resolve-agent-reviews by pbakaus/agent-reviews

Automatically resolve findings from PR review bots (Copilot, Cursor Bugbot, CodeRabbit, etc.) on the current PR. Uses a two-phase workflow: fix all existing issues, then poll for new ones until bots go quiet.

Prerequisites

All commands below use npx agent-reviews. If the project uses a different package manager, substitute the appropriate runner (e.g., pnpm dlx agent-reviews for pnpm, yarn dlx agent-reviews for Yarn, bunx agent-reviews for Bun). Honor the user's package manager preference throughout.

Cloud environments only (e.g., Codespaces, remote agents): verify git author identity so CI checks can map commits to the user. Run git config --global --get user.email and if empty or a placeholder, set it manually. Skip this check in local environments.

Phase 1: FETCH & FIX (synchronous)

Step 1: Fetch All Bot Comments (Expanded)

Run npx agent-reviews --bots-only --unanswered --expanded

The CLI auto-detects the current branch, finds the associated PR, and authenticates via gh CLI or environment variables. If anything fails (no token, no PR, CLI not installed), it exits with a clear error message.

This shows only unanswered bot comments with full detail: complete comment body (no truncation), diff hunk (code context), and all replies. Each comment shows its ID in brackets (e.g., [12345678]).

If zero comments are returned, print "No unanswered bot comments found" and skip to Phase 2.

Step 3: Process Each Unanswered Comment

For each comment from the expanded output:

A. Evaluate the Finding

Read the referenced code and determine:

TRUE POSITIVE - A real bug that needs fixing
FALSE POSITIVE - Not actually a bug (intentional behavior, bot misunderstanding)
UNCERTAIN - Not sure; ask the user

Likely TRUE POSITIVE:

Code obviously violates stated behavior
Missing null checks on potentially undefined values
Type mismatches or incorrect function signatures
Logic errors in conditionals
Missing error handling for documented failure cases

Likely FALSE POSITIVE:

Bot doesn't understand the framework/library patterns
Code is intentionally structured that way (with comments explaining why)
Bot is flagging style preferences, not bugs
The "bug" is actually a feature or intentional behavior
Bot misread the code flow

When UNCERTAIN -- ask the user:

The fix would require architectural changes
You're genuinely unsure if the behavior is intentional
The "bug" relates to business logic you don't fully understand
Multiple valid interpretations exist
The fix could have unintended side effects

B. Act on Evaluation

If TRUE POSITIVE: Fix the code. Track the comment ID and a brief description of the fix.

If FALSE POSITIVE: Do NOT change the code. Track the comment ID and the reason it's not a real bug.

If UNCERTAIN: Ask the user. If they say skip, track it as skipped.

Do NOT reply to comments yet. Replies happen after the commit (Step 5).

Step 4: Commit and Push

After evaluating and fixing ALL unanswered comments:

Run your project's lint and type-check

Stage, commit, and push:

git add -A
git commit -m "fix: address PR review bot findings

{List of bugs fixed, grouped by bot}"
git push

Capture the commit hash from the output.

Step 5: Reply to All Comments

Now that the commit hash exists, reply to every processed comment. The --resolve flag marks the review thread as resolved on GitHub.

For each TRUE POSITIVE:

Run npx agent-reviews --reply <comment_id> "Fixed in {hash}. {Brief description of the fix}" --resolve

For each FALSE POSITIVE:

Run npx agent-reviews --reply <comment_id> "Won't fix: {reason}. {Explanation of why this is intentional or not applicable}" --resolve

For each SKIPPED:

Run npx agent-reviews --reply <comment_id> "Skipped per user request" --resolve

DO NOT start Phase 2 until all replies are posted.

Phase 2: POLL FOR NEW COMMENTS (loop until quiet)

The watcher exits immediately when new comments are found (after a 5s grace period to catch batch posts). This means you run it in a loop: start watcher, process any comments it returns, restart watcher, repeat until the watcher times out with no new comments.

Step 6: Start Watcher Loop

Repeat the following until the watcher exits with no new comments:

6a. Launch the watcher in the background:

Run npx agent-reviews --watch --bots-only as a background task.

6b. Wait for the background command to complete (default 10 minutes; override with --timeout).

6c. Check the output:

If new comments were found (output contains EXITING WITH NEW COMMENTS):
1. Use --detail <id> to read each new comment's full detail
2. Process them exactly as in Phase 1, Steps 3-5 (evaluate, fix, commit, push, reply)
3. Go back to Step 6a to restart the watcher
If no new comments (output contains WATCH COMPLETE): Stop looping and move to the Summary Report.

Summary Report

After both phases complete, provide a summary:

## PR Review Bot Resolution Summary

### Results
- Fixed: X bugs
- Already fixed: X bugs
- Won't fix (false positives): X
- Skipped per user: X

### By Bot
#### cursor[bot]
- BUG-001: {description} - Fixed in {commit}
- BUG-002: {description} - Won't fix: {reason}

#### Copilot
- {description} - Fixed in {commit}

### Status
All findings addressed. Watch completed.

Important Notes

Response Policy

Every finding gets a response - No silent ignores
Responses help train bots and document decisions
"Won't fix" responses prevent the same false positive from being re-raised

User Interaction

Ask the user when uncertain about a finding
Don't guess on architectural or business logic questions
It's better to ask than to make a wrong fix or wrong dismissal

Best Practices

Verify findings before fixing - bots have false positives
Keep fixes minimal and focused - don't refactor unrelated code
Ensure type-check and lint pass before committing
Group related fixes into a single commit
Copilot suggestion blocks often contain ready-to-use fixes