Follow-up from PR #862 review (thread on reviewer-bot.yml).
Problem
On the workflow_dispatch (manual) trigger, reviewer-bot.yml does a single actions/checkout with no ref:, which resolves to the default branch — not the PR being reviewed. The PR head is resolved separately (HEAD_SHA = gh pr view ... --json headRefOid).
Result:
- The review diff and comment anchors are correct — the engine fetches them from the GitHub compare API keyed on
HEAD_SHA (repos/{repo}/compare/...), independent of the checkout.
- But the agent's explore tools (
read_paths / grep) read from the engine's _content_root(), which falls back to the primary checkout (= default branch on dispatch) when REVIEW_CONTENT_ROOT is unset. So on manual dispatch, the agent explores default-branch code, not the PR head.
The automatic pull_request trigger (the normal case) is unaffected — its checkout already is the PR merge ref.
Why the engine expects this
Per reviewer_bot/run_review.py _content_root(), workflow_dispatch is meant to check the PR head into a separate directory and export its path as REVIEW_CONTENT_ROOT, while engine code keeps running from the trusted default-branch checkout. This is a deliberate security boundary: dispatch is exempt from the fork guard, so the PR's own code must not run/read from the primary checkout dir.
Fix
On the dispatch path, add a second checkout of HEAD_SHA into a separate dir and export REVIEW_CONTENT_ROOT pointing at it (mirroring the engine's documented pattern).
Severity
Low — only manual dispatch is affected, and only the explore-tool reads (diff/anchors are always correct). Deferred from #862 as a follow-up.
Follow-up from PR #862 review (thread on
reviewer-bot.yml).Problem
On the
workflow_dispatch(manual) trigger,reviewer-bot.ymldoes a singleactions/checkoutwith noref:, which resolves to the default branch — not the PR being reviewed. The PR head is resolved separately (HEAD_SHA = gh pr view ... --json headRefOid).Result:
HEAD_SHA(repos/{repo}/compare/...), independent of the checkout.read_paths/grep) read from the engine's_content_root(), which falls back to the primary checkout (= default branch on dispatch) whenREVIEW_CONTENT_ROOTis unset. So on manual dispatch, the agent explores default-branch code, not the PR head.The automatic
pull_requesttrigger (the normal case) is unaffected — its checkout already is the PR merge ref.Why the engine expects this
Per
reviewer_bot/run_review.py_content_root(),workflow_dispatchis meant to check the PR head into a separate directory and export its path asREVIEW_CONTENT_ROOT, while engine code keeps running from the trusted default-branch checkout. This is a deliberate security boundary: dispatch is exempt from the fork guard, so the PR's own code must not run/read from the primary checkout dir.Fix
On the dispatch path, add a second checkout of
HEAD_SHAinto a separate dir and exportREVIEW_CONTENT_ROOTpointing at it (mirroring the engine's documented pattern).Severity
Low — only manual dispatch is affected, and only the explore-tool reads (diff/anchors are always correct). Deferred from #862 as a follow-up.