Skip to content

Commit 99a5033

Browse files
author
hallelx2
committed
chore(standards): created local '.github/workflows/jules-review.yml' from remote '.github/workflows/jules-review.yml'
Synced AI-review standards from hallelx2/dev-standards.
1 parent e5d870a commit 99a5033

1 file changed

Lines changed: 40 additions & 0 deletions

File tree

.github/workflows/jules-review.yml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
name: jules-review
2+
3+
# Optional: auto-invoke Jules for a security-focused review on every PR.
4+
# PRIMARY path is simply commenting "@jules review this PR for security" on a PR —
5+
# Jules reads AGENTS.md + .github/agents/security-reviewer.agent.md and responds.
6+
# This workflow automates that, but only runs when a JULES_API_KEY secret is present,
7+
# so it no-ops safely in repos that haven't set one.
8+
9+
on:
10+
pull_request:
11+
types: [opened, synchronize, ready_for_review]
12+
13+
permissions:
14+
contents: read
15+
pull-requests: write
16+
17+
jobs:
18+
jules:
19+
runs-on: ubuntu-latest
20+
steps:
21+
- name: Guard — only run when a Jules key is configured
22+
id: guard
23+
run: |
24+
if [ -n "${{ secrets.JULES_API_KEY }}" ]; then
25+
echo "enabled=true" >> "$GITHUB_OUTPUT"
26+
else
27+
echo "enabled=false" >> "$GITHUB_OUTPUT"
28+
echo "No JULES_API_KEY set — skipping automated Jules review. Use @jules on the PR instead."
29+
fi
30+
- name: Jules security review
31+
if: steps.guard.outputs.enabled == 'true'
32+
uses: sanjay3290/jules-pr-reviewer@f364d6653b2e9dc5a24df3ef12974aa264148c98 # v1.0.1
33+
with:
34+
jules-api-key: ${{ secrets.JULES_API_KEY }}
35+
github-token: ${{ github.token }}
36+
review-prompt: >
37+
Review this pull request as an adversarial application-security reviewer.
38+
Follow .github/agents/security-reviewer.agent.md: hunt for broken authorization
39+
and multi-tenant data leakage, BYOK secret handling, injection/SSRF, and weak
40+
crypto. Default to "this is a finding" when unsure. Cite file:line and propose the fix.

0 commit comments

Comments
 (0)