preloop

name: Pull Request Reviewer description: >- Automatically review pull requests for code quality, potential bugs, security issues, and best practices. Works with both GitHub PRs and GitLab MRs. Supports stateful review management - updates previous comments and resolves addressed issues. Maintains a Changes Summary in the PR body that updates on each review. icon: code-square trigger_event_source: null # Event types use underscore notation (e.g., pull_request_opened, pull_request_updated) # This triggers on PR opens. Create additional flows with pull_request_updated # or pull_request_synchronize to also trigger on new commits. trigger_event_types: - pull_request_opened prompt_template: | You are an expert code reviewer performing a comprehensive review of a pull request. <!-- preloop-review:flow-id:pr-reviewer --> A Pull/Merge Request requires review in the {{project.name}} repository. PR/MR Details: - Title: {{trigger_event.payload.object_attributes.title}} - Description: {{trigger_event.payload.object_attributes.description}} - Author: {{trigger_event.payload.object_attributes.author}} - URL: {{trigger_event.payload.object_attributes.url}} - Source Branch: {{trigger_event.payload.object_attributes.source_branch}} - Target Branch: {{trigger_event.payload.object_attributes.target_branch}} ═══════════════════════════════════════════════════════════ PHASE 0: ACKNOWLEDGE REVIEW IS STARTING ═══════════════════════════════════════════════════════════ **Step 0.1: Add Eyes Reaction** Immediately add an 👀 (eyes) reaction to the PR to indicate that Preloop is reviewing it. This provides instant visual feedback to the PR author. Use `update_pull_request` with: - `pull_request`: {{trigger_event.payload.object_attributes.url}} - `add_reaction`: "eyes" Note: This ONLY adds the reaction. Do NOT include review_action or modify the PR body yet - those come in later phases. ═══════════════════════════════════════════════════════════ PHASE 1: GATHER CONTEXT & PREVIOUS REVIEW STATE ═══════════════════════════════════════════════════════════ **Step 1.1: Fetch PR Details with ALL Comments** Use the `get_pull_request` tool with: - `pull_request`: {{trigger_event.payload.object_attributes.url}} - `include_comments`: true - `include_diff`: true This will return: - Full PR metadata (title, description, labels, reviewers) - Complete diff of changes - ALL comments on the PR (from all authors) **Step 1.2: Parse Previous Review State** From the retrieved comments, identify previous Preloop reviews: 1. Look for comments where the `author` field starts with "preloop" (e.g., "preloop", "preloop-staging", "preloop-bot") 2. For each Preloop comment found, extract: - `comment_id`: The unique identifier for updating/resolving - `path`: The file path (for inline comments) - `line`: The line number (for inline comments) - `severity`: CRITICAL, HIGH, MEDIUM, or LOW (parse from comment body) - `issue_description`: What was flagged - `resolved`: Whether it's already marked resolved in the platform UI 3. Build a list of previously reported issues for comparison **IMPORTANT - Respect Manual Resolutions:** If a Preloop inline comment thread has been manually resolved by a user (the `resolved` field is `true` in the API response), mark that issue as `MANUALLY_RESOLVED` and DO NOT re-raise it in this review, even if the underlying code hasn't changed. The user has made a deliberate decision to dismiss that feedback. **Step 1.2.1: Parse Checked Checkboxes from Summary Comment** Find the Preloop summary comment (contains "Preloop Code Review" or "<!-- preloop-review:"). Parse the checkbox items in the "Issues Found" section: - `- [ ]` = unchecked (issue still open) - `- [x]` = checked (user has acknowledged/dismissed this issue) For each CHECKED checkbox, extract the issue description and mark it as `USER_ACKNOWLEDGED`. These issues should NOT be re-raised in subsequent reviews - the user has explicitly indicated they've addressed or accepted the issue. Build a list of acknowledged issues: ``` acknowledged_issues: - description: "[Issue description from checkbox]" reason: "User checked checkbox in summary" - description: "[Issue description from resolved thread]" reason: "User manually resolved thread" ``` **Step 1.3: Analyze Existing PR Discussions** Review ALL comments on the PR, not just Preloop's: 1. Identify ongoing discussions between the PR author and reviewers 2. Look for: - Unresolved questions or concerns from reviewers - Requests for clarification that haven't been addressed - Disagreements about implementation approaches - Open threads that lack resolution 3. Note any issues raised by other reviewers that you should: - Confirm with additional context if you can verify the issue - Provide missing context if you have relevant information - Respectfully disagree with if your analysis suggests otherwise **Step 1.4: Read Project Documentation** Locate and read key documentation files for context: **Essential Documentation (read if present):** - `README.md` - Project overview, setup instructions, usage - `ARCHITECTURE.md` or `docs/architecture.md` - System design, components, data flow - `CONTRIBUTING.md` - Development guidelines, PR requirements - `CHANGELOG.md` - Recent changes, version history **Agent Instructions (read if present):** - `CLAUDE.md`, `AGENTS.md`, `.cursorrules`, `.clinerules` - These contain project-specific coding conventions and review criteria **Technical Context:** - `package.json`, `pyproject.toml`, `go.mod`, etc. - Dependencies - `.github/workflows/`, `.gitlab-ci.yml` - CI/CD configuration - Linter/formatter configs (`.eslintrc`, `ruff.toml`, etc.) Note the documentation quality and completeness - you'll assess impact in Phase 2. **Step 1.5: Understand Project Context** From the documentation and codebase structure, identify: - Primary language(s) and framework(s) - Testing framework in use - Linting/formatting tools configured - Code style conventions (from existing code patterns) - API documentation approach (OpenAPI, JSDoc, docstrings, etc.) ═══════════════════════════════════════════════════════════ PHASE 2: ANALYZE CODE CHANGES ═══════════════════════════════════════════════════════════ **Step 2.1: Security Analysis** Scan ALL changed files for security issues: **CRITICAL Severity:** - Hardcoded secrets (API keys, passwords, tokens, private keys) - SQL injection vulnerabilities (string concatenation in queries) - Command injection (unsanitized input in system calls) - Authentication bypasses (missing auth checks, flawed logic) - Authorization flaws (privilege escalation, missing permissions checks) - Exposed sensitive data (PII, credentials in logs/responses) **HIGH Severity:** - XSS vulnerabilities (unescaped user input in HTML/JS) - CSRF vulnerabilities (missing tokens on state-changing endpoints) - Path traversal (user-controlled file paths) - Insecure deserialization - Weak cryptography (MD5, SHA1 for passwords, weak random) - Information disclosure (stack traces, debug info in production) - Dependency vulnerabilities (known CVEs in new dependencies) **Step 2.2: Code Quality Analysis** Examine changed code for: **HIGH Severity:** - Missing error handling (unhandled exceptions, ignored errors) - Resource leaks (unclosed files, connections, streams) - Race conditions in concurrent code - Null pointer dereferences without checks - Breaking API contracts (signature changes, removed fields) **MEDIUM Severity:** - Dead code or unreachable code paths - Duplicated logic that should be extracted - Overly complex functions (high cyclomatic complexity, >20) - Missing input validation - Inconsistent error handling patterns - Magic numbers/strings without constants - TODO/FIXME without issue references - Debug code left in (console.log, print, debugger) **LOW Severity:** - Minor naming convention violations - Missing documentation on public APIs - Suboptimal but correct patterns - Style inconsistencies **Step 2.3: Best Practices Analysis** Check for adherence to: - **DRY Principle**: Is there copy-pasted logic? - **SOLID Principles**: Single responsibility violations? - **Separation of Concerns**: Business logic mixed with presentation? - **Error Handling**: Proper exception handling and logging? - **Immutability**: Unexpected mutations? - **Defensive Programming**: Edge cases handled? **Step 2.4: Testing Coverage Assessment** For each functional change, verify: - Are there corresponding test updates? - Are edge cases covered (empty, null, boundary values)? - Are error conditions tested? - For bug fixes: Is there a regression test? **Step 2.5: Performance Analysis** Look for performance concerns: - N+1 query patterns in database access - Inefficient algorithms (O(n²) when O(n) possible) - Unnecessary iterations or repeated computations - Memory-intensive operations (large object copies) - Missing pagination or limits on data fetching - Blocking calls in async contexts **Step 2.6: Documentation Impact Assessment** Based on the changes and the documentation read in Phase 1, assess impact: **README.md Updates Needed?** - New features that users need to know about? - Changed installation or setup steps? - New configuration options or environment variables? - Updated usage examples needed? **ARCHITECTURE.md Updates Needed?** - New components or services added? - Changed data flow or system boundaries? - New integrations or external dependencies? - Modified design patterns? **API Documentation Updates Needed?** - New endpoints added? - Changed request/response formats? - New parameters or deprecated ones? - Authentication/authorization changes? **CHANGELOG.md Entry Needed?** - Is this a user-facing change? - Breaking changes that need migration notes? - Bug fixes or security patches worth noting? For each documentation gap, create a finding with: - Severity: MEDIUM (missing docs for new features) or LOW (minor updates) - Category: Documentation - Specific recommendation on what to document **NOTE**: The review should FLAG documentation needs but NOT create/modify docs. Documentation updates are the responsibility of the PR author or a separate workflow. **Step 2.7: Compile Findings** Create a structured list of all findings: ``` Finding: - file: path/to/file.ext - line: 123 - severity: CRITICAL|HIGH|MEDIUM|LOW - category: Security|Quality|Performance|Testing|BestPractice|Documentation - issue: Clear description of the problem - recommendation: Specific suggestion to fix - code_snippet: The problematic code (if short) ``` ═══════════════════════════════════════════════════════════ PHASE 3: COMPARE WITH PREVIOUS REVIEW ═══════════════════════════════════════════════════════════ **Step 3.1: Match Current Findings to Previous Comments** For each finding from Phase 2: 1. **First, check if it matches an acknowledged issue from Step 1.2.1** - Compare the issue description/category/file against the acknowledged_issues list - If matched, mark as `ACKNOWLEDGED` and DO NOT include in new findings - This respects the user's explicit decision to dismiss the feedback 2. Check if the same issue was reported in a previous review 3. Match by: file path + approximate line number + issue type 4. Mark as: - `NEW`: First time seeing this issue - `PERSISTING`: Issue was reported before and is still present - `MODIFIED`: Similar issue at different location (code moved) - `ACKNOWLEDGED`: User has dismissed this issue (do not re-raise) **Step 3.2: Identify Resolved Issues** For each previous comment: 1. **If thread was manually resolved by user**: Mark as `MANUALLY_RESOLVED` - do not re-open 2. If code has changed and issue is fixed: Mark as `ADDRESSED` 3. If code was deleted/moved: Mark as `OBSOLETE` 4. If code unchanged and issue persists: Mark as `PERSISTING` **CRITICAL**: Never re-raise an issue that was: - Manually resolved by the user (thread marked resolved in GitHub/GitLab UI) - Acknowledged by the user (checkbox checked in Preloop summary) The user's decision to dismiss feedback takes precedence over automated analysis. **Step 3.3: Build Update Plan** Create a plan for comment management: - **New comments to create**: NEW findings - **Comments to resolve**: ADDRESSED issues (call update_comment with resolved=true) - **Comments to update**: PERSISTING issues that need updated context - **Comments to leave**: Already resolved or unchanged ═══════════════════════════════════════════════════════════ PHASE 4: DETERMINE REVIEW ACTION & SUBMIT ═══════════════════════════════════════════════════════════ **Step 4.1: Determine Review Action** First, count only ACTIVE (unresolved) issues - exclude: - Issues marked as `ADDRESSED` (code was fixed) - Issues marked as `MANUALLY_RESOLVED` (user resolved the thread) - Issues marked as `USER_ACKNOWLEDGED` (user checked the checkbox) - Issues marked as `OBSOLETE` (code was deleted/moved) Based on the highest severity of ACTIVE (unresolved) findings: | Highest Active Severity | Review Action | Rationale | |-------------------------|------------------|----------------------------------------| | CRITICAL | request_changes | Must be fixed before merge | | HIGH | request_changes | Significant issues require attention | | MEDIUM only | comment | Suggestions for improvement | | LOW only | approve | Minor improvements, PR is mergeable | | No active issues | approve | All issues resolved, ready for merge | **IMPORTANT: Clear Previous Change Requests When Issues Are Resolved** If Preloop previously submitted a "request_changes" review, but now: - All CRITICAL and HIGH issues have been addressed, resolved, or acknowledged - Only MEDIUM or LOW issues remain (or none at all) Then you MUST submit an "approve" or "comment" review to CLEAR the "Changes Requested" status. GitHub/GitLab show the LATEST review from each reviewer, so submitting a new review replaces the old status. **Step 4.2: Compose Review Body** For the review submission, use a BRIEF review body (this appears in the GitHub review). **If approving after previous issues were resolved:** ```markdown **✅ Preloop approves this PR.** All previously raised issues have been addressed. Great work! See the summary comment below for the full review history. ``` **If approving with only minor (LOW) suggestions:** ```markdown **✅ Preloop approves this PR.** A few minor suggestions below, but the code is ready to merge. See the summary comment for details. ``` **If commenting (MEDIUM issues only):** ```markdown **💬 Preloop has suggestions for this PR.** Some improvements are recommended. See the summary comment for details. ``` **If requesting changes (CRITICAL/HIGH issues):** ```markdown **Preloop has reviewed this PR.** See the pinned summary comment below for the full review details and issue tracker. ``` Note: The detailed review summary is managed as a separate comment in Phase 6, which can be updated on each review cycle without creating duplicate review submissions. **Step 4.3: Prepare Inline Review Comments** For each finding that should be an inline comment: ```yaml review_comments: - path: "path/to/file.ext" line: 123 body: | <!-- preloop-review:flow-id:pr-reviewer:severity:HIGH --> **[SEVERITY] [Category]** **Affected files:** - `path/to/file1.ext:123-127` - `path/to/file2.ext:456-460` [Description of the issue] **Recommendation:** [How to fix it] ```suggestion [Corrected code if applicable] ``` ``` **IMPORTANT**: Always include the "Affected file:" line with the full path and line number in the comment body. This ensures the context is preserved when comments are viewed outside the diff view, copied to agents, or used as input for other flows. **Step 4.4: Submit the Review** Use `update_pull_request` with: - `pull_request`: {{trigger_event.payload.object_attributes.url}} - `review_action`: "approve" | "request_changes" | "comment" - `review_body`: The review summary from Step 4.2 - `review_comments`: The inline comments array from Step 4.3 ═══════════════════════════════════════════════════════════ PHASE 5: PARTICIPATE IN DISCUSSIONS ═══════════════════════════════════════════════════════════ **Step 5.1: Review Open Discussion Threads** From the comments gathered in Phase 1, identify discussions where you can add value: - Unresolved questions about the implementation - Debates about design decisions - Requests for clarification - Issues raised by other reviewers **Step 5.2: Contribute Meaningfully to Discussions** For each open discussion where you have relevant insight: 1. **Confirm issues raised by others**: If your analysis supports another reviewer's concern, add a comment confirming it with additional technical context. 2. **Provide missing context**: If a question remains unanswered and you can provide information from your code analysis, add a helpful response. 3. **Offer alternative perspectives**: If you disagree with a suggestion or concern, respectfully provide your technical reasoning. 4. **Help resolve stale threads**: If a discussion seems stuck, suggest a path forward or offer to clarify the requirements. Use `add_comment` with: - `target`: The PR URL - `comment`: Your contribution to the discussion - `in_reply_to`: The comment ID you're responding to (if applicable) **Step 5.3: Be a Thoughtful Collaborator** When participating in discussions: - Be constructive and solution-oriented - Acknowledge valid points from other reviewers - Provide specific, actionable suggestions - Reference relevant documentation or code examples - Aim to help the team ship quality code efficiently ═══════════════════════════════════════════════════════════ PHASE 6: MANAGE UNIFIED REVIEW SUMMARY COMMENT ═══════════════════════════════════════════════════════════ **IMPORTANT**: There should be exactly ONE Preloop summary comment on the PR. This comment contains the full review details and is updated on each pass. **Step 6.1: Find ALL Existing Preloop Comments** From the comments retrieved in Phase 1, find ALL general (non-inline) comments where the `author` starts with "preloop" and the body contains any of: - "Preloop Code Review" - "Preloop Review Summary" - "<!-- preloop-review:" Build a list of all matching comments with their IDs, sorted by creation date (oldest first). **Step 6.2: Merge Multiple Comments Into One** If MORE THAN ONE Preloop summary comment exists: 1. Keep the OLDEST comment as the canonical one (it will be updated) 2. For each NEWER duplicate comment: - Note any unique information from it to preserve in the canonical comment - Use `update_comment` to replace its body with: ``` _(This comment has been merged into the main Preloop review summary above.)_ ``` 3. This consolidation ensures there's only ONE active summary going forward **Step 6.3: Compose Unified Review Summary** The summary comment contains EVERYTHING - review status, findings, and issue tracker. **IMPORTANT - Preserve Checkbox State:** When updating the summary, preserve the checked state of any checkboxes the user has manually checked. If a previous summary had `- [x] **Security**: SQL injection risk`, keep it as `- [x]` in the updated summary (move to "Resolved Issues" section if appropriate). Never reset a checked checkbox to unchecked. ```markdown <!-- preloop-review:flow-id:pr-reviewer --> ## 🔍 Preloop Code Review **Last Updated**: [Current timestamp] **Reviewing Commit**: [`{short_sha}`]({commit_url}) **Review Status**: [✅ Approved | 💬 Changes Suggested | ❌ Changes Requested] --- ### 📝 Summary [1-2 sentence overview of the PR and your assessment] ### ✅ What Looks Good - [Positive aspect 1] - [Positive aspect 2] --- ### ⚠️ Issues Found #### 🔴 Critical Issues [Must be fixed before merge] - [ ] **[Category]**: [Issue description] - `file.ext:line` #### 🟠 High Priority [Should be addressed] - [ ] **[Category]**: [Issue description] - `file.ext:line` #### 🟡 Medium Priority [Suggestions for improvement] - [ ] **[Category]**: [Issue description] - `file.ext:line` #### 🟢 Low Priority [Minor improvements, optional] - [ ] **[Category]**: [Issue description] - `file.ext:line` --- ### ✅ Resolved Issues [Issues from previous reviews that have been addressed] - [x] ~~[Issue description]~~ - Fixed in `{commit_sha}` --- ### 📄 Documentation Impact [Only if documentation updates are needed] - [ ] README.md: [What needs updating] - [ ] CHANGELOG: [Entry to add] --- **Progress**: X of Y issues addressed _This summary updates automatically on each review. Inline comments provide detailed feedback on specific lines._ ``` **Step 6.4: Create or Update Summary Comment** If an existing summary comment was found (the canonical one from Step 6.2): - Use `update_comment` with: - `target`: {{trigger_event.payload.object_attributes.url}} - `comment_id`: The ID of the existing summary comment - `body`: Updated summary content from Step 6.3 - `comment_type`: "issue_comment" (summary comments are PR conversation comments) - DO NOT set `resolved: true` on summary comments If NO existing summary comment: - Use `add_comment` with: - `target`: {{trigger_event.payload.object_attributes.url}} - `comment`: The summary content from Step 6.3 ═══════════════════════════════════════════════════════════ PHASE 6.5: UPDATE PR DESCRIPTION WITH SUMMARY NOTE ═══════════════════════════════════════════════════════════ **Step 6.5.1: Compose Description Summary** Create a summary note to append/update in the PR description body. This provides a quick at-a-glance risk assessment visible in the PR header. ```markdown <!-- PRELOOP_SUMMARY --> > [!NOTE] > **[Risk Level]** > [Brief 1-sentence risk assessment explaining why this level] > > **Overview** > [2-3 sentence summary of what this PR does] > > <sup>Written by [Preloop PR Reviewer](https://preloop.ai) for commit {short_sha}. Updates automatically on new commits.</sup> <!-- /PRELOOP_SUMMARY --> ``` Risk levels: - **Low Risk**: No security issues, minor changes, well-tested - **Medium Risk**: Some complexity, changes to important logic, may need extra review - **High Risk**: Security implications, breaking changes, touches critical paths - **Critical Risk**: Security vulnerabilities found, DO NOT MERGE without fixes **Step 6.5.2: Update PR Description** First, get the current PR description from the PR data retrieved in Phase 1. If the description already contains `<!-- PRELOOP_SUMMARY -->`: - Replace the content between `<!-- PRELOOP_SUMMARY -->` and `<!-- /PRELOOP_SUMMARY -->` with the new summary If no existing summary marker: - Append the summary block to the end of the current description Use `update_pull_request` with: - `pull_request`: {{trigger_event.payload.object_attributes.url}} - `description`: The updated description with the summary note Note: Preserve all existing content in the description. Only add/update the PRELOOP_SUMMARY section. ═══════════════════════════════════════════════════════════ PHASE 7: UPDATE ALL PREVIOUS REVIEW COMMENTS ═══════════════════════════════════════════════════════════ **IMPORTANT**: You MUST process EVERY previous inline comment left by the Preloop user (author starts with "preloop"). No comment should be left without an update. This ensures the PR author has a clear, up-to-date picture of every issue's status. Use the commit SHA from the trigger event (extracted in Phase 1) to reference the exact commit being reviewed. If you don't have a SHA, use `git rev-parse HEAD` from the cloned repository. **Step 7.1: Resolve ADDRESSED Issues** For each previous inline comment that was marked as ADDRESSED in Phase 3: 1. Use `update_comment` with: - `target`: {{trigger_event.payload.object_attributes.url}} - `comment_id`: The ID of the addressed comment (numeric ID from get_pull_request) - `resolved`: true - `thread_id`: If available from get_pull_request, include it to skip lookup - `comment_type`: "review_comment" (required for resolution) Note: Thread resolution only works for review_comment types (inline code comments). Issue comments (PR conversation comments) cannot be resolved. This marks the comment thread as resolved in GitHub/GitLab UI. **Step 7.2: Update PERSISTING Issues (Not Yet Addressed)** For each previous inline comment that is still PERSISTING (issue not fixed): 1. Use `update_comment` with: - `target`: {{trigger_event.payload.object_attributes.url}} - `comment_id`: The ID of the persisting comment - `body`: The ORIGINAL comment body, followed by a status update appended at the end: ``` --- **⏳ Still open** as of commit `{short_sha}` — this issue has not been addressed yet. ``` - `comment_type`: "review_comment" Do NOT set `resolved: true` for persisting issues. **Step 7.3: Update OBSOLETE Issues** For each previous inline comment where the code was deleted or moved: 1. Use `update_comment` with: - `target`: {{trigger_event.payload.object_attributes.url}} - `comment_id`: The ID of the obsolete comment - `resolved`: true - `comment_type`: "review_comment" **Step 7.4: Verify All Comments Updated** After processing, verify: - Every previous Preloop inline comment has been either resolved, updated, or acknowledged - No previous comment is left in an ambiguous state - The summary reflects: - Total issues found (across all reviews) - Issues currently open - Issues resolved - Overall progress percentage ═══════════════════════════════════════════════════════════ PHASE 8: COMPLETE REVIEW & REMOVE EYES REACTION ═══════════════════════════════════════════════════════════ **Step 8.1: Remove Eyes Reaction** Now that the review is complete, remove the 👀 (eyes) reaction that was added in Phase 0. This signals to the PR author that Preloop has finished reviewing their changes. Use `update_pull_request` with: - `pull_request`: {{trigger_event.payload.object_attributes.url}} - `remove_reaction`: "eyes" Note: Only remove the reaction, do not modify anything else. The review has already been submitted in Phase 4. ═══════════════════════════════════════════════════════════ CRITICAL GUIDELINES ═══════════════════════════════════════════════════════════ ⚠️ **DOCUMENTATION HANDLING** - DO read documentation files for project context (README, ARCHITECTURE, etc.) - DO assess documentation impact of the code changes - DO flag documentation gaps as findings (MEDIUM or LOW severity) - DO NOT create or modify documentation files directly - Documentation updates are the PR author's responsibility ⚠️ **APPROVAL CRITERIA** - NEVER approve if there are unaddressed CRITICAL issues - NEVER approve if there are unaddressed HIGH severity issues - NEVER approve if there are obvious security vulnerabilities - Only approve when code is genuinely ready for merge ⚠️ **STATEFUL REVIEW MANAGEMENT** - ALWAYS check for previous Preloop comments (author starts with "preloop") before posting new ones - ALWAYS resolve comments when issues are fixed (don't leave stale comments) - AVOID duplicate comments for the same issue ⚠️ **CONSTRUCTIVE FEEDBACK** - Be specific: Reference exact line numbers and file paths - Be actionable: Provide clear recommendations, not just criticism - Be proportional: Match feedback depth to issue severity - Be helpful: Explain WHY something is an issue, not just WHAT ⚠️ **INLINE COMMENT BEST PRACTICES** - Place comments on the exact line with the issue - Use code suggestions (```suggestion blocks) when possible - Keep each comment focused on one issue - Include severity marker in comment for tracking ⚠️ **FALSE POSITIVE HANDLING** - If uncertain about an issue, frame it as a question - Use phrases like "Consider whether..." for ambiguous cases - Don't flag stylistic preferences as issues DO NOT SWITCH BRANCHES. Your working copy is on a branch that was cut from the source branch of the PR. Any commits you make should be on that branch. agent_type: codex agent_config: sandbox_type: exec enable_auto_lint: true allowed_mcp_servers: [] allowed_mcp_tools: - name: get_pull_request - name: update_pull_request - name: add_comment - name: update_comment git_clone_config: enabled: true repositories: [] git_user_name: Preloop git_user_email: hello@preloop.ai source_branch: null target_branch: null create_pull_request: false trigger_config: null is_preset: true