from the local filesystem. _PatchPatternConditionbase class --DiffPatternConditionandSecurityPatternConditionnow share a common abstract base, reducing ~60 lines of duplicated iteration/matching logic.- Removed redundant
validate()overrides -- Conditions incompliance.pyandaccess_control_advanced.pythat simply delegated toevaluate()now rely onBaseCondition.validate()which does the same thing.
- Fail-closed on invalid regex --
TestCoverageConditionnow returns a violation (andvalidate()returnsFalse) whentest_file_patternis an invalid regex, instead of silently passing. - Consistent file-extension filtering --
TestCoverageCondition.validate()now ignores.txtand.jsonfiles, matching the behavior ofevaluate(). max_hours=0edge case --CommentResponseTimeConditionnow usesif max_hours is Noneinstead ofif not max_hours, so a 0-hour SLA (immediate response required) is correctly enforced.- Overly generic violation mapping key -- Changed the
COMMENT_RESPONSE_TIMEacknowledgment mapping from"exceeded the"to"response SLA"to avoid false matches against unrelated violation text.
- Disabled rule filtering -- Rules with
enabled: falseinrules.yamlare now skipped during loading. - CodeRabbit-style PR comments -- Collapsible
<details>sections for violations, acknowledgment summaries, and check run output. - Watchflow footer -- Branded footer appended to PR comments.
- Severity grouping fix --
INFOseverity rules are now grouped correctly instead of falling back toLOW.
- Default rules aligned with watchflow.dev -- Canonical rule set updated to match the published documentation examples.
max_pr_locparameter alias --MaxPrLocConditionnow acceptsmax_pr_locandmax_changed_linesin addition tomax_lines.- CODEOWNERS reviewer exclusion -- PR author is excluded from the required code-owner reviewers list.
- Legacy rule ID references removed -- Generated PR comments and error
messages no longer expose internal
RuleIDstrings.
- Acknowledgment text matching -- Violation text keys updated to exactly match the messages emitted by conditions.
- GitHub App auth env vars -- Standardized to
APP_CLIENT_ID_GITHUBandAPP_CLIENT_SECRET_GITHUB.
- Event filtering -- Irrelevant GitHub events (e.g. bot-only, label-only) are now dropped before reaching the rule engine, reducing noise and unnecessary LLM calls.
- Deployment status blocking -- Resolved an issue where deployment status events could block without a clear reason.
- Deployment approval gating -- Addressed CodeRabbit feedback on retry logic, falsy checks, and callback URL handling.
- Core event processing infrastructure --
PullRequestProcessor,PushEventProcessor,DeploymentProcessor, andCheckRunProcessorwith enrichment, rule evaluation, and GitHub reporting pipeline. - Task queue with deduplication -- Async
TaskQueuefor enqueuing webhook processing with delivery-ID-based dedup. - Rule engine agent (LangGraph) --
RuleEngineAgentwith a multi-node workflow: analyze rules, select strategy (condition class vs LLM reasoning vs hybrid), execute, and validate. - Acknowledgment agent --
AcknowledgmentAgentparses@watchflow ackcomments and maps violations toRuleIDenum values. - Webhook dispatcher and handlers -- Modular handler registry for
pull_request,push,check_run,deployment,deployment_status,deployment_protection_rule,deployment_review, andissue_commentevents. - Condition-based rule evaluation --
BaseConditionABC withevaluate()(returnslist[Violation]) andvalidate()(legacy bool interface). Initial conditions:TitlePatternCondition,MinDescriptionLengthCondition,RequiredLabelsCondition,MinApprovalsCondition,RequireLinkedIssueCondition,MaxFileSizeCondition,MaxPrLocCondition,FilePatternCondition,PathHasCodeOwnerCondition,RequireCodeOwnerReviewersCondition,CodeOwnersCondition,ProtectedBranchesCondition,NoForcePushCondition,AuthorTeamCondition,AllowedHoursCondition,DaysCondition,WeekendCondition,WorkflowDurationCondition. - Condition registry --
ConditionRegistrywith parameter-pattern matching to automatically wire YAML rule parameters to condition classes. RuleIDenum and acknowledgment system -- Type-safe rule identifiers, violation-text-to-rule mapping, and acknowledgment comment parsing.- Webhook auth -- HMAC-SHA256 signature verification for GitHub webhooks.
- Architectural modernization -- Migrated from monolithic processor to modular event-processor / agent / handler architecture with Pydantic models throughout.
- Documentation overhaul -- All docs aligned with the rule engine architecture, description-based rule format, and supported validation logic.
- Dead code removal -- Cleaned up unused webhook and PR processing code.
- JSON parse errors -- Webhook handler now returns proper error responses on malformed payloads.
- WebhookResponse status normalization -- Consistent status field values across all handlers.
- Repository Analysis Agent --
RepositoryAnalysisAgentwith LangGraph workflow analyzing PR history, contributing guidelines, and repository hygiene. Includes Pydantic models, LLM prompt templates, and API endpoints for rule recommendations. - Diff-aware validators --
diff_pattern,related_tests, andrequired_field_in_diffvalidators with normalized diff metadata and LLM-friendly summaries for PR files. - Feasibility agent validator selection --
FeasibilityAgentnow dynamically chooses validators from a catalog. - AI Immune System metrics -- Repository health scoring with hygiene metrics and structured API responses.
- PR automation -- Automated PR creation from repository analysis recommendations.
- Diff-aware rule presets -- Default rule bundles updated to use the new diff-aware parameters and threading guardrails.
- PR creation 404 prevention -- Proper error handling for
create_git_ref422 responses and repository analysis caching. - Repository analysis reliability -- Improved logging, formatting, and content checks in analysis nodes.
- Multi-provider AI abstraction -- Provider-agnostic
get_chat_model()factory supporting OpenAI, AWS Bedrock, and Google Vertex AI (Model Garden). Registry pattern for provider selection. - Python version compatibility checks -- Pre-commit hook validates syntax against target Python version.
- Provider-agnostic LLM usage -- Replaced direct
ChatOpenAIinstantiation with theget_chat_model()abstraction throughout. - Module restructuring -- Reorganized package layout and updated configuration.
- CODEOWNERS integration -- Initial CODEOWNERS file parsing and contributor analysis.
- Agent architecture enhancements -- Improved consistency and
reliability for
FeasibilityAgentandRuleEngineAgent. - Structured output for FeasibilityAgent -- LLM responses parsed into Pydantic models.
- Testing framework -- Coverage reporting, CI test pipeline, and mocking infrastructure for agents and LLM clients.
- GitHub Pages documentation -- MkDocs site deployed via GitHub Actions.
- FastAPI lifespan -- Replaced deprecated
on_eventhandlers with lifespan context manager. - Description-based rule format -- Rules in YAML now use natural language descriptions matched to conditions.
- CI pipeline -- Python setup, coverage reporting, Codecov auth, MkDocs dependencies.
- Test isolation -- Proper mocking of agent creation, config validation, and LLM client initialization.
- Watchflow AI governance engine -- First open-source release. LangGraph-based rule evaluation for GitHub webhook events (pull requests, pushes, deployments).
- EKS deployment -- Helm chart, Kubernetes manifests, and GitHub Actions workflow for AWS EKS.
- Pre-commit hooks -- Ruff linting and formatting, YAML checks, trailing whitespace, large file detection.
- Development tooling --
uvpackage management, development guides, contributor guidelines.