Skip to content

Harden pr-review-toolkit workflow agents#55

Merged
cblecker merged 1 commit into
mainfrom
fix/pr-review-toolkit-readonly-agents
Jun 24, 2026
Merged

Harden pr-review-toolkit workflow agents#55
cblecker merged 1 commit into
mainfrom
fix/pr-review-toolkit-readonly-agents

Conversation

@cblecker

@cblecker cblecker commented Jun 24, 2026

Copy link
Copy Markdown
Owner

Summary

  • split pr-review-toolkit workflow subagents into strict GitHub collection and read-only analysis agent types
  • add adaptive changed-file collection retries with smaller page sizes and better duplicate-page diagnostics
  • document the updated workflow agent flow and bump pr-review-toolkit to 1.6.0

Validation

  • claude plugin validate ./pr-review-toolkit
  • claude plugin validate .
  • uvx skillsaw --strict
  • npx markdownlint-cli2 --config /opt/gopath/src/github.com/cblecker/claude-plugins/.markdownlint-cli2.jsonc "pr-review-toolkit/**/*.md"

Summary by CodeRabbit

  • New Features

    • Improved PR review workflow reliability when gathering changed files, especially for larger pull requests.
    • Added clearer separation between collection and analysis steps for review processing.
  • Bug Fixes

    • Reduced missed or incomplete file listings by retrying with smaller batches when data is truncated.
    • Added stronger checks to detect duplicate or incomplete file manifests.
  • Documentation

    • Expanded the README with a clearer review flow and updated guidance on permissions for review agents.

Split workflow agent policies between strict GitHub collection and read-only analysis, add adaptive file-page retries, and document the updated flow.

Assisted-by: Codex:gpt-5
Copilot AI review requested due to automatic review settings June 24, 2026 18:16
@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Two new agent configuration files (pr-review-github-collector and pr-review-analysis-readonly) are introduced with explicit tool allowlists/blocklists enforcing read-only operation. The changed-file manifest collection in review-pr.js is refactored into dedicated helpers with per-page retry logic using smaller page sizes on failure. All agent invocations receive an explicit agentType. README is updated with agent pathway documentation, and the plugin manifest is bumped to 1.6.0.

Changes

Agent Boundaries and Manifest Collection Reliability

Layer / File(s) Summary
New agent permission boundary configs
pr-review-toolkit/agents/pr-review-github-collector.md, pr-review-toolkit/agents/pr-review-analysis-readonly.md
pr-review-github-collector restricts to GitHub PR read MCP tool only with shell/file/web/write tools blocked and instructs returning an empty files array on truncation. pr-review-analysis-readonly blocks bash/edit/web and GitHub write MCP tools while permitting read-only repo inspection and MCP reads.
Manifest collection helpers and retry constants
pr-review-toolkit/skills/review-pr/review-pr.js
Adds FILE_RETRY_PAGE_SIZES and two agentType constants. Refactors mergeFilePages to accept and record perPage; adds duplicate-path detection and a richer manifest-incomplete error message. Updates validateFilePageResults to compute expected file counts from perPage.
Paginated manifest fetch with perPage retry loop
pr-review-toolkit/skills/review-pr/review-pr.js
Replaces the previous single-pass fetch with collectFilePage, collectFilePages, filePagesFor, collectFileManifestAttempt, and collectCompleteFileManifest. Pages are collected in parallel per attempt; truncated pages return an empty files array; failed attempts retry by stepping through FILE_RETRY_PAGE_SIZES; all attempts exhausted throws the last error.
Workflow orchestration: agentType wiring and manifest integration
pr-review-toolkit/skills/review-pr/review-pr.js
Main flow calls collectCompleteFileManifest(pr) and derives files/filePageCount from its return. Thread collection agent gains pr-review-github-collector agentType and higher effort. Specialist reviewer and synthesis agent calls receive pr-review-analysis-readonly agentType. Analysis prompt patch-access guidance text is adjusted.
README documentation and plugin version bump
pr-review-toolkit/README.md, pr-review-toolkit/.claude-plugin/plugin.json
README Review Flow section gains step-by-step control flow for the two agent pathways; GitHub MCP Permissions section documents their tool restrictions. Plugin manifest version bumped from 1.5.0 to 1.6.0.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

  • cblecker/claude-plugins#47: Directly related — both PRs modify the changed-file/manifest collection pipeline in review-pr.js, with #47 focusing on discovering/filtering changed files before patch generation and this PR adding pagination retry and per-page tracking on top of that foundation.
  • cblecker/claude-plugins#54: Both PRs modify the core review-pr.js workflow orchestration contract around how agent calls are structured and how the file collection pipeline feeds downstream agents.
  • cblecker/claude-plugins#52: Both PRs modify agent prompting and agent invocation options in review-pr.js, with #52 standardizing agent instructions and this PR adding agentType wiring to collector, analyzer, and synthesis calls.

Suggested reviewers

  • Copilot

Poem

🐰 Hop hop, two agents now guard the gate,
One reads GitHub files, one holds the review slate.
When pages are too big, we retry with less,
Smaller and smaller 'til we find success!
No shell commands here, just pure read-only grace —
The rabbit has tidied the whole workflow space. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly reflects the main change: hardening the pr-review-toolkit workflow agents and related workflow controls.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/pr-review-toolkit-readonly-agents

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Biome (2.5.0)
pr-review-toolkit/skills/review-pr/review-pr.js

File contains syntax errors that prevent linting: Line 1584: Illegal return statement outside of a function


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pr-review-toolkit/agents/pr-review-analysis-readonly.md`:
- Around line 4-15: The analysis agent config is still relying on a denylist, so
new mutating tools could slip through unnoticed. Update the readonly agent
definition to use an explicit tools allowlist matching the collector config, and
keep the existing disallowedTools block only as backup defense; use the analysis
agent config symbols where the tool policy is defined.

In `@pr-review-toolkit/skills/review-pr/review-pr.js`:
- Around line 1221-1229: The retry path in filePagesFor/collectFilePages
currently falls back to perPage=1 and can spawn one high-effort collector per
changed file, which is too expensive for large PRs. Update the retry logic
around filePagesFor, collectFilePages, and collectFilePage so the last attempt
uses bounded concurrency and/or a lower effort level, and add a threshold that
prevents switching to perPage=1 when the page count is large. Keep the recovery
behavior, but cap the number of parallel collectors created from filePages to
avoid exhausting workflow/runtime limits.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 53be47b1-8e39-4e18-b93b-73110eba3e47

📥 Commits

Reviewing files that changed from the base of the PR and between 18df456 and 16468ff.

📒 Files selected for processing (5)
  • pr-review-toolkit/.claude-plugin/plugin.json
  • pr-review-toolkit/README.md
  • pr-review-toolkit/agents/pr-review-analysis-readonly.md
  • pr-review-toolkit/agents/pr-review-github-collector.md
  • pr-review-toolkit/skills/review-pr/review-pr.js

Comment on lines +4 to +15
disallowedTools:
- Bash
- Write
- Edit
- MultiEdit
- NotebookEdit
- Task
- WebFetch
- WebSearch
- mcp__plugin_github_github__pull_request_review_write
- mcp__plugin_github_github__add_comment_to_pending_review
---

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift

Use an explicit allowlist for the analysis agent.

This boundary is still open-ended because it relies on disallowedTools only. If the runtime/plugin adds another mutating tool later, this agent silently gains it until someone updates the blocklist. That undercuts the hardening this PR is trying to add. Mirror the collector config with an explicit read-only tools: allowlist and keep disallowedTools as defense in depth if you want.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pr-review-toolkit/agents/pr-review-analysis-readonly.md` around lines 4 - 15,
The analysis agent config is still relying on a denylist, so new mutating tools
could slip through unnoticed. Update the readonly agent definition to use an
explicit tools allowlist matching the collector config, and keep the existing
disallowedTools block only as backup defense; use the analysis agent config
symbols where the tool policy is defined.

Comment on lines +1221 to +1229
async function collectFilePages(pr, filePages, perPage, effort, labelSuffix) {
return parallel(filePages.map(page => () => collectFilePage(pr, page, perPage, effort, labelSuffix)))
}

function filePagesFor(total, perPage) {
const pageCount = Math.max(1, Math.ceil((total || 1) / perPage))
const pages = []
for (let page = 1; page <= pageCount; page++) pages.push(page)
return { pageCount: pageCount, pages: pages }

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | 🏗️ Heavy lift

Cap the perPage=1 fallback before it turns into one high-effort agent per file.

On the last retry, filePagesFor(pr.changedFiles, 1) makes collectFilePages spawn one collector agent for every changed file. For a large PR, that means dozens or hundreds of extra high-effort runs on the failure path, which is likely to hit workflow/runtime limits instead of recovering. Batch these retries with bounded concurrency, lower the retry effort, or stop before perPage=1 once the page count crosses a threshold.

Also applies to: 1251-1274

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pr-review-toolkit/skills/review-pr/review-pr.js` around lines 1221 - 1229,
The retry path in filePagesFor/collectFilePages currently falls back to
perPage=1 and can spawn one high-effort collector per changed file, which is too
expensive for large PRs. Update the retry logic around filePagesFor,
collectFilePages, and collectFilePage so the last attempt uses bounded
concurrency and/or a lower effort level, and add a threshold that prevents
switching to perPage=1 when the page count is large. Keep the recovery behavior,
but cap the number of parallel collectors created from filePages to avoid
exhausting workflow/runtime limits.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the pr-review-toolkit workflow by giving the agents that the bundled review-pr.js workflow spawns explicit, phase-specific tool boundaries, and by making the changed-file collection more resilient. Because workflow agent() calls cannot pass per-call tool allowlists, the change introduces two dedicated plugin agent types: a strict GitHub-only collector (used for PR metadata, file pages, and review threads) and a read-only analysis agent (used for specialist reviews and synthesis). It also adds adaptive retries that re-collect changed files with progressively smaller page sizes and report duplicate-page diagnostics, and bumps the plugin to 1.6.0.

Changes:

  • Add pr-review-github-collector (allowlisted to pull_request_read) and pr-review-analysis-readonly agent types and route all spawned agents through them via agentType.
  • Refactor file collection into collectCompleteFileManifest with perPage retries ([5, 1]), per-page validation threaded with perPage, and richer duplicate-path error diagnostics.
  • Document the control flow / agent boundaries in the README and bump the version to 1.6.0.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
pr-review-toolkit/skills/review-pr/review-pr.js Adds agent-type constants, retry-based file manifest collection, duplicate-page diagnostics, and threads perPage through validation/merge; routes collect/analyze/synthesize agents to the new agent types and bumps thread-collection effort.
pr-review-toolkit/agents/pr-review-github-collector.md New GitHub-only collector agent with a strict tools allowlist and a denylist for shell/local/web tools.
pr-review-toolkit/agents/pr-review-analysis-readonly.md New read-only analysis agent denying shell/edit/web and two GitHub write tools while allowing repo and read-only MCP inspection.
pr-review-toolkit/README.md Documents the control-flow diagram and the responsibilities of the two new agent types.
pr-review-toolkit/.claude-plugin/plugin.json Version bump 1.5.0 → 1.6.0.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

const STANDARDIZATION_SUFFIX = `Return only high-signal candidate findings. For each finding, provide a concise title, a concrete claim, structured evidence, specialist reasoning, why it matters, and a specific suggested fix when applicable. Include a postability recommendation for human review only: recommended_to_post, possible_plus_one, partial_overlap, discussion_only, already_covered, or discard. Preserve concrete evidence from patches, files, and existing threads; do not collapse reasoning into generic summaries. Use a neutral technical voice and do not reference yourself, your role, or your review methodology.`

const FILE_PAGE_SIZE = 10
const FILE_RETRY_PAGE_SIZES = [5, 1]
Comment on lines +4 to +14
disallowedTools:
- Bash
- Write
- Edit
- MultiEdit
- NotebookEdit
- Task
- WebFetch
- WebSearch
- mcp__plugin_github_github__pull_request_review_write
- mcp__plugin_github_github__add_comment_to_pending_review
@cblecker cblecker merged commit b1736b7 into main Jun 24, 2026
12 checks passed
@cblecker cblecker deleted the fix/pr-review-toolkit-readonly-agents branch June 24, 2026 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants