Skip to content

tools: move pr-review-state.json out of .claude/ to /tmp/#31

Merged
dognose24 merged 1 commit into
trunkfrom
tools/move-pr-review-state-out-of-claude
May 14, 2026
Merged

tools: move pr-review-state.json out of .claude/ to /tmp/#31
dognose24 merged 1 commit into
trunkfrom
tools/move-pr-review-state-out-of-claude

Conversation

@dognose24
Copy link
Copy Markdown
Owner

@dognose24 dognose24 commented May 14, 2026

Fixes RSM-3254

Proposed changes

Move jetpack-pr-review-cycle's state file from .claude/pr-review-state.json to /tmp/pr-review-state.json.

  • Why — anything under .claude/ is treated as a sensitive file by Claude Code, even with --dangerously-skip-permissions, because that directory controls permissions and skill behavior. The review-cycle state file is harmless tracking data (addressed comment IDs + rerun counts + round number), but its location forced an interactive permission prompt on every write, breaking the autonomous review-cycle flow inside the sandbox.
  • Where it now lives/tmp/pr-review-state.json. Outside the repo, outside .claude/, and per-container ephemeral by design. Each new review cycle resets the file at the start, so loss on container restart is harmless (worst case: idempotent re-processing of already-addressed comments).
  • Setup simplified — drops the mkdir -p .claude and echo ... >> .git/info/exclude lines. /tmp/ always exists, and we're outside the repo so no gitignore needed.

Five references in .claude/commands/jetpack-pr-review-cycle.md updated:

  1. State file declaration + setup snippet
  2. "Compare to prior rounds" read in Step 2
  3. Flaky-CI rerun-count tracker
  4. End-of-round write-back
  5. (Plus the rationale paragraph explaining why we avoid .claude/)

Why this matters beyond one skill

/jetpack-pr-review-cycle is delegated to by other skills — fixing once here unblocks all callers:

Both inherit the same sensitive-file blocker until the review-cycle skill itself is fixed.

How was this discovered

Sandbox run of /premium-analytics-implement-task for the pie-chart task (PR #30) progressed cleanly through Steps 1–8 and into Step 9, then blocked on:

Claude requested permissions to edit /home/dev/jetpack/.claude/pr-review-state.json which is a sensitive file.

Even with IS_SANDBOX=1 claude --dangerously-skip-permissions. The prompt repeats on every state write, so a full review cycle would generate many prompts in a row.

Does this pull request change what data or activity we track or use?

No.

Testing instructions

This is a docs-only change to a Claude Code slash command's instructions — no code execution path is altered until the next time someone invokes /jetpack-pr-review-cycle. To validate:

  1. After merge, in jetpack-ai-sandbox, launch IS_SANDBOX=1 claude --dangerously-skip-permissions.
  2. Open a PR that this branch's revised review-cycle will run against (or rerun cycle on an existing PR via /jetpack-pr-review-cycle <PR>).
  3. Confirm the state-file setup writes /tmp/pr-review-state.json without prompting, and that subsequent rounds read/write the same path without prompting.
  4. Confirm git status stays clean (no .claude/pr-review-state.json to gitignore anymore).

Related

  • RSM-3254 — this issue
  • RSM-3217/premium-analytics-implement-task Step 9 delegates here
  • PR #30 — first encounter with the prompt blocker

@dognose24 @claude
tools: move pr-review-state.json out of .claude/ to /tmp/
4969141 
Anything under .claude/ is treated as a sensitive file by Claude Code even with --dangerously-skip-permissions, because that directory controls permissions and skill behavior. The review-cycle state file is just a per-cycle progress tracker (addressed comment IDs + rerun counts) — not sensitive in content, only sensitive by location. Every write to it inside the sandbox forced a permission prompt, defeating the autonomous review-cycle flow.

Move it to /tmp/pr-review-state.json: outside the repo, outside .claude/, and per-container ephemeral by design. Each new review cycle resets the file at the start, so loss on container restart is harmless. Drops the mkdir + .git/info/exclude setup; the new path needs neither.

Fix applies to every skill that delegates to /jetpack-pr-review-cycle — including /premium-analytics-implement-task Step 9 and the /jetpack-address-issue Step 8 handoff.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@dognose24 dognose24 requested a review from Copilot May 14, 2026 15:34
@dognose24 dognose24 self-assigned this May 14, 2026
@github-actions github-actions Bot added the Docs label May 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • 🔴 Add a "[Status]" label (In Progress, Needs Review, ...).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
  3. You can use GitHub's Reviewers functionality to request a review.
  4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

Copilot AI reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Docs-only change to the /jetpack-pr-review-cycle slash command: relocates its state file from .claude/pr-review-state.json to /tmp/pr-review-state.json to avoid Claude Code's sensitive-file permission prompt that fires for any path under .claude/, even with --dangerously-skip-permissions. This unblocks autonomous review-cycle runs invoked directly or via delegating skills (/premium-analytics-implement-task, /jetpack-address-issue).

Changes:

  • Update state-file path in declaration, setup snippet, prior-round comparison, flaky-CI rerun tracker, and end-of-round write-back (5 references).
  • Drop now-unneeded mkdir -p .claude and .git/info/exclude setup steps.
  • Add rationale paragraph explaining why /tmp/ is used and why per-container ephemerality is harmless.

@dognose24 dognose24 merged commit 1356736 into trunk May 14, 2026
60 of 61 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@dognose24 dognose24

Labels

Docs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dognose24