Why
code-review-graph already gives Claude/agents the important primitive: a smaller review context plus blast radius/risk scores.
One missing piece for AI-generated PR review is an inspectable receipt that the agent can paste into the PR body or review summary before merge. Without that, the reviewer still has to infer whether the agent actually considered the operational boundaries behind the score.
Proposal
Add an optional --receipt / structured output mode for review queries that emits a compact, privacy-safe review receipt alongside the blast-radius/risk output.
Possible shape:
{
"receipt_type": "review.blast_radius.v1",
"changed_files_count": 7,
"blast_radius_files_count": 23,
"risk_tier": "medium",
"boundaries": {
"schema_or_data_contract": "touched|not_touched|unknown",
"live_reader_writer_compatibility": "checked|not_checked|unknown",
"async_or_background_paths": "touched|not_touched|unknown",
"public_or_generated_interfaces": "touched|not_touched|unknown",
"external_side_effects": "declared|none_detected|unknown"
},
"tests_or_checks_suggested": ["..."],
"merge_blockers": ["unknown external side effects"],
"next_safe_action": "read files X/Y before approving"
}The important part is not the exact schema; it is that an agent-generated review can show:
- which files were in the graph-derived blast radius;
- which operational boundaries were checked vs unknown;
- what should block merge until a human/tool resolves it;
- no raw source, prompts, secrets, stack traces, or full tool output in the receipt.
Acceptance idea
For a command such as code-review-graph review <ref> --receipt json, a reviewer could copy the receipt into a PR template/check-run summary and quickly see whether the AI review covered the boundaries that matter, instead of only seeing “risk score: medium” or a natural-language summary.
This seems aligned with the repo's positioning: graph context should help agents read less, but also make the review evidence easier for humans to audit.
Why
code-review-graphalready gives Claude/agents the important primitive: a smaller review context plus blast radius/risk scores.One missing piece for AI-generated PR review is an inspectable receipt that the agent can paste into the PR body or review summary before merge. Without that, the reviewer still has to infer whether the agent actually considered the operational boundaries behind the score.
Proposal
Add an optional
--receipt/ structured output mode for review queries that emits a compact, privacy-safe review receipt alongside the blast-radius/risk output.Possible shape:
{ "receipt_type": "review.blast_radius.v1", "changed_files_count": 7, "blast_radius_files_count": 23, "risk_tier": "medium", "boundaries": { "schema_or_data_contract": "touched|not_touched|unknown", "live_reader_writer_compatibility": "checked|not_checked|unknown", "async_or_background_paths": "touched|not_touched|unknown", "public_or_generated_interfaces": "touched|not_touched|unknown", "external_side_effects": "declared|none_detected|unknown" }, "tests_or_checks_suggested": ["..."], "merge_blockers": ["unknown external side effects"], "next_safe_action": "read files X/Y before approving" }The important part is not the exact schema; it is that an agent-generated review can show:
Acceptance idea
For a command such as
code-review-graph review <ref> --receipt json, a reviewer could copy the receipt into a PR template/check-run summary and quickly see whether the AI review covered the boundaries that matter, instead of only seeing “risk score: medium” or a natural-language summary.This seems aligned with the repo's positioning: graph context should help agents read less, but also make the review evidence easier for humans to audit.