Skip to content

Add an AI PR-review bot (reviewer/executor split, Stellar-aware, comment+label first) #62

Description

@kaankacar

Proposal

Add an AI PR-review bot to this repo: a single GitHub Actions workflow that reviews every pull request and proposes actions, with a hard split between the half that reads untrusted PR content and the half that acts.

Design

  • Reviewer → executor split as the safety boundary. The review job runs the model (claude-code-action, model claude-fable-5), reads the PR only via gh pr diff / gh pr view from a trusted base checkout, posts exactly one structured review comment, and proposes actions by applying labels. It holds no merge/close power. The execute job runs no model and never reads PR prose — it merges or closes purely on the reviewer's label plus objectively green checks. A malicious PR cannot talk its way into a merge: the half that reads untrusted text cannot act, and the half that acts cannot be reasoned with.
  • Stellar-aware. The review prompt runs three passes (mechanics, technical accuracy, completeness) against a triage policy file (.github/triage-policy.md) with baked Stellar reference facts (protocol timeline, network passphrases, RPC-vs-Horizon guidance, SDK names, SEP/CAP numbers), and clones the current stellar-dev-skill skills fresh on every run as up-to-date reference.
  • Live fact-checking. Raven MCP (mcp__raven__search / mcp__raven__execute) is wired in as the preferred live source for dated, citable Stellar facts, with WebSearch/WebFetch against primary sources (stellar.org, developers.stellar.org, github.com) as fallback.
  • Self-fix for small fixes. When every needed change is small, unambiguous, and low-risk (typo, wording, broken link/anchor, obvious factual correction), the reviewer labels pr:autofix: same-repo PRs get one bot commit applying exactly the listed fixes; fork PRs get the same fixes as one-click suggested changes (the bot never pushes to a fork).

Rollout

Consultant / comment+label mode is the safe start: out of the box the bot only comments and labels. Merge/close is gated behind explicit labels plus all-green checks, and the workflow does nothing until a repo admin adds the required secrets (CLAUDE_CODE_OAUTH_TOKEN, RAVEN_MCP_TOKEN) — before that it just errors on the missing secret.

A PR with the workflow, the triage policy, and a setup checklist follows.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions