t2839: Fix cmd_pr_lifecycle fast-path merging PRs with zero reviews

[alex-solovyev]

Summary

• deploy.sh: Add review-existence gate before fast-path merge — uses review-bot-gate-helper.sh check (t1382) with gh pr view --json reviews fallback. PRs with zero reviews now stay in pr_review state instead of merging.
• pulse.md: Update merge criteria to explicitly require at least one review (human or bot) before merging. Add "zero reviews = skip this cycle" as a distinct case.

Root Cause

The fast-path at deploy.sh:350-356 checked for absence of objection (zero unresolved review threads) but never checked for presence of approval (at least one review exists). A PR that no one had ever reviewed had zero threads and triggered the fast-path to merge immediately.

The review-bot-gate-helper.sh script existed (built per t1382) but was never wired into the deploy.sh merge path or the pulse.md agent instructions.

Impact

25 PRs were auto-merged to a managed private repo's main branch with zero human reviews, zero bot reviews, and zero inline comments — including race condition fixes, billing logic, and security hardening.

What Changed

File	Change
.agents/scripts/supervisor-archived/deploy.sh	Added review-existence check before fast-path merge. Uses review-bot-gate-helper.sh check when available, falls back to gh pr view --json reviews count. Returns early (stays in pr_review) when zero reviews exist.
.agents/scripts/commands/pulse.md	Updated merge criteria from "Green CI + no blocking reviews" to "Green CI + at least one review posted + no blocking reviews". Added explicit "zero reviews = skip" case.

Verification

• ShellCheck: zero violations on deploy.sh
• Logic: the new gate runs before the existing thread-count check, so the fast-path now requires: (1) at least one review exists, AND (2) zero unresolved threads, AND (3) CI green

Closes #2839

Summary by CodeRabbit

• Chores
  • Merge gating now requires Green CI + at least one review (human or bot) and no blocking reviews.
  • A bot gate can also grant PASS on its own, allowing merge without a formal review.
  • PRs with zero formal reviews are skipped and retried later; review bots typically post within a few minutes.
  • A SKIP label bypasses the bot gate only (does not reduce required review count).
  • Triage records and merge decisions now surface the review-gate result.

[coderabbitai]

Warning

Rate limit exceeded

@alex-solovyev has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 53 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 320c74cc-a8ef-4d2c-8106-abce2dedbf17

📥 Commits

Reviewing files that changed from the base of the PR and between 907a92d and 2713e45.

📒 Files selected for processing (2)

• .agents/scripts/commands/pulse.md
• .agents/scripts/supervisor-archived/deploy.sh

Walkthrough

Integrated a pre-merge review gate into the supervisor fast-path: require at least one posted review (human or bot) or a PASS from the review-bot helper before merging; if no reviews exist the supervisor records review_gate=WAITING, logs the state, and defers merging.

Changes

Cohort / File(s)	Summary
Pulse docs .agents/scripts/commands/pulse.md	Updated merge gating rules: "Green CI + at least one review posted + no blocking reviews"; added gh pr view --json reviews guidance, review-bot-gate-helper.sh notes, and defined "Green CI + zero reviews" behavior (skip cycle).
Supervisor fast-path & triage persistence .agents/scripts/supervisor-archived/deploy.sh	Added review_gate computation using gh pr view and optional review-bot-gate-helper.sh; block/WAIT when gate is WAITING, log timing, and persist review_gate in triage JSON; adjusted fast-path messaging and merge decision flow to require review presence or bot PASS.

Sequence Diagram(s)

sequenceDiagram
    participant Supervisor
    participant GH as "GitHub API (gh)"
    participant ReviewBot as "review-bot-gate-helper.sh"
    participant DB as "Triage DB"

    Supervisor->>GH: gh pr view <n> --json reviews
    alt reviews.length > 0
        GH-->>Supervisor: reviews present
        Supervisor->>DB: persist review_gate = PASS
        Supervisor->>Supervisor: proceed with fast-path merge
    else reviews.length == 0
        Supervisor->>ReviewBot: optional helper check <n>
        alt ReviewBot == PASS
            ReviewBot-->>Supervisor: PASS
            Supervisor->>DB: persist review_gate = PASS
            Supervisor->>Supervisor: proceed with fast-path merge
        else ReviewBot == WAITING
            ReviewBot-->>Supervisor: WAITING
            Supervisor->>DB: persist review_gate = WAITING
            Supervisor-->>Supervisor: log and defer (skip cycle)
        end
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• t1382: Enforce wait-for-review-bots gate before PR merge #2739: Implements a pre-merge review gate using gh pr view and the review-bot-gate-helper flow (PASS/WAITING/SKIP), closely matching this change.

Poem

A little gate now watches the line,
Waiting for someone — bot or human — to sign.
If silence persists, the pulse will wait,
Until a tiny review unlocks the gate. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main fix: preventing fast-path merging of PRs with zero reviews, directly addressing the core issue #2839.
Linked Issues check	✅ Passed	Changes comprehensively address all coding requirements from #2839: integrate review gate before fast-path merge, add zero-review check via gh pr view, use review-bot-gate-helper.sh when available, and ensure PRs with zero reviews stay in pr_review state.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to issue #2839: pulse.md documents updated merge criteria, deploy.sh implements the review gate fast-path fix with zero additional scope.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/review-gate-fastpath

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 107 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Mar 4 17:44:20 UTC 2026: Code review monitoring started
Wed Mar 4 17:44:20 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 107

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 107
• VULNERABILITIES: 0

Generated on: Wed Mar 4 17:44:23 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical flaw in the automated merge process where pull requests could be fast-path merged without any prior reviews. The changes introduce a necessary check to validate the presence of at least one review, thereby enhancing code quality and preventing unreviewed code from reaching the main branch. This ensures that all merged code has undergone at least a basic level of scrutiny, improving the robustness of the deployment pipeline.

Highlights

• Fast-path Merge Logic Update: Implemented a new gate in deploy.sh to ensure at least one review exists before a pull request can be fast-path merged. This prevents PRs with zero reviews from being automatically merged.
• Updated Merge Criteria Documentation: Modified pulse.md to explicitly state that PRs require at least one review (human or bot) before merging, and clarified that PRs with zero reviews will be skipped for the current cycle.

Changelog

• .agents/scripts/commands/pulse.md
  • Updated merge criteria to explicitly require at least one review (human or bot) for maintainer PRs.
  • Added a new condition to skip PRs with green CI but zero reviews, deferring them to the next pulse cycle.
  • Included instructions for using review-bot-gate-helper.sh or gh pr view to check for review existence.
• .agents/scripts/supervisor-archived/deploy.sh
  • Introduced a review existence check before the fast-path merge logic.
  • Integrated review-bot-gate-helper.sh for review checks, with a fallback to gh pr view --json reviews if the helper script is unavailable.
  • Added logic to block fast-path merging and keep the PR in pr_review state if no reviews are found.
  • Updated log messages and the database triage_result to reflect the new review gate status.

Activity

• No human activity has occurred on this pull request yet, as it has just been created.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/scripts/commands/pulse.md:
- Around line 118-119: Update the policy text to clarify that
`review-bot-gate-helper.sh check <number> <slug>` returning `WAITING` does not
imply zero human reviews and therefore should not be treated as an automatic
skip; instruct readers to, when `WAITING` is returned, explicitly verify reviews
by running `gh pr view <number> --repo <slug> --json reviews --jq '.reviews |
length'` (or otherwise check for at least one human or bot review) before
skipping a PR, and replace the current wording that equates `WAITING` with zero
reviews with this corrected guidance referencing `review-bot-gate-helper.sh
check`, `WAITING`, and the `gh pr view ... --jq '.reviews | length'` check.

In @.agents/scripts/supervisor-archived/deploy.sh:
- Around line 352-384: The helper check treats a "WAITING" result from
review_bot_gate_script as "no reviews" which blocks PRs even when humans
reviewed; modify the logic around review_bot_gate_script and review_gate_result
so that if the helper exists but returns "WAITING" you fall back to counting
human reviews (reuse the gh pr view block used in the else branch) and set
review_gate_result="PASS" when review_count_fastpath > 0; ensure this change
updates the same variables used later (review_gate_result,
review_count_fastpath) and does not remove the existing fallback path used when
the helper is absent; references: review_bot_gate_script, review_gate_result,
pr_number_fastpath, repo_slug_fastpath, review_count_fastpath,
check_review_threads, thread_count_fastpath.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a640ed4a-8aca-44d0-b466-c7c8c111766c

📥 Commits

Reviewing files that changed from the base of the PR and between 55b249c and e13ad5f.

📒 Files selected for processing (2)

• .agents/scripts/commands/pulse.md
• .agents/scripts/supervisor-archived/deploy.sh

[gemini-code-assist]

Code Review

This pull request addresses a critical bug that allowed pull requests to be merged without reviews by introducing a review-existence gate in deploy.sh and updating pulse.md. While the core logic is sound, a high-severity SQL injection vulnerability was identified in how the review gate result is stored in the database. My feedback includes suggestions for improving robustness and maintainability by using parameterized queries for SQL and jq --argjson for safer JSON construction, avoiding error suppression, and a minor refinement to the markdown file for better readability.

[gemini-code-assist]

The updated instructions are a bit difficult to parse due to the first bullet point being very long and containing information that is repeated in the second bullet point. For better readability and to avoid redundancy, I suggest restructuring this section to clearly separate the merge rule from the implementation details of the check.

Suggested change

	- **Green CI + at least one review posted + no blocking reviews** → merge: `gh pr merge <number> --repo <slug> --squash`. If the PR resolves an issue, the issue should be closed with a comment linking to the merged PR. **CRITICAL (t2839): Zero reviews means "not yet reviewed", NOT "clean to merge".** Before merging, verify at least one review exists (human or bot). Check with `review-bot-gate-helper.sh check <number> <slug>` — if it returns `WAITING`, skip the PR this cycle. If the script is unavailable, check `gh pr view <number> --repo <slug> --json reviews --jq '.reviews | length'` — if 0, skip. A PR with green CI but zero reviews should be left for the next pulse cycle, not merged.
	- **Green CI + zero reviews** → skip this cycle. Review bots typically post within 2-5 minutes. The next pulse will pick it up once a review exists.
	- **Green CI + at least one review posted + no blocking reviews** → merge: `gh pr merge <number> --repo <slug> --squash`. If the PR resolves an issue, the issue should be closed with a comment linking to the merged PR.
	- **CRITICAL (t2839):** Before merging, verify at least one review exists. Use `review-bot-gate-helper.sh check <number> <slug>`. If it returns `WAITING`, the PR has zero reviews. As a fallback, check if `gh pr view <number> --repo <slug> --json reviews --jq '.reviews | length'` is `0`.
	- **Green CI + zero reviews** → skip this cycle. Zero reviews means "not yet reviewed", NOT "clean to merge". Review bots typically post within 2-5 minutes. The next pulse will pick it up.

[gemini-code-assist]

Suppressing stderr with 2>/dev/null prevents visibility into potential failures within the review-bot-gate-helper.sh script, such as authentication issues or unexpected errors. While the command correctly falls back to WAITING, logging the actual error would significantly aid in debugging. Please remove the stderr redirection to allow errors to be logged.

Suggested change

	review_gate_result=$("$review_bot_gate_script" check "$pr_number_fastpath" "$repo_slug_fastpath" 2>/dev/null) || review_gate_result="WAITING"
	review_gate_result=$("$review_bot_gate_script" check "$pr_number_fastpath" "$repo_slug_fastpath") || review_gate_result="WAITING"

References

1. Avoid using '2>/dev/null' for blanket suppression of command errors in shell scripts to ensure that authentication, syntax, or system issues remain visible for debugging.

[gemini-code-assist]

The use of 2>/dev/null here hides potential errors from the gh command, such as authentication failures, network issues, or invalid repository slugs. Although the command falls back to 0, the underlying reason for the failure is lost, making debugging difficult. It's better to let stderr be printed to the logs.

Suggested change

	review_count_fastpath=$(gh pr view "$pr_number_fastpath" --repo "$repo_slug_fastpath" \
	--json reviews --jq '.reviews | length' 2>/dev/null || echo "0")
	review_count_fastpath=$(gh pr view "$pr_number_fastpath" --repo "$repo_slug_fastpath" \
	--json reviews --jq '.reviews | length' || echo "0")

References

1. Avoid using '2>/dev/null' for blanket suppression of command errors in shell scripts to ensure that authentication, syntax, or system issues remain visible for debugging.

[gemini-code-assist]

Suppressing stderr for record_lifecycle_timing can hide errors related to the monitoring and metrics pipeline. While || true correctly prevents the script from exiting on failure, allowing errors to be logged is crucial for diagnosing issues with timing recordings. Please remove the 2>/dev/null.

Suggested change

	record_lifecycle_timing "$task_id" "$stage_timings" 2>/dev/null || true
	record_lifecycle_timing "$task_id" "$stage_timings" || true

References

1. Avoid using '2>/dev/null' for blanket suppression of command errors in shell scripts to ensure that authentication, syntax, or system issues remain visible for debugging.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 107 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Mar 4 19:26:25 UTC 2026: Code review monitoring started
Wed Mar 4 19:26:26 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 107

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 107
• VULNERABILITIES: 0

Generated on: Wed Mar 4 19:26:28 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/scripts/supervisor-archived/deploy.sh:
- Around line 365-367: The current conditional treats bot_gate_result=="SKIP" as
a PASS which bypasses the zero-review check; update the conditional so only an
explicit "PASS" sets review_gate_result="PASS" (i.e., change the if that checks
bot_gate_result to only match "PASS" and not "SKIP"), and ensure the subsequent
branch continues to evaluate review_count_fastpath and the logic in
review-bot-gate-helper.sh for SKIP separately; reference the variables
bot_gate_result, review_gate_result and review_count_fastpath so you remove SKIP
from the PASS branch and add/maintain a distinct handling path for SKIP that
does not auto-pass the zero-review gate.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d293a8b3-0df9-4386-a32f-46d0257f5579

📥 Commits

Reviewing files that changed from the base of the PR and between e13ad5f and 84838d2.

📒 Files selected for processing (2)

• .agents/scripts/commands/pulse.md
• .agents/scripts/supervisor-archived/deploy.sh

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 107 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Mar 4 20:19:09 UTC 2026: Code review monitoring started
Wed Mar 4 20:19:09 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 107

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 107
• VULNERABILITIES: 0

Generated on: Wed Mar 4 20:19:12 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 107 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Mar 4 20:24:41 UTC 2026: Code review monitoring started
Wed Mar 4 20:24:42 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 107

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 107
• VULNERABILITIES: 0

Generated on: Wed Mar 4 20:24:44 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[alex-solovyev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.