From f1e7a3dbfbfffedc3f4deb172588607f9ab5214a Mon Sep 17 00:00:00 2001
From: Nathan Heskew <nathan@harperdb.io>
Date: Sat, 16 May 2026 08:48:26 -0700
Subject: [PATCH] ci: bump ai-review-prompts pin to f22bf7d (post #37 + #38 +
 #40) + label-gated review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three changes from ai-review-prompts main since this PR was first opened:

  - #37: harper/common.md gains "Meta-checks" section + reuse /
    CI hygiene / lockfile drift bullets.
  - #38: label-gated review for bot-authored PRs (`claude-review`
    label as opt-in gesture).
  - #40: revert of #39's workflow-level `permissions: {}` on
    reusables — #39 broke reusable callers via the calling-
    workflow-caps-reusable rule. Empirically verified working
    on harper main (PR #576).

Caller changes in this commit:

  - Pin bumped to `f22bf7d` (post-#37 + post-#38 + post-#40).
    Catches the pin up from `3278ce4e` (post-#20) which main
    was rolled back to during the #39 incident.
  - `pull_request: types:` adds `labeled` so the new bot-PR
    gesture fires.
  - **No caller-side `permissions: {}`**. Earlier version
    included that recommendation from #39; #40 reverted the
    recommendation.

Repo-side prerequisite (already applied via `gh label create`):

  - `claude-review` label exists on this repo.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
---
 .github/workflows/claude-review.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index 12e9ff902..154ebdfec 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -14,7 +14,9 @@ name: Claude PR Review
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened]
+    # `labeled` admits the `claude-review` label gesture for
+    # bot-authored PRs (renovate, dependabot). See ai-review-prompts#38.
+    types: [opened, synchronize, reopened, labeled]
 
 concurrency:
   group: claude-review-${{ github.event.pull_request.number }}
@@ -22,7 +24,7 @@ concurrency:
 
 jobs:
   review:
-    uses: HarperFast/ai-review-prompts/.github/workflows/_claude-review.yml@3278ce4e63c5af33cd1db68602aad9580e60dce7 # main 2026-05-09 (post #20 — title format + areas-not-traced + dev/prod dep rule)
+    uses: HarperFast/ai-review-prompts/.github/workflows/_claude-review.yml@f22bf7dcb7d22d5de94c938daa9d790f2b5c776b # main 2026-05-18 (post #37 + #38 + #40 — calibration layer update + label-gated bot-PR review; #39's workflow-level `permissions: {}` reverted in #40 because it broke reusable callers via the GH Actions calling-workflow-caps-reusable rule)
     with:
       # Same SHA as the `uses:` ref above. The reusable uses this to
       # check out HarperFast/ai-review-prompts (layer files + bash
@@ -32,7 +34,7 @@ jobs:
       # introspect their own ref (`github.workflow_ref` resolves to
       # the CALLER's ref in `workflow_call` context), and `uses: …@<ref>`
       # is parsed literally so we can't interpolate a variable.
-      ai-review-prompts-ref: 3278ce4e63c5af33cd1db68602aad9580e60dce7
+      ai-review-prompts-ref: f22bf7dcb7d22d5de94c938daa9d790f2b5c776b
       review-layers: |
         universal
         harper/common