chore(panel-review): tighten one-comment contract; safety cap 1 -> 7#905
Merged
danielmeppiel merged 1 commit intomainfrom Apr 24, 2026
Merged
chore(panel-review): tighten one-comment contract; safety cap 1 -> 7#905danielmeppiel merged 1 commit intomainfrom
danielmeppiel merged 1 commit intomainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR increases the safe-outputs.add-comment.max limit for the pr-review-panel agentic workflow so the panel can emit multiple PR comments instead of being restricted to a single comment.
Changes:
- Bumped
.github/workflows/pr-review-panel.mdsafe-outputs.add-comment.maxfrom1to7and updated related workflow instructions. - Recompiled
.github/workflows/pr-review-panel.lock.ymlto propagate the new safe-outputs configuration.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/pr-review-panel.md | Raises the safe-outputs add-comment cap and updates the prompt text about comment emission. |
| .github/workflows/pr-review-panel.lock.yml | Mechanical regen reflecting add_comment.max: 7 in the compiled workflow prompt/config. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 2
Comment on lines
+20
to
+21
| # - the only write surface is safe-outputs.add-comment (max 7, | ||
| # one per persona) |
There was a problem hiding this comment.
The workflow frontmatter description: still says it posts a single synthesized verdict comment, but this workflow is now configured to allow up to 7 comments. Please update the description: (and any other "single comment" wording) to match the new behavior, then recompile the lockfile so the generated header stays consistent.
Comment on lines
+133
to
+145
| @@ -139,8 +141,8 @@ owns the review behavior; this step owns only the emission boundary. | |||
| ## Step 4: Emit the safe output | |||
|
|
|||
| Post the verdict by writing the comment body to the agent output channel. | |||
| The `safe-outputs.add-comment` job (capped at 1) will pick it up and | |||
| post it to PR #$PR. | |||
| The `safe-outputs.add-comment` job (capped at 7) will pick them up and | |||
| post them to PR #$PR. | |||
There was a problem hiding this comment.
Step 2 instructs the agent to follow the apm-review-panel skill's output contract exactly, but Step 3/4 now instruct emitting up to 7 safe-outputs.add-comment items. The skill currently specifies "exactly ONE comment" and references safe-outputs.add-comment.max: 1, so these instructions are contradictory and may lead to inconsistent agent behavior. To achieve the PR goal (one comment per persona), update the apm-review-panel skill output contract/verdict template to explicitly support multi-comment emission (or keep single-comment emission here and treat max: 7 only as a safety cap).
danielmeppiel
force-pushed
the
chore/panel-review-max-7-comments
branch
3 times, most recently
from
a66f98e to
e799f18
Compare
danielmeppiel
changed the title
Two coupled changes to the panel review workflow: 1. Output contract (Step 3): make it explicit that the single allowed comment MUST be the CEO's final synthesized verdict, not any sub-agent's intermediate output. The orchestrator is now instructed to tell each sub-agent: 'do not post any comment; return your findings to the orchestrator.' 2. Safe-outputs cap (frontmatter): bump add-comment max from 1 to 7. With the prompt-level contract above, the cap is just a fail-soft ceiling: when an LLM occasionally drifts and tries to emit an extra comment, the run no longer aborts at the safe-outputs gate and lose the verdict. Bloat removal: dropped the workflow-only ASCII rule from the agent prompt (it's a project source-code rule that doesn't apply to PR-comment prose) and the meta references to safe-outputs internals (the agent doesn't need to know it runs in gh-aw). Recompiled pr-review-panel.lock.yml via 'gh aw compile pr-review-panel'. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
danielmeppiel
force-pushed
the
chore/panel-review-max-7-comments
branch
from
e799f18 to
570a57f
Compare
danielmeppiel
added a commit
that referenced
this pull request
Apr 24, 2026
…ntract The previous wording in #905 framed the CEO as a separate emitter and told the orchestrator to instruct each sub-agent 'do not post any comment'. This produced two regressions: 1. Sub-agents launched via the task tool do not have safe-outputs MCP access to begin with -- the no-op instruction added orchestration bloat without protecting anything. 2. The 'CEO synthesizes the single verdict' phrasing made the orchestrator wait for a CEO sub-agent that was never dispatched. Result: agent_output.json={"items":[]} -- zero comments posted. Fix lives in the skill (the authoritative source), not the workflow: - SKILL.md execution checklist step 5: orchestrator runs CEO arbitration as itself, never delegates to a sub-agent. - SKILL.md execution checklist step 7: orchestrator writes the comment to safe-outputs.add-comment, never calls GitHub API. - SKILL.md output contract: cap reference updated to fail-soft ceiling of 7 (matches workflow frontmatter). Workflow .md is now a thin shell: gather PR context, then defer to the skill for routing, dispatch, arbitration, emission. No more duplicated orchestration logic at the workflow boundary. Closes #906 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
danielmeppiel
added a commit
that referenced
this pull request
Apr 24, 2026
…ntract (#907) The previous wording in #905 framed the CEO as a separate emitter and told the orchestrator to instruct each sub-agent 'do not post any comment'. This produced two regressions: 1. Sub-agents launched via the task tool do not have safe-outputs MCP access to begin with -- the no-op instruction added orchestration bloat without protecting anything. 2. The 'CEO synthesizes the single verdict' phrasing made the orchestrator wait for a CEO sub-agent that was never dispatched. Result: agent_output.json={"items":[]} -- zero comments posted. Fix lives in the skill (the authoritative source), not the workflow: - SKILL.md execution checklist step 5: orchestrator runs CEO arbitration as itself, never delegates to a sub-agent. - SKILL.md execution checklist step 7: orchestrator writes the comment to safe-outputs.add-comment, never calls GitHub API. - SKILL.md output contract: cap reference updated to fail-soft ceiling of 7 (matches workflow frontmatter). Workflow .md is now a thin shell: gather PR context, then defer to the skill for routing, dispatch, arbitration, emission. No more duplicated orchestration logic at the workflow boundary. Closes #906 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Tighten the panel-review one-comment contract at the prompt layer, and convert the safe-outputs cap from a hard fail-stop into a soft ceiling.
Changes
Prompt (Step 3 — Output contract)
Bloat removal
safe-outputs.add-commentinternals — the agent doesn't need to know it runs inside gh-aw.Safe-outputs (frontmatter)
safe-outputs.add-comment.max:1→7. With the strengthened prompt-level contract above, the cap becomes a fail-soft ceiling: occasional LLM drift no longer aborts the run at the safe-outputs gate and loses the verdict.Lockfile
.github/workflows/pr-review-panel.lock.yml— recompiled viagh aw compile pr-review-panel(0 errors / 0 warnings).Security surface
Unchanged. Only write surface remains the safe-outputs comment channel; the permission-isolated downstream job remains the sole publisher. No new secrets, actions, or permissions. Trigger gating untouched.