feat: add marketplace PR auto-review and merge workflow

[coleam00]

Summary

• Problem: Marketplace submissions (PRs touching packages/docs-web/src/data/marketplace.ts) require manual maintainer review for safety and schema correctness.
• Why it matters: Automating the review loop unblocks contributors faster, catches malicious submissions deterministically, and reduces maintainer toil for clean submissions.
• What changed: Added a 9-node DAG Archon workflow (marketplace-pr-review-and-merge) that fetches PR metadata, verifies scope, parses the new entry, downloads source at pinned SHA, runs parallel schema validation and deterministic security scanning, runs a Haiku AI review, decides an action, and posts a GitHub review comment.
• What did not change: No @archon/* package code was modified — this is entirely workflow/script/CI additions.

UX Journey

Before

Contributor opens PR  →  Maintainer manually reviews  →  Maintainer posts comment  →  Maintainer merges

After

Contributor opens PR
       │
GitHub Actions (marketplace-auto-review.yml) triggers
       │
Archon workflow: marketplace-pr-review-and-merge
       │
  fetch-pr-metadata ──▶ verify-scope ──▶ parse-entry ──▶ fetch-source
                                                              │
                              ┌──────────────────────────────┤
                              ▼                              ▼
                       validate-schema              security-scan (parallel)
                              └──────────────────────────────┤
                                                             ▼
                                                        ai-review
                                                             │
                                                           decide
                                                             │
                              ┌──────────────────────────────┤
                              ▼              ▼               ▼
                       auto_approve  request_changes      reject
                        (gh approve)  (gh request)    (gh close)

Architecture Diagram

Before

.archon/workflows/maintainer/   (no marketplace workflow)
.archon/scripts/                (no marketplace scripts)
.github/workflows/              (marketplace-lint.yml only)

After

.archon/workflows/maintainer/marketplace-pr-review-and-merge.yaml  [+]
.archon/scripts/marketplace-fetch-source.ts                         [+]
.archon/scripts/marketplace-validate-schema.ts                      [+]
.archon/scripts/marketplace-security-scan.ts                        [+]
.archon/scripts/__tests__/marketplace-security-scan.test.ts         [+]
.archon/scripts/__tests__/fixtures/malicious/* (9 files)            [+]
.archon/scripts/__tests__/fixtures/benign/* (3 files)               [+]
.github/workflows/marketplace-auto-review.yml                       [+]

Connection inventory:

From	To	Status	Notes
marketplace-auto-review.yml	marketplace-pr-review-and-merge.yaml	new	GH Actions triggers Archon workflow
marketplace-pr-review-and-merge.yaml	marketplace-fetch-source.ts	new	script: node
marketplace-pr-review-and-merge.yaml	marketplace-validate-schema.ts	new	script: node
marketplace-pr-review-and-merge.yaml	marketplace-security-scan.ts	new	script: node
marketplace-validate-schema.ts	@archon/workflows/loader	new	parseWorkflow import

Label Snapshot

• Risk: risk: low
• Size: size: L
• Scope: workflows, ci, tests
• Module: workflows:maintainer, ci:marketplace

Change Metadata

• Change type: feature
• Primary scope: workflows

Linked Issue

• Closes #

Validation Evidence (required)

bun run validate

All six checks passed: check:bundled, check:bundled-skill, type-check, lint, format:check, tests (including 13 new marketplace-security-scan tests).

• Security scanner: 9 malicious fixtures detected (one per category), 3 benign fixtures produced zero findings, empty-dir produced severity none.

Security Impact (required)

• New permissions/capabilities? Yes — GitHub Action has pull-requests: write to post review comments and close PRs.
• New external network calls? Yes — marketplace-fetch-source.ts calls GitHub Contents API via gh api (authenticated, rate-limited at 5000/hr).
• Secrets/tokens handling changed? No — uses GITHUB_TOKEN from Actions environment, never logged.
• File system access scope changed? Yes — scripts read/write under $ARTIFACTS_DIR only (per-run ephemeral directory).
• Risk & mitigation: GH Actions token on fork PRs has limited scope (cannot write to fork). pull-requests: write is the minimum needed for v0 (review-only). Auto-merge deferred to v1 when contents: write is needed.

Compatibility / Migration

• Backward compatible? Yes — additive only, no existing files modified.
• Config/env changes? No
• Database migration needed? No

Human Verification (required)

• Verified scenarios: workflow YAML parses without errors (bun run cli validate workflows), scanner correctly catches all 9 malicious categories and zero benign false positives.
• Edge cases checked: scope violation detection, draft PR handling, empty source directory.
• What was not verified: end-to-end GitHub Actions run on a real PR (requires live environment with GH_TOKEN).

Side Effects / Blast Radius (required)

• Affected subsystems/workflows: only new files; no existing workflow/script/package modified.
• Potential unintended effects: suspicious_network pattern could false-positive if a benign submission fetches from a non-allowlisted but legitimate host. Maintainer can override by manually approving.
• Guardrails: AI review corroborates scanner findings before final decision; both must agree to reject.

Rollback Plan (required)

• Fast rollback: delete .archon/workflows/maintainer/marketplace-pr-review-and-merge.yaml and .github/workflows/marketplace-auto-review.yml — stops all automation immediately.
• Feature flags: none needed — workflow must be explicitly invoked or triggered by GH Actions.
• Observable failure symptoms: workflow run fails or posts an unexpected review comment.

Risks and Mitigations

• Risk: Scanner regex false positives on execFileSync (shell_exec pattern)
  • Mitigation: Pattern targets child_process\.exec\( not execFileSync. Verified by benign clean-script.ts fixture test.
• Risk: suspicious_network false positives on github.com URLs
  • Mitigation: Negative lookahead for github.com and archon.diy. Verified by clean-fetch.ts fixture test.
• Risk: GitHub Contents API rate limits for large submissions
  • Mitigation: 60s timeout on fetch-source node; gh api uses authenticated requests (5000 req/hr).

Summary by CodeRabbit

• New Features

  • Marketplace submission review automation with scope validation, schema verification, and AI-powered security assessment
  • Real-time security scanning of marketplace source files to detect suspicious patterns
  • Automated PR review and merge decisions based on scan and validation results

• Tests

  • Added test suite for security scanner covering benign and malicious scenarios

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3ca9fffb-7b4f-409e-929d-6c5430f574a7

📥 Commits

Reviewing files that changed from the base of the PR and between b069680 and 907dade.

📒 Files selected for processing (18)

• .archon/scripts/__tests__/fixtures/benign/clean-fetch.ts
• .archon/scripts/__tests__/fixtures/benign/clean-script.ts
• .archon/scripts/__tests__/fixtures/benign/clean-workflow.yaml
• .archon/scripts/__tests__/fixtures/malicious/cred_leak.ts
• .archon/scripts/__tests__/fixtures/malicious/exfil.sh
• .archon/scripts/__tests__/fixtures/malicious/obfuscated.ts
• .archon/scripts/__tests__/fixtures/malicious/path_escape.ts
• .archon/scripts/__tests__/fixtures/malicious/rce.ts
• .archon/scripts/__tests__/fixtures/malicious/reverse_shell.sh
• .archon/scripts/__tests__/fixtures/malicious/shell_exec.ts
• .archon/scripts/__tests__/fixtures/malicious/suspicious_network.sh
• .archon/scripts/__tests__/fixtures/malicious/unsafe_permissions.yaml
• .archon/scripts/__tests__/marketplace-security-scan.test.ts
• .archon/scripts/marketplace-fetch-source.ts
• .archon/scripts/marketplace-security-scan.ts
• .archon/scripts/marketplace-validate-schema.ts
• .archon/workflows/maintainer/marketplace-pr-review-and-merge.yaml
• .github/workflows/marketplace-auto-review.yml

---

📝 Walkthrough

Walkthrough

This PR introduces a complete automated marketplace submission system: benign and malicious test fixtures, a security scanner using regex pattern detection, a schema validator for workflow YAML, a source fetcher from GitHub, comprehensive tests, an orchestration workflow for PR review and merge decisions, and a GitHub Actions trigger.

Changes

Marketplace Submission Automation System

Layer / File(s)	Summary
Test Fixtures: Malicious & Benign Examples .archon/scripts/__tests__/fixtures/benign/*, .archon/scripts/__tests__/fixtures/malicious/*	Fixture files demonstrate security issues (credential leaks, RCE, exfiltration, reverse shells, obfuscated code, path escapes, shell execution, suspicious network, unsafe permissions) and clean patterns for scanner validation.
Security Scanner Pattern Detection .archon/scripts/marketplace-security-scan.ts	Scanner defines malicious categories with regex patterns, maps categories to severity levels, loads source files line-by-line, applies patterns, aggregates findings with context, and outputs JSON with overall severity.
Schema Validator for Workflow YAML .archon/scripts/marketplace-validate-schema.ts	Script discovers YAML files, parses each using workflow loader, records per-file validity with errors, and outputs aggregated JSON result.
Source Fetcher from GitHub .archon/scripts/marketplace-fetch-source.ts	Script validates ARTIFACTS_DIR and entry.json, parses sourceUrl for GitHub blob or tree, calls GitHub API at pinned SHA, recursively walks contents, base64-decodes files, and outputs JSON with file list and errors.
Security Scanner Test Suite .archon/scripts/__tests__/marketplace-security-scan.test.ts	Bun test suite executes scanner against fixtures in temp directories, verifies malicious fixtures produce expected findings and severity, asserts benign fixtures yield zero findings, and validates empty source returns none severity.
Marketplace PR Orchestration Workflow .archon/workflows/maintainer/marketplace-pr-review-and-merge.yaml	Workflow extracts PR metadata, enforces scope to marketplace.ts, parses entry fields from diff, fetches pinned source, runs schema and security validation in parallel, invokes Haiku AI for risk assessment, applies deterministic decision logic (auto_merge / auto_approve / request_changes / reject), and executes GitHub PR action.
GitHub Actions CI Trigger .github/workflows/marketplace-auto-review.yml	Actions workflow listens for PR events on marketplace.ts, checks out repo, installs Bun, and invokes Archon marketplace review workflow with secrets and PR number.

Sequence Diagrams

sequenceDiagram
  participant GH as GitHub PR
  participant Fetch as Fetch Metadata
  participant Scope as Scope Check
  participant Parse as Parse Entry
  participant Source as Fetch Source
  participant Schema as Validate Schema
  participant Scan as Security Scan
  participant AI as AI Review
  participant Decide as Decision Logic
  participant Act as Take Action
  GH->>Fetch: Trigger on PR opened/updated
  Fetch->>Scope: PR metadata ready
  Scope->>Parse: Scope OK?
  Parse->>Source: Entry extracted
  Source->>Schema: Source downloaded
  Source->>Scan: Source downloaded
  Schema-->>AI: Valid?
  Scan-->>AI: Findings & severity
  Parse-->>AI: Entry details
  Fetch-->>AI: PR metadata
  AI->>Decide: Risk assessment
  Decide->>Act: Decision (merge/approve/changes)
  Act->>GH: Submit review & merge if approved

Loading

sequenceDiagram
  participant Job as Workflow Job
  participant Entry as entry.json
  participant GH as GitHub API
  participant Local as Local Filesystem
  Job->>Entry: Read sourceUrl & sha
  Entry-->>Job: GitHub blob or tree URL
  Job->>GH: gh api fetch at ref
  alt Blob URL
    GH-->>Job: Single file content
    Job->>Local: Save file
  else Tree URL
    GH-->>Job: Directory contents listing
    loop Each item recursively
      Job->>GH: Fetch item content
      GH-->>Job: Base64-encoded file
      Job->>Local: Decode and save
    end
  end
  Job-->>Job: Collect files and errors

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 A marketplace scans for danger and deceit,
With patterns precise and fixtures so neat,
The scanner finds risks, the schema rings true,
While AI and rules decide what to do—
Auto-merge with confidence, or questions anew! 🔍

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch archon/task-feat-marketplace-pr-review-and-merge

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}