What happened
In konflux-ci/project-controller, 95 out of the last 100 closed PRs are automated dependency bumps from red-hat-konflux[bot]. Each one triggers the full review agent pipeline. PR #944 is representative: a 2-line change to go.mod and go.sum that ran the review agent 4 times. The review agent's analysis was useful (it identified the release as a security hardening update) but didn't require the full agent pipeline to determine.
What could go better
A pre-filter in the dispatch logic could detect trivial dependency-only PRs (author is a known bot, changes only to lockfiles/dependency manifests like go.mod, go.sum, package-lock.json, yarn.lock, etc.) and route them to a lightweight review path — either auto-approve with a brief summary or use a smaller/cheaper model. This would dramatically reduce token cost for repos with high bot PR volume. Uncertainty: some dependency bumps are major version changes or introduce breaking API changes that warrant full review. The filter should consider the semver change magnitude and whether non-manifest files are modified.
Proposed change
Add a dispatch-time check in the fullsend platform that identifies bot dependency PRs by: (1) PR author is a bot (github.event.pull_request.user.type == 'Bot'), (2) all changed files match dependency manifest patterns (go.mod, go.sum, package.json, package-lock.json, yarn.lock, Cargo.lock, etc.), (3) the version change is patch or minor level. For qualifying PRs, either skip the review agent entirely (auto-approve) or pass a flag to the review agent indicating a lightweight review mode that uses fewer tokens. This could be implemented as a new dispatch condition in the shim workflow or as a configuration option in the fullsend platform.
Validation criteria
After implementation, measure token usage for bot dependency PRs vs the baseline. Target: 80% reduction in review agent token consumption for patch-level dependency bumps across enrolled repos. Verify that major version bumps and PRs with non-manifest file changes still receive full review.
Generated by retro agent from konflux-ci/project-controller#944
What happened
In konflux-ci/project-controller, 95 out of the last 100 closed PRs are automated dependency bumps from
red-hat-konflux[bot]. Each one triggers the full review agent pipeline. PR #944 is representative: a 2-line change togo.modandgo.sumthat ran the review agent 4 times. The review agent's analysis was useful (it identified the release as a security hardening update) but didn't require the full agent pipeline to determine.What could go better
A pre-filter in the dispatch logic could detect trivial dependency-only PRs (author is a known bot, changes only to lockfiles/dependency manifests like
go.mod,go.sum,package-lock.json,yarn.lock, etc.) and route them to a lightweight review path — either auto-approve with a brief summary or use a smaller/cheaper model. This would dramatically reduce token cost for repos with high bot PR volume. Uncertainty: some dependency bumps are major version changes or introduce breaking API changes that warrant full review. The filter should consider the semver change magnitude and whether non-manifest files are modified.Proposed change
Add a dispatch-time check in the fullsend platform that identifies bot dependency PRs by: (1) PR author is a bot (
github.event.pull_request.user.type == 'Bot'), (2) all changed files match dependency manifest patterns (go.mod,go.sum,package.json,package-lock.json,yarn.lock,Cargo.lock, etc.), (3) the version change is patch or minor level. For qualifying PRs, either skip the review agent entirely (auto-approve) or pass a flag to the review agent indicating a lightweight review mode that uses fewer tokens. This could be implemented as a new dispatch condition in the shim workflow or as a configuration option in the fullsend platform.Validation criteria
After implementation, measure token usage for bot dependency PRs vs the baseline. Target: 80% reduction in review agent token consumption for patch-level dependency bumps across enrolled repos. Verify that major version bumps and PRs with non-manifest file changes still receive full review.
Generated by retro agent from konflux-ci/project-controller#944