custom-fix-reviews

name: custom-fix-reviews description: Triage and fix bot review feedback (Sourcery, Greptile) from a specific PR, recently merged PRs, or the #ai-code-review Slack channel. Asks at startup which source to use. disable-model-invocation: true argument-hint: [pr-number] allowed-tools: Bash, Read, Edit, Write, Grep, Glob, TodoWrite, AskUserQuestion

Fix Reviews

Triage AI bot review comments (Sourcery, Greptile) and apply valid fixes. Three intake modes:

• Specific PR — fix bot comments on one PR (the user supplies the number, or this skill is invoked with a PR number argument)
• Recent merged PRs — auto-scan recently merged dev PRs for unaddressed bot comments
• Slack channel — scan #ai-code-review for unaddressed bot posts and reply in-thread when done

Supersedes the previous custom-fix-pr-review, custom-fix-ai-suggestions, and custom-process-reviews skills (consolidated 2026-05-02).

Constants

• Repo: nickcjordan/surfaced-art
• Base branch: dev
• Bot logins: sourcery-ai[bot], greptile-apps[bot]
• Slack channel ID: C0AJEPV0SNM (#ai-code-review)
• Slack bot ID: B0AHVEU97RR (Surfaced Art Releases)

Inputs

$ARGUMENTS — optional:

• A PR number (123 / #123) → skip the source question, go directly to single-PR mode for that PR
• Empty → ask for source via AskUserQuestion
• --dry-run → only meaningful in Slack mode (scan + triage, no fixes, no Slack replies). Ignored in single-PR mode and recent-merged mode — those always proceed to fix.
• --dry-run combined with a PR number is an invalid combination. If both appear, treat the PR number as authoritative (single-PR mode, ignore --dry-run) and warn the user once at the top of the run that --dry-run was ignored.

Phase 0 — Pick the source

If the argument is a PR number, treat as single-PR mode and skip this phase.

Otherwise use AskUserQuestion:

"Which source for review fixes?"

• Specific PR — I'll ask for the number next.
• Recent merged PRs — auto-scan recent dev merges for unaddressed bot comments and batch-fix them.
• Slack #ai-code-review — scan for unaddressed bot posts and reply in-thread when done.

Branch on the answer:

• Specific PR → ask for the PR number, then run Phase A.
• Recent merged → run Phase B.
• Slack → run Phase C.

Phase A — Specific PR

A1. Fetch PR + bot comments

gh pr view <PR> --json title,body,headRefName,baseRefName,state,merged,url

Then fetch bot review comments and review bodies in parallel:

gh api repos/nickcjordan/surfaced-art/pulls/<PR>/comments \
  --jq '.[] | select(.user.login | test("sourcery-ai|greptile-apps")) | {user: .user.login, path: .path, line: .line, body: .body, html_url: .html_url}'

gh api repos/nickcjordan/surfaced-art/pulls/<PR>/reviews \
  --jq '.[] | select(.user.type == "Bot") | {user: .user.login, state: .state, body: .body}'

A2. Triage and fix

ADR consultation (required before applying any fix): Read docs/decisions/README.md. For each bot comment, if the suggested change touches a domain covered by an ADR (infra, deployment, auth, data model, email, tests, payments, brand, pricing, workflow, product policy, security), Read the full ADR body. If the reviewer's suggestion contradicts an ADR, the response must (a) cite the ADR neutrally — "this codebase follows ADR-NNN, which decided X for reasons Y," not "you're wrong" — and (b) offer a concrete compliant alternative that addresses the reviewer's underlying concern (or propose superseding the ADR with rationale if no compliant alternative exists). Never silently apply a change that violates an ADR.

Each fix-response decision logged here must include a ADRs consulted: ADR-NNN (or: none relevant) (index read at A2; domains checked: <list>) line in the fix report.

Use the Triage Rubric (shared section below). For each fix, follow the Fix Workflow for the PR's state:

• Merged: read code from dev (git show dev:<path>), fix on a batch branch (Path A in shared workflow).
• Open: checkout the PR branch, fix there, push commits to it (Path B).
• Closed without merge: all findings not applicable, report and stop.

Decision capture (after triage, before the report): Look at the triaged findings as a set — does any reveal a wrong or missing decision rather than a one-off fix? Triggers:

• the same issue recurs across ≥2 files (a pattern, not an instance),
• a fix contradicts or meaningfully extends an existing ADR,
• the bot keeps flagging the same class across runs.

If any trigger fires, invoke Skill("log-adr") with the finding as the candidate (pass → the ADR ships in this batch PR; fail → it logs an auditable rejection). This is how a review finding that invalidates a decision reaches the decision store instead of dying in a PR body (audit F1 / ADR-first feedback loop). Always record the outcome as a Decision capture: ADR-NNN / none (<reason>) line in the A3 report — so the absence of a captured decision is auditable too.

A3. Report

Print what was fixed, what was skipped (with reasoning), and the PR/commit links.

Phase B — Recent merged PRs

B1. Discover

gh pr list --repo nickcjordan/surfaced-art --state merged --base dev --limit 30 --json number,title,mergedAt,headRefName,url

gh pr list --repo nickcjordan/surfaced-art --state open --base dev --json number,title,headRefName,url

For each PR, fetch bot inline comments in parallel:

gh api repos/nickcjordan/surfaced-art/pulls/<PR>/comments \
  --jq '[.[] | select(.user.login | test("sourcery-ai|greptile")) | {user: .user.login, path: .path, line: .line, body: .body, html_url: .html_url}]'

Filter to PRs with at least one actionable bot inline comment.

B2. Skip already-addressed PRs

Find the most recent batch fix PR by title pattern fix: address AI code review findings (batch YYYY-MM-DD). PRs merged before that batch's merge date are already addressed — skip them.

If zero unaddressed PRs remain → print "No unaddressed AI review findings." and stop.

B3. Triage and fix

Use the Triage Rubric. For each PR:

• Merged → batch branch (Path A)
• Open → push to PR branch (Path B)

B4. Open the batch PR (Path A only)

If any merged-PR fixes landed on the batch branch:

gh pr create --base dev --title "fix: address AI code review findings (batch YYYY-MM-DD)" \
  --body "$(cat <<'EOF'
## Summary
Batch fix addressing AI code review findings from recent dev merges.

## Fixes Applied
| File | Issue | Source | Commit |
|------|-------|--------|--------|

## Skipped (with reasoning)
| File | Issue | Reason |
|------|-------|--------|

## Source Reviews
- PR #NNN: <link>
EOF
)"

If no merged-PR fixes landed, do NOT create an empty PR.

B5. Report

Print PRs scanned, PRs already addressed, PRs processed this run, fixes applied to merged vs open, batch PR link, findings skipped by reason.

Phase C — Slack channel scan

C1. Read messages

Use slack_read_channel on C0AJEPV0SNM. Filter to:

• Sender is bot B0AHVEU97RR
• Text contains :robot_face: AI Review:
• Not join/leave / integration messages

C2. Filter to unaddressed

For each filtered message, use slack_read_thread:

• Zero replies, or only bot replies → unaddressed
• Has a human reply → already addressed, skip

C3. Extract per message

• PR number from header (PR #(\d+))
• Tool name (sourcery-ai / greptile-apps)
• Message timestamp (ts) for thread replies
• Whether it has inline comments (backtick file paths in body)

Create a TodoWrite list with one entry per unaddressed message.

C4. Fetch full review details from GitHub

For each unique PR number from C3, run the same two gh api calls as Phase A.A1 to get full bot comments and review bodies.

C5. Triage and fix

Use the Triage Rubric. Always read code from dev for Slack-mode fixes (not from PR branches — PR branches may be deleted; the canonical state is dev).

If --dry-run was specified: print the triage table and stop. No code changes, no Slack replies.

Otherwise, batch all actionable findings into a single fix/ai-review-batch-YYYY-MM-DD branch via Path A. Open one batch PR (Phase B.B4 format).

C6. Slack thread replies

For every Slack message processed, post a thread reply via slack_send_message with thread_ts set to the message's ts and channel C0AJEPV0SNM. Reply format depends on outcome:

Fixes applied:

Addressed in

Fixed:

• file.ts — description (commit sha)

Skipped:

• file.ts — reason

All findings stale or already on dev:

All findings already addressed on dev.

No actionable bugs (style/info only):

Reviewed — no actionable bugs found.

PR closed without merging:

PR was closed without merging — findings not applicable to dev.

Fix attempted but reverted:

Partially addressed in

Fixed:

• file.ts — description (commit sha)

Reverted (needs manual review):

• file.ts — fix caused build failure

Summary-only review (no inline comments):

No inline comments in this review — nothing to address.

C7. Report

Print Slack messages scanned, already-addressed (skipped), processed this run, findings breakdown (actionable vs skipped), commits made, PR link, any reverted fixes.

Shared: Triage Rubric

For each finding, classify as one of:

When two bots flag the same file within ~10 lines, deduplicate into a single fix item; track which tools flagged it.

Shared: Fix Workflow

Path A — Merged-PR fixes (batch branch)

1. Workspace prep — claim a slot atomically (Phase 0). This skill creates a feature branch and runs quality gates, so it needs a dedicated slot. Defer Phase 0 until after Phase A produces at least one actionable fix item (no actionable items → exit without claiming).

   Determine current location:

   git rev-parse --show-toplevel
   

   • In the main repo → claim a slot via the --branch override (no SUR-ID for batch fixes):
     1. Run npm run wt:create -- --branch fix/ai-review-batch-YYYY-MM-DD (replace YYYY-MM-DD with today's date).
     2. If wt:create fails (no slots available), STOP and direct the user to npm run wt:status / npm run wt:cleanup --force-release.
     3. Parse the slot path AND WT_SESSION_ID=<uuid> from the output. Save the session id for the release in the final step.
     4. Call EnterWorktree with path=<slot-path>. The slot is on the fresh branch with .env synced and npm install already run if needed.
     5. The batch branch is created by wt:create — skip steps 2 and 3 below.
   • Already in a slot for THIS batch task → continue without re-claiming. Check .wt-reservation.json matches the expected branch; if it's for a different task, STOP and re-invoke from main.

2. (Subsumed by step 1's wt:create.)

3. (Branch creation subsumed by step 1's wt:create via --branch.)

4. For each fix:

   • Read the affected file(s)
   • Implement the change
   • Add or update tests if behavior changed
   • Look for the same pattern elsewhere in the file or codebase
   • Stage only the changed files by name
   • Commit per finding: fix(<scope>): <description>
   • Scope is derived from path: api, web, scripts, db, types, ci, infra
   • No Co-Authored-By lines

5. Run all four quality gates:

   npm run test
   

   npm run lint
   

   npm run typecheck
   

   npm run build
   

   If any fail, fix the root cause and re-run all four. If a fix is non-trivial, git revert the offending commit, re-run gates, and note the revert in the PR body.

6. Push:

   git push -u origin <branch>
   

7. Open the batch PR (see Phase B.B4 format).

8. Release the slot. PR is open — the slot is no longer needed. Pass the WT_SESSION_ID captured in step 1:

   WT_SESSION_ID=<id-from-step-1> npm --prefix /c/dev/src/surfaced-art run wt:release <slot-path>
   

   Then call ExitWorktree to return the session to the main repo.

Path B — Open-PR fixes (push to the PR branch)

Parallel-session note: Path B operates on an existing PR branch and modifies the current worktree's checkout (git checkout <pr-branch>). Run Path B from the main repo only, not from a slot. If multiple Claude sessions need to do Path B on different PRs simultaneously, the operator should serialize them — Path B is not slot-claimable because the branch already exists on remote.

1. Checkout the PR branch:

   git fetch origin <pr-branch>
   

   git checkout <pr-branch>
   

2. For each fix on this branch:

   • Same per-fix steps as Path A, step 3
   • Stage only the changed files
   • Commit per finding: fix(<scope>): <description> (no Co-Authored-By)

3. Run all four quality gates (same as Path A.4).

4. Push to the PR branch:

   git push origin <pr-branch>
   

Repeat for each open PR with actionable fixes.

Safety Rules

• No Co-Authored-By in commit messages — per project MEMORY.
• Stage only changed files — never git add -A or git add . (might pull in .env, secrets).
• Read merged-PR code from dev, not from possibly-deleted PR branches.
• Branch name collision → append -2, -3, etc.
• No empty PRs — if every finding turned out skipped/stale, do not create a batch PR. Just report.
• Dry-run is Slack-only — Phase A and B always proceed to fix when invoked.

Edge Cases

• Zero bot comments anywhere → print summary and stop after discovery.
• All findings stale or already fixed → print summary, no PR created.
• Quality gate fails on a non-trivial fix → git revert <commit>, re-run gates, note the revert in the PR body and (Slack mode) in the thread reply.
• PR closed without merge (Phase A) → all findings not applicable, report and stop.
• Multiple Slack messages for the same PR (both Sourcery and Greptile post; Greptile sometimes posts twice) → group by PR for the GitHub fetch, but reply to each Slack message individually with only that tool's findings.
• Bot review with no inline comments (summary-only) → reply "No inline comments — nothing to address." in Slack mode; in PR mode, report and stop.
• PR hasn't been merged to dev yet but findings reference dev code → note in reply and skip; the findings will be re-checkable after merge.