fix: dbt PR reviewer posts COMMENT, never a formal APPROVE review#870
Merged
Conversation
The reviewer mapped an APPROVE verdict to a GitHub "APPROVE" review event, so the bot was formally approving PRs (observed on altimate-ingestion #682: bot review state APPROVED). With branch protection that can satisfy required reviews and let a PR merge without human sign-off. Map APPROVE -> COMMENT review event (the "approved / no findings" outcome is in the comment body). REQUEST_CHANGES still maps through (gate mode blocks; comment mode softens to COMMENT). Matches CodeRabbit/Greptile/cubic, which comment but never approve. + regression test asserting no verdict emits a formal APPROVE. Closes #869
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
📝 WalkthroughWalkthroughThe review verdict system's APPROVE mapping is changed to emit COMMENT events instead of APPROVE events, preventing bot approvals from satisfying branch protection requirements. Documentation and a regression test ensure this safety constraint is maintained. ChangesReview Verdict Mapping Safety
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
packages/opencode/src/altimate/review/verdict.ts (1)
33-35: ⚡ Quick winNarrow
VCS_EVENT’s emitted event type to exclude"APPROVE"
VCS_EVENT’s value type still includes"APPROVE"even thoughAPPROVEmaps to"COMMENT"and tests assert"APPROVE"is never present. Restrict the emitted-event union to"COMMENT" | "REQUEST_CHANGES".Suggested change
+export type VcsReviewEvent = "COMMENT" | "REQUEST_CHANGES" + -export const VCS_EVENT: Record<Verdict, "APPROVE" | "COMMENT" | "REQUEST_CHANGES"> = { +export const VCS_EVENT: Record<Verdict, VcsReviewEvent> = { APPROVE: "COMMENT", COMMENT: "COMMENT", REQUEST_CHANGES: "REQUEST_CHANGES", }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/opencode/src/altimate/review/verdict.ts` around lines 33 - 35, VCS_EVENT is currently typed to allow "APPROVE" even though APPROVE maps to "COMMENT"; change its value type to exclude "APPROVE" by updating the declaration for VCS_EVENT to use the narrower union "COMMENT" | "REQUEST_CHANGES" (e.g., export const VCS_EVENT: Record<Verdict, "COMMENT" | "REQUEST_CHANGES"> = { ... }), and ensure the object literal still maps APPROVE -> "COMMENT" and other Verdict keys to the correct narrowed values so type-checking and tests reflect that "APPROVE" is never emitted.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@packages/opencode/src/altimate/review/verdict.ts`:
- Around line 33-35: VCS_EVENT is currently typed to allow "APPROVE" even though
APPROVE maps to "COMMENT"; change its value type to exclude "APPROVE" by
updating the declaration for VCS_EVENT to use the narrower union "COMMENT" |
"REQUEST_CHANGES" (e.g., export const VCS_EVENT: Record<Verdict, "COMMENT" |
"REQUEST_CHANGES"> = { ... }), and ensure the object literal still maps APPROVE
-> "COMMENT" and other Verdict keys to the correct narrowed values so
type-checking and tests reflect that "APPROVE" is never emitted.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: 517bea5d-9406-4f52-a92d-a3de62197662
📒 Files selected for processing (2)
packages/opencode/src/altimate/review/verdict.tspackages/opencode/test/altimate/review.test.ts
anandgupta42
added a commit
that referenced
this pull request
Jun 2, 2026
…-approve at compile time (#872) Follow-up to #870. That PR mapped an `APPROVE` verdict to a GitHub `COMMENT` review event but left two loose ends: - Doc comments in `post-github.ts` still claimed "gate mode keeps APPROVE / REQUEST_CHANGES", contradicting the shipped behavior. Corrected to describe the actual contract (APPROVE → COMMENT always; comment mode also softens REQUEST_CHANGES → COMMENT; gate mode keeps REQUEST_CHANGES; `env.verdict` arrives pre-softened from `buildEnvelope`). - `VCS_EVENT`'s value type still permitted `"APPROVE"`. Narrowed it to `"COMMENT" | "REQUEST_CHANGES"` so the no-formal-approval invariant is a compile-time guarantee — no future edit can resurrect a formal GitHub approval without breaking the build. The narrower union is still assignable to Octokit's `createReview` event param. - Documented `applyMode`'s APPROVE/COMMENT passthrough. Adds a composition test asserting the positive expected GitHub event for every verdict-producing finding-set across both modes, plus the semantic-verdict-vs- VCS-event separation (gate + no findings → `verdict === "APPROVE"` but event `"COMMENT"`; comment-mode blocking critical → `idealVerdict === "REQUEST_CHANGES"`, `verdict === "COMMENT"`). Reviewed via multi-model consensus (GPT 5.4, Gemini 3.1 Pro, GLM-5): the type narrowing and test strengthening were panel findings incorporated during convergence. Closes #871 Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
The dbt PR reviewer mapped an
APPROVEverdict to a GitHub APPROVE review event, so the bot was formally approving PRs. Observed live onAltimateAI/altimate-ingestion#682, where thegithub-actionsbot review state isAPPROVED. Under branch protection / required reviews, a bot approval can satisfy the requirement and let a PR merge without human sign-off.This maps
APPROVE→ a COMMENT review event inVCS_EVENT(verdict.ts). The "approved — no findings" outcome is conveyed in the comment body instead.REQUEST_CHANGESstill maps through (gatemode blocks;commentmode softens to COMMENT viaapplyMode). This matches how CodeRabbit / Greptile / cubic behave — they comment but never grant a formal approval.packages/opencode/src/altimate/review/verdict.ts—VCS_EVENT.APPROVEis now"COMMENT", with a doc comment explaining the bot-must-not-approve invariant.packages/opencode/test/altimate/review.test.ts— regression test asserting no verdict emits a formalAPPROVEevent.Type of change
Issue for this PR
Closes #869
How did you verify your code works?
bun turbo typecheck— clean.bun test test/altimate/review.test.ts— 65 pass, 0 fail (includes the new regression test assertingVCS_EVENT.APPROVE === "COMMENT"and thatObject.values(VCS_EVENT)never contains"APPROVE").--base origin/main --strict) — no upstream-shared files modified.Checklist
Summary by cubic
Stop the dbt PR reviewer from submitting formal GitHub approvals; an
APPROVEverdict now posts a comment so branch protection and required reviews always need human sign-off. Closes #869.APPROVE→COMMENTinVCS_EVENT(packages/opencode/src/altimate/review/verdict.ts); the “approved — no findings” outcome is conveyed in the comment body.APPROVEreview event (packages/opencode/test/altimate/review.test.ts).Written for commit c1099d5. Summary will update on new commits.
Summary by CodeRabbit
Release Notes
Bug Fixes
Tests