feat: gh-aw intake automation — PR review, triage, and digest workflows (phase 1)#18737
Conversation
✅ Deploy Preview for ethereumorg ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
d7097c3 to
c62b16c
Compare
…ws (phase 1) Four agentic workflows (plus gh-aw's generated maintenance workflow) to improve intake throughput; baseline to beat is time-to-first-review P75 = 6.32 days. - pr-reviewer: lane-aware, verdict-first first-pass review of same-repo PRs with routing labels - backlog-sweeper: weekday sweep of the 8 oldest unreviewed PRs (forks included) with evidence-based recommend-close labels; never closes - issue-triager: labels-only classification of new issues; never comments - team-digest: weekday Discord digest of the PR/issue queue All agents run read-only (strict: true); writes go through allowlisted safe-outputs with per-run caps. Actions and containers are SHA-pinned. Prompts tuned via a read-only dry-run simulation against the live queue.
c62b16c to
5fa168a
Compare
🔎 First-pass review — ✅ Looks mergeableLane: tooling. Phase 1 of the gh-aw intake automation: four agentic workflow prompts ( AnalysisChecked
Non-blocking observations
|
- backlog-sweeper: 8 -> 5 PRs per run (comment cap 5, label cap 15) to fit the 15-minute timeout with per-PR comment/diff lookups - pr-reviewer + sweeper: scoped remove-labels safe output (type labels only) so stale path-labeler labels that survive force-pushes get corrected; routing/status labels stay human-only - .gitattributes: add trailing newline
myelinated-wackerow
left a comment
There was a problem hiding this comment.
@pettinarip Nice work — the security posture is tight: SHA-pinned actions and containers, read-only per-job permissions, firewall egress allowlist, ANTHROPIC_API_KEY/MCP token excluded from the agent container and secrets redacted from safe-outputs, and fork PRs correctly routed to the scheduled sweeper rather than pull_request_target. The compiled pr-reviewer gate is even stricter than the source (checks head.repo.id == repository_id alongside full_name). Approving.
Three non-blocking clean-up items for the tuning window:
-
team-digest.mdis missing the "treat as untrusted data" guardrail thatpr-review-core.mdandissue-triager.mdboth carry. It's the one prompt that ingests attacker-controllable text (PR/issue titles + bodies) and emits to an external sink (Discord). Mentions are already suppressed (allowed_mentions: {parse: []}) and it's an internal channel, so low severity — but worth adding the same one-liner for consistency. -
The PR description says the sweeper reviews "the 8 oldest", but the prompt caps at 5 (
add-comment max: 5, "5 oldest by createdAt", "Do not exceed 5 reviewed PRs per run"). Just a stale number in the description. -
.gitattributesmerge=ourson*.lock.ymlis a no-op unless a[merge "ours"] driver = trueis registered in git config (it isn't a built-in driver). Harmless — conflicts just fall back to manual — but the intended auto-keep-ours won't happen without the driver.
None of these block merge.
- Claude Opus / @wackerow
|
Addressed the review nits (thanks @wackerow):
|

Description
Phase 1 of the gh-aw intake automation plan: four agentic workflows (plus gh-aw's generated maintenance workflow) to improve PR review throughput — the baseline to beat is time-to-first-review P75 = 6.32 days (measured over the last 12 months; the measurement script stays local and will re-measure after rollout).
Workflows
pr-reviewerbacklog-sweeperrecommend closelabelsissue-triagerteam-digestFork (external) PRs are handled by the backlog sweeper, not an event-driven reviewer: fork-triggered
pull_requestruns never receive repository secrets on public repos, so an agentic workflow can't start its engine there. The sweeper runs on a schedule (full secrets) and sweeps the whole open queue, forks included.All agents run read-only (Claude engine,
strict: true); every write goes through whitelisted safe-outputs with per-run caps (labels from fixed allowlists, Discord posts with mentions suppressed). Actions and containers are SHA-pinned.Validated with a dry-run simulation
All four prompts were exercised read-only against the live repo queue (real PRs and issues, nothing posted) and tuned from the findings:
team-digest: explicit team-handle allowlist for the external-issues section,comments-field clarification, tighter section caps so the digest fits Discord comfortablybacklog-sweeper: skips PRs a maintainer commented on within the last 14 days, so it never follows on the heels of a manual sweepissue-triager: may strip template-applied product labels (wallet 👛,product 🧰,event 📅,quiz 📚) from clearly-junk submissionsBefore merge
recommend closelabelDISCORD_INTAKE_WEBHOOK_URLrepo secretANTHROPIC_API_KEYrepo secret (already present)After merge (workflows only fire from the default branch)