Skip to content

fix: tighten PR review branch handling#95

Merged
dbpolito merged 4 commits intomainfrom
fix/pr-review-branch-handling
Apr 14, 2026
Merged

fix: tighten PR review branch handling#95
dbpolito merged 4 commits intomainfrom
fix/pr-review-branch-handling

Conversation

@dbpolito
Copy link
Copy Markdown
Contributor

@dbpolito dbpolito commented Apr 14, 2026
edited
Loading

Ticket

SKIPPED

Description

Improve the PR review flows so review and fix commands operate against the actual PR branch, and limit automated review runs to safe repository and author contexts.

Checklist

Review execution

  • Allow /review issue comments to trigger PR reviews against the PR head branch
  • Fetch PR head repository and ref before checkout so review runs use the correct code

Branch safety

  • Reuse a shared branch-alignment component in PR review and fix commands
  • Restrict automatic PR review workflow runs to same-repository branches from trusted authors

Configuration coverage

  • Register the shared branch-alignment component in config and schema

Validation

  • Verify that PR review runs only start for trusted same-repository pull requests
  • Confirm that /review comments check out the PR head branch before running review logic
  • Check that PR review and fix command docs stay aligned through the shared component

@dbpolito
fix: tighten PR review branch handling
6c3354f 
- reuse a shared align-pr-branch component in PR fix and review commands
- register the new component in config and schema so it is available consistently
- restrict review workflows to trusted same-repo PRs and add comment-triggered review support
@dbpolito dbpolito self-assigned this Apr 14, 2026
dbpolito added 2 commits April 14, 2026 15:56
@dbpolito
fix: tighten PR review gate checks
62d2704 
- add a debug gate job to surface PR review trigger inputs
- replace the JSON contains check with explicit OWNER or MEMBER conditions
- make review workflow behavior easier to diagnose when automation does not start
@dbpolito
fix: relax PR review workflow gate
55dcbae 
- remove the temporary debug gate job from the PR review workflow
- allow automated reviews for same-repo branches without author association checks
- keep draft and forked pull requests excluded from the review run
kompassdev[bot]
kompassdev Bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@kompassdev kompassdev Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

★★★★☆

Well-structured PR. The shared branch-alignment component is clean, the workflow split between automatic and comment-triggered reviews is sensible, and the same-repo guard on the automatic workflow is a good security tightening.

Two sync gaps need attention before or shortly after merge:

1. Missing align-pr-branch in bundled config files – All three kompass.jsonc files (root, packages/core/, packages/opencode/) list every other DEFAULT_COMPONENT_NAMES entry in their components section but omit "align-pr-branch": { "enabled": true }. Runtime defaults still register it, so nothing breaks, but per AGENTS.md these surfaces must stay in sync when adding a component.

2. Missing align-pr-branch in web docspackages/web/src/content/docs/docs/reference/components/index.mdx does not list align-pr-branch and there is no align-pr-branch.mdx doc page. Per AGENTS.md, user-facing docs that describe the changed surface should be updated in the same change.

Comment thread packages/core/lib/config.ts
@dbpolito
fix: sync align-pr-branch component surfaces
501b2c2 
- add align-pr-branch to the bundled component config in the root, core, and opencode manifests
- document align-pr-branch in the component index and add a dedicated reference page
- keep the new shared component aligned across runtime, config, and docs surfaces
@dbpolito
Copy link
Copy Markdown
Contributor Author

dbpolito commented Apr 14, 2026

Addressed the review follow-up in 501b2c2:

  • added align-pr-branch to the bundled component config manifests
  • added the component to the web component index
  • added a dedicated align-pr-branch reference page

This covers the unresolved config sync thread and the missing docs noted in review.

@dbpolito dbpolito merged commit 65da069 into main Apr 14, 2026
1 check passed
@dbpolito dbpolito deleted the fix/pr-review-branch-handling branch April 14, 2026 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kompassdev kompassdev[bot] kompassdev[bot] approved these changes

Assignees

@dbpolito dbpolito

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dbpolito