engineering-code-review

> Reviews PRs against style guide, security policy, and test coverage. Catches ~70% of issues before human reviewer time.

Reference agent in the Engineering Reference Workforce, shipped as Apache 2.0 source under reference-agents/. Like every ARX reference agent, this is a demonstrator — customers fork, modify, or replace it. What stays is the governance layer underneath (scoped credentials, manager approval, hash-chained personnel record, defined termination).

What it does

Given a list of PRs:

1. Pulls the relevant context through ARX-governed connectors
2. Applies the code review logic
3. Returns a structured review for human review (or auto-action

if within declared low-risk scope)

1. Streams every action to the customer's hash-chained personnel record

Governance posture

Every action this agent takes is intercepted by ARX:

• Onboarding — credentials issued at runtime, scoped per-call, never embedded
• Supervision — writes to github, gitlab require manager approval
• Evaluation — drift detection against manifests/job_description.yaml
• Records — every action lands in the customer's S3 personnel-record bucket
• Termination — one-button revoke + halt + exit attestation

Endpoints

| Method | Path | Description | | ------ | ----------- | ----------- | | POST | /act | Plan a code review pass against a list of PRs | | POST | /execute | Execute the plan, return the resulting reviews | | GET | /status | Liveness + manifest sha256 |

Run locally

``bash cd reference-agents/engineering-code-review python3 -m venv .venv && source .venv/bin/activate pip install -r requirements.txt uvicorn app.main:app --reload --port 8100 ``

``bash curl -s -X POST http://127.0.0.1:8100/execute \ -H 'content-type: application/json' \ -d @examples/request.json | jq . ``