Active

PR Review Recipes

Automating code quality with deterministic workflows

January 2026

The Goal

Automate PR review for amplifier-app-cli using Amplifier's recipe system.

Deterministic — Same inputs, same outputs, every time
Comprehensive — Code quality, security, and runtime validation
Fast feedback — Catch issues before merge

Version 1

Built confidence with foundational checks

Ruff

Linting & formatting

Pyright

Type checking

CLI

--help, --version

Solid foundation. But was it enough?

The Gap

A routine PR merged. All checks passed.

Then it failed at runtime.

The issue only appeared when users created actual sessions — something our recipe never tested.

Root Cause

We tested that it launched. We didn't test what users actually do.

✗ Tested

amplifier --help
amplifier --version
Static code analysis

→

✓ Needed

Real session creation
Tool invocations
Provider connections

Same Day

Discovered → root-caused → improved → validated

Discovered

Runtime failure

Root Cause

Gap identified

Improved

Recipe updated

Validated

Re-tested original PR

How the Recipe Works Now

Seven phases, fully automated

1 FETCH

›

2 CLONE

›

3 ANALYZE

›

4 SHADOW

›

5 SMOKE

›

6 REVIEW

›

7 REPORT

                # PR metadata from GitHub  FETCH

                # Clone PR branch + amplifier-core  CLONE

                # Cross-repo contract checking  ANALYZE

                # Create isolated container  SHADOW

                # Real sessions, tools, providers  SMOKE

                # Code quality + security audit  REVIEW

                # Generate findings report  REPORT

Two Layers of Detection

🔍 Static Analysis

Contract checking — API signatures between repos
Breaking changes — Removed params, changed types
Import validation — Module dependencies

Catches: What could break

⚡ Dynamic Testing

Shadow environment — Isolated container
Real user flows — Session creation, tool calls
Runtime validation — Module loading, execution

Catches: What does break

Shadow Environment

Test what users actually do, in complete isolation

✓ Install from PR code

✓ Create real sessions

✓ Invoke tools

✓ Connect providers

✓ Run smoke tests

Safe. Repeatable. Tests the full user experience before merge.

Validation

Tested the improved recipe against the PR that got through

✓ Static

Contract analysis caught the API signature mismatch between repos

✓ Dynamic

Shadow smoke tests caught the runtime session-creation failure

Both layers now catch it. The gap is closed.

The Pattern

Each gap becomes the next improvement

🔨

Build

→

🧪

Test

→

💡

Learn

→

🔧

Improve

→

🔄

Repeat

Not a failure. A feedback loop.

Velocity

74 commits across 44 days — Dec 15, 2025 to Jan 28, 2026

Brian Krabach

68 (92%)

Marc Goodner

3

Mollie Munoz

1

Sam Schillace

1

momuno

1

6 stages

code-review recipe with model routing: haiku for classification, sonnet for analysis, opus for strategy

2-in-1

comprehensive-review.yaml composes code-review + security-audit as sub-recipes

Sources & Methodology

Data Collection

Recipe file analysis: find + cat on review recipe YAML files
Git history: git log --oneline (74 commits found)
Contributors: git log --format="%an" | sort | uniq -c
Timeline: First commit Dec 15, 2025; latest Jan 28, 2026

Repository

microsoft/amplifier-bundle-recipes

Key files analyzed:

examples/code-review-recipe.yaml
examples/comprehensive-review.yaml

Attribution

Primary contributor: Brian Krabach (~92% of 74 commits)

Additional contributors: Marc Goodner (3), Mollie Munoz (1), Sam Schillace (1), momuno (1)

Known Gaps

Exact runtime-failure PR not identified by SHA
V1 → V2 timeline is narrative from existing deck, not commit-verified

Data as of

February 20, 2026

Feature status

Active

Ship with Confidence

PR Review Recipes — Now in Amplifier

Recipe Bundle: microsoft/amplifier-bundle-recipes
PR Review Bundle: robotdad/amplifier-bundle-pr-review
Smoke Test Bundle: samueljklee/amplifier-bundle-smoke-test