diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index b9dbbb7ee74..d49c2904c3d 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -27,7 +27,7 @@ # Imports: # - shared/mood.md # -# frontmatter-hash: de3ffbc77a0209482231fffa3613ba12b855445da7e7526b863d1e14ece5319d +# frontmatter-hash: 5ca7d98654eda20f8127f62bff3547e10253af296a8ca719f146f41cc44007ad name: "Grumpy Code Reviewer 🔥" "on": @@ -259,31 +259,10 @@ jobs: mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs cat > /opt/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_EOF' - {"add_comment":{"max":1},"create_pull_request_review_comment":{"max":5},"missing_data":{},"missing_tool":{},"noop":{"max":1}} + {"create_pull_request_review_comment":{"max":5},"missing_data":{},"missing_tool":{},"noop":{"max":1},"submit_pull_request_review":{"max":1}} GH_AW_SAFE_OUTPUTS_CONFIG_EOF cat > /opt/gh-aw/safeoutputs/tools.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_EOF' [ - { - "description": "Add a comment to an existing GitHub issue, pull request, or discussion. Use this to provide feedback, answer questions, or add information to an existing conversation. For creating new items, use create_issue, create_discussion, or create_pull_request instead. CONSTRAINTS: Maximum 1 comment(s) can be added.", - "inputSchema": { - "additionalProperties": false, - "properties": { - "body": { - "description": "The comment text in Markdown format. This is the 'body' field - do not use 'comment_body' or other variations. Provide helpful, relevant information that adds value to the conversation.", - "type": "string" - }, - "item_number": { - "description": "The issue, pull request, or discussion number to comment on. This is the numeric ID from the GitHub URL (e.g., 123 in github.com/owner/repo/issues/123). If omitted, the tool will attempt to resolve the target from the current workflow context (triggering issue, PR, or discussion).", - "type": "number" - } - }, - "required": [ - "body" - ], - "type": "object" - }, - "name": "add_comment" - }, { "description": "Create a review comment on a specific line of code in a pull request. Use this for inline code review feedback, suggestions, or questions about specific code changes. For general PR comments not tied to specific lines, use add_comment instead. CONSTRAINTS: Maximum 5 review comment(s) can be created. Comments will be on the RIGHT side of the diff.", "inputSchema": { @@ -329,6 +308,29 @@ jobs: }, "name": "create_pull_request_review_comment" }, + { + "description": "Submit a pull request review with a status decision. All create_pull_request_review_comment outputs are automatically collected and included as inline comments in this review. Use APPROVE to approve the PR, REQUEST_CHANGES to request changes, or COMMENT for general feedback without a decision. If you don't call this tool, review comments are still submitted as a COMMENT review. CONSTRAINTS: Maximum 1 review(s) can be submitted.", + "inputSchema": { + "additionalProperties": false, + "properties": { + "body": { + "description": "Overall review summary in Markdown. Provide a high-level assessment of the changes. Required for REQUEST_CHANGES; optional for APPROVE and COMMENT.", + "type": "string" + }, + "event": { + "description": "Review decision: APPROVE to approve the pull request, REQUEST_CHANGES to formally request changes before merging, or COMMENT for general feedback without a formal decision. Defaults to COMMENT when omitted.", + "enum": [ + "APPROVE", + "REQUEST_CHANGES", + "COMMENT" + ], + "type": "string" + } + }, + "type": "object" + }, + "name": "submit_pull_request_review" + }, { "description": "Report that a tool or capability needed to complete the task is not available, or share any information you deem important about missing functionality or limitations. Use this when you cannot accomplish what was requested because the required functionality is missing or access is restricted.", "inputSchema": { @@ -402,20 +404,6 @@ jobs: GH_AW_SAFE_OUTPUTS_TOOLS_EOF cat > /opt/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_EOF' { - "add_comment": { - "defaultMax": 1, - "fields": { - "body": { - "required": true, - "type": "string", - "sanitize": true, - "maxLength": 65000 - }, - "item_number": { - "issueOrPRNumber": true - } - } - }, "create_pull_request_review_comment": { "defaultMax": 1, "fields": { @@ -477,6 +465,24 @@ jobs: "maxLength": 65000 } } + }, + "submit_pull_request_review": { + "defaultMax": 1, + "fields": { + "body": { + "type": "string", + "sanitize": true, + "maxLength": 65000 + }, + "event": { + "type": "string", + "enum": [ + "APPROVE", + "REQUEST_CHANGES", + "COMMENT" + ] + } + } } } GH_AW_SAFE_OUTPUTS_VALIDATION_EOF @@ -907,8 +913,6 @@ jobs: runs-on: ubuntu-slim permissions: contents: read - discussions: write - issues: write pull-requests: write outputs: noop_message: ${{ steps.noop.outputs.noop_message }} @@ -1195,8 +1199,6 @@ jobs: runs-on: ubuntu-slim permissions: contents: read - discussions: write - issues: write pull-requests: write timeout-minutes: 15 env: @@ -1236,7 +1238,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} - GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"max\":1},\"create_pull_request_review_comment\":{\"max\":5,\"side\":\"RIGHT\"},\"missing_data\":{},\"missing_tool\":{}}" + GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request_review_comment\":{\"max\":5,\"side\":\"RIGHT\"},\"missing_data\":{},\"missing_tool\":{},\"submit_pull_request_review\":{\"max\":1}}" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/grumpy-reviewer.md b/.github/workflows/grumpy-reviewer.md index d594cfe53cc..f64295bf675 100644 --- a/.github/workflows/grumpy-reviewer.md +++ b/.github/workflows/grumpy-reviewer.md @@ -14,11 +14,11 @@ tools: lockdown: true toolsets: [pull_requests, repos] safe-outputs: - add-comment: - max: 1 create-pull-request-review-comment: max: 5 side: "RIGHT" + submit-pull-request-review: + max: 1 messages: footer: "> 😤 *Reluctantly reviewed by [{workflow_name}]({run_url})*" run-started: "😤 *sigh* [{workflow_name}]({run_url}) is begrudgingly looking at this {event_type}... This better be worth my time." @@ -102,7 +102,15 @@ If the code is actually good: - "Surprisingly not terrible. The error handling is actually present." - "Huh. This is clean. Did AI actually write something decent?" -### Step 5: Update Memory +### Step 5: Submit the Review + +Submit a review using `submit_pull_request_review` with your overall verdict. Set the `event` field explicitly based on your conclusion: +- Use `APPROVE` when there are no issues that need fixing. +- Use `REQUEST_CHANGES` when there are issues that must be fixed before merging. +- (Optionally) use `COMMENT` when you only have non-blocking observations. +Keep the overall review comment brief and grumpy. + +### Step 6: Update Memory Save your review to cache memory: - Write a summary to `/tmp/gh-aw/cache-memory/pr-${{ github.event.issue.number }}.json` including: diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index fe634f0caa4..0cbcbaa1f4f 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -28,7 +28,7 @@ # - shared/mood.md # - shared/reporting.md # -# frontmatter-hash: 66c4bfdfd0f5eac2801b02270acb529c9a880bb904e75df280f747faedaff0cf +# frontmatter-hash: e41706cf3b5f63db3dcae1670aa41148710c3d5d45fe4731e29101b5bc6d198c name: "PR Nitpick Reviewer 🔍" "on": @@ -272,7 +272,7 @@ jobs: mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs cat > /opt/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_EOF' - {"add_comment":{"max":3},"create_discussion":{"expires":168,"max":1},"create_pull_request_review_comment":{"max":10},"missing_data":{},"missing_tool":{},"noop":{"max":1}} + {"create_discussion":{"expires":168,"max":1},"create_pull_request_review_comment":{"max":10},"missing_data":{},"missing_tool":{},"noop":{"max":1},"submit_pull_request_review":{"max":1}} GH_AW_SAFE_OUTPUTS_CONFIG_EOF cat > /opt/gh-aw/safeoutputs/tools.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_EOF' [ @@ -302,27 +302,6 @@ jobs: }, "name": "create_discussion" }, - { - "description": "Add a comment to an existing GitHub issue, pull request, or discussion. Use this to provide feedback, answer questions, or add information to an existing conversation. For creating new items, use create_issue, create_discussion, or create_pull_request instead. CONSTRAINTS: Maximum 3 comment(s) can be added.", - "inputSchema": { - "additionalProperties": false, - "properties": { - "body": { - "description": "The comment text in Markdown format. This is the 'body' field - do not use 'comment_body' or other variations. Provide helpful, relevant information that adds value to the conversation.", - "type": "string" - }, - "item_number": { - "description": "The issue, pull request, or discussion number to comment on. This is the numeric ID from the GitHub URL (e.g., 123 in github.com/owner/repo/issues/123). If omitted, the tool will attempt to resolve the target from the current workflow context (triggering issue, PR, or discussion).", - "type": "number" - } - }, - "required": [ - "body" - ], - "type": "object" - }, - "name": "add_comment" - }, { "description": "Create a review comment on a specific line of code in a pull request. Use this for inline code review feedback, suggestions, or questions about specific code changes. For general PR comments not tied to specific lines, use add_comment instead. CONSTRAINTS: Maximum 10 review comment(s) can be created. Comments will be on the RIGHT side of the diff.", "inputSchema": { @@ -368,6 +347,29 @@ jobs: }, "name": "create_pull_request_review_comment" }, + { + "description": "Submit a pull request review with a status decision. All create_pull_request_review_comment outputs are automatically collected and included as inline comments in this review. Use APPROVE to approve the PR, REQUEST_CHANGES to request changes, or COMMENT for general feedback without a decision. If you don't call this tool, review comments are still submitted as a COMMENT review. CONSTRAINTS: Maximum 1 review(s) can be submitted.", + "inputSchema": { + "additionalProperties": false, + "properties": { + "body": { + "description": "Overall review summary in Markdown. Provide a high-level assessment of the changes. Required for REQUEST_CHANGES; optional for APPROVE and COMMENT.", + "type": "string" + }, + "event": { + "description": "Review decision: APPROVE to approve the pull request, REQUEST_CHANGES to formally request changes before merging, or COMMENT for general feedback without a formal decision. Defaults to COMMENT when omitted.", + "enum": [ + "APPROVE", + "REQUEST_CHANGES", + "COMMENT" + ], + "type": "string" + } + }, + "type": "object" + }, + "name": "submit_pull_request_review" + }, { "description": "Report that a tool or capability needed to complete the task is not available, or share any information you deem important about missing functionality or limitations. Use this when you cannot accomplish what was requested because the required functionality is missing or access is restricted.", "inputSchema": { @@ -441,20 +443,6 @@ jobs: GH_AW_SAFE_OUTPUTS_TOOLS_EOF cat > /opt/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_EOF' { - "add_comment": { - "defaultMax": 1, - "fields": { - "body": { - "required": true, - "type": "string", - "sanitize": true, - "maxLength": 65000 - }, - "item_number": { - "issueOrPRNumber": true - } - } - }, "create_discussion": { "defaultMax": 1, "fields": { @@ -542,6 +530,24 @@ jobs: "maxLength": 65000 } } + }, + "submit_pull_request_review": { + "defaultMax": 1, + "fields": { + "body": { + "type": "string", + "sanitize": true, + "maxLength": 65000 + }, + "event": { + "type": "string", + "enum": [ + "APPROVE", + "REQUEST_CHANGES", + "COMMENT" + ] + } + } } } GH_AW_SAFE_OUTPUTS_VALIDATION_EOF @@ -1314,7 +1320,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} - GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"max\":3},\"create_discussion\":{\"category\":\"general\",\"expires\":168,\"fallback_to_issue\":true,\"max\":1,\"title_prefix\":\"[nitpick-report] \"},\"create_pull_request_review_comment\":{\"max\":10,\"side\":\"RIGHT\"},\"missing_data\":{},\"missing_tool\":{}}" + GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_discussion\":{\"category\":\"general\",\"expires\":168,\"fallback_to_issue\":true,\"max\":1,\"title_prefix\":\"[nitpick-report] \"},\"create_pull_request_review_comment\":{\"max\":10,\"side\":\"RIGHT\"},\"missing_data\":{},\"missing_tool\":{},\"submit_pull_request_review\":{\"max\":1}}" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/pr-nitpick-reviewer.md b/.github/workflows/pr-nitpick-reviewer.md index 26df7cfda13..2af59951b5e 100644 --- a/.github/workflows/pr-nitpick-reviewer.md +++ b/.github/workflows/pr-nitpick-reviewer.md @@ -16,11 +16,11 @@ safe-outputs: title-prefix: "[nitpick-report] " category: "general" max: 1 - add-comment: - max: 3 create-pull-request-review-comment: max: 10 side: "RIGHT" + submit-pull-request-review: + max: 1 messages: footer: "> 🔍 *Meticulously inspected by [{workflow_name}]({run_url})*" run-started: "🔬 Adjusting monocle... [{workflow_name}]({run_url}) is scrutinizing every pixel of this {event_type}..." @@ -167,7 +167,7 @@ For each nitpick found, decide on the appropriate output type: - Keep comments constructive and helpful - Maximum 10 review comments (most important issues) -#### Use `add-comment` for: +#### Use `submit_pull_request_review` for: - **General observations** - Overall patterns across the PR - **Summary feedback** - High-level themes - **Appreciation** - Acknowledgment of good practices @@ -179,11 +179,10 @@ For each nitpick found, decide on the appropriate output type: } ``` -**Guidelines for PR comments:** +**Guidelines for review submission:** - Provide overview and context - Group related nitpicks into themes - Acknowledge good practices -- Maximum 3 PR comments total #### Use `create-discussion` for: - **Daily/weekly summary report** - Comprehensive markdown report diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index dddf2a6eb72..d53a742bc25 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -27,7 +27,7 @@ # Imports: # - shared/mood.md # -# frontmatter-hash: 8b92eaeec7d3ad005ab8747445781f13e5eac78bcaf90b8011f3931a3eb8f01b +# frontmatter-hash: 7ed05f87d4291aa66da0c27f6ecb72eefa9cbe3a4653046c50372a2b1d08693b name: "Security Review Agent 🔒" "on": @@ -316,31 +316,10 @@ jobs: mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs cat > /opt/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_EOF' - {"add_comment":{"max":1},"create_pull_request_review_comment":{"max":10},"missing_data":{},"missing_tool":{},"noop":{"max":1}} + {"create_pull_request_review_comment":{"max":10},"missing_data":{},"missing_tool":{},"noop":{"max":1},"submit_pull_request_review":{"max":1}} GH_AW_SAFE_OUTPUTS_CONFIG_EOF cat > /opt/gh-aw/safeoutputs/tools.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_EOF' [ - { - "description": "Add a comment to an existing GitHub issue, pull request, or discussion. Use this to provide feedback, answer questions, or add information to an existing conversation. For creating new items, use create_issue, create_discussion, or create_pull_request instead. CONSTRAINTS: Maximum 1 comment(s) can be added.", - "inputSchema": { - "additionalProperties": false, - "properties": { - "body": { - "description": "The comment text in Markdown format. This is the 'body' field - do not use 'comment_body' or other variations. Provide helpful, relevant information that adds value to the conversation.", - "type": "string" - }, - "item_number": { - "description": "The issue, pull request, or discussion number to comment on. This is the numeric ID from the GitHub URL (e.g., 123 in github.com/owner/repo/issues/123). If omitted, the tool will attempt to resolve the target from the current workflow context (triggering issue, PR, or discussion).", - "type": "number" - } - }, - "required": [ - "body" - ], - "type": "object" - }, - "name": "add_comment" - }, { "description": "Create a review comment on a specific line of code in a pull request. Use this for inline code review feedback, suggestions, or questions about specific code changes. For general PR comments not tied to specific lines, use add_comment instead. CONSTRAINTS: Maximum 10 review comment(s) can be created. Comments will be on the RIGHT side of the diff.", "inputSchema": { @@ -386,6 +365,29 @@ jobs: }, "name": "create_pull_request_review_comment" }, + { + "description": "Submit a pull request review with a status decision. All create_pull_request_review_comment outputs are automatically collected and included as inline comments in this review. Use APPROVE to approve the PR, REQUEST_CHANGES to request changes, or COMMENT for general feedback without a decision. If you don't call this tool, review comments are still submitted as a COMMENT review. CONSTRAINTS: Maximum 1 review(s) can be submitted.", + "inputSchema": { + "additionalProperties": false, + "properties": { + "body": { + "description": "Overall review summary in Markdown. Provide a high-level assessment of the changes. Required for REQUEST_CHANGES; optional for APPROVE and COMMENT.", + "type": "string" + }, + "event": { + "description": "Review decision: APPROVE to approve the pull request, REQUEST_CHANGES to formally request changes before merging, or COMMENT for general feedback without a formal decision. Defaults to COMMENT when omitted.", + "enum": [ + "APPROVE", + "REQUEST_CHANGES", + "COMMENT" + ], + "type": "string" + } + }, + "type": "object" + }, + "name": "submit_pull_request_review" + }, { "description": "Report that a tool or capability needed to complete the task is not available, or share any information you deem important about missing functionality or limitations. Use this when you cannot accomplish what was requested because the required functionality is missing or access is restricted.", "inputSchema": { @@ -459,20 +461,6 @@ jobs: GH_AW_SAFE_OUTPUTS_TOOLS_EOF cat > /opt/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_EOF' { - "add_comment": { - "defaultMax": 1, - "fields": { - "body": { - "required": true, - "type": "string", - "sanitize": true, - "maxLength": 65000 - }, - "item_number": { - "issueOrPRNumber": true - } - } - }, "create_pull_request_review_comment": { "defaultMax": 1, "fields": { @@ -534,6 +522,24 @@ jobs: "maxLength": 65000 } } + }, + "submit_pull_request_review": { + "defaultMax": 1, + "fields": { + "body": { + "type": "string", + "sanitize": true, + "maxLength": 65000 + }, + "event": { + "type": "string", + "enum": [ + "APPROVE", + "REQUEST_CHANGES", + "COMMENT" + ] + } + } } } GH_AW_SAFE_OUTPUTS_VALIDATION_EOF @@ -978,8 +984,6 @@ jobs: runs-on: ubuntu-slim permissions: contents: read - discussions: write - issues: write pull-requests: write outputs: noop_message: ${{ steps.noop.outputs.noop_message }} @@ -1266,8 +1270,6 @@ jobs: runs-on: ubuntu-slim permissions: contents: read - discussions: write - issues: write pull-requests: write timeout-minutes: 15 env: @@ -1307,7 +1309,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} - GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"max\":1},\"create_pull_request_review_comment\":{\"max\":10,\"side\":\"RIGHT\"},\"missing_data\":{},\"missing_tool\":{}}" + GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request_review_comment\":{\"max\":10,\"side\":\"RIGHT\"},\"missing_data\":{},\"missing_tool\":{},\"submit_pull_request_review\":{\"max\":1}}" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/security-review.md b/.github/workflows/security-review.md index db1d7a2ec6e..898cdbfda58 100644 --- a/.github/workflows/security-review.md +++ b/.github/workflows/security-review.md @@ -20,11 +20,11 @@ tools: edit: web-fetch: safe-outputs: - add-comment: - max: 1 create-pull-request-review-comment: max: 10 side: "RIGHT" + submit-pull-request-review: + max: 1 messages: footer: "> 🔒 *Security review by [{workflow_name}]({run_url})*" run-started: "🔍 [{workflow_name}]({run_url}) is analyzing this {event_type} for security implications..." @@ -175,9 +175,9 @@ For each security concern found: - Potential attack vector or risk - Recommended mitigation or alternative -### Step 5: Summary Comment +### Step 5: Submit the Review -Create a summary comment with: +Submit a review using `submit_pull_request_review` with: - Total number of security concerns by severity - Overview of boundaries affected - Recommendations for the PR author