Implement code review feature

[xueyulinn]

Summary

This PR adds the initial PR code review agent workflow. It introduces a CodeHawky code review agent that can inspect pull request context, use GitHub-backed tools for additional file context, produce structured review output,
and submit a GitHub pull request review.

It also adds process-level caching for GitHub installation tokens and performs related cleanup around GitHub auth, service naming, and PR prompt payloads.

Type of Change

• Bug fix
• New feature
• Refactor
• Documentation
• Test
• CI/CD
• Chore

Changes Made

• Added codehawk/agents/code_review_agent.py for PR code review generation.
• Added PR_CODE_REVIEW_SYSTEM_PROMPT to guide the code review agent with GPT-5.5-oriented instructions.
• Added codehawk/services/pull_request_review.py to run the full PR code review workflow from webhook payloads.
• Updated the GitHub handler to run code review on opened pull request events.
• Added GitHub client support for:
  • fetching full repository file content
  • creating pull request reviews
  • retrieving PR info via get_pr_info
• Added process-level GitHub installation token caching in codehawk/github/token_cache.py.
• Updated services to use cached token retrieval via get_installation_token.
• Moved webhook signature verification into GitHub auth.
• Removed low-value commit metadata fields from PR prompt DTOs:
  • authored_at
  • committed_at
  • comment_count
• Renamed pull_request_summary_service.py to pull_request_summary.py.
• Updated tests and imports after auth and service refactors.

How to Test

Run:

python -m py_compile codehawk/agents/code_review_agent.py codehawk/github/client.py codehawk/services/pull_request_review.py
ruff check codehawk
pytest

Verified locally:

pytest: 7 passed

## Checklist

- [x] Code builds successfully
- [ ] Tests added or updated
- [x] Existing tests pass
- [ ] Documentation updated if needed
- [x] No secrets or sensitive data included
- [x] Breaking changes documented

## Breaking Changes

No external breaking changes expected.

Internal import paths changed because codehawk/services/pull_request_summary_service.py was renamed to codehawk/services/pull_request_summary.py.

[codehawky]

Summary by CodeHawky

Status

• Summary type: full_pr_summary
• Current head: c9a46bc718eea30cdae60df5a402c73bfd29705f
• Generated at: 2026-05-07T02:13:50.459484+00:00

Summary

• Adds an initial PR code review workflow: codehawk/agents/code_review_agent.py, PR_CODE_REVIEW_SYSTEM_PROMPT, and codehawk/services/pull_request_review.py.
• Updates the GitHub webhook handler so pull_request.opened now runs both full PR summary generation and PR code review submission.
• Extends GitHub integration with PR review creation, full file content retrieval, renamed get_pr_info, PR files pagination, and process-level installation token caching.
• Refactors related auth/service structure: moves webhook signature verification into codehawk/github/auth.py, removes codehawk/github/verify.py, renames pull_request_summary_service.py to pull_request_summary.py, and trims commit prompt DTO fields.

Risk

• Medium — this introduces a new webhook-triggered GitHub side effect that creates PR reviews, plus auth/token caching and client API changes; failures could affect opened-PR handling or GitHub API interactions.

Review Path

1. Review codehawk/handlers/github_handler.py and codehawk/services/pull_request_review.py to confirm when and how reviews are generated/submitted.
2. Review codehawk/agents/code_review_agent.py and codehawk/agents/prompts.py for prompt construction, structured output schema, and tool usage.
3. Review codehawk/github/client.py for new GitHub API calls, request shapes, pagination behavior, and renamed get_pr_info usage.
4. Review codehawk/github/auth.py, codehawk/github/token_cache.py, and the deleted verify.py path for auth behavior and cache expiry semantics.
5. Review DTO/prompt cleanup and import rename fallout in pull_request_dto.py, pr_summary_agent.py, pull_request_summary.py, and tests.

Open Questions

• Test coverage for the new review workflow, GitHub client methods, and token cache is not clear from the provided changed test files.

[codehawky]

The implementation introduces an automated code review feature, restructures service naming and authentication workflows, and adds related tests and refactoring. There are no detectably blocking correctness, security, regression, or workflow issues based on the provided patches. The process-level GitHub token cache is properly scoped and includes expiry safety. Auth, handler connections, and service orchestration adapt to the new flow as expected. Tests reflect the changes, and references to removed/changed fields and files have been updated accordingly. No actionable inline concerns were identified from the evidence provided. The code is safe to merge.

[codehawky]

Summary by CodeHawky

Status

• Summary type: incremental_pr_summary
• Current head: e4b07ce7f40d2c990b5cdb42ecda6282bd980377
• Generated at: 2026-05-07T02:22:50.900729+00:00

Summary

• Restricts PRReviewOutput.event in codehawk/agents/code_review_agent.py to only REQUEST_CHANGES or COMMENT, removing APPROVE as an allowed review event.
• Updates review prompt guidance in codehawk/agents/prompts.py so the agent never approves PRs and uses neutral COMMENT reviews when no actionable issues are found.

Risk

• Low, because the change is small and localized, but it intentionally changes agent output semantics by eliminating approval reviews.

Review Path

1. Review codehawk/agents/code_review_agent.py to confirm the Literal type restriction matches the intended allowed GitHub review events.
2. Review codehawk/agents/prompts.py to verify the prompt language consistently directs neutral comments instead of approvals.
3. Check any downstream assumptions that may expect APPROVE from PRReviewOutput.event.