feat: Add semantic PR title check workflow#438
Merged
Conversation
Signed-off-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com>
Contributor
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
Contributor
AI Quality Gate ReviewWarning WalkthroughThis PR was reviewed by six AI agents in parallel, analyzing different aspects of the changes:
Review Summary
QA Review DetailsQA Review: Semantic PR Title Check WorkflowTest Coverage Assessment
Quality Concerns
Regression Risk Assessment
Code Quality AnalysisThe workflow is minimal (17 lines) but lacks patterns present in other workflows in this repository: Compared to
Evidence SummaryRecommendations
Security Review DetailsSecurity Analysis: Semantic PR Title Check WorkflowFindings
Analysis DetailsBOT_PAT Usage (Medium):
Version Pinning (Low):
Recommendations
VerdictDevOps Review DetailsLet me check existing workflows for patterns around action pinning and permission settings. Now I have enough context to provide my DevOps review. Pipeline Impact Assessment
CI/CD Quality Checks
Findings
Template Assessment
Automation Opportunities
Recommendations
VerdictAnalyst Review DetailsAnalysis: Semantic PR Title Check WorkflowCode Quality Score
Overall: 4/5 Impact Assessment
Findings
Recommendations
VerdictRoadmap Review DetailsNow I have the context. Let me review the PR. Strategic Alignment Assessment
Feature Completeness
Impact Analysis
Concerns
Recommendations
VerdictArchitect Review DetailsDesign Quality Assessment
Overall Design Score: 4/5 Architectural Concerns
Breaking Change Assessment
Technical Debt Analysis
ADR Assessment
Recommendations
VerdictRun Details
Powered by AI Quality Gate - View Workflow |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a new GitHub Actions workflow to validate PR titles against semantic/conventional commit format. The workflow triggers on PR open, edit, and synchronize events using the amannn/action-semantic-pull-request action.
Key Changes
- New workflow file for automated semantic PR title validation
- Enforces conventional commit format for PR titles
- Uses BOT_PAT for authentication
|
Caution Review failedThe pull request is closed. Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. 📝 WalkthroughWalkthroughAdds a new GitHub Actions workflow Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested reviewers
Pre-merge checks and finishing touches❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
📜 Recent review detailsConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
Comment |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com>
rjmurillo-bot
added a commit
that referenced
this pull request
Dec 26, 2025
Planning: - PRD for acknowledged vs resolved gap fix - Task breakdown (13 tasks across 3 milestones) - Implementation prompts for each task Validation: - PRD critique: [APPROVED] - Implementation critique: [APPROVED_WITH_CONDITIONS] 86/100 - QA report: [PASS] - Live validation with PR #365 and #438 - Security review: [APPROVED] - No blocking issues - Gap diagnostics with Five Whys analysis Retrospective: - Root cause: Semantic confusion (acknowledgment ≠ resolution) - 4 skills extracted (Design-008, Implementation-006, Testing-007/008) - Memory files for lifecycle modeling patterns 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Merged
22 tasks
rjmurillo
added a commit
that referenced
this pull request
Dec 26, 2025
…owledged vs resolved fix (#402) * fix(ci): add visibility message when PR maintenance processes 0 PRs Closes #400 When the PR maintenance workflow runs and finds no PRs requiring automated action, users couldn't tell why "0 PRs processed" appeared. This adds a GITHUB_STEP_SUMMARY message explaining: - Total PRs scanned - Actions taken (comments acknowledged, conflicts resolved) - Why no actions were needed (normal when awaiting human review) Changes: - Add TotalPRs to results for visibility reporting - Add step summary output in GitHub Actions context - Explain "no actions" scenario (awaiting review, no bot comments) This is the minimal fix that was attempted in PR #395, which scope- exploded to 847 lines. This fix is 42 lines as intended. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: Distinguish bot vs human PRs for CHANGES_REQUESTED handling BREAKING CHANGE: Bot-authored PRs with CHANGES_REQUESTED are no longer skipped as "blocked". They are now tracked separately in ActionRequired for agent intervention via pr-comment-responder. The previous logic incorrectly treated ALL CHANGES_REQUESTED PRs as "blocked, needs human action". This was wrong for bot-authored PRs: - Human-authored PR with CHANGES_REQUESTED: Truly blocked, human must act - Bot-authored PR with CHANGES_REQUESTED: Agent should address feedback Changes: - Add Test-IsBotAuthor helper function with documented bot patterns - Update Invoke-PRMaintenance to distinguish bot vs human authors - Add ActionRequired list to results for bot PRs needing attention - Update GITHUB_STEP_SUMMARY to list actionable bot PRs - Add 7 tests for Test-IsBotAuthor function - Create memory: pr-changes-requested-semantics Evidence: PRs #247, #246, #235 were incorrectly skipped when they had CHANGES_REQUESTED from human reviewers on bot-authored code. See: Issue #400, pr-changes-requested-semantics memory 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: Add nuanced bot categorization for CHANGES_REQUESTED handling Different bot types require different actions when CHANGES_REQUESTED: - agent-controlled (rjmurillo-bot): Use /pr-review via pr-comment-responder - mention-triggered (copilot-swe-agent): Add @copilot comment - command-triggered (dependabot[bot]): Use @dependabot commands - unknown-bot: Requires manual review Changes: - Add Get-BotAuthorInfo function with category, action, and mention fields - Refactor Test-IsBotAuthor to use Get-BotAuthorInfo - Update console output to group by category with specific actions - Update GITHUB_STEP_SUMMARY with category-specific recommended actions - Add 9 tests for Get-BotAuthorInfo covering all categories - Update memory with nuanced handling documentation Evidence: copilot-swe-agent PRs need @copilot mention to act, unlike agent-controlled bots that can be addressed directly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: Run maintenance tasks regardless of CHANGES_REQUESTED status CHANGES_REQUESTED status only indicates who can address reviewer feedback. Maintenance tasks should ALWAYS run: - Resolve merge conflicts (keeps PR mergeable) - Acknowledge bot comments (shows engagement) - Check for similar PRs (informational) Previously, human-authored PRs with CHANGES_REQUESTED were skipped entirely. Now they are processed for maintenance but listed as Blocked for feedback. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: Cross-reference bot pattern memories (DRY) Update pr-changes-requested-semantics memory and Get-BotAuthorInfo to reference existing bot-specific pattern memories instead of duplicating information: - cursor-bot-review-patterns: 100% actionable signal - copilot-pr-review: 21% signal, high false positive rate - copilot-follow-up-pr: Sub-PR creation behavior - coderabbit-config-strategy: 66% noise, path_instructions This keeps the memories DRY while providing clear cross-references. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address PR review comments on bot handling - Fix $agentControlled.PR array access bug (use ForEach-Object) - Fix backtick escaping in markdown inline code - Improve 'no actions' explanation accuracy (Gemini feedback) - Add try-catch for GITHUB_STEP_SUMMARY file write (Copilot suggestion) Addresses review comments: 2646510037, 2647190844, 2647173696, 2647160627 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add bot author feedback protocol documentation Create comprehensive protocol documentation with mermaid diagrams per review feedback. Updates memory to reference new documentation. - Add decision flow diagram for CHANGES_REQUESTED handling - Add state machine diagram for PR processing - Document bot category detection logic - Add github-actions limitation (cannot respond to mentions) - Cross-reference related memories Addresses review comment: 2647285889 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: correct bot author feedback protocol decision flow Per reviewer feedback, corrected the protocol: - Blocked list only for human PRs with NO action toward @rjmurillo-bot - rjmurillo-bot triggers: PR author OR reviewer assignment OR mention - Mention-triggered: process ONLY the mentioned comment - Maintenance limited to merge conflict resolution only - Eyes reaction only when bot will take action - Prerequisites: must follow SESSION-PROTOCOL.md before any work - Merge conflicts: get last 10 commits for context 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: update bot activation logic per corrected protocol - Eyes reaction only when rjmurillo-bot takes action: - Bot authored PR: acknowledge all comments - Otherwise: only acknowledge @rjmurillo-bot mentions - Blocked list only for human PRs with NO @rjmurillo-bot mention - Human PRs with @rjmurillo-bot mention: add to ActionRequired - Update comments to reference protocol documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: update workflow * fix: correct mermaid flowchart syntax errors - Remove duplicate E-->|No| edges - Remove orphaned J-->K nodes - Fix consistent spacing in edge labels 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: align protocol sections with corrected flowchart - Update Activation Triggers table to show CHANGES_REQUESTED column - Rewrite State Machine diagram to match flowchart logic - Rename Bot Categories to PR Author Categories with role-based actions - Update Anti-Patterns with RIGHT/WRONG examples for new flow - Remove outdated Blocked List section (not in flowchart) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: implement corrected bot author feedback protocol Implements the decision flow from bot-author-feedback-protocol.md: ## Protocol Changes - rjmurillo-bot activates when: PR author, added as reviewer, or @mentioned - CHANGES_REQUESTED only triggers /pr-review when bot is author or reviewer - @mention → process ONLY that comment, add eyes only to that comment - Maintenance = merge conflict resolution only - Eyes reaction only when bot will take action ## Implementation - Add `reviewRequests` to Get-OpenPRs query - Add `Test-IsBotReviewer` function for reviewer detection - Rewrite main loop to match protocol flowchart - Add 6 tests for Test-IsBotReviewer function Relates-to: #400 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address cursor[bot] and rjmurillo review feedback ## cursor[bot] fixes (100% signal) - Reclassify github-actions as 'non-responsive' instead of 'agent-controlled' These accounts cannot respond to comments/mentions - Add Author field to UNRESOLVABLE_CONFLICTS blocked items Fixes malformed log output "PR #X by : UNRESOLVABLE_CONFLICTS" ## rjmurillo feedback - Simplify memory to reference canonical documentation - Memory now points to .agents/architecture/bot-author-feedback-protocol.md ## Test updates - Update github-actions tests to expect 'non-responsive' category - 149 tests pass, 0 failed, 1 skipped Addresses PR #402 review comments 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address Copilot review feedback ## Bug Fixes - Move $role variable definition before if/else block (was undefined in else branch) - Fix section headers to say "PRs Requiring Action" instead of "Bot PRs with CHANGES_REQUESTED" (ActionRequired list includes both CHANGES_REQUESTED and MENTION items) ## Documentation - Fix mermaid grammar: "Are CHANGES_REQUESTED" -> "CHANGES_REQUESTED?" ## Notes on Copilot Feedback - $isBotAuthor logic is intentional: checks for 'agent-controlled' category specifically (other bots like copilot-swe-agent are 'mention-triggered', handled separately) - Out-File already has error handling in try/catch block Addresses Copilot comments on PR #402 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: expand bot-author-feedback-protocol with operational guidance Add comprehensive operational sections based on multi-agent analysis: - Quick Start: invocation examples for automated, manual, and agent execution - Prerequisites: required tools with version checks and permissions - Acceptance Criteria: GIVEN/WHEN/THEN format for all 4 scenarios - Auto-Resolvable Conflicts: file patterns using --theirs strategy - Handoff: Script to Agent: output interpretation and next steps - What "Process Comments" Means: concrete 4-step definition - Bot Categories: extended table with examples and behavior - Error Recovery: 4 scenarios with recovery procedures - Logs and Debugging: locations, commands, exit codes - Success Metrics: baseline performance and alert thresholds - Glossary: 6 key terms defined This enables an amnesiac agent to execute the protocol without prior context by providing complete operational documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address copilot review feedback on API efficiency and test coverage Fixes based on copilot-pull-request-reviewer comments: 1. API Call Optimization: - Modified Get-UnacknowledgedComments to accept pre-fetched comments - Pass $comments array to avoid duplicate Get-PRComments calls - Reuse $mentionedComments instead of re-fetching 2. Human PRs with CHANGES_REQUESTED: - Track in Blocked list with category 'human-blocked' for visibility - These were previously not tracked, reducing visibility 3. ActionRequired Test Coverage: - Added 4 new test contexts for ActionRequired/Blocked collection - Bot author with CHANGES_REQUESTED -> ActionRequired - Bot reviewer with CHANGES_REQUESTED -> ActionRequired - Bot mentioned -> ActionRequired with 'mention-triggered' - Human with CHANGES_REQUESTED -> Blocked with 'human-blocked' 4. Backtick Escaping: - Fixed inline code using 2 backticks instead of non-standard 4 All 154 tests pass (1 skipped). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * Rename $isBotAuthor to $isAgentControlledBot for clarity (#437) Merge derivative PR from copilot-swe-agent into parent PR #402 branch. Renamed $isBotAuthor → $isAgentControlledBot for clarity. * fix: address agent review feedback and add derivative PR protocol ## Agent Recommendations Incorporated **QA Agent P0**: Added error handling tests - Test for Get-PRComments exception handling - Test for continuation after API failure - 157 tests now pass **Critic Agent**: APPROVED - all changes complete and correct **DevOps Agent**: PASS - backward compatible, 50% API reduction **Security Agent**: PASS - no vulnerabilities found ## Protocol Updates **Derivative PRs**: Added new section documenting: - What derivative PRs are (bot-spawned PRs targeting feature branches) - Detection criteria (baseRefName != main + bot author) - Handling workflow with mermaid diagram - Race condition risk and mitigation - Script integration requirements Example: PR #437 from copilot-swe-agent targeting PR #402's branch 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: update mermaid diagrams with derivative PR handling Both flowchart and state machine diagrams now include: - CheckDerivatives state after conflict resolution - ReportDerivatives action for ActionRequired output - Clear flow showing derivative PR detection before END Addresses diagram consistency with the Derivative PRs section added in 9e18f23. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(qa): add bot-author-feedback-protocol PR assessment QA evaluation of 50 closed PRs against the protocol workflows: ## Findings - Protocol Coverage: 75% (38/50 PRs handled correctly) - Automation Gap: 25% (12/50 PRs required manual intervention) - Compliance Rate: 100% (0 protocol violations) ## Key Gap Derivative PRs from copilot-swe-agent (11 PRs, 22% of sample) require manual intervention. Protocol documents but does not automate detection, linking, or parent merge blocking. ## Recommendations - P0: Implement derivative PR detection in maintenance script - P0: Add derivative PRs to ActionRequired output - P0: Block parent merge when derivatives pending 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(P0): implement derivative PR detection in maintenance script Implements P0 recommendations from bot-author-feedback-protocol assessment: ## New Functions - `Get-DerivativePRs`: Detects PRs targeting feature branches (not main) from mention-triggered bots (e.g., copilot-swe-agent) - `Get-PRsWithPendingDerivatives`: Correlates derivatives with parent PRs by matching target branch to head branch ## Integration - Derivative PRs added to ActionRequired with PENDING_DERIVATIVES reason - Parents with derivatives shown with warning in GitHub step summary - Console output includes derivative count in summary ## Test Coverage - 8 new tests covering derivative detection scenarios - Tests for copilot branch naming pattern extraction - Tests for parent-derivative correlation logic Closes P0 items from .agents/critique/bot-author-feedback-protocol-pr-assessment.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: align mermaid diagrams with derivative PR implementation Updates flowchart TD and state machine diagrams to reflect actual implementation where derivative detection happens at the BEGINNING (after fetching PRs) rather than at the END (after maintenance). ## Flowchart Changes - Starts with "Fetch Open PRs" → "Derivative PRs?" - Detection and linking happen before individual PR processing - Clearer flow: Detect → Link → Add to ActionRequired → Process ## State Machine Changes - New states: FetchPRs, DetectDerivatives, LinkToParents - AddToActionRequired reports PENDING_DERIVATIVES - ProcessPRs loops through each PR individually - NextPR handles iteration vs completion Also updates pr-changes-requested-semantics Serena memory to include derivative PR detection section. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add session artifacts and skillbook memories ## Session Artifacts - critique/402-pr-maintenance-visibility-critique.md - qa/402-pr-maintenance-test-coverage-analysis.md - sessions/2025-12-26-session-87-pr402-devops-review.md ## Skillbook Memories - quality-shift-left-gate.md: 6-agent consultation pattern - quality-agent-remediation.md: P0/P1 remediation requirements ## Memory Updates - pr-changes-requested-semantics.md: Added derivative PR section - skills-quality-index.md: Indexed new quality skills 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address agent P0 feedback for amnesiac readiness Agent review findings addressed: ## Critic P0 (all resolved) - Add invocation decision tree to protocol - Document Category filter in derivative PR detection - Add non-responsive bot category to memory - Sync exit code documentation with workflow status ## DevOps P0 (resolved) - Add actions:read permission to pr-maintenance.yml ## QA P0 (resolved) - Add Scenario 4 tests: no bot involvement (maintenance only) - Add Scenario 4b tests: conflict resolution without bot - Fix null-safety for Get-SimilarPRs return value All 171 tests pass (170 passed + 1 skipped). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: PR maintenance authority enhancement planning artifacts Multi-agent workflow for PR maintenance gap analysis and remediation: ## Gap Analysis - 4 gaps identified affecting 6 PRs (#365, #353, #301, #255, #247, #235) - Gap 1: Bot PRs with conflicts wrongly blocked - Gap 2: Unaddressed comments not triggering action - Gap 3: Copilot synthesis missing for @copilot PRs - Gap 4: Duplicate PR entries in ActionRequired + Blocked ## PRD (Iteration 2 - Critic Approved) - 5 user stories (Story 3 split into 3a + 3b per INVEST) - Negative acceptance criteria added - Technical requirements with line numbers ## Task List - 17 atomic tasks in 6 phases - Prompts added for amnesiac agent execution - Critic flagged 11/17 for revision (pending) ## Retrospective - 71% success rate on planning workflow - Key pattern: critic-explainer iteration loop effective - Learning: apply same iteration to task generation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: revise task prompts for amnesiac agent execution Critic review identified 11/17 prompts needing revision for self-containment. All prompts now approved for implementation. ## Revisions Made - Task 1.3: Added exact search pattern and BEFORE/AFTER blocks - Task 2.2: Added case-insensitive matching (-imatch/-inotmatch) - Task 3.2: Added $results initialization location (line 1180) - Tasks 5.1-5.6: Documented test file creation, correct invocation pattern - Task 5.7: Added absolute path, skip conditions for closed PRs - Tasks 6.1, 6.2: Added search patterns, file existence handling ## Verification - All prompts specify absolute file paths - All prompts include search patterns or line numbers - All prompts have verification steps - Critic verdict: APPROVED FOR IMPLEMENTATION 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): route bot PRs with conflicts to ActionRequired Task 1.1: Bot-authored PRs with unresolvable conflicts now go to ActionRequired instead of Blocked, since the bot has full authority to manually resolve conflicts via /pr-review. Human-authored PRs with conflicts still go to Blocked (existing behavior). Addresses Gap 1 from diagnostics. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): trigger action on unaddressed comments Tasks 1.2 + 1.3: Bot-authored PRs now trigger action when: - reviewDecision = CHANGES_REQUESTED (existing), OR - Unaddressed bot comments exist (count > 0) (new) Changes: - Move Get-UnacknowledgedComments before action determination - Expand trigger condition to include unaddressed comments - Add UnaddressedCount property to ActionRequired entry - Use UNADDRESSED_COMMENTS reason when reviewDecision is not CHANGES_REQUESTED - Reuse $unacked variable for acknowledgment loop (no duplicate API call) Addresses Gap 2 from diagnostics. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): detect copilot-swe-agent PRs Task 2.1: Add detection for copilot-swe-agent PRs where rjmurillo-bot is a reviewer. This enables synthesis workflow for delegating feedback to @copilot. Detection triggers when: - rjmurillo-bot is a reviewer on the PR - Author login matches 'copilot' pattern (case-insensitive) - Author bot category is 'mention-triggered' 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): collect other bot comments for copilot synthesis Task 2.2: When a copilot-swe-agent PR is detected, collect comments from other review bots (coderabbitai, cursor[bot], gemini-code-assist) for synthesis. Changes: - Filter comments using case-insensitive matching (-imatch/-inotmatch) - Add COPILOT_SYNTHESIS_NEEDED to ActionRequired when other bot comments exist - Skip synthesis if 0 other bot comments (edge case) - Separate copilot PR handling from normal agent-controlled PR flow Addresses Gap 3 from diagnostics (partial - synthesis function next). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): add Invoke-CopilotSynthesis function (Task 3.1) Create function to generate @copilot synthesis prompts from bot comments: - Groups comments by bot author (coderabbitai, cursor[bot], gemini) - Generates markdown with linked summaries (truncated at 100 chars) - Formats prompt directing @copilot to address issues Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): post synthesis prompt as PR comment (Task 3.2) Integrate Invoke-CopilotSynthesis function to post @copilot prompts: - Add SynthesisPosted counter to $results initialization - Generate synthesis prompt from collected bot comments - Post prompt as PR comment via gh pr comment - Support DryRun mode for testing - Track posted syntheses in results Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): implement single list guarantee (Task 4.1) Add deduplication check before adding PRs to Blocked or ActionRequired: - Check if PR already exists in ActionRequired before adding - If exists, update existing entry with HasConflicts flag - Append '+ resolve conflicts' to existing Action - Ensures no PR appears in both lists Priority order: ActionRequired > Blocked (ActionRequired takes precedence) Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add unit tests for bot authority (Tasks 5.1-5.6) Create unit test file with 6 tests: - Bot PR conflicts go to ActionRequired (not Blocked) - Unaddressed comments trigger action without CHANGES_REQUESTED - Copilot PR synthesis detection and comment collection - Deduplication: PR appears in one list only - Human PR conflicts go to Blocked (regression test) - Copilot PR with no other bot comments skips synthesis Also adds $DryRun parameter to Invoke-PRMaintenance to support test mocking of the synthesis posting feature. Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add integration tests (Task 5.7) Create integration test file that tests against real PRs: - Verifies bot PRs with conflicts go to ActionRequired - Verifies copilot PR triggers synthesis workflow - Verifies no PR appears in both ActionRequired and Blocked Tests use -Skip when target PRs are closed. Uses -DryRun to avoid posting comments during test. Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(pr-maintenance): document copilot synthesis workflow (Tasks 6.1-6.2) Update protocol documentation: - Add "Reviewer on Copilot PR" row to activation triggers table - Add Copilot Synthesis Workflow section with trigger conditions - Document authority boundary for mention-triggered PRs - Show synthesis prompt format Update pr-changes-requested-semantics memory: - Add copilot synthesis activation trigger - Add copilot synthesis section with workflow summary Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * qa: add test validation report for PR #402 Add comprehensive QA validation for PR maintenance workflow enhancement: Test Execution Results: - Unit tests: 6/6 passing - Integration tests: 0/2 passing (1 skip, 2 fail due to bug) - Total execution time: 5.47s Critical Issues (P0 - blocking): 1. Integration test bug at line 14-15 (PropertyNotFoundException) 2. Multi-PR deduplication not tested at scale 3. Conflict + CHANGES_REQUESTED interaction path untested Important Gaps (P1 - follow-up acceptable): 4. Bot category coverage: 3 of 6 categories untested 5. Synthesis edge cases: Large comment counts, failure handling 6. Mock verification: No Should -Invoke assertions Nice to Have (P2 - future enhancement): 7. Derivative PR workflow (~200 LOC untested) 8. Error resilience testing Verdict: NEEDS WORK - Fix P0 issues before merge Deliverables: - Test report: .agents/qa/402-pr-maintenance-test-report.md - Gap analysis with code examples: .agents/qa/402-test-gap-analysis.md - Session log: .agents/sessions/2025-12-26-session-01-pr-402-qa-validation.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: finalize QA session log with commit evidence * fix(pr-maintenance): address QA and security findings QA fixes: - Fix integration test PropertyNotFoundException (use ForEach-Object) Security fixes: - Anchor bot login regex to prevent partial matches - Regex now uses ^...$ pattern for exact matching - Matches coderabbitai, coderabbitai[bot], cursor[bot], gemini-code-assist[bot] Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): resolve double-nested array issue in Get-SimilarPRs The combination of Write-Output -NoEnumerate in the function and @() wrapper at the call site created a double-nested array structure. When iterating, foreach received the entire inner array as a single item instead of individual PSCustomObject elements. Changes: - Remove Write-Output -NoEnumerate from Get-SimilarPRs function - Use simple return statements instead - Change hashtable to PSCustomObject with lowercase property names - Add DryRun parameter at script level (was missing from param block) - Pass DryRun through to Invoke-PRMaintenance function call Root cause: Mocks used PascalCase properties that matched the code, but the real GitHub API returns lowercase. Static analysis passed but actual execution revealed the runtime issue. Lesson: Integration testing against real APIs is essential to catch casing and structure issues that mocks cannot reveal. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(retrospective): analyze PR #402 double-nested array debug session Comprehensive retrospective analysis of debugging session for commit 526f551 which fixed double-nested array bug in Get-SimilarPRs function. Analysis Findings: - Root cause: Write-Output -NoEnumerate + @() wrapper = double-nesting - Unit tests passed (100% coverage) but runtime failed on all 15 PRs - Mock fidelity gap: Tests used PascalCase, API returned lowercase - Testing gap: No integration tests for GitHub API calls Extracted Learnings (4 skills, all ≥90% atomicity): - Skill-PowerShell-004: Array return pattern (95%) - Skill-Testing-003: Integration test requirement (92%) - Skill-Testing-006: Mock structure fidelity (93%) - Skill-Testing-004: Type assertions (90%) Process Improvements: - Add integration tests for external API calls - Validate mocks match actual API response structure - Assert returned object types not just values - Document PowerShell array handling best practices Artifacts: - .agents/retrospective/402-double-nested-array-debug.md (comprehensive analysis) - .serena/memories/powershell-array-handling.md (array patterns) - .serena/memories/testing-mock-fidelity.md (testing requirements) - .serena/memories/retrospective-2025-12-26.md (session index) Related: PR #402, commit 526f551 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(session): complete session log for PR #402 retrospective * docs(protocol): convert ASCII decision tree to Mermaid diagram Convert the invocation decision tree from ASCII art (using ├─ └─) to a proper Mermaid flowchart for better rendering in GitHub and other Markdown viewers. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(docs): escape special characters in Mermaid diagram Fix Mermaid rendering error by: - Adding quotes around node labels with special characters - Removing leading slash from /pr-review (use "pr-review skill") - Simplifying <br/> to <br> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): implement Get-UnaddressedComments function Add function to detect bot comments in any unresolved state: - NEW (unacknowledged, eyes=0) - ACKNOWLEDGED (eyes>0 but thread unresolved) - REPLIED (reply exists but thread unresolved) Function queries Get-UnresolvedReviewThreads to identify threads where isResolved=false, then filters bot comments matching either: - reactions.eyes = 0 (unacknowledged), OR - comment ID in unresolved thread list (acknowledged but unresolved) This addresses the gap where PR #365 showed "all comments acknowledged" but threads remained open. Get-UnacknowledgedComments detects NEW state only; Get-UnaddressedComments detects all incomplete states. Implements TASK-004 from acknowledged-vs-resolved feature plan. Refs: TASK-004, #402 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): distinguish unresolved threads from unacknowledged comments TASK-006: Update PR classification to use Get-UnaddressedComments - Replace Get-UnacknowledgedComments call with Get-UnaddressedComments - Rename $unacked variable to $unaddressed for clarity - Preserve Get-UnacknowledgedComments function for backward compatibility TASK-007: Add granular ActionRequired reason classification - UNRESOLVED_THREADS: Acknowledged but thread not resolved - UNACKNOWLEDGED: Comments lacking eyes reaction - UNRESOLVED_THREADS+UNACKNOWLEDGED: Both conditions present This enables PR maintenance output to distinguish between comments that need acknowledgment vs threads that need resolution, improving triage. Refs: .agents/planning/tasks-acknowledged-vs-resolved.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(protocol): add acknowledged vs resolved glossary and lifecycle model Add documentation for the comment lifecycle model that distinguishes between acknowledgment (eyes reaction) and resolution (thread marked resolved in GitHub). This addresses the root cause of PR #365 where 5 acknowledged but unresolved comments were incorrectly classified as "no action needed." - Add glossary entry defining Acknowledged, Resolved, and Unaddressed - Add Comment Lifecycle Model section with state transition diagram - Document detection functions and their purposes - Add ActionRequired reason field reference table - Reference PR #365 as motivating example TASK-011: Glossary entry complete TASK-012: Lifecycle section complete TASK-013: Function docstrings verified (already comprehensive) Refs: TASK-011, TASK-012, TASK-013 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add acknowledged vs resolved planning and validation artifacts Planning: - PRD for acknowledged vs resolved gap fix - Task breakdown (13 tasks across 3 milestones) - Implementation prompts for each task Validation: - PRD critique: [APPROVED] - Implementation critique: [APPROVED_WITH_CONDITIONS] 86/100 - QA report: [PASS] - Live validation with PR #365 and #438 - Security review: [APPROVED] - No blocking issues - Gap diagnostics with Five Whys analysis Retrospective: - Root cause: Semantic confusion (acknowledgment ≠ resolution) - 4 skills extracted (Design-008, Implementation-006, Testing-007/008) - Memory files for lifecycle modeling patterns 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add unit tests for Get-UnresolvedReviewThreads and Get-UnaddressedComments Add comprehensive Pester tests covering: Get-UnresolvedReviewThreads (9 tests): - Returns unresolved threads correctly - Returns empty for all resolved/no threads/null - Handles GraphQL API failure gracefully - Handles JSON parse failure gracefully - Filters mixed resolved/unresolved threads - Extracts databaseId from thread comments - PR #365 equivalent fixture (5 threads) Get-UnaddressedComments (13 tests): - Returns NEW state comments (eyes=0) - Returns ACKNOWLEDGED state comments (eyes>0, unresolved) - Returns empty when all addressed - Handles null/empty Comments parameter - Uses pre-fetched Comments without API call - Filters out non-bot comments - Mixed state handling (Fixture 3 from PRD) - PR #365 equivalent (5 acknowledged but unresolved) - Fully resolved PR fixture Addresses technical debt from TASK-003 and TASK-005 in .agents/planning/tasks-acknowledged-vs-resolved.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(agents): add PR #365 remediation artifacts Planning and critique artifacts from PR #365 fix workflow: - PRD-pr365-remediation.md: Product requirements document - tasks-pr365-remediation.md: 14 atomic tasks breakdown - 001-pr365-remediation-critique.md: Critic validation - PR-402-gap5-analysis-critique.md: Gap analysis critique - Updated gap diagnostics with resolution status 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(skills): add merge-resolver skill for conflict resolution Skill for intelligently resolving merge conflicts using git history: - Fetches PR context and identifies conflicted files - Uses git blame and commit history to infer developer intent - Applies resolution strategies based on change type - Combines non-conflicting changes when appropriate 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): wrap Get-SimilarPRs result in array for Count check PowerShell unwraps single-element arrays and returns $null for empty arrays in some contexts. Wrapping in @() ensures .Count property exists. Fixes: - Returns empty array when no similar PRs - Excludes same PR number from results 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(session): add Protocol Compliance section to session-87 The session protocol validator requires a Protocol Compliance section with checkboxes. Added: - Protocol Compliance section with subagent context notes - Updated Session End Checklist with all items checked 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(session): mark Protocol Compliance items complete in session-88 * fix(session): use canonical Session End Checklist format for sessions 88 and 89 * test(pr-maintenance): add tests for TotalPRs and GITHUB_STEP_SUMMARY (Issue #400) Address QA WARN issues from PR review: - Add tests for TotalPRs property (3 tests) - Add tests for GITHUB_STEP_SUMMARY output data (3 tests) - Error handling already present with try/catch Tests cover: - TotalPRs set to 0 when no open PRs - TotalPRs set correctly for multiple PRs - TotalPRs equals Processed for single PR - Results hashtable contains all step summary keys - ActionRequired count is 0 when no action needed - Blocked count is 0 when no PRs blocked --------- Co-authored-by: rjmurillo[bot] <rjmurillo-bot@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
rjmurillo
added a commit
that referenced
this pull request
Dec 27, 2025
…, #402) (#453) * fix(ci): add visibility message when PR maintenance processes 0 PRs Closes #400 When the PR maintenance workflow runs and finds no PRs requiring automated action, users couldn't tell why "0 PRs processed" appeared. This adds a GITHUB_STEP_SUMMARY message explaining: - Total PRs scanned - Actions taken (comments acknowledged, conflicts resolved) - Why no actions were needed (normal when awaiting human review) Changes: - Add TotalPRs to results for visibility reporting - Add step summary output in GitHub Actions context - Explain "no actions" scenario (awaiting review, no bot comments) This is the minimal fix that was attempted in PR #395, which scope- exploded to 847 lines. This fix is 42 lines as intended. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: Distinguish bot vs human PRs for CHANGES_REQUESTED handling BREAKING CHANGE: Bot-authored PRs with CHANGES_REQUESTED are no longer skipped as "blocked". They are now tracked separately in ActionRequired for agent intervention via pr-comment-responder. The previous logic incorrectly treated ALL CHANGES_REQUESTED PRs as "blocked, needs human action". This was wrong for bot-authored PRs: - Human-authored PR with CHANGES_REQUESTED: Truly blocked, human must act - Bot-authored PR with CHANGES_REQUESTED: Agent should address feedback Changes: - Add Test-IsBotAuthor helper function with documented bot patterns - Update Invoke-PRMaintenance to distinguish bot vs human authors - Add ActionRequired list to results for bot PRs needing attention - Update GITHUB_STEP_SUMMARY to list actionable bot PRs - Add 7 tests for Test-IsBotAuthor function - Create memory: pr-changes-requested-semantics Evidence: PRs #247, #246, #235 were incorrectly skipped when they had CHANGES_REQUESTED from human reviewers on bot-authored code. See: Issue #400, pr-changes-requested-semantics memory 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: Add nuanced bot categorization for CHANGES_REQUESTED handling Different bot types require different actions when CHANGES_REQUESTED: - agent-controlled (rjmurillo-bot): Use /pr-review via pr-comment-responder - mention-triggered (copilot-swe-agent): Add @copilot comment - command-triggered (dependabot[bot]): Use @dependabot commands - unknown-bot: Requires manual review Changes: - Add Get-BotAuthorInfo function with category, action, and mention fields - Refactor Test-IsBotAuthor to use Get-BotAuthorInfo - Update console output to group by category with specific actions - Update GITHUB_STEP_SUMMARY with category-specific recommended actions - Add 9 tests for Get-BotAuthorInfo covering all categories - Update memory with nuanced handling documentation Evidence: copilot-swe-agent PRs need @copilot mention to act, unlike agent-controlled bots that can be addressed directly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: Run maintenance tasks regardless of CHANGES_REQUESTED status CHANGES_REQUESTED status only indicates who can address reviewer feedback. Maintenance tasks should ALWAYS run: - Resolve merge conflicts (keeps PR mergeable) - Acknowledge bot comments (shows engagement) - Check for similar PRs (informational) Previously, human-authored PRs with CHANGES_REQUESTED were skipped entirely. Now they are processed for maintenance but listed as Blocked for feedback. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: Cross-reference bot pattern memories (DRY) Update pr-changes-requested-semantics memory and Get-BotAuthorInfo to reference existing bot-specific pattern memories instead of duplicating information: - cursor-bot-review-patterns: 100% actionable signal - copilot-pr-review: 21% signal, high false positive rate - copilot-follow-up-pr: Sub-PR creation behavior - coderabbit-config-strategy: 66% noise, path_instructions This keeps the memories DRY while providing clear cross-references. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address PR review comments on bot handling - Fix $agentControlled.PR array access bug (use ForEach-Object) - Fix backtick escaping in markdown inline code - Improve 'no actions' explanation accuracy (Gemini feedback) - Add try-catch for GITHUB_STEP_SUMMARY file write (Copilot suggestion) Addresses review comments: 2646510037, 2647190844, 2647173696, 2647160627 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add bot author feedback protocol documentation Create comprehensive protocol documentation with mermaid diagrams per review feedback. Updates memory to reference new documentation. - Add decision flow diagram for CHANGES_REQUESTED handling - Add state machine diagram for PR processing - Document bot category detection logic - Add github-actions limitation (cannot respond to mentions) - Cross-reference related memories Addresses review comment: 2647285889 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: correct bot author feedback protocol decision flow Per reviewer feedback, corrected the protocol: - Blocked list only for human PRs with NO action toward @rjmurillo-bot - rjmurillo-bot triggers: PR author OR reviewer assignment OR mention - Mention-triggered: process ONLY the mentioned comment - Maintenance limited to merge conflict resolution only - Eyes reaction only when bot will take action - Prerequisites: must follow SESSION-PROTOCOL.md before any work - Merge conflicts: get last 10 commits for context 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: update bot activation logic per corrected protocol - Eyes reaction only when rjmurillo-bot takes action: - Bot authored PR: acknowledge all comments - Otherwise: only acknowledge @rjmurillo-bot mentions - Blocked list only for human PRs with NO @rjmurillo-bot mention - Human PRs with @rjmurillo-bot mention: add to ActionRequired - Update comments to reference protocol documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: update workflow * fix: correct mermaid flowchart syntax errors - Remove duplicate E-->|No| edges - Remove orphaned J-->K nodes - Fix consistent spacing in edge labels 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: align protocol sections with corrected flowchart - Update Activation Triggers table to show CHANGES_REQUESTED column - Rewrite State Machine diagram to match flowchart logic - Rename Bot Categories to PR Author Categories with role-based actions - Update Anti-Patterns with RIGHT/WRONG examples for new flow - Remove outdated Blocked List section (not in flowchart) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: implement corrected bot author feedback protocol Implements the decision flow from bot-author-feedback-protocol.md: ## Protocol Changes - rjmurillo-bot activates when: PR author, added as reviewer, or @mentioned - CHANGES_REQUESTED only triggers /pr-review when bot is author or reviewer - @mention → process ONLY that comment, add eyes only to that comment - Maintenance = merge conflict resolution only - Eyes reaction only when bot will take action ## Implementation - Add `reviewRequests` to Get-OpenPRs query - Add `Test-IsBotReviewer` function for reviewer detection - Rewrite main loop to match protocol flowchart - Add 6 tests for Test-IsBotReviewer function Relates-to: #400 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address cursor[bot] and rjmurillo review feedback ## cursor[bot] fixes (100% signal) - Reclassify github-actions as 'non-responsive' instead of 'agent-controlled' These accounts cannot respond to comments/mentions - Add Author field to UNRESOLVABLE_CONFLICTS blocked items Fixes malformed log output "PR #X by : UNRESOLVABLE_CONFLICTS" ## rjmurillo feedback - Simplify memory to reference canonical documentation - Memory now points to .agents/architecture/bot-author-feedback-protocol.md ## Test updates - Update github-actions tests to expect 'non-responsive' category - 149 tests pass, 0 failed, 1 skipped Addresses PR #402 review comments 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address Copilot review feedback ## Bug Fixes - Move $role variable definition before if/else block (was undefined in else branch) - Fix section headers to say "PRs Requiring Action" instead of "Bot PRs with CHANGES_REQUESTED" (ActionRequired list includes both CHANGES_REQUESTED and MENTION items) ## Documentation - Fix mermaid grammar: "Are CHANGES_REQUESTED" -> "CHANGES_REQUESTED?" ## Notes on Copilot Feedback - $isBotAuthor logic is intentional: checks for 'agent-controlled' category specifically (other bots like copilot-swe-agent are 'mention-triggered', handled separately) - Out-File already has error handling in try/catch block Addresses Copilot comments on PR #402 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: expand bot-author-feedback-protocol with operational guidance Add comprehensive operational sections based on multi-agent analysis: - Quick Start: invocation examples for automated, manual, and agent execution - Prerequisites: required tools with version checks and permissions - Acceptance Criteria: GIVEN/WHEN/THEN format for all 4 scenarios - Auto-Resolvable Conflicts: file patterns using --theirs strategy - Handoff: Script to Agent: output interpretation and next steps - What "Process Comments" Means: concrete 4-step definition - Bot Categories: extended table with examples and behavior - Error Recovery: 4 scenarios with recovery procedures - Logs and Debugging: locations, commands, exit codes - Success Metrics: baseline performance and alert thresholds - Glossary: 6 key terms defined This enables an amnesiac agent to execute the protocol without prior context by providing complete operational documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address copilot review feedback on API efficiency and test coverage Fixes based on copilot-pull-request-reviewer comments: 1. API Call Optimization: - Modified Get-UnacknowledgedComments to accept pre-fetched comments - Pass $comments array to avoid duplicate Get-PRComments calls - Reuse $mentionedComments instead of re-fetching 2. Human PRs with CHANGES_REQUESTED: - Track in Blocked list with category 'human-blocked' for visibility - These were previously not tracked, reducing visibility 3. ActionRequired Test Coverage: - Added 4 new test contexts for ActionRequired/Blocked collection - Bot author with CHANGES_REQUESTED -> ActionRequired - Bot reviewer with CHANGES_REQUESTED -> ActionRequired - Bot mentioned -> ActionRequired with 'mention-triggered' - Human with CHANGES_REQUESTED -> Blocked with 'human-blocked' 4. Backtick Escaping: - Fixed inline code using 2 backticks instead of non-standard 4 All 154 tests pass (1 skipped). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * Rename $isBotAuthor to $isAgentControlledBot for clarity (#437) Merge derivative PR from copilot-swe-agent into parent PR #402 branch. Renamed $isBotAuthor → $isAgentControlledBot for clarity. * fix: address agent review feedback and add derivative PR protocol ## Agent Recommendations Incorporated **QA Agent P0**: Added error handling tests - Test for Get-PRComments exception handling - Test for continuation after API failure - 157 tests now pass **Critic Agent**: APPROVED - all changes complete and correct **DevOps Agent**: PASS - backward compatible, 50% API reduction **Security Agent**: PASS - no vulnerabilities found ## Protocol Updates **Derivative PRs**: Added new section documenting: - What derivative PRs are (bot-spawned PRs targeting feature branches) - Detection criteria (baseRefName != main + bot author) - Handling workflow with mermaid diagram - Race condition risk and mitigation - Script integration requirements Example: PR #437 from copilot-swe-agent targeting PR #402's branch 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: update mermaid diagrams with derivative PR handling Both flowchart and state machine diagrams now include: - CheckDerivatives state after conflict resolution - ReportDerivatives action for ActionRequired output - Clear flow showing derivative PR detection before END Addresses diagram consistency with the Derivative PRs section added in 9e18f23. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(qa): add bot-author-feedback-protocol PR assessment QA evaluation of 50 closed PRs against the protocol workflows: ## Findings - Protocol Coverage: 75% (38/50 PRs handled correctly) - Automation Gap: 25% (12/50 PRs required manual intervention) - Compliance Rate: 100% (0 protocol violations) ## Key Gap Derivative PRs from copilot-swe-agent (11 PRs, 22% of sample) require manual intervention. Protocol documents but does not automate detection, linking, or parent merge blocking. ## Recommendations - P0: Implement derivative PR detection in maintenance script - P0: Add derivative PRs to ActionRequired output - P0: Block parent merge when derivatives pending 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(P0): implement derivative PR detection in maintenance script Implements P0 recommendations from bot-author-feedback-protocol assessment: ## New Functions - `Get-DerivativePRs`: Detects PRs targeting feature branches (not main) from mention-triggered bots (e.g., copilot-swe-agent) - `Get-PRsWithPendingDerivatives`: Correlates derivatives with parent PRs by matching target branch to head branch ## Integration - Derivative PRs added to ActionRequired with PENDING_DERIVATIVES reason - Parents with derivatives shown with warning in GitHub step summary - Console output includes derivative count in summary ## Test Coverage - 8 new tests covering derivative detection scenarios - Tests for copilot branch naming pattern extraction - Tests for parent-derivative correlation logic Closes P0 items from .agents/critique/bot-author-feedback-protocol-pr-assessment.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: align mermaid diagrams with derivative PR implementation Updates flowchart TD and state machine diagrams to reflect actual implementation where derivative detection happens at the BEGINNING (after fetching PRs) rather than at the END (after maintenance). ## Flowchart Changes - Starts with "Fetch Open PRs" → "Derivative PRs?" - Detection and linking happen before individual PR processing - Clearer flow: Detect → Link → Add to ActionRequired → Process ## State Machine Changes - New states: FetchPRs, DetectDerivatives, LinkToParents - AddToActionRequired reports PENDING_DERIVATIVES - ProcessPRs loops through each PR individually - NextPR handles iteration vs completion Also updates pr-changes-requested-semantics Serena memory to include derivative PR detection section. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add session artifacts and skillbook memories ## Session Artifacts - critique/402-pr-maintenance-visibility-critique.md - qa/402-pr-maintenance-test-coverage-analysis.md - sessions/2025-12-26-session-87-pr402-devops-review.md ## Skillbook Memories - quality-shift-left-gate.md: 6-agent consultation pattern - quality-agent-remediation.md: P0/P1 remediation requirements ## Memory Updates - pr-changes-requested-semantics.md: Added derivative PR section - skills-quality-index.md: Indexed new quality skills 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address agent P0 feedback for amnesiac readiness Agent review findings addressed: ## Critic P0 (all resolved) - Add invocation decision tree to protocol - Document Category filter in derivative PR detection - Add non-responsive bot category to memory - Sync exit code documentation with workflow status ## DevOps P0 (resolved) - Add actions:read permission to pr-maintenance.yml ## QA P0 (resolved) - Add Scenario 4 tests: no bot involvement (maintenance only) - Add Scenario 4b tests: conflict resolution without bot - Fix null-safety for Get-SimilarPRs return value All 171 tests pass (170 passed + 1 skipped). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: PR maintenance authority enhancement planning artifacts Multi-agent workflow for PR maintenance gap analysis and remediation: ## Gap Analysis - 4 gaps identified affecting 6 PRs (#365, #353, #301, #255, #247, #235) - Gap 1: Bot PRs with conflicts wrongly blocked - Gap 2: Unaddressed comments not triggering action - Gap 3: Copilot synthesis missing for @copilot PRs - Gap 4: Duplicate PR entries in ActionRequired + Blocked ## PRD (Iteration 2 - Critic Approved) - 5 user stories (Story 3 split into 3a + 3b per INVEST) - Negative acceptance criteria added - Technical requirements with line numbers ## Task List - 17 atomic tasks in 6 phases - Prompts added for amnesiac agent execution - Critic flagged 11/17 for revision (pending) ## Retrospective - 71% success rate on planning workflow - Key pattern: critic-explainer iteration loop effective - Learning: apply same iteration to task generation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: revise task prompts for amnesiac agent execution Critic review identified 11/17 prompts needing revision for self-containment. All prompts now approved for implementation. ## Revisions Made - Task 1.3: Added exact search pattern and BEFORE/AFTER blocks - Task 2.2: Added case-insensitive matching (-imatch/-inotmatch) - Task 3.2: Added $results initialization location (line 1180) - Tasks 5.1-5.6: Documented test file creation, correct invocation pattern - Task 5.7: Added absolute path, skip conditions for closed PRs - Tasks 6.1, 6.2: Added search patterns, file existence handling ## Verification - All prompts specify absolute file paths - All prompts include search patterns or line numbers - All prompts have verification steps - Critic verdict: APPROVED FOR IMPLEMENTATION 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): route bot PRs with conflicts to ActionRequired Task 1.1: Bot-authored PRs with unresolvable conflicts now go to ActionRequired instead of Blocked, since the bot has full authority to manually resolve conflicts via /pr-review. Human-authored PRs with conflicts still go to Blocked (existing behavior). Addresses Gap 1 from diagnostics. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): trigger action on unaddressed comments Tasks 1.2 + 1.3: Bot-authored PRs now trigger action when: - reviewDecision = CHANGES_REQUESTED (existing), OR - Unaddressed bot comments exist (count > 0) (new) Changes: - Move Get-UnacknowledgedComments before action determination - Expand trigger condition to include unaddressed comments - Add UnaddressedCount property to ActionRequired entry - Use UNADDRESSED_COMMENTS reason when reviewDecision is not CHANGES_REQUESTED - Reuse $unacked variable for acknowledgment loop (no duplicate API call) Addresses Gap 2 from diagnostics. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): detect copilot-swe-agent PRs Task 2.1: Add detection for copilot-swe-agent PRs where rjmurillo-bot is a reviewer. This enables synthesis workflow for delegating feedback to @copilot. Detection triggers when: - rjmurillo-bot is a reviewer on the PR - Author login matches 'copilot' pattern (case-insensitive) - Author bot category is 'mention-triggered' 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): collect other bot comments for copilot synthesis Task 2.2: When a copilot-swe-agent PR is detected, collect comments from other review bots (coderabbitai, cursor[bot], gemini-code-assist) for synthesis. Changes: - Filter comments using case-insensitive matching (-imatch/-inotmatch) - Add COPILOT_SYNTHESIS_NEEDED to ActionRequired when other bot comments exist - Skip synthesis if 0 other bot comments (edge case) - Separate copilot PR handling from normal agent-controlled PR flow Addresses Gap 3 from diagnostics (partial - synthesis function next). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): add Invoke-CopilotSynthesis function (Task 3.1) Create function to generate @copilot synthesis prompts from bot comments: - Groups comments by bot author (coderabbitai, cursor[bot], gemini) - Generates markdown with linked summaries (truncated at 100 chars) - Formats prompt directing @copilot to address issues Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): post synthesis prompt as PR comment (Task 3.2) Integrate Invoke-CopilotSynthesis function to post @copilot prompts: - Add SynthesisPosted counter to $results initialization - Generate synthesis prompt from collected bot comments - Post prompt as PR comment via gh pr comment - Support DryRun mode for testing - Track posted syntheses in results Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): implement single list guarantee (Task 4.1) Add deduplication check before adding PRs to Blocked or ActionRequired: - Check if PR already exists in ActionRequired before adding - If exists, update existing entry with HasConflicts flag - Append '+ resolve conflicts' to existing Action - Ensures no PR appears in both lists Priority order: ActionRequired > Blocked (ActionRequired takes precedence) Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add unit tests for bot authority (Tasks 5.1-5.6) Create unit test file with 6 tests: - Bot PR conflicts go to ActionRequired (not Blocked) - Unaddressed comments trigger action without CHANGES_REQUESTED - Copilot PR synthesis detection and comment collection - Deduplication: PR appears in one list only - Human PR conflicts go to Blocked (regression test) - Copilot PR with no other bot comments skips synthesis Also adds $DryRun parameter to Invoke-PRMaintenance to support test mocking of the synthesis posting feature. Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add integration tests (Task 5.7) Create integration test file that tests against real PRs: - Verifies bot PRs with conflicts go to ActionRequired - Verifies copilot PR triggers synthesis workflow - Verifies no PR appears in both ActionRequired and Blocked Tests use -Skip when target PRs are closed. Uses -DryRun to avoid posting comments during test. Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(pr-maintenance): document copilot synthesis workflow (Tasks 6.1-6.2) Update protocol documentation: - Add "Reviewer on Copilot PR" row to activation triggers table - Add Copilot Synthesis Workflow section with trigger conditions - Document authority boundary for mention-triggered PRs - Show synthesis prompt format Update pr-changes-requested-semantics memory: - Add copilot synthesis activation trigger - Add copilot synthesis section with workflow summary Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * qa: add test validation report for PR #402 Add comprehensive QA validation for PR maintenance workflow enhancement: Test Execution Results: - Unit tests: 6/6 passing - Integration tests: 0/2 passing (1 skip, 2 fail due to bug) - Total execution time: 5.47s Critical Issues (P0 - blocking): 1. Integration test bug at line 14-15 (PropertyNotFoundException) 2. Multi-PR deduplication not tested at scale 3. Conflict + CHANGES_REQUESTED interaction path untested Important Gaps (P1 - follow-up acceptable): 4. Bot category coverage: 3 of 6 categories untested 5. Synthesis edge cases: Large comment counts, failure handling 6. Mock verification: No Should -Invoke assertions Nice to Have (P2 - future enhancement): 7. Derivative PR workflow (~200 LOC untested) 8. Error resilience testing Verdict: NEEDS WORK - Fix P0 issues before merge Deliverables: - Test report: .agents/qa/402-pr-maintenance-test-report.md - Gap analysis with code examples: .agents/qa/402-test-gap-analysis.md - Session log: .agents/sessions/2025-12-26-session-01-pr-402-qa-validation.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: finalize QA session log with commit evidence * fix(pr-maintenance): address QA and security findings QA fixes: - Fix integration test PropertyNotFoundException (use ForEach-Object) Security fixes: - Anchor bot login regex to prevent partial matches - Regex now uses ^...$ pattern for exact matching - Matches coderabbitai, coderabbitai[bot], cursor[bot], gemini-code-assist[bot] Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): resolve double-nested array issue in Get-SimilarPRs The combination of Write-Output -NoEnumerate in the function and @() wrapper at the call site created a double-nested array structure. When iterating, foreach received the entire inner array as a single item instead of individual PSCustomObject elements. Changes: - Remove Write-Output -NoEnumerate from Get-SimilarPRs function - Use simple return statements instead - Change hashtable to PSCustomObject with lowercase property names - Add DryRun parameter at script level (was missing from param block) - Pass DryRun through to Invoke-PRMaintenance function call Root cause: Mocks used PascalCase properties that matched the code, but the real GitHub API returns lowercase. Static analysis passed but actual execution revealed the runtime issue. Lesson: Integration testing against real APIs is essential to catch casing and structure issues that mocks cannot reveal. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(retrospective): analyze PR #402 double-nested array debug session Comprehensive retrospective analysis of debugging session for commit 526f551 which fixed double-nested array bug in Get-SimilarPRs function. Analysis Findings: - Root cause: Write-Output -NoEnumerate + @() wrapper = double-nesting - Unit tests passed (100% coverage) but runtime failed on all 15 PRs - Mock fidelity gap: Tests used PascalCase, API returned lowercase - Testing gap: No integration tests for GitHub API calls Extracted Learnings (4 skills, all ≥90% atomicity): - Skill-PowerShell-004: Array return pattern (95%) - Skill-Testing-003: Integration test requirement (92%) - Skill-Testing-006: Mock structure fidelity (93%) - Skill-Testing-004: Type assertions (90%) Process Improvements: - Add integration tests for external API calls - Validate mocks match actual API response structure - Assert returned object types not just values - Document PowerShell array handling best practices Artifacts: - .agents/retrospective/402-double-nested-array-debug.md (comprehensive analysis) - .serena/memories/powershell-array-handling.md (array patterns) - .serena/memories/testing-mock-fidelity.md (testing requirements) - .serena/memories/retrospective-2025-12-26.md (session index) Related: PR #402, commit 526f551 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(session): complete session log for PR #402 retrospective * docs(protocol): convert ASCII decision tree to Mermaid diagram Convert the invocation decision tree from ASCII art (using ├─ └─) to a proper Mermaid flowchart for better rendering in GitHub and other Markdown viewers. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(docs): escape special characters in Mermaid diagram Fix Mermaid rendering error by: - Adding quotes around node labels with special characters - Removing leading slash from /pr-review (use "pr-review skill") - Simplifying <br/> to <br> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): implement Get-UnaddressedComments function Add function to detect bot comments in any unresolved state: - NEW (unacknowledged, eyes=0) - ACKNOWLEDGED (eyes>0 but thread unresolved) - REPLIED (reply exists but thread unresolved) Function queries Get-UnresolvedReviewThreads to identify threads where isResolved=false, then filters bot comments matching either: - reactions.eyes = 0 (unacknowledged), OR - comment ID in unresolved thread list (acknowledged but unresolved) This addresses the gap where PR #365 showed "all comments acknowledged" but threads remained open. Get-UnacknowledgedComments detects NEW state only; Get-UnaddressedComments detects all incomplete states. Implements TASK-004 from acknowledged-vs-resolved feature plan. Refs: TASK-004, #402 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): distinguish unresolved threads from unacknowledged comments TASK-006: Update PR classification to use Get-UnaddressedComments - Replace Get-UnacknowledgedComments call with Get-UnaddressedComments - Rename $unacked variable to $unaddressed for clarity - Preserve Get-UnacknowledgedComments function for backward compatibility TASK-007: Add granular ActionRequired reason classification - UNRESOLVED_THREADS: Acknowledged but thread not resolved - UNACKNOWLEDGED: Comments lacking eyes reaction - UNRESOLVED_THREADS+UNACKNOWLEDGED: Both conditions present This enables PR maintenance output to distinguish between comments that need acknowledgment vs threads that need resolution, improving triage. Refs: .agents/planning/tasks-acknowledged-vs-resolved.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(protocol): add acknowledged vs resolved glossary and lifecycle model Add documentation for the comment lifecycle model that distinguishes between acknowledgment (eyes reaction) and resolution (thread marked resolved in GitHub). This addresses the root cause of PR #365 where 5 acknowledged but unresolved comments were incorrectly classified as "no action needed." - Add glossary entry defining Acknowledged, Resolved, and Unaddressed - Add Comment Lifecycle Model section with state transition diagram - Document detection functions and their purposes - Add ActionRequired reason field reference table - Reference PR #365 as motivating example TASK-011: Glossary entry complete TASK-012: Lifecycle section complete TASK-013: Function docstrings verified (already comprehensive) Refs: TASK-011, TASK-012, TASK-013 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add acknowledged vs resolved planning and validation artifacts Planning: - PRD for acknowledged vs resolved gap fix - Task breakdown (13 tasks across 3 milestones) - Implementation prompts for each task Validation: - PRD critique: [APPROVED] - Implementation critique: [APPROVED_WITH_CONDITIONS] 86/100 - QA report: [PASS] - Live validation with PR #365 and #438 - Security review: [APPROVED] - No blocking issues - Gap diagnostics with Five Whys analysis Retrospective: - Root cause: Semantic confusion (acknowledgment ≠ resolution) - 4 skills extracted (Design-008, Implementation-006, Testing-007/008) - Memory files for lifecycle modeling patterns 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add unit tests for Get-UnresolvedReviewThreads and Get-UnaddressedComments Add comprehensive Pester tests covering: Get-UnresolvedReviewThreads (9 tests): - Returns unresolved threads correctly - Returns empty for all resolved/no threads/null - Handles GraphQL API failure gracefully - Handles JSON parse failure gracefully - Filters mixed resolved/unresolved threads - Extracts databaseId from thread comments - PR #365 equivalent fixture (5 threads) Get-UnaddressedComments (13 tests): - Returns NEW state comments (eyes=0) - Returns ACKNOWLEDGED state comments (eyes>0, unresolved) - Returns empty when all addressed - Handles null/empty Comments parameter - Uses pre-fetched Comments without API call - Filters out non-bot comments - Mixed state handling (Fixture 3 from PRD) - PR #365 equivalent (5 acknowledged but unresolved) - Fully resolved PR fixture Addresses technical debt from TASK-003 and TASK-005 in .agents/planning/tasks-acknowledged-vs-resolved.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(agents): add PR #365 remediation artifacts Planning and critique artifacts from PR #365 fix workflow: - PRD-pr365-remediation.md: Product requirements document - tasks-pr365-remediation.md: 14 atomic tasks breakdown - 001-pr365-remediation-critique.md: Critic validation - PR-402-gap5-analysis-critique.md: Gap analysis critique - Updated gap diagnostics with resolution status 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(skills): add merge-resolver skill for conflict resolution Skill for intelligently resolving merge conflicts using git history: - Fetches PR context and identifies conflicted files - Uses git blame and commit history to infer developer intent - Applies resolution strategies based on change type - Combines non-conflicting changes when appropriate 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): wrap Get-SimilarPRs result in array for Count check PowerShell unwraps single-element arrays and returns $null for empty arrays in some contexts. Wrapping in @() ensures .Count property exists. Fixes: - Returns empty array when no similar PRs - Excludes same PR number from results 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(session): add Protocol Compliance section to session-87 The session protocol validator requires a Protocol Compliance section with checkboxes. Added: - Protocol Compliance section with subagent context notes - Updated Session End Checklist with all items checked 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(session): mark Protocol Compliance items complete in session-88 * fix(session): use canonical Session End Checklist format for sessions 88 and 89 * test(pr-maintenance): add tests for TotalPRs and GITHUB_STEP_SUMMARY (Issue #400) Address QA WARN issues from PR review: - Add tests for TotalPRs property (3 tests) - Add tests for GITHUB_STEP_SUMMARY output data (3 tests) - Error handling already present with try/catch Tests cover: - TotalPRs set to 0 when no open PRs - TotalPRs set correctly for multiple PRs - TotalPRs equals Processed for single PR - Results hashtable contains all step summary keys - ActionRequired count is 0 when no action needed - Blocked count is 0 when no PRs blocked * refactor(memory): rename skills to ADR-017 naming convention Renamed skills to follow `skill-{domain}-{NNN}-{description}` format: - ci-error-investigation-pattern → skill-ci-004-error-message-investigation - analysis-verify-codebase-state → skill-analysis-004-verify-codebase-state Updated domain indexes: - skills-ci-infrastructure-index: point to skill-ci-004 - skills-analysis-index: point to skill-analysis-004 Skill content preserved; only file names and index references changed. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(pr-maintenance): slim script to discovery/classification only Transform Invoke-PRMaintenance.ps1 from monolithic processor (~2000 lines) to thin orchestration layer (~730 lines) that only does PR discovery and classification for GitHub Actions matrix consumption. ## Architecture Changes - Extract conflict resolution to .claude/skills/merge-resolver/scripts/ - Extract comment functions to .claude/skills/github/scripts/pr/ - Add -OutputJson parameter for workflow matrix consumption - Add Phase 1.5 Copilot Synthesis to pr-comment-responder ## New Files - Resolve-PRConflicts.ps1: Worktree-based conflict resolution - Get-UnresolvedReviewThreads.ps1: GraphQL thread resolution query - Get-UnaddressedComments.ps1: NEW/ACKNOWLEDGED/REPLIED lifecycle detection ## Workflow Changes - 3-job matrix strategy: discover-prs -> resolve-conflicts -> summarize - Parallel PR processing with max-parallel: 3 - JSON output format for matrix consumption ## Removed from Script - Comment acknowledgment (moved to pr-comment-responder) - Conflict resolution (moved to merge-resolver skill) - Synthesis posting (moved to pr-comment-responder) - All per-PR processing mutations Tests: 34 pass, 0 fail 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(skills): add unit tests for extracted skill functions Addresses QA agent CRITICAL_FAIL - extracted skill functions now have test coverage matching the established pattern in the codebase. ## Tests Added (124 total) - Get-UnresolvedReviewThreads.Tests.ps1 (32 tests) - Script syntax validation - GraphQL operations - Lifecycle model compliance - Skill-PowerShell-002 compliance - Get-UnaddressedComments.Tests.ps1 (48 tests) - Parameter definitions - Lifecycle state detection (NEW/ACKNOWLEDGED/REPLIED) - Thread resolution integration - API fallback behavior - Resolve-PRConflicts.Tests.ps1 (44 tests) - ADR-015 security validation patterns - Branch name injection prevention - Worktree path traversal prevention - Auto-resolvable files configuration - GitHub runner detection All tests use static analysis pattern (script content matching) consistent with existing skill tests. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci: auto-assign rjmurillo-bot as reviewer on all PRs Adds workflow that automatically requests review from rjmurillo-bot when PRs are opened or reopened. This enables the bot to: - Receive review requests for PR comment response - Trigger pr-comment-responder workflow - Provide automated code review Skips self-assignment when bot is PR author. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci: add CODEOWNERS for rjmurillo-bot review assignment Assigns rjmurillo-bot as code owner for all files. GitHub will automatically request review from code owners. Note: To enforce approval before merge, enable branch protection rule: "Require review from Code Owners" 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * Revert "ci: add CODEOWNERS for rjmurillo-bot review assignment" This reverts commit fcdc6de. * fix(pr-maintenance): classify Copilot PRs as mention-triggered for @copilot synthesis ## Problem PR #247 authored by copilot-swe-agent with CHANGES_REQUESTED was being classified as "Human-authored" and blocked, when it should be actionable by rjmurillo-bot to synthesize feedback and @copilot to unblock. ## Solution - Add 'app/copilot-swe-agent' to mention-triggered bots list - Create new classification branch for mention-triggered bots that: - Does NOT require rjmurillo-bot as reviewer - Adds to ActionRequired when CHANGES_REQUESTED or HAS_CONFLICTS - Sets requiresSynthesis=true for @copilot mention workflow ## Tests - 5 new Pester tests covering positive, negative, and boundary cases - 47.7% code coverage (39 tests passing) ## Documentation - Added "Bot Categories and PR Handling" section to docs/autonomous-pr-monitor.md - Documents mention-triggered category and Copilot PR handling workflow 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): detect failing CI checks as action trigger ## Changes - Add statusCheckRollup to GraphQL query (fetches last 100 contexts) - Add Test-PRHasFailingChecks function with safe property access - Add HAS_FAILING_CHECKS as trigger for bot PRs (agent-controlled + mention-triggered) - Add human PR failing checks to Blocked classification - Fix PowerShell array unrolling in Get-SafeProperty helper ## Tests (51 passing) - 12 new tests for Test-PRHasFailingChecks: - FAILURE/ERROR/EXPECTED rollup states - CheckRun conclusions - StatusContext legacy API - Mixed context types - Null/empty safety cases ## Fixes - PR #269 now correctly classified as actionable (HAS_FAILING_CHECKS) - PR #371 no longer causes classification errors 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address GraphQL injection and input validation issues Security fixes for gemini-code-assist review findings: - Get-UnresolvedReviewThreads.ps1: Use GraphQL variables instead of string interpolation to prevent injection via Owner/Repo/PR params - Invoke-PRMaintenance.ps1: Same GraphQL variable pattern for Owner/Repo/Limit parameters - Resolve-PRConflicts.ps1: Add Test-SafeBranchName validation for TargetBranch parameter (BranchName was already validated) - Invoke-PRMaintenance.ps1: Remove file-based locking (Enter-ScriptLock, Exit-ScriptLock) per ADR-015 which mandates GitHub Actions workflow concurrency groups for singleton execution 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test: remove file-based lock tests (ADR-015) Removes tests for Enter-ScriptLock and Exit-ScriptLock functions which were deleted in the previous commit. Concurrency control is now handled by GitHub Actions workflow-level concurrency groups. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: rjmurillo[bot] <rjmurillo-bot@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com>
Contributor
PR Validation ReportNote ✅ Status: PASS Description Validation
QA Validation
⚡ Warnings
Powered by PR Validation - View Workflow |
rjmurillo
added a commit
that referenced
this pull request
Dec 27, 2025
…453) (#458) * fix(ci): add visibility message when PR maintenance processes 0 PRs Closes #400 When the PR maintenance workflow runs and finds no PRs requiring automated action, users couldn't tell why "0 PRs processed" appeared. This adds a GITHUB_STEP_SUMMARY message explaining: - Total PRs scanned - Actions taken (comments acknowledged, conflicts resolved) - Why no actions were needed (normal when awaiting human review) Changes: - Add TotalPRs to results for visibility reporting - Add step summary output in GitHub Actions context - Explain "no actions" scenario (awaiting review, no bot comments) This is the minimal fix that was attempted in PR #395, which scope- exploded to 847 lines. This fix is 42 lines as intended. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: Distinguish bot vs human PRs for CHANGES_REQUESTED handling BREAKING CHANGE: Bot-authored PRs with CHANGES_REQUESTED are no longer skipped as "blocked". They are now tracked separately in ActionRequired for agent intervention via pr-comment-responder. The previous logic incorrectly treated ALL CHANGES_REQUESTED PRs as "blocked, needs human action". This was wrong for bot-authored PRs: - Human-authored PR with CHANGES_REQUESTED: Truly blocked, human must act - Bot-authored PR with CHANGES_REQUESTED: Agent should address feedback Changes: - Add Test-IsBotAuthor helper function with documented bot patterns - Update Invoke-PRMaintenance to distinguish bot vs human authors - Add ActionRequired list to results for bot PRs needing attention - Update GITHUB_STEP_SUMMARY to list actionable bot PRs - Add 7 tests for Test-IsBotAuthor function - Create memory: pr-changes-requested-semantics Evidence: PRs #247, #246, #235 were incorrectly skipped when they had CHANGES_REQUESTED from human reviewers on bot-authored code. See: Issue #400, pr-changes-requested-semantics memory 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: Add nuanced bot categorization for CHANGES_REQUESTED handling Different bot types require different actions when CHANGES_REQUESTED: - agent-controlled (rjmurillo-bot): Use /pr-review via pr-comment-responder - mention-triggered (copilot-swe-agent): Add @copilot comment - command-triggered (dependabot[bot]): Use @dependabot commands - unknown-bot: Requires manual review Changes: - Add Get-BotAuthorInfo function with category, action, and mention fields - Refactor Test-IsBotAuthor to use Get-BotAuthorInfo - Update console output to group by category with specific actions - Update GITHUB_STEP_SUMMARY with category-specific recommended actions - Add 9 tests for Get-BotAuthorInfo covering all categories - Update memory with nuanced handling documentation Evidence: copilot-swe-agent PRs need @copilot mention to act, unlike agent-controlled bots that can be addressed directly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: Run maintenance tasks regardless of CHANGES_REQUESTED status CHANGES_REQUESTED status only indicates who can address reviewer feedback. Maintenance tasks should ALWAYS run: - Resolve merge conflicts (keeps PR mergeable) - Acknowledge bot comments (shows engagement) - Check for similar PRs (informational) Previously, human-authored PRs with CHANGES_REQUESTED were skipped entirely. Now they are processed for maintenance but listed as Blocked for feedback. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: Cross-reference bot pattern memories (DRY) Update pr-changes-requested-semantics memory and Get-BotAuthorInfo to reference existing bot-specific pattern memories instead of duplicating information: - cursor-bot-review-patterns: 100% actionable signal - copilot-pr-review: 21% signal, high false positive rate - copilot-follow-up-pr: Sub-PR creation behavior - coderabbit-config-strategy: 66% noise, path_instructions This keeps the memories DRY while providing clear cross-references. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address PR review comments on bot handling - Fix $agentControlled.PR array access bug (use ForEach-Object) - Fix backtick escaping in markdown inline code - Improve 'no actions' explanation accuracy (Gemini feedback) - Add try-catch for GITHUB_STEP_SUMMARY file write (Copilot suggestion) Addresses review comments: 2646510037, 2647190844, 2647173696, 2647160627 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add bot author feedback protocol documentation Create comprehensive protocol documentation with mermaid diagrams per review feedback. Updates memory to reference new documentation. - Add decision flow diagram for CHANGES_REQUESTED handling - Add state machine diagram for PR processing - Document bot category detection logic - Add github-actions limitation (cannot respond to mentions) - Cross-reference related memories Addresses review comment: 2647285889 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: correct bot author feedback protocol decision flow Per reviewer feedback, corrected the protocol: - Blocked list only for human PRs with NO action toward @rjmurillo-bot - rjmurillo-bot triggers: PR author OR reviewer assignment OR mention - Mention-triggered: process ONLY the mentioned comment - Maintenance limited to merge conflict resolution only - Eyes reaction only when bot will take action - Prerequisites: must follow SESSION-PROTOCOL.md before any work - Merge conflicts: get last 10 commits for context 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: update bot activation logic per corrected protocol - Eyes reaction only when rjmurillo-bot takes action: - Bot authored PR: acknowledge all comments - Otherwise: only acknowledge @rjmurillo-bot mentions - Blocked list only for human PRs with NO @rjmurillo-bot mention - Human PRs with @rjmurillo-bot mention: add to ActionRequired - Update comments to reference protocol documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: update workflow * fix: correct mermaid flowchart syntax errors - Remove duplicate E-->|No| edges - Remove orphaned J-->K nodes - Fix consistent spacing in edge labels 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: align protocol sections with corrected flowchart - Update Activation Triggers table to show CHANGES_REQUESTED column - Rewrite State Machine diagram to match flowchart logic - Rename Bot Categories to PR Author Categories with role-based actions - Update Anti-Patterns with RIGHT/WRONG examples for new flow - Remove outdated Blocked List section (not in flowchart) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: implement corrected bot author feedback protocol Implements the decision flow from bot-author-feedback-protocol.md: ## Protocol Changes - rjmurillo-bot activates when: PR author, added as reviewer, or @mentioned - CHANGES_REQUESTED only triggers /pr-review when bot is author or reviewer - @mention → process ONLY that comment, add eyes only to that comment - Maintenance = merge conflict resolution only - Eyes reaction only when bot will take action ## Implementation - Add `reviewRequests` to Get-OpenPRs query - Add `Test-IsBotReviewer` function for reviewer detection - Rewrite main loop to match protocol flowchart - Add 6 tests for Test-IsBotReviewer function Relates-to: #400 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address cursor[bot] and rjmurillo review feedback ## cursor[bot] fixes (100% signal) - Reclassify github-actions as 'non-responsive' instead of 'agent-controlled' These accounts cannot respond to comments/mentions - Add Author field to UNRESOLVABLE_CONFLICTS blocked items Fixes malformed log output "PR #X by : UNRESOLVABLE_CONFLICTS" ## rjmurillo feedback - Simplify memory to reference canonical documentation - Memory now points to .agents/architecture/bot-author-feedback-protocol.md ## Test updates - Update github-actions tests to expect 'non-responsive' category - 149 tests pass, 0 failed, 1 skipped Addresses PR #402 review comments 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address Copilot review feedback ## Bug Fixes - Move $role variable definition before if/else block (was undefined in else branch) - Fix section headers to say "PRs Requiring Action" instead of "Bot PRs with CHANGES_REQUESTED" (ActionRequired list includes both CHANGES_REQUESTED and MENTION items) ## Documentation - Fix mermaid grammar: "Are CHANGES_REQUESTED" -> "CHANGES_REQUESTED?" ## Notes on Copilot Feedback - $isBotAuthor logic is intentional: checks for 'agent-controlled' category specifically (other bots like copilot-swe-agent are 'mention-triggered', handled separately) - Out-File already has error handling in try/catch block Addresses Copilot comments on PR #402 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: expand bot-author-feedback-protocol with operational guidance Add comprehensive operational sections based on multi-agent analysis: - Quick Start: invocation examples for automated, manual, and agent execution - Prerequisites: required tools with version checks and permissions - Acceptance Criteria: GIVEN/WHEN/THEN format for all 4 scenarios - Auto-Resolvable Conflicts: file patterns using --theirs strategy - Handoff: Script to Agent: output interpretation and next steps - What "Process Comments" Means: concrete 4-step definition - Bot Categories: extended table with examples and behavior - Error Recovery: 4 scenarios with recovery procedures - Logs and Debugging: locations, commands, exit codes - Success Metrics: baseline performance and alert thresholds - Glossary: 6 key terms defined This enables an amnesiac agent to execute the protocol without prior context by providing complete operational documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address copilot review feedback on API efficiency and test coverage Fixes based on copilot-pull-request-reviewer comments: 1. API Call Optimization: - Modified Get-UnacknowledgedComments to accept pre-fetched comments - Pass $comments array to avoid duplicate Get-PRComments calls - Reuse $mentionedComments instead of re-fetching 2. Human PRs with CHANGES_REQUESTED: - Track in Blocked list with category 'human-blocked' for visibility - These were previously not tracked, reducing visibility 3. ActionRequired Test Coverage: - Added 4 new test contexts for ActionRequired/Blocked collection - Bot author with CHANGES_REQUESTED -> ActionRequired - Bot reviewer with CHANGES_REQUESTED -> ActionRequired - Bot mentioned -> ActionRequired with 'mention-triggered' - Human with CHANGES_REQUESTED -> Blocked with 'human-blocked' 4. Backtick Escaping: - Fixed inline code using 2 backticks instead of non-standard 4 All 154 tests pass (1 skipped). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * Rename $isBotAuthor to $isAgentControlledBot for clarity (#437) Merge derivative PR from copilot-swe-agent into parent PR #402 branch. Renamed $isBotAuthor → $isAgentControlledBot for clarity. * fix: address agent review feedback and add derivative PR protocol ## Agent Recommendations Incorporated **QA Agent P0**: Added error handling tests - Test for Get-PRComments exception handling - Test for continuation after API failure - 157 tests now pass **Critic Agent**: APPROVED - all changes complete and correct **DevOps Agent**: PASS - backward compatible, 50% API reduction **Security Agent**: PASS - no vulnerabilities found ## Protocol Updates **Derivative PRs**: Added new section documenting: - What derivative PRs are (bot-spawned PRs targeting feature branches) - Detection criteria (baseRefName != main + bot author) - Handling workflow with mermaid diagram - Race condition risk and mitigation - Script integration requirements Example: PR #437 from copilot-swe-agent targeting PR #402's branch 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: update mermaid diagrams with derivative PR handling Both flowchart and state machine diagrams now include: - CheckDerivatives state after conflict resolution - ReportDerivatives action for ActionRequired output - Clear flow showing derivative PR detection before END Addresses diagram consistency with the Derivative PRs section added in 9e18f23. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(qa): add bot-author-feedback-protocol PR assessment QA evaluation of 50 closed PRs against the protocol workflows: ## Findings - Protocol Coverage: 75% (38/50 PRs handled correctly) - Automation Gap: 25% (12/50 PRs required manual intervention) - Compliance Rate: 100% (0 protocol violations) ## Key Gap Derivative PRs from copilot-swe-agent (11 PRs, 22% of sample) require manual intervention. Protocol documents but does not automate detection, linking, or parent merge blocking. ## Recommendations - P0: Implement derivative PR detection in maintenance script - P0: Add derivative PRs to ActionRequired output - P0: Block parent merge when derivatives pending 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(P0): implement derivative PR detection in maintenance script Implements P0 recommendations from bot-author-feedback-protocol assessment: ## New Functions - `Get-DerivativePRs`: Detects PRs targeting feature branches (not main) from mention-triggered bots (e.g., copilot-swe-agent) - `Get-PRsWithPendingDerivatives`: Correlates derivatives with parent PRs by matching target branch to head branch ## Integration - Derivative PRs added to ActionRequired with PENDING_DERIVATIVES reason - Parents with derivatives shown with warning in GitHub step summary - Console output includes derivative count in summary ## Test Coverage - 8 new tests covering derivative detection scenarios - Tests for copilot branch naming pattern extraction - Tests for parent-derivative correlation logic Closes P0 items from .agents/critique/bot-author-feedback-protocol-pr-assessment.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: align mermaid diagrams with derivative PR implementation Updates flowchart TD and state machine diagrams to reflect actual implementation where derivative detection happens at the BEGINNING (after fetching PRs) rather than at the END (after maintenance). ## Flowchart Changes - Starts with "Fetch Open PRs" → "Derivative PRs?" - Detection and linking happen before individual PR processing - Clearer flow: Detect → Link → Add to ActionRequired → Process ## State Machine Changes - New states: FetchPRs, DetectDerivatives, LinkToParents - AddToActionRequired reports PENDING_DERIVATIVES - ProcessPRs loops through each PR individually - NextPR handles iteration vs completion Also updates pr-changes-requested-semantics Serena memory to include derivative PR detection section. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add session artifacts and skillbook memories ## Session Artifacts - critique/402-pr-maintenance-visibility-critique.md - qa/402-pr-maintenance-test-coverage-analysis.md - sessions/2025-12-26-session-87-pr402-devops-review.md ## Skillbook Memories - quality-shift-left-gate.md: 6-agent consultation pattern - quality-agent-remediation.md: P0/P1 remediation requirements ## Memory Updates - pr-changes-requested-semantics.md: Added derivative PR section - skills-quality-index.md: Indexed new quality skills 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address agent P0 feedback for amnesiac readiness Agent review findings addressed: ## Critic P0 (all resolved) - Add invocation decision tree to protocol - Document Category filter in derivative PR detection - Add non-responsive bot category to memory - Sync exit code documentation with workflow status ## DevOps P0 (resolved) - Add actions:read permission to pr-maintenance.yml ## QA P0 (resolved) - Add Scenario 4 tests: no bot involvement (maintenance only) - Add Scenario 4b tests: conflict resolution without bot - Fix null-safety for Get-SimilarPRs return value All 171 tests pass (170 passed + 1 skipped). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: PR maintenance authority enhancement planning artifacts Multi-agent workflow for PR maintenance gap analysis and remediation: ## Gap Analysis - 4 gaps identified affecting 6 PRs (#365, #353, #301, #255, #247, #235) - Gap 1: Bot PRs with conflicts wrongly blocked - Gap 2: Unaddressed comments not triggering action - Gap 3: Copilot synthesis missing for @copilot PRs - Gap 4: Duplicate PR entries in ActionRequired + Blocked ## PRD (Iteration 2 - Critic Approved) - 5 user stories (Story 3 split into 3a + 3b per INVEST) - Negative acceptance criteria added - Technical requirements with line numbers ## Task List - 17 atomic tasks in 6 phases - Prompts added for amnesiac agent execution - Critic flagged 11/17 for revision (pending) ## Retrospective - 71% success rate on planning workflow - Key pattern: critic-explainer iteration loop effective - Learning: apply same iteration to task generation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: revise task prompts for amnesiac agent execution Critic review identified 11/17 prompts needing revision for self-containment. All prompts now approved for implementation. ## Revisions Made - Task 1.3: Added exact search pattern and BEFORE/AFTER blocks - Task 2.2: Added case-insensitive matching (-imatch/-inotmatch) - Task 3.2: Added $results initialization location (line 1180) - Tasks 5.1-5.6: Documented test file creation, correct invocation pattern - Task 5.7: Added absolute path, skip conditions for closed PRs - Tasks 6.1, 6.2: Added search patterns, file existence handling ## Verification - All prompts specify absolute file paths - All prompts include search patterns or line numbers - All prompts have verification steps - Critic verdict: APPROVED FOR IMPLEMENTATION 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): route bot PRs with conflicts to ActionRequired Task 1.1: Bot-authored PRs with unresolvable conflicts now go to ActionRequired instead of Blocked, since the bot has full authority to manually resolve conflicts via /pr-review. Human-authored PRs with conflicts still go to Blocked (existing behavior). Addresses Gap 1 from diagnostics. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): trigger action on unaddressed comments Tasks 1.2 + 1.3: Bot-authored PRs now trigger action when: - reviewDecision = CHANGES_REQUESTED (existing), OR - Unaddressed bot comments exist (count > 0) (new) Changes: - Move Get-UnacknowledgedComments before action determination - Expand trigger condition to include unaddressed comments - Add UnaddressedCount property to ActionRequired entry - Use UNADDRESSED_COMMENTS reason when reviewDecision is not CHANGES_REQUESTED - Reuse $unacked variable for acknowledgment loop (no duplicate API call) Addresses Gap 2 from diagnostics. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): detect copilot-swe-agent PRs Task 2.1: Add detection for copilot-swe-agent PRs where rjmurillo-bot is a reviewer. This enables synthesis workflow for delegating feedback to @copilot. Detection triggers when: - rjmurillo-bot is a reviewer on the PR - Author login matches 'copilot' pattern (case-insensitive) - Author bot category is 'mention-triggered' 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): collect other bot comments for copilot synthesis Task 2.2: When a copilot-swe-agent PR is detected, collect comments from other review bots (coderabbitai, cursor[bot], gemini-code-assist) for synthesis. Changes: - Filter comments using case-insensitive matching (-imatch/-inotmatch) - Add COPILOT_SYNTHESIS_NEEDED to ActionRequired when other bot comments exist - Skip synthesis if 0 other bot comments (edge case) - Separate copilot PR handling from normal agent-controlled PR flow Addresses Gap 3 from diagnostics (partial - synthesis function next). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): add Invoke-CopilotSynthesis function (Task 3.1) Create function to generate @copilot synthesis prompts from bot comments: - Groups comments by bot author (coderabbitai, cursor[bot], gemini) - Generates markdown with linked summaries (truncated at 100 chars) - Formats prompt directing @copilot to address issues Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): post synthesis prompt as PR comment (Task 3.2) Integrate Invoke-CopilotSynthesis function to post @copilot prompts: - Add SynthesisPosted counter to $results initialization - Generate synthesis prompt from collected bot comments - Post prompt as PR comment via gh pr comment - Support DryRun mode for testing - Track posted syntheses in results Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): implement single list guarantee (Task 4.1) Add deduplication check before adding PRs to Blocked or ActionRequired: - Check if PR already exists in ActionRequired before adding - If exists, update existing entry with HasConflicts flag - Append '+ resolve conflicts' to existing Action - Ensures no PR appears in both lists Priority order: ActionRequired > Blocked (ActionRequired takes precedence) Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add unit tests for bot authority (Tasks 5.1-5.6) Create unit test file with 6 tests: - Bot PR conflicts go to ActionRequired (not Blocked) - Unaddressed comments trigger action without CHANGES_REQUESTED - Copilot PR synthesis detection and comment collection - Deduplication: PR appears in one list only - Human PR conflicts go to Blocked (regression test) - Copilot PR with no other bot comments skips synthesis Also adds $DryRun parameter to Invoke-PRMaintenance to support test mocking of the synthesis posting feature. Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add integration tests (Task 5.7) Create integration test file that tests against real PRs: - Verifies bot PRs with conflicts go to ActionRequired - Verifies copilot PR triggers synthesis workflow - Verifies no PR appears in both ActionRequired and Blocked Tests use -Skip when target PRs are closed. Uses -DryRun to avoid posting comments during test. Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(pr-maintenance): document copilot synthesis workflow (Tasks 6.1-6.2) Update protocol documentation: - Add "Reviewer on Copilot PR" row to activation triggers table - Add Copilot Synthesis Workflow section with trigger conditions - Document authority boundary for mention-triggered PRs - Show synthesis prompt format Update pr-changes-requested-semantics memory: - Add copilot synthesis activation trigger - Add copilot synthesis section with workflow summary Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * qa: add test validation report for PR #402 Add comprehensive QA validation for PR maintenance workflow enhancement: Test Execution Results: - Unit tests: 6/6 passing - Integration tests: 0/2 passing (1 skip, 2 fail due to bug) - Total execution time: 5.47s Critical Issues (P0 - blocking): 1. Integration test bug at line 14-15 (PropertyNotFoundException) 2. Multi-PR deduplication not tested at scale 3. Conflict + CHANGES_REQUESTED interaction path untested Important Gaps (P1 - follow-up acceptable): 4. Bot category coverage: 3 of 6 categories untested 5. Synthesis edge cases: Large comment counts, failure handling 6. Mock verification: No Should -Invoke assertions Nice to Have (P2 - future enhancement): 7. Derivative PR workflow (~200 LOC untested) 8. Error resilience testing Verdict: NEEDS WORK - Fix P0 issues before merge Deliverables: - Test report: .agents/qa/402-pr-maintenance-test-report.md - Gap analysis with code examples: .agents/qa/402-test-gap-analysis.md - Session log: .agents/sessions/2025-12-26-session-01-pr-402-qa-validation.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: finalize QA session log with commit evidence * fix(pr-maintenance): address QA and security findings QA fixes: - Fix integration test PropertyNotFoundException (use ForEach-Object) Security fixes: - Anchor bot login regex to prevent partial matches - Regex now uses ^...$ pattern for exact matching - Matches coderabbitai, coderabbitai[bot], cursor[bot], gemini-code-assist[bot] Part of PR #402 - PR maintenance workflow enhancement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(pr-maintenance): resolve double-nested array issue in Get-SimilarPRs The combination of Write-Output -NoEnumerate in the function and @() wrapper at the call site created a double-nested array structure. When iterating, foreach received the entire inner array as a single item instead of individual PSCustomObject elements. Changes: - Remove Write-Output -NoEnumerate from Get-SimilarPRs function - Use simple return statements instead - Change hashtable to PSCustomObject with lowercase property names - Add DryRun parameter at script level (was missing from param block) - Pass DryRun through to Invoke-PRMaintenance function call Root cause: Mocks used PascalCase properties that matched the code, but the real GitHub API returns lowercase. Static analysis passed but actual execution revealed the runtime issue. Lesson: Integration testing against real APIs is essential to catch casing and structure issues that mocks cannot reveal. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(retrospective): analyze PR #402 double-nested array debug session Comprehensive retrospective analysis of debugging session for commit 526f551 which fixed double-nested array bug in Get-SimilarPRs function. Analysis Findings: - Root cause: Write-Output -NoEnumerate + @() wrapper = double-nesting - Unit tests passed (100% coverage) but runtime failed on all 15 PRs - Mock fidelity gap: Tests used PascalCase, API returned lowercase - Testing gap: No integration tests for GitHub API calls Extracted Learnings (4 skills, all ≥90% atomicity): - Skill-PowerShell-004: Array return pattern (95%) - Skill-Testing-003: Integration test requirement (92%) - Skill-Testing-006: Mock structure fidelity (93%) - Skill-Testing-004: Type assertions (90%) Process Improvements: - Add integration tests for external API calls - Validate mocks match actual API response structure - Assert returned object types not just values - Document PowerShell array handling best practices Artifacts: - .agents/retrospective/402-double-nested-array-debug.md (comprehensive analysis) - .serena/memories/powershell-array-handling.md (array patterns) - .serena/memories/testing-mock-fidelity.md (testing requirements) - .serena/memories/retrospective-2025-12-26.md (session index) Related: PR #402, commit 526f551 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(session): complete session log for PR #402 retrospective * docs(protocol): convert ASCII decision tree to Mermaid diagram Convert the invocation decision tree from ASCII art (using ├─ └─) to a proper Mermaid flowchart for better rendering in GitHub and other Markdown viewers. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(docs): escape special characters in Mermaid diagram Fix Mermaid rendering error by: - Adding quotes around node labels with special characters - Removing leading slash from /pr-review (use "pr-review skill") - Simplifying <br/> to <br> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): implement Get-UnaddressedComments function Add function to detect bot comments in any unresolved state: - NEW (unacknowledged, eyes=0) - ACKNOWLEDGED (eyes>0 but thread unresolved) - REPLIED (reply exists but thread unresolved) Function queries Get-UnresolvedReviewThreads to identify threads where isResolved=false, then filters bot comments matching either: - reactions.eyes = 0 (unacknowledged), OR - comment ID in unresolved thread list (acknowledged but unresolved) This addresses the gap where PR #365 showed "all comments acknowledged" but threads remained open. Get-UnacknowledgedComments detects NEW state only; Get-UnaddressedComments detects all incomplete states. Implements TASK-004 from acknowledged-vs-resolved feature plan. Refs: TASK-004, #402 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): distinguish unresolved threads from unacknowledged comments TASK-006: Update PR classification to use Get-UnaddressedComments - Replace Get-UnacknowledgedComments call with Get-UnaddressedComments - Rename $unacked variable to $unaddressed for clarity - Preserve Get-UnacknowledgedComments function for backward compatibility TASK-007: Add granular ActionRequired reason classification - UNRESOLVED_THREADS: Acknowledged but thread not resolved - UNACKNOWLEDGED: Comments lacking eyes reaction - UNRESOLVED_THREADS+UNACKNOWLEDGED: Both conditions present This enables PR maintenance output to distinguish between comments that need acknowledgment vs threads that need resolution, improving triage. Refs: .agents/planning/tasks-acknowledged-vs-resolved.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(protocol): add acknowledged vs resolved glossary and lifecycle model Add documentation for the comment lifecycle model that distinguishes between acknowledgment (eyes reaction) and resolution (thread marked resolved in GitHub). This addresses the root cause of PR #365 where 5 acknowledged but unresolved comments were incorrectly classified as "no action needed." - Add glossary entry defining Acknowledged, Resolved, and Unaddressed - Add Comment Lifecycle Model section with state transition diagram - Document detection functions and their purposes - Add ActionRequired reason field reference table - Reference PR #365 as motivating example TASK-011: Glossary entry complete TASK-012: Lifecycle section complete TASK-013: Function docstrings verified (already comprehensive) Refs: TASK-011, TASK-012, TASK-013 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add acknowledged vs resolved planning and validation artifacts Planning: - PRD for acknowledged vs resolved gap fix - Task breakdown (13 tasks across 3 milestones) - Implementation prompts for each task Validation: - PRD critique: [APPROVED] - Implementation critique: [APPROVED_WITH_CONDITIONS] 86/100 - QA report: [PASS] - Live validation with PR #365 and #438 - Security review: [APPROVED] - No blocking issues - Gap diagnostics with Five Whys analysis Retrospective: - Root cause: Semantic confusion (acknowledgment ≠ resolution) - 4 skills extracted (Design-008, Implementation-006, Testing-007/008) - Memory files for lifecycle modeling patterns 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(pr-maintenance): add unit tests for Get-UnresolvedReviewThreads and Get-UnaddressedComments Add comprehensive Pester tests covering: Get-UnresolvedReviewThreads (9 tests): - Returns unresolved threads correctly - Returns empty for all resolved/no threads/null - Handles GraphQL API failure gracefully - Handles JSON parse failure gracefully - Filters mixed resolved/unresolved threads - Extracts databaseId from thread comments - PR #365 equivalent fixture (5 threads) Get-UnaddressedComments (13 tests): - Returns NEW state comments (eyes=0) - Returns ACKNOWLEDGED state comments (eyes>0, unresolved) - Returns empty when all addressed - Handles null/empty Comments parameter - Uses pre-fetched Comments without API call - Filters out non-bot comments - Mixed state handling (Fixture 3 from PRD) - PR #365 equivalent (5 acknowledged but unresolved) - Fully resolved PR fixture Addresses technical debt from TASK-003 and TASK-005 in .agents/planning/tasks-acknowledged-vs-resolved.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(agents): add PR #365 remediation artifacts Planning and critique artifacts from PR #365 fix workflow: - PRD-pr365-remediation.md: Product requirements document - tasks-pr365-remediation.md: 14 atomic tasks breakdown - 001-pr365-remediation-critique.md: Critic validation - PR-402-gap5-analysis-critique.md: Gap analysis critique - Updated gap diagnostics with resolution status 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(skills): add merge-resolver skill for conflict resolution Skill for intelligently resolving merge conflicts using git history: - Fetches PR context and identifies conflicted files - Uses git blame and commit history to infer developer intent - Applies resolution strategies based on change type - Combines non-conflicting changes when appropriate 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): wrap Get-SimilarPRs result in array for Count check PowerShell unwraps single-element arrays and returns $null for empty arrays in some contexts. Wrapping in @() ensures .Count property exists. Fixes: - Returns empty array when no similar PRs - Excludes same PR number from results 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(session): add Protocol Compliance section to session-87 The session protocol validator requires a Protocol Compliance section with checkboxes. Added: - Protocol Compliance section with subagent context notes - Updated Session End Checklist with all items checked 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(session): mark Protocol Compliance items complete in session-88 * fix(session): use canonical Session End Checklist format for sessions 88 and 89 * test(pr-maintenance): add tests for TotalPRs and GITHUB_STEP_SUMMARY (Issue #400) Address QA WARN issues from PR review: - Add tests for TotalPRs property (3 tests) - Add tests for GITHUB_STEP_SUMMARY output data (3 tests) - Error handling already present with try/catch Tests cover: - TotalPRs set to 0 when no open PRs - TotalPRs set correctly for multiple PRs - TotalPRs equals Processed for single PR - Results hashtable contains all step summary keys - ActionRequired count is 0 when no action needed - Blocked count is 0 when no PRs blocked * refactor(memory): rename skills to ADR-017 naming convention Renamed skills to follow `skill-{domain}-{NNN}-{description}` format: - ci-error-investigation-pattern → skill-ci-004-error-message-investigation - analysis-verify-codebase-state → skill-analysis-004-verify-codebase-state Updated domain indexes: - skills-ci-infrastructure-index: point to skill-ci-004 - skills-analysis-index: point to skill-analysis-004 Skill content preserved; only file names and index references changed. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(pr-maintenance): slim script to discovery/classification only Transform Invoke-PRMaintenance.ps1 from monolithic processor (~2000 lines) to thin orchestration layer (~730 lines) that only does PR discovery and classification for GitHub Actions matrix consumption. ## Architecture Changes - Extract conflict resolution to .claude/skills/merge-resolver/scripts/ - Extract comment functions to .claude/skills/github/scripts/pr/ - Add -OutputJson parameter for workflow matrix consumption - Add Phase 1.5 Copilot Synthesis to pr-comment-responder ## New Files - Resolve-PRConflicts.ps1: Worktree-based conflict resolution - Get-UnresolvedReviewThreads.ps1: GraphQL thread resolution query - Get-UnaddressedComments.ps1: NEW/ACKNOWLEDGED/REPLIED lifecycle detection ## Workflow Changes - 3-job matrix strategy: discover-prs -> resolve-conflicts -> summarize - Parallel PR processing with max-parallel: 3 - JSON output format for matrix consumption ## Removed from Script - Comment acknowledgment (moved to pr-comment-responder) - Conflict resolution (moved to merge-resolver skill) - Synthesis posting (moved to pr-comment-responder) - All per-PR processing mutations Tests: 34 pass, 0 fail 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(skills): add unit tests for extracted skill functions Addresses QA agent CRITICAL_FAIL - extracted skill functions now have test coverage matching the established pattern in the codebase. ## Tests Added (124 total) - Get-UnresolvedReviewThreads.Tests.ps1 (32 tests) - Script syntax validation - GraphQL operations - Lifecycle model compliance - Skill-PowerShell-002 compliance - Get-UnaddressedComments.Tests.ps1 (48 tests) - Parameter definitions - Lifecycle state detection (NEW/ACKNOWLEDGED/REPLIED) - Thread resolution integration - API fallback behavior - Resolve-PRConflicts.Tests.ps1 (44 tests) - ADR-015 security validation patterns - Branch name injection prevention - Worktree path traversal prevention - Auto-resolvable files configuration - GitHub runner detection All tests use static analysis pattern (script content matching) consistent with existing skill tests. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci: auto-assign rjmurillo-bot as reviewer on all PRs Adds workflow that automatically requests review from rjmurillo-bot when PRs are opened or reopened. This enables the bot to: - Receive review requests for PR comment response - Trigger pr-comment-responder workflow - Provide automated code review Skips self-assignment when bot is PR author. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci: add CODEOWNERS for rjmurillo-bot review assignment Assigns rjmurillo-bot as code owner for all files. GitHub will automatically request review from code owners. Note: To enforce approval before merge, enable branch protection rule: "Require review from Code Owners" 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * Revert "ci: add CODEOWNERS for rjmurillo-bot review assignment" This reverts commit fcdc6de. * fix(pr-maintenance): classify Copilot PRs as mention-triggered for @copilot synthesis ## Problem PR #247 authored by copilot-swe-agent with CHANGES_REQUESTED was being classified as "Human-authored" and blocked, when it should be actionable by rjmurillo-bot to synthesize feedback and @copilot to unblock. ## Solution - Add 'app/copilot-swe-agent' to mention-triggered bots list - Create new classification branch for mention-triggered bots that: - Does NOT require rjmurillo-bot as reviewer - Adds to ActionRequired when CHANGES_REQUESTED or HAS_CONFLICTS - Sets requiresSynthesis=true for @copilot mention workflow ## Tests - 5 new Pester tests covering positive, negative, and boundary cases - 47.7% code coverage (39 tests passing) ## Documentation - Added "Bot Categories and PR Handling" section to docs/autonomous-pr-monitor.md - Documents mention-triggered category and Copilot PR handling workflow 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(pr-maintenance): detect failing CI checks as action trigger ## Changes - Add statusCheckRollup to GraphQL query (fetches last 100 contexts) - Add Test-PRHasFailingChecks function with safe property access - Add HAS_FAILING_CHECKS as trigger for bot PRs (agent-controlled + mention-triggered) - Add human PR failing checks to Blocked classification - Fix PowerShell array unrolling in Get-SafeProperty helper ## Tests (51 passing) - 12 new tests for Test-PRHasFailingChecks: - FAILURE/ERROR/EXPECTED rollup states - CheckRun conclusions - StatusContext legacy API - Mixed context types - Null/empty safety cases ## Fixes - PR #269 now correctly classified as actionable (HAS_FAILING_CHECKS) - PR #371 no longer causes classification errors 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address GraphQL injection and input validation issues Security fixes for gemini-code-assist review findings: - Get-UnresolvedReviewThreads.ps1: Use GraphQL variables instead of string interpolation to prevent injection via Owner/Repo/PR params - Invoke-PRMaintenance.ps1: Same GraphQL variable pattern for Owner/Repo/Limit parameters - Resolve-PRConflicts.ps1: Add Test-SafeBranchName validation for TargetBranch parameter (BranchName was already validated) - Invoke-PRMaintenance.ps1: Remove file-based locking (Enter-ScriptLock, Exit-ScriptLock) per ADR-015 which mandates GitHub Actions workflow concurrency groups for singleton execution 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test: remove file-based lock tests (ADR-015) Removes tests for Enter-ScriptLock and Exit-ScriptLock functions which were deleted in the previous commit. Concurrency control is now handled by GitHub Actions workflow-level concurrency groups. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address GraphQL injection in Resolve-PRReviewThread.ps1 Apply same security pattern as other GraphQL fixes: - Resolve-ReviewThread: Use mutation($threadId: ID!) with -f threadId - Get-UnresolvedReviewThreads: Use query($owner, $name, $prNumber) variables Found by critic agent security review. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * test(security): add behavioral tests for Test-SafeBranchName Adds 15 behavioral tests with attack string validation: - Positive: valid branch names (feature/xyz, main) - Negative: semicolon, pipe, backtick, hyphen prefix, path traversal, dollar sign, ampersand - Edge cases: empty, whitespace, control characters, git special chars Uses AST function extraction to avoid mandatory parameter prompts. Found by QA agent coverage review. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(qa): add PR #453 security fixes verification report QA verification of security fixes in commits ce3ebab and c982a66: - GraphQL injection prevention (3 files) - Input validation for TargetBranch parameter - File-based lock removal per ADR-015 Test Results: - 118/118 tests passing (0 failures) - 16 behavioral tests for Test-SafeBranchName - All attack strings properly rejected Verdict: [PASS] - High confidence Coverage gaps identified: 3 recommendations for integration tests 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Signed-off-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: rjmurillo[bot] <rjmurillo-bot@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (4)
.github/workflows/semantic-pr-title-check.yml (4)
1-1: Add YAML schema comment for IDE support.Repository convention includes a schema reference comment at the top of workflow files. Add this as the first line:
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
14-19: Add timeout to prevent runaway execution.Set a timeout for this validation job. A 2-5 minute timeout is appropriate for a simple semantic check. Add to the job configuration:
name: Validate PR title timeout-minutes: 2
1-13: Add explicit permissions block.The workflow lacks a permissions block, violating the principle of least privilege. The default GITHUB_TOKEN has broad permissions that should be restricted. This action needs
pull-requests: readat minimum (and potentiallypull-requests: writeif posting failure comments). Add after line 2:permissions: contents: read pull-requests: writeBased on coding guidelines and CodeQL alert.
21-21: Action must be pinned to commit SHA.The workflow will fail because the repository requires all actions to be pinned to full-length commit SHAs, not version tags. Per your earlier error message,
@v6is not allowed. Replace with the SHA for the v6 release.Find the commit SHA for
amannn/action-semantic-pull-request@v6and replace line 21:#!/bin/bash # Find the commit SHA for the v6 tag of amannn/action-semantic-pull-request gh api repos/amannn/action-semantic-pull-request/git/refs/tags/v6 --jq '.object.sha' 2>/dev/null || \ gh api repos/amannn/action-semantic-pull-request/releases/tags/v6 --jq '.target_commitish' 2>/dev/null || \ echo "Unable to find SHA for v6 tag. Check the repository releases page."
🧹 Nitpick comments (1)
.github/workflows/semantic-pr-title-check.yml (1)
3-8: Consider adding workflow_dispatch for manual testing.Add a
workflow_dispatchtrigger to enable manual testing of the workflow. This is helpful for validation without creating a PR:on: pull_request: types: - opened - edited - synchronize workflow_dispatch:
📜 Review details
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/semantic-pr-title-check.yml
🧰 Additional context used
📓 Path-based instructions (32)
{.github/workflows/*,*/.githooks/*,Dockerfile}
📄 CodeRabbit inference engine (.agents/governance/interviews/security-interview.md)
Review infrastructure code changes including GitHub Actions workflows, git hooks, and Dockerfile for security vulnerabilities
Files:
.github/workflows/semantic-pr-title-check.yml
{.githooks/**,**/.github/**,**/infrastructure/**,**/config/**,**/*.tf,**/*.yml,**/*.yaml}
📄 CodeRabbit inference engine (.agents/metrics/baseline-report.md)
Infrastructure files (including
.githooks/pre-commit) must receive security review before deployment
Files:
.github/workflows/semantic-pr-title-check.yml
.github/workflows/*
📄 CodeRabbit inference engine (.agents/metrics/dashboard-template.md)
Ensure infrastructure files in GitHub workflows directory are reviewed by agents with target rate of 100%
Implement full CodeRabbit enforcement for CI/CD workflow files in
.github/workflows/directory
.github/workflows/*: Detect files matching.github/workflows/*as infrastructure changes requiring specialist review from devops and security agents
GitHub Actions workflows must include an explicitpermissionsblock with minimally privileged permissions
GitHub Actions workflows must not usepull_request_targettrigger withactions/checkoutaction using pull request head SHA reference, as this creates a dangerous security pattern
GitHub Actions workflows requiring test reporting must explicitly grantchecks: writepermission for dorny/test-reporter compatibility
GitHub Actions workflows must avoid using overly permissivepermissions: write-alland instead use explicit minimal permissions
Files:
.github/workflows/semantic-pr-title-check.yml
.github/workflows/*.{yml,yaml}
📄 CodeRabbit inference engine (.agents/security/infrastructure-file-patterns.md)
GitHub Actions workflow files (
.github/workflows/*.ymland.github/workflows/*.yaml) should trigger security agent review due to critical security implicationsAdd security detection check to CI/CD pipelines to analyze staged files for infrastructure changes before implementation
.github/workflows/*.{yml,yaml}: Infrastructure files (.github/workflows/) require devops and security agent review before commit
Add pre-commit validation that fails on infrastructure files (.github/workflows/) lacking security review documentation
Infrastructure files must include a security impact analysis document before creation or modification
Retroactive security review is required for quick-fix changes to workflow files made without pre-commit review
Workflow files must validate that all required permissions are explicitly declared and justifiedKeep workflow YAML files light and thin - MUST NOT put complex logic in workflow YAML files; use thin workflows with calls to external testable modules or skills
GitHub Actions workflows should remain thin and delegate complex logic to PowerShell modules rather than embedding bash-like commands in workflow YAML run blocks
.github/workflows/*.{yml,yaml}: Never use|| truepattern without explicit error handling and ADR justification
Do not use|| trueerror suppression in workflows without documenting rationale in an ADRUse thin workflow pattern: minimize logic in YAML files, delegate complex operations to PowerShell modules
.github/workflows/*.{yml,yaml}: Use YAML heredoc with proper indentation for multi-line GitHub Actions values
Use GH_TOKEN for auto-authentication in GitHub Actions shell scripts
Use fixed-length lookbehinds for regex patterns in GitHub Actions
GitHub Actions outputs must be single-line format
Matrix jobs in GitHub Actions should use artifacts for output storage
Use environment variables for shell command interpolation in GitHub Actions to prevent injection vulnerabilities
Use verdict tokens for str...
Files:
.github/workflows/semantic-pr-title-check.yml
{.github/workflows/**,{.githooks,husky}/**,**/Auth/**,**/Security/**}
📄 CodeRabbit inference engine (.agents/utilities/security-detection/SKILL.md)
CI/CD workflow files (
.github/workflows/*), git hooks (.githooks/*,.husky/*), and authentication code (**/Auth/**,**/Security/**) require security agent review (CRITICAL level)
Files:
.github/workflows/semantic-pr-title-check.yml
.github/workflows/*.yml
📄 CodeRabbit inference engine (.agents/analysis/pr41-issue-analysis.md)
.github/workflows/*.yml: Usedotnet-nunitreporter indorny/test-reporter@v1when Pester tests output NUnitXml format
Add explicit permissions block to GitHub Actions workflow jobs, specifying minimal required permissions (e.g.,contents: readandchecks: writefor test reporting workflows)
.github/workflows/*.yml: Use minimal GitHub Actions permissions in CI workflows
Addworkflow_dispatchtrigger to GitHub Actions workflows for manual triggering capability
Add PowerShell-Yaml module installation step in CI workflows
Useubuntu-latestfor drift detection CI workflows for lighter weight execution
Add issue deduplication for drift alerts in GitHub Actions workflows
Use path filtering appropriately scoped in GitHub Actions workflowsCI/CD pipeline must include a drift-linting job that compares Claude agent content against generated VS Code and Copilot CLI variants on every PR modifying agent files
Create automated CI validation to detect absolute paths (Windows, macOS, Linux patterns) in markdown files with colored output, line numbers, and remediation steps
Configure concurrency groups in GitHub Actions workflows to prevent comment spam and race conditions when multiple commits trigger parallel workflow runs on the same PR
.github/workflows/*.yml: Remove silent|| trueerror suppression from critical operations; instead track failures in arrays and provide summarized error reporting at workflow completion
Use minimal token scopes in GitHub Actions workflows: usereposcope for read-only operations,issues:writefor issue modifications, and workflowpermissionsdeclarations following principle of least privilege
.github/workflows/*.yml: Store heredoc content in separate files instead of inline within YAMLrun:blocks to avoid YAML parsing errors when content lacks proper indentation
Usegithub.token(workflow's built-in token) for PR comments in GitHub Actions instead of service account PATs, as it automatically has write access t...
Files:
.github/workflows/semantic-pr-title-check.yml
.github/**/*.yml
📄 CodeRabbit inference engine (.agents/planning/prd-pre-pr-security-gate.md)
Detect files matching
.github/**/*.ymlas infrastructure changes requiring specialist review from devops and security agents
Files:
.github/workflows/semantic-pr-title-check.yml
.github/workflows/**/*.{yml,yaml}
📄 CodeRabbit inference engine (.agents/retrospective/pr-feedback-remediation.md)
Use 'ubuntu-latest' for CI runner preference instead of 'windows-latest' for significantly faster performance, except for PowerShell Desktop or Windows-specific features
.github/workflows/**/*.{yml,yaml}: Workflows should be thin and contain only orchestration logic; all business logic (parsing, validation, formatting) must be extracted to PowerShell modules (.psm1)
Keep workflow YAML files to a maximum of 100 lines (orchestration only)
Do not parse complex strings (verdict, labels, etc.) in workflow YAMLrun:blocks; delegate to PowerShell modules
Do not validate business rules directly in workflow YAML; delegate to PowerShell modules
All PowerShell scripting for workflows must be PowerShell-only (no bash or other shell languages embedded in workflows)
.github/workflows/**/*.{yml,yaml}: PowerShell used consistently for label and milestone parsing in AI workflow (extract parsing logic to AIReviewCommon.psm1::Get-LabelsFromAIOutput rather than inline bash)
Use ::error:: GitHub Actions format for error output instead of echo or Write-Error to ensure errors are properly captured and cause workflow failure
Remove all '|| true' patterns and silent failure suppression in workflow steps - errors must be aggregated and reported explicitly using ::error:: format
Add token masking with ::add-mask:: before using secrets in workflow run steps to prevent accidental token leakage in logs
Replace secrets.BOT_PAT with github.token for issue and PR operations to minimize token privileges and reduce security attack surface
Document minimum required token scopes in workflow comments for each operation (e.g., 'repo' scope for issue edit and label application, 'read' scope for readonly operations)
Extract AI workflow parsing logic to testable PowerShell module functions (AIReviewCommon.psm1) rather than inline bash - enables unit testing in isolation and reduces regression risk
.github/workflows/**/*.{yml,yaml}: Use bash/PowerShell error collection pattern: initialize FAILED_...
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/workflows/*.{yml,yaml}
📄 CodeRabbit inference engine (.agents/skills/ci-runner-preference.md)
**/.github/workflows/*.{yml,yaml}: Useubuntu-latest(orlinux-latest) runners for GitHub Actions workflows instead ofwindows-latestfor better CI/CD pipeline performance
Only usewindows-latestrunner when PowerShell Desktop (5.1) is required, Windows-specific features are needed, or testing Windows-only scenarios
Prefer PowerShell Core (pwsh) over PowerShell Desktop for GitHub Actions scripts to enable cross-platform compatibility on Linux runnersWorkflows SHOULD be less than 100 lines, containing orchestration only. Business logic SHOULD be extracted to PowerShell modules (.psm1).
PowerShell workflow files must follow the thin-workflow pattern where orchestration logic stays in the workflow and business logic is extracted to reusable modules
Maintain consistent token scopes and authentication strategy throughout workflows; use the same token source for all related operations to avoid permission errors
**/.github/workflows/*.{yml,yaml}: Avoid code injection vulnerabilities by never directly interpolating unsanitized GitHub context variables (like${{ github.event.issue.title }}or${{ github.event.issue.body }}) into bash commands; instead save them to files using heredoc syntax and read them back
UsetoJSON()to escape GitHub context variables when passing them to bash commands, or employ input validation before using variables in shell contexts
GitHub Actions workflows should request only the minimum necessary permissions (principle of least privilege) required for their operations
**/.github/workflows/*.{yml,yaml}: When ≥2 GitHub Actions workflows share logic, extract to composite action with parameterized inputs for reusability
GitHub Actions workflow files should include YAML syntax validation and actionlint checks in pre-commit configuration
**/.github/workflows/*.{yml,yaml}: Use artifacts instead of job outputs for passing data between matrix jobs in GitHub Actions workflows
Use environment variables for shell variable expans...
Files:
.github/workflows/semantic-pr-title-check.yml
.github/workflows/**
📄 CodeRabbit inference engine (.agents/steering/security-practices.md)
Implement OWASP Top 10 prevention practices in GitHub Actions workflows
Use secure defaults and minimal exposure for security misconfiguration prevention
Files:
.github/workflows/semantic-pr-title-check.yml
⚙️ CodeRabbit configuration file
.github/workflows/**: SECURITY-CRITICAL PATH - ASSERTIVE ENFORCEMENT
Review for: - Authentication and authorization (secrets handling, OIDC) - Credential exposure (env vars, git output, logs) - Injection vulnerabilities (command injection, script injection) - Race conditions (concurrent jobs, artifact operations) - Resource exhaustion (limits on runners, matrix expansions)
Flag: - Unquoted variables in shell commands - Direct use of user input in scripts - Missing error handling and early exit conditions - Hardcoded secrets or credentials - Unsafe use of 3rd party actions
DO NOT IGNORE any security-related findings on this path.
Files:
.github/workflows/semantic-pr-title-check.yml
.github/workflows/**/*.yml
📄 CodeRabbit inference engine (.agents/architecture/DESIGN-REVIEW-pr-60-remediation-architecture.md)
Use GitHub Actions workflow steps with PowerShell for JSON parsing and data manipulation; reserve bash only for simple npm install, git operations, and environment variable exports
Aggregate errors across workflow steps using error accumulation arrays and export failure summary via GITHUB_OUTPUT
.github/workflows/**/*.yml: GitHub Actions workflows orchestrating multiple agents should use matrix strategy withfail-fast: falseto ensure all reviews complete
Use artifact passing (not job outputs) to transfer data between workflow jobs when using matrix strategy
Implement idempotency in workflow comment generation using comment markers to distinguish update vs create operations
Use skip optimization to check for docs-only changes before executing expensive AI review jobs
Add CI validation step to verify prompt templates include required output format markers before merging
.github/workflows/**/*.yml: Replace bash parsing with PowerShell functions in GitHub Actions workflows - useGet-LabelsFromAIOutputandGet-MilestoneFromAIOutputfrom AIReviewCommon.psm1 instead of bash grep/tr/xargs to prevent command injection (CWE-78) and word splitting vulnerabilities (CWE-20)
In GitHub Actions workflows parsing AI output, never use bashxargs, unquoted variable expansion, orforloops with simple string parsing - replace with PowerShell cmdlets that handle structured output safely
Verify PowerShell Core is available on GitHub Actions ubuntu-latest runner before using PowerShell in workflowsAdd checkout step to skip-validation job in GitHub Actions workflows that use dorny/paths-filter
.github/workflows/**/*.yml: Add explicitexit 0to PowerShell scripts in GitHub Actions workflow run blocks to prevent$LASTEXITCODEpersistence
Validate GitHub labels exist before deploying workflows that reference them withgh pr edit --add-label
Add cross-platform validation matrix to test workflows or document single-platform requirements upfront when tests have platf...
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/workflows/**/*.{yml,yaml}
📄 CodeRabbit inference engine (.agents/governance/PROJECT-CONSTRAINTS.md)
**/.github/workflows/**/*.{yml,yaml}: MUST NOT put business logic in workflow YAML files
SHOULD keep workflows under 100 lines (orchestration only)Workflows must be thin and composed of testable, reusable modules
Follow Copilot follow-up PR naming convention:
copilot/sub-pr-{original_pr_number}for branches targeting the original PR's base branch
**/.github/workflows/**/*.{yml,yaml}: Implement concurrency control using GitHub Actionsconcurrencygroup to prevent simultaneous PR maintenance runs
Configure GitHub Actions workflows to create an issue on failure with workflow diagnostics
Design thin GitHub Actions workflows that orchestrate logic rather than implementing testable module logic directly
**/.github/workflows/**/*.{yml,yaml}: Add workflow action steps AFTER parsing to apply suggested labels, assign suggested users, post feature review as comment, and update issue milestone based on recommendation
Specify exact line numbers and file locations in rollback plan, including which lines to remove from.github/workflows/ai-issue-triage.ymland triage summary PowerShell script
Include validation logic in workflow to verify that issue labels and analyst categorization match (e.g., if labeled 'enhancement', categorized as 'enhancement')
Specify Copilot model parameter in feature review workflow step (useclaude-opus-4.5for consistency with PRD generation step)
Define error handling for parse failures in workflow: specify fallback behavior when regex extraction fails (e.g., if recommendation returns UNKNOWN)
Verify category detection accuracy by testing whether analyst agent reliably categorizes feature requests, including false negative rate and fallback behavior for miscategorization
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/**/*.{yml,yaml,sh,bash}
📄 CodeRabbit inference engine (.agents/planning/PR-60/001-pr-60-review-gap-analysis.md)
Use unique identifiers (e.g., run ID, timestamp) for temporary file paths in CI/CD workflows to prevent conflicts in concurrent runs on shared runners
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/workflows/**/*.yml
📄 CodeRabbit inference engine (.agents/planning/PR-60/004-pr-60-implementation-review.md)
**/.github/workflows/**/*.yml: Replace bash label parsing in GitHub Actions workflows with PowerShell validation to prevent command injection via untrusted AI output
Validate all label strings against regex pattern '^[\w-.\s]{1,50}$' before applying to GitHub issues
Validate all category strings against regex pattern '^[\w-]{1,30}$' before using in workflow outputs
Validate all milestone strings against regex pattern '^[\w-.\s]{1,50}$' before assigning to issues
Use explicit error handling with informative error messages instead of '|| true' for GitHub CLI (gh) commands that should not fail silently
Keep '|| true' only for commands where empty/missing results are valid expected outcomes (e.g., grep with no matches, find with no results)
Verify GitHub CLI authentication status is successful before attempting API operations in CI workflows
Log validation rejections with details (invalid format, rejected label) for debugging label application failures
Provide detailed error messages in GitHub Actions workflow steps including context (what failed, why, what to check)
Use PowerShell 'Write-Host' with color output for structured workflow logging instead of plain echo statements
Use '|| true' in workflows only for commands where missing data is an expected valid state; document the reason in comments
Validate workflow inputs and outputs against strict regex patterns before using them in GitHub API commands
**/.github/workflows/**/*.yml: Use environment variables instead of direct${{ }}template syntax in shell scripts to prevent shell injection attacks
Use artifacts instead of job outputs to pass data between matrix job legs, since outputs only expose one matrix leg
Prepare multi-line content via prior steps with GITHUB_OUTPUT heredoc syntax rather than attempting to execute shell commands in YAMLwith:inputs
**/.github/workflows/**/*.yml: Add explicit 'exit 0' at end of PowerShell workflow scripts to prevent $LASTEXITCODE persistence
Validate GitHub lab...
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/workflows/*.yml
📄 CodeRabbit inference engine (.agents/planning/PR-60/007-phase-1-detailed-schedule.md)
Use PowerShell-only code (no bash, Python, or shell scripts) with all workflow steps configured with 'shell: pwsh' per ADR-006
Use quoted heredoc (with 'EOF' delimiter) for safely handling github.event.pull_request.title and github.event.pull_request.body in bash env vars to prevent code injection
GitHub Actions workflows must use PowerShell functions from exported modules rather than inline bash parsing (grep/sed/tr) for consistent security and testability
In workflow comments, use explicit language about verdict behavior and consequences (e.g., 'should cause the check to FAIL (block merge)' rather than ambiguous phrasing)
**/.github/workflows/*.yml: Use PowerShell syntax (shell: pwsh) for GitHub workflow steps when handling untrusted AI output
Import PowerShell modules using correct relative path format (Import-Module .github/scripts/AIReviewCommon.psm1) in GitHub workflows to ensure module dependencies are properly resolved
Use PowerShell environment variables for all user input in GitHub workflows instead of direct bash variable interpolation to eliminate word-splitting vulnerabilitiesUse
$env:GITHUB_WORKSPACEwith absolute paths instead of relative./prefix when importing PowerShell modules in GitHub Actions workflowsInclude
env: GH_TOKENin workflow steps that use GitHub CLI to ensure proper authentication
**/.github/workflows/*.yml: GitHub Actions workflow JSON output consumption must usefromJson()to parse matrix data from upstream job outputs
GitHub Actions workflow matrix strategy should includemax-parallelconstraint to throttle concurrent job execution and respect API rate limitsDocument all CI/CD workflow changes for backward compatibility verification in workflow recommendation documents
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/{scripts,workflows}/*.{sh,yml}
📄 CodeRabbit inference engine (.agents/planning/pr-60-focused-plan.md)
Use
sedwith POSIX character classes instead ofgrep -Pfor regex patterns to ensure portability across Linux and macOS (grep -P is GNU-only)
Files:
.github/workflows/semantic-pr-title-check.yml
.github/{workflows,scripts}/**/*.{yml,yaml,sh}
📄 CodeRabbit inference engine (.agents/planning/pr-60-security-review.md)
.github/{workflows,scripts}/**/*.{yml,yaml,sh}: Avoid leaking sensitive information or internal configuration details in error messages and workflow logs that could be visible to attackers. Use generic error messages in production and reserve detailed diagnostics for debug logs only.
Sanitize and validate all untrusted user input (such as GitHub event data like PR titles, issue bodies, commit messages) before using in shell commands, API calls, or other operations that could interpret special characters.
When updating GitHub comments in workflows, use idempotent markers (HTML comments with unique identifiers) in comment bodies to enable safe updates by specific comment ID rather than relying on comment position.Enforce ADR-005 with pre-commit hook rejecting bash in
.github/workflows/and.github/scripts/directories
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/{workflows,scripts,prompts}/**
📄 CodeRabbit inference engine (.agents/retrospective/2025-12-18-ai-workflow-implementation.md)
AI automation in CI/CD requires verdict tokens (PASS/WARN/CRITICAL_FAIL) for deterministic bash parsing without AI interpretation
Files:
.github/workflows/semantic-pr-title-check.yml
{.github/**/*.sh,.github/workflows/*.yml,.github/actions/**/*.yml}
📄 CodeRabbit inference engine (.agents/sessions/2025-12-18-session-04-ai-workflow-debugging.md)
Avoid explicit
gh auth login --with-tokenwhen GH_TOKEN environment variable is already set, as gh CLI automatically uses the env var and will fail with exit code 1
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/{workflows,actions}/**/*.yml
📄 CodeRabbit inference engine (.agents/sessions/2025-12-18-session-13-workflow-lessons.md)
Use composite actions to encapsulate reusable workflow steps (Node.js/npm/Copilot CLI setup, authentication, agent loading, verdict parsing)
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/workflows/***.yml
📄 CodeRabbit inference engine (.agents/sessions/2025-12-18-session-13-workflow-lessons.md)
Convert single-job loops to multi-job matrix structures (detect → validate → aggregate) for parallel validation with artifact passing
Files:
.github/workflows/semantic-pr-title-check.yml
{.github/**/*.{sh,yml,yaml},**/*.sh}
📄 CodeRabbit inference engine (.agents/sessions/2025-12-18-session-34-pr-60-comment-response.md)
{.github/**/*.{sh,yml,yaml},**/*.sh}: Avoidgh auth loginauthentication patterns; use session-based authentication instead (reference Session 04 for implementation details)
Use secret masking for sensitive tokens like BOT_PAT in shell commands and CI/CD workflows
Files:
.github/workflows/semantic-pr-title-check.yml
**/{.github/workflows/*.yml,.github/scripts/*.psm1}
📄 CodeRabbit inference engine (.agents/qa/057-pr-222-import-module-standardization.md)
Standardize Import-Module paths to use
$env:GITHUB_WORKSPACEvariable instead of relative paths
Files:
.github/workflows/semantic-pr-title-check.yml
**/{.github,workflows}/**/*.{yml,yaml}
📄 CodeRabbit inference engine (.agents/sessions/2025-12-21-session-58-pr-141.md)
All skip jobs in workflows that document a checkout requirement must include the checkout step
Files:
.github/workflows/semantic-pr-title-check.yml
**/{.github/workflows/*.{yml,yaml},**/*.ps1}
📄 CodeRabbit inference engine (.agents/retrospective/2025-12-22-pr-249-comprehensive-retrospective.md)
Parameterize branch references instead of hardcoding values like 'main' in workflow scripts and automation code
Files:
.github/workflows/semantic-pr-title-check.yml
{**/.github/workflows/*.yml,**/*.ps1}
📄 CodeRabbit inference engine (.agents/sessions/2025-12-22-session-67-pr-249-review-response.md)
{**/.github/workflows/*.yml,**/*.ps1}: Defaultdry_runtotruewheninputs.dry_runis empty to prevent DryRun bypass for scheduled GitHub Actions runs
Allow protected branch checks to pass whenGITHUB_ACTIONS=trueto prevent CI workflow failures
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/workflows/*.{yaml,yml}
📄 CodeRabbit inference engine (.agents/sessions/2025-12-22-session-72-pr-249-retrospective.md)
**/.github/workflows/*.{yaml,yml}: When workflow inputs are empty (scheduled triggers), default to fail-safe mode (dry_run=true) instead of fail-open
Explicitly declare environment variables (secrets, tokens) in each GitHub Actions workflow step that needs them, rather than relying on job-level inheritance
Files:
.github/workflows/semantic-pr-title-check.yml
{**/*.test.{js,ts,ps1},.github/workflows/**/*.{yml,yaml}}
📄 CodeRabbit inference engine (.agents/sessions/2025-12-22-session-79-pr-268-review-response.md)
Use unique identifiers (such as issue numbers) in test cleanup operations to prevent race conditions across concurrent workflow runs
Files:
.github/workflows/semantic-pr-title-check.yml
.github/workflows/**(validate-generated-agents|pester-tests).{yml,yaml}
📄 CodeRabbit inference engine (.agents/architecture/ADR-014-github-actions-arm-runners.md)
Do not migrate Windows-based GitHub Actions workflows to ARM runners; keep Windows workflows on windows-latest as ARM runners are not available for Windows
Files:
.github/workflows/semantic-pr-title-check.yml
**/{.github/workflows,ci,tests}/**/*.{yml,yaml,js,ts}
📄 CodeRabbit inference engine (.agents/sessions/2025-12-23-session-83-adr-017-quantitative-analysis.md)
Create CI validation for index ↔ atomic file consistency when implementing tiered index expansion
Files:
.github/workflows/semantic-pr-title-check.yml
**/.github/**
📄 CodeRabbit inference engine (.agents/critique/001-pr365-remediation-critique.md)
Include note about URL staleness in CI/CD documentation that references specific run IDs, recommending use of dynamic commands (e.g.,
gh run list --branch <branch-name>) to find latest runs
Files:
.github/workflows/semantic-pr-title-check.yml
.github/workflows/*pr*.yml
📄 CodeRabbit inference engine (.agents/analysis/pr-quality-gate-320c2b3-analysis.md)
Disable fail-fast in matrix workflow jobs for PR processing to prevent single PR failures from blocking other PRs
Files:
.github/workflows/semantic-pr-title-check.yml
🧠 Learnings (1)
📚 Learning: 2025-12-23T07:36:47.139Z
Learnt from: CR
Repo: rjmurillo/ai-agents PR: 0
File: .agents/devops/pr-automation-script-review.md:0-0
Timestamp: 2025-12-23T07:36:47.139Z
Learning: Applies to .github/workflows/pr-maintenance.yml : Implement concurrency control using GitHub Actions concurrency group to prevent simultaneous workflow runs: concurrency { group: pr-maintenance, cancel-in-progress: false }
Applied to files:
.github/workflows/semantic-pr-title-check.yml
🪛 GitHub Check: CodeQL
.github/workflows/semantic-pr-title-check.yml
[warning] 15-34: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{}}
🔍 Remote MCP
The pull request introduces a semantic PR title check GitHub Actions workflow that enforces conventional commit titles on pull requests to the main branch. Reviewing this PR effectively requires understanding:
-
The overall AI agent multi-platform architecture and workflow:
- There are 17 specialized agents running on three platforms (VS Code, Copilot CLI, Claude CLI) with coordinated handoffs via a central orchestrator.
- The system uses session protocols and a distributed handoff architecture (ADR-014) that involves session logs (
.agents/sessions/), Serena memory (.serena/memories/), and a read-only HANDOFF.md that serves as a dashboard. - Agents enforce a session lifecycle with mandatory blocking gates for initialization, context retrieval, session logging, session end checklist, update, and validation via
Validate-SessionEnd.ps1.
-
The agent consistency enforcement:
- Agent definitions are authored as shared templates (
templates/agents/*.shared.md) and generated to platform-specific files to maintain semantic equivalence. - The consistency system ensures core identity, responsibilities, handoff protocols, and memory protocols are perfectly aligned across platforms.
- Changes to agents must be done via templates and regenerated; manual edits to generated files are disallowed.
- Agent definitions are authored as shared templates (
-
The CI/CD AI-driven workflow ecosystem:
- The AI workflows include issue triage, spec validation, PR quality gate (6 agents running in parallel including security, qa, analyst, architect, devops, and roadmap).
- The workflows use ARM runners for cost optimization and path filtering to skip irrelevant runs.
- The AI PR quality gate aggregates verdicts from agents and blocks merge if critical failures are found.
- The session protocol validation workflow uses the
qaagent to validate session compliance.
-
The security hardening patterns and guardrails:
- Strict input validation and command injection prevention are enforced, particularly in AI output parsing.
- Pre-commit hooks block commits with invalid markdown, PowerShell errors, unauthorized bash scripts, updates to HANDOFF.md (since ADR-014), and session protocol violations.
- Autonomous execution guardrails ensure agents cannot bypass orchestrator routing, critic approval, QA verification, or session protocol compliance.
- PR comment responder workflow mandates proper addressing of review threads and prohibits dismissals of security comments without analyst, critic, and security agent validation.
-
The detailed directory and file structure:
.agents/contains session logs, planning documents, architecture records, critiques, QA reports, retrospectives, roadmap and domain-specific artifacts..serena/memories/stores file-based, cross-platform persistent memory with skills, features, and patterns organized by naming conventions.- Agent files are installed per platform (VS Code:
.github/agents/*.agent.mdor global prompts, Copilot CLI:.github/agents/*.agent.mdper repo only, Claude CLI:.claude/agents/*.md) with installation scripts handling deployment and directory creation. - Configuration files like
.github/copilot-instructions.mdandCLAUDE.mdprovide usage guidance.
-
The workflow patterns:
- Quick Fix Path for atomic bugs uses direct implementer → qa workflow.
- Standard Feature Development includes analyst → architect → planner → critic → implementer → qa → retrospective.
- Strategic Decision Path involves independent-thinker → high-level-advisor → task-generator.
This deep contextual information indicates that the PR's semantic PR title check workflow fits within the AI system's focus on quality gates integrated with CI/CD, session protocols, and agent consistency enforcement.
Citations:
- [DeepWiki::DeepWiki_read_wiki_contents]
- [AGENTS.md]
- [.agents/HANDOFF.md]
- [.agents/sessions/2025-12-20-session-01-pr-89-protocol-review.md]
- [.github/copilot-code-review.md]
- [.github/workflows/ai-pr-quality-gate.yml]
- [.github/scripts/AIReviewCommon.psm1]
- [.githooks/pre-commit]
- [CONTRIBUTING.md]
- [USING-AGENTS.md]
Security & best practices: - Add explicit permissions block (pull-requests: read) - Pin action to full SHA (48f256284bd46cdaab1048c3721360e808335d50) - Add timeout-minutes: 5 to prevent runaway jobs - Add YAML schema comment for IDE support Functionality: - Add 'perf' to allowed conventional commit types 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This was referenced Dec 27, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Summary
Specification References
.agents/planning/....agents/specs/...Spec Requirement Guidelines
feat:,feat(scope):).agents/planning/fix:,fix(scope):)refactor:,refactor(scope):)docs:)ci:,build:,chore:)Changes
Type of Change
Testing
Agent Review
Security Review
.agents/security/)Files requiring security review:
Other Agent Reviews
Checklist
Related Issues