fix(review,chat): exempt release PRs and gate override approvals #290

jwilger · 2026-06-13T08:02:15-07:00

jwilger commented

2026-06-13 08:02:15 -07:00

Scope of this PR

Closes #287. Fixes both recurring defects from the issue (reproduced on eventcore PR #396) and adds the controls discussed while implementing them.

Problem A — release PRs wrongly rejected by the metadata check

New is_release_pr_title recognizes the conventional release shapes regardless of body — chore(release): vX.Y.Z (the scoped form that regressed), chore: release vX.Y.Z, release: X.Y.Z, with an optional leading v — requiring a release-typed prefix and a semver token so a generic chore(deps): bump x to 1.2.3 is not mistaken for a release.
Wired into has_clearly_acceptable_pr_metadata so the metadata-quality check can never drive REQUEST_CHANGES on a release PR, and taught the LLM metadata prompt that the scoped form + a title-mirroring release body are acceptable.
This is the root cause of the recurrence: the deterministic override previously only matched the unscoped form and auto-review's own boilerplate body.

Problem B — @auto-review now responds to the intent of a comment

Dropped the hardcoded keyword gate in parse_review_correction; any quote-reply with prose (and any plain directed mention) is now classified by a cheap-tier LLM into approval_request | re_review | question and branched on (previously the classifier result was discarded and every correction unconditionally approved). A natural "no, that's fine for a release PR — please approve" is understood without special syntax.

Override controls (added during review)

Authorization: forcing an approval over the bot's outstanding findings (a REQUEST_CHANGES) requires the commenter to be listed in the new per-repo override_approvers allow-list. Opt-in — empty/absent list authorizes nobody; the bot declines and points to the config.
Human-wins-but-flag + judge-gated why: an authorized override requires an LLM-judged substantive reason; without one the bot asks for it and does not approve. With one, it posts an approval caveat listing the overridden findings.
Recorded in the merge commit, reversibly: the override stamps a short [override-approved] title prefix and an ## Approval override body section (with the reason) onto the PR, so it rides into the squash/merge commit (auto-review still never merges). A later clean automated approval strips the marker automatically. PR edited events don't trigger reviews, so there is no re-review loop.

Plumbing

ar-forgejo: update_pull_request (edit title/body) and get_file_content (read .auto_review.yaml without a clone); PullReviewSummary gains user.
Marker helpers live in ar-review::override_marker (pure, idempotent, round-trip tested) to avoid an ar-chat↔ar-review cycle; the pipeline uses them for the strip.
Commenter + bot logins threaded into ChatContext (webhook + poller).
Docs: .auto_review.example.yaml and USER-GUIDE document override_approvers and the override flow.

Why

It should not take multiple tries to get a release PR approved. Release PRs are now accepted on the first pass, and a single natural-language comment from an authorized user (with a reason) is honored — with the override made obvious and auditable in the merge commit, and automatically cleaned up if the underlying issue is actually fixed.

Verification

cargo nextest run --workspace — 777 passed.
cargo clippy --workspace --all-targets -- -D warnings — clean.
cargo fmt --all -- --check — clean.
New tests cover: scoped-release exemption (incl. the exact #396 case), loosened comment routing, intent branching, authorized/unauthorized/no-reason override paths + marker stamping, and marker strip-on-clean-approval.

🤖 Generated with Claude Code

## Scope of this PR Closes #287. Fixes both recurring defects from the issue (reproduced on eventcore PR #396) and adds the controls discussed while implementing them. ### Problem A — release PRs wrongly rejected by the metadata check - New `is_release_pr_title` recognizes the conventional release shapes regardless of body — `chore(release): vX.Y.Z` (the scoped form that regressed), `chore: release vX.Y.Z`, `release: X.Y.Z`, with an optional leading `v` — requiring a release-typed prefix **and** a semver token so a generic `chore(deps): bump x to 1.2.3` is not mistaken for a release. - Wired into `has_clearly_acceptable_pr_metadata` so the metadata-quality check can never drive `REQUEST_CHANGES` on a release PR, and taught the LLM metadata prompt that the scoped form + a title-mirroring release body are acceptable. - This is the root cause of the *recurrence*: the deterministic override previously only matched the unscoped form **and** auto-review's own boilerplate body. ### Problem B — @auto-review now responds to the intent of a comment - Dropped the hardcoded keyword gate in `parse_review_correction`; any quote-reply with prose (and any plain directed mention) is now classified by a cheap-tier LLM into `approval_request | re_review | question` and **branched on** (previously the classifier result was discarded and every correction unconditionally approved). A natural "no, that's fine for a release PR — please approve" is understood without special syntax. ### Override controls (added during review) - **Authorization:** forcing an approval over the bot's outstanding findings (a `REQUEST_CHANGES`) requires the commenter to be listed in the new per-repo `override_approvers` allow-list. Opt-in — empty/absent list authorizes nobody; the bot declines and points to the config. - **Human-wins-but-flag + judge-gated why:** an authorized override requires an LLM-judged substantive *reason*; without one the bot asks for it and does not approve. With one, it posts an approval caveat listing the overridden findings. - **Recorded in the merge commit, reversibly:** the override stamps a short `[override-approved]` title prefix and an `## Approval override` body section (with the reason) onto the PR, so it rides into the squash/merge commit (auto-review still never merges). A later clean automated approval strips the marker automatically. PR `edited` events don't trigger reviews, so there is no re-review loop. ### Plumbing - ar-forgejo: `update_pull_request` (edit title/body) and `get_file_content` (read `.auto_review.yaml` without a clone); `PullReviewSummary` gains `user`. - Marker helpers live in `ar-review::override_marker` (pure, idempotent, round-trip tested) to avoid an ar-chat↔ar-review cycle; the pipeline uses them for the strip. - Commenter + bot logins threaded into `ChatContext` (webhook + poller). - Docs: `.auto_review.example.yaml` and USER-GUIDE document `override_approvers` and the override flow. ### Why It should not take multiple tries to get a release PR approved. Release PRs are now accepted on the first pass, and a single natural-language comment from an authorized user (with a reason) is honored — with the override made obvious and auditable in the merge commit, and automatically cleaned up if the underlying issue is actually fixed. ### Verification - `cargo nextest run --workspace` — 777 passed. - `cargo clippy --workspace --all-targets -- -D warnings` — clean. - `cargo fmt --all -- --check` — clean. - New tests cover: scoped-release exemption (incl. the exact #396 case), loosened comment routing, intent branching, authorized/unauthorized/no-reason override paths + marker stamping, and marker strip-on-clean-approval. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

jwilger added 6 commits

2026-06-13 08:02:15 -07:00

fix(review): exempt release PRs from metadata-quality check (#287 ) 4e0e6714a7

Release PRs are intentionally terse: a `chore(release): vX.Y.Z` title with a
body that merely restates it is legitimate metadata. The deterministic
override that should rescue such PRs from a Cheap-tier metadata false-negative
only matched the unscoped `chore: release vX.Y.Z` form AND required
auto-review's own boilerplate body, so a scoped title with a title-mirroring
body (eventcore PR #396) fell through to REQUEST_CHANGES every push.

Add `is_release_pr_title`, a body-independent recognizer for the conventional
release shapes (`chore(release): vX.Y.Z`, `chore: release vX.Y.Z`,
`release: X.Y.Z`; optional leading `v`) that requires a release-typed prefix
plus a semver-shaped version token so generic chores are not mistaken for
releases. Wire it into `has_clearly_acceptable_pr_metadata` and teach the
metadata-quality prompt that the scoped form and a title-mirroring release body
are acceptable.

Refs #287

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

feat(config): add per-project override_approvers allow-list (#287 ) c4626eecbc

Adds the `override_approvers` repo-config key: the Forgejo logins permitted to
force an override-approval over auto-review's outstanding findings. Opt-in by
design — an empty/omitted list authorizes nobody, so override is strictly
opt-in per repository. Adds a case-insensitive `is_override_approver` helper,
documents the key in `.auto_review.example.yaml`, and keeps the strict-config
allow-list and example-coverage contract tests in sync.

Refs #287

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

feat(forgejo): add update_pull_request and get_file_content (#287 ) 57c22e0ccd

Two new client capabilities needed by the override flow:

- `update_pull_request` (PATCH pulls/{n}) edits the PR title and/or body,
  sending only the provided fields. This lets auto-review stamp — and later
  strip — the human-override marker on the PR so it rides into the squash
  commit a maintainer creates from the PR title/body. auto-review still never
  merges.
- `get_file_content` (GET raw/{path}?ref=) reads a file's raw contents at a
  ref, returning None on 404. The chat path uses it to read `.auto_review.yaml`
  (the override_approvers allow-list) without cloning the repo.

Refs #287

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

feat(chat): add reversible override-marker helpers (#287 ) 1c3780ed6a

Pure, idempotent helpers for the human-override marker that records — on the PR
itself — that an approval was forced over outstanding findings: a short
`[override-approved] ` title prefix and a sentinel-delimited body section. The
markers ride into the squash commit a maintainer creates from the PR
title/body (auto-review never merges), and are reversible so a later clean
approval can strip them back out. apply/strip round-trip and are safe to call
without first inspecting current state.

Refs #287

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

feat(chat): intent-driven comments with authorized, judged overrides (#287 ) 2837150aef

auto-review now responds to the *intent* of a directed comment instead of
rigid format/keyword matching, and force-approvals are gated and recorded.

- Drop the hardcoded keyword gate in `parse_review_correction`: any quote-reply
  with prose is a correction; a plain directed mention no longer has to be
  phrased a particular way.
- Route both corrections and freeform mentions through a cheap-tier intent
  classifier (`approval_request | re_review | question`) and branch on the
  result (previously the classifier output was discarded and every correction
  unconditionally approved).
- Override flow: when the bot currently blocks the PR (REQUEST_CHANGES), an
  approval request is an override. It is honored only if the commenter is on
  the repo's `override_approvers` allow-list AND an LLM judge confirms the
  comment explains *why*; otherwise auto-review declines or asks for a reason
  and does not approve. Authorized + reasoned overrides post an approval caveat
  listing the overridden findings and stamp the reversible marker onto the PR
  title/body so the reason rides into the merge commit.
- Reconstruct outstanding findings from the bot's latest review (its inline
  🔴 Error comments) rather than persisting them separately.
- Pipeline strips the override marker on a later clean approval, so a genuine
  fix removes it. PR `edited` events don't trigger reviews, so no loop.
- Thread the commenter and bot logins into `ChatContext` (webhook + poller);
  load `.auto_review.yaml` over the API for the chat path; move the marker
  helpers into ar-review to avoid an ar-chat↔ar-review cycle; add `user` to
  `PullReviewSummary`.

Refs #287

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

docs(user-guide): document override_approvers and the override flow (#287 )

CI / Classify changed paths (pull_request) Successful in 2s

Details

CI / Format check (pull_request) Has been cancelled

Details

CI / Clippy (pull_request) Has been cancelled

Details

CI / Test (pull_request) Has been cancelled

Details

CI / opencode plugin tests (pull_request) Has been cancelled

Details

CI / Dependency policy (pull_request) Has been cancelled

Details

CI / Build (pull_request) Has been cancelled

Details

CI / Request auto_review semantic review (pull_request) Has been cancelled

Details

CI / Build PR artifacts (no token) (pull_request) Has been cancelled

Details

fccf4b8684

Explain that auto-review reads the intent of a directed comment, and document
the force-approval override: it requires the commenter to be listed in
`override_approvers` and to give a substantive reason, which is recorded on the
PR (and thus the merge commit) and auto-removed on a later clean approval. Also
applies rustfmt to the new code from the previous commit.

Refs #287

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

jwilger added 1 commit

2026-06-13 08:10:19 -07:00

Merge branch 'main' into issue-287-release-metadata-and-nl-corrections

CI / Test (pull_request) Successful in 1m27s

Details

CI / opencode plugin tests (pull_request) Has been skipped

Details

CI / Dependency policy (pull_request) Successful in 12s

Details

CI / Build (pull_request) Successful in 1m8s

Details

CI / Request auto_review semantic review (pull_request) Successful in 2s

Details

CI / Build PR artifacts (no token) (pull_request) Has been skipped

Details

CI / Classify changed paths (pull_request) Successful in 3s

Details

CI / Format check (pull_request) Successful in 10s

Details

auto_review auto_review: 3 warnings

CI / Clippy (pull_request) Successful in 1m3s

Details

22ad41741f

auto-review requested changes

2026-06-13 08:15:50 -07:00

auto-review left a comment

This PR introduces significant changes to how release PRs and override approvals are handled, including new LLM-based intent classification and override authorization mechanisms. The changes appear well-tested, but the reliance on LLMs for intent classification and the new override logic should be carefully monitored for edge cases. Overall, the PR seems safe to merge with these considerations in mind.

Walkthrough

Key Changes

Release PR Handling: Introduced is_release_pr_title to correctly identify release PRs and exempt them from metadata checks.
Override Approval Logic: Added logic to handle override approvals with authorization checks and LLM-based intent classification.
LLM Integration: Removed hardcoded keyword checks in favor of LLM-based intent classification for comment handling.
Configuration Updates: Updated .auto_review.example.yaml to include override_approvers for managing who can force approvals.

Testing and Verification

Extensive tests added for new override logic, including authorized and unauthorized scenarios.
Tests ensure that release PRs are correctly identified and not blocked by metadata checks.
CI checks and formatting are clean, indicating adherence to project standards.

LLM usage and cost

Reasoning (gpt-4o) in=24065 out=819 cost=$0.132610
Cheap (gpt-4o-mini) in=10502 out=219 cost=$0.001707
Estimated total USD: $0.134317 via https://api.openai.com and https://api.openai.com

Pre-merge checks

PR metadata quality: failed
Rationale: PR title exceeds the 72 character limit.
Offending text: fix(review,chat): exempt release PRs and handle override approvals naturally

This PR introduces significant changes to how release PRs and override approvals are handled, including new LLM-based intent classification and override authorization mechanisms. The changes appear well-tested, but the reliance on LLMs for intent classification and the new override logic should be carefully monitored for edge cases. Overall, the PR seems safe to merge with these considerations in mind. ## Walkthrough ### Key Changes - **Release PR Handling**: Introduced `is_release_pr_title` to correctly identify release PRs and exempt them from metadata checks. - **Override Approval Logic**: Added logic to handle override approvals with authorization checks and LLM-based intent classification. - **LLM Integration**: Removed hardcoded keyword checks in favor of LLM-based intent classification for comment handling. - **Configuration Updates**: Updated `.auto_review.example.yaml` to include `override_approvers` for managing who can force approvals. ### Testing and Verification - Extensive tests added for new override logic, including authorized and unauthorized scenarios. - Tests ensure that release PRs are correctly identified and not blocked by metadata checks. - CI checks and formatting are clean, indicating adherence to project standards. ## LLM usage and cost - Reasoning (gpt-4o) in=24065 out=819 cost=$0.132610 - Cheap (gpt-4o-mini) in=10502 out=219 cost=$0.001707 Estimated total USD: $0.134317 via https://api.openai.com and https://api.openai.com ## Pre-merge checks - PR metadata quality: failed - Rationale: PR title exceeds the 72 character limit. - Offending text: fix(review,chat): exempt release PRs and handle override approvals naturally

jwilger changed title from ~~fix(review,chat): exempt release PRs and handle override approvals naturally~~ to fix(review,chat): exempt release PRs and gate override approvals

2026-06-13 08:20:00 -07:00

jwilger commented

2026-06-13 08:20:11 -07:00

@auto-review wrote in #290 (comment):

PR metadata quality: failed

Rationale: PR title exceeds the 72 character limit.

Offending text: fix(review,chat): exempt release PRs and handle override approvals naturally

Good catch — and a fitting test of this very PR. The title was 75 characters; I've shortened it to "fix(review,chat): exempt release PRs and gate override approvals" (63 chars), which is within the limit. No code changes were needed.

@auto-review re-review

@auto-review wrote in https://git.johnwilger.com/Slipstream/auto_review/pulls/290#issuecomment-10107: > - PR metadata quality: failed > - Rationale: PR title exceeds the 72 character limit. > - Offending text: fix(review,chat): exempt release PRs and handle override approvals naturally Good catch — and a fitting test of this very PR. The title was 75 characters; I've shortened it to "fix(review,chat): exempt release PRs and gate override approvals" (63 chars), which is within the limit. No code changes were needed. @auto-review re-review

auto-review commented

2026-06-13 08:20:34 -07:00

This pull request introduces several critical changes across multiple files:

Configuration File (.auto_review.example.yaml):
- Added override_approvers key allowing specific users to override auto-review findings by commenting. For example, line 48 shows "override_approvers: - 'jwilger'".
.gitignore:
- New entry added for local Claude Code settings at line 12: /.claude/settings.local.json.
Cargo Files:
- The Cargo.lock and Cargo.toml files have been modified to include the new ar-review dependency (lines 82, 18).
Chat and Handler Logic:
- Significant updates to the chat logic, particularly for handling review corrections and approval flows (lines 113 onward in crates/ar-chat/src/command.rs).
- The function handle_review_correction is modified into a more general method handle_directed, allowing natural language processing for feedback (lines 246-261).
- New functions are introduced to parse and judge user intentions and approval reasons, enhancing the bot’s ability to respond to user commentary contextually (new methods in crates/ar-chat/src/handler.rs).
Tests:
- New tests have been added to ensure functionality around quote replies, approval requests, and the handling of user corrections (lines 224 onward in crates/ar-chat/tests/review_correction.rs).

Overall, the changes enhance user interaction with the auto-review bot by allowing greater flexibility in how approvals are managed and reinforcing the review process with structured reasoning.

This pull request introduces several critical changes across multiple files: 1. **Configuration File (.auto_review.example.yaml)**: - Added `override_approvers` key allowing specific users to override auto-review findings by commenting. For example, line 48 shows "override_approvers: - 'jwilger'". 2. **.gitignore**: - New entry added for local Claude Code settings at line 12: `/.claude/settings.local.json`. 3. **Cargo Files**: - The `Cargo.lock` and `Cargo.toml` files have been modified to include the new `ar-review` dependency (lines 82, 18). 4. **Chat and Handler Logic**: - Significant updates to the chat logic, particularly for handling review corrections and approval flows (lines 113 onward in `crates/ar-chat/src/command.rs`). - The function `handle_review_correction` is modified into a more general method `handle_directed`, allowing natural language processing for feedback (lines 246-261). - New functions are introduced to parse and judge user intentions and approval reasons, enhancing the bot’s ability to respond to user commentary contextually (new methods in `crates/ar-chat/src/handler.rs`). 5. **Tests**: - New tests have been added to ensure functionality around quote replies, approval requests, and the handling of user corrections (lines 224 onward in `crates/ar-chat/tests/review_correction.rs`). Overall, the changes enhance user interaction with the auto-review bot by allowing greater flexibility in how approvals are managed and reinforcing the review process with structured reasoning.

jwilger commented

2026-06-13 08:22:18 -07:00

@auto-review re-review

auto-review commented

2026-06-13 08:22:20 -07:00

Queued a forced review at 22ad41741f. This intentionally bypasses CI gating; watch the commit-status badge for progress.

Queued a forced review at 22ad41741fd9364beab8a6c70515826dda15f76e. This intentionally bypasses CI gating; watch the commit-status badge for progress.

auto-review approved these changes

2026-06-13 08:24:15 -07:00

auto-review left a comment

The changes appear well-structured and include necessary tests, but the reliance on LLMs for intent classification and override reasoning introduces potential risks that should be carefully monitored.

Walkthrough

Configuration Changes: Added override_approvers to .auto_review.example.yaml to allow specific users to override bot findings.
Chat Logic: Replaced hardcoded keyword checks with LLM-based intent classification in parse_review_correction and handle_directed functions.
Approval Flow: Introduced a new approval flow requiring authorization and a reason for overrides, with changes to PR titles and bodies to reflect overrides.
Testing: Added tests for new approval logic, intent classification, and override handling.

LLM usage and cost

Reasoning (gpt-4o) in=65670 out=17632 cost=$0.592830
Cheap (gpt-4o-mini) in=11727 out=393 cost=$0.001995
Estimated total USD: $0.594825 via https://api.openai.com and https://api.openai.com

The changes appear well-structured and include necessary tests, but the reliance on LLMs for intent classification and override reasoning introduces potential risks that should be carefully monitored. ## Walkthrough - **Configuration Changes**: Added `override_approvers` to `.auto_review.example.yaml` to allow specific users to override bot findings. - **Chat Logic**: Replaced hardcoded keyword checks with LLM-based intent classification in `parse_review_correction` and `handle_directed` functions. - **Approval Flow**: Introduced a new approval flow requiring authorization and a reason for overrides, with changes to PR titles and bodies to reflect overrides. - **Testing**: Added tests for new approval logic, intent classification, and override handling. ## LLM usage and cost - Reasoning (gpt-4o) in=65670 out=17632 cost=$0.592830 - Cheap (gpt-4o-mini) in=11727 out=393 cost=$0.001995 Estimated total USD: $0.594825 via https://api.openai.com and https://api.openai.com

crates/ar-chat/src/command.rs

					
				@ -113,6 +113,12 @@ fn parse_review_correction(

				    if !after.trim_start().starts_with("wrote in ") {

🟡 Warning: Lines 113–130: The change to use LLM for intent classification in parse_review_correction removes the previous keyword-based checks. Ensure that the LLM model is adequately trained to handle diverse comment inputs to avoid misclassification.

🟡 **Warning:** **Lines 113–130:** The change to use LLM for intent classification in `parse_review_correction` removes the previous keyword-based checks. Ensure that the LLM model is adequately trained to handle diverse comment inputs to avoid misclassification.

crates/ar-chat/src/handler.rs

🟡 Warning: Lines 243–647: The handle_directed function now routes comments based on intent. Ensure that the LLM model is capable of accurately classifying intents to prevent incorrect approvals or re-reviews.

🟡 **Warning:** **Lines 243–647:** The `handle_directed` function now routes comments based on intent. Ensure that the LLM model is capable of accurately classifying intents to prevent incorrect approvals or re-reviews.

🟡 Warning: Lines 243–647: The judge_override_reason function uses an LLM to determine if a comment contains a substantive reason for an override. Ensure that the LLM is capable of accurately assessing the content of comments to prevent unjustified overrides.

🟡 **Warning:** **Lines 243–647:** The `judge_override_reason` function uses an LLM to determine if a comment contains a substantive reason for an override. Ensure that the LLM is capable of accurately assessing the content of comments to prevent unjustified overrides.

jwilger commented

2026-06-13 08:27:26 -07:00

Thanks — re-review is green (approved). Addressing the three advisory warnings about LLM classification/judging reliability (comments 10127, 10128, 10129). They're valid cautions, but the design deliberately treats the LLM as advisory, never as the sole authority, so a misclassification fails safe rather than causing an incorrect approval:

Intent classification (classify_intent): on a missing cheap tier or any unparsable/failed response it defaults to Question — i.e. it answers, it does not approve or re-review. The worst case of a misclassification is "the bot replies instead of acting," which the user can correct with another comment.
Override authorization is deterministic, not LLM-driven. Even if intent is classified as approval_request, an override of outstanding findings only happens when the commenter is on the repo's override_approvers allow-list. The LLM cannot grant authority it isn't given.
judge_override_reason is a gate, not an approver. A "yes, has reason" verdict never approves on its own — it only unblocks an already-authorized user. On cheap-tier failure it falls back to a conservative word-count heuristic. The failure mode is "asks the user to restate why," not "approves without reason."
Release-PR exemption is fully deterministic (is_release_pr_title) — independent of any LLM — so Problem A's fix doesn't depend on model behavior at all.

So the LLM only ever decides which advisory path to take; the consequential decisions (who may override, whether findings exist) are deterministic. I don't think a code change is warranted here, but these are good things to keep an eye on once deployed. Test coverage exercises the authorized / unauthorized / no-reason / nothing-outstanding paths explicitly.

(Note: the earlier freeform reply rather than a re-review on my quoted comment is the exact brittleness this PR fixes — the currently-deployed bot is the pre-#290 build; these behaviors go live after this lands and the server is updated.)

Thanks — re-review is green (approved). Addressing the three advisory warnings about LLM classification/judging reliability (comments 10127, 10128, 10129). They're valid cautions, but the design deliberately treats the LLM as advisory, never as the sole authority, so a misclassification fails safe rather than causing an incorrect approval: - **Intent classification** (`classify_intent`): on a missing cheap tier or any unparsable/failed response it defaults to `Question` — i.e. it answers, it does not approve or re-review. The worst case of a misclassification is "the bot replies instead of acting," which the user can correct with another comment. - **Override authorization is deterministic, not LLM-driven.** Even if intent is classified as `approval_request`, an override of outstanding findings only happens when the commenter is on the repo's `override_approvers` allow-list. The LLM cannot grant authority it isn't given. - **`judge_override_reason` is a gate, not an approver.** A "yes, has reason" verdict never approves on its own — it only unblocks an *already-authorized* user. On cheap-tier failure it falls back to a conservative word-count heuristic. The failure mode is "asks the user to restate why," not "approves without reason." - **Release-PR exemption is fully deterministic** (`is_release_pr_title`) — independent of any LLM — so Problem A's fix doesn't depend on model behavior at all. So the LLM only ever decides *which advisory path* to take; the consequential decisions (who may override, whether findings exist) are deterministic. I don't think a code change is warranted here, but these are good things to keep an eye on once deployed. Test coverage exercises the authorized / unauthorized / no-reason / nothing-outstanding paths explicitly. (Note: the earlier freeform reply rather than a re-review on my quoted comment is the exact brittleness this PR fixes — the currently-deployed bot is the pre-#290 build; these behaviors go live after this lands and the server is updated.)

jwilger merged commit 95ce0bc9ca into main

2026-06-13 08:30:59 -07:00

jwilger referenced this pull request from a commit

2026-06-13 08:31:01 -07:00

fix(review,chat): exempt release PRs and gate override approvals (#290)

Sign in to join this conversation.

No reviewers