fix: [#881] dbt_pr_review needs no altimate API key — correct stale tool descriptions

[anandgupta42]

What does this PR do?

Fixes the confusing "needs an altimate AI API key" symptom reported in #881 when running the dbt_pr_review skill.

Root cause: The native altimate-core engine that backs dbt_pr_review (column lineage, track lineage, equivalence, PII, grade) runs fully offline via the bundled @altimateai/altimate-core napi binary — there is no altimate_core.init and no API-key gate anywhere in that path (verified in native/altimate-core.ts + native/dispatcher.ts). But two tool descriptions still carried a stale Python-bridge-era claim that they "Requires altimate_core.init() with API key". When the reviewer agent hits a lint-only run, it reads those descriptions and wrongly concludes it needs an API key — mis-diagnosing a manifest-resolution problem as an auth one.

Changes:

• altimate-core-column-lineage.ts / altimate-core-track-lineage.ts: drop the false API-key requirement; state the tools run offline via the native engine (no key/account).
• docs/usage/dbt-pr-review.md: add a troubleshooting note — lint-only means the dbt manifest.json did not resolve (wrong path, stale manifest, or wrong working directory), never an auth failure. The deterministic verdict needs no altimate key; only the optional advisory LLM lane does.
• test/altimate/altimate-core-tool-descriptions.test.ts: regression guard pinning both descriptions so the false claim can't silently return.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

Issue for this PR

Closes #881

How did you verify your code works?

• bun run typecheck — clean.
• New regression test bun test test/altimate/altimate-core-tool-descriptions.test.ts — 2 pass (also confirmed it would catch the old text via the altimate_core.init assertion).
• Verified the "no API key" claim against source: both handlers (native/altimate-core.ts:426/:437) call core.columnLineage/core.trackLineage directly; the dispatcher has no auth layer; schema resolution is local-only (Schema.fromJson).
• prettier --check clean on changed files; marker check reports no upstream-shared files touched.
• Multi-model review (Claude + GPT 5.4 + Gemini 3.1 Pro): unanimous APPROVE; the regression test was added per their shared suggestion.

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective
• New and existing unit tests pass locally with my changes

---

Summary by cubic

Fixes the misleading “needs Altimate API key” message in dbt_pr_review by correcting tool descriptions and clarifying docs. Prevents false auth errors and explains that lint-only mode is a manifest resolution issue, not auth.

• Bug Fixes
  • Updated altimate_core_column_lineage and altimate_core_track_lineage descriptions to state they run fully offline via @altimateai/altimate-core (no API key/account required).
  • Added a troubleshooting note to dbt_pr_review docs: lint-only means the dbt manifest.json didn’t resolve; check path, freshness, and working directory.
  • Added altimate-core-tool-descriptions.test.ts to guard against reintroducing the false API-key/altimate_core.init claim.

^{Written for commit a1acf15. Summary will update on new commits.}

Summary by CodeRabbit

• Documentation

  • Clarified lint-only mode behavior and API key requirements in dbt PR review guide with expanded troubleshooting steps.
  • Updated tool descriptions for column lineage and track lineage tools to reflect offline-only operation.

• Tests

  • Added regression test for tool description accuracy.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 69e20b87-7f99-4e80-9175-f4368f143e54

📥 Commits

Reviewing files that changed from the base of the PR and between 85edc12 and a1acf15.

📒 Files selected for processing (4)

• docs/docs/usage/dbt-pr-review.md
• packages/opencode/src/altimate/tools/altimate-core-column-lineage.ts
• packages/opencode/src/altimate/tools/altimate-core-track-lineage.ts
• packages/opencode/test/altimate/altimate-core-tool-descriptions.test.ts

---

📝 Walkthrough

Walkthrough

This PR clarifies that altimate-core lineage tools execute fully offline without requiring API keys. Updated tool descriptions, added regression test validation, and documented troubleshooting guidance for users encountering lint-only behavior.

Changes

Offline Execution Clarity

Layer / File(s)	Summary
Tool descriptions: offline execution semantics packages/opencode/src/altimate/tools/altimate-core-column-lineage.ts, packages/opencode/src/altimate/tools/altimate-core-track-lineage.ts	Rewrote AltimateCoreColumnLineageTool and AltimateCoreTrackLineageTool descriptions to state that column and track lineage execution runs fully offline via the native engine without API key or account requirements, replacing prior wording about API-key-based initialization.
Regression test for tool descriptions packages/opencode/test/altimate/altimate-core-tool-descriptions.test.ts	Added Bun test suite that iterates over the two lineage tools, validates descriptions do not mention altimate_core.init() or state API key requirements, and confirms descriptions explicitly include "no api key" (case-insensitive).
User documentation for lint-only troubleshooting docs/docs/usage/dbt-pr-review.md	Added callout explaining that lint-only mode is unrelated to API key authentication, clarifying deterministic verdict components run offline, and providing troubleshooting steps for manifest resolution (path verification, recompiling stale manifests, correct working directory).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

contributor, needs-review:blocked

🐰 Offline engines run so fast,
No keys needed, queries pass,
Lint-only blues? Check your path,
Manifest fresh, verdicts en masse!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the issue (#881) and summarizes the main fix: correcting stale tool descriptions that incorrectly claimed API key requirements for dbt_pr_review.
Description check	✅ Passed	The PR description comprehensively covers the root cause, changes made, type of change, issue closure, verification steps, and completed checklist items following the template structure.
Linked Issues check	✅ Passed	The PR directly addresses #881 by fixing the false API-key requirement in tool descriptions and adding documentation clarifying that lint-only mode indicates manifest resolution issues, not auth failures.
Out of Scope Changes check	✅ Passed	All changes (tool descriptions, documentation, and regression test) are directly scoped to fixing the #881 issue and preventing reintroduction of the false API-key claim.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/881-dbt-pr-review-no-api-key

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dev-punia-altimate]

Multi-Persona Review — Verdict: ship

This PR correctly fixes a misleading error message by removing false API key requirements from offline-native tool descriptions and adding a regression test. All changes are well-documented, tested, and aligned with offline-first architecture principles. No critical or high-severity issues remain.

14/14 agents completed · 177s · 1 findings (0 critical, 0 high, 0 medium)

Low

• [cto] The documentation update in dbt-pr-review.md is excellent but could be more discoverable. The troubleshooting section is buried under 'Options' and may be missed by users encountering the error. → docs/docs/usage/dbt-pr-review.md:110
  • 💡 Consider moving the troubleshooting note to a dedicated 'Troubleshooting' section near the top of the page, or linking to it from the 'Common Errors' section if one exists.

---

_{Multi-Persona Review · vllm:qwen3-next-80b (waves) + vllm-fallback (synth) ·}

[dev-punia-altimate]

[LOW · cto] The documentation update in dbt-pr-review.md is excellent but could be more discoverable. The troubleshooting section is buried under 'Options' and may be missed by users encountering the error.

💡 Suggestion: Consider moving the troubleshooting note to a dedicated 'Troubleshooting' section near the top of the page, or linking to it from the 'Common Errors' section if one exists.

_{Confidence: 70/100}

[cubic-dev-ai]

No issues found across 4 files

_{Re-trigger cubic}