# Template: review a PR Copy, fill the `<...>` fields, and paste as the task prompt. ```text Task: review PR # for issue #. Repo name disambiguation (Gitea-Tools blind review hardening): - "Gitea-Tools", "gitea tool", "MCP Gitea tool", "gitea MCP tool", "gitea-tools repo" → MUST resolve to `Scaled-Tech-Consulting/Gitea-Tools` (never treat as mcp-control-plane). - "mcp-control-plane", "mcp control plane" → only `Scaled-Tech-Consulting/mcp-control-plane`. - If user says "open PRs", "the queue", "MCP Gitea tooling" without explicit repo, or reference is ambiguous: check BOTH configured repos: `Scaled-Tech-Consulting/Gitea-Tools` and `Scaled-Tech-Consulting/mcp-control-plane`. - In the final report, always state exactly which repo(s) were checked. If only one was checked: explicitly say "Only was checked. Other configured repos were not checked. This is not a complete queue inventory." - A single-repo "no open PRs" result MUST NOT be reported as global "no open PRs" if the other configured repo was not inventoried. - PR inventory trust gate (#196): before reporting "no open PRs" or "queue empty", the workflow must run `pr_inventory_trust_gate` (via the live inventory path or `review_proofs.assess_reviewer_queue_inventory`). Only `trusted_empty` allows a clean empty-queue stop. Report `pr_inventory_trust_gate.status`, reasons, and corroboration in the final report. A bare `[]` from `gitea_list_prs` is never sufficient proof. - Empty-queue report wall (#198): if the final report claims "no open PRs", "queue empty", or "nothing to review", it must include verbatim: `pr_inventory_trust_gate.status`, trust-gate reasons, corroboration, remote/owner/repo/state filter, and the inventory MCP profile. A recent merge commit is not valid corroboration. Author-bound sessions must not present reviewer queue inventory as a reviewer decision. If the PR queue is empty, look at approvals, or issues next. Load the canonical workflow first: `skills/llm-project-workflow/workflows/review-merge-pr.md` (task mode: review-merge-pr). Final report schema: `schemas/review-merge-final-report.md`. Rules (llm-project-workflow): - Repository targeting (#530): pass explicit `remote=`, `org=`, and `repo=` on every gitea-tools call (e.g. `remote=prgs org=Scaled-Tech-Consulting repo=Gitea-Tools`). A bare `remote=prgs` can resolve to the wrong default repo and is blocked when it disagrees with the local git remote URL. - Review in a SEPARATE detached review worktree, never the author's folder. - Worktree safety (#233): before checkout, diff, validation, review, or merge, report the starting worktree path and whether it was dirty. If unrelated tracked files exist outside the PR scope, STOP or run `scripts/worktree-review ` and validate in the scratch path. Scratch-clone validation is the norm; tests must not assume the shared development worktree or a repo-local ``venv/`` (#245). NEVER run `git stash`, `git stash pop/drop`, `git checkout --`, `git reset`, or `git clean` to manage another session's dirty files. - Final report must state: Worktree path, Worktree dirty (yes/no), Scratch worktree used (yes/no + path if yes), and confirm no unrelated local files were modified, stashed, reset, or dropped. - You must NOT be the PR author. If the authenticated user == PR author, stop. A different LLM-Agent-SHA does NOT make you a different actor — only a different authenticated Gitea user does (docs/llm-agent-sha.md). - Do not pivot from a reviewer queue task into author implementation unless the operator explicitly retasks the run. If author namespace was used, the final report must justify why; author mutations after reviewer queue work without explicit authorization are a role-boundary violation. - Do not merge if any check fails. Steps: 1. Identity Checklist: Before claiming/working on review, verify and state: - Required identity/profile for this task: reviewer (allowed to review/approve/request_changes) - Current authenticated identity (from whoami): - Target task role: reviewer identity (must NOT be the PR author) *If the current identity does not match the required role (or is the PR author), STOP. Relaunch/switch to the correct profile first.* 2. Verify your authenticated identity (whoami) and the active profile. Capability evidence (#179): cite the exact gitea_resolve_task_capability output (or runtime context) for review_pr (and merge_pr if merging later); a bare "capability checks passed" claim is downgraded. Stay in the reviewer namespace: any author-namespace call must be justified in the report (#179). 3. Fetch the PR facts: PR author, head SHA, state (must be open), base branch. Pin the head SHA in your notes; every later step validates THAT SHA. 4. If authenticated user == PR author → STOP (no self-review). Session-contamination claims must be evidence-backed (#173): if you cannot evidence whether this session authored/touched the PR branch, report contamination as UNKNOWN (not contaminated, not clean) and choose another PR or stop. Role-boundary claims must also be evidence-backed (#175): report whether reviewer namespace, author namespace, author mutations, or review mutations occurred. Use `review_proofs.assess_role_boundary`; if it is not clean, downgrade or stop instead of claiming an A-level run. 5. scripts/worktree-review # detached, branches/review-* cd branches/review- 6. Checkout proof (#173) — prove and state, before any diff review or validation: - pinned PR head SHA (from Gitea) - local checkout SHA (git rev-parse HEAD) - HEAD == pinned PR head SHA - diff base == the PR base branch If HEAD does not match the pinned head → STOP before review/merge. 7. Confirm the worktree is clean. Inspect the FULL diff; confirm scope matches issue #; flag any unrelated files, secrets, or formatting churn. Check that the PR body correctly uses Gitea-closing keywords (`Closes #N` or `Fixes #N`) instead of non-closing ones (`Implements #N`, `Refs #N`). Secret/provenance sweep must be exact (#179): state the exact command, script, grep pattern, or named sweep method AND the scope scanned (e.g. `git diff prgs/master...HEAD | grep -inE ''`); "checked the diff for secrets" alone is downgraded. 8. Run the test suite; report the exact command and exact results — pass/fail plus passed/skipped/failed counts, any ignored paths and why they are safe to ignore, and whether the command differs from the repository's canonical validation command. Only claim a result after the output has been read. 9. Final live-state recheck (#179), immediately before submitting the review verdict — re-read the live PR and prove: - PR still open - live head SHA still equals the pinned head SHA from step 3 - base branch unchanged - no undismissed REQUEST_CHANGES / blocking review state left unaccounted If anything moved → STOP, re-pin, re-validate before any verdict. 10. Post the review verdict: approve only if scope is clean and checks pass; otherwise request changes with specifics. Never merge from this review step. Include a "Review Metadata" block (attribution only — docs/llm-agent-sha.md): Review Metadata: - LLM-Agent-SHA: llm-<12 lowercase hex, e.g. llm-41d0e7aa9f2c> - LLM-Role: reviewer - Authenticated-Gitea-User: - MCP-Profile: - Eligibility: passed/failed Handoff: end with a section titled exactly `Controller Handoff` per SKILL.md §K (compact by default; long form if a merge happened or a gate blocked you), including the review/merge role fields: Selected PR, Reviewer eligibility, Pinned reviewed head, Review decision, Merge result, Linked issue status, Cleanup status. If you could not merge, name the exact gate. Reports missing the handoff are downgraded (review_proofs.assess_controller_handoff). Baseline failure proof (#533): if a validation command exits non-zero, do NOT call it a clean pass. Only label a failure "baseline"/"pre-existing" with pre-merge proof — the failure reproduced on the PR's pre-merge base commit, or a documented known-failure record predating the PR. Reproducing on current (post-merge) master is "current-master failure reproduced", NOT baseline proof. State: base commit, tested commit, command, exit status, failure signature. Use one label: clean pass / current-master failure reproduced / pre-merge baseline-proven failure / unresolved regression risk (final_report_validator: reviewer.premerge_baseline_proof). ```