ci(argus): post via a deterministic arbiter; review inline#2349
Merged
Conversation
The Argus reviewer was a single agent that had to both run its Task
subagents and call `gh pr review` itself. On source-code PRs it dispatched
the subagents, then ended its turn ("waiting for the experts") before
posting — so no verdict ever landed and the PR stalled at REVIEW_REQUIRED
(config/docs PRs skip subagents and were unaffected).
Split the flow into reviewer -> arbiter, mirroring Argus v2:
- The reviewer writes its verdict (approve|comment|request-changes) and
review body to two files; it no longer calls `gh pr review`.
- A deterministic "Post review (arbiter)" step reads those files and posts
the review, degrading safely to a COMMENT (never a fabricated approval)
when no verdict was recorded. Replaces the verify + fallback + failure trio.
- The reviewer now reviews inline; the mandatory Task subagent dispatch and
the `Task` / `gh pr review` tools are removed (subagent dispatch stalled the
run in this harness and produced the permission denials; it added no value).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
nastassiafulconis
approved these changes
Jul 9, 2026
LukasGoTom
pushed a commit
to gotom-io/adcp-client
that referenced
this pull request
Jul 10, 2026
…ine security scrutiny Follow-up to adcontextprotocol#2349 (arbiter split). Addresses four review findings where a recorded `request-changes` could silently degrade to a non-blocking COMMENT: 1. Verdict/body files moved from ${{ runner.temp }} to /tmp — the path proven writable by the reviewer's Write tool in this harness. Added a probe that warns when neither file was written. (4 paths + POST_FILE for consistency.) 2. Reworded the two surviving "Consult security-reviewer" prompt references to inline security-grade scrutiny — the Task subagent tool was removed in adcontextprotocol#2349. 3. Tolerant verdict parsing: match request-changes synonyms first (fail closed), bounded read via head -c 200 instead of exact bare-token match. 4. Valid verdict + empty body now posts under the verdict with a placeholder body instead of dropping to a COMMENT; tier-2 preamble distinguishes "no verdict recorded" from "verdict recorded but post failed". .github/ only (dev tooling) — no changeset needed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The Argus reviewer stalls on source-code PRs and never posts an approval — they sit at
REVIEW_REQUIREDwhile a fallback drops a non-approval COMMENT. Diagnosis (three runs on #2345 vs a working run on #2333 and Brian's #2346):Tasksub-reviewers and callgh pr reviewitself.What Changed
Split the flow into reviewer → arbiter, mirroring how Argus v2 works (posting decoupled from the reviewer):
approve/comment/request-changes) and review body to two files (ARGUS_VERDICT,ARGUS_REVIEW_BODY); it no longer callsgh pr review.Post review (arbiter)— a new deterministic bash step reads those files and posts the review. Degrades safely in tiers: valid verdict+body → post it; body only → COMMENT; agent final text → COMMENT; nothing → a plain note. Never fabricates an approval. Replaces the old verify + fallback + failure-comment steps.Task. Removed the mandatory subagent dispatch and droppedTask+gh pr reviewfrom the tool allowlist. The reviewer reads the diff and files itself. This removes the stall trigger and the permission denials; fix: strip pricing_currencies from get_products for AdCP 3.0 sellers #2333 shows the subagents weren't adding value (it approved despite 13 denials, i.e. they were failing). Domain-scrutiny guidance is preserved inline.Notes / testing
.github/ai-review/**+ the workflow, which bothpaths-ignoreand the workflow-mod gate exclude. Needs a human review/merge (no chicken-and-egg).pull_request_targetruns the reviewer/prompt from the base SHA, so the new behavior only takes effect after this merges tomain. It can't be exercised on an open PR beforehand. Validated pre-merge vianpm run lint:workflows, YAML parse, and logic review; the live proof is the next Argus run on a source-code PR after merge.🤖 Generated with Claude Code