[refactoring] Introduce shared/pr-review-base.md for slash-command code review workflows

[github-actions]

Overview

Multiple code review workflows triggered by slash commands or PR events share the same guard policy, tool configuration, and review comment safe-outputs. A shared/pr-review-base.md component would consolidate this pattern.

Current Usage (6 workflows)

Workflows using github-guard-policy.md on PR/slash-command events:

Workflow	guard-policy	pr-code-review-config	review comments
grumpy-reviewer.md	✅	✅	✅
pr-nitpick-reviewer.md	❌	❌	✅
security-review.md	❌	❌	✅
refiner.md	✅	❌	❌
pr-triage-agent.md	✅	❌	❌
org-health-report.md	✅	❌	❌

All 6 share: pull_request or slash_command trigger + contents: read + pull-requests: read permissions + cli-proxy: true tool.

Proposed Shared Component: shared/pr-review-base.md

---
# Base configuration for pull request code review workflows.
# Bundles: github-guard-policy + pr-code-review-config + standard PR review tools.
#
# Usage:
#   imports:
#     - uses: shared/pr-review-base.md
#       with:
#         min-integrity: approved   # optional

import-schema:
  min-integrity:
    type: string
    default: "approved"
    description: "Minimum integrity level required for tool access"
  include-pr-config:
    type: boolean
    default: true
    description: "Whether to include standard PR code review config prompt"

imports:
  - shared/github-guard-policy.md
  - shared/pr-code-review-config.md

permissions:
  contents: read
  pull-requests: read

tools:
  cli-proxy: true
  github:
    min-integrity: ${{ github.aw.import-inputs.min-integrity }}
    toolsets: [pull_requests, repos]

safe-outputs:
  create-pull-request-review-comment:
    max: 10
  noop:
---

Example Usage (After Migration)

on:
  slash_command:
    name: grumpy
    events: [pull_request_comment, pull_request_review_comment]

imports:
  - uses: shared/pr-review-base.md
    with:
      min-integrity: approved

Estimated Impact

• ~6 workflows immediately applicable
• ~10–15 lines removed per workflow
• Consistency benefit: All PR review bots gain the same guard policy and integrity check from a single source
• Enables future improvements (e.g., new PR review safe-output types) to propagate automatically

Migration Plan

1. Create shared/pr-review-base.md with the schema above
2. Run make recompile to verify no regressions
3. Migrate grumpy-reviewer.md, pr-nitpick-reviewer.md, security-review.md, refiner.md, pr-triage-agent.md to import the new shared component
4. Validate each workflow still compiles and produces correct lock files
5. Submit PR

References: §25163549011

Generated by Workflow Skill Extractor · ● 4.3M · ◷

• expires on May 2, 2026, 11:56 AM UTC

[github-actions]

🍪 Issue Monster selected this for Copilot

I've identified this issue as a good candidate for automated resolution and requested assignment to the Copilot coding agent.

If assignment succeeds, the Copilot coding agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster · ● 17.9K · ◷