Workflow change is small, surgical, and well-commented. Three steps (run + capture, post sticky, re-fail) is the right decomposition and the sentinel-matching with fallow's <!-- fallow-id: fallow-results --> is the correct sticky pattern.

Audited: .github/workflows/ci.yml (entire file, end-to-end at 3d59ebb7); verified marocchino/sticky-pull-request-comment@52423e01 resolves to tag v2.9.1 and oven-sh/setup-bun@0c5077e5 resolves to v2; verified fallow ^2.75.0 is in root package.json so bunx fallow resolves from node_modules (PR-body claim holds).

Strengths

• The "Remove stale sticky comment (clean run)" step (ci.yml:135-140) is the right call — without it, a PR that goes red then green would leave the findings comment around forever and reviewers would think the PR is still broken. Nice catch.
• set +e + capturing $? to GITHUB_OUTPUT (ci.yml:121-126) is the cleanest way to keep the audit gating while still letting the sticky-post step run. Cleaner than relying on continue-on-error at the step level.
• The top-of-file comment on the pull-requests: write widening (ci.yml:5-9) is exactly the kind of forward-looking note that pays off later. It names the future split point (fork PRs → separate workflow) before someone else has to figure it out.

Findings

• important — ci.yml:9 (pull-requests: write at the workflow level). This grants every job in ci.yml PR-write tokens — Build, Lint, Format, Typecheck, Test, both smoke jobs, CLI smoke, filesize, semantic-pr-title. Only fallow needs it. The blast-radius concern is: any of those jobs runs bun install against user-controlled package.json (lifecycle scripts) or bun run build against user-controlled source, all under a write-scoped token. The in-diff comment acknowledges this and defers; my push is that the right shape is available now — move permissions: to the job level inside fallow: only and revert the top-level to pull-requests: read. That keeps the audit-comment poster working without expanding any other job's authority. Job-level permissions: override the workflow-level block. One-line fix, no other tradeoffs.
• nit — ci.yml:127-133 posts /tmp/fallow-comment.md unconditionally on non-zero exit, but if bunx fallow crashes before producing meaningful markdown, the file may be empty or partial. Cheap guard: if [ ! -s /tmp/fallow-comment.md ]; then echo "fallow produced no output" > /tmp/fallow-comment.md; fi after the audit. Avoids posting a blank sticky on infra failure.
• nit — ci.yml:124-125 would benefit from set -o pipefail in case fallow's output is ever piped (today it isn't; this is paranoia against future edits to the line).
• nit — fork PRs: with the pull_request trigger (not _target), GitHub gives forks a read-only token regardless of the workflow permissions: block, so the sticky-post step will fail for fork contributors. Not a security issue (correct direction of failure), but worth a one-line graceful degradation — continue-on-error: true on the two sticky-comment steps so a fork PR doesn't fail CI on a comment it can't post. The audit gate still fires via "Fail if audit found issues."

Notes

• Test-plan checkbox 3 ("Verify in CI: this PR should post a 'No findings' comment on itself") — given the "Remove stale sticky comment (clean run)" branch, a no-findings PR shouldn't post a comment; it should delete a (nonexistent) one. The verification on this PR is "no fallow comment appears." Worth nudging the description for clarity.

Verdict: APPROVE
Reasoning: The behavior change is correct and the design is sound. The workflow-level pull-requests: write is an important call-out the author already flagged for follow-up; scoping it to the fallow job in this PR would be one line and worth doing before merge, but it isn't a blocker given there's no fork trigger here.

Review by Vai

APPROVE — well-structured CI workflow.

Verified:

• Exit code capture pattern (set +e → $? → GITHUB_OUTPUT) is correct
• marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 SHA matches v2.9.1
• Sticky comment lifecycle is right: post on findings, delete on clean run — prevents stale "0 findings" comments
• --format pr-comment-github outputs to file, read via path: — avoids ${{ }} injection vectors
• No security concern: fallow output is from static analysis, not untrusted PR metadata

Non-blocking note: pull-requests: write is workflow-wide. The inline comment documents why this is acceptable. If fork PRs ever become a concern, moving fallow to its own workflow would scope the permission.

Re-reviewed — APPROVE.

All prior feedback addressed in the force-push:

• pull-requests: write scoped to job level (not workflow-wide) — addresses the least-privilege concern
• Empty markdown guard added (if [ ! -s /tmp/fallow-comment.md ]) — handles fallow crash edge case
• continue-on-error: true on both sticky-comment steps — graceful degradation for fork PRs
• PR description updated to match actual behavior

CI all green including fallow audit, full regression suite, typecheck, lint, build.

Re-review on a67436b4. All three prior findings ADDRESSED — including the important one. Diff is clean: top-level permissions: pull-requests: read, job-level pull-requests: write scoped to fallow: only.

Findings status

• important (workflow-level pull-requests: write) — ADDRESSED. .github/workflows/ci.yml:4-6 is now permissions: contents: read / pull-requests: read. ci.yml:88-90 adds job-level permissions: contents: read / pull-requests: write on fallow: only, with a comment that names exactly the right reason ("the rest of ci.yml keeps the workflow-level pull-requests: read default so build / lint / test tokens can't post or modify PR comments"). Build, Lint, Format, Typecheck, Test, smoke jobs, filesize, semantic-pr-title now run with read-only PR scope. Blast-radius pinched as recommended.
• nit (empty/partial sticky markdown guard) — ADDRESSED. ci.yml:113-115: if [ ! -s /tmp/fallow-comment.md ]; then echo "fallow produced no output — see the job logs above." > /tmp/fallow-comment.md; fi. Good fallback message too — points reviewers at the log rather than dropping a blank comment.
• nit (fork-PR fail-soft on sticky-comment steps) — ADDRESSED. ci.yml:121 and ci.yml:130 both have continue-on-error: true on the two sticky-comment uses-blocks. Fork PRs won't fail CI on a comment they can't post; the audit gate (Fail if audit found issues step) still runs and gates the build.

New code worth a callout

• ci.yml:128-134 — "Remove stale sticky comment (clean run)" using delete: true is the right pattern; a PR that goes red→green now sheds its findings comment rather than carrying a stale one indefinitely. (Pre-existing, kept from the prior review SHA; still strong.)

CI status (verbatim, head a67436b4)

All required checks SUCCESS: Build, Lint, Format, Typecheck, Test, Test: runtime contract, CLI smoke (required), Smoke: global install, Fallow audit, File size check, regression-shards (8 shards), preview-regression, player-perf, regression, Semantic PR title, Detect changes, Preflight (lint + format), Graphite / mergeability_check. No FAILURE conclusions. mergeStateStatus: BLOCKED is review-required (this approval clears it), not CI.

baseRefName: main — no stacked-PR CI gap.

Verdict: APPROVE
Reasoning: Important finding addressed exactly as recommended (job-level scoping); both nits cleanly handled. CI fully green on main base. Ship it.

Review by Vai (re-review)