From ca6385ac364e904502f9d440990b5314a060212a Mon Sep 17 00:00:00 2001
From: Nathan Heskew <nathan@harperdb.io>
Date: Tue, 12 May 2026 12:13:37 -0700
Subject: [PATCH] ci: bump both AI-review caller pins to
 ai-review-prompts@128656e4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Symmetric pin across `claude-review.yml` and `gemini-review.yml`.
Both callers now reference the same ai-review-prompts SHA — easier
to audit "are we current?" without per-file checks, and matches
the "single pin per repo upgrade motion" the caller comment
already promises.

`claude-review.yml` (was @3278ce4e, post-#20) → @128656e4.
Picks up:
- Shared-script refactor (#22): provider-agnostic
  find-prior-review-comment.sh + log-review-to-ai-review-log.sh
  with explicit MARKER / MODEL env vars. Behavior for Claude
  unchanged (PROVIDER_LABEL stays empty → legacy title format
  preserved). New body fields: `**Run:**` link to the workflow
  run page (visible in ai-review-log entries).
- authorize-claude-workflow.sh → authorize-ai-workflow.sh rename
  (handled inside the reusable; consumer caller untouched).
- Auth-gate validator generalization to pattern-based glob.

`gemini-review.yml` (was @9471cd80, post-#22) → @128656e4.
Picks up:
- Architectural fix (#24): workflow posts the Gemini response
  via a new post step, since run-gemini-cli's single-shot mode
  doesn't give the agent tool access to call `gh pr comment`
  itself.
- Output-name fix (#25): post step now references the action's
  caller-facing output (`summary`) instead of the action's
  internal step output (`gemini_response`). Without this fix
  the post step was always skipped silently — discovered on
  this PR's first run (after #24's artifact-upload addition
  let us see the agent's actual response in stdout.log).
- Artifact upload enabled on the Gemini step for post-mortem
  visibility.
- Default model flipped to `gemini-3-flash-preview` (#23) —
  Google's current-gen mid-tier Flash, the apples-to-apples
  peer of Claude Sonnet 4.6. No `model:` override needed here.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/claude-review.yml | 4 ++--
 .github/workflows/gemini-review.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index 557738d..ce6f4a7 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -24,7 +24,7 @@ concurrency:
 
 jobs:
   review:
-    uses: HarperFast/ai-review-prompts/.github/workflows/_claude-review.yml@3278ce4e63c5af33cd1db68602aad9580e60dce7 # main 2026-05-09 (post #20 — title format + areas-not-traced + dev/prod dep rule)
+    uses: HarperFast/ai-review-prompts/.github/workflows/_claude-review.yml@128656e40c87c0e1293c542a5500df4f68dbff85 # main 2026-05-12 (post #25 — symmetric pin with gemini-review.yml; picks up shared-script refactor and authorize-ai-workflow.sh rename)
     with:
       # Same SHA as the `uses:` ref above. The reusable uses this to
       # check out HarperFast/ai-review-prompts (layer files + bash
@@ -35,7 +35,7 @@ jobs:
       # introspect their own ref (`github.workflow_ref` resolves to the
       # CALLER's ref in `workflow_call` context), and `uses: …@<ref>`
       # is parsed literally so we can't interpolate a variable.
-      ai-review-prompts-ref: 3278ce4e63c5af33cd1db68602aad9580e60dce7
+      ai-review-prompts-ref: 128656e40c87c0e1293c542a5500df4f68dbff85
       review-layers: |
         universal
         harper/common
diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml
index 15692db..936a315 100644
--- a/.github/workflows/gemini-review.yml
+++ b/.github/workflows/gemini-review.yml
@@ -34,13 +34,13 @@ concurrency:
 
 jobs:
   review:
-    uses: HarperFast/ai-review-prompts/.github/workflows/_gemini-review.yml@9471cd8026bbbf6b0eb2a75143071c533811c52e # main 2026-05-12 (post #22 — Gemini reusable + shared provider scripts + auth-gate validator generalization)
+    uses: HarperFast/ai-review-prompts/.github/workflows/_gemini-review.yml@128656e40c87c0e1293c542a5500df4f68dbff85 # main 2026-05-12 (post #25 — workflow posts Gemini response, output-name fix, default model gemini-3-flash-preview)
     with:
       # Same SHA as the `uses:` ref above. See claude-review.yml
       # in this repo for why the duplication is unavoidable
       # (reusable workflows can't introspect their own ref in
       # workflow_call context).
-      ai-review-prompts-ref: 9471cd8026bbbf6b0eb2a75143071c533811c52e
+      ai-review-prompts-ref: 128656e40c87c0e1293c542a5500df4f68dbff85
       review-layers: |
         universal
         harper/common