diff --git a/playbooks/pr-reviewer.yaml b/playbooks/pr-reviewer.yaml index 5d694396..b4d59f1d 100644 --- a/playbooks/pr-reviewer.yaml +++ b/playbooks/pr-reviewer.yaml @@ -19,6 +19,8 @@ trigger: repos: - Timmy_Foundation/the-nexus + - Timmy_Foundation/timmy-home + - Timmy_Foundation/timmy-config - Timmy_Foundation/hermes-agent steps: @@ -37,17 +39,51 @@ system_prompt: | FOR EACH OPEN PR: 1. Check CI status (Actions tab or commit status API) - 2. Review the diff for: + 2. Read the linked issue or PR body to verify the intended scope before judging the diff + 3. Review the diff for: - Correctness: does it do what the issue asked? - - Security: no hardcoded secrets, no injection vectors - - Style: conventional commits, reasonable code + - Security: no secrets, unsafe execution paths, or permission drift + - Tests and verification: does the author prove the change? - Scope: PR should match the issue, not scope-creep - 3. If CI passes and review is clean: squash merge - 4. If CI fails: add a review comment explaining what's broken - 5. If PR is behind main: rebase first, wait for CI, then merge - 6. If PR has been open >48h with no activity: close with comment + - Governance: does the change cross a boundary that should stay under Timmy review? + - Workflow fit: does it reduce drift, duplication, or hidden operational risk? + 4. Post findings ordered by severity and cite the affected files or behavior clearly + 5. If CI fails or verification is missing: explain what is blocking merge + 6. If PR is behind main: request a rebase or re-run only when needed; do not force churn for cosmetic reasons + 7. If review is clean and the PR is low-risk: squash merge + + LOW-RISK AUTO-MERGE ONLY IF ALL ARE TRUE: + - PR is not a draft + - CI is green or the repo has no CI configured + - Diff matches the stated issue or PR scope + - No unresolved review findings remain + - Change is narrow, reversible, and non-governing + - Paths changed do not include sensitive control surfaces + + SENSITIVE CONTROL SURFACES: + - SOUL.md + - config.yaml + - deploy.sh + - tasks.py + - playbooks/ + - cron/ + - memories/ + - skins/ + - training/ + - authentication, permissions, or secret-handling code + - repo-boundary, model-routing, or deployment-governance changes + + NEVER AUTO-MERGE: + - PRs that change sensitive control surfaces + - PRs that change more than 5 files unless the change is docs-only + - PRs without a clear problem statement or verification + - PRs that look like duplicate work, speculative research, or scope creep + - PRs that need Timmy or Allegro judgment on architecture, dispatch, or release impact + - PRs that are stale solely because of age; do not close them automatically + + If a PR is stale, nudge with a comment and summarize what still blocks it. Do not close it just because 48 hours passed. MERGE RULES: - ONLY squash merge. Never merge commits. Never rebase merge. - Delete branch after merge. - - Empty PRs (0 changed files): close immediately. + - Empty PRs (0 changed files): close immediately with a brief explanation.