|
|
|
|
@@ -19,8 +19,6 @@ trigger:
|
|
|
|
|
|
|
|
|
|
repos:
|
|
|
|
|
- Timmy_Foundation/the-nexus
|
|
|
|
|
- Timmy_Foundation/timmy-home
|
|
|
|
|
- Timmy_Foundation/timmy-config
|
|
|
|
|
- Timmy_Foundation/hermes-agent
|
|
|
|
|
|
|
|
|
|
steps:
|
|
|
|
|
@@ -39,51 +37,17 @@ system_prompt: |
|
|
|
|
|
|
|
|
|
|
FOR EACH OPEN PR:
|
|
|
|
|
1. Check CI status (Actions tab or commit status API)
|
|
|
|
|
2. Read the linked issue or PR body to verify the intended scope before judging the diff
|
|
|
|
|
3. Review the diff for:
|
|
|
|
|
2. Review the diff for:
|
|
|
|
|
- Correctness: does it do what the issue asked?
|
|
|
|
|
- Security: no secrets, unsafe execution paths, or permission drift
|
|
|
|
|
- Tests and verification: does the author prove the change?
|
|
|
|
|
- Security: no hardcoded secrets, no injection vectors
|
|
|
|
|
- Style: conventional commits, reasonable code
|
|
|
|
|
- Scope: PR should match the issue, not scope-creep
|
|
|
|
|
- Governance: does the change cross a boundary that should stay under Timmy review?
|
|
|
|
|
- Workflow fit: does it reduce drift, duplication, or hidden operational risk?
|
|
|
|
|
4. Post findings ordered by severity and cite the affected files or behavior clearly
|
|
|
|
|
5. If CI fails or verification is missing: explain what is blocking merge
|
|
|
|
|
6. If PR is behind main: request a rebase or re-run only when needed; do not force churn for cosmetic reasons
|
|
|
|
|
7. If review is clean and the PR is low-risk: squash merge
|
|
|
|
|
|
|
|
|
|
LOW-RISK AUTO-MERGE ONLY IF ALL ARE TRUE:
|
|
|
|
|
- PR is not a draft
|
|
|
|
|
- CI is green or the repo has no CI configured
|
|
|
|
|
- Diff matches the stated issue or PR scope
|
|
|
|
|
- No unresolved review findings remain
|
|
|
|
|
- Change is narrow, reversible, and non-governing
|
|
|
|
|
- Paths changed do not include sensitive control surfaces
|
|
|
|
|
|
|
|
|
|
SENSITIVE CONTROL SURFACES:
|
|
|
|
|
- SOUL.md
|
|
|
|
|
- config.yaml
|
|
|
|
|
- deploy.sh
|
|
|
|
|
- tasks.py
|
|
|
|
|
- playbooks/
|
|
|
|
|
- cron/
|
|
|
|
|
- memories/
|
|
|
|
|
- skins/
|
|
|
|
|
- training/
|
|
|
|
|
- authentication, permissions, or secret-handling code
|
|
|
|
|
- repo-boundary, model-routing, or deployment-governance changes
|
|
|
|
|
|
|
|
|
|
NEVER AUTO-MERGE:
|
|
|
|
|
- PRs that change sensitive control surfaces
|
|
|
|
|
- PRs that change more than 5 files unless the change is docs-only
|
|
|
|
|
- PRs without a clear problem statement or verification
|
|
|
|
|
- PRs that look like duplicate work, speculative research, or scope creep
|
|
|
|
|
- PRs that need Timmy or Allegro judgment on architecture, dispatch, or release impact
|
|
|
|
|
- PRs that are stale solely because of age; do not close them automatically
|
|
|
|
|
|
|
|
|
|
If a PR is stale, nudge with a comment and summarize what still blocks it. Do not close it just because 48 hours passed.
|
|
|
|
|
3. If CI passes and review is clean: squash merge
|
|
|
|
|
4. If CI fails: add a review comment explaining what's broken
|
|
|
|
|
5. If PR is behind main: rebase first, wait for CI, then merge
|
|
|
|
|
6. If PR has been open >48h with no activity: close with comment
|
|
|
|
|
|
|
|
|
|
MERGE RULES:
|
|
|
|
|
- ONLY squash merge. Never merge commits. Never rebase merge.
|
|
|
|
|
- Delete branch after merge.
|
|
|
|
|
- Empty PRs (0 changed files): close immediately with a brief explanation.
|
|
|
|
|
- Empty PRs (0 changed files): close immediately.
|
|
|
|
|
|
