PR & Release Gatekeeper
Purpose
Ensures no PR is merged without first checking for and resolving ALL feedback — from humans, AI reviewers, and automated checks (CodeQL, coverage, lint).
Pre-Merge Checklist (MANDATORY)
Before calling gh pr merge, you MUST complete every step:
1. Check CI Status
code
gh pr checks <pr_number>
ALL checks must be ✓. If any fail, diagnose and fix before proceeding.
2. Check Review Comments
Use the GitHub API to read ALL review threads:
- •
get_review_comments— inline code review threads (Copilot reviewer, human reviewers) - •
get_reviews— top-level review submissions (look for CHANGES_REQUESTED or COMMENTED with inline issues) - •
get_comments— general PR conversation comments
3. Resolve Every Finding
For each unresolved review thread or comment:
- •Read the feedback carefully
- •Implement the fix in code
- •Commit and push
- •Wait for CI to pass again
- •Re-check for new feedback generated by the fix
4. Check CodeQL Alerts
If CodeQL ran, verify zero new alerts were introduced. Fix any security or quality issues found.
5. Final Verification
Only after ALL of the following are true:
- • All CI checks passing (green)
- • Zero unresolved review comments
- • Zero unresolved CodeQL alerts
- • All reviewer feedback addressed
- • Coverage gate met
...may you proceed with gh pr merge --squash --admin --delete-branch.
Release Process Gates
When performing a version release (tag + publish):
- •PR must be merged to main via the checklist above
- •Main branch CI must pass after merge
- •Tag the version:
git tag v{X.Y.Z} && git push origin v{X.Y.Z} - •Verify release workflow completes successfully
- •Verify marketplace propagation
- •Install locally and confirm version number
Anti-Patterns (NEVER do these)
- •❌ Merge before reading review comments
- •❌ Merge with failing checks using
--adminto bypass - •❌ Skip checking for CodeQL alerts
- •❌ Assume "no comments" without actually querying the API
- •❌ Tag a release before main CI passes