docs(be): Gemini CLI 프로젝트 가이드라인 및 문서 추가

Author: Jwhyee

.gemini/docs/DOCUMENT.md

@@ -0,0 +1,17 @@
+# Project Planning
+The objective of this project is to provide automated, high-quality code reviews for GitHub Pull Requests using Google's Gemini AI. By integrating directly with GitHub Webhooks, the system can automatically analyze incoming code changes and provide immediate feedback, reducing the burden on human reviewers and maintaining high code quality.
+
+# Core Logic & Mechanisms
+The system operates through a series of orchestrated steps:
+1.  **Webhook Reception**: A Spring Boot controller (`CodeReviewController`) receives payloads from GitHub for specific events (e.g., `pull_request`).
+2.  **Signature Verification**: The system validates the `X-Hub-Signature-256` header against a shared secret to ensure authenticity.
+3.  **Event Orchestration**: `CodeReviewFacade` determines the appropriate action based on the GitHub event type.
+4.  **Review Processing**:
+    *   The system extracts code diffs and contexts for review.
+    *   `CodeReviewService` filters and prioritizes files to review (handling limits and concurrency).
+    *   Each relevant hunk is sent to `GoogleGeminiClient` with a structured prompt.
+5.  **Feedback Loop**: Gemini's responses are parsed and posted as review comments on the GitHub Pull Request via `GithubReviewClient`.
+6.  **Concurrency & Rate Limiting**: A `Semaphore` limits simultaneous AI calls, and a mandatory cooldown period is applied between calls to comply with API limits.
+
+# Versioning
+- `v1.0.0 - 2026-03-10`: Initial foundational documentation and core review logic discovery.

.gemini/docs/PLANNING.md

@@ -0,0 +1,49 @@
+# Execution Plan: Portfolio vs. Actual Code Alignment
+
+## 1. Goal
+Identify and document discrepancies between the portfolio description (`AiCodeReviewSection.tsx`) and the actual implementation in `src/`, then generate a `SOLUTION.md` file to suggest corrections.
+
+## 2. Scope
+### In-Scope
+- Comparison of technical patterns (Facade, Queue, Rate Limiting, Security) mentioned in the portfolio with the actual Kotlin source code.
+- Verification of code snippets in the portfolio against the actual implementation.
+- Identifying exaggerated or non-existent features (e.g., DB-based Job Queue with SKIP LOCKED).
+- Creating `.gemini/docs/SOLUTION.md` with structured findings.
+
+### Out-of-Scope
+- Modifying `AiCodeReviewSection.tsx` or any actual source code.
+- Implementing the missing features (like the DB Job Queue).
+- Verifying external blog links.
+
+## 3. Architecture Impact
+```
+.gemini/docs/
+└── SOLUTION.md (To be created)
+```
+
+## 4. Execution Plan
+### Phase 1: Preparation & Analysis
+- [x] Read `.gemini/docs/STRUCTURE.md` to understand architecture.
+- [x] Read `.gemini/docs/AiCodeReviewSection.tsx` to identify claims.
+- [x] Browse and read key source files (`ReviewJobQueue.kt`, `CodeReviewService.kt`, `GithubSignature.kt`, `GithubAppTokenProvider.kt`).
+
+### Phase 2: Discrepancy Identification
+- [x] Cross-reference "DB Pessimistic Lock" claim with `ReviewJobQueue.kt` and `domain/repository`.
+- [x] Cross-reference "GeminiRateLimiter" component claim with `CodeReviewService.kt`.
+- [x] Cross-reference "Constant-Time Comparison" claim with `GithubSignature.kt`.
+- [x] Cross-reference "JJWT RS256" claim with `GithubAppTokenProvider.kt`.
+- [x] Cross-reference "Facade Pattern" claim with actual routing/handler structure.
+- [x] Cross-reference "Producer-Consumer / Coroutine Channel" claim with actual queue implementation.
+- [x] Evaluate metrics (0% 429 error rate) based on the current `cooldownAfterCall` logic.
+
+### Phase 3: Documentation
+- [x] Generate `.gemini/docs/SOLUTION.md` with the required format for each discrepancy.
+
+## 5. Risk Mitigation
+- **Potential Breaking Changes**: None (Analysis only).
+- **Rollback Strategy**: Delete `SOLUTION.md` if needed.
+
+## 6. Final Verification Wave
+- [x] Run `./gradlew test` (to ensure the project is in a valid state, though we are not changing code).
+- [x] Verify the content of `.gemini/docs/SOLUTION.md` matches the user's requested format.
+- [x] Manual Spot Check: Ensure all discrepancies found are grounded in the actual code.

.gemini/docs/STRUCTURE.md

@@ -0,0 +1,62 @@
+# OVERVIEW
+An AI-powered automated code review system designed to integrate with GitHub Pull Requests. Built with Kotlin and Spring Boot, it utilizes Google Gemini AI to analyze code changes and provide automated feedback directly on GitHub.
+
+# STRUCTURE
+```
+.
+├── .github/workflows/          # CI/CD pipelines (GitHub Actions)
+├── src/
+│   ├── main/
+│   │   ├── kotlin/com/project/codereview/
+│   │   │   ├── application/    # Configuration and utility classes
+│   │   │   ├── client/         # External API clients (GitHub, Google Gemini)
+│   │   │   ├── core/           # Core business logic, controllers, and services
+│   │   │   ├── domain/         # Domain models and repository interfaces
+│   │   │   └── CodeReviewApplication.kt # Main entry point
+│   │   └── resources/          # Application properties and static assets
+│   └── test/                   # Unit and integration tests
+├── build.gradle.kts            # Build configuration
+└── Dockerfile                  # Containerization configuration
+```
+
+# WHERE TO LOOK
+| Task / Workflow | Exact File Path |
+| :--- | :--- |
+| GitHub Webhook Entry Point | `src/main/kotlin/com/project/codereview/core/controller/CodeReviewController.kt` |
+| Event Handling Orchestration | `src/main/kotlin/com/project/codereview/core/service/CodeReviewFacade.kt` |
+| AI Review Logic | `src/main/kotlin/com/project/codereview/core/service/CodeReviewService.kt` |
+| Gemini API Integration | `src/main/kotlin/com/project/codereview/client/google/GoogleGeminiClient.kt` |
+| GitHub API Integration | `src/main/kotlin/com/project/codereview/client/github/GithubReviewClient.kt` |
+| GitHub Diff Parsing | `src/main/kotlin/com/project/codereview/client/github/GithubDiffUtils.kt` |
+| Domain Models | `src/main/kotlin/com/project/codereview/domain/model/` |
+
+# CODE MAP
+| Symbol | Type | Location |
+| :--- | :--- | :--- |
+| `CodeReviewController` | Class (RestController) | `src/main/kotlin/com/project/codereview/core/controller/CodeReviewController.kt` |
+| `CodeReviewFacade` | Class (Service) | `src/main/kotlin/com/project/codereview/core/service/CodeReviewFacade.kt` |
+| `CodeReviewService` | Class (Service) | `src/main/kotlin/com/project/codereview/core/service/CodeReviewService.kt` |
+| `GoogleGeminiClient` | Class (Service) | `src/main/kotlin/com/project/codereview/client/google/GoogleGeminiClient.kt` |
+| `GithubReviewClient` | Class (Service) | `src/main/kotlin/com/project/codereview/client/github/GithubReviewClient.kt` |
+| `GithubSignature` | Object (Utility) | `src/main/kotlin/com/project/codereview/core/util/GithubSignature.kt` |
+
+# CONVENTIONS (THIS PROJECT)
+- **Kotlin Coroutines**: Extensive use of `suspend` functions and coroutine scopes for non-blocking I/O.
+- **Spring Boot 3.x**: Leverages the latest Spring Boot features and dependencies.
+- **GitHub App Auth**: Uses JWT (JJWT) for authenticating as a GitHub App.
+- **Signature Validation**: All incoming webhooks must be validated using `X-Hub-Signature-256`.
+- **Concurrency Control**: `Semaphore` is used in `CodeReviewService` to limit concurrent AI calls.
+- **Rate Limiting**: Implements a cooldown period (1 minute + jitter) after each Gemini call.
+
+# ANTI-PATTERNS / TECH DEBT
+- **Hardcoded Limits**: Max review counts and concurrency limits are currently hardcoded in `CodeReviewService`.
+- **Error Handling**: Catch-all `Throwable` in some service methods; could be more specific.
+- **Payload Deserialization**: `FAIL_ON_UNKNOWN_PROPERTIES = false` is used, which helps with evolving APIs but might hide breaking changes.
+
+# COMMANDS
+- **Build**: `./gradlew build`
+- **Test**: `./gradlew test`
+- **Run Locally**: `./gradlew bootRun`
+
+# NOTES
+- The project relies on environment variables for GitHub secrets and Gemini API keys (see `application.yaml` for expected keys).

GEMINI.md

@@ -0,0 +1,13 @@
+# Gemini CLI - Project Guidelines
+
+## 0. Mandatory Document Rules
+- **ALWAYS** read `.gemini/docs/STRUCTURE.md` and `.gemini/docs/DOCUMENT.md` before starting any task.
+- **CONTINUOUSLY** update `STRUCTURE.md` and `DOCUMENT.md` as the project evolves or new information is discovered.
+- **APPEND-ONLY** for `DOCUMENT.md`: When updating `DOCUMENT.md` with new logic or planning, do not delete existing text. Apply a strikethrough (~~text~~) to outdated information and append the new information at the bottom.
+- **VERSION BUMP**: Always increment the version number in `DOCUMENT.md` when making updates, including the current date.
+
+## Engineering Standards
+- Follow the established architecture: `core`, `domain`, `client`, `application`.
+- Maintain the use of Kotlin Coroutines for all asynchronous operations.
+- Ensure all new GitHub webhook events are properly validated for signatures.
+- Respect the concurrency and cooldown mechanisms in `CodeReviewService`.