Context
Split from #11492 per Stage-0 V-B-A. Ticket #11491 introduces tool-boundary validation for PR reviews via the manage_pr_review MCP tool. However, an agent running without MCP restrictions or acting outside the tool boundary could use the CLI (gh pr review) directly, bypassing the tool-side schema.
The Problem
If an agent bypasses manage_pr_review and uses the gh pr review CLI, the required structural anchor (.agents/skills/pr-review/assets/pr-review-template.md) is no longer mechanically enforced at the creation point, risking a return to "Helpful Assistant" regression drift.
The Architectural Reality
GitHub Actions run on pull_request_review events. We need a secondary layer of defense (Shape B) on the server side to cover CLI usage.
The Fix
Implement a GitHub Action workflow (e.g. check-pr-review-body.yml) that fires on pull_request_review: [submitted] for @neo-* agents. The script should validate that the review body conforms to the required structural template (containing depth floor, evidence audit, etc.).
Acceptance Criteria
Origin Session ID
Origin Session ID: fc8abc96-ce88-407e-9d92-7fcc494f8236
Related
- Companion to #11491 (tool-side enforcement) and #11492 (PR-creation enforcement).
Context
Split from #11492 per Stage-0 V-B-A. Ticket #11491 introduces tool-boundary validation for PR reviews via the
manage_pr_reviewMCP tool. However, an agent running without MCP restrictions or acting outside the tool boundary could use the CLI (gh pr review) directly, bypassing the tool-side schema.The Problem
If an agent bypasses
manage_pr_reviewand uses thegh pr reviewCLI, the required structural anchor (.agents/skills/pr-review/assets/pr-review-template.md) is no longer mechanically enforced at the creation point, risking a return to "Helpful Assistant" regression drift.The Architectural Reality
GitHub Actions run on
pull_request_reviewevents. We need a secondary layer of defense (Shape B) on the server side to cover CLI usage.The Fix
Implement a GitHub Action workflow (e.g.
check-pr-review-body.yml) that fires onpull_request_review: [submitted]for@neo-*agents. The script should validate that the review body conforms to the required structural template (containing depth floor, evidence audit, etc.).Acceptance Criteria
pull_request_review: [submitted].@neo-*).check-pr-review-body.mjs) that grep-fails or regex-fails if the review body lacks the mandatory sections defined in the PR review template.Origin Session ID
Origin Session ID: fc8abc96-ce88-407e-9d92-7fcc494f8236
Related