[DEVEX-1523] Fix AI reviewer to explicitly submit gh pr review#122
Conversation
Claude was generating text-only responses instead of calling gh pr review. Updated prompt with explicit instructions to run the gh pr review command. Added show_full_output for pilot debugging. Co-authored-by: Cursor <cursoragent@cursor.com>
PR SummaryLow Risk Overview Also adds Reviewed by Cursor Bugbot for commit a123a62. Bugbot is set up for automated code reviews on this repo. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit a123a62. Configure here.
| with: | ||
| anthropic_api_key: ${{ secrets.anthropic_api_key }} | ||
| github_token: ${{ secrets.ai_reviewer_github_token }} | ||
| show_full_output: true |
There was a problem hiding this comment.
Debugging flag exposes secrets in shared workflow logs
High Severity
show_full_output: true is enabled in a reusable workflow_call workflow shared across repositories. Per the claude-code-action docs, this flag outputs ALL Claude messages including tool execution results, which may contain secrets, API keys, or other sensitive information — and these logs are publicly visible in GitHub Actions. The PR description calls this a "pilot-phase debugging" addition, suggesting it's temporary, but it's being committed to a shared workflow consumed by many repos.
Reviewed by Cursor Bugbot for commit a123a62. Configure here.
2 participants
Summary
gh pr review, so no approval was submittedgh pr diffthengh pr review --approveor--commentshow_full_output: truefor pilot-phase debugging visibilityJIRA: DEVEX-1523
Made with Cursor