Skip to content

Bug: cmd_pr_lifecycle fast-path merges PRs with zero reviews — review-bot-gate never integrated #2839

Closed
#2842
Closed
Bug: cmd_pr_lifecycle fast-path merges PRs with zero reviews — review-bot-gate never integrated#2839
#2842
Assignees
alex-solovyev
Labels
status:doneTask is complete
@robstiles

Description

@robstiles
robstiles
opened on Mar 4, 2026

Description

The supervisor's cmd_pr_lifecycle function in deploy.sh has a fast-path that merges PRs when CI is green and zero review threads exist. It does NOT check whether any review (human or bot) has actually been posted. This resulted in 25 PRs being auto-merged to main with zero reviews, zero inline comments, and no human approval.

Root Cause

Primary bugdeploy.sh:350-356 (fast-path):

if [[ "$thread_count_fastpath" -eq 0 ]]; then
    log_info "Fast-path: CI green + zero review threads - skipping review_triage"
    cmd_transition "$task_id" "merging"  # <-- merges with no review check
fi

The fast-path checks for absence of objection (zero unresolved threads) but never checks for presence of approval (at least one review exists). A PR that no one has ever reviewed has zero threads and triggers the fast-path to merge.

Secondary bugreview-bot-gate-helper.sh exists with check, wait, and list commands but is NEVER called from any supervisor module. Zero references in deploy.sh, pulse.sh, or ai-lifecycle.sh. The script was built (per t1382) but never wired into the merge path.

Contrast with AI lifecycleai-lifecycle.sh:369-385 correctly gates on reviewDecision=APPROVED:

if [[ "$auto_merge_enabled" != "true" ]]; then
    if [[ "$current_review_decision" != "APPROVED" ]]; then
        log_info "merge blocked — human review required"
        return 0
    fi
fi

But the cmd_pr_lifecycle fast-path runs FIRST and merges before the AI lifecycle sees the PR.

Impact

25 PRs merged to a private repo's main branch with:

  • 0 human reviews
  • 0 bot reviews (CodeRabbit, Gemini Code Assist)
  • 0 inline comments
  • No /pr review run

These PRs included: race condition fixes, billing logic changes, security hardening (prompt injection defense), and concurrency guards. All high-risk changes that warranted review.

Expected Behavior

Before merging, cmd_pr_lifecycle should verify at least ONE of:

  1. reviewDecision == APPROVED (human approved)
  2. review-bot-gate-helper.sh check returns PASS (bot has posted)
  3. At least one review exists (even if not approved)

Zero reviews should mean "not yet reviewed" — not "clean to merge".

Suggested Fix

In deploy.sh:344-356, before the fast-path merge decision:

# Check that at least one review exists
local review_count
review_count=$(gh pr view "$pr_number_fastpath" --repo "$repo_slug_fastpath" \
    --json reviews --jq '.reviews | length' 2>/dev/null || echo "0")

if [[ "$review_count" -eq 0 ]]; then
    log_info "No reviews posted yet — waiting for review before merge"
    return 0  # Stay in pr_review state
fi

Or integrate review-bot-gate-helper.sh:

local gate_result
gate_result=$(~/.aidevops/agents/scripts/review-bot-gate-helper.sh check "$pr_number_fastpath" "$repo_slug_fastpath")
if [[ "$gate_result" == "WAITING" ]]; then
    log_info "Review bots haven't posted yet — waiting"
    return 0
fi

Additional Notes

  • Repo is on free GitHub (private) so branch protection rules are unavailable as a backup gate
  • The AGENTS.md documents "Before merging: run review-bot-gate-helper.sh check" but this is a prompt-level instruction, not enforced in code
  • The --skip-review-triage flag and SUPERVISOR_SKIP_REVIEW_TRIAGE env var bypass what little review checking exists

Environment

Metadata

Metadata

Assignees

Labels

status:doneTask is complete

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions