diff --git a/.github/ISSUE_TEMPLATE/03-task.yml b/.github/ISSUE_TEMPLATE/03-task.yml index ba98722c4..b5dc9e1fd 100644 --- a/.github/ISSUE_TEMPLATE/03-task.yml +++ b/.github/ISSUE_TEMPLATE/03-task.yml @@ -61,10 +61,10 @@ body: id: execution_mode attributes: label: Execution mode - description: Pick the safest starting mode. + description: Pick the safest starting mode. Each option defines exactly what the agent must do next on this issue. options: - - Human review required before code changes - - Agent should investigate and propose a plan first - - Agent can implement directly + - Wait for human approval — the agent must not write code or open a PR until a human leaves an explicit "approved" comment on this issue + - Investigate and propose a plan first — the agent must post the plan as an issue comment and wait for an explicit "approved" comment before writing code or opening a PR + - Implement and open a PR — the agent makes the requested changes on a feature branch and opens a PR following the standard PR template without requiring prior issue-comment approval. The agent must not push directly to dev, and the resulting PR still requires human approval to merge. validations: required: true diff --git a/.github/labeler.yml b/.github/labeler.yml index 5b52405a1..fa39c467f 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -2,6 +2,7 @@ ci: - changed-files: - any-glob-to-any-file: - ".github/workflows/**" + - ".github/**" task: - changed-files: diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 46d482d79..392b5403d 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,3 +1,5 @@ + + ## Summary Describe what changed. @@ -12,7 +14,11 @@ Link the issue if there is one. ## Human Review Status -Pending. A human should make the final merge decision after reviewing the final diff and verification evidence. +Replace this paragraph with exactly one of the following lines: + +- `Pending` — waiting for a human reviewer to approve. +- `Approved by @` — name the human reviewer who signed off after the final diff and verification evidence were ready. +- `Not required: ` — only for automated release bumps, dependency updates, or other low-risk bot-authored PRs. State the reason. Do not select this for any change an agent authored on behalf of a human request. ## Review Focus @@ -20,13 +26,16 @@ What should reviewers pay the most attention to? ## Risk Notes -Call out behavior, data, permissions, dependencies, platform, or migration risks. Write "None" if there are no special risks. +Call out behavior, data, permissions, dependencies, platform, or migration risks. If you left any **(conditional)** checklist item below unticked, list each skipped item here with a one-line reason. Write "None" only when there are no risks AND no skipped items. ## How To Verify List the targeted checks you ran and the key result for each one. Prefer the smallest checks that cover the changed surface. Include the result, not just the command. + + ```text +# EXAMPLE — delete this block and replace with your real verification results YAML parse: ok for both issue forms Diff check: no whitespace errors Focused tests: 47 passed @@ -38,14 +47,21 @@ Required for visible UI changes. ## Checklist -- [ ] Human review status is stated above as pending, approved, or not required -- [ ] I linked the related issue, or stated why there is no issue -- [ ] This PR has exactly one type label (`bug`, `enhancement`, `task`, or `documentation`), at least one primary routing label (`app`, `ui`, `platform`, `harness`, or `ci`), and exactly one priority label (`P0` to `P3`), or I requested maintainer labeling -- [ ] I described the review focus and any meaningful risks -- [ ] I listed the relevant verification steps and the key result for each -- [ ] I did not introduce unrelated refactors, dependencies, generated files, or file changes beyond the stated scope -- [ ] I manually checked visible UI or copy changes when needed, with screenshots or recordings -- [ ] I considered macOS and Windows impact for platform, packaging, updater, signing, paths, shell, or permissions changes -- [ ] I called out docs, release notes, dependencies, permissions, credentials, deletion behavior, generated content, or local file changes when relevant -- [ ] I reviewed the final diff for unrelated changes and suspicious dependency changes -- [ ] I am targeting `dev`, and my PR title and commit messages use Conventional Commits in English +> **How to use this checklist:** +> - Tick a box by replacing `[ ]` with `[x]`. Do not edit, add, or remove items. +> - The bot-applied label items can only be honestly ticked AFTER the PR is opened and the labeler / priority-triage bots have run — return to the PR description and tick them then. +> - Most items are required. The few that are conditional are explicitly marked **(conditional)**; for those, leave unticked if they truly do not apply and explain why in Risk Notes. All other items must be ticked before requesting human review. + +- [ ] **Type label** — this PR carries exactly one of `bug`, `enhancement`, `task`, `documentation`. Type labels are author-added; the labeler bot does NOT assign them. Add the label in the GitHub UI, then tick this. +- [ ] **Routing labels** — this PR carries at least one of `app`, `ui`, `platform`, `harness`, `ci`. The labeler bot assigns these on PR open based on changed paths. Confirm the bot's choice (or override if wrong), then tick this. +- [ ] **Priority label** — this PR carries exactly one of `P0`, `P1`, `P2`, `P3`. The priority-triage bot suggests one on PR open. Confirm or override, then tick this. +- [ ] Human Review Status above is set to `Pending`, `Approved by @`, or `Not required: ` (default is `Pending`; "not required" is restricted to bot-authored low-risk PRs). +- [ ] I linked the related issue, or stated in Summary why there is no issue. +- [ ] I described the review focus and any meaningful risks. +- [ ] I replaced the example block in How To Verify with the real verification steps and the key result for each. +- [ ] I did not introduce unrelated refactors, dependencies, generated files, or file changes beyond the stated scope. +- [ ] **(conditional)** I manually checked visible UI or copy changes when needed, with screenshots or recordings. Leave unticked only if no visible UI or copy changed. +- [ ] **(conditional)** I considered macOS and Windows impact for platform, packaging, updater, signing, paths, shell, or permissions changes. Leave unticked only if no platform/packaging surface was touched. +- [ ] **(conditional)** I called out docs, release notes, dependencies, permissions, credentials, deletion behavior, generated content, or local file changes when relevant. Leave unticked only if none of those surfaces was touched. +- [ ] I reviewed the final diff for unrelated changes and suspicious dependency changes. +- [ ] I am targeting `dev`, and my PR title and commit messages use Conventional Commits in English.