Add AI bloat review advisories

[djm81]

Summary

• Adds advisory, score-neutral ai_bloat review findings through Semgrep rules and a conservative AST runner.
• Adds /specfact.08-simplify prompt support plus packaged policy resources and docs/quickstart callouts.
• Updates pre-commit review reporting so ai_bloat info findings remain visible in JSON without blocking by themselves.

Verification

• hatch run format
• hatch run type-check
• hatch run lint
• hatch run yaml-lint
• hatch run check-bundle-imports
• hatch run validate-prompt-commands
• hatch run verify-modules-signature --payload-from-filesystem --enforce-version-bump
• hatch run contract-test (693 passed, 2 warnings)
• hatch run smart-test (693 passed, 2 warnings)
• hatch run test (693 passed, 2 warnings)
• openspec validate code-review-ai-bloat-detection --strict

Review Gate Note

Full-scope manual review was run with:

SPECFACT_ALLOW_UNSIGNED=1 hatch run specfact code review run --bug-hunt --json --out .specfact/code-review.json --scope full

It still fails because of pre-existing full-repository findings outside this change. Modified-artifact triage is documented in openspec/changes/code-review-ai-bloat-detection/TDD_EVIDENCE.md; after fixes, the only modified-file findings left are existing warnings on run_review complexity/parameter count.

Fixes #269.

[strix-security]

Strix is installed on this repository, but we could not run this PR security review because this workspace does not have an active plan. If you'd like to continue receiving code reviews, you can add a payment method or manage billing here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3388f026-bf20-467b-89f0-8fdf0b3b7c54

📥 Commits

Reviewing files that changed from the base of the PR and between 096c5be and 80f74fa.

📒 Files selected for processing (6)

• docs/modules/code-review.md
• docs/quickstart-ai-bloat.md
• openspec/changes/code-review-ai-bloat-detection/tasks.md
• packages/specfact-code-review/module-package.yaml
• packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py
• tests/unit/test_bundle_resource_payloads.py

✅ Files skipped from review due to trivial changes (1)

• docs/quickstart-ai-bloat.md

📜 Recent review details

🧰 Additional context used

📓 Path-based instructions (6)

packages/**/module-package.yaml

⚙️ CodeRabbit configuration file

packages/**/module-package.yaml: Validate metadata: name, version, commands, dependencies, and parity with packaged src.
Call out semver and signing implications when manifests or payloads change.

Files:

• packages/specfact-code-review/module-package.yaml

docs/**/*.md

⚙️ CodeRabbit configuration file

docs/**/*.md: User-facing and cross-site accuracy: Jekyll front matter, links per documentation-url-contract,
CLI examples matching bundled commands.

Files:

• docs/modules/code-review.md

**/*.{js,ts,tsx,jsx,py,java,cs,go,rb,php,cpp,c,h}

📄 CodeRabbit inference engine (CLAUDE.md)

Preserve the clean-code compliance gate and its category references (naming, kiss, yagni, dry, and solid)

Files:

• packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py
• tests/unit/test_bundle_resource_payloads.py

packages/**/src/**/*.py

⚙️ CodeRabbit configuration file

packages/**/src/**/*.py: Focus on adapter and bridge patterns: imports from specfact_cli (models, runtime, validators),
Typer/Rich command surfaces, and clear boundaries so core upgrades do not silently break bundles.
Flag breaking assumptions about registry loading, lazy imports, and environment/mode behavior.

Files:

• packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py

openspec/**/*.md

⚙️ CodeRabbit configuration file

openspec/**/*.md: Specification truth: proposal/tasks/spec deltas vs. bundle behavior, CHANGE_ORDER, and
drift vs. shipped modules or docs.

Files:

• openspec/changes/code-review-ai-bloat-detection/tasks.md

tests/**/*.py

⚙️ CodeRabbit configuration file

tests/**/*.py: Contract-first and integration tests: migration suites, bundle validation, and flakiness.
Ensure changes to adapters or bridges have targeted coverage.

Files:

• tests/unit/test_bundle_resource_payloads.py

🔇 Additional comments (7)

docs/modules/code-review.md (2)

110-115: LGTM!

---

457-462: LGTM!

packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py (1)

254-267: LGTM!

openspec/changes/code-review-ai-bloat-detection/tasks.md (1)

65-68: LGTM!

tests/unit/test_bundle_resource_payloads.py (3)

38-38: LGTM!

---

226-249: LGTM!

---

270-271: LGTM!

---

📝 Walkthrough

Walkthrough

Adds an advisory ai_bloat finding category with semgrep pattern rules and an AST-based runner, integrates them into the review orchestration, makes findings score-neutral, exposes an IDE simplify prompt that reads .specfact/code-review.json, updates pre-commit reporting, and adds docs, manifests, and tests.

Changes

Code Review AI Bloat Detection

Layer / File(s)	Summary
Finding schema: ai_bloat category extension packages/specfact-code-review/src/specfact_code_review/run/findings.py, tests/unit/specfact_code_review/run/test_findings.py	ReviewFinding.category and VALID_CATEGORIES include "ai_bloat"; tests/types updated to accept the new category.
Semgrep pattern rules and bad/good fixtures packages/specfact-code-review/resources/semgrep-rules/ai-bloat.yaml, tests/fixtures/semgrep/bad_*.py, tests/fixtures/semgrep/good_*.py, tests/unit/specfact_code_review/tools/test_semgrep_runner.py	Add semgrep rules for manual-loop→comprehension, passthrough-lambda, identity try/except, none-then-none, single-call-wrapper; add paired fixtures and parametrized tests asserting mapping to category="ai_bloat" and severity="info".
Semgrep runner multi-config and ai_bloat wiring packages/specfact-code-review/src/specfact_code_review/tools/semgrep_runner.py	Extend SemgrepCategory to include ai_bloat; map ai-bloat.* rules to ai_bloat; add find_semgrep_ai_bloat_config() and support multiple --config files; emit ai_bloat findings at severity="info".
AST-based semantic detectors packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py, tests/unit/specfact_code_review/tools/test_ai_bloat_runner.py	New run_ai_bloat(files) implementing heuristics: unused optional params, dead branches, loc-vs-complexity (LOC ≥ 40, complexity ≤ 4), redundant intermediates; unit tests validate each detector.
Tools export, runner orchestration, and scoring packages/specfact-code-review/src/specfact_code_review/tools/__init__.py, packages/specfact-code-review/src/specfact_code_review/run/runner.py, packages/specfact-code-review/src/specfact_code_review/run/scorer.py, tests/unit/specfact_code_review/run/*	Export run_ai_bloat; insert run_ai_bloat step into _tool_steps execution order between semgrep bug pass and AST clean-code checks; modify scorer to treat ai_bloat findings as zero-deduction; update runner tests and add score-neutral test.
Pre-commit hook ai_bloat reporting scripts/pre_commit_code_review.py, tests/unit/scripts/test_pre_commit_code_review.py	Remove --level error from built CLI command to include info-level findings in JSON; add _count_ai_bloat_findings() and include ai_bloat=<count> in stderr summary when present; tests validate ai_bloat-only reports do not block and combined error+ai_bloat blocks.
Policy pack and simplify prompt packages/specfact-code-review/resources/policy-packs/specfact/ai-bloat-patterns.yaml, packages/specfact-project/resources/prompts/specfact.08-simplify.md	Add advisory ai-bloat-patterns.yaml mapping ai-bloat rules to category: ai_bloat, principle: ai_bloat and /specfact.08-simplify prompt that reads .specfact/code-review.json, filters category=ai_bloat, guides per-candidate accept/reject/skip/explain edits, and re-runs review for verification.
Bundle manifests and payload tests packages/specfact-code-review/module-package.yaml, packages/specfact-project/module-package.yaml, tests/unit/test_bundle_resource_payloads.py	Bump versions and update integrity entries; tests assert prompt presence and that package tarball includes the ai-bloat policy pack and semgrep rules payloads.
Documentation and openspec evidence README.md, docs/index.md, docs/modules/code-review.md, docs/bundles/code-review/run.md, docs/bundles/project/overview.md, docs/quickstart-ai-bloat.md, openspec/changes/code-review-ai-bloat-detection/*	README and module docs updated with AI-bloat description and gate behavior; quickstart added; design, proposal, spec, TDD evidence, and task checklists updated to document detectors, contracts, thresholds, and workflow.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer (pre-commit)
  participant PreCommit as pre_commit_code_review.py
  participant CLI as specfact CLI
  participant Semgrep as Semgrep runner
  participant AI_Bloat as AI-bloat AST runner
  participant Scorer as score_review
  Dev->>PreCommit: commit -> run hook
  PreCommit->>CLI: specfact code review --json
  CLI->>Semgrep: run semgrep configs (clean-code + ai-bloat)
  Semgrep->>CLI: findings (ai_bloat -> severity=info)
  CLI->>AI_Bloat: run_ai_bloat(files)
  AI_Bloat->>CLI: ai_bloat findings (info)
  CLI->>Scorer: aggregate findings
  Scorer->>PreCommit: verdict + ci_exit_code + .specfact/code-review.json
  PreCommit->>Dev: exit code + stderr summary (includes ai_bloat count)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• [Docs] Add AI bloat simplify callout after modules rollout specfact-cli#573 — Docs/README request: this PR adds README/docs callouts and quickstart for the new ai_bloat advisories and /specfact.08-simplify prompt.

Possibly related PRs

• nold-ai/specfact-cli-modules#248: Overlaps on pre-commit hook CLI flag handling and output generation.
• nold-ai/specfact-cli-modules#128: Related changes to runner/finding-category wiring and orchestration.
• nold-ai/specfact-cli-modules#246: Related to pre-commit code review gate behavior and --level semantics.

Suggested labels

module

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.61% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title 'Add AI bloat review advisories' clearly summarizes the main feature addition and aligns with Conventional Commits style using implicit 'feat:' semantics.
Description check	✅ Passed	Description comprehensively covers summary, verification steps, and review gate evidence; aligns well with template structure despite optional formatting.
Linked Issues check	✅ Passed	All code changes fulfill objectives from #269: semgrep rules, AST runner, policy pack, prompt resource, and advisory-only severity model are implemented as specified.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to #269 deliverables: ai_bloat detection/reporting infrastructure, documentation, fixtures, tests, and version bumps in affected bundles.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/code-review-ai-bloat-detection

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

tests/unit/test_bundle_resource_payloads.py (1)

226-248: ⚡ Quick win

Validate the category field in addition to principle.

The test validates that all rules have principle == "ai_bloat" (line 247), but the policy pack YAML also specifies category: ai_bloat for each rule. The category field drives rule categorization and severity mapping. Consider adding a parallel assertion to ensure contract completeness:

assert {rule["category"] for rule in data["rules"]} == {"ai_bloat"}

This guards against miscategorization if the policy pack is edited incorrectly.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/unit/test_bundle_resource_payloads.py` around lines 226 - 248, The test
function test_code_review_bundle_packages_ai_bloat_policy_pack_manifest
currently asserts principle values but not the rule category; update the test to
also assert that every rule's "category" equals "ai_bloat" by adding a parallel
assertion against data["rules"] (e.g., verify {rule["category"] for rule in
data["rules"]} == {"ai_bloat"}) so the policy pack's categorization contract is
enforced alongside the existing principle check.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/modules/code-review.md`:
- Around line 110-115: The new "AI-shaped bloat advisories" section documents an
ai_bloat pass but the page's orchestration/runner order is missing that pass,
causing documentation drift; update the runner/orchestration list on this page
to include the ai_bloat pass in the correct execution order so it matches the
described behavior (ensure references like ai_bloat, .specfact/code-review.json,
and the /specfact.08-simplify prompt remain consistent), keeping the
docs/**/*.md accuracy guideline in mind when editing the orchestration list.

In `@docs/quickstart-ai-bloat.md`:
- Line 35: The docs line includes hard-coded, run-specific detection counts
("144" and "0"); update the sentence in docs/quickstart-ai-bloat.md to avoid
fixed numbers by either removing the counts or marking them as example output
(e.g., "example output: X candidates, Y rewrites accepted"), and keep the
identifiers like `ai_bloat`, `specfact-code-review`, `specfact-project`, and
`/specfact.08-simplify` unchanged so readers can map the example to the rule and
rewrite path.

In `@openspec/changes/code-review-ai-bloat-detection/tasks.md`:
- Around line 66-68: The checklist items for 9.2–9.4 have incorrect indentation
causing MD005; locate the section heading "9" and the sibling checklist items
and realign lines for items "9.2", "9.3", and "9.4" so their list markers and
indentation exactly match the other checklist entries (remove or add leading
spaces as needed) to restore consistent markdown list indentation and avoid
markdownlint noise.

In
`@packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py`:
- Around line 258-263: The try/except around ast.parse in ai_bloat_runner.py
currently catches OSError and SyntaxError but not UnicodeDecodeError; update the
except to also catch UnicodeDecodeError so non-UTF8 decoding errors are
converted into a findings entry via tool_error(file_path=file_path,
message=...), mirroring the pattern used in run_ast_clean_code; locate the
ast.parse call and the findings.append(...) that uses tool_error and add
UnicodeDecodeError to the exception tuple to ensure the tool emits a graceful
tool_error instead of crashing.

---

Nitpick comments:
In `@tests/unit/test_bundle_resource_payloads.py`:
- Around line 226-248: The test function
test_code_review_bundle_packages_ai_bloat_policy_pack_manifest currently asserts
principle values but not the rule category; update the test to also assert that
every rule's "category" equals "ai_bloat" by adding a parallel assertion against
data["rules"] (e.g., verify {rule["category"] for rule in data["rules"]} ==
{"ai_bloat"}) so the policy pack's categorization contract is enforced alongside
the existing principle check.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5c0e9ad1-5983-417d-b148-558335b63266

📥 Commits

Reviewing files that changed from the base of the PR and between 2f4cb6e and 096c5be.

📒 Files selected for processing (40)

• README.md
• docs/bundles/code-review/run.md
• docs/bundles/project/overview.md
• docs/index.md
• docs/modules/code-review.md
• docs/quickstart-ai-bloat.md
• openspec/changes/code-review-ai-bloat-detection/TDD_EVIDENCE.md
• openspec/changes/code-review-ai-bloat-detection/design.md
• openspec/changes/code-review-ai-bloat-detection/proposal.md
• openspec/changes/code-review-ai-bloat-detection/specs/code-review-ai-bloat-detection/spec.md
• openspec/changes/code-review-ai-bloat-detection/tasks.md
• packages/specfact-code-review/module-package.yaml
• packages/specfact-code-review/resources/policy-packs/specfact/ai-bloat-patterns.yaml
• packages/specfact-code-review/resources/semgrep-rules/ai-bloat.yaml
• packages/specfact-code-review/src/specfact_code_review/run/findings.py
• packages/specfact-code-review/src/specfact_code_review/run/runner.py
• packages/specfact-code-review/src/specfact_code_review/run/scorer.py
• packages/specfact-code-review/src/specfact_code_review/tools/__init__.py
• packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py
• packages/specfact-code-review/src/specfact_code_review/tools/semgrep_runner.py
• packages/specfact-project/module-package.yaml
• packages/specfact-project/resources/prompts/specfact.08-simplify.md
• scripts/pre_commit_code_review.py
• tests/fixtures/semgrep/bad_identity_try_except.py
• tests/fixtures/semgrep/bad_manual_loop_comprehension.py
• tests/fixtures/semgrep/bad_none_then_none.py
• tests/fixtures/semgrep/bad_passthrough_lambda.py
• tests/fixtures/semgrep/bad_single_call_wrapper.py
• tests/fixtures/semgrep/good_identity_try_except.py
• tests/fixtures/semgrep/good_manual_loop_comprehension.py
• tests/fixtures/semgrep/good_none_then_none.py
• tests/fixtures/semgrep/good_passthrough_lambda.py
• tests/fixtures/semgrep/good_single_call_wrapper.py
• tests/unit/scripts/test_pre_commit_code_review.py
• tests/unit/specfact_code_review/run/test_findings.py
• tests/unit/specfact_code_review/run/test_runner.py
• tests/unit/specfact_code_review/run/test_scorer.py
• tests/unit/specfact_code_review/tools/test_ai_bloat_runner.py
• tests/unit/specfact_code_review/tools/test_semgrep_runner.py
• tests/unit/test_bundle_resource_payloads.py

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: quality (3.13)
• GitHub Check: quality (3.11)
• GitHub Check: quality (3.12)

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{js,ts,tsx,jsx,py,java,cs,go,rb,php,cpp,c,h}

📄 CodeRabbit inference engine (CLAUDE.md)

Preserve the clean-code compliance gate and its category references (naming, kiss, yagni, dry, and solid)

Files:

• tests/fixtures/semgrep/good_manual_loop_comprehension.py
• tests/fixtures/semgrep/good_passthrough_lambda.py
• packages/specfact-code-review/src/specfact_code_review/tools/__init__.py
• packages/specfact-code-review/src/specfact_code_review/run/scorer.py
• tests/fixtures/semgrep/bad_identity_try_except.py
• tests/fixtures/semgrep/good_single_call_wrapper.py
• tests/fixtures/semgrep/bad_none_then_none.py
• tests/fixtures/semgrep/good_none_then_none.py
• tests/fixtures/semgrep/bad_manual_loop_comprehension.py
• packages/specfact-code-review/src/specfact_code_review/run/runner.py
• tests/unit/specfact_code_review/run/test_findings.py
• tests/fixtures/semgrep/bad_passthrough_lambda.py
• packages/specfact-code-review/src/specfact_code_review/run/findings.py
• tests/unit/specfact_code_review/run/test_scorer.py
• tests/fixtures/semgrep/bad_single_call_wrapper.py
• tests/unit/test_bundle_resource_payloads.py
• scripts/pre_commit_code_review.py
• tests/unit/specfact_code_review/tools/test_ai_bloat_runner.py
• tests/unit/specfact_code_review/tools/test_semgrep_runner.py
• tests/fixtures/semgrep/good_identity_try_except.py
• tests/unit/scripts/test_pre_commit_code_review.py
• packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py
• tests/unit/specfact_code_review/run/test_runner.py
• packages/specfact-code-review/src/specfact_code_review/tools/semgrep_runner.py

tests/**/*.py

⚙️ CodeRabbit configuration file

tests/**/*.py: Contract-first and integration tests: migration suites, bundle validation, and flakiness.
Ensure changes to adapters or bridges have targeted coverage.

Files:

• tests/fixtures/semgrep/good_manual_loop_comprehension.py
• tests/fixtures/semgrep/good_passthrough_lambda.py
• tests/fixtures/semgrep/bad_identity_try_except.py
• tests/fixtures/semgrep/good_single_call_wrapper.py
• tests/fixtures/semgrep/bad_none_then_none.py
• tests/fixtures/semgrep/good_none_then_none.py
• tests/fixtures/semgrep/bad_manual_loop_comprehension.py
• tests/unit/specfact_code_review/run/test_findings.py
• tests/fixtures/semgrep/bad_passthrough_lambda.py
• tests/unit/specfact_code_review/run/test_scorer.py
• tests/fixtures/semgrep/bad_single_call_wrapper.py
• tests/unit/test_bundle_resource_payloads.py
• tests/unit/specfact_code_review/tools/test_ai_bloat_runner.py
• tests/unit/specfact_code_review/tools/test_semgrep_runner.py
• tests/fixtures/semgrep/good_identity_try_except.py
• tests/unit/scripts/test_pre_commit_code_review.py
• tests/unit/specfact_code_review/run/test_runner.py

packages/**/module-package.yaml

⚙️ CodeRabbit configuration file

packages/**/module-package.yaml: Validate metadata: name, version, commands, dependencies, and parity with packaged src.
Call out semver and signing implications when manifests or payloads change.

Files:

• packages/specfact-project/module-package.yaml
• packages/specfact-code-review/module-package.yaml

packages/**/src/**/*.py

⚙️ CodeRabbit configuration file

packages/**/src/**/*.py: Focus on adapter and bridge patterns: imports from specfact_cli (models, runtime, validators),
Typer/Rich command surfaces, and clear boundaries so core upgrades do not silently break bundles.
Flag breaking assumptions about registry loading, lazy imports, and environment/mode behavior.

Files:

• packages/specfact-code-review/src/specfact_code_review/tools/__init__.py
• packages/specfact-code-review/src/specfact_code_review/run/scorer.py
• packages/specfact-code-review/src/specfact_code_review/run/runner.py
• packages/specfact-code-review/src/specfact_code_review/run/findings.py
• packages/specfact-code-review/src/specfact_code_review/tools/ai_bloat_runner.py
• packages/specfact-code-review/src/specfact_code_review/tools/semgrep_runner.py

docs/**/*.md

⚙️ CodeRabbit configuration file

docs/**/*.md: User-facing and cross-site accuracy: Jekyll front matter, links per documentation-url-contract,
CLI examples matching bundled commands.

Files:

• docs/index.md
• docs/bundles/code-review/run.md
• docs/bundles/project/overview.md
• docs/modules/code-review.md
• docs/quickstart-ai-bloat.md

openspec/**/*.md

⚙️ CodeRabbit configuration file

openspec/**/*.md: Specification truth: proposal/tasks/spec deltas vs. bundle behavior, CHANGE_ORDER, and
drift vs. shipped modules or docs.

Files:

• openspec/changes/code-review-ai-bloat-detection/TDD_EVIDENCE.md
• openspec/changes/code-review-ai-bloat-detection/proposal.md
• openspec/changes/code-review-ai-bloat-detection/tasks.md
• openspec/changes/code-review-ai-bloat-detection/design.md
• openspec/changes/code-review-ai-bloat-detection/specs/code-review-ai-bloat-detection/spec.md

scripts/**/*.py

⚙️ CodeRabbit configuration file

scripts/**/*.py: Deterministic tooling: signing, publishing, docs generation; subprocess and path safety.

Files:

• scripts/pre_commit_code_review.py

🪛 LanguageTool

openspec/changes/code-review-ai-bloat-detection/TDD_EVIDENCE.md

[uncategorized] ~5-~5: The official name of this software platform is spelled with a capital “H”.
Context: ...: Refreshed GitHub hierarchy cache with python scripts/sync_github_hierarchy_cache.py. - 2026-05-20: Veri...

(GITHUB)

openspec/changes/code-review-ai-bloat-detection/proposal.md

[style] ~22-~22: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... enabled or disabled independently. - NEW: Add an IDE slash-command prompt at `...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

openspec/changes/code-review-ai-bloat-detection/tasks.md

[uncategorized] ~5-~5: The official name of this software platform is spelled with a capital “H”.
Context: ...d change scaffolding - [x] 1.1 Verify .specfact/backlog/github_hierarchy_cache.md is fresh, confirm i...

(GITHUB)

---

[locale-violation] ~44-~44: In American English, ‘afterward’ is the preferred variant. ‘Afterwards’ is more commonly used in British English and other dialects.
Context: ... the IDE, and suggest re-running review afterwards. - [x] 6.2 Add the new command to the ...

(AFTERWARDS_US)

🪛 markdownlint-cli2 (0.22.1)

openspec/changes/code-review-ai-bloat-detection/tasks.md

[warning] 66-66: Inconsistent indentation for list items at the same level
Expected: 1; Actual: 0

(MD005, list-indent)

---

[warning] 67-67: Inconsistent indentation for list items at the same level
Expected: 1; Actual: 0

(MD005, list-indent)

---

[warning] 68-68: Inconsistent indentation for list items at the same level
Expected: 1; Actual: 0

(MD005, list-indent)

🔇 Additional comments (29)

scripts/pre_commit_code_review.py (1)

224-233: LGTM!

Also applies to: 265-281

tests/unit/scripts/test_pre_commit_code_review.py (1)

89-89: LGTM!

Also applies to: 150-216

packages/specfact-code-review/resources/policy-packs/specfact/ai-bloat-patterns.yaml (1)

1-33: LGTM!

packages/specfact-project/resources/prompts/specfact.08-simplify.md (1)

1-62: LGTM!

packages/specfact-code-review/module-package.yaml (1)

2-2: LGTM!

Also applies to: 26-27

packages/specfact-project/module-package.yaml (1)

2-2: LGTM!

Also applies to: 30-31

tests/unit/test_bundle_resource_payloads.py (2)

38-38: LGTM!

---

266-270: LGTM!

packages/specfact-code-review/src/specfact_code_review/run/findings.py (1)

27-27: LGTM!

Also applies to: 85-85

tests/unit/specfact_code_review/run/test_findings.py (1)

27-27: LGTM!

Also applies to: 85-85, 104-104

packages/specfact-code-review/resources/semgrep-rules/ai-bloat.yaml (1)

1-55: LGTM!

tests/fixtures/semgrep/bad_identity_try_except.py (1)

1-6: LGTM!

tests/fixtures/semgrep/bad_manual_loop_comprehension.py (1)

1-6: LGTM!

tests/fixtures/semgrep/bad_none_then_none.py (1)

1-5: LGTM!

tests/fixtures/semgrep/bad_passthrough_lambda.py (1)

1-6: LGTM!

tests/fixtures/semgrep/bad_single_call_wrapper.py (1)

1-7: LGTM!

tests/fixtures/semgrep/good_identity_try_except.py (1)

1-2: LGTM!

tests/fixtures/semgrep/good_manual_loop_comprehension.py (1)

1-2: LGTM!

tests/fixtures/semgrep/good_none_then_none.py (1)

1-2: LGTM!

tests/fixtures/semgrep/good_passthrough_lambda.py (1)

1-4: LGTM!

tests/fixtures/semgrep/good_single_call_wrapper.py (1)

1-1: LGTM!

tests/unit/specfact_code_review/tools/test_semgrep_runner.py (1)

30-36: LGTM!

Also applies to: 44-50, 140-164, 353-371

packages/specfact-code-review/src/specfact_code_review/tools/semgrep_runner.py (1)

27-31: LGTM!

Also applies to: 37-37, 171-199, 203-207, 246-248, 278-279, 325-325, 361-366, 373-373, 380-393, 466-466

tests/unit/specfact_code_review/tools/test_ai_bloat_runner.py (1)

8-11: LGTM!

Also applies to: 14-31, 33-47, 50-63, 66-74, 76-87, 89-100

packages/specfact-code-review/src/specfact_code_review/tools/__init__.py (1)

3-3: LGTM!

Also applies to: 15-15

packages/specfact-code-review/src/specfact_code_review/run/runner.py (1)

24-24: LGTM!

Also applies to: 256-256

packages/specfact-code-review/src/specfact_code_review/run/scorer.py (1)

53-54: LGTM!

tests/unit/specfact_code_review/run/test_runner.py (1)

42-42: LGTM!

Also applies to: 68-68, 92-92, 114-119, 152-152, 174-174, 197-197, 250-250, 292-292, 316-316, 340-340, 371-371, 427-427

tests/unit/specfact_code_review/run/test_scorer.py (1)

22-33: LGTM!

Also applies to: 66-72