Add adversarial PR reviewer agent + claim verification skill #102
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Risk Scan — Gate | |
| on: | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize, reopened] | |
| paths: | |
| - "skills/**" | |
| - "agents/**" | |
| - "workflows/**" | |
| - "plugins/**" | |
| - "hooks/**" | |
| - "instructions/**" | |
| permissions: | |
| contents: read | |
| jobs: | |
| scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Collect changed files | |
| run: | | |
| git diff --name-only --diff-filter=ACMR "origin/${{ github.base_ref }}...HEAD" > changed-files.txt | |
| echo "Changed files:" | |
| cat changed-files.txt || true | |
| - name: Run PR risk scanner | |
| run: | | |
| mkdir -p pr-risk-results | |
| set +e | |
| node ./eng/pr-risk-scan.mjs \ | |
| --files changed-files.txt \ | |
| --output-json pr-risk-results/results.json \ | |
| --output-md pr-risk-results/report.md | |
| scan_exit_code=$? | |
| set -e | |
| if [ $scan_exit_code -ne 0 ]; then | |
| cat > pr-risk-results/results.json <<EOF | |
| { | |
| "generated_at": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")", | |
| "scanner_status": "error", | |
| "finding_count": 0, | |
| "severity_counts": { "high": 0, "medium": 0, "info": 0 }, | |
| "findings": [], | |
| "error": "Scanner failed. See workflow logs." | |
| } | |
| EOF | |
| cat > pr-risk-results/report.md <<'EOF' | |
| <!-- pr-risk-scan-results --> | |
| ## 🔒 PR Risk Scan Results | |
| Scanner execution failed for this run, so findings could not be generated. | |
| > This is a soft-gate report. Please inspect the workflow logs for diagnostics. | |
| EOF | |
| fi | |
| echo "$scan_exit_code" > pr-risk-results/scan-exit-code.txt | |
| - name: Save metadata | |
| run: | | |
| echo "${{ github.event.pull_request.number }}" > pr-risk-results/pr-number.txt | |
| - name: Upload scan artifact | |
| if: always() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 | |
| with: | |
| name: pr-risk-scan-results | |
| path: pr-risk-results/ | |
| retention-days: 1 |