The dbt PR reviewer maps an APPROVE verdict to a GitHub 'APPROVE' review event (verdict.ts VCS_EVENT + post-github.ts createReview). Observed live on AltimateAI/altimate-ingestion #682: the github-actions bot review state is APPROVED.
A bot must NEVER grant a formal approval — with branch protection / required reviews, a bot approval can let a PR merge without human sign-off. Other reviewers (CodeRabbit, Greptile, cubic) post COMMENT or REQUEST_CHANGES, never APPROVE.
Fix: map APPROVE -> COMMENT review event (convey 'approved / no findings' in the comment body). REQUEST_CHANGES still maps through (gate mode blocks; comment mode softens to COMMENT). Add a regression test that no verdict emits a formal APPROVE event.
The dbt PR reviewer maps an APPROVE verdict to a GitHub 'APPROVE' review event (verdict.ts VCS_EVENT + post-github.ts createReview). Observed live on AltimateAI/altimate-ingestion #682: the github-actions bot review state is APPROVED.
A bot must NEVER grant a formal approval — with branch protection / required reviews, a bot approval can let a PR merge without human sign-off. Other reviewers (CodeRabbit, Greptile, cubic) post COMMENT or REQUEST_CHANGES, never APPROVE.
Fix: map APPROVE -> COMMENT review event (convey 'approved / no findings' in the comment body). REQUEST_CHANGES still maps through (gate mode blocks; comment mode softens to COMMENT). Add a regression test that no verdict emits a formal APPROVE event.