Add on.pull_request_reviewer: slash_command synthetic trigger and reviewer lifecycle routing

[Copilot]

This introduces a synthetic reviewer trigger to support fill-PR-reviewer lifecycle dispatch through centralized command routing. It adds reviewer-aware concurrency, lifecycle event routing, PR-closed startup cancellation, and marker-based workflow resolution for review events.

• Trigger model + schema

  • Adds on.pull_request_reviewer to the main workflow schema with slash_command as the supported mode.
  • Wires frontmatter extraction and workflow data propagation for reviewer-triggered workflows.

• Compiler defaults for reviewer lifecycle

  • Treats reviewer trigger as centralized command routing.
  • Adds reviewer lifecycle event coverage for pull_request (ready_for_review) and pull_request_review.
  • Applies PR-scoped concurrency defaults with queue-max behavior for reviewer flows.

• Central router generation (agentic_commands.yml)

  • Extends route collection to emit reviewer lifecycle routes.
  • Adds reviewer routing payload (GH_AW_REVIEWER_ROUTING) and reviewer section in generated routing metadata/comments.
  • Ensures workflow generation remains enabled when reviewer routes exist even without standard slash/label routes.

• Runtime dispatch (route_slash_command.cjs)

  • Cancels execution early when the PR is already closed at workflow start.
  • Dispatches reviewer workflows for pull_request ready_for_review.
  • Dispatches reviewer workflows for pull_request_review actions (submitted, edited, dismissed) by resolving the target workflow from XML markers in review body.

• Special resolution path for review events

  • Uses existing XML marker extraction (extractWorkflowId) to map review/resolution activity back to the correct workflow owner/creator context.

on:
  pull_request_reviewer: slash_command

// reviewer route payload example
GH_AW_REVIEWER_ROUTING='[
  {"workflow":"pr-reviewer","events":["pull_request","pull_request_review"]}
]'

---

pr-sous-chef: request to update branch (run id: 26122348307)

Generated by 👨‍🍳 PR Sous Chef · ● 246.4K · ◷

---

Changeset

• Type: patch
• Description: Add synthetic on.pull_request_reviewer trigger support and reviewer lifecycle routing for pull request review workflows.

Generated by 📋 Changeset Generator for issue #33273 · ● 1.8M · ◷

---

---

✨ PR Review Safe Output Test - Run 26125419230

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · ● 7.1M · ◷

[pelikhan]

@copilot

• each agentic workflow should have a unique slash command name

on:
pull_request_reviewer: <slash_command_id>

that is compiled as a centralized slash command

• register a global "/review" command that dispatches all reviewers on the PR. shortcut on closed PR.

[pelikhan]

@copilot slash command id should be inferred if missing

[Copilot]

@copilot

• each agentic workflow should have a unique slash command name...

Implemented in 17789b4: pull_request_reviewer workflows now enforce unique slash command names (case-insensitive) and compilation fails on duplicates. Added coverage in TestGenerateCentralSlashCommandWorkflow_ErrorsOnDuplicateReviewerCommandName.

[Copilot]

@copilot slash command id should be inferred if missing

Implemented in 4bb9817: when a pull_request_reviewer workflow has no slash command configured, the router now infers it from the workflow ID and includes it in centralized slash routing. Uniqueness checks still apply to inferred IDs.

[pelikhan]

@copilot

• remove slash command automatic generation with reviewer, the user can declare slash-command
• handle or review requested to rerun the reviewers

[Copilot]

@copilot

• remove slash command automatic generation with reviewer, the user can declare slash-command ...

Addressed in e348900.

• Removed automatic slash-command inference for pull_request_reviewer; reviewer workflows now only route slash commands that are explicitly declared by the user.
• Added reviewer rerun handling for pull_request review_requested events in centralized reviewer lifecycle routing.

[pelikhan]

@copilot refactor reviewer agentic workflows to use this trigger: ADR, Matt pollock,

[Copilot]

@copilot refactor reviewer agentic workflows to use this trigger: ADR, Matt pollock,

Updated in 8473865 (follow-up fix f2f8717): mattpocock-skills-reviewer now uses on.pull_request_reviewer: slash_command with an explicit centralized slash command declaration.

[Copilot]

@copilot fix test https://github.com/github/gh-aw/actions/runs/26122689755/job/76830209288?pr=33273

Fixed in a15de68: populated CommandOtherEvents with reviewer lifecycle events (pull_request and pull_request_review) for centralized routing. All tests now pass.

@copilot fix test https://github.com/github/gh-aw/actions/runs/26122689755/job/76830209288?pr=33273

Fixed in 974fdba: populated CommandOtherEvents with reviewer lifecycle events (pull_request and pull_request_review) for centralized routing. All tests now pass.

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Details

The threat detection results could not be parsed.

Review the workflow run logs for details.

[github-actions]

✅ Smoke OTEL completed successfully!

[github-actions]

🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Commit pushed: 4fe7148

Generated by Changeset Generator · ● 1.8M

[github-actions]

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Details

The threat detection results could not be parsed.

Review the workflow run logs for details.

Smoke test results: FAIL (Build failed). See issue for details.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

✨ Smoke Gemini — Powered by Gemini · ◷

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.54.0
jq	✅	1.7
yq	✅	4.53.2
curl	✅	8.5.0
gh	✅	2.92.0
node	✅	22.22.2
python3	✅	3.14.5
go	✅	1.24.13
java	✅	21.0.11
dotnet	✅	10.0.300

Result: 12/12 tools available ✅

🔧 Tool validation by Agent Container Smoke Test · ● 1.4M · ◷

[github-actions]

Smoke Test Codex 26125419171: FAIL
PRs: #33387 [safe-output-integrator] Add missing safe-output test coverage for set-issue-field and dispatch_repository; #33385 Strengthen timeout_minutes codemod tests with multiple-occurrence coverage
✅ GitHub MCP ✅ Serena ✅ Playwright ❌ Web Fetch ✅ File/Bash ✅ Build ❌ Comment Memory ✅ Cache Memory ⏳ Issue Field
Run: https://github.com/github/gh-aw/actions/runs/26125419171

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex · ● 6.4M · ◷

[github-actions]

✅ Smoke Test Complete - 26125419161

Results: 16/17 tests pass (1 tool unavailable)

• GitHub MCP ✅
• Serena CLI ✅
• Playwright ✅
• Build ✅

Status: PASS ✅

Caveman approve! @pelikhan @Copilot

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · ● 5.5M · ◷

[github-actions]

🎉 Update from cave: Me still here! Discussion created successful!

Me dance around fire now. Code spirits happy. Test pass like mammoth through valley! 🔥🦣✨

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · ● 5.5M · ◷

[github-actions]

✅ Smoke Test PASS - Run 26125419161

• GitHub MCP: ✅
• MCP Scripts: ✅
• Serena CLI: ✅
• Playwright: ✅
• Build: ✅ (27M binary)
• All test: ✅

Caveman happy! @pelikhan @Copilot

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · ● 5.5M

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test: Claude — Run 26125419230

Core #1–12: ✅ all pass
PR review #13–18: ✅ all pass
#19 close PR: ⚠️ skipped (no safe test PR)

Overall: ✅ PASS

§26125419230

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · ● 7.1M · ◷

[github-actions]

💥 Automated smoke test review - all systems nominal!

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · ● 7.1M

[github-actions]

Smoke test review: Consider double-checking the discussion_number/pr alias normalization path here. 🤖

[github-actions]

Smoke test review: ensure CommandOtherEvents lifecycle routing covers all reviewer events. 🛡️