Skip to content

chore(ci): move Argus to the AAO Secretariat App identity#970

Open
bokelley wants to merge 1 commit into
mainfrom
secretariat-identity
Open

chore(ci): move Argus to the AAO Secretariat App identity#970
bokelley wants to merge 1 commit into
mainfrom
secretariat-identity

Conversation

@bokelley

@bokelley bokelley commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Migrates the Argus AI-review workflow from the IPR App identity to the new AAO Secretariat GitHub App, matching the spec repo's migration (adcontextprotocol/adcp#5832).

What changed

  • App token minting (.github/workflows/ai-review.yml): secrets.IPR_APP_ID / secrets.IPR_APP_PRIVATE_KEYsecrets.SECRETARIAT_APP_ID / secrets.SECRETARIAT_APP_PRIVATE_KEY. Reviews will post as aao-secretariat[bot] (previously aao-ipr-bot[bot]) and continue to count toward the "1 review required" branch-protection check.
  • Verifier pin: added a workflow-level ARGUS_BOT_LOGIN: aao-secretariat[bot] env and pinned the review-verification step on that login (it previously matched any user.type == "Bot" review).
  • Prompt loading hardened: the reviewer prompt is now read from the PR's base SHA via git show "${BASE_SHA}:.github/ai-review/expert-adcp-reviewer.md", failing closed if the file is missing at base. Previously it was cat from the working checkout (which was checked out at base SHA, but without the explicit fail-closed base-SHA read).
  • WG constitution appended to the prompt: the prompt-building step fetches .agents/wg/constitution.md from adcontextprotocol/adcp@main at review time and appends it under a ## WG constitution (from adcontextprotocol/adcp@main) heading when non-empty. It is fetched from the spec repo's main branch — not from this repo and not from the PR — so it is not attacker-controlled by the PR under review. If the fetch fails, the review runs without it.
  • Reviewer prompt identity (.github/ai-review/expert-adcp-reviewer.md): replaced the personal-voice identity clause with the AAO Secretariat review-desk identity — apply the WG constitution appended to the prompt and cite decision records (DR-NNNN in the spec repo's governance/decisions/) when a question is settled precedent. Repo-specific review logic (MUST FIX lists, coverage rules, expert delegation) is untouched.

No other workflows, changesets, or version files touched. ipr-agreement.yml keeps its own IPR App secrets.

⚠️ DO NOT MERGE yet

DO NOT MERGE until the org-level SECRETARIAT_APP_ID / SECRETARIAT_APP_PRIVATE_KEY secrets are visible to this repo — otherwise the Mint App token step fails and Argus reviews stop on every PR.

🤖 Generated with Claude Code

Mint the review App token from SECRETARIAT_APP_ID /
SECRETARIAT_APP_PRIVATE_KEY instead of the IPR App secrets, pin the
review verifier to aao-secretariat[bot] via ARGUS_BOT_LOGIN, load the
reviewer prompt from the PR's base SHA (failing closed if missing at
base), and append the WG constitution fetched from
adcontextprotocol/adcp@main to the review prompt at review time. The
reviewer prompt identifies Argus as the AAO Secretariat's review desk
and cites DR-NNNN decision records for settled precedent.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant