From 0c8b8bdacba544bcb3c5b0f33d4a8e023747b29b Mon Sep 17 00:00:00 2001
From: mkorwel <matt.korwel@gmail.com>
Date: Wed, 11 Mar 2026 10:59:33 -0700
Subject: [PATCH] feat(skills): migrate async-pr-review to use policy.toml

---
 .gemini/skills/async-pr-review/SKILL.md       |  3 +-
 .gemini/skills/async-pr-review/policy.toml    | 55 +++++++++++++++++++
 .../async-pr-review/scripts/async-review.sh   |  7 ++-
 3 files changed, 61 insertions(+), 4 deletions(-)
 create mode 100644 .gemini/skills/async-pr-review/policy.toml

diff --git a/.gemini/skills/async-pr-review/SKILL.md b/.gemini/skills/async-pr-review/SKILL.md
index 5217defed3..74bc469b56 100644
--- a/.gemini/skills/async-pr-review/SKILL.md
+++ b/.gemini/skills/async-pr-review/SKILL.md
@@ -7,7 +7,8 @@ description: Trigger this skill when the user wants to start an asynchronous PR
 
 This skill provides a set of tools to asynchronously review a Pull Request. It will create a background job to run the project's preflight checks, execute Gemini-powered test plans, and perform a comprehensive code review using custom prompts.
 
-1.  **Native Background Shells vs Headless Inference**: While Gemini CLI can natively spawn and detach background shell commands (using the `run_shell_command` tool with `is_background: true`), a standard bash background job cannot perform LLM inference. To conduct AI-driven code reviews and test generation in the background, the shell script *must* invoke the `gemini` executable headlessly using `--approval-mode=yolo`. This offloads the AI tasks to independent worker agents.
+This skill is designed to showcase an advanced "Agentic Asynchronous Pattern":
+1.  **Native Background Shells vs Headless Inference**: While Gemini CLI can natively spawn and detach background shell commands (using the `run_shell_command` tool with `is_background: true`), a standard bash background job cannot perform LLM inference. To conduct AI-driven code reviews and test generation in the background, the shell script *must* invoke the `gemini` executable headlessly using `-p`. This offloads the AI tasks to independent worker agents.
 2.  **Dynamic Git Scoping**: The review scripts avoid hardcoded paths. They use `git rev-parse --show-toplevel` to automatically resolve the root of the user's current project.
 3.  **Ephemeral Worktrees**: Instead of checking out branches in the user's main workspace, the skill provisions temporary git worktrees in `.gemini/tmp/async-reviews/pr-<number>`. This prevents git lock conflicts and namespace pollution.
 4.  **Agentic Evaluation (`check-async-review.sh`)**: The check script outputs clean JSON/text statuses for the main agent to parse. The interactive agent itself synthesizes the final assessment dynamically from the generated log files.
diff --git a/.gemini/skills/async-pr-review/policy.toml b/.gemini/skills/async-pr-review/policy.toml
new file mode 100644
index 0000000000..339e74d4d3
--- /dev/null
+++ b/.gemini/skills/async-pr-review/policy.toml
@@ -0,0 +1,55 @@
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = [
+  "ls",
+  "find",
+  "head",
+  "cat",
+  "cd",
+  "grep",
+  "npm",
+  "npm run start",
+  "npm install",
+  "npm run",
+  "npm test",
+  "npm ci",
+  "git diff",
+  "git rev-parse",
+  "git status",
+  "git st",
+  "git branch",
+  "git br",
+  "git log",
+  "git add",
+  "git show",
+  "gh pr",
+  "gh repo view",
+  "gh run",
+  "gh api",
+  "gh log",
+  "code"
+]
+decision = "allow"
+priority = 100
+
+[[rule]]
+toolName = "run_shell_command"
+decision = "allow"
+priority = 100
+commandPrefix = [
+  "tail",
+  "awk",
+  "xargs",
+  "wc",
+  "uniq",
+  "jq",
+  "rg",
+  "less",
+  "more",
+  "tree",
+  "file",
+  "which",
+  "pwd",
+  "node",
+  "npx"
+]
diff --git a/.gemini/skills/async-pr-review/scripts/async-review.sh b/.gemini/skills/async-pr-review/scripts/async-review.sh
index 3fd35f3182..d408c5f2f1 100755
--- a/.gemini/skills/async-pr-review/scripts/async-review.sh
+++ b/.gemini/skills/async-pr-review/scripts/async-review.sh
@@ -76,10 +76,11 @@ rm -f "$log_dir/build-and-lint.exit"
 
 # Dynamically resolve gemini binary (fallback to your nightly path)
 GEMINI_CMD=$(which gemini || echo "$HOME/.gcli/nightly/node_modules/.bin/gemini")
+POLICY_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/policy.toml"
 
 echo "  ↳ [3/5] Starting Gemini code review..."
 rm -f "$log_dir/review.exit"
-{ "$GEMINI_CMD" --approval-mode=yolo /review-frontend "$pr_number" > "$log_dir/review.md" 2>&1; echo $? > "$log_dir/review.exit"; } &
+{ "$GEMINI_CMD" --policy "$POLICY_PATH" -p "/review-frontend $pr_number" > "$log_dir/review.md" 2>&1; echo $? > "$log_dir/review.exit"; } &
 
 echo "  ↳ [4/5] Starting automated tests (waiting for build and lint)..."
 rm -f "$log_dir/npm-test.exit"
@@ -144,7 +145,7 @@ rm -f "$log_dir/test-execution.exit"
 { 
   while [ ! -f "$log_dir/build-and-lint.exit" ]; do sleep 1; done
   if [ "$(cat "$log_dir/build-and-lint.exit")" == "0" ]; then
-    "$GEMINI_CMD" --approval-mode=yolo "Analyze the diff for PR $pr_number using 'gh pr diff $pr_number'. Instead of running the project's automated test suite (like 'npm test'), physically exercise the newly changed code in the terminal (e.g., by writing a temporary script to call the new functions, or testing the CLI command directly). Verify the feature's behavior works as expected. IMPORTANT: Do NOT modify any source code to fix errors. Just exercise the code and log the results, reporting any failures clearly. Do not ask for user confirmation." > "$log_dir/test-execution.log" 2>&1; echo $? > "$log_dir/test-execution.exit"
+    "$GEMINI_CMD" --policy "$POLICY_PATH" -p "Analyze the diff for PR $pr_number using 'gh pr diff $pr_number'. Instead of running the project's automated test suite (like 'npm test'), physically exercise the newly changed code in the terminal (e.g., by writing a temporary script to call the new functions, or testing the CLI command directly). Verify the feature's behavior works as expected. IMPORTANT: Do NOT modify any source code to fix errors. Just exercise the code and log the results, reporting any failures clearly. Do not ask for user confirmation." > "$log_dir/test-execution.log" 2>&1; echo $? > "$log_dir/test-execution.exit"
   else
     echo "Skipped due to build-and-lint failure" > "$log_dir/test-execution.log"
     echo 1 > "$log_dir/test-execution.exit"
@@ -227,7 +228,7 @@ done
 echo ""
 
 echo "⏳ Tasks complete! Synthesizing final assessment..."
-if ! "$GEMINI_CMD" --approval-mode=yolo -p "Read the review at $log_dir/review.md, the automated test logs at $log_dir/npm-test.log, and the manual test execution logs at $log_dir/test-execution.log. Summarize the results, state whether the build and tests passed based on $log_dir/build-and-lint.exit and $log_dir/npm-test.exit, and give a final recommendation for PR $pr_number." > "$log_dir/final-assessment.md" 2>&1; then
+if ! "$GEMINI_CMD" --policy "$POLICY_PATH" -p "Read the review at $log_dir/review.md, the automated test logs at $log_dir/npm-test.log, and the manual test execution logs at $log_dir/test-execution.log. Summarize the results, state whether the build and tests passed based on $log_dir/build-and-lint.exit and $log_dir/npm-test.exit, and give a final recommendation for PR $pr_number." > "$log_dir/final-assessment.md" 2>&1; then
   echo $? > "$log_dir/final-assessment.exit"
   echo "❌ Final assessment synthesis failed!"
   echo "Check $log_dir/final-assessment.md for details."