Agentic approach

[vineeshah]

• Replaces the OpenAI diff-only review with a full agentic approach running inside an isolated E2B microVM
• Agent clones the PR's repo (shallow, branch-only), explores the codebase using a bash tool (grep, git, cat, linters, etc.), and posts up to 3 inline or overall comments(can work around the prompt and quality of comments)
• Uses claude-haiku-4-5 as its main model(can experiment and change later).

[sce-pr-review-bot]

[CRITICAL] review.py (line 244): Invalid OpenAI model name 'gpt-4.1-mini'. This model does not exist. Use 'gpt-4o-mini' or 'gpt-4-turbo' instead. This will cause API errors during the consolidation pass.

[sce-pr-review-bot]

[CRITICAL] review.py (line 244): Invalid model name 'gpt-4.1-mini' used in OpenAI API call. This model does not exist. Should be 'gpt-4-turbo' or 'gpt-4o-mini'. This will cause runtime failures when the code attempts to call the OpenAI API. Same issue appears on line 319.

[sce-pr-review-bot]

[HIGH] Semaphore resource leak: acquired is initialized to False but only released if it remains False. If acquire() returns True or raises an exception, the semaphore may never be released due to the early return statements on lines 42 and 46. The semaphore should only be released if acquire() succeeded.

[sce-pr-review-bot]

[HIGH] Security concern: Passing GITHUB_TOKEN via environment variable to subprocess with shell=True (line 18) in run_bash() is a vulnerability vector. Although safe_env is used to strip most env vars, the function signature doesn't prevent callers from modifying env. Additionally, running arbitrary git/bash commands with token access could enable exfiltration despite the stated intent to prevent prompt injection.