feat: route bot-authored PRs to per-repo owner

[shuse2]

Summary

Bot-authored PRs (dependabot, renovate, claude, copilot review bot, listed external contributors) now get routed to a single per-repo owner instead of being silently skipped.

Mapping

Repo	Owner
lisk-backend	@ishantiw
lisk-web	@mmarinovic
lisk-mobile	@5heri
lisk-infra	@Nazgolze
lisk-contracts	@matjazv

Why

Previously, anything in bot_authors exited 0 — dependabot bumps and external contributor PRs landed with no reviewer requested. The TL/owner of each repo should at least see them.

Design choices

• No round-robin, no cascade for bots. Bots have no squad, no domain expertise to match, and the value of "balanced load" is small for one-off bumps. A single mapped owner is the simplest behavior that's auditable.
• Repos without an entry keep the skip behavior. bot_pr_owners is opt-in per repo — drop a repo to disable bot routing there without touching the workflow.
• Same soft-fail semantics as the cascade. API rejection (e.g., owner not a collaborator) posts a PR comment asking for manual assignment; never blocks merge.
• Idempotency preserved. EXISTING fetch hoisted above the bot path so re-runs don't double-request.

Files

• review-map.yml — adds bot_pr_owners section.
• .github/workflows/auto-assign-reviewer.yml — hoists EXISTING, replaces bot-author skip with route → request → comment.
• .github/workflows/validate-review-map.yml — asserts every bot_pr_owners key is in enabled_repos; includes mapped owners in the GitHub-user existence check.
• docs/auto-reviewer.md — documents the bot short-circuit; adds current owner table; updates kill-switch list.

Test plan

• validate-review-map.yml CI passes on this PR (it triggers on review-map.yml edits).
• After merge: open a dependabot PR in lisk-backend → @ishantiw requested.
• After merge: open a renovate PR in lisk-web → @mmarinovic requested.
• Re-run on the same PR → idempotent (no duplicate request, no duplicate comment).
• Map a non-collaborator and confirm the soft-fail comment appears (manual test only — keeping the current owners since they're all collaborators).
• Open a PR in a repo not in bot_pr_owners from a bot author → workflow exits 0 silently (current behavior preserved).

Not in this PR

• Per-repo caller config in lisk-{backend,web,mobile,infra,contracts} is unchanged — they already invoke the reusable workflow.
• No change to the human-author cascade.

Summary by CodeRabbit

• New Features

  • Introduced automatic reviewer routing for bot-authored PRs to designated owners.
  • Added global and per-repo controls to disable or bypass reviewer assignment.

• Documentation

  • Documented bot-author routing logic and kill switch controls.
  • Enhanced documentation on reviewer assignment cascading behavior.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 327238dd-b1fc-4d0f-9057-7d55951d7984

📥 Commits

Reviewing files that changed from the base of the PR and between a1ade8c and 79124cf.

📒 Files selected for processing (4)

• .github/workflows/auto-assign-reviewer.yml
• .github/workflows/validate-review-map.yml
• docs/auto-reviewer.md
• review-map.yml

---

📝 Walkthrough

Walkthrough

Adds bot and external author routing to the auto-reviewer workflow. Introduces a bot_pr_owners mapping in the review configuration, validates it in CI, and implements a cascade bypass that routes bot-authored PRs to designated owners before falling back to manual assignment. Documentation is updated with kill switches and routing details.

Changes

Bot-Author Reviewer Routing

Layer / File(s)	Summary
Configuration & Mapping review-map.yml	Introduces bot_pr_owners mapping structure to route bot/external authors to designated repository owners instead of the standard reviewer cascade.
Configuration Validation .github/workflows/validate-review-map.yml	Adds validation logic to ensure each bot_pr_owners key exists in enabled_repos and validates that mapped owner logins are real GitHub users.
Workflow Routing Logic .github/workflows/auto-assign-reviewer.yml	Implements idempotent bot/external author detection, routing to mapped bot_pr_owners, logging, PR comments on success/failure, and fallback to manual assignment prompt when no owner is mapped.
Documentation & Governance docs/auto-reviewer.md	Documents bot author short-circuit behavior, new kill switches for disabling cascade per author or bot routing per repo, and the bot owner mapping table with usage notes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A rabbit hops through reviewer lanes,
Bot authors now have mapped domains!
When bots create their pull request,
We route them to their owner's nest. 🐰📋

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately summarizes the main change: introducing a new mechanism to route bot-authored PRs to per-repo owners instead of skipping them.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/route-bot-prs-to-repo-owner

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Microsoft Presidio Analyzer (2.2.362)

.github/workflows/auto-assign-reviewer.yml

Microsoft Presidio Analyzer failed to scan this file

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}