From c3baec7136f067cb242f9e923c5705cb142a9c1d Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Tue, 2 Jun 2026 06:15:45 -0700 Subject: [PATCH] docs: clarify autoreview follow-up scope --- .agents/skills/autoreview/SKILL.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.agents/skills/autoreview/SKILL.md b/.agents/skills/autoreview/SKILL.md index 229e2be70048..e0745bde198d 100644 --- a/.agents/skills/autoreview/SKILL.md +++ b/.agents/skills/autoreview/SKILL.md @@ -22,6 +22,8 @@ Use when: - Read dependency docs/source/types when the finding depends on external behavior. - Reject unrealistic edge cases, speculative risks, broad rewrites, and fixes that over-complicate the codebase. - Prefer small fixes at the right ownership boundary; no refactor unless it clearly improves the bug class. +- When an accepted finding shows a bug class or repeated pattern, inspect the current PR scope for sibling instances before fixing. +- Fix the scoped bug class at once when practical; stop at touched surfaces, owner boundaries, and clear follow-up territory. - Keep going until structured review returns no accepted/actionable findings. - If a review-triggered fix changes code, rerun focused tests and rerun the structured review helper. - For security-audit suppression changes, verify accepted findings remain auditable: suppressed findings stay in structured output, active output keeps an unsuppressible suppression notice, and aggregate findings cannot hide unrelated active risk.