refactor(dispatch): require PR context for review triggers

[ifireball]

Summary

Require PR context for review dispatch in per-repo installs only (reusable-dispatch.yml). Per-org dispatch.yml is unchanged pending follow-up.

• Gate /fs-review on ISSUE_IS_PR (PR comments only; preserves stale-head re-dispatch in post-review.sh)
• Gate ready-for-review label on ISSUE_IS_PR (PR label application only; standalone issues skipped)
• Fix agent routing unchanged — already PR-only via pull_request_review and PR-gated /fs-fix

Agent	Per-repo change	Retained triggers
review	No dispatch from standalone issues for /fs-review or ready-for-review label	pull_request_target; ready-for-review on a PR; /fs-review on PR comments
fix	(none)	pull_request_review; /fs-fix on PR comments

Per-org installs (.fullsend/dispatch.yml) retain legacy issue-side review triggers until a follow-up PR.

ADR annotations

• ADR 0002 — per-repo scope note
• ADR 0033 — routing table + 2026-06 note
• ADR 0034 — routing table + 2026-06 note

Test plan

• go test ./internal/scaffold/...
• make lint
• Verify per-repo dispatch skips when ready-for-review is applied to a standalone issue
• Verify per-repo ready-for-review on a PR dispatches review
• Verify per-repo /fs-review on a PR comment still dispatches review
• Verify code → review handoff still works via pull_request_target on PR open/push

[qodo-code-review]

PR Summary by Qodo

Require PR context for review dispatch triggers
🐞 Bug fix ⚙️ Configuration changes 📝 Documentation 🧪 Tests 🕐 20-40 Minutes

Description

• Remove ready-for-review label-based routing from issues events to prevent issue-only review
 runs.
• Gate /fs-review dispatch on ISSUE_HAS_PR so review only runs with PR context.
• Update ADRs, agent docs, and scaffold tests to reflect PR-only review triggering.

Diagram

graph TD
  E{{"GitHub event"}} --> D["Dispatch router (YAML)"] --> S{"Select stage"}
  S -->|"issues:labeled ready-to-code"| Code["Code workflow"]
  S -->|"pull_request_target"| Rev["Review workflow"]
  S -->|"issue_comment /fs-review"| GateRev{"ISSUE_HAS_PR?"} -->|"true"| Rev
  S -->|"issue_comment /fs-fix"| GateFix{"ISSUE_HAS_PR?"} -->|"true"| Fix["Fix workflow"]

  subgraph Legend
    direction LR
    _ext{{"Event"}} ~~~ _dec{"Decision"} ~~~ _wf["Workflow/job"]
  end

Loading

High-Level Assessment

The following are alternative approaches to this PR:

1. Keep `ready-for-review` label routing, but gate it to PRs only

• ➕ Preserves the existing label-driven handoff semantics
• ➕ Allows re-review enqueue via label changes without needing a comment
• ➖ More subtle: must correctly distinguish PR-backed issues (issue.pull_request present) vs standalone issues
• ➖ Still relies on issues events for PR workflow orchestration, which is easier to misconfigure

2. Introduce a distinct PR-only command (e.g., `/fs-review-pr`) and deprecate `/fs-review` on issues

• ➕ Makes the PR-only constraint explicit to users
• ➕ Avoids ambiguity around issue vs PR contexts
• ➖ Worse UX and documentation churn (new command, migration period)
• ➖ Doesn't leverage existing /fs-review muscle memory

Recommendation: The PR’s approach is the simplest and least error-prone: remove the issues:labeled ready-for-review dispatch path entirely and require PR context for manual review via ISSUE_HAS_PR. This avoids accidental review runs on standalone issues while preserving automatic review via pull_request_target and manual re-dispatch via /fs-review on PR comments.

Files changed (9) +30 / -20

Tests (1) +3 / -2

scaffold_test.goAdjust dispatch workflow content test for PR-only review gating +3/-2

Adjust dispatch workflow content test for PR-only review gating

• Updates assertions to ensure 'ready-for-review' is not present as a label-based dispatch trigger and to verify '/fs-review' routing references 'ISSUE_HAS_PR'. Strengthens the test comment to cover both '/code' (issues-only) and '/review' (PR-only) intent.

internal/scaffold/scaffold_test.go

Documentation (6) +21 / -12

0033-per-repo-installation-mode.mdUpdate per-repo routing docs to reflect PR-only review dispatch +5/-1

Update per-repo routing docs to reflect PR-only review dispatch

• Removes mention of 'ready-for-review' label dispatch from 'issues:labeled' routing. Adds a dated note clarifying review no longer dispatches from issues or issue-only '/fs-review'.

docs/ADRs/0033-per-repo-installation-mode.md

0034-centralized-shim-routing-via-dispatch.mdDocument PR-context requirement for review/fix dispatch +7/-2

Document PR-context requirement for review/fix dispatch

• Updates the routing matrix to drop 'ready-for-review' from 'issues' label triggers. Adds an explicit note that review/fix require PR context and that 'ready-for-review' is state, not a trigger.

docs/ADRs/0034-centralized-shim-routing-via-dispatch.md

code.mdClarify 'ready-for-review' is a state marker, not a review trigger +1/-1

Clarify 'ready-for-review' is a state marker, not a review trigger

• Updates the label description to indicate review dispatch happens via 'pull_request_target', while the label remains for workflow state and retro evidence.

docs/agents/code.md

review.mdRestrict '/fs-review' documentation to PR comments only +5/-5

Restrict '/fs-review' documentation to PR comments only

• Updates the command table and narrative to state '/fs-review' only works on pull requests (PR-linked comments). Clarifies 'ready-for-review' is not a dispatch trigger.

docs/agents/review.md

glossary.mdRefine label state machine definition to separate triggers vs state +1/-1

Refine label state machine definition to separate triggers vs state

• Adjusts glossary language to distinguish dispatch-driving labels from state/outcome labels. Explicitly notes 'ready-for-review' does not trigger dispatch; PR events do.

docs/glossary.md

bugfix-workflow.mdUpdate user workflow guide for PR-only review triggers +2/-2

Update user workflow guide for PR-only review triggers

• Updates the label table and review stage section to remove 'ready-for-review' label as a trigger and to specify '/fs-review' must be posted on a PR comment for manual re-enqueue.

docs/guides/user/bugfix-workflow.md

Other (2) +6 / -6

reusable-dispatch.ymlGate '/fs-review' on PR context and drop review label routing +3/-3

Gate '/fs-review' on PR context and drop review label routing

• Adds an 'ISSUE_HAS_PR' guard so '/fs-review' only selects the review stage when the comment is on a PR-backed issue. Removes 'ready-for-review' from the 'issues:labeled' routing table, leaving label usage as state only.

.github/workflows/reusable-dispatch.yml

dispatch.ymlApply the same PR-only review routing to scaffolded dispatch workflow +3/-3

Apply the same PR-only review routing to scaffolded dispatch workflow

• Mirrors the reusable workflow changes: '/fs-review' now requires 'ISSUE_HAS_PR', and 'ready-for-review' is removed from 'issues:labeled' routing. This keeps scaffolded repos consistent with upstream routing rules.

internal/scaffold/fullsend-repo/.github/workflows/dispatch.yml

[github-actions]

Site preview

Preview: https://a0df40c9-site.fullsend-ai.workers.dev

Commit: 1e684be7b0926598d7a8120b1f138b32aeacf78b

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 3:26 PM UTC · Completed 3:39 PM UTC
Commit: 672eea5 · View workflow run →

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (1) 📜 Skill insights (0)

Context used

✅ Compliance rules (platform): 58 rules

✅ Skills: writing-user-docs, writing-adrs

1. Brittle workflow content test ✓ Resolved 🐞 Bug ⚙ Maintainability

Description

TestDispatchWorkflowContent asserts routing behavior via an exact substring check and a
length-limited regex, so equivalent bash logic (different spacing/quoting or slightly longer blocks)
can bypass the guard or cause false test failures. This makes future dispatch.yml refactors riskier
and reduces confidence the invariant is actually being enforced.

Code

internal/scaffold/scaffold_test.go[R197-207]

+	assert.NotContains(t, s, `ready-for-review" ]]; then`)
	assert.Contains(t, s, "TRIGGERING_LABEL")
	assert.Contains(t, s, "pull_request_target")
	assert.Contains(t, s, "pull_request_review")
	assert.Contains(t, s, "changes_requested")
	assert.Contains(t, s, "needs-info")
	assert.Contains(t, s, `! has_label "feature"`)
	assert.Contains(t, s, "opened|synchronize|ready_for_review")
-	// /code must only run on issues, not PRs
+	// /code must only run on issues, not PRs; /review must only run on PRs
	assert.Contains(t, s, "ISSUE_HAS_PR")
+	assert.Regexp(t, `/fs-review\)[\s\S]{0,120}ISSUE_HAS_PR`, s)

Relevance

⭐ Low

Prior request to strengthen scaffold_test beyond substring assertions was rejected; team tolerates
content-based checks.

PR-#390

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The test currently hard-codes an exact snippet and a short regex window, which makes it sensitive to
formatting and incomplete for catching equivalent logic changes; the cited lines show both the
substring assertion and the bounded regex.

internal/scaffold/scaffold_test.go[179-208]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`TestDispatchWorkflowContent` validates dispatch routing invariants by matching an exact bash substring and a bounded regex window. This is brittle: the test may fail on harmless formatting refactors, or it may not catch semantically equivalent reintroductions of the `ready-for-review` label trigger.

## Issue Context
The test is intended to enforce routing invariants for the scaffolded `dispatch.yml` (e.g., `ready-for-review` is no longer a dispatch trigger; `/fs-review` is gated on PR context).

## Fix Focus Areas
- internal/scaffold/scaffold_test.go[179-209]

## Suggested change
- Replace `assert.NotContains(t, s, `ready-for-review" ]]; then`)` with a more semantic `assert.NotRegexp` that matches the routing condition regardless of whitespace/quoting, e.g. something like:
 - `(?s)TRIGGERING_LABEL\}.*==\s*"ready-for-review"`
 - or a tighter bash-condition pattern: `\[\[\s*"\$\{TRIGGERING_LABEL\}"\s*==\s*"ready-for-review"\s*\]\]`
- Replace the bounded regex `[
\s\S]{0,120}` with an unbounded non-greedy `(?s).*?` so harmless insertions don’t break the test:
 - from: `/fs-review\)[\s\S]{0,120}ISSUE_HAS_PR`
 - to: `(?s)/fs-review\).*?ISSUE_HAS_PR`

This keeps the test enforcing the invariant without coupling it to formatting details.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Accepted ADR edits unmentioned 📘 Rule violation § Compliance

Description

docs/ADRs/0033-per-repo-installation-mode.md and
docs/ADRs/0034-centralized-shim-routing-via-dispatch.md (both status: Accepted) are modified in
this PR, but the PR description does not explicitly call out these ADR edits. This violates the
requirement to mention accepted ADR changes in the PR description so reviewers can assess
decision-history impacts.

Code

docs/ADRs/0034-centralized-shim-routing-via-dispatch.md[R105-115]

+- `issues` + `labeled` with `ready-to-code` → `code`
- `pull_request_target` opened/synchronize/ready_for_review → `review`
- `pull_request_target` closed → `retro`
- `pull_request_review` with bot `changes_requested` → `fix`

+> **Note (2026-06):** Review and fix no longer dispatch from `issues` events.
+> Review requires PR context: `pull_request_target` or `/fs-review` on a PR
+> comment (`issue_comment` with linked PR). Fix dispatches from
+> `pull_request_review` or `/fs-fix` on a PR comment. The `ready-for-review`
+> label remains a workflow-state marker, not a dispatch trigger.
+

Relevance

⭐ Low

Similar PR-metadata compliance asks (update PR title/description / governance callouts) were
rejected in reviews.

PR-#2415
PR-#1063

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

Both modified ADR files declare status: Accepted and include new/changed routing notes in this PR.
PR Compliance ID 1062059 requires that any edits to accepted ADRs be explicitly mentioned in the PR
description (ADR identifier/filename + summary), which is missing here.

Rule 1062059: Call out edits to accepted ADRs in PR descriptions
docs/ADRs/0033-per-repo-installation-mode.md[1-3]
docs/ADRs/0033-per-repo-installation-mode.md[170-183]
docs/ADRs/0034-centralized-shim-routing-via-dispatch.md[1-3]
docs/ADRs/0034-centralized-shim-routing-via-dispatch.md[99-115]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Accepted ADRs were edited in this PR, but the PR description does not explicitly mention the ADR identifiers/filenames and what changed.

## Issue Context
The compliance rule requires calling out edits to already-`Accepted` ADRs in the PR description (at minimum: ADR identifier/filename + short summary of change).

## Fix Focus Areas
- docs/ADRs/0033-per-repo-installation-mode.md[170-183]
- docs/ADRs/0034-centralized-shim-routing-via-dispatch.md[99-115]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[fullsend-ai-review]

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Medium

• [missing-authorization] No linked issue found. This is a 62-line change across 9 files affecting core dispatch routing logic and architectural documentation (3 ADRs). While the PR description and ADR notes document the rationale, non-trivial changes benefit from explicit issue-level authorization for traceability.

• [architectural-coherence] .github/workflows/reusable-dispatch.yml — The PR introduces intentional behavioral divergence between per-repo and per-org installation modes for review triggers. ADR 0033 and ADR 0034 both state routing logic should be "identical" between modes. The PR documents this as temporary ("pending follow-up") but provides no timeline or tracking for convergence.

Low

• [silent-skip] .github/workflows/reusable-dispatch.yml:141 — When /fs-review is issued on an issue without a linked PR, STAGE remains empty and the workflow silently skips dispatch. The user receives no feedback explaining why the command was ignored. This is consistent with existing patterns (/fs-code silently skips when ISSUE_IS_PR is true), so this is not a regression.

• [stale-example-code] docs/superpowers/specs/2026-04-17-installer-agent-content-design.md:204 — Example shim workflow shows issues + labeled + ready-for-review triggering review dispatch without the ISSUE_IS_PR guard. This example no longer matches actual per-repo behavior after this PR. The spec is a historical design document, so the impact is limited to reader confusion.

• [scope-creep] docs/agents/review.md — The PR is titled "refactor" but changes user-visible behavior (review triggers no longer fire on standalone issues). The extensive documentation updates suggest this is a behavioral change, not a refactor.

• [test-naming-convention] internal/scaffold/workflow_call_alignment_test.go — The new test function TestReusableDispatchRoutingContent does not follow the naming pattern used by other content-validation tests (e.g., TestDispatchWorkflowContent uses a WorkflowContent suffix).

• [test-coverage] internal/scaffold/workflow_call_alignment_test.go — The test validates ISSUE_IS_PR gating in reusable-dispatch.yml but does not validate that per-org dispatch.yml remains ungated. Adding a comment or complementary assertion would document the intentional divergence.

Previous run

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Low

• [silent-skip] .github/workflows/reusable-dispatch.yml:141 — When /fs-review is issued on an issue without a linked PR, STAGE remains empty and the workflow silently skips dispatch. The user receives no feedback explaining why the command was ignored. This is consistent with existing patterns (/fs-code silently skips when ISSUE_IS_PR is true), so this is not a regression.

• [stale-example-code] docs/superpowers/specs/2026-04-17-installer-agent-content-design.md:204 — Example shim workflow shows issues + labeled + ready-for-review triggering review dispatch without the ISSUE_IS_PR guard. This example no longer matches actual behavior after this PR. The spec is a historical design document, but the gap adds inconsistency for readers.

Previous run (2)

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Low

• [naming-convention-inconsistency] .github/workflows/reusable-dispatch.yml:89 — Variable rename from ISSUE_HAS_PR to IS_PR departs from the domain-prefixed naming used by most variables in the env block (COMMENT_*, ISSUE_*, PR_*, REVIEW_*). However, the convention is not fully consistent — EVENT_NAME, EVENT_ACTION, ORG_NAME, and TRIGGERING_LABEL also lack domain prefixes, making this a borderline case rather than a clear violation.

• [silent-skip] .github/workflows/reusable-dispatch.yml:141 — When /fs-review is issued on an issue without a linked PR, STAGE remains empty and the workflow silently skips dispatch. The user receives no feedback explaining why the command was ignored. This is consistent with existing patterns (/fs-code silently skips when IS_PR is true), so this is not a regression.

Previous run (3)

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Low

• [missing-authorization] No linked issue. The PR modifies routing logic in two workflow files and updates documentation across seven doc files. While the change is well-scoped and authored by a MEMBER, non-trivial changes benefit from explicit issue-level authorization for traceability.

• [silent-skip] .github/workflows/reusable-dispatch.yml:141 — When /fs-review is issued on an issue without a linked PR, STAGE remains empty and the workflow silently skips dispatch. The user receives no feedback explaining why the command was ignored. This is consistent with existing patterns (/fs-code silently skips when ISSUE_HAS_PR is true), so this is not a regression.

Previous run (4)

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Medium

• [missing-prerequisite-documentation] docs/ADRs/0002-initial-fullsend-design.md:155 — ADR 0002 describes review triggers including "ready-for-review label applied manually" and "/review in a comment" without mentioning the new ISSUE_HAS_PR prerequisite. After this PR, these triggers only fire when the issue has an associated PR. ADRs 0033 and 0034 are updated but ADR 0002 is not, leaving stale trigger descriptions.
  Remediation: Add a short annotation note to ADR 0002's Review triggers section (similar to the notes added in ADRs 0033 and 0034) clarifying that ready-for-review and /fs-review now require PR context.

Low

• [missing-authorization] No linked issue. The PR modifies routing logic in two workflow files and updates documentation. While the change is well-scoped and authored by a MEMBER, non-trivial changes benefit from explicit issue-level authorization for traceability.

• [stale-reference] docs/superpowers/specs/2026-04-17-installer-agent-content-design.md:204 — The installer agent content design spec shows example dispatch logic that triggers review on ready-for-review without the ISSUE_HAS_PR guard. This spec already uses pre-ADR-0034 patterns that are independently stale, but the new gap adds another inconsistency.

• [missing-prerequisite-documentation] docs/architecture.md:235 — The slash-command parser section mentions /fs-review without noting the PR context requirement. This is a high-level component description where per-command prerequisites may be out of scope.

• [documentation-consistency] docs/ADRs/0034-centralized-shim-routing-via-dispatch.md:110 — The new note states "Standalone issues no longer trigger review or fix." For fix, /fs-fix already required ISSUE_HAS_PR before this PR, and pull_request_review inherently requires PR context. The note is not wrong but implies this PR changed fix dispatch behavior when fix was already PR-gated.

Previous run (5)

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Medium

• [stale-reference] docs/ADRs/0002-initial-fullsend-design.md:155 — ADR 0002 line 155 states the review stage is entered when "the ready-for-review label was applied manually" and line 160 lists "ready-for-review label added to the issue" as trigger Add problem areas: Tekton pipeline review, migration path, multi-tenancy #2 for Review. After this PR, the ready-for-review label no longer triggers review dispatch. ADRs 0033 and 0034 are updated in this PR, but ADR 0002 is not, leaving stale dispatch trigger claims.
  Remediation: Add a minor annotation to ADR 0002 noting that the ready-for-review label dispatch trigger was removed (per ADR immutability rules, do not rewrite the Decision section — a cross-reference note is appropriate).

Low

• [test-assertion-pattern] internal/scaffold/scaffold_test.go:197 — The assertion assert.NotContains(t, s, ready-for-review" ]]; then) uses a narrower pattern than necessary. After the production change, the string ready-for-review (with hyphens) does not appear in dispatch.yml at all, so assert.NotContains(t, s, "ready-for-review") would be a stronger, simpler assertion that also catches unintended re-introduction.

• [test-assertion-pattern] internal/scaffold/scaffold_test.go:207 — assert.Regexp is the first use of this assertion type in scaffold_test.go. While valid for verifying structural proximity between /fs-review and ISSUE_HAS_PR, it introduces a new assertion style compared to the established assert.Contains pattern in this test.

Previous run (6)

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Low

• [missing-authorization] No linked issue. The PR modifies routing logic in two workflow files and updates documentation across seven doc files. While the change is well-scoped and authored by a MEMBER, non-trivial changes benefit from explicit issue-level authorization for traceability.

• [silent-skip] .github/workflows/reusable-dispatch.yml:141 — When /fs-review is issued on an issue without a linked PR, STAGE remains empty and the workflow silently skips dispatch. The user receives no feedback explaining why the command was ignored. This is consistent with existing patterns (/fs-code silently skips when ISSUE_HAS_PR is true), so this is not a regression.

Previous run (7)

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Medium

• [missing-prerequisite-documentation] docs/ADRs/0002-initial-fullsend-design.md:155 — ADR 0002 describes review triggers including "ready-for-review label applied manually" and "/review in a comment" without mentioning the new ISSUE_HAS_PR prerequisite. After this PR, these triggers only fire when the issue has an associated PR. ADRs 0033 and 0034 are updated but ADR 0002 is not, leaving stale trigger descriptions.
  Remediation: Add a short annotation note to ADR 0002's Review triggers section (similar to the notes added in ADRs 0033 and 0034) clarifying that ready-for-review and /fs-review now require PR context.

Low

• [missing-authorization] No linked issue. The PR modifies routing logic in two workflow files and updates documentation. While the change is well-scoped and authored by a MEMBER, non-trivial changes benefit from explicit issue-level authorization for traceability.

• [stale-reference] docs/superpowers/specs/2026-04-17-installer-agent-content-design.md:204 — The installer agent content design spec shows example dispatch logic that triggers review on ready-for-review without the ISSUE_HAS_PR guard. This spec already uses pre-ADR-0034 patterns that are independently stale, but the new gap adds another inconsistency.

• [missing-prerequisite-documentation] docs/architecture.md:235 — The slash-command parser section mentions /fs-review without noting the PR context requirement. This is a high-level component description where per-command prerequisites may be out of scope.

• [documentation-consistency] docs/ADRs/0034-centralized-shim-routing-via-dispatch.md:110 — The new note states "Standalone issues no longer trigger review or fix." For fix, /fs-fix already required ISSUE_HAS_PR before this PR, and pull_request_review inherently requires PR context. The note is not wrong but implies this PR changed fix dispatch behavior when fix was already PR-gated.

Previous run (8)

Review

Findings

High

• [protected-path] .github/workflows/reusable-dispatch.yml — This PR modifies a file under .github/, which is a protected path requiring human approval. The PR has no linked issue providing authorization for the change. Protected-path modifications always require human review regardless of context.
  Remediation: Link an issue that authorizes this workflow change, or obtain explicit human approval on the PR.

Medium

• [stale-reference] docs/ADRs/0002-initial-fullsend-design.md:155 — ADR 0002 line 155 states the review stage is entered when "the ready-for-review label was applied manually" and line 160 lists "ready-for-review label added to the issue" as trigger Add problem areas: Tekton pipeline review, migration path, multi-tenancy #2 for Review. After this PR, the ready-for-review label no longer triggers review dispatch. ADRs 0033 and 0034 are updated in this PR, but ADR 0002 is not, leaving stale dispatch trigger claims.
  Remediation: Add a minor annotation to ADR 0002 noting that the ready-for-review label dispatch trigger was removed (per ADR immutability rules, do not rewrite the Decision section — a cross-reference note is appropriate).

Low

• [test-assertion-pattern] internal/scaffold/scaffold_test.go:197 — The assertion assert.NotContains(t, s, ready-for-review" ]]; then) uses a narrower pattern than necessary. After the production change, the string ready-for-review (with hyphens) does not appear in dispatch.yml at all, so assert.NotContains(t, s, "ready-for-review") would be a stronger, simpler assertion that also catches unintended re-introduction.

• [test-assertion-pattern] internal/scaffold/scaffold_test.go:207 — assert.Regexp is the first use of this assertion type in scaffold_test.go. While valid for verifying structural proximity between /fs-review and ISSUE_HAS_PR, it introduces a new assertion style compared to the established assert.Contains pattern in this test.

---

Labels: PR modifies dispatch workflow routing and updates multiple documentation files.

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 5:52 AM UTC · Completed 6:04 AM UTC
Commit: 1e58e31 · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 6:51 AM UTC · Completed 7:04 AM UTC
Commit: e5e64cc · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 7:55 AM UTC · Completed 8:07 AM UTC
Commit: 4b55b3d · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 12:16 PM UTC · Completed 12:28 PM UTC
Commit: 92833c5 · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[waynesun09]

Review — 2 findings (Medium)

M1 — PR description references old variable name ISSUE_HAS_PR

The summary bullets say "Gate /fs-review on ISSUE_HAS_PR" and "Gate ready-for-review label on ISSUE_HAS_PR", but the code renames to ISSUE_IS_PR. The description is the permanent record post-merge — should match the actual variable name.

M3 — Shim repos need coordinated update

fullsend-ai/.fullsend dispatch.yml still uses the old ISSUE_HAS_PR name, /fs-review dispatches unconditionally (L96-97), and ready-for-review triggers review unconditionally (L144-145). The behavioral change only takes effect in per-repo mode and newly scaffolded repos — existing per-org deployments will continue dispatching review on standalone issues until the shim repos are updated separately.

Consider noting this in the PR description or filing a follow-up to update fullsend-ai/.fullsend (and nonflux/.fullsend) after this lands.

[ifireball]

Scoped to per-repo only per M3: routing changes are in reusable-dispatch.yml only; per-org dispatch.yml reverted to main. Merged latest main and pushed 1e684be.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 3:06 PM UTC · Completed 3:18 PM UTC
Commit: 1e684be · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

[medium] architectural-coherence

The PR introduces intentional behavioral divergence between per-repo and per-org installation modes for review triggers. ADR 0033 and ADR 0034 both state routing logic should be 'identical' between modes. The PR documents this as temporary ('pending follow-up') but provides no timeline or tracking for convergence.

[fullsend-ai-review]

[low] silent-skip

When /fs-review is issued on an issue without a linked PR, STAGE remains empty and the workflow silently skips dispatch. The user receives no feedback explaining why the command was ignored. This is consistent with existing patterns (/fs-code silently skips when ISSUE_IS_PR is true), so this is not a regression.

[waynesun09]

[medium] test-regex-fragility

The (?s)/fs-review\).*?ISSUE_IS_PR and (?s)ready-for-review.*?ISSUE_IS_PR regexes assert that ISSUE_IS_PR appears somewhere after the trigger string in the file — not that it gates the specific case block. If the /fs-review case block lost its gate but ISSUE_IS_PR still appeared later (e.g., in the /fs-fix block), the test would false-pass. Consider tightening to match within the case block structure, e.g.:

assert.Regexp(t, `(?s)/fs-review\)\s*\n\s+if \[\[ "\$\{ISSUE_IS_PR\}"`, s)
assert.Regexp(t, `(?s)ready-for-review"\s*\]\];\s*then\s*\n\s+if \[\[ "\$\{ISSUE_IS_PR\}"`, s)

Routing logic and docs LGTM otherwise.

Assisted-by: Claude (review), Gemini (review)