kodo/reviewer
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5934e082a92b8ad3979f57932d0d852e4a28c495
reviewer/docs/user-guide/limitations-and-best-practices.md
Alexey Efimchik 4a59c2fd4f Added docs folder
2026-03-12 12:03:22 +07:00

44 lines
2.1 KiB
Markdown
Raw Blame History

# Limitations & Best Practices
## Limitations
### Context & Understanding
- **No business logic awareness** — AI only sees code, not product requirements
- **Limited context window** — the model has its own context window, which can hold a limited amount of information.
- **No decision history** — does not store the history of previous executions, only reads existing information in Pull Request.
- **Hallucinations** — may confidently suggest incorrect solutions or non-existent APIs
- **Large PR degradation** — review quality drops significantly for PRs with 1000+ lines changed
### Process Constraints
- **Does not replace humans** — final decision always belongs to the author and human reviewer
- **Slower on large PRs** — response time grows with the size of changes
- **No memory between PRs** — each review starts from scratch with no prior context
- **Trigger dependency** — only runs on configured events (`[no ai]` in title disables it)
## Best Practices
### Writing PRs for Better AI Review
- **Keep PRs small and focused** — one logical change per PR, ideally under 400 lines
- **Write a clear PR description** — explain *what* and *why*, not just *what changed*
- **Add `[no ai]` to title** when the PR is trivial (version bumps, typo fixes, formatting)
- **Split refactoring from feature changes** — mixed PRs confuse both AI and humans
### Working with AI Comments
- **Treat AI comments as suggestions, not mandates** — use your judgment
- **Verify all suggested code** before applying — AI can introduce bugs
- **Use `@kodobot` in comments** to ask follow-up questions about specific lines
- **Don't blindly resolve AI comments** — acknowledge or explain why you disagree
- **Re-trigger review after major changes** by pushing a new commit
### Security
- **Never put secrets in PR descriptions or comments** — AI logs may capture them
- **Store `anthropic_api_key` and `gitea_token` in repository secrets**, not in workflow files
- **Audit AI comments on security-sensitive PRs** (auth, crypto, infra) with extra care
### Team Workflow
- **Establish a policy** on when to override or ignore AI suggestions
Reference in New Issue View Git Blame Copy Permalink