Fix verify-pr-base PR resolution in default workflows

[stephanieg467]

Summary

Describe this PR in 2-5 bullets:

• Problem: verify-pr-base nodes in bundled workflows used bare gh pr view, allowing GitHub CLI to infer the PR from branch/remote state.
• Why it matters: In fork/upstream or nonstandard upstream setups, implicit PR resolution can inspect or retarget the wrong PR base before review/sync steps.
• What changed: verify-pr-base now resolves the PR explicitly from $ARTIFACTS_DIR/.pr-number, falls back to the current branch, and uses that PR number for both view and edit operations.
• What did not change (scope boundary): No workflow engine behavior, CLI API, database schema, or provider behavior changed.

UX Journey

Before

User                   Archon workflow             GitHub CLI
────                   ───────────────             ──────────
runs default workflow ─▶ finalize-pr creates PR
                       verify-pr-base ───────────▶ gh pr view --json baseRefName
                                                   [infers PR from branch/remote]
                       may verify/edit wrong PR ◀── inferred PR metadata

After

User                   Archon workflow             GitHub CLI
────                   ───────────────             ──────────
runs default workflow ─▶ finalize-pr creates PR
                       verify-pr-base reads
                       [$ARTIFACTS_DIR/.pr-number]
                       fallback: current branch ─▶ gh pr view "$CURRENT_BRANCH" --json number
                       explicit check ───────────▶ gh pr view "$PR_NUMBER" --json baseRefName
                       explicit retarget ────────▶ gh pr edit "$PR_NUMBER" --base "$EXPECTED"

Architecture Diagram

Before

.archon/workflows/defaults/*
  └─ verify-pr-base bash node
      └─ gh pr view/edit (implicit current-branch PR resolution)

packages/workflows/src/defaults/bundled-defaults.generated.ts
  └─ embedded copy of default workflows

After

.archon/workflows/defaults/* [~]
  └─ verify-pr-base bash node [~]
      ├─ reads $ARTIFACTS_DIR/.pr-number [+]
      ├─ falls back to gh pr view "$CURRENT_BRANCH" --json number [+]
      └─ gh pr view/edit "$PR_NUMBER" (explicit PR resolution) [~]

packages/workflows/src/defaults/bundled-defaults.generated.ts [~]
  └─ regenerated embedded copy of default workflows

packages/workflows/src/defaults/bundled-defaults.test.ts [~]
  └─ regression check for explicit verify-pr-base resolution [+]

Connection inventory (list every module-to-module edge, mark changes):

From	To	Status	Notes
Default workflow YAML	GitHub CLI gh pr view/edit	modified	PR selector is now explicit via $PR_NUMBER.
archon-create-pr artifact	verify-pr-base node	new	.pr-number is the preferred PR identity source.
Default workflow YAML	bundled-defaults.generated.ts	modified	Generated bundle refreshed after YAML changes.
bundled-defaults.test.ts	Bundled workflow content	modified	Adds regression coverage for all bundled verify-pr-base blocks.

Label Snapshot

• Risk: risk: low
• Size: size: S
• Scope: workflows|tests
• Module: workflows:defaults

Change Metadata

• Change type: bug
• Primary scope: workflows

Linked Issue

• Closes Fix verify-pr-base PR resolution in default workflows #1905
• Related #
• Depends on # (if stacked)
• Supersedes # (if replacing older PR)

Validation Evidence (required)

Commands and result summary:

bun run check:bundled && bun test packages/workflows/src/defaults/bundled-defaults.test.ts
# Passed: bundled defaults up to date; 12 bundled-defaults tests passed.

# Clean detached worktree at this branch HEAD, after bun install --frozen-lockfile:
bun run validate
# Passed: check:bundled, check:bundled-skill, type-check, lint, format:check, and package-isolated tests.

• Evidence provided (test/log/trace/screenshot): Regression test inspects every bundled verify-pr-base block and fails on bare gh pr view --json baseRefName, missing .pr-number lookup, missing branch fallback, or missing explicit $PR_NUMBER view/edit.
• If any command is intentionally skipped, explain why: None.

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• New external network calls? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• File system access scope changed? (Yes/No) No
• If any Yes, describe risk and mitigation: N/A

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Database migration needed? (Yes/No) No
• If yes, exact upgrade steps: N/A

Human Verification (required)

What was personally validated beyond CI:

• Verified scenarios: Confirmed generated defaults are current and regression coverage passes for all bundled workflows containing verify-pr-base nodes.
• Edge cases checked: Missing .pr-number artifact falls back to current-branch PR lookup; failure path emits an explicit error if no PR can be resolved.
• What was not verified: Did not run a full live end-to-end GitHub PR workflow against a real PR.

Side Effects / Blast Radius (required)

• Affected subsystems/workflows: Bundled default workflows with verify-pr-base; generated bundled defaults; bundled defaults tests.
• Potential unintended effects: Workflows now fail fast if neither .pr-number nor current-branch PR lookup can resolve a PR.
• Guardrails/monitoring for early detection: Regression test prevents future implicit gh pr view reintroduction in bundled verify-pr-base nodes.

Rollback Plan (required)

• Fast rollback command/path: Revert this PR commit.
• Feature flags or config toggles (if any): None.
• Observable failure symptoms: verify-pr-base node errors while resolving $PR_NUMBER, or PR base verification stops before review/sync.

Risks and Mitigations

• Risk: A workflow may have no .pr-number artifact and no PR associated with the current branch.
  • Mitigation: The node now emits a clear error and exits instead of implicitly operating on an unknown PR.

Summary by CodeRabbit

• Bug Fixes

  • Improved PR base-branch verification across CI workflows by resolving the PR number more reliably (using a saved .pr-number artifact first, otherwise falling back to the current-branch lookup), failing fast when it can’t be determined, and retargeting the PR base only when it differs from the expected branch. Also refined success/error messaging and hardened shell execution behavior.

• Tests

  • Added bundle integrity tests to ensure all bundled workflows follow consistent PR-number resolution and base-branch verification steps.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 00f53ad1-252d-4550-a9e7-59849b5f61fe

📥 Commits

Reviewing files that changed from the base of the PR and between 2f39a69 and 17419d3.

📒 Files selected for processing (1)

• packages/workflows/src/defaults/bundled-defaults.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/workflows/src/defaults/bundled-defaults.test.ts

---

📝 Walkthrough

Walkthrough

Eight Archon default workflow YAML files update their verify-pr-base step to resolve PR numbers robustly by preferring a stored .pr-number artifact, falling back to current-branch lookup, and failing fast if unresolved. A new test validates all bundled workflows follow this pattern.

Changes

PR number resolution robustness in verify-pr-base

Layer / File(s)	Summary
Workflow YAML verify-pr-base refactoring .archon/workflows/defaults/archon-architect.yaml, archon-feature-development.yaml, archon-fix-github-issue.yaml, archon-idea-to-pr.yaml, archon-issue-review-full.yaml, archon-piv-loop.yaml, archon-plan-to-pr.yaml, archon-ralph-dag.yaml, archon-refactor-safely.yaml	All eight workflow files update their verify-pr-base bash scripts to check $ARTIFACTS_DIR/.pr-number first, fall back to gh pr view "$CURRENT_BRANCH" --json number, fail if no PR can be resolved, then use the resolved PR_NUMBER to fetch baseRefName and conditionally retarget the base branch with updated status messaging.
Test validation for verify-pr-base pattern packages/workflows/src/defaults/bundled-defaults.test.ts	New helper functions extract verify-pr-base YAML blocks from bundled workflow contents, and a new integrity test validates each block includes artifact-first PR lookup, current-branch fallback, fail-fast error handling, and uses $PR_NUMBER for both base-ref viewing and PR editing operations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• #1905: Fixes the problem that verify-pr-base nodes call gh pr view without an explicit PR selector, which can resolve the wrong upstream context in repository/fork/remote setups; this PR implements the proposed fix by adding artifact-first PR resolution and regression test coverage.

Possibly related PRs

• coleam00/Archon#1387: Ensures $ARTIFACTS_DIR and $BASE_BRANCH variables are exported into spawned bash environments, enabling the PR resolution and retargeting logic in this PR's verify-pr-base scripts.
• coleam00/Archon#1479: Updates verify-pr-base workflow logic to validate/retarget a PR's baseRefName, with changes to how PR_NUMBER is resolved before retargeting.
• coleam00/Archon#1263: Updates bundled-defaults generation and validation to verify that verify-pr-base scripts follow the exact PR resolution pattern being enforced by this PR's new test assertions.

Poem

🐰 Eight workflows now safely find their PR,
With artifacts first and fallback plans clear—
No more ambiguous gh lookups that blur,
The base branch is verified without fear! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: fixing PR resolution in default workflows' verify-pr-base nodes.
Description check	✅ Passed	The description follows the template structure with all major sections completed including summary, UX journey, architecture diagrams, labels, metadata, validation evidence, security impact, compatibility, human verification, side effects, rollback plan, and risks.
Linked Issues check	✅ Passed	All PR objectives align with issue #1905 requirements: explicit PR resolution via artifact/fallback, avoid bare gh pr view, regenerate bundled defaults, and add regression test coverage for all verify-pr-base nodes.
Out of Scope Changes check	✅ Passed	All changes are in-scope: modifications to verify-pr-base nodes across 8 workflow files, generated bundled defaults refresh, and new regression test. No unrelated changes to engine, CLI, schema, or provider code.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/workflows/src/defaults/bundled-defaults.test.ts`:
- Around line 151-204: The test "verify-pr-base nodes should resolve and edit
PRs explicitly" is missing an assertion that an unresolved PR_NUMBER is
fail-fast; add a check that each block contains a guard like if [ -z
"$PR_NUMBER" ]; then ... exit 1 (or the equivalent using ${PR_NUMBER}) so the
workflow aborts when PR_NUMBER is unset. Locate the test by its name and the
getBundledVerifyPrBaseBlocks() call, and add a new failure condition (similar to
the existing checks using regex and artifactPrNumberIndex/branchFallbackIndex)
that verifies presence of the unset-PR guard and flags the workflowName when it
is absent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e16c5e96-b4a8-4259-93aa-f38756388d1e

📥 Commits

Reviewing files that changed from the base of the PR and between 02cbe34 and 999a019.

📒 Files selected for processing (11)

• .archon/workflows/defaults/archon-architect.yaml
• .archon/workflows/defaults/archon-feature-development.yaml
• .archon/workflows/defaults/archon-fix-github-issue.yaml
• .archon/workflows/defaults/archon-idea-to-pr.yaml
• .archon/workflows/defaults/archon-issue-review-full.yaml
• .archon/workflows/defaults/archon-piv-loop.yaml
• .archon/workflows/defaults/archon-plan-to-pr.yaml
• .archon/workflows/defaults/archon-ralph-dag.yaml
• .archon/workflows/defaults/archon-refactor-safely.yaml
• packages/workflows/src/defaults/bundled-defaults.generated.ts
• packages/workflows/src/defaults/bundled-defaults.test.ts