Skip to content

feat!: drop review and assess tools (ADR-001)#28

Merged
hampsterx merged 2 commits into
masterfrom
feat/trim-review-assess
Apr 26, 2026
Merged

feat!: drop review and assess tools (ADR-001)#28
hampsterx merged 2 commits into
masterfrom
feat/trim-review-assess

Conversation

@hampsterx

@hampsterx hampsterx commented Apr 26, 2026

Copy link
Copy Markdown
Owner

Summary

  • Retire review and assess MCP tools. Caller-supplied prompts via the existing codex tool (sandbox: read-only) or native codex review --base replace both paths.
  • Bridge surface drops to 6 tools: codex, query, search, structured, ping, listSessions.
  • Reasoning + alternatives considered captured in ADR-001.

Breaking change

Tool surface change. Callers using mcp__codex__review / mcp__codex__assess must migrate before upgrading to 0.6.0. Migration paths:

  1. Caller-supplied prompts via mcp__codex__codex with sandbox: "read-only" and a prompt that includes diff context (reference files or inlined diff).
  2. Native CLI: codex review --base <branch> from the host shell.

The assess tool's role was selecting a review depth; without review, those recommendations have no consumer.

Removed

  • src/tools/review.ts, src/tools/assess.ts, plus their tests (review.test.ts, review-prompts.test.ts, review-timeout.test.ts, assess.test.ts)
  • prompts/review-{agentic,agentic-with-serena,focused,quick}.md
  • scripts/serena-test.mjs (review-tool A/B benchmark, no consumer)
  • Review-only env vars in src/utils/env.ts: scanTimeoutMs, focused{Base,PerFile,Cap,Fallback}Ms, deep{Base,PerFile,Fallback}Ms. The only consumer was review.ts. Per-call timeout on the codex tool replaces these for callers that need bounded review runs.

Kept (still load-bearing)

  • getMcpServerOverride() in env.ts: still consumed by codex / query / structured / search.
  • validateBaseRef, parseNumstat, getDiffStat in git.ts: still consumed by the codex tool's caller-supplied diff path.

Changed

  • Version 0.5.1 -> 0.6.0 across package.json, server.json (both fields), and package-lock.json.
  • server.json description shortened to 73 chars to fit the registry's 100-char hard limit.
  • README, DESIGN, AGENTS, SECURITY refreshed to reflect the reduced surface and document both review migration paths.

Review

  • Internal review: skipped (mostly deletions; ADR + external review covered the change).
  • External review: codex agentic-depth (2m17s, exit 0) found 1 finding, package-lock.json version drift (0.5.1 vs 0.6.0). Applied via npm install --package-lock-only, included in this commit.

Changes

31 files changed, +169 / -2830

Test plan

  • npm test, 341/341 pass (re-run after lockfile bump)
  • npm run typecheck clean
  • npm run lint clean
  • npm run build clean; dist/tools/ contains only kept tools
  • External codex review (agentic depth) at HEAD, 1 finding, fixed
  • Post-merge: eyeball npm-rendered README + CHANGELOG once OIDC auto-publish completes (cross-bridge gate before raising claude PR)

Refs: ADR-001, docs/decisions/001-remove-review-and-assess-tools.md

Summary by CodeRabbit

Release Notes

  • Removals

    • Removed review and assess MCP tools. Code review now performed via codex tool with sandbox: "read-only" and user-supplied prompts, or native codex review command.
  • Documentation

    • Updated all documentation to reflect new code review workflow and tool surface.
  • Chores

    • Version bumped to 0.6.0.

Retire `review` (bundled reviewer prompts + depth selector) and `assess`
(diff complexity classifier calibrated to review depths). Caller-supplied
prompts via the existing `codex` tool, or native `codex review --base`,
replace both. Rationale captured in ADR-001.

Removed:
- src/tools/review.ts and src/tools/assess.ts plus their tests
- prompts/review-{agentic,agentic-with-serena,focused,quick}.md
- scripts/serena-test.mjs (review A/B benchmark)
- Review-only env vars: scanTimeoutMs, focused/deep base/per-file/cap/fallback
  timeouts in src/utils/env.ts (only consumer was review.ts)

Changed:
- Tool surface: codex, query, search, structured, ping, listSessions
- Version 0.5.1 -> 0.6.0 (package.json, server.json, package-lock.json)
- README + DESIGN + AGENTS + SECURITY updated to reflect reduced surface
- server.json description shortened to fit 100-char registry limit

Kept (still needed):
- getMcpServerOverride() in env.ts (codex/query/structured/search consumers)
- validateBaseRef, parseNumstat, getDiffStat in git.ts (codex tool path)

Verification: 341/341 vitest, npm run typecheck/lint/build clean,
external codex review (agentic depth) found 1 issue (lockfile version
mismatch) which is fixed.

Refs: docs/decisions/001-remove-review-and-assess-tools.md
@coderabbitai

coderabbitai Bot commented Apr 26, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@hampsterx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 12 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 4 minutes and 12 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 86d2c1ae-b866-420d-818d-3a6420580b59

📥 Commits

Reviewing files that changed from the base of the PR and between 273357b and 8b6a9a8.

📒 Files selected for processing (3)
  • README.md
  • server.json
  • src/index.ts
📝 Walkthrough

Walkthrough

This PR removes the review and assess MCP tools completely from the codebase, including implementations, prompts, annotations, utilities, and tests. Code review functionality is redirected to native codex review --base <branch> or the bridge codex tool with sandbox: "read-only" and caller-supplied review instructions.

Changes

Cohort / File(s) Summary
Documentation Updates
AGENTS.md, CHANGELOG.md, DESIGN.md, README.md, SECURITY.md, docs/decisions/001-remove-review-and-assess-tools.md
Removes all references to review and assess tools. Documents new code review paths: native codex review --base <branch> or bridge codex tool with sandbox: "read-only" and caller-supplied prompts. Adds new ADR documenting the deprecation and migration strategy.
Package Manifests
package.json, server.json
Version bumped to 0.6.0. Package description and keywords updated to remove "review" and clarify "web search". Server tool list updated to enumerate only codex, query, search, structured, ping, listSessions.
Tool Implementations
src/tools/review.ts, src/tools/assess.ts
Complete removal of review and assess tool implementations, including depth modes (scan, focused, deep), timeout scaling, prompt building, complexity classification, and result handling.
Tool Registration & Annotations
src/index.ts, src/annotations.ts
Removes review and assess tool registrations, imports (executeReview, executeAssess), and exports (reviewAnnotations, assessAnnotations). Updates codex tool description to remove review guidance.
Utility Functions
src/utils/env.ts, src/utils/codex-config.ts, src/utils/progress.ts, src/utils/git.ts
Removes review timeout helpers (scanTimeoutMs, focusedBaseMs, focusedCapMs, etc.), willEnableServer function, and updates documentation. Adjusts codex-config and progress heartbeat comments to reference removed tools.
Prompt Templates
prompts/review-agentic.md, prompts/review-agentic-with-serena.md, prompts/review-focused.md, prompts/review-quick.md
Removal of all four review prompt templates that guided agentic review workflows with depth-specific instructions and output schemas.
Scripts & Test Harnesses
scripts/smoke-test.mjs, scripts/serena-test.mjs
Smoke-test script removes review tool execution path and CLI usage documentation. Complete removal of Serena A/B testing harness for review boot-time costs.
Test Suites Removed
tests/tools/review.test.ts, tests/tools/assess.test.ts, tests/tools/review-prompts.test.ts, tests/tools/review-timeout.test.ts
Deletion of all test suites covering review/assess implementations, prompt validation, timeout scaling, and integration scenarios.
Test Updates
tests/tools/annotations.test.ts, tests/tools/descriptions.test.ts, tests/utils/env.test.ts, tests/utils/git.test.ts
Removes reviewAnnotations and assessAnnotations from annotation tests. Deletes review/assess assertions from description tests. Removes willEnableServer test coverage. Minor test name updates.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

  • PR #21 — Directly adds the review/assess tool implementations, annotations, prompts, and env timeout helpers that this PR removes in full reversal.
  • PR #4 — Modifies src/tools/review.ts and src/index.ts (review tool registration and response shape) which are core targets of this removal.
  • PR #9 — Implements the MCP server enablement/per-server grammar and serena-wired review prompts that this PR strips out.

Poem

🐰 Tools once sharp now fade away,
Review and assess find other days,
Codex picks up the banner bright,
Simpler paths, a cleaner light!
Version six hops forth with grace,
Leaving less to clutter the space. 🌟

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and clearly summarizes the main change: removal of the review and assess tools (feat!:) with reference to the corresponding ADR.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/trim-review-assess

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (3)
tests/tools/descriptions.test.ts (1)

54-54: Consider adding query to the description-validation list.

The post-removal public surface is six tools: codex, query, search, structured, ping, listSessions. This array covers five — query is not validated for non-empty / size-bounded description. If query is registered with registerTool("query", …) in src/index.ts, including it here keeps coverage symmetric with the documented surface.

Proposed change
-  const tools = ["codex", "search", "structured", "listSessions", "ping"];
+  const tools = ["codex", "query", "search", "structured", "listSessions", "ping"];
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@tests/tools/descriptions.test.ts` at line 54, The test's tools list is
missing the "query" tool, so update the const tools array used in
descriptions.test.ts to include "query" alongside "codex", "search",
"structured", "listSessions", and "ping" so the description validation
(non-empty and size-bounded checks) covers the full public surface; locate the
const tools declaration and add "query" to the list used by the validation
assertions.
docs/decisions/001-remove-review-and-assess-tools.md (1)

33-35: Optional: make the cross-reference an actual link.

Line 23 uses a relative markdown link to the README anchor, but line 35's "Cross-references" entry is plain text. For consistency and click-through utility:

Proposed change
-- README § Code review with this CLI
+- [README § Code review with this CLI](../../README.md#code-review-with-this-cli)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@docs/decisions/001-remove-review-and-assess-tools.md` around lines 33 - 35,
Replace the plain-text entry under the "Cross-references" heading with an actual
Markdown link that targets the README anchor titled "Code review with this CLI":
change the "README § Code review with this CLI" line to a Markdown link pointing
to the README's "Code review with this CLI" section so readers can click
through; update the line in docs/decisions/001-remove-review-and-assess-tools.md
under the "Cross-references" heading accordingly.
README.md (1)

29-30: Duplicate worktree note within a few sections.

The "-C is broken for codex review, run inside the worktree" advice appears twice in close proximity (lines 29–30 in the bash example, then again at lines 47–49 right after). Consider consolidating to a single mention with the issue link to keep the README tight.

Also applies to: 47-49

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 29 - 30, The README contains a duplicated advisory
about "`-C` is broken for `codex review`, run inside the worktree`" (the bash
example block and the later note); remove the redundant occurrence and keep a
single clear mention (preferably in the bash example) that includes the issue
link, consolidating both instances into one cohesive sentence so the README is
tighter and avoids repetition.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Around line 169-182: The fenced code block in README.md is missing a language
specifier which triggers markdownlint MD040; update the opening fence for the
example block (the triple backticks that currently start the snippet) to include
a language such as "text" or "markdown" (e.g., change ``` to ```text) so
renderers don't apply unintended highlighting; ensure the closing fence remains
``` and that surrounding text (the "Review the following diff:" line) stays
inside the fenced block.

In `@SECURITY.md`:
- Around line 58-60: The README incorrectly states `read-only` is the default
for `sandbox`; update the text to clarify that the Zod schema currently marks
`sandbox` as .optional() with no .default(), and the implementation passes
undefined to the Codex CLI so the upstream CLI's default actually controls
behavior; either (A) change the doc to say "`read-only` (recommended; specify
explicitly for guaranteed read-only mode)" and note that the CLI default is used
when unset, or (B) alter the code to set a concrete default (use Zod
.default('read-only') or explicitly pass 'read-only' to the CLI) so the behavior
is enforced—mention the Zod `sandbox` schema, the use of .optional()/.default(),
and the Codex CLI invocation when making the change.

In `@server.json`:
- Line 4: Update the package description string to accurately list all exposed
tools by name: replace the current value of "description" (the sentence that
lists tools) so it includes: codex, query, search, structured, ping,
listSessions — using the exact tool identifier "listSessions" (not "sessions")
and adding "ping". Ensure the new description text mirrors this exact tool list
for consistency with the bridge's actual exposed tools.

---

Nitpick comments:
In `@docs/decisions/001-remove-review-and-assess-tools.md`:
- Around line 33-35: Replace the plain-text entry under the "Cross-references"
heading with an actual Markdown link that targets the README anchor titled "Code
review with this CLI": change the "README § Code review with this CLI" line to a
Markdown link pointing to the README's "Code review with this CLI" section so
readers can click through; update the line in
docs/decisions/001-remove-review-and-assess-tools.md under the
"Cross-references" heading accordingly.

In `@README.md`:
- Around line 29-30: The README contains a duplicated advisory about "`-C` is
broken for `codex review`, run inside the worktree`" (the bash example block and
the later note); remove the redundant occurrence and keep a single clear mention
(preferably in the bash example) that includes the issue link, consolidating
both instances into one cohesive sentence so the README is tighter and avoids
repetition.

In `@tests/tools/descriptions.test.ts`:
- Line 54: The test's tools list is missing the "query" tool, so update the
const tools array used in descriptions.test.ts to include "query" alongside
"codex", "search", "structured", "listSessions", and "ping" so the description
validation (non-empty and size-bounded checks) covers the full public surface;
locate the const tools declaration and add "query" to the list used by the
validation assertions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b2028fee-d0dc-48d4-9538-aec8a020db45

📥 Commits

Reviewing files that changed from the base of the PR and between 04a578e and 273357b.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (30)
  • AGENTS.md
  • CHANGELOG.md
  • DESIGN.md
  • README.md
  • SECURITY.md
  • docs/decisions/001-remove-review-and-assess-tools.md
  • package.json
  • prompts/review-agentic-with-serena.md
  • prompts/review-agentic.md
  • prompts/review-focused.md
  • prompts/review-quick.md
  • scripts/serena-test.mjs
  • scripts/smoke-test.mjs
  • server.json
  • src/annotations.ts
  • src/index.ts
  • src/tools/assess.ts
  • src/tools/review.ts
  • src/utils/codex-config.ts
  • src/utils/env.ts
  • src/utils/git.ts
  • src/utils/progress.ts
  • tests/tools/annotations.test.ts
  • tests/tools/assess.test.ts
  • tests/tools/descriptions.test.ts
  • tests/tools/review-prompts.test.ts
  • tests/tools/review-timeout.test.ts
  • tests/tools/review.test.ts
  • tests/utils/env.test.ts
  • tests/utils/git.test.ts
💤 Files with no reviewable changes (13)
  • tests/tools/review-prompts.test.ts
  • prompts/review-agentic.md
  • scripts/serena-test.mjs
  • tests/tools/annotations.test.ts
  • src/index.ts
  • tests/tools/assess.test.ts
  • src/tools/assess.ts
  • prompts/review-agentic-with-serena.md
  • prompts/review-focused.md
  • tests/tools/review-timeout.test.ts
  • tests/tools/review.test.ts
  • prompts/review-quick.md
  • src/tools/review.ts

Comment thread README.md Outdated
Comment thread SECURITY.md
Comment thread server.json Outdated
- README.md: add `text` language to fenced code block (markdownlint MD040)
- src/index.ts: enforce `read-only` sandbox default in Zod schema so the
  documented default is no longer reliant on upstream Codex CLI behavior
- server.json: correct registry description to list all 6 exposed tools
  (was missing `ping`, used `sessions` instead of `listSessions`)
@hampsterx hampsterx merged commit 5a220b3 into master Apr 26, 2026
4 checks passed
@hampsterx hampsterx deleted the feat/trim-review-assess branch April 26, 2026 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant