DocsBuildAPI ReferenceSDK Reference
Reference Implementations

Security

code-reviewer

beginner

Review code for security and quality issues (runs in isolated V8 sandbox).

APIs Used

ctx.llmctx.files

Capabilities Required

security/code/review

What this demonstrates

  • 1ctx.files.readText() to load source files for review
  • 2ctx.llm.complete() for security and code quality analysis
  • 3The simplest complete pattern: read source → LLM review → structured output
  • 4Runs in isolated V8 sandbox via HumanOS for safe execution

Source

View on GitHub
typescript
/**
 * Code Reviewer - Production Reference Agent
 *
 * Canon alignment: KB 55 (MARA) - V8 Sandbox + Limits
 * Demonstrates: ctx.llm, ctx.files, resource limit awareness
 *
 * Real use case: Review code for security issues. In production, this
 * runs inside a V8 sandbox with memory/CPU limits.
 */


import { handler, withProvenanceContext } from '@human/agent-sdk';
import type { ExecutionContext } from '@human/agent-sdk';


export const AGENT_ID = 'code-reviewer';
export const VERSION = '1.0.0';
export const CAPABILITIES = ['security/code/review'];


export interface CodeReviewerInput {
  file_path: string;
  review_type?: 'security' | 'quality' | 'all';
}


export interface CodeReviewerOutput {
  success: boolean;
  findings: Array<{
    severity: 'info' | 'warning' | 'critical';
    message: string;
    line?: number;
  }>;
  summary: string;
  provenance_id: string;
}


const execute = async (
  ctx: ExecutionContext,
  input: CodeReviewerInput
): Promise<CodeReviewerOutput> => {
  ctx.log.info('Reviewing code', { path: input.file_path });


  const reviewType = input.review_type ?? 'all';
  const code = await ctx.files.readText(input.file_path);


  // LLM-powered code review (ctx.llm)
  const result = await ctx.llm.complete({
    prompt: [
      {
        role: 'system',
        content: `You are a code security reviewer. Review for ${reviewType} issues. Return JSON: { "findings": [{"severity":"info|warning|critical","message":"...","line":0}], "summary":"..." }. Only valid JSON.`,
      },
      {
        role: 'user',
        content: `Review this code:\n\n\`\`\`\n${code.slice(0, 6000)}\n\`\`\``,
      },
    ],
    temperature: 0.2,
    maxTokens: 1500,
  });


  let findings: CodeReviewerOutput['findings'] = [];
  let summary = '';


  try {
    const parsed = JSON.parse(result.content) as {
      findings?: CodeReviewerOutput['findings'];
      summary?: string;
    };
    findings = parsed.findings ?? [];
    summary = parsed.summary ?? 'Review complete.';
  } catch {
    summary = result.content;
  }


  const provenanceId = await ctx.provenance.log(
    withProvenanceContext(ctx, {
      type: 'code_review:complete',
      status: 'success',
      metadata: {
        input: { file_path: input.file_path, review_type: reviewType },
        output: {
          finding_count: findings.length,
          critical_count: findings.filter((f) => f.severity === 'critical').length,
        },
      },
    })
  );


  return {
    success: true,
    findings,
    summary,
    provenance_id: provenanceId,
  };
};


export default handler({
  name: AGENT_ID,
  id: AGENT_ID,
  version: VERSION,
  capabilities: CAPABILITIES,
  manifest: {
    operations: [
      {
        name: 'review',
        description: 'Review code for security and quality issues',
        paramsSchema: {
          file_path: { type: 'string', required: true, description: 'Path to code file' },
          review_type: { type: 'string', description: 'security | quality | all' },
        },
        resultKind: 'agent.code-reviewer.result',
      },
    ],
  },
  execute,
});

Run the tests

From monorepo root

$ pnpm test:agents:reference

$ pnpm test:agents:reference:verbose

The reference suite runs all 23 agents with createMockExecutionContext(), verifying every ctx.* API call and output shape.

See Also

SDK Reference

ctx.llm
All Reference Implementations