Skip to content

feat(pr-bot): ai auto-merge bot with claude-code verification#496

Merged
plind-junior merged 5 commits into
testfrom
feat/pr-auto-merge-bot
Jul 16, 2026
Merged

feat(pr-bot): ai auto-merge bot with claude-code verification#496
plind-junior merged 5 commits into
testfrom
feat/pr-auto-merge-bot

Conversation

@plind-junior

Copy link
Copy Markdown
Member

an owner-gated auto-merge bot. you label a PR auto-merge, claude code
verifies the change actually works on that branch, and non-core PRs merge
themselves once every required check is green. core code is never merged by
automation — it always routes to your review.

the deterministic decisions live in src/vouch/pr_bot.py (pure stdlib, no
model dependency — the runtime stays model-free, same principle as
compile.py/llm_draft.py). the claude call is the claude-code github
action running in the runner, not a python sdk import. everything the bot is
allowed to do is ANDed with hard guards, so the AI can only ever veto a
merge, never widen what merges.

pieces:

  • .github/CODEOWNERS — the review-gate core paths (proposals, lifecycle,
    storage, audit, models, capabilities, the three servers, cli, migrations,
    pr_bot.py itself, and .github/) require your review. a parity test keeps
    it in sync with pr_bot.CORE_GLOBS.
  • trust-gate.yml — a required check that fails when an untrusted author
    (anyone but you) touches core. reads metadata only, never runs PR code.
  • ci-label.yml — stamps ci: passing / ci: failing on workflow_run
    completion, so a green PR is visible at a glance.
  • ui-screenshot-gate.yml — UI PRs (web/, src/vouch/web/, webapp/) are
    reviewed by screenshot, not by running the app. a UI PR opened without
    before/after screenshots is auto-closed with a comment. core wins over ui,
    so a core+ui PR is never closed.
  • auto-merge.yml — on your auto-merge label: claude code checks out the
    head (authorized by the owner label), runs make check + smoke-tests for
    code PRs or visually reviews the before/after screenshots for ui PRs,
    publishes a claude-verify check on the head sha, and arms native
    auto-merge for non-core only.
  • scripts/setup_branch_protection.sh — idempotent one-time setup.

security: the label is your authorization to execute the branch; open
contributors can't apply it and the workflow re-checks the sender. untrusted
strings go through env:, PR bodies are fetched to files (never interpolated),
and checkout uses head.sha not head.ref. worst case under prompt injection
is a single green claude-verify check — the merge still needs ci green and,
for core, your codeowners approval.

to activate after merge: add the ANTHROPIC_API_KEY repo secret, then run
bash scripts/setup_branch_protection.sh test with an owner token (confirm the
ci check names still match ci.yml). the claude-code-action input names should
be double-checked against its current readme.

design + plan captured locally (scratchpad); make check green.

…e workflows

trust-gate fails a required check when an untrusted author touches core.
ci-label stamps ci: passing/failing on workflow_run completion. the
ui-screenshot-gate auto-closes ui prs opened without before/after
screenshots. auto-merge runs claude code verification on owner-labeled
prs and arms native auto-merge for non-core changes only.
idempotent gh-api script creates the auto-merge / ci status labels,
enables allow-auto-merge, and protects the target branch with the ci
matrix + trust-gate + claude-verify required checks and code-owner
review. owner runs it once after the workflows land.
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 157a005b-cd32-48f8-9fd8-5bb26058ea1d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/pr-auto-merge-bot

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added docs documentation, specs, examples, and repo guidance ci github actions and automation tests tests and fixtures size: L 500-999 changed non-doc lines labels Jul 16, 2026
@plind-junior plind-junior merged commit e159a89 into test Jul 16, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci github actions and automation docs documentation, specs, examples, and repo guidance size: L 500-999 changed non-doc lines tests tests and fixtures

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant