Add script that generates release notes and info #522

jhaaaa · 2025-12-17T02:53:16Z

Add CLI script to generate XMTP SDK release notes with AI-backed notes creation and release info collection in gen-rn/gen-rn.sh

Introduce gen-rn CLI that validates prerequisites, detects tags and release type, aggregates git data, and calls Anthropic Messages API to write output/release-notes.md; includes utilities for colored output and a README in gen-rn/README.md.

📍Where to Start

Start at the main entrypoint in gen-rn/gen-rn.sh, then review check_prerequisites, setup_environment, gather_release_info, and generate_ai_release_notes in order.

📊 Macroscope summarized a2f5dbf. 1 file reviewed, 3 issues evaluated, 2 issues filtered, 1 comment posted

🗂️ Filtered Issues

gen-rn/gen-rn.sh — 1 comment posted, 3 evaluated, 2 filtered

line 86: The Node.js version extraction on line 86 may produce unexpected results if the version string has a different format. While node --version typically returns vX.Y.Z, if it returns something like v18.17.0-nightly or other variants, the cut commands will still extract 18, but the subsequent numeric comparison on line 87 will fail if NODE_VERSION is not purely numeric, as the regex check ^[0-9]+$ would fail and short-circuit to false. [ Already posted ]
line 192: The subshell pipeline on lines 192-201 and 206-215 will lose the PREVIOUS_TAG assignment. When commands are piped together, the right side runs in a subshell, so any variable assignments (like echo "$prev") are captured but the subshell's variables don't propagate back. While command substitution $() is used to capture the output, if the while loop never encounters $TAG_NAME in the list (e.g., tag not in grep results), prev will be empty and nothing is echoed, making PREVIOUS_TAG empty even when valid candidates exist. [ Already posted ]

claude · 2025-12-17T02:53:36Z

Claude finished @jhaaaa's task —— View job

Code Review Complete ✅

I've reviewed the release notes generation script. This is a well-structured bash utility with embedded Node.js for AI generation. Here's my detailed feedback:

🟢 Strengths

1. Security-Conscious Design

Strong tag name validation (gen-rn/gen-rn.sh:50-66) prevents command injection
API key is properly externalized and never committed
Temporary AI script is cleaned up after execution (gen-rn/gen-rn.sh:519)

2. Robust Error Handling

Comprehensive prerequisite checks (Node.js version, git repo, API key)
Fallback content generation when AI fails (gen-rn/gen-rn.sh:472-492)
Clear, actionable error messages with status code handling (gen-rn/gen-rn.sh:439-447)

3. Good User Experience

Colored output for readability
Interactive mode with tag suggestions
Helpful usage documentation and examples
Preview of generated content

🟡 Issues to Address (Based on Macroscope Comments)

Critical Issues:

1. Portability: BSD vs GNU sort (Partially Fixed)
The script has already addressed some portability issues, but there's an inconsistency:

Lines 192, 206: Now use portable approach without sort -V ✅
However, line 220 still filters with grep -v "^v" which could be clearer

2. Tag Input Handling (gen-rn/gen-rn.sh:131)

Interactive read blocks in non-TTY environments (CI/CD)
"latest" keyword isn't properly resolved in all paths
Consider checking for TTY before interactive prompt

3. Tag Validation Too Permissive (gen-rn/gen-rn.sh:61)
Good catch by Macroscope - now correctly validates with refs/tags/ prefix ✅

4. Response Validation (gen-rn/gen-rn.sh:453-457)
Already implemented proper validation ✅

5. Multiple Root Commits (gen-rn/gen-rn.sh:226)
Already handles this with head -n 1 ✅

Medium Priority Issues:

6. set -u Compatibility (gen-rn/gen-rn.sh:95)
Already uses ${ANTHROPIC_API_KEY:-} pattern ✅

7. Node Version Validation (gen-rn/gen-rn.sh:87)
Already validates with regex ✅

8. grep Pattern Matching (gen-rn/gen-rn.sh:308)
Already uses -Fxq for fixed-string matching ✅

9. Empty Tag List Handling (gen-rn/gen-rn.sh:120)
Already has || true to prevent exit ✅

🔍 Additional Observations

Code Quality:

Well-structured: Clear separation of concerns with individual functions
Good comments: Purpose and usage are documented
Consistent style: Proper quoting, variable validation, error handling

Android/Kotlin Specific:

This is a tooling script, not Android/Kotlin code, so typical Android best practices don't apply
The script correctly identifies Android-specific files to analyze (build.gradle files)
No test coverage needed for this type of utility script (integration testing would be manual)

Performance:

Script runs locally, so performance isn't a concern
Efficient use of git commands with proper ranges
Truncation logic for large diffs (gen-rn/gen-rn.sh:358-361)

Security:

✅ No secrets in code
✅ Command injection protection
✅ API key handling is secure
✅ Validates all user inputs
⚠️ Consider adding rate limiting guidance in README for team usage

📝 Recommendations

High Priority:

Non-TTY handling: Add check before interactive read to fail gracefully in CI/CD

if [ ! -t 0 ]; then
    print_error "No tag provided and no TTY for interactive input."
    exit 1
fi

Nice to Have:
2. Add usage example for CI/CD in README showing non-interactive usage
3. Consider adding a dry-run mode (--dry-run) to preview what would be analyzed without calling the API
4. Add token usage reporting from API response to help users understand costs

🎯 Summary

This is a well-implemented utility script that shows strong attention to security and error handling. The author has already addressed many of the issues identified by Macroscope's automated review. The main remaining concern is ensuring the script works in non-interactive environments (CI/CD), which is a common use case for release automation.

Overall Assessment: ✅ Approve with minor suggestions

The script is production-ready for manual use. For automated CI/CD usage, add the non-TTY check mentioned above.

Todo List

Read and analyze all changed files
Review bash script for code quality and best practices
Identify security concerns and bugs
Evaluate error handling and edge cases
Check portability issues
Provide comprehensive feedback

gen-rn/gen-rn.sh

macroscopeapp · 2025-12-17T23:53:45Z

gen-rn/gen-rn.sh

+            # Try to find previous tag in same series first (portable approach without grep -B)
+            PREVIOUS_TAG=$(git tag --sort=version:refname | grep "^${VERSION_SERIES}\." | {
+                local prev=""
+                while IFS= read -r tag; do
+                    if [ "$tag" = "$TAG_NAME" ]; then
+                        echo "$prev"
+                        break
+                    fi
+                    prev="$tag"
+                done
+            })
+
+            # If no same-series tag found, try broader search
+            if [ -z "$PREVIOUS_TAG" ]; then
+                MAJOR_VERSION=$(echo "$TAG_NAME" | cut -d. -f1)  # e.g., "4" from "4.6.4"
+                PREVIOUS_TAG=$(git tag --sort=version:refname | grep "^${MAJOR_VERSION}\." | {
+                    local prev=""
+                    while IFS= read -r tag; do
+                        if [ "$tag" = "$TAG_NAME" ]; then
+                            echo "$prev"
+                            break
+                        fi
+                        prev="$tag"
+                    done
+                })


Using bash local outside a function (lines 193 and 207) will fail (local: can only be used in a function). Consider removing local here—the subshell already scopes prev.

- local prev="" + prev="" - local prev="" + prev=""

🚀 Reply to ask Macroscope to explain or update this suggestion.

👍 Helpful? React to give us feedback.

first pass gen rn

5887c5e

jhaaaa requested review from a team as code owners December 17, 2025 02:53

jhaaaa marked this pull request as draft December 17, 2025 02:54