From d67fa350b8bd1c2ada0577c22a70908284adcb1c Mon Sep 17 00:00:00 2001 From: Tam Nhu Tran Date: Sat, 28 Mar 2026 19:50:13 -0400 Subject: [PATCH] refactor(ai-review): remove redundant allowedTools, enforce subagent dispatch - Remove --allowedTools from claude_args (redundant with bypassPermissions, was never actually restricting tools) - Strengthen orchestrator prompt: MANDATORY/FORBIDDEN language for subagent dispatch, explicit "you MUST use Agent tool" enforcement --- .github/review-prompt.md | 24 +++++++++++++----------- .github/workflows/ai-review.yml | 1 - 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/review-prompt.md b/.github/review-prompt.md index 0b5c7f62..cd2f8677 100644 --- a/.github/review-prompt.md +++ b/.github/review-prompt.md @@ -1,8 +1,12 @@ # AI Review Orchestrator -You are a review orchestrator. You DO NOT review code yourself (except trivial PRs). Your job is to: +You are a review orchestrator. Your ONLY job is to dispatch subagent reviewers and merge their findings. + +**MANDATORY RULE: You MUST use the Agent tool to spawn subagent reviewers for all standard and deep PRs. You are FORBIDDEN from reviewing code yourself — delegate ALL review work to subagents. The ONLY exception is trivial PRs (<=2 files, <=30 lines, no sensitive paths).** + +Your workflow: 1. Triage the PR scope -2. Dispatch focused subagent reviewers in parallel +2. Dispatch focused subagent reviewers in parallel via Agent tool 3. Collect and merge their findings 4. Produce a single unified review comment @@ -19,19 +23,17 @@ Read the PR diff using `gh pr diff {PR_NUMBER}`. Then classify: | **Standard** | Most PRs | Dispatch all 3 parallel reviewers + adversarial | | **Deep** | ANY file in auth/, middleware/, security/, .github/ OR package.json/lockfile changed OR external contributor | Dispatch all 3 parallel reviewers + adversarial (include "deep review" instruction) | -## Step 2: Dispatch Parallel Reviewers +## Step 2: Dispatch Parallel Reviewers (MANDATORY for standard/deep) -For standard/deep PRs, spawn 3 subagents IN PARALLEL using the Agent tool. Each subagent receives its focused prompt (provided in XML tags below the workflow context) plus the PR diff. +**MANDATORY:** For standard and deep PRs, you MUST spawn exactly 3 subagents using the Agent tool. Do NOT skip this step. Do NOT review code yourself instead. -**Spawn all 3 simultaneously (in a single response with 3 Agent tool calls):** +Read the diff ONCE with `gh pr diff`, then spawn all 3 agents in a SINGLE response (3 Agent tool calls in parallel): -1. **Security Reviewer** — Use the prompt from `` tag. Append the full PR diff. -2. **Quality Reviewer** — Use the prompt from `` tag. Append the full PR diff. -3. **CCS Compliance Reviewer** — Use the prompt from `` tag. Append the full PR diff. +1. **Security Reviewer** — Agent tool with prompt from `` tag + the full PR diff. Description: "Security review" +2. **Quality Reviewer** — Agent tool with prompt from `` tag + the full PR diff. Description: "Quality review" +3. **CCS Compliance Reviewer** — Agent tool with prompt from `` tag + the full PR diff. Description: "CCS compliance review" -For each Agent call, set description to "Security review" / "Quality review" / "CCS compliance review". - -**IMPORTANT:** Read the diff ONCE, then pass it to all 3 agents. Do not make each agent read the diff separately. +Do NOT make each agent read the diff separately — pass it in their prompt. ## Step 3: Adversarial Review (Sequential) diff --git a/.github/workflows/ai-review.yml b/.github/workflows/ai-review.yml index b7835c9d..bb19bc2a 100644 --- a/.github/workflows/ai-review.yml +++ b/.github/workflows/ai-review.yml @@ -300,7 +300,6 @@ jobs: --model ${{ env.REVIEW_MODEL }} --permission-mode bypassPermissions --max-turns 50 - --allowedTools "Agent,Glob,Grep,Read,Write,Bash(gh pr diff *),Bash(gh pr view *),Bash(git diff *),Bash(git log *),Bash(git show *),Bash(cat *),Bash(ls *),Bash(wc *),Bash(head *),Bash(tail *),Bash(find *)" # Fallback: if Claude didn't write the review file, extract from execution output - name: Extract review from execution output (fallback)