feat(advisor): run PR review advisor as focused turns

[cv]

Summary

This PR changes the PR Review Advisor from a single large Pi prompt into a multi-turn conversation within one Pi session. It also writes each prompt as a separate ordered artifact so maintainers can inspect the system prompt and each review turn directly.

Changes

• Add multi-turn support to the shared read-only Pi advisor session runner.
• Split PR Review Advisor analysis into orientation/drift, security, acceptance/correctness/tests, and final JSON synthesis turns.
• Write prompt artifacts as prompts/00-system.md through prompts/04-synthesize-json.md instead of one combined prompt file.
• Update the E2E advisor to call the shared session runner with a single prompt turn.
• Add tests for the PR Review Advisor prompt turns and prompt artifact filenames.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

• New Features

  • PR review advisor now runs as a deterministic multi-turn conversation with per-turn progress capture and ordered prompt artifact files; ends with a JSON-only synthesis.

• Documentation

  • Workflow updated to add an explicit review session step and document the numbered multi-file prompt artifacts.

• Behavior

  • Falls back to a built-in security rubric when the trusted skill is unavailable; GitHub context collection moved to REST endpoints.

• Tests

  • Added unit tests for prompt-turn construction, fences safety, and deterministic artifact writing.

[coderabbitai]

📝 Walkthrough

Walkthrough

Replaces a single monolithic advisor prompt with a multi-turn conversation: session runner now accepts ordered promptTurns and captures per-turn text; PR-review analyzer builds system prompt from a trusted security skill, constructs/writes per-turn prompt artifacts, and invokes the SDK with promptTurns. Tests validate prompt-turns and artifact writing.

Changes

Multi-turn advisor system

Layer / File(s)	Summary
Multi-turn session runner types and execution tools/advisors/session.mts	RunReadOnlyAdvisorOptions now takes promptTurns: AdvisorPromptTurn[]; RunAdvisorResult adds turnTexts: string[]. Session normalizes turn names, allocates per-turn CappedBuffers, appends text_delta events into active turn buffers and raw, iterates through prompt turns with timeout handling, and aggregates truncation/dropped-byte info.
PR Review Advisor multi-turn prompt system tools/pr-review-advisor/analyze.mts	buildSystemPrompt now reads the trusted security review skill internally and has a no-arg signature; added buildPromptTurns and writePromptArtifacts. Analyzer constructs ordered prompt turns (working notes and a final JSON-only synthesis), writes prompts/*.md artifacts under artifacts/pr-review-advisor/prompts, passes promptTurns to the SDK, switches GitHub context collection to REST, and updates result/unavailable serialization to include prompt paths or skipped flags.
E2E advisor adoption and documentation tools/e2e-advisor/analyze.mts, tools/pr-review-advisor/README.md	E2E adapter now passes promptTurns with the prompt as a named analysis turn. README adds an explicit Pi session step and documents five prompt artifact files (prompts/00-system.md … prompts/04-synthesize-json.md) replacing the single pr-review-advisor-prompt.md.
Test coverage for multi-turn functionality test/pr-review-advisor.test.ts	Tests updated and added: import reformatted; advisor prompt test calls buildSystemPrompt() (no args), new tests verify built-in fallback security rubric when trusted skill is missing, buildPromptTurns returns the exact ordered named turns with turn-specific guidance and diff-fence safety, and writePromptArtifacts writes deterministic zero-padded prompt files, contains expected markers, omits the legacy monolithic prompt file, and cleans up temp output.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• NVIDIA/NemoClaw#4083: Overlaps at prompt/result normalization and advisor prompt handling.
• NVIDIA/NemoClaw#4162: Modifies prompt/rubric generation for pr-review-advisor and intersects with prompt-building code paths.

Suggested labels

v0.0.51

Suggested reviewers

• jyaunches
• ericksoa
• sandl99

Poem

🐰 I hop through prompts, one turn at a time,
System note then working notes in rhyme.
I guard the diff fence, ensure the JSON's right,
Write numbered prompts beneath the moonlight.
Tiny paws, neat files — the advisor's delight.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: refactoring the PR review advisor to use multi-turn conversation prompts instead of a single monolithic prompt.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch pr-advisor-conversation

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: None
Optional E2E: None

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• None. No NemoClaw runtime E2E is recommended. The PR is limited to CI advisor implementation, advisor documentation, and unit tests; it cannot affect installer/onboarding, sandbox lifecycle, credentials/security boundaries, network policy, inference routing, deployment, or real assistant user flows. Validate with the existing advisor/unit test suite rather than workflow-dispatched E2E jobs.

Optional E2E

• None.

New E2E recommendations

• None.

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: None
Optional scenario E2E: None

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required scenario E2E

• None. No scenario workflow, scenario metadata, scenario runtime, or validation-suite files changed.

Optional scenario E2E

• None.

Relevant changed files

• None.

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 1 worth checking, 0 nice ideas
Since last review: 0 prior items resolved, 1 still applies, 0 new items found

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• Add coverage for multi-turn session execution (tools/advisors/session.mts:168): The previous advisor finding still applies. This PR changes the shared read-only advisor runner from a single prompt to sequential prompt turns, and both PR/E2E callers depend on the runner preserving turn order, capturing per-turn assistant text, returning only the final turn as text, recording raw turn markers, and exporting/disposing the session on both success and failure. The added tests cover prompt-turn construction, fallback rubric behavior, fence hardening, and artifact filenames, but not the execution contract inside runReadOnlyAdvisor itself.
  • Recommendation: Add a focused unit test with a mocked createAgentSession/session object that emits text deltas for multiple prompts. Assert prompt call order, raw user_turn_start/user_turn_end markers, turnTexts contents, final text selection, timeout/cleanup/export behavior, and the single-turn caller path used by the E2E advisor.
  • Evidence: tools/advisors/session.mts now normalizes promptTurns, loops over them, calls session.prompt(turn.prompt), tracks currentTurnText/currentTurnName, records user_turn_start/user_turn_end markers, returns { text: turnTexts.at(-1) || "", raw, turnTexts }, and performs cleanup/export in finally. test/pr-review-advisor.test.ts adds buildPromptTurns/writePromptArtifacts/fence/fallback tests, but no mocked runReadOnlyAdvisor/createAgentSession coverage is present in the diff.

🌱 Nice ideas

• None.

Since last review details

Current findings:

• Add coverage for multi-turn session execution (tools/advisors/session.mts:168): The previous advisor finding still applies. This PR changes the shared read-only advisor runner from a single prompt to sequential prompt turns, and both PR/E2E callers depend on the runner preserving turn order, capturing per-turn assistant text, returning only the final turn as text, recording raw turn markers, and exporting/disposing the session on both success and failure. The added tests cover prompt-turn construction, fallback rubric behavior, fence hardening, and artifact filenames, but not the execution contract inside runReadOnlyAdvisor itself.
  • Recommendation: Add a focused unit test with a mocked createAgentSession/session object that emits text deltas for multiple prompts. Assert prompt call order, raw user_turn_start/user_turn_end markers, turnTexts contents, final text selection, timeout/cleanup/export behavior, and the single-turn caller path used by the E2E advisor.
  • Evidence: tools/advisors/session.mts now normalizes promptTurns, loops over them, calls session.prompt(turn.prompt), tracks currentTurnText/currentTurnName, records user_turn_start/user_turn_end markers, returns { text: turnTexts.at(-1) || "", raw, turnTexts }, and performs cleanup/export in finally. test/pr-review-advisor.test.ts adds buildPromptTurns/writePromptArtifacts/fence/fallback tests, but no mocked runReadOnlyAdvisor/createAgentSession coverage is present in the diff.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/pr-review-advisor.test.ts`:
- Around line 232-240: The test builds `written` from
`fs.readdirSync(path.join(tmp, "prompts")).map((file) => \`prompts/${file}\`)`
and then asserts ordered equality, but `fs.readdirSync()` ordering is
non-deterministic; update the test to sort the filenames before asserting (e.g.,
call `.sort()` on the mapped array or sort the result of `readdirSync` first) so
the assertion compares deterministically ordered arrays.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e964446e-794b-4acb-a142-32684f9a0047

📥 Commits

Reviewing files that changed from the base of the PR and between a5768a2 and cc61512.

📒 Files selected for processing (5)

• test/pr-review-advisor.test.ts
• tools/advisors/session.mts
• tools/e2e-advisor/analyze.mts
• tools/pr-review-advisor/README.md
• tools/pr-review-advisor/analyze.mts

[cv]

Addressed CodeRabbit discussion r3307795065 in e135348 by sorting the prompt artifact filenames before asserting ordered equality. Validated with npm run typecheck:cli and npm test -- --run test/pr-review-advisor.test.ts.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

tools/pr-review-advisor/analyze.mts (2)

687-702: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Emit the actual fallback security rubric when the trusted skill is unavailable.

If readTrustedSecurityReviewSkill() returns "", this prompt only says to fall back to a built-in 9-category review, but it never includes the categories from SECURITY_CATEGORIES. That leaves the degraded path running without the structured security rubric it claims to use.

Suggested fix

 export function buildSystemPrompt(): string {
   const securityReviewSkill = readTrustedSecurityReviewSkill();
+  const embeddedSecurityRubric = securityReviewSkill || [
+    "Trusted security review skill was unavailable; use this built-in 9-category security rubric instead:",
+    ...SECURITY_CATEGORIES.map((category, index) => `${index + 1}. ${category}`),
+  ].join("\n");
   return [
@@
     "Trusted security review skill from main checkout:",
     "```markdown",
-    securityReviewSkill || "Security review skill was unavailable; fall back to the built-in 9-category security review.",
+    embeddedSecurityRubric,
     "```",

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/pr-review-advisor/analyze.mts` around lines 687 - 702, The prompt
currently omits the actual fallback rubric when readTrustedSecurityReviewSkill()
returns empty; update buildSystemPrompt() to compute an embeddedSecurityRubric
(e.g., join SECURITY_CATEGORIES into a markdown list or formatted string) and
replace the fallback placeholder securityReviewSkill || "Security review skill
was unavailable; fall back to the built-in 9-category security review." with
embeddedSecurityRubric so the degraded path includes the full built-in security
rubric; refer to buildSystemPrompt and readTrustedSecurityReviewSkill to locate
where to build and insert embeddedSecurityRubric (using SECURITY_CATEGORIES or
the existing rubric source to generate the text).

---

742-745: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Escape PR-controlled diff content before fencing it.

diff is untrusted PR input, but it is interpolated verbatim inside a fenced Markdown block. A diff line containing triple backticks can close that fence and surface attacker-controlled text as normal instructions for later turns, which weakens the prompt-injection boundary this advisor depends on.

Suggested fix

- Git diff, truncated if large:
- \`\`\`diff
- ${diff || "<no diff available>"}
- \`\`\`
+ Git diff, truncated if large:
+ ${fencedBlock(diff || "<no diff available>", "diff")}
 `,

Add a small helper so the fence is always longer than any backtick run in the diff:

function fencedBlock(content: string, language = ""): string {
  const longestBacktickRun = Math.max(0, ...Array.from(content.matchAll(/`+/g), (match) => match[0].length));
  const fence = "`".repeat(Math.max(3, longestBacktickRun + 1));
  return `${fence}${language}\n${content}\n${fence}`;
}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/pr-review-advisor/analyze.mts` around lines 742 - 745, The PR exposes
untrusted `diff` into a triple-backticked markdown fence, allowing backtick runs
in PR content to break the fence; add a helper named fencedBlock(content:
string, language = "") that computes the longest backtick run and builds a fence
longer than that, then replace the current inline interpolation
(`\`\`\`diff\n${diff || "<no diff available>"}\n\`\`\``) with a call to
fencedBlock(diff || "<no diff available>", "diff") so the generated block always
uses a safe, longer fence and prevents injected closing fences.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@tools/pr-review-advisor/analyze.mts`:
- Around line 687-702: The prompt currently omits the actual fallback rubric
when readTrustedSecurityReviewSkill() returns empty; update buildSystemPrompt()
to compute an embeddedSecurityRubric (e.g., join SECURITY_CATEGORIES into a
markdown list or formatted string) and replace the fallback placeholder
securityReviewSkill || "Security review skill was unavailable; fall back to the
built-in 9-category security review." with embeddedSecurityRubric so the
degraded path includes the full built-in security rubric; refer to
buildSystemPrompt and readTrustedSecurityReviewSkill to locate where to build
and insert embeddedSecurityRubric (using SECURITY_CATEGORIES or the existing
rubric source to generate the text).
- Around line 742-745: The PR exposes untrusted `diff` into a triple-backticked
markdown fence, allowing backtick runs in PR content to break the fence; add a
helper named fencedBlock(content: string, language = "") that computes the
longest backtick run and builds a fence longer than that, then replace the
current inline interpolation (`\`\`\`diff\n${diff || "<no diff
available>"}\n\`\`\``) with a call to fencedBlock(diff || "<no diff available>",
"diff") so the generated block always uses a safe, longer fence and prevents
injected closing fences.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 41ee63b7-326c-4fe0-a9a3-cabe7f5fc205

📥 Commits

Reviewing files that changed from the base of the PR and between 1c6b065 and b3f506f.

📒 Files selected for processing (2)

• test/pr-review-advisor.test.ts
• tools/pr-review-advisor/analyze.mts

[cv]

Addressed CodeRabbit review 4369142535 in 85eca01: added the built-in 9-category security rubric to the unavailable-skill fallback, and wrapped dynamic prompt content with fences longer than any backtick run in the content. Validated with npm run typecheck:cli and npm test -- --run test/pr-review-advisor.test.ts.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tools/pr-review-advisor/analyze.mts (1)

573-587: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Keep overlap discovery from breaking the rest of GitHub context.

This Promise.all(...) makes the optional open-PR scan a single point of failure. If the overlaps path hits a transient API/permission/rate-limit error, we drop pullRequest, previousAdvisorReview, and linked-issue extraction too, even when those endpoints were fine. Making the overlap fetch best-effort would preserve the core review context.

Suggested direction

-    const [pullRequest, issueComments, openPulls] = await Promise.all([
+    const [pullRequestResult, issueCommentsResult, openPullsResult] = await Promise.allSettled([
       githubRest<unknown>(`repos/${repo}/pulls/${prNumber}`, token),
       githubRestPaginated<unknown>(`repos/${repo}/issues/${prNumber}/comments`, token, 100),
       githubRestPaginated<unknown>(`repos/${repo}/pulls?state=open&sort=updated&direction=desc`, token, 100),
     ]);
-    context.pullRequest = pullRequest;
-    context.previousAdvisorReview = extractPreviousAdvisorReview(issueComments);
+
+    const pullRequest = pullRequestResult.status === "fulfilled" ? pullRequestResult.value : undefined;
+    const issueComments = issueCommentsResult.status === "fulfilled" ? issueCommentsResult.value : undefined;
+    const openPulls = openPullsResult.status === "fulfilled" ? openPullsResult.value : [];
+
+    if (pullRequest) context.pullRequest = pullRequest;
+    if (issueComments) context.previousAdvisorReview = extractPreviousAdvisorReview(issueComments);
+
+    if (openPullsResult.status === "rejected") {
+      context.fetchError = openPullsResult.reason instanceof Error
+        ? openPullsResult.reason.message
+        : String(openPullsResult.reason);
+    }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/pr-review-advisor/analyze.mts` around lines 573 - 587, The current
Promise.all groups the open PR scan with core fetches so any failure in the
open-PR path (githubRestPaginated for openPulls / collectOpenPrOverlaps) aborts
all context setup; split the calls so pullRequest and issueComments (and
extraction of previousAdvisorReview and linked issues) are awaited together but
fetch openPulls and run collectOpenPrOverlaps in a separate try/catch.
Specifically: keep the existing githubRest(...) and githubRestPaginated(...)
calls used to populate pullRequest, issueComments, and openPulls for core
context (refs: pullRequest, issueComments, getPath,
extractPreviousAdvisorReview, extractIssueRefs, collectLinkedIssue), then call
collectOpenPrOverlaps(repo, prNumber, token, openPulls, issueNumbers) inside its
own try/catch and on failure assign context.openPrOverlaps = [] (and log a
warning) so transient errors in collectOpenPrOverlaps or githubRestPaginated for
openPulls don’t prevent setting context.pullRequest,
context.previousAdvisorReview, or context.linkedIssues.

🧹 Nitpick comments (1)

tools/pr-review-advisor/analyze.mts (1)

805-813: ⚡ Quick win

Trim the PR payload before embedding it into the prompt.

pullRequest: context.github?.pullRequest injects the full REST PR object into the model context, including surfaces the system prompt explicitly says not to review (mergeability/reviewer-status/CI-related metadata), and it burns tokens on fields the acceptance turn does not need. A small prompt-safe projection here would keep the turn deterministic and better aligned with the rubric.

Suggested direction

 function buildValidationTurnContext(context: DeterministicReviewContext): Record<string, unknown> {
   return {
     testDepth: context.testDepth,
     localizedPatchSignals: context.localizedPatchSignals,
     previousAdvisorReview: context.previousAdvisorReview,
-    pullRequest: context.github?.pullRequest ?? null,
+    pullRequest: promptSafePullRequest(context.github?.pullRequest),
     linkedIssues: context.github?.linkedIssues ?? [],
     githubFetchError: context.github?.fetchError,
   };
 }
+
+function promptSafePullRequest(pullRequest: unknown): Record<string, unknown> | null {
+  if (!isRecord(pullRequest)) return null;
+  return {
+    title: stringOrDefault(pullRequest.title, ""),
+    body: stringOrDefault(pullRequest.body, ""),
+    headRef: stringOrUndefined(getPath<unknown>(pullRequest, ["head", "ref"])) ?? null,
+    labels: recordItems(getPath<unknown>(pullRequest, ["labels"]))
+      .map((label) => stringOrUndefined(label.name))
+      .filter((label): label is string => Boolean(label)),
+  };
+}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/pr-review-advisor/analyze.mts` around lines 805 - 813, The code
currently injects the entire GitHub PR object via pullRequest:
context.github?.pullRequest which exposes CI/reviewer/mergeability metadata and
wastes tokens; in buildValidationTurnContext replace that direct pass-through
with a small, explicit projection (e.g. pick number, title, body/description,
user.login, state, draft flag, base.ref/head.ref, labels as names,
created_at/updated_at, and high-level size metrics like
additions/deletions/changed_files) and return null when missing so the prompt
receives only safe, deterministic fields; update the buildValidationTurnContext
function to construct this trimmed object from context.github?.pullRequest
instead of passing the full object.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@tools/pr-review-advisor/analyze.mts`:
- Around line 573-587: The current Promise.all groups the open PR scan with core
fetches so any failure in the open-PR path (githubRestPaginated for openPulls /
collectOpenPrOverlaps) aborts all context setup; split the calls so pullRequest
and issueComments (and extraction of previousAdvisorReview and linked issues)
are awaited together but fetch openPulls and run collectOpenPrOverlaps in a
separate try/catch. Specifically: keep the existing githubRest(...) and
githubRestPaginated(...) calls used to populate pullRequest, issueComments, and
openPulls for core context (refs: pullRequest, issueComments, getPath,
extractPreviousAdvisorReview, extractIssueRefs, collectLinkedIssue), then call
collectOpenPrOverlaps(repo, prNumber, token, openPulls, issueNumbers) inside its
own try/catch and on failure assign context.openPrOverlaps = [] (and log a
warning) so transient errors in collectOpenPrOverlaps or githubRestPaginated for
openPulls don’t prevent setting context.pullRequest,
context.previousAdvisorReview, or context.linkedIssues.

---

Nitpick comments:
In `@tools/pr-review-advisor/analyze.mts`:
- Around line 805-813: The code currently injects the entire GitHub PR object
via pullRequest: context.github?.pullRequest which exposes
CI/reviewer/mergeability metadata and wastes tokens; in
buildValidationTurnContext replace that direct pass-through with a small,
explicit projection (e.g. pick number, title, body/description, user.login,
state, draft flag, base.ref/head.ref, labels as names, created_at/updated_at,
and high-level size metrics like additions/deletions/changed_files) and return
null when missing so the prompt receives only safe, deterministic fields; update
the buildValidationTurnContext function to construct this trimmed object from
context.github?.pullRequest instead of passing the full object.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7bf92c06-43df-401a-8149-36da7249bb2c

📥 Commits

Reviewing files that changed from the base of the PR and between b3f506f and 85eca01.

📒 Files selected for processing (2)

• test/pr-review-advisor.test.ts
• tools/pr-review-advisor/analyze.mts

🚧 Files skipped from review as they are similar to previous changes (1)

• test/pr-review-advisor.test.ts

[cjagwani]

LGTM