- **Code review** reviews _all_ changed text files (excluding lockfiles, `dist`/`skills`/`node_modules`, `.wrangler`, `src/assets`, and binary/image types). It emits `critical`/`warning`/`suggestion` severities with `CR-` ids and gives the model GitHub-API-backed tools (`read_repo_file` pinned to the PR head SHA, `search_repo`) so it can read full post-change file content for context — the diff patch alone is staged, but correctness review needs the surrounding code. The token stays in trusted code; only tool results cross into the sandbox. The repo's root `AGENTS.md` is fetched from the **PR base ref** (trusted, not head) and injected as agent `instructions`.
0 commit comments