[TEST] Add two-stage auto PR review with Claude (comment-only, no merge)#3801
[TEST] Add two-stage auto PR review with Claude (comment-only, no merge)#3801sekyondaMeta wants to merge 11 commits into
Conversation
- Stage 1 (claude-pr-review.yml): Captures PR number on PR open, no AI/secrets - Stage 2 (claude-pr-review-run.yml): Runs Claude review in protected bedrock environment with script-generated facts section and COMMENT-only output - Harden claude-code.yml with --allowedTools Skill (matches pytorch main repo) - Update pr-review skill: SECURITY block, COMMENT-only policy, advisory labels Security: Claude cannot merge, approve, push, or execute commands. Reviews are advisory COMMENT-only. Script-generated facts provide injection-resistant anchor.
🔗 Helpful Links🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/tutorials/3801
Note: Links to docs will display an error until the docs builds have been completed. ❗ 1 Active SEVsThere are 1 currently active SEVs. If your PR is affected, please view them below: ✅ No FailuresAs of commit a8cfbe2 with merge base a6be3f1 ( This comment was automatically generated by Dr. CI and updates every 15 minutes. |
…ermission - Remove lintrunner install + run (already handled by lintrunner.yml workflow) - Remove issues:write permission (only PR comments needed, not issue writes) - Keep id-token:write (required for AWS OIDC → Bedrock auth)
…al git diff, collapsible output - Checkout at exact PR head SHA so Claude reviews the actual changed code - Switch from gh pr diff (GitHub API) to local git diff - Workflow assembles final comment (facts + Claude analysis + footer) so Claude never touches the facts section (prompt injection defense) - Claude produces only its analysis, workflow posts via gh pr comment - Update SKILL.md output format to collapsible <details> blocks - Add CI auto-review mode instructions to SKILL.md - Preserve tutorials-specific fact checks (card entry, thumbnail, deps)
…nt jobs Address PR review feedback from ZainRizvi: 1. Split single 'review' job into two jobs: - analyze: runs Claude with pull-requests:read only, uploads artifacts - post-comment: downloads artifacts, posts comment with pull-requests:write (no Claude) 2. Trim SKILL.md noise — remove workflow file references, CI environment details, permissions tables, trigger mechanics. Deduplicate repeated instructions (COMMENT-only rule, CI output format, review areas). 292 → 175 lines. 3. Fix post-comment permissions — add contents:read for checkout step. 4. Fix execution file discovery — copy to known path (claude-execution.json) before upload instead of fragile find command with precedence bugs.
|
Hi @sekyondaMeta! Thank you for your pull request. We require contributors to sign our Contributor License Agreement, and yours needs attention. You currently have a record in our system, but the CLA is no longer valid, and will need to be resubmitted. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks! |
2 participants
Security: Claude cannot merge, approve, push, or execute commands. Reviews are advisory COMMENT-only. Script-generated facts provide injection-resistant anchor.