feat: add dryrun-pr-review plugin with permission prompt optimizations#7
Open
feat: add dryrun-pr-review plugin with permission prompt optimizations#7
Conversation
Add new dryrun-pr-review plugin that handles full PR lifecycle:
- Branch creation with {user}/{type}/{name} convention
- Conventional commit messages with co-author attribution
- PR/MR creation for both GitHub and GitLab
- Timestamp-based polling for DryRunSecurity review comments
- Presents findings to user for decisions (no auto-fix)
- Iterative fix-push-poll loop until review complete
Update README with plugin comparison table and usage
Replace hardcoded Conventional Commits format with auto-detection: - Check for saved conventions in .claude/pr-conventions.md - Discover branch naming from git branch -r patterns - Discover commit format from git log history - Discover PR/MR structure from gh/glab list output - Prompt user to save detected conventions for reuse - Fall back to sensible defaults if no patterns found - Apply discovered conventions to branches, commits, and PR
- Expand intro and philosophy to cover both remediation and PR review workflows - Add PR review usage examples alongside remediation usage - Update dryrun-pr-review Features to reflect convention discovery (not hardcoded conventions) - Fix version header example to match current standalone file header name - Add copilot-instructions.md to directory structure tree
- Add dryrun-pr-review SKILL.md to the Making Changes file list - Add copilot-instructions.md to file list - Update 'Keep files in sync' description for combined standalone format - Add dryrun-pr-review plugin.json to manifest versions section - Split File Sync Checklist by workflow with copilot-instructions.md added - Update quick version grep to include pr-review SKILL.md
…it format - Add full frontmatter (version, triggers, compatibility, allowed_tools, output, license) to match dryrun-remediation skill consistency - Fix Step 6 commit message to follow discovered conventions instead of hardcoded conventional commits format - Update marketplace.json description to reflect both plugins
- Remove convention discovery section; rely on agent's in-flight judgment for branch naming, commit format, and PR/MR body style - Replace multi-step platform detection script with a single `git remote get-url origin` call — agent derives PLATFORM, OWNER, REPO/PROJECT from the URL directly, eliminating subshell $() calls that triggered permission prompts - Drop Write from allowed_tools (no longer writing a conventions file) - Sync all changes to standalone .cursorrules, .windsurfrules, RULES.md, and copilot-instructions.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
peterkarman1
approved these changes
Apr 9, 2026
…-review - Exit polling loop immediately when DryRunSecurity comments are detected - Check for existing PR/MR before creating to avoid duplicate creation - Replace glab api --jq flag with pipe to jq (glab does not support --jq) - Fix decline reply to use issue comments endpoint, not inline review replies, since DryRunSecurity only posts on the PR thread Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Apply consistent fixes across SKILL.md and all four standalone agent files (.cursorrules, .windsurfrules, RULES.md, copilot-instructions.md): - Exit polling loop immediately when DryRunSecurity comments are detected - Check for existing PR/MR before creating to avoid duplicate creation - Replace glab api --jq flag with pipe to jq (glab does not support --jq) - Fix decline reply to use issue comments endpoint, not inline review replies - Clarify timeout message: inform user the review period is complete Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
dryrun-pr-reviewplugin: full PR/MR lifecycle automation for DryRunSecurity users (branch, commit, push, open PR/MR, poll for DryRunSecurity review comments, present findings, loop until satisfied)git remote get-url origin.claude/pr-conventions.md— skips re-detection on subsequent runs.cursorrules,.windsurfrules,RULES.md,copilot-instructions.md) updated to include Workflow 2 (PR Review) alongside Workflow 1 (Remediation)Write/Edit/Glob/Grepinallowed_toolsfrontmattergit,gh,glab) to reduce session-level promptsTest plan
.claude/pr-conventions.md🤖 Generated with Claude Code