Automatically resolve findings from PR review bots (Copilot, Cursor Bugbot, CodeRabbit, etc.) on the current PR. Uses a two-phase workflow: fix all existing issues, then poll for new ones until bots go quiet.
Prerequisites
All commands below use
. If the project uses a different package manager, substitute the appropriate runner (e.g.,
for pnpm,
for Yarn,
for Bun). Honor the user's package manager preference throughout.
Cloud environments only (e.g., Codespaces, remote agents): verify git author identity so CI checks can map commits to the user. Run
git config --global --get user.email
and if empty or a placeholder, set it manually. Skip this check in local environments.
Phase 1: FETCH & FIX (synchronous)
Step 1: Fetch All Bot Comments (Expanded)
Run
npx agent-reviews --bots-only --unanswered --expanded
The CLI auto-detects the current branch, finds the associated PR, and authenticates via
CLI or environment variables. If anything fails (no token, no PR, CLI not installed), it exits with a clear error message.
This shows only unanswered bot comments with full detail: complete comment body (no truncation), diff hunk (code context), and all replies. Each comment shows its ID in brackets (e.g.,
).
If zero comments are returned, print "No unanswered bot comments found" and skip to Phase 2.
Step 3: Process Each Unanswered Comment
For each comment from the expanded output:
A. Evaluate the Finding
Read the referenced code and determine:
- TRUE POSITIVE - A real bug that needs fixing
- FALSE POSITIVE - Not actually a bug (intentional behavior, bot misunderstanding)
- UNCERTAIN - Not sure; ask the user
Likely TRUE POSITIVE:
- Code obviously violates stated behavior
- Missing null checks on potentially undefined values
- Type mismatches or incorrect function signatures
- Logic errors in conditionals
- Missing error handling for documented failure cases
Likely FALSE POSITIVE:
- Bot doesn't understand the framework/library patterns
- Code is intentionally structured that way (with comments explaining why)
- Bot is flagging style preferences, not bugs
- The "bug" is actually a feature or intentional behavior
- Bot misread the code flow
When UNCERTAIN -- ask the user:
- The fix would require architectural changes
- You're genuinely unsure if the behavior is intentional
- The "bug" relates to business logic you don't fully understand
- Multiple valid interpretations exist
- The fix could have unintended side effects
B. Act on Evaluation
If TRUE POSITIVE: Fix the code. Track the comment ID and a brief description of the fix.
If FALSE POSITIVE: Do NOT change the code. Track the comment ID and the reason it's not a real bug.
If UNCERTAIN: Ask the user. If they say skip, track it as skipped.
Do NOT reply to comments yet. Replies happen after the commit (Step 5).
Step 4: Commit and Push
After evaluating and fixing ALL unanswered comments:
- Run your project's lint and type-check
- Stage, commit, and push:
bash
git add -A
git commit -m "fix: address PR review bot findings
{List of bugs fixed, grouped by bot}"
git push
- Capture the commit hash from the output.
Step 5: Reply to All Comments
Now that the commit hash exists, reply to every processed comment. The
flag marks the review thread as resolved on GitHub.
For each TRUE POSITIVE:
Run
npx agent-reviews --reply <comment_id> "Fixed in {hash}. {Brief description of the fix}" --resolve
For each FALSE POSITIVE:
Run
npx agent-reviews --reply <comment_id> "Won't fix: {reason}. {Explanation of why this is intentional or not applicable}" --resolve
For each SKIPPED:
Run
npx agent-reviews --reply <comment_id> "Skipped per user request" --resolve
DO NOT start Phase 2 until all replies are posted.
Phase 2: POLL FOR NEW COMMENTS (loop until quiet)
The watcher exits immediately when new comments are found (after a 5s grace period to catch batch posts). This means you run it in a loop: start watcher, process any comments it returns, restart watcher, repeat until the watcher times out with no new comments.
Step 6: Start Watcher Loop
Repeat the following until the watcher exits with no new comments:
6a. Launch the watcher in the background:
Run
npx agent-reviews --watch --bots-only
as a background task.
6b. Wait for the background command to complete (default 10 minutes; override with
).
6c. Check the output:
-
If new comments were found (output contains
EXITING WITH NEW COMMENTS
):
- Use to read each new comment's full detail
- Process them exactly as in Phase 1, Steps 3-5 (evaluate, fix, commit, push, reply)
- Go back to Step 6a to restart the watcher
-
If no new comments (output contains
):
Stop looping and move to the Summary Report.
Summary Report
After both phases complete, provide a summary:
text
## PR Review Bot Resolution Summary
### Results
- Fixed: X bugs
- Already fixed: X bugs
- Won't fix (false positives): X
- Skipped per user: X
### By Bot
#### cursor[bot]
- BUG-001: {description} - Fixed in {commit}
- BUG-002: {description} - Won't fix: {reason}
#### Copilot
- {description} - Fixed in {commit}
### Status
All findings addressed. Watch completed.
Important Notes
Response Policy
- Every finding gets a response - No silent ignores
- Responses help train bots and document decisions
- "Won't fix" responses prevent the same false positive from being re-raised
User Interaction
- Ask the user when uncertain about a finding
- Don't guess on architectural or business logic questions
- It's better to ask than to make a wrong fix or wrong dismissal
Best Practices
- Verify findings before fixing - bots have false positives
- Keep fixes minimal and focused - don't refactor unrelated code
- Ensure type-check and lint pass before committing
- Group related fixes into a single commit
- Copilot blocks often contain ready-to-use fixes