refactor: validate reviewer-name early (fail fast before LLM call)

Moved validateReviewerName check to right after flag parsing. Previously it ran after the LLM request completed — wasting an expensive API call if the name was invalid. Sonnet review finding #1.
feat: add role title as H1 header for visual differentiation
2026-05-01 21:42:49 -07:00 · 2026-05-01 21:36:32 -07:00
2 changed files with 30 additions and 4 deletions
@@ -57,6 +57,11 @@ func main() {
 		os.Exit(1)
 	}

+	// Validate reviewer-name: only safe characters allowed in sentinel
+	if err := validateReviewerName(*reviewerName); err != nil {
+		log.Fatalf("%v", err)
+	}
+
 	// Parse repo owner/name
 	parts := strings.SplitN(*repo, "/", 2)
 	if len(parts) != 2 {
@@ -234,10 +239,6 @@ func main() {
 		return
 	}

-	// Validate reviewer-name: only safe characters allowed in sentinel
-	if err := validateReviewerName(*reviewerName); err != nil {
-		log.Fatalf("%v", err)
-	}
 	sentinel := fmt.Sprintf("<!-- review-bot:%s -->", *reviewerName)

 	log.Printf("Posting review (event=%s)...", event)
@@ -134,3 +134,28 @@ func TestFormatMarkdown_Sentinel(t *testing.T) {
 		t.Error("should not contain sentinel when reviewer name is empty")
 	}
 }
+
+func TestFormatMarkdown_RoleTitle(t *testing.T) {
+	result := &ReviewResult{
+		Verdict:        "APPROVE",
+		Summary:        "All good.",
+		Recommendation: "Merge it.",
+	}
+
+	// With reviewer name: should have title header
+	output := FormatMarkdown(result, "security")
+	if !strings.Contains(output, "# Security Review\n") {
+		t.Error("expected '# Security Review' header when reviewer name is set")
+	}
+
+	output2 := FormatMarkdown(result, "gpt")
+	if !strings.Contains(output2, "# Gpt Review\n") {
+		t.Error("expected '# Gpt Review' header")
+	}
+
+	// Without reviewer name: no title header
+	output3 := FormatMarkdown(result, "")
+	if strings.Contains(output3, "# ") && strings.Contains(output3, " Review\n") {
+		t.Error("should not contain role title header when reviewer name is empty")
+	}
+}
Author	SHA1	Message	Date
Rodin	55391c66d8	refactor: validate reviewer-name early (fail fast before LLM call) CI / test (pull_request) Successful in 13s Details CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 24s Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m0s Details CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m40s Details Moved validateReviewerName check to right after flag parsing. Previously it ran after the LLM request completed — wasting an expensive API call if the name was invalid. Sonnet review finding #1.	2026-05-01 21:42:49 -07:00
Rodin	2287a8238c	feat: add role title as H1 header for visual differentiation CI / test (pull_request) Successful in 14s Details CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 19s Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m27s Details CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m42s Details When reviewer-name is set, prepend "# Security Review" / "# Sonnet Review" etc. as a top-level header. Makes it immediately obvious which role each review represents in the Gitea UI, especially when multiple reviews come from the same bot account.	2026-05-01 21:36:32 -07:00