feat: shared PR check system for all kyndig repos#2
Merged
Conversation
Captures the current state of PR workflows, branch protection settings, and Bugbot implementations across all 12 active repositories. Documents gaps: missing main protection on 9 repos, branch deletion disabled on 3, and three diverging local Bugbot-comment implementations that should be replaced by the shared gate. Serves as the baseline reference for the shared PR check rollout. Co-authored-by: Cursor <cursoragent@cursor.com>
Extends the reusable Bugbot Gate beyond waiting for the check run
conclusion. After the Cursor Bugbot check completes, the gate now:
- Determines the current-cycle boundary from the PR timeline (latest
push or force-push timestamp) so only threads from the current commit
are evaluated — stale comments from older pushes do not block merges.
- Fetches all review threads via GraphQL and fails if any qualifying
Bugbot thread in the current cycle remains unresolved.
- Guards against a concurrent push changing the PR head mid-evaluation.
New inputs:
pull_number required — needed for timeline and thread queries
qualifying_reviewer_login_regex optional — override default Cursor
user matching
qualifying_comment_body_regexes optional — override default severity-
marker / fix-in-cursor body matching
The cycle-boundary and configurable-matcher logic is taken from the
Kit implementation in varde. The check-run wait (with 5 s grace period)
is taken from the ritz implementation. Combined, the gate is strictly
more correct than any existing local implementation.
Co-authored-by: Cursor <cursoragent@cursor.com>
Five reusable workflow_call workflows covering all active repo categories: pr-metadata-check.yml — PR description quality gate (cheap, runs on pull_request). Enforces issue linkage, optional ContractImpact validation, changelog warning, and template-fill warnings. All behaviour is opt-in via inputs; only issue linkage defaults to true. node-pnpm-quality.yml — lint + typecheck + optional format check. Job name "Quality" is stable for branch protection rulesets. node-pnpm-build.yml — install + build. Job name "Build" is stable for branch protection rulesets. node-pnpm-playwright.yml — install + build + Playwright tests. Job name "Playwright" is stable for branch protection rulesets. raycast-ci.yml — Raycast Store metadata validation, migration drift check, npm ci, build, lint, typecheck, optional unit tests. Runs on macos-latest. Job name "Raycast CI" is stable. python-sdk-tests.yml — Python SDK tests with optional network skip and artifact upload. Job name "SDK Tests" is stable. All expensive workflows are designed to be called from a CI After Gate workflow triggered by workflow_run on "Bugbot Gate", so they only start after the gate passes. Commands are inputs; no build logic is hardcoded. Co-authored-by: Cursor <cursoragent@cursor.com>
…ries
org-baseline.md — authoritative settings reference:
- Branch deletion after merge: required everywhere; gaps listed
- Main branch protection: minimum ruleset config, gaps listed
- Required status check rollout sequence (Bugbot Gate first, then
category checks only after verifying emitted names from a real PR)
- Per-repo normalisation steps for kynd-web, kynd-web-new, varde
bugbot-gate-rollout.md — updated for the upgraded gate and full library:
- Thin caller now passes pull_number (required by upgraded gate)
- CI After Gate patterns for all categories: web pnpm, monorepo,
Raycast, Python SDK, Swift/macOS, CLI tool
- Optional PR metadata caller pattern
- Revised ruleset setup and rollout checklist
- Updated gate semantics section (check-run wait + cycle-boundary
unresolved-thread check)
Co-authored-by: Cursor <cursoragent@cursor.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Use a JavaScript-compatible end-of-input assertion so template quality checks include the last section of a PR body. Co-authored-by: Cursor <cursoragent@cursor.com>
Resolve test output relative to the reusable workflow working directory so nested SDK callers upload the artifacts they generate. Co-authored-by: Cursor <cursoragent@cursor.com>
Git author/committer dates are user-controllable and can be arbitrarily old (cherry-picks, offline work, pre-created commits). When parseMs used author.date first for 'committed' events, old dates set a cycle boundary that predated prior-cycle Bugbot comments, causing them to satisfy `ts > cycleBoundaryMs` and incorrectly block the gate. Invert the candidate order so GitHub's push timestamp (created_at) is tried first; git dates are retained only as a last resort when created_at is absent. Co-authored-by: Cursor <cursoragent@cursor.com>
Member
Author
|
@cursor review |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 3655916. Configure here.
…hread || let any comment whose body matched Bugbot patterns (e.g. the public https://cursor.com/fix-in-cursor URL) from any user qualify a thread as a "Bugbot thread", causing false gate failures with a misleading error. Bugbot comments always satisfy both criteria, so && is equally precise for real Bugbot threads while excluding non-Bugbot comments that happen to contain matching body content. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bugbot Gatereusable workflow to combine check-run wait with current-cycle unresolved Bugbot review thread enforcement (adopts cycle-boundary logic fromvardeKit + check-run grace period fromritz).workflow_callworkflows covering all active repo categories: PR metadata check, Node/pnpm quality/build/Playwright, Raycast CI, and Python SDK tests.docs/pr-checks-audit.mdmapping the current state of all 12 active repos (workflows, protection gaps, branch deletion gaps).docs/org-baseline.mdwith the authoritative org/repo settings baseline and per-repo normalisation steps.docs/bugbot-gate-rollout.mdwith per-categoryCI After Gatepatterns and the revised rollout checklist.What changed in the Bugbot Gate contract
The gate now requires two things to pass (previously only the first):
Cursor Bugbotcheck run has completed (any conclusion).Breaking input change: callers must now pass
pull_numberin addition tosha. The updated caller template is indocs/bugbot-gate-rollout.md.Reusable workflows added
pr-metadata-check.ymlPR Metadata Checkpull_requestnode-pnpm-quality.ymlQualityCI After Gateviaworkflow_runnode-pnpm-build.ymlBuildCI After Gateviaworkflow_runnode-pnpm-playwright.ymlPlaywrightCI After Gateviaworkflow_runraycast-ci.ymlRaycast CICI After Gateviaworkflow_runpython-sdk-tests.ymlSDK TestsCI After Gateviaworkflow_runRollout next steps
See
docs/org-baseline.mdfor the full sequence. Short version:switchto,varde-web,faen-ta.mainprotection (PR required, no required checks yet) to all unprotected repos.kynd-web-new(already has clean job split).docs/bugbot-gate-rollout.md.ContractImpact: none
Made with Cursor
Note
Medium Risk
Changes merge-gating behavior by adding PR-head/cycle-boundary logic and unresolved-thread enforcement, which could block PRs if the GitHub APIs or matching rules behave unexpectedly. Adds multiple reusable workflows that become part of branch protection check names, so misconfiguration could disrupt CI enforcement.
Overview
Upgrades the shared
Bugbot Gatereusable workflow to requirepull_number, wait for the Bugbot check to complete, and then fail if any current-push-cycle qualifying Bugbot review threads remain unresolved (with configurable reviewer/body regex matchers and a PR-head SHA race guard).Adds new reusable
workflow_callworkflows forpr-metadata-check(issue/workdoc + optional ContractImpact validation + warnings) and standard CI building blocks (node-pnpm-quality,node-pnpm-build,node-pnpm-playwright,python-sdk-tests,raycast-ci) with stable job names intended forworkflow_run“CI After Gate” pipelines.Updates and adds docs (
bugbot-gate-rollout,org-baseline,pr-checks-audit) to prescribe rollout steps, required-check naming, and per-repo onboarding patterns.Reviewed by Cursor Bugbot for commit 224d451. Bugbot is set up for automated code reviews on this repo. Configure here.