feat(releasekit): genkit.ai

[yesudeep]

Summary

Introduces Genkit AI integration for release intelligence, multi-channel release announcements, enhanced security (secret redaction, Aho-Corasick word filter, hardened XML parsing), and comprehensive documentation and slide updates.

---

Highlights

🤖 AI-Powered Release Intelligence (Genkit)

• ai.py — Genkit integration layer: model resolution with Ollama-first fallback chain (ollama → google-genai → vertex-ai), structured output via Pydantic schemas
• summarize.py — AI-generated release summaries: changelog analysis, breaking change detection, migration guide generation
• codename.py — Themed release codenames (mountains, animals, space, etc.) generated via Genkit ai.generate()
• schemas_ai.py — Pydantic models for ReleaseStats, ReleaseSummary, Codename with strict validation
• prompts.py + .prompt files — Dotprompt-style templates for summarization and codename generation
• config.py — AI configuration: model selection, temperature, fallback chains, [tool.releasekit.ai] TOML config with per-feature toggles (summarize, codename, enhance, detect_breaking, announce, tailor_announce, migration_guide, draft_advisory, ai_hints)
• CLI integration — releasekit prepare runs AI by default; --no-ai to disable; --model to override

📢 Multi-Channel Release Announcements

• announce.py — Fire-and-forget release announcements to 7 channels: Slack, Discord, Microsoft Teams, IRC, Twitter/X, LinkedIn, and custom webhooks
• Template system — ${version}, ${packages}, ${count}, ${url} placeholders with per-event templates (release vs rollback)
• Per-group/per-package overrides — Different webhook URLs and templates for different package groups
• AI-tailored announcements — ai.features.announce and ai.features.tailor_announce flags for AI-generated per-channel messages (falls back to templates when disabled or AI fails)
• Rollback announcements — Automatic rollback notifications via releasekit rollback

🔐 Security & Safety

• _wordfilter.py — Aho-Corasick automaton for O(n) blocked-word detection in AI-generated content (973-line test suite)
• logging.py — Secret redaction in structured logs with minimum-length guard (≥8 chars) to prevent over-redaction
• Hardened XML parsing — Centralized _safe_parse() / _safe_fromstring() helpers in clojure.py to mitigate XXE
• GitHub Actions injection fix — Replaced ${{ inputs.* }} interpolation in run: blocks with env: variables in both action.yml copies
• Ollama server timeout — Added explicit failure check after 30s readiness loop in setup-ollama action
• Robust shell quoting — Replaced string-concat EXTRA_FLAGS with bash arrays in setup-releasekit action

🧩 Clojure Workspace Backend

• _edn.py — Complete EDN/Clojure reader: zero-dependency, pure-Python streaming parser covering the full EDN spec + Clojure reader extensions (713 lines, 1,129-line test suite)
• clojure.py — ClojureWorkspace implementing the Workspace protocol: deps.edn (tools.deps), project.clj (Leiningen), pom.xml (Maven) support with version rewriting

📊 Documentation & Slides

• Presentation overhaul (docs/slides/index.html):
  • New "Why ReleaseKit?" slide — problem-first philosophy, Genkit-as-a-brand narrative
  • "vs. Alternatives" comparison split into 2 slides (9 capabilities × 4 competitors)
  • Enterprise & Fortune 500 impact data with watchdog dependents table (254K+ repos)
  • Hyperlinks throughout: SLSA, Sigstore, PyPI, Conventional Commits, Ollama, Pydantic, OpenSSF
• Updated counts across all docs: 33→35 checks, 17→19 fixers, 25→27 auto-fixable
• New docs: per-package-config.md, compliance.md, config-file.md, release-workflow-migration.md
• Updated: competitive-gap-analysis.md, roadmap.md, README.md, GEMINI.md

🔧 CI & GitHub Actions

• Reusable composite actions: run-releasekit, setup-releasekit, setup-ollama
• Ecosystem workflow templates: releasekit-uv.yml, releasekit-cargo.yml, releasekit-dart.yml, releasekit-go.yml, releasekit-gradle.yml, releasekit-pnpm.yml, releasekit-rollback.yml
• bin/lint — Added Pyrefly and Ty type checkers alongside Pyright

🧪 Testing

• New test suites: rk_edn_test.py (1,129 lines), rk_wordfilter_test.py (973 lines), rk_codename_test.py (328 lines), rk_ai_config_test.py (385 lines), rk_schemas_ai_test.py (118 lines), rk_prompts_test.py (73 lines), rk_ai_resolve_test.py (106 lines)
• Expanded: rk_logging_test.py, rk_security_test.py, rk_checks_test.py, rk_validation_test.py
• Fixed Pyrefly type errors: cast() for EDN state, dict[str, object] annotations in Clojure tests, Pydantic constraint suppression

📦 Other

• Python pyproject.toml checks — typing_classifier and keywords_and_urls checks + fixers via tomlkit
• Conform test harness — setup.sh for plugin conformance testing
• blocked_words.txt — Curated blocklist for AI content safety

[gemini-code-assist]

Summary of Changes

Hello @yesudeep, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a suite of AI-powered features to ReleaseKit, leveraging the Genkit Python SDK to automate and enhance the release process. Key capabilities include generating structured release notes and creative codenames, all while incorporating robust safety guardrails and flexible configuration options. This significantly upgrades ReleaseKit's intelligence, making it a production-ready dogfooding application for Genkit.

Highlights

• AI-Powered Release Notes: Introduced AI-powered release notes generation using Genkit, providing structured summaries of changelogs.
• AI-Generated Release Codenames: Implemented AI-generated release codenames with 28 curated themes and history tracking.
• 3-Layer AI Safety Guardrails: Established a 3-layer AI safety guardrail system for codenames, including prompt rules, curated themes, and post-generation blocklists.
• Genkit Integration and Model Fallback: Integrated Genkit as a core dependency, enabling a model fallback chain (Ollama -> Google GenAI) and content-hash caching for AI outputs.
• Flexible AI Configuration: Added CLI flags and configuration options (releasekit.toml, environment variables) for fine-grained control over AI features, including a global --no-ai switch.
• Updated Documentation and Workflows: Updated documentation and GitHub Actions workflows across multiple ecosystems to support and configure the new AI capabilities.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• py/tools/releasekit/README.md
  • Updated the README to document new AI-powered features, including release notes, codenames, and safety guardrails, and increased the reported test count.
• py/tools/releasekit/action.yml
  • Introduced new inputs for GitHub Actions to control AI features, including disabling AI, overriding the AI model, and setting the codename theme.
• py/tools/releasekit/docs/docs/ai-release-notes-plan.md
  • Revised the AI release notes plan to reflect Genkit as a core dependency, AI features being on by default, and detailed implementation tasks for AI summarization and codenames.
• py/tools/releasekit/docs/docs/competitive-gap-analysis.md
  • Expanded the competitive gap analysis to include ReleaseKit's new AI-powered features as key differentiators.
• py/tools/releasekit/docs/docs/roadmap.md
  • Marked "Phase 10: AI Release Notes" as complete on the roadmap, detailing the implemented components and adding a new phase for AI documentation.
• py/tools/releasekit/docs/docs/slides/index.html
  • Updated presentation slides to reflect the new AI-powered release orchestration capabilities, Genkit integration, and AI feature details.
• py/tools/releasekit/github/workflows/releasekit-cargo.yml
  • Added inputs and secrets to the GitHub Actions workflow to support AI feature configuration and API key access.
• py/tools/releasekit/github/workflows/releasekit-dart.yml
  • Added inputs and secrets to the GitHub Actions workflow to support AI feature configuration and API key access.
• py/tools/releasekit/github/workflows/releasekit-go.yml
  • Added inputs and secrets to the GitHub Actions workflow to support AI feature configuration and API key access.
• py/tools/releasekit/github/workflows/releasekit-gradle.yml
  • Added inputs and secrets to the GitHub Actions workflow to support AI feature configuration and API key access.
• py/tools/releasekit/github/workflows/releasekit-pnpm.yml
  • Added inputs and secrets to the GitHub Actions workflow to support AI feature configuration and API key access.
• py/tools/releasekit/github/workflows/releasekit-rollback.yml
  • Refactored the rollback workflow to use workflow_call for improved reusability.
• py/tools/releasekit/github/workflows/releasekit-uv.yml
  • Added inputs and secrets to the GitHub Actions workflow to support AI feature configuration and API key access.
• py/tools/releasekit/pyproject.toml
  • Added Genkit and its Ollama and Google GenAI plugins as core project dependencies.
• py/tools/releasekit/src/releasekit/_wordfilter.py
  • Implemented an Aho-Corasick word filter for efficient, word-boundary-aware safety checking of text, such as AI-generated codenames.
• py/tools/releasekit/src/releasekit/ai.py
  • Introduced core AI integration logic, including lazy Genkit initialization, a model fallback chain for generate_with_fallback, and a function to resolve AI configuration from TOML, environment variables, and CLI flags.
• py/tools/releasekit/src/releasekit/cli.py
  • Added new global CLI arguments --no-ai, --model, and --codename-theme to control AI features and model selection.
• py/tools/releasekit/src/releasekit/codename.py
  • Implemented AI-powered release codename generation, including support for themed codenames, history tracking, and a 3-layer safety guardrail system.
• py/tools/releasekit/src/releasekit/config.py
  • Defined new AiConfig and AiFeaturesConfig dataclasses to manage AI settings, including model fallback chains, temperature, output tokens, codename themes, and per-feature toggles, and updated configuration parsing logic.
• py/tools/releasekit/src/releasekit/prompts.py
  • Provided prompt templates and helper functions for AI-powered release summarization and codename generation, establishing .prompt files as the source of truth for prompts.
• py/tools/releasekit/src/releasekit/prompts/codename.prompt
  • Added a new Genkit dotprompt file for AI-generated release codenames, incorporating theme, version, highlights, and previous codenames as inputs, along with strict safety rules.
• py/tools/releasekit/src/releasekit/prompts/summarize.prompt
  • Added a new Genkit dotprompt file for AI-powered changelog summarization, taking changelog text and release statistics as input.
• py/tools/releasekit/src/releasekit/schemas_ai.py
  • Defined Pydantic models ReleaseStats, ReleaseSummary, and ReleaseCodename to enforce structured output for AI-generated content.
• py/tools/releasekit/src/releasekit/summarize.py
  • Implemented AI-powered changelog summarization with content-hash caching and a model fallback mechanism to generate structured release summaries.
• py/tools/releasekit/tests/rk_ai_config_test.py
  • Added unit tests for the AiConfig and AiFeaturesConfig dataclasses and the _parse_ai function, verifying default values and validation logic.
• py/tools/releasekit/tests/rk_ai_resolve_test.py
  • Added unit tests for resolve_ai_config, ensuring correct merging of AI configuration from base settings, environment variables, and CLI flags.
• py/tools/releasekit/tests/rk_codename_test.py
  • Added comprehensive tests for AI-generated codename features, including schema validation, configuration parsing, prompt generation, codename history, and safety filtering.
• py/tools/releasekit/tests/rk_prompts_test.py
  • Added unit tests for the AI system and user prompt builders, verifying their content and structure.
• py/tools/releasekit/tests/rk_schemas_ai_test.py
  • Added unit tests for the Pydantic models ReleaseStats, ReleaseSummary, and ReleaseCodename, ensuring correct schema definition and data validation.
• py/tools/releasekit/tests/rk_wordfilter_test.py
  • Added extensive tests for the Aho-Corasick WordFilter implementation, covering construction, exact and prefix matching, word boundaries, and integration with the blocked_words.txt file.

Activity

• No human activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant set of AI-powered features to releasekit, including release note summarization and themed codename generation, powered by Genkit. The implementation is robust, featuring a resilient model fallback chain, content-hash caching for efficiency, and strong safety guardrails for generated content. The new features are well-documented across the README, design documents, and even a presentation slide deck. The test coverage for the new functionality is comprehensive, and the GitHub Actions workflows have been updated to support the new AI-related flags. The code is well-structured and follows best practices for AI integration, such as using Pydantic schemas for reliable structured output. I have one minor suggestion to fix some broken characters in the documentation.

[yesudeep]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces significant AI-powered features into the releasekit tool, leveraging Genkit. The changes are extensive, adding new functionality for AI-generated release notes, themed codenames, and a robust developer setup script for conformance testing. The implementation is well-structured, with new modules for AI integration, summarization, codename generation, and safety filtering. The PR also includes comprehensive documentation updates and new tests for all the added features. Overall, this is an excellent and well-thought-out feature addition.

[yesudeep]

/gemini review

[gemini-code-assist]

Code Review

The pull request introduces Genkit AI integration for release intelligence, including automated release summaries and themed codenames. It also adds a new Clojure workspace backend and enhances security with secret redaction in logs and an Aho-Corasick word filter for safety. The additions are well-structured and follow the project's polyglot architecture. However, there are some areas for improvement regarding fragile parsing of TOML and XML files, potential script injection in GitHub Actions, and security considerations for XML parsing.

[yesudeep]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a significant set of features centered around AI-powered release intelligence using Genkit, and expands the multi-ecosystem support of releasekit. Key additions include:

• AI-generated release summaries and themed codenames.
• A robust safety framework for AI-generated content, including a new Aho-Corasick word filter.
• New reusable GitHub Actions for setting up releasekit and ollama.
• A full-featured EDN/Clojure parser and a new ClojureWorkspace backend.
• Numerous documentation updates, new fixer scripts, and tests.

The code quality is very high, with good structure, documentation, and attention to security (e.g., secret redaction in logs, prompt injection defenses). I have a couple of suggestions for improving the robustness of the new GitHub Actions scripts.