Add PR review agentic workflow with expert-reviewer agent#593
Merged
Add PR review agentic workflow with expert-reviewer agent#593
Conversation
Adds a /review slash command workflow modeled after dotnet/msbuild's approach, adapted for PolyPilot with domain-specific review dimensions: - .github/workflows/review.agent.md: Slash command trigger - .github/workflows/shared/review-shared.md: Shared config (permissions, tools, safe-outputs) - .github/agents/expert-reviewer.agent.md: Expert reviewer with 12 PolyPilot-specific review dimensions, multi-model consensus validation, and 4-wave review workflow (Find → Validate → Post → Summary) Review dimensions cover: IsProcessing safety, SDK event handling, thread safety, multi-agent orchestration, session persistence, bridge protocol, MAUI/Blazor platform safety, test coverage, performance, watchdog logic, connection management, and code conventions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Owner
Author
🔍 Multi-Model Code Review — PR #593PR: Add PR review agentic workflow with expert-reviewer agent Review History
🔄 Re-Review Round 7 (2026-04-16T23:13Z) — Commits 10–12Commits:
Net change: Only the safe-output key rename survives (commits 11+12 cancel out). Previous Finding — Final Status
Verified: Complete Finding Tracker — All 7 Rounds, 17 Findings
✅ 17/17 findings resolved.Recommended Action✅ Approve All 17 findings across 7 review rounds have been resolved. The PR delivers a comprehensive, well-designed review workflow:
|
Fixes from PR review: - Fix pull-requests permission to 'write' (was 'read', would 403) - Remove redundant permissions block from review.agent.md - Fix IsProcessing companion fields to match actual ClearProcessingState() (~22 fields/ops, not 9 phantom fields) - Fix Organization.Sessions threading to _organizationLock pattern - Fix watchdog timeouts to actual 8 constants (30/35/60/120/180/600/3600s) - Fix HasUsedToolsThisTurn timeout to 180s (not 600s) - Add Wave 0 triage to avoid cost explosion on docs/test-only PRs - Use Sonnet for Wave 1 scanning, Opus for Wave 2 validation - Increase timeout from 60 to 90 minutes - Add repo file read step for authoritative field lists - Add partial-output fallback detection - Remove redundant permissions block New: - Add review-on-open.agent.md for automatic review on PRs from contributors with write access (trusted forks + direct pushes) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Combine pull_request (auto) and slash_command (/review) triggers into one workflow file. The body is identical — no need for two files. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add 'if accessible' qualifier to Principle 1 skill reference - Add LastUpdatedAt to companion fields list - Add cost/noise note for auto-trigger on push Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ection - Replace 'verify all 9 companion fields' with ClearProcessingState() reference in Wave 1/Wave 2 sub-agent prompts (was stale pre-refactor count) - Add IsResumed as a 600s timeout condition in Dimension 10 Rule 2 (code gives 600s for ActiveToolCallCount>0 OR IsResumed+non-quiescent) - Add prompt-injection defense preamble: treat all PR content as untrusted Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The CHECK parenthetical still said 'only ActiveToolCallCount > 0 gives 600s' after Rule 2 was updated to include IsResumed. Now consistent. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace synchronize (every push) with smarter triggers: - opened: first review on new PRs - ready_for_review: re-review when draft goes ready - labeled: re-review when 'review' label added - /review: on-demand via slash command (unchanged) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add issues:write permission and remove-label safe-output so the workflow can remove the triggering label, making it re-addable for future review requests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Step 1b: exit early if labeled event is not the 'review' label, preventing unrelated labels from triggering the pipeline - Step 6: specify how to detect the trigger label via github.event.action and github.event.label.name Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Match the tool name convention (create_pull_request_review_comment, submit_pull_request_review, add_comment, remove_label) used in the agent instructions and GitHub MCP tool names. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace claude-opus-4.6, claude-sonnet-4.6, gpt-5.3-codex with claude-opus, claude-sonnet, gpt so the workflow automatically uses the latest available version of each model family. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bare family names (claude-opus, claude-sonnet, gpt) are not confirmed to work in gh-aw. Revert to explicit versions matching the msbuild reference pattern. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
PureWeen
added a commit
that referenced
this pull request
Apr 17, 2026
gh-aw safe-output keys must use hyphens (kebab-case), not underscores. The compiler normalizes them to underscores in the lock file. Using underscores in the source caused the compiler to silently drop them, resulting in no PR review tools in the compiled workflow. Reverts the underscore change from PR #593 commit 10 — msbuild's original hyphenated format was correct. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
/reviewslash command agentic workflow modeled after dotnet/msbuild's approach, adapted for PolyPilot with domain-specific review dimensions.Files Added
.github/workflows/review.agent.md/reviewon PR comments).github/workflows/shared/review-shared.md.github/agents/expert-reviewer.agent.mdReview Dimensions
Review Workflow
Uses msbuild's 4-wave pattern:
Multi-model consensus (≥2/3) for borderline findings using claude-opus-4.6, claude-sonnet-4.6, and gpt-5.3-codex.