Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ All notable changes to this portable workflow pack are documented here.

- **Add `agent-workflows-trust-audit` to check recent merged PRs against `pr-security-preflight` and draft candidate repo-local trust entries for maintainer review.**
- **Document the trust/preflight operating model, including global vs repo-local trust, audit flow, acknowledgement policy, and security tradeoffs.**
- **Document bounded inline Claude Code review as a fallback when hosted Claude review checks are queued, stale, or unavailable.**
Comment thread
justin808 marked this conversation as resolved.
Outdated

#### Fixed

Expand Down
5 changes: 3 additions & 2 deletions workflows/pr-processing.md
Original file line number Diff line number Diff line change
Expand Up @@ -1455,8 +1455,9 @@ Auto-merge requires all of the following:
- Score is at least `8/10`; `7/10` permits human merge after review, but not auto-merge.
- Before triggering auto-merge, the merge actor verifies `Finalized by` against the GitHub review record, checks, or git log, not only the PR body text.
- All GitHub checks for the current head SHA are complete. An empty full `gh pr checks <PR>` list is `UNKNOWN` / not ready. Skipped checks count as complete only when CI selector output explains them or a maintainer explicitly waives them.
- The GitHub `claude-review` check is complete for the current head SHA, or it failed because of quota exhaustion, hard usage-limit enforcement, provider-reported capacity such as HTTP 503, or persistent HTTP 429 after one 60-second retry, and Cursor Bugbot or Codex review (`codex review --base origin/<base>`, or the PR's real base branch) completed as the fallback with the same blocker-triage bar and exact error evidence recorded in the PR body.
- Any fallback review leaves a named reviewer identity in the GitHub review record or a timestamped PR comment. Before treating the fallback as complete, the merge actor confirms the reviewer is either a named GitHub check/app identity visible in the Checks API for the current head SHA or a collaborator with `write`, `maintain`, or `admin` permission.
- The GitHub `claude-review` check is complete for the current head SHA, or it is unavailable, stale, queued behind an obsolete run, or failed because of quota exhaustion, hard usage-limit enforcement, provider-reported capacity such as HTTP 503, or persistent HTTP 429 after one 60-second retry, and an equivalent fallback review completed with the same blocker-triage bar and exact evidence recorded in the PR body or merge handoff.
Comment thread
justin808 marked this conversation as resolved.
Outdated
Comment thread
justin808 marked this conversation as resolved.
Outdated
- Preferred fallback order is a bounded inline Claude Code review, then Cursor Bugbot or Codex review. For inline Claude Code, use Sonnet unless the repo seam names a different default, keep the prompt focused on merge blockers, and set a budget cap, for example `claude -p --model sonnet --max-budget-usd 1` with the current branch diff. If Claude Code is unavailable or also stalls, use `codex review --base origin/<base>` or the PR's real base branch.
Comment thread
justin808 marked this conversation as resolved.
Outdated
- Any fallback review leaves a named reviewer identity in the GitHub review record, a timestamped PR comment, or the merge handoff. Before treating the fallback as complete, the merge actor confirms the reviewer is either a named GitHub check/app identity visible in the Checks API for the current head SHA, a local CLI identity invoked by the merge actor, or a collaborator with `write`, `maintain`, or `admin` permission.
Comment thread
justin808 marked this conversation as resolved.
Outdated
- Claude failures not caused by capacity limits are understood before merge.
Comment thread
justin808 marked this conversation as resolved.
- CodeRabbit approval is not required, but concrete CodeRabbit findings still need normal blocker triage.
- Reviewer verdicts in the confidence block are classified as current-head or stale/advisory with the head SHA each verdict covers. Stale approvals, positive comments, and summaries cannot be cited as merge gates.
Comment thread
justin808 marked this conversation as resolved.
Expand Down
Loading