fix: improve expert review workflow with adversarial consensus fixes#35220
Closed
fix: improve expert review workflow with adversarial consensus fixes#35220
Conversation
Port improvements validated on dotnet/maui-labs PR #167: - Fix safe-outputs: max:50 inline (was 30), max:2 comments (was 5), add target:"*" on all outputs for workflow_dispatch support - Add 2-reviewer mode gate for graceful degradation when a model fails - Fix severity rules: 3/3 uses highest severity, 2/3 same-severity keeps original (prevents lenient reviewer burying critical findings) - Add post-consensus-zero exit path for discarded-findings summary - Add submit failure fallback (includes findings in summary comment) - Add add_comment budget warning (exactly ONE call per review) - Add pull_request_number requirement for target:"*" safe-outputs - Add batch-split exception for large-diff single-reviewer findings - Add follow-up response warning (internal data, never post) - Restructure Step 4 into Part A (inline) + Part B (lean summary) - Fix role name: maintainer → maintain (correct GitHub role) - Add TODO for gh-aw upgrade path once #28767 is fixed - Use emoji severity labels (consistent with agent output) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://github.com/dotnet/maui/main/eng/scripts/get-maui-pr.sh | bash -s -- 35220Or
iex "& { $(irm https://github.com/dotnet/maui/main/eng/scripts/get-maui-pr.ps1) } 35220" |
Contributor
There was a problem hiding this comment.
Pull request overview
Ports workflow hardening and adversarial-consensus logic improvements into the Expert Code Review gh-aw workflow, primarily by updating the shared orchestration prompt/config and recompiling the lock file.
Changes:
- Harden safe-outputs configuration (limits/targets) and restructure Step 4 into inline comments + lean summary guidance.
- Refine consensus rules (2-reviewer fallback behavior, severity handling, post-consensus-zero handling, and submit failure fallback).
- Fix the configured GitHub role name (
maintainer→maintain) and update the compiled.lock.ymlaccordingly.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/shared/review-shared.md |
Updates shared gh-aw config + reviewer orchestration instructions (safe-outputs, consensus rules, posting flow). |
.github/workflows/review.agent.md |
Fixes the role name used for workflow gating (maintain). |
.github/workflows/review.agent.lock.yml |
Regenerated lock file reflecting the shared/workflow changes (safe-outputs config, roles, hashes). |
| target: "*" | ||
| add-comment: | ||
| max: 5 | ||
| max: 2 |
There was a problem hiding this comment.
The safe-output config allows add-comment up to 2 times (max: 2), but the workflow instructions below explicitly require exactly ONE add_comment call per run. To better enforce the intended blast-radius cap and avoid duplicate summaries if the agent makes a mistake, consider setting add-comment.max to 1.
Suggested change
| max: 2 | |
| max: 1 |
The 116-line PowerShell script was redundant for workflow_dispatch: - Fork checks: workflow_dispatch already requires write access - Permission checks: roles: config already gates access - The essential checkout + restore is ~5 lines of bash Replace with inline bash in review-shared.md and copilot-evaluate-tests.md. Update gh-aw-workflows.instructions.md to reflect the change. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- add-comment.max: 2 → 1 to match exactly-ONE instruction (3/3 consensus) - Make .github/ restore fatal in copilot-evaluate-tests.md (2/3 consensus) - Add fork guard before skill re-overlay in review-shared.md (2/3 after follow-up) - Add re-overlay documentation note in gh-aw-workflows.instructions.md (2/3 consensus) - Clarify 2-reviewer discards must appear in summary (2/3 after follow-up) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Make .github/ restore fatal in review-shared.md (was non-fatal, 3/3 🔴) - Restore .agents/ alongside .github/ in all checkout steps + docs (3/3 🟡) - Combine two gh pr view calls into one atomic API call (3/3 🟢) - Remove dead github.event.pull_request.number expression (3/3 🟢) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…e skill) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
.agents/ doesn't exist in this repo yet, so combining both in one git checkout fails with 'pathspec did not match'. Split into: - .github/ restore: fatal (must succeed) - .agents/ restore: soft fallback (may not exist) Matches the gh-aw guide's recommended pattern. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The review agent reads code via MCP tools (GitHub API), not from the filesystem. No checkout needed — matches maui-labs approach. Keep only the workflow-start-time step for the time budget feature. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Remove checkout step (agent reads PR via MCP tools, not filesystem) - Add roles: [admin, maintain, write] (was missing) - Fix cancel-in-progress: true → false (slash_command best practice) - Update prompt to reference MCP tools instead of local files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add resolve-pull-request-review-thread safe-output (max: 50) and instruct the agent to resolve all github-actions[bot] review threads before posting new findings. Prevents stale findings from previous runs cluttering the PR. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The agent container has no gh CLI credentials, so it can't query GraphQL for thread node IDs. Move the query to a pre-agent step that writes .prior-review-thread-ids, then instruct the agent to read that file and resolve each thread via safe-output tool. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
resolve_pull_request_review_thread needs pull-requests: write on the safe_outputs job, but the compiler doesn't grant it. Added to the TODO list for when gh-aw#28767 is fixed and we can upgrade. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
PureWeen
added a commit
that referenced
this pull request
Apr 30, 2026
<!-- Please let the below note in for people that find this PR --> > [!NOTE] > Are you waiting for the changes in this PR to be merged? > It would be very helpful if you could [test the resulting artifacts](https://github.com/dotnet/maui/wiki/Testing-PR-Builds) from this PR and let us know in a comment if this change resolves your issue. Thank you! ## Description Removes the Expert Code Review (`/review`) gh-aw workflow. Will be re-added with improvements from PR #35220. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Are you waiting for the changes in this PR to be merged?
It would be very helpful if you could test the resulting artifacts from this PR and let us know in a comment if this change resolves your issue. Thank you!
Description
Ports validated improvements from dotnet/maui-labs PR #167 to the expert review workflow, and removes unnecessary PowerShell scripts.
Changes
Safe-output hardening:
create-pull-request-review-comment:max: 30→max: 50, addtarget: "*"for workflow_dispatchsubmit-pull-request-review: addtarget: "*"add-comment:max: 5→max: 2(blast-radius cap — only need 1 summary call)Adversarial consensus improvements:
Structural improvements:
pull_request_numberalways passed fortarget: "*"outputsScript removal:
Checkout-GhAwPr.ps1(116 lines) — fork/permission checks were redundant forworkflow_dispatch(already write-gated by GitHub +roles:config). Essential checkout + restore inlined as ~5 lines of bash in both review-shared.md and copilot-evaluate-tests.mdgh-aw-workflows.instructions.mdto reflect inline patternFixes:
roles: [admin, maintainer, write]→[admin, maintain, write](correct GitHub role name)Testing