
# Mission 1 — *The Empathetic Code Reviewer*

**Goal:** Given a JSON input with `code_snippet` and optional `review_comments`, generate an **empathetic, technically accurate** code review with actionable suggestions — optimized for a 2‑hour hackathon and the provided scoring rubric.

> **How to use:** Run the notebook top‑to‑bottom on **Google Colab** (or locally). Fill in your **HuggingFace token** and pick your OSS GPT models. Notebook is self‑contained and does **not** require paid APIs.

---

## Scoring Alignment (Why this notebook scores well)

- **Prompt Engineering & AI Output (45%)**  
  - Role + rules + few‑shot examples  
  - Two‑stage pipeline: (1) technical critique (code model) → (2) empathetic rewrite (chat model)
- **Clarity & Structure (25%)**  
  - Returns **structured JSON** (`summary`, `suggestions`, `positive_notes`, `severity`, `links`)
- **Functionality (20%)**  
  - Works with **HuggingFace Inference** (OpenAI‑compatible or native)  
  - Multi‑model support + graceful fallbacks
- **Polish / Stand‑out (10%)**  
  - Severity tagging, doc links, optional auto‑format via `black`

---

## 📦 What’s inside

- **Section 1** — Install & Imports  
- **Section 2** — Config (tokens, models, switches)  
- **Section 3** — I/O schema + helpers  
- **Section 4** — Prompt templates (few‑shot)  
- **Section 5** — Multi‑LLM wrappers (HF router + native)  
- **Section 6** — Review pipeline (technical → empathy → JSON)  
- **Section 7** — Examples & quick tests  
- **Section 8** — Optional: UI cell & export

> ⚠️ **Note:** This notebook ships with *no code executed*. Run it in your environment.


## 1) Install & Imports

In [1]:

# If running on Colab, uncomment:
!pip -q install huggingface_hub openai pydantic black==24.4.2

import os
import json
import textwrap
from typing import List, Dict, Any, Optional

from pydantic import BaseModel, Field

# Optional (only used if you enable auto-formatting)
from black import format_str, FileMode


[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m77.1/77.1 kB[0m [31m1.7 MB/s[0m eta [36m0:00:00[0m
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m1.8/1.8 MB[0m [31m15.8 MB/s[0m eta [36m0:00:00[0m
[?25h

## 2) Config — Tokens, Models, Switches

In [24]:
# === Required: HuggingFace token ===
HF_TOKEN = os.getenv("HF_TOKEN", "YOUR_HF_TOKEN_HERE")  # <-- Replace or set env var in Colab: %env HF_TOKEN=xxx

# === Choose models (OSS GPT-like on HuggingFace) ===
# Use OpenAI-compatible chat via HF Router (recommended for chat-style models)
OPENAI_COMPAT_BASE = "https://router.huggingface.co/v1"
CHAT_MODEL = "meta-llama/Meta-Llama-3-8B-Instruct:groq"   # empathetic rewrite / final answer

# Technical/code model (optionally also chat; you can use a code-specialized model)
CODE_MODEL = "openai/gpt-oss-120b:groq"  # technical critique

# Optional: Native text-generation endpoint (if you prefer huggingface_hub client for some models)
# e.g., "tiiuae/falcon-7b-instruct" or "openchat/openchat-3.5"
NATIVE_TXTGEN_MODEL = "tiiuae/falcon-7b-instruct"  # used only if you set USE_NATIVE_TXTGEN=True
USE_NATIVE_TXTGEN = False  # keep False if using OpenAI-compatible route for both

# Safety: basic max tokens/temperature defaults
MAX_NEW_TOKENS = 512
TEMPERATURE = 0.2

assert HF_TOKEN and HF_TOKEN != "YOUR_HF_TOKEN_HERE", "Please set HF_TOKEN (env or above)."

## 3) I/O Schema & Small Utilities

In [25]:

class ReviewInput(BaseModel):
    code_snippet: str = Field(..., description="Source code to review")
    review_comments: List[str] = Field(default_factory=list, description="Optional reviewer comments")

class ReviewJSON(BaseModel):
    summary: str
    suggestions: List[str]
    positive_notes: List[str]
    severity: str  # one of: minor, moderate, major
    links: List[str]


DOC_LINKS_MAP = {
    "pep8": "https://peps.python.org/pep-0008/",
    "typing": "https://docs.python.org/3/library/typing.html",
    "exceptions": "https://docs.python.org/3/tutorial/errors.html",
    "asyncio": "https://docs.python.org/3/library/asyncio.html",
    "fastapi": "https://fastapi.tiangolo.com/",
    "sql": "https://use-the-index-luke.com/",
    "sql_injection": "https://owasp.org/www-community/attacks/SQL_Injection",
    "security": "https://owasp.org/www-project-top-ten/",
    "python_list_comprehension": "https://docs.python.org/3/tutorial/datastructures.html#list-comprehensions",
    "naming_conventions": "https://peps.python.org/pep-0008/#naming-conventions"
}


def guess_severity(text: str) -> str:
    t = text.lower()
    if any(k in t for k in ["security", "injection", "race condition", "privilege", "leak"]):
        return "major"
    if any(k in t for k in ["logic error", "incorrect result", "bug", "exception"]):
        return "moderate"
    return "minor"

def infer_links(text: str) -> List[str]:
    t = text.lower()
    links = []
    for key, url in DOC_LINKS_MAP.items():
        if key in t:
            links.append(url)
    # de-duplicate
    return list(dict.fromkeys(links))

def to_markdown_block(json_obj: Dict[str, Any]) -> str:
    return "```json\n" + json.dumps(json_obj, indent=2, ensure_ascii=False) + "\n```"


## 4) Prompt Templates (Few‑shot, Role & Rules)

In [26]:

TECH_REVIEW_PROMPT = lambda code, comments: f"""You are a **senior code reviewer** focusing on **technical correctness, safety, performance, and readability**.
Analyze the code and the comments. Return a **technical critique** only — no tone softeners.
Be specific and show **small code suggestions** inline if useful.
First, see an example:

Code:
```python
def get_active_users(users):
    results = []
    for u in users:
        if u.is_active == True and u.profile_complete == True:
            results.append(u)
    return results
```

Comments:
"This is inefficient. Don't loop twice conceptually."

Expected Technical Critique Output:

Key issues:

    Inefficient iteration and redundant boolean checks.

Why they matter:

    Inefficient iteration can slow performance on large datasets.

Minimal fix suggestions:
```python
    def get_active_users(users):
        return [u for u in users if u.is_active and u.profile_complete]
```
Now review the following code and comments:

Code:
```python
{code}
```

Comments:
{comments}

Output:
- Key issues (bulleted)
- Why they matter (one line each)
- Minimal fix suggestions (with tiny code snippets if needed)
"""

EMPATHY_REWRITE_PROMPT = lambda critique: f"""You are an **empathetic senior developer** writing feedback to a junior teammate.
Rewrite the following technical critique into a **supportive, constructive review**.
Keep it concise, kind, and specific. Start with one **genuine positive note**.
Use **we/us** language, and propose **clear next steps**.
First, see an example:

Technical critique:

Key issues:

    Inefficient iteration.

Why they matter:

    Performance impact for large datasets.

Minimal fix suggestions:
    def get_active_users(users):
        return [u for u in users if u.is_active and u.profile_complete]

Expected Empathetic Rewrite JSON:
{{
 "summary": "Great start! Let's make this more efficient.",
 "suggestions": ["Use a list comprehension to combine checks."],
 "positive_notes": ["Good initial structure."],
 "severity": "minor",
 "links": ["https://docs.python.org/3/tutorial/datastructures.html#list-comprehensions"]
}}
Now rewrite the following technical critique into JSON with the same structure. Preserve all critical risks.
If severity is 'major', clearly explain the risk and urgency.


Technical critique:
{critique}

Return JSON with fields:
- summary (1-2 sentences)
- suggestions (array of short, actionable items)
- positive_notes (1-3 items)
- severity (minor | moderate | major)  # pick based on overall impact
- links (relevant docs if any)
"""


## 5) LLM Wrappers — HuggingFace Router (OpenAI‑compatible) & Native

In [27]:

# --- Option A: OpenAI-compatible chat endpoint via HuggingFace Router ---
from openai import OpenAI

def call_hf_chat(model: str, messages: List[Dict[str, str]], temperature: float = TEMPERATURE, max_new_tokens: int = MAX_NEW_TOKENS) -> str:
    client = OpenAI(base_url=OPENAI_COMPAT_BASE, api_key=HF_TOKEN)
    resp = client.chat.completions.create(
        model=model,
        messages=messages,
        temperature=temperature,
        max_tokens=max_new_tokens,
    )
    return resp.choices[0].message.content

# --- Option B: Native huggingface_hub text-generation (non-chat) ---
from huggingface_hub import InferenceClient

_native_client = None
def call_hf_native(prompt: str, model: str = None, temperature: float = TEMPERATURE, max_new_tokens: int = MAX_NEW_TOKENS) -> str:
    global _native_client
    model = model or NATIVE_TXTGEN_MODEL
    if _native_client is None:
        _native_client = InferenceClient(model=model, token=HF_TOKEN)
    return _native_client.text_generation(
        prompt=prompt,
        temperature=temperature,
        max_new_tokens=max_new_tokens,
        do_sample=False,
        return_full_text=False,
    )


## 6) Review Pipeline — Technical → Empathy → JSON

In [31]:
def run_technical_review(inp: ReviewInput) -> str:
    prompt = TECH_REVIEW_PROMPT(inp.code_snippet, "\n".join(inp.review_comments) or "(no comments)")

    try:
        critique = call_hf_chat(
            model=CODE_MODEL,
            messages=[
                {"role": "system", "content": "You are a terse, highly technical code reviewer. Be specific about what's wrong and how to fix it."},
                {"role": "user", "content": prompt},
            ],
        )
        return critique
    except Exception as e:
        if USE_NATIVE_TXTGEN:
            return call_hf_native(prompt, model=NATIVE_TXTGEN_MODEL)
        raise e

def run_empathy_rewrite(critique_text: str) -> ReviewJSON:
    sev_from_tech = guess_severity(critique_text)
    links_from_tech = infer_links(critique_text)

    prompt = f"""{EMPATHY_REWRITE_PROMPT(critique_text)}
CRITICAL: You must rewrite the EXACT technical issues mentioned above.
Do NOT use generic suggestions like "add tests".
Extract the specific problems and fixes from the critique and rewrite them empathetically.
Return ONLY valid JSON with no extra text."""

    try:
        out = call_hf_chat(
            model=CHAT_MODEL,
            messages=[
                {"role": "system", "content": "You are a kind senior developer. Rewrite technical critiques empathetically while preserving ALL specific technical details. Return only valid JSON."},
                {"role": "user", "content": prompt},
            ],
            temperature=0.1,
        )

        # Clean the output - remove any markdown formatting
        out = out.strip()

        # Handle opening code block markers
        if out.startswith("```json"):
            out = out[7:]  # Remove ```json
        elif out.startswith("```"):
            # Find the first newline after opening backticks
            first_newline = out.find('\n')
            if first_newline != -1:
                out = out[first_newline + 1:]
            else:
                out = out[3:]  # Just remove the backticks

        # Handle closing code block markers
        if out.endswith("```"):
            out = out[:-3]

        out = out.strip()

        data = json.loads(out)

    except Exception as e:
        print(f"JSON parsing failed: {e}")
        print(f"Raw output: {out}")

        # Enhanced fallback that extracts from critique instead of using generic text
        lines = critique_text.split('\n')

        # Extract specific issues from technical critique
        issues = []
        fixes = []

        for line in lines:
            line = line.strip()
            if line.startswith('-') or line.startswith('*'):
                if 'fix' in line.lower() or 'suggest' in line.lower():
                    fixes.append(line.strip('- *').strip())
                else:
                    issues.append(line.strip('- *').strip())

        # Create meaningful suggestions based on the actual critique
        if not fixes and not issues:
            # Last resort - but still try to be specific
            if 'docstring' in critique_text.lower():
                fixes = ["Add a docstring to document the function's purpose"]
            elif 'division' in critique_text.lower() and 'zero' in critique_text.lower():
                fixes = ["Add error handling for division by zero"]
            elif 'sql' in critique_text.lower() and 'injection' in critique_text.lower():
                fixes = ["Use parameterized queries to prevent SQL injection"]
            else:
                fixes = ["Address the technical issues mentioned in the review"]

        data = {
            "summary": f"Let's improve this code together! {issues[0] if issues else 'There are some areas we can enhance.'}",
            "suggestions": fixes[:3] if fixes else ["Consider the feedback provided"],
            "positive_notes": ["Good foundational structure", "Shows understanding of the basic concept"],
            "severity": sev_from_tech,
            "links": links_from_tech,
        }

    # Ensure severity and links are properly set
    data["severity"] = data.get("severity") or sev_from_tech
    data["links"] = list(dict.fromkeys((data.get("links") or []) + links_from_tech))

    # Add severity-appropriate prefix
    tone_prefix = {
        "major": "⚠️ This is a critical issue and must be addressed immediately.",
        "moderate": "This needs attention soon to prevent future problems.",
        "minor": "This is a small improvement for future code quality."
    }

    if "summary" in data and not data["summary"].startswith("⚠️") and not data["summary"].startswith("This"):
        data["summary"] = f"{tone_prefix[data['severity']]} {data['summary']}"

    return ReviewJSON(**data)

def review_code(input_json: Dict[str, Any]) -> ReviewJSON:
    inp = ReviewInput(**input_json)

    # Step 1: Get technical critique
    critique = run_technical_review(inp)
    print(f"Technical critique: {critique[:200]}...")  # Debug output

    # Step 2: Rewrite empathetically
    result = run_empathy_rewrite(critique)
    return result


def holistic_summary(output_obj: ReviewJSON) -> str:
    return (
        f"Overall, your code shows {', '.join(output_obj.positive_notes)}. "
        f"Addressing the above {len(output_obj.suggestions)} points will greatly "
        "improve quality, maintainability, and overall security."
    )

## 7) Examples — Ready to Run

In [32]:

# Example inputs you can use immediately in Colab:

example_1 = {
    "code_snippet": "def add(a,b):\n    return a-b",
    "review_comments": ["Function name suggests addition but subtracts instead.", "Consider adding type hints."]
}


# To run in Colab:
output = review_code(example_1)
print(output)



Technical critique: **Key issues**
- Function body performs subtraction (`a - b`) while the name `add` implies addition.  
- No type hints; callers cannot know expected argument types or return type.  
- No docstring or ...
summary="This is a small improvement for future code quality. Great start! Let's refine the function to ensure accurate and reliable results." suggestions=["Use a more accurate name for the function, such as `sum` or `add_numbers`. Add type hints for `a` and `b` to ensure correct argument types. Include a docstring to explain the function's purpose and behavior."] positive_notes=["Good initial structure, but let's make it more robust."] severity='minor' links=['https://docs.python.org/3/tutorial/introduction.html#types']


In [33]:
from IPython.display import Markdown; Markdown(to_markdown_block(output.model_dump()))

```json
{
  "summary": "This is a small improvement for future code quality. Great start! Let's refine the function to ensure accurate and reliable results.",
  "suggestions": [
    "Use a more accurate name for the function, such as `sum` or `add_numbers`. Add type hints for `a` and `b` to ensure correct argument types. Include a docstring to explain the function's purpose and behavior."
  ],
  "positive_notes": [
    "Good initial structure, but let's make it more robust."
  ],
  "severity": "minor",
  "links": [
    "https://docs.python.org/3/tutorial/introduction.html#types"
  ]
}
```

In [34]:

# Example inputs you can use immediately in Colab:


example_2 = {
    "code_snippet": "import asyncio\n\nasync def fetch(u, s):\n    return (await s.get(u)).status\n\nprint(asyncio.run(fetch('https://x.com', None)))",
    "review_comments": ["This will fail: passing None for session.", "Consider context manager and timeout handling."]
}


# To run in Colab:
output = review_code(example_2)
print(output)



Technical critique: **Key issues**

- **`None` passed as `s` (session) leads to `AttributeError`** when `s.get` is called.  
- **No HTTP client library imported**; `s` is expected to be an `aiohttp.ClientSession` or simi...
JSON parsing failed: Expecting value: line 1 column 1 (char 0)
Raw output: Here is the rewritten technical critique in JSON format:

{
  "summary": "Great start! Let's improve the reliability and performance of this code.",
  "suggestions": [
    "Create a real `ClientSession` with a timeout to prevent hanging requests.",
    "Wrap the session in an async context manager to guarantee cleanup and prevent resource leaks.",
    "Use `await resp` and return `resp.status` (or the full response if needed) to avoid misleading function behavior.",
    "Encapsulate execution in `main()` and guard with `if __name__ == '__main__':` to make the code reusable as a library."
  ],
  "positive_notes": [
    "Good initial structure, with clear separation of concerns."
  ],
  "severi

In [35]:
from IPython.display import Markdown; Markdown(to_markdown_block(output.model_dump()))

```json
{
  "summary": "⚠️ This is a critical issue and must be addressed immediately. Let's improve this code together! Key issues",
  "suggestions": [
    "Minimal fix suggestions"
  ],
  "positive_notes": [
    "Good foundational structure",
    "Shows understanding of the basic concept"
  ],
  "severity": "major",
  "links": [
    "https://docs.python.org/3/library/asyncio.html"
  ]
}
```

In [36]:
example_severe = {
    "code_snippet": """import sqlite3

def login(username, password):
    conn = sqlite3.connect('users.db')
    cursor = conn.cursor()
    # BAD: vulnerable to SQL injection
    query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'"
    cursor.execute(query)
    result = cursor.fetchone()
    conn.close()
    if result:
        print("Login successful!")
    else:
        print("Invalid credentials.")

# Hardcoded admin login for testing
login('admin', 'admin123')
""",
    "review_comments": [
        "This code is vulnerable to SQL injection.",
        "Never hardcode passwords in source code.",
        "Use parameterized queries and environment variables for sensitive data."
    ]
}
output = review_code(example_severe)
print(output)

Technical critique: **Key issues**

- **SQL injection vulnerability** – the query is built by string interpolation with user‑supplied values.  
- **Plain‑text password handling** – passwords are stored and compared in cl...
JSON parsing failed: Expecting value: line 1 column 1 (char 0)
Raw output: Here is the rewritten technical critique in JSON format:

{
  "summary": "Great effort! Let's address these critical security concerns to ensure our code is robust and secure.",
  "suggestions": [
    "Use parameterized queries to prevent SQL injection",
    "Implement password hashing and salting",
    "Remove hard-coded credentials and use environment variables instead",
    "Encrypt the SQLite file and implement access control",
    "Close database connections and cursors properly to avoid resource leaks"
  ],
  "positive_notes": [
    "Good start on the login function"
  ],
  "severity": "major",
  "links": [
    "https://docs.python.org/3/library/sqlite3.html#sqlite3.Cursor.execute",
   

In [37]:
from IPython.display import Markdown; Markdown(to_markdown_block(output.model_dump()))

```json
{
  "summary": "⚠️ This is a critical issue and must be addressed immediately. Let's improve this code together! Key issues",
  "suggestions": [
    "Minimal fix suggestions"
  ],
  "positive_notes": [
    "Good foundational structure",
    "Shows understanding of the basic concept"
  ],
  "severity": "major",
  "links": [
    "https://use-the-index-luke.com/"
  ]
}
```

## 8) Simple UI Cell & Export to JSON

In [None]:

# --- Simple text UI (uncomment in Colab) ---
from IPython.display import Markdown, display
user_code = '''def greet(name):\n    print("Hello"+name)'''
user_comments = ["Missing space in greeting.", "Consider returning string instead of printing."]
payload = {"code_snippet": user_code, "review_comments": user_comments}
res = review_code(payload)
display(Markdown(to_markdown_block(res.model_dump())))

# --- Export helper ---
def save_review_to_file(review: ReviewJSON, path: str = "review_output.json"):
    with open(path, "w", encoding="utf-8") as f:
        json.dump(review.model_dump(), f, indent=2, ensure_ascii=False)
    return path

# Example (in Colab):
out = review_code(example_severe)
save_review_to_file(out, "review_output.json")


## 9) Export to Markdown

In [22]:
def save_review_md(review: ReviewJSON, path="review_output.md"):
    with open(path, "w", encoding="utf-8") as f:
        f.write(to_markdown_block(review.model_dump()) + "\n\n" + holistic_summary(review))
    return path


In [38]:
# --- Demo: Minor, Moderate, Major ---
examples = [
    {
        "name": "Minor",
        "data": {
            "code_snippet": "def greet(name):\n    print(f'Hello, {name}')",
            "review_comments": ["Consider adding a docstring."]
        }
    },
    {
        "name": "Moderate",
        "data": {
            "code_snippet": "def divide(a, b):\n    return a / b",
            "review_comments": ["No handling for division by zero."]
        }
    },
    {
        "name": "Major",
        "data": example_severe  # from your SQL injection example
    }
]

from IPython.display import Markdown, display

for ex in examples:
    print(f"\n### {ex['name']} Severity Example\n")
    out = review_code(ex["data"])
    display(Markdown(to_markdown_block(out.model_dump())))
    print(holistic_summary(out))
    save_review_md(out, f"review_{ex['name'].lower()}.md")



### Minor Severity Example

Technical critique: **Key issues**
- No docstring – lacks documentation for users and tools (e.g., Sphinx, IDEs).  
- No type hints – reduces static‑analysis usefulness and readability.  
- Function prints directly – mak...


```json
{
  "summary": "This is a small improvement for future code quality. Great start! Let's improve the function's maintainability and usability.",
  "suggestions": [
    "Add a docstring to provide documentation for users and tools.",
    "Use type hints to enable static type checking and improve readability.",
    "Return the greeting string instead of printing it directly.",
    "Add input validation to prevent unexpected exceptions."
  ],
  "positive_notes": [
    "Good initial structure."
  ],
  "severity": "minor",
  "links": [
    "https://docs.python.org/3/tutorial/docstrings.html",
    "https://docs.python.org/3/tutorial/controlflow.html#type-hints",
    "https://docs.python.org/3/tutorial/errors.html",
    "https://owasp.org/www-project-top-ten/"
  ]
}
```

Overall, your code shows Good initial structure.. Addressing the above 4 points will greatly improve quality, maintainability, and overall security.

### Moderate Severity Example

Technical critique: **Key issues**
- No check for division by zero → raises `ZeroDivisionError` at runtime.
- No type validation → non‑numeric inputs cause `TypeError` or unexpected behavior.
- No documentation of expect...


```json
{
  "summary": "This is a small improvement for future code quality. Great start! Let's make this function more robust and maintainable.",
  "suggestions": [
    "Add type validation to ensure numeric inputs",
    "Implement a check for division by zero and raise a ValueError",
    "Document expected types and behavior with a docstring"
  ],
  "positive_notes": [
    "Good initial structure"
  ],
  "severity": "minor",
  "links": [
    "https://docs.python.org/3/tutorial/errors.html#raising-exceptions",
    "https://docs.python.org/3/tutorial/types.html#numeric-types",
    "https://docs.python.org/3/tutorial/errors.html",
    "https://owasp.org/www-project-top-ten/"
  ]
}
```

Overall, your code shows Good initial structure. Addressing the above 3 points will greatly improve quality, maintainability, and overall security.

### Major Severity Example

Technical critique: **Key issues**

- **SQL injection vulnerability** – the query is built by string interpolation with user‑supplied values.  
- **Plain‑text password handling** – passwords are stored and compared in cl...
JSON parsing failed: Expecting value: line 1 column 1 (char 0)
Raw output: Here is the rewritten technical critique in JSON format:

{
  "summary": "Great effort! Let's address these critical security concerns to ensure our code is robust and secure.",
  "suggestions": [
    "Use parameterized queries to prevent SQL injection",
    "Implement password hashing and salting",
    "Remove hard-coded credentials and use environment variables instead",
    "Encrypt the SQLite file and use access control",
    "Close database connections and cursors properly",
    "Use a secure password hashing algo

```json
{
  "summary": "⚠️ This is a critical issue and must be addressed immediately. Let's improve this code together! Key issues",
  "suggestions": [
    "Minimal fix suggestions"
  ],
  "positive_notes": [
    "Good foundational structure",
    "Shows understanding of the basic concept"
  ],
  "severity": "major",
  "links": [
    "https://use-the-index-luke.com/"
  ]
}
```

Overall, your code shows Good foundational structure, Shows understanding of the basic concept. Addressing the above 1 points will greatly improve quality, maintainability, and overall security.
