Proposal
Add an AI PR-review bot to this repo: a single GitHub Actions workflow that reviews every pull request and proposes actions, with a hard split between the half that reads untrusted PR content and the half that acts.
Design
- Reviewer → executor split as the safety boundary. The
review job runs the model (claude-code-action, model claude-fable-5), reads the PR only via gh pr diff / gh pr view from a trusted base checkout, posts exactly one structured review comment, and proposes actions by applying labels. It holds no merge/close power. The execute job runs no model and never reads PR prose — it merges or closes purely on the reviewer's label plus objectively green checks. A malicious PR cannot talk its way into a merge: the half that reads untrusted text cannot act, and the half that acts cannot be reasoned with.
- Stellar-aware. The review prompt runs three passes (mechanics, technical accuracy, completeness) against a triage policy file (
.github/triage-policy.md) with baked Stellar reference facts (protocol timeline, network passphrases, RPC-vs-Horizon guidance, SDK names, SEP/CAP numbers), and clones the current stellar-dev-skill skills fresh on every run as up-to-date reference.
- Live fact-checking. Raven MCP (
mcp__raven__search / mcp__raven__execute) is wired in as the preferred live source for dated, citable Stellar facts, with WebSearch/WebFetch against primary sources (stellar.org, developers.stellar.org, github.com) as fallback.
- Self-fix for small fixes. When every needed change is small, unambiguous, and low-risk (typo, wording, broken link/anchor, obvious factual correction), the reviewer labels
pr:autofix: same-repo PRs get one bot commit applying exactly the listed fixes; fork PRs get the same fixes as one-click suggested changes (the bot never pushes to a fork).
Rollout
Consultant / comment+label mode is the safe start: out of the box the bot only comments and labels. Merge/close is gated behind explicit labels plus all-green checks, and the workflow does nothing until a repo admin adds the required secrets (CLAUDE_CODE_OAUTH_TOKEN, RAVEN_MCP_TOKEN) — before that it just errors on the missing secret.
A PR with the workflow, the triage policy, and a setup checklist follows.
Proposal
Add an AI PR-review bot to this repo: a single GitHub Actions workflow that reviews every pull request and proposes actions, with a hard split between the half that reads untrusted PR content and the half that acts.
Design
reviewjob runs the model (claude-code-action, modelclaude-fable-5), reads the PR only viagh pr diff/gh pr viewfrom a trusted base checkout, posts exactly one structured review comment, and proposes actions by applying labels. It holds no merge/close power. Theexecutejob runs no model and never reads PR prose — it merges or closes purely on the reviewer's label plus objectively green checks. A malicious PR cannot talk its way into a merge: the half that reads untrusted text cannot act, and the half that acts cannot be reasoned with..github/triage-policy.md) with baked Stellar reference facts (protocol timeline, network passphrases, RPC-vs-Horizon guidance, SDK names, SEP/CAP numbers), and clones the current stellar-dev-skill skills fresh on every run as up-to-date reference.mcp__raven__search/mcp__raven__execute) is wired in as the preferred live source for dated, citable Stellar facts, with WebSearch/WebFetch against primary sources (stellar.org, developers.stellar.org, github.com) as fallback.pr:autofix: same-repo PRs get one bot commit applying exactly the listed fixes; fork PRs get the same fixes as one-click suggested changes (the bot never pushes to a fork).Rollout
Consultant / comment+label mode is the safe start: out of the box the bot only comments and labels. Merge/close is gated behind explicit labels plus all-green checks, and the workflow does nothing until a repo admin adds the required secrets (
CLAUDE_CODE_OAUTH_TOKEN,RAVEN_MCP_TOKEN) — before that it just errors on the missing secret.A PR with the workflow, the triage policy, and a setup checklist follows.