Skip to content

feat: implement issue #431 — [Fleet Monitor] petry-projects/.github-private — pr-review-mention.yml#479

Open
don-petry wants to merge 647 commits into
mainfrom
dev-lead/issue-431-20260608-0044
Open

feat: implement issue #431 — [Fleet Monitor] petry-projects/.github-private — pr-review-mention.yml#479
don-petry wants to merge 647 commits into
mainfrom
dev-lead/issue-431-20260608-0044

Conversation

@don-petry

@don-petry don-petry commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

Closes #431

Implemented by dev-lead agent. Please review.

Summary by CodeRabbit

  • New Features

    • Added manual and scheduled review workflow triggers for more flexible PR review runs.
    • Improved review handling so fine-grained tokens now continue with reduced capabilities instead of stopping the run.
  • Bug Fixes

    • Review posting now skips approval actions when approval permissions aren’t available.
    • Batch review runs exit cleanly when there are no PRs to process.
  • Tests & Documentation

    • Expanded validation tests and workflow checks.
    • Updated implementation notes and workflow-related documentation.

Copilot AI review requested due to automatic review settings June 8, 2026 00:54
@don-petry don-petry requested a review from a team as a code owner June 8, 2026 00:54
@coderabbitai

coderabbitai Bot commented Jun 8, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The PR review workflows now use direct triggers, inherited secrets, and warning-based fine-grained PAT handling. Review runtime scripts change batch fallback, engine helpers, and health reporting, while cascade automation, validation scripts, and repository maintenance files are also updated.

Changes

Fine-grained PAT Soft-Warning and Secrets Inherit

Layer / File(s) Summary
Workflow triggers and mention caller
.github/workflows/pr-review.yml, .github/workflows/pr-review-mention.yml, tests/test_pr_review_mention_stub.py
pr-review.yml replaces workflow_call with scheduled, manual, and repository-dispatch triggers. pr-review-mention.yml switches to inherited secrets, and the Python stub validates the workflow job reference and secrets field.
Fine-grained PAT warning path
.github/workflows/pr-review.yml, scripts/verify-auth-scopes.sh, scripts/post-pr-review.sh, tests/test_verify_auth_scopes.bats
pr-review.yml adds a Verify auth step that uses GH_PAT_WORKFLOWS, verify-auth-scopes.sh emits warnings and sets HAS_CLASSIC_PAT=false for fine-grained PATs, post-pr-review.sh skips approval when the flag is false, and the Bats tests assert the warning-based behavior.

Review Runtime and Engine Control Flow

Layer / File(s) Summary
Batch gating and fallback
scripts/review-one-pr.sh, scripts/review-batch.sh
review-one-pr.sh removes a duplicated human-requested-changes skip block, review-batch.sh exits early when PRS_FILE is empty, and Gemini fallback exit codes 55 and 127 now route into the unavailable/rate-limited path.
Engine verdict and reset helpers
scripts/engine.sh
engine.sh redefines verdict extraction, cross-engine dispatch, and rate-limit reset parsing helpers, including the ISO timestamp writer used by parse_reset_time and parse_reset_time_files.
Daily health install and status output
.github/workflows/daily-pr-review-health.yml, scripts/pr_review_health.sh
daily-pr-review-health.yml drops the pinned Claude Code version and conditional cache install, while pr_review_health.sh initializes LOG_DIR earlier and only writes HAS_FAILURES=true when failures are present.

Cascade and Review-Fix Automation

Layer / File(s) Summary
Cascade body and PR actions
prompts/cascade-action.md
prompts/cascade-action.md removes the static cross-engine agreement placeholder, inserts it conditionally before Findings, and replaces the tail with branch-update, auto-merge, escalation, and final status JSON logic.
Review-fix helper cleanup
scripts/dev-lead-fix-reviews.sh, docs/dev-lead/implementation-plan.md
scripts/dev-lead-fix-reviews.sh keeps setup_git_identity in the PR checkout block, deletes a later duplicate helper set, and docs/dev-lead/implementation-plan.md updates the described rebase and conflict-resolution test cases.

Validation and Repository Maintenance

Layer / File(s) Summary
File-mode case validation
evals/validate-cases.py
evals/validate-cases.py adds schema loading, JSONL parsing, per-case schema validation, duplicate id checks, and the zero-case failure path for file-mode validation.
Directory-mode split validation
evals/validate-cases.py
evals/validate-cases.py adds split id loading, dev/holdout overlap checks, skill discovery, and the aggregated directory-mode summary.
Manifest and dispatch checks
scripts/lib/validate-consumer-manifest.sh, scripts/initiative-planner/redispatch.sh
scripts/lib/validate-consumer-manifest.sh now validates only that surface_sources keys resolve to existing workflow files, and scripts/initiative-planner/redispatch.sh updates dry-run cleanup and ref detection.
Ignore list and comment cleanup
.gitleaksignore, scripts/list-prs.sh
.gitleaksignore adds new fingerprint suppressions for known fixture keys, and scripts/list-prs.sh removes redundant filter commentary.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related issues

Possibly related PRs

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning The PR also changes unrelated docs, eval tooling, gitleaks ignores, and several other workflows/scripts beyond pr-review-mention.yml. Move unrelated docs, eval, and automation updates into separate PRs so this change stays scoped to the Fleet Monitor workflow fix.
Docstring Coverage ⚠️ Warning Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is specific and directly describes the main change to pr-review-mention.yml for issue #431.
Linked Issues check ✅ Passed The PR updates pr-review-mention.yml and related auth handling to reduce workflow failures, matching issue #431's goal.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dev-lead/issue-431-20260608-0044

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new compliance test script, tests/test_pr_review_mention_stub.py, which verifies that the GitHub Actions workflow file .github/workflows/pr-review-mention.yml correctly uses secrets: inherit and references the expected reusable workflow. The review feedback suggests enhancing the script's robustness by catching potential YAML parsing errors (yaml.YAMLError) and verifying that the parsed YAML structure is a dictionary before accessing its keys to prevent runtime crashes.

Comment thread tests/test_pr_review_mention_stub.py
Comment thread tests/test_pr_review_mention_stub.py

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — rate-limited (intent: review-changes)

PR: #479
The retry cron will re-attempt automatically.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Note

@don-petry I received your request but all AI engines are currently rate-limited. I'll retry automatically once the rate limit clears.
Rate limit resets at: unknown

@don-petry don-petry enabled auto-merge (squash) June 8, 2026 01:19
Comment thread tests/test_pr_review_mention_stub.py Fixed
@don-petry don-petry disabled auto-merge June 8, 2026 01:41
@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead Fix CI — rate-limited

PR: #479 | SHA: 0fd73ac3406b062f089c3144be518db5f344838b
All engines were rate-limited. The retry cron will re-attempt automatically.

@don-petry don-petry enabled auto-merge (squash) June 8, 2026 01:41
@don-petry don-petry disabled auto-merge June 8, 2026 05:00
@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead Fix CI — applied

PR: #479 | SHA: 0fd73ac3406b062f089c3144be518db5f344838b
Fix committed and pushed. Waiting for CI.

@don-petry don-petry enabled auto-merge (squash) June 8, 2026 05:06
@don-petry don-petry disabled auto-merge June 8, 2026 05:08
@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

CI Failure: CodeQL

Step: CodeQL Analysis
Root cause: Lint/style

CodeQL flagged tests/test_pr_review_mention_stub.py line 56 with a high-severity "Clear-text logging of sensitive information" alert. The variable secrets_val holds the parsed value of the YAML secrets: key; because the name contains "secret", CodeQL treats it as potentially sensitive data and flags the print(f" actual: {secrets_val!r}") statement as leaking that value to stdout in clear text. This is a false positive in intent (the value is either "inherit" or a dict of secret names, not secret values), but CodeQL cannot distinguish that statically.

Suggested fix: Rename secrets_val to secrets_cfg (or any name not containing "secret") in tests/test_pr_review_mention_stub.py — this removes the taint source CodeQL uses to track the data flow without changing any logic.

View run logs

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-bot-comment (applied)

Changes committed and pushed.

@don-petry don-petry enabled auto-merge (squash) June 8, 2026 05:09
@don-petry don-petry disabled auto-merge June 8, 2026 05:10
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 8, 2026
@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (applied)

Changes committed and pushed.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — waiting on PR blockers (intent: review-changes)

PR: #479
No changes were committed, but the PR still has blocking checks or reviews (failing or cancelled checks, or changes-requested reviews). The retry cron will re-attempt automatically. Next attempt after: 2026-06-08T05:44:24Z

@don-petry

Copy link
Copy Markdown
Collaborator Author

Note

@don-petry I reviewed this PR and no code changes were needed, but it still has blocking checks or reviews (failing or cancelled checks, or changes-requested reviews), so I cannot mark it done yet. I'll re-check automatically.
Next attempt after: 2026-06-08T05:44:24Z

@don-petry don-petry enabled auto-merge (squash) June 8, 2026 05:14
@don-petry don-petry disabled auto-merge June 8, 2026 05:26
@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning
Issues addressed: 0
Files changed: (none)
Skipped (informational): 2 (Coverage on New Code, Duplication on New Code)
✅ No changes required — Quality Gate passed with zero new issues and zero security hotspots.
```

@sonarqubecloud

Copy link
Copy Markdown

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — rate-limited (intent: review-changes)

PR: #479
The retry cron will re-attempt automatically.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Note

@don-petry I received your request but all AI engines are currently rate-limited. I'll retry automatically once the rate limit clears.
Rate limit resets at: unknown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-human-review Flagged by automated PR review agent

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Fleet Monitor] petry-projects/.github-private — pr-review-mention.yml

4 participants