fix(bot): productivity and backlog optimizations (#26236)

.github/workflows/gemini-cli-bot-brain.yml

@@ -41,7 +41,8 @@ jobs:
         github.event_name == 'schedule' ||
         (github.event_name == 'workflow_dispatch' && github.event.inputs.run_interactive != 'true') ||
         (github.event_name == 'workflow_dispatch' && github.event.inputs.run_interactive == 'true') ||
-        (github.event_name == 'issue_comment' && github.event.comment.user.login != 'gemini-cli[bot]' && contains(github.event.comment.body, '@gemini-cli') && contains(fromJSON('["COLLABORATOR", "MEMBER", "OWNER"]'), github.event.comment.author_association))
+        (github.event_name == 'issue_comment' && github.event.comment.user.login != 'gemini-cli[bot]' && contains(github.event.comment.body, '@gemini-cli') && contains(fromJSON('["COLLABORATOR", "MEMBER", "OWNER"]'), github.event.comment.author_association)) ||
+        (github.event_name == 'pull_request_review_comment' && github.event.comment.user.login != 'gemini-cli[bot]' && contains(github.event.comment.body, '@gemini-cli') && contains(fromJSON('["COLLABORATOR", "MEMBER", "OWNER"]'), github.event.comment.author_association))
       )
     # The reasoning phase is strictly readonly.
     permissions:
@@ -119,7 +120,7 @@ jobs:
 
             if [ -n "$TRIGGER_COMMENT_ID" ]; then
               echo "## User Comment" >> trigger_context.md
-              gh api "repos/${{ github.repository }}/issues/comments/$TRIGGER_COMMENT_ID" -q '.body' >> trigger_context.md
+              gh api "repos/${{ github.repository }}/issues/comments/$TRIGGER_COMMENT_ID" -q '.body' >> trigger_context.md 2>/dev/null || gh api "repos/${{ github.repository }}/pulls/comments/$TRIGGER_COMMENT_ID" -q '.body' >> trigger_context.md
               echo "" >> trigger_context.md
             fi
 
@@ -133,7 +134,7 @@ jobs:
           node bundle/gemini.js --policy tools/gemini-cli-bot/ci-policy.toml -p "$(cat combined_prompt.md)"
 
       - name: 'Run Critique Phase'
-        if: "${{ github.event.inputs.enable_prs == 'true' || github.event_name == 'issue_comment' || github.event.inputs.run_interactive == 'true' }}"
+        if: "${{ github.event.inputs.enable_prs == 'true' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event.inputs.run_interactive == 'true' }}"
         env:
           GEMINI_API_KEY: '${{ secrets.GEMINI_API_KEY }}'
           GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
@@ -154,7 +155,7 @@ jobs:
           fi
 
       - name: 'Generate Patch'
-        if: "${{ github.event.inputs.enable_prs == 'true' || github.event_name == 'issue_comment' || github.event.inputs.run_interactive == 'true' }}"
+        if: "${{ github.event.inputs.enable_prs == 'true' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event.inputs.run_interactive == 'true' }}"
         run: |
           touch bot-changes.patch
           touch pr-description.md
@@ -192,14 +193,16 @@ jobs:
     steps:
       - name: 'Generate GitHub App Token 🔑'
         id: 'generate_token'
-        if: "${{ github.event.inputs.enable_prs == 'true' || github.event_name == 'issue_comment' || github.event.inputs.run_interactive == 'true' }}"
+        if: "${{ github.event.inputs.enable_prs == 'true' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event.inputs.run_interactive == 'true' }}"
         uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b' # ratchet:actions/create-github-app-token@v2
         with:
           app-id: '${{ secrets.APP_ID }}'
           private-key: '${{ secrets.PRIVATE_KEY }}'
           owner: '${{ github.repository_owner }}'
           repositories: '${{ github.event.repository.name }}'
-          permissions: '{"contents": "write", "pull_requests": "write", "issues": "write", "workflows": "write"}'
+          permission-contents: 'write'
+          permission-pull-requests: 'write'
+          permission-issues: 'write'
 
       - name: 'Checkout'
         uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5
@@ -215,9 +218,10 @@ jobs:
           path: '${{ runner.temp }}/brain-data/'
 
       - name: 'Create or Update PR'
-        if: "${{ github.event.inputs.enable_prs == 'true' || github.event_name == 'issue_comment' || github.event.inputs.run_interactive == 'true' }}"
+        if: "${{ github.event.inputs.enable_prs == 'true' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event.inputs.run_interactive == 'true' }}"
         env:
           GH_TOKEN: '${{ steps.generate_token.outputs.token }}'
+          FALLBACK_PAT: '${{ secrets.GEMINI_CLI_ROBOT_GITHUB_PAT }}'
         run: |
           if [ -s "${{ runner.temp }}/brain-data/bot-changes.patch" ]; then
             git config user.name "gemini-cli[bot]"
@@ -244,16 +248,30 @@ jobs:
               git commit -m "🤖 Gemini Bot Productivity Optimizations"
             fi
 
-            git push origin "$BRANCH_NAME" --force
-
             PR_TITLE="🤖 Gemini Bot Productivity Optimizations"
             if [ -s "${{ runner.temp }}/brain-data/pr-description.md" ]; then
               PR_TITLE=$(head -n 1 "${{ runner.temp }}/brain-data/pr-description.md")
             fi
 
+            if ! git push origin "$BRANCH_NAME" --force; then
+              echo "Push failed. Retrying with FALLBACK_PAT..."
+              export GH_TOKEN="$FALLBACK_PAT"
+              git remote set-url origin "https://x-access-token:${FALLBACK_PAT}@github.com/${{ github.repository }}.git"
+              git push origin "$BRANCH_NAME" --force
+            fi
+
             if ! gh pr view "$BRANCH_NAME" > /dev/null 2>&1; then
               gh pr create --draft --title "$PR_TITLE" --body-file "${{ runner.temp }}/brain-data/pr-description.md" --head "$BRANCH_NAME" --base main || \
               gh pr create --draft --title "🤖 Gemini Bot Productivity Optimizations" --body "Automated changes generated by Gemini CLI Bot." --head "$BRANCH_NAME" --base main
+            else
+              PR_STATE=$(gh pr view "$BRANCH_NAME" --json state --jq .state)
+              if [ "$PR_STATE" = "CLOSED" ]; then
+                NEW_BRANCH_NAME="${BRANCH_NAME}-retry-${{ github.run_id }}"
+                git checkout -b "$NEW_BRANCH_NAME"
+                git push origin "$NEW_BRANCH_NAME" --force
+                gh pr create --draft --title "$PR_TITLE" --body-file "${{ runner.temp }}/brain-data/pr-description.md" --head "$NEW_BRANCH_NAME" --base main || \
+                gh pr create --draft --title "🤖 Gemini Bot Productivity Optimizations" --body "Automated changes generated by Gemini CLI Bot." --head "$NEW_BRANCH_NAME" --base main
+              fi
             fi
           fi
 

tools/gemini-cli-bot/brain/critique.md

@@ -92,7 +92,12 @@ above:
     logic and the goals of the prior investigation. Do not invent new workflows;
     just ensure the existing ones are implemented robustly according to this
     checklist.
-4.  Re-stage the file with `git add`. **CRITICAL: You MUST use `git add` to
+4.  **Strict Scope Constraint**: You are STRICTLY FORBIDDEN from modifying or
+    staging any file that was not already staged by the investigation phase. You
+    must ONLY critique and fix the files explicitly included in
+    `git diff --staged`. Do not attempt to complete pending tasks from the
+    memory ledger or introduce unrelated refactoring to unstaged files.
+5.  Re-stage the file with `git add`. **CRITICAL: You MUST use `git add` to
     stage your fixes.**
 
 ## Final Verdict & Logging

tools/gemini-cli-bot/brain/interactive.md

@@ -24,7 +24,11 @@ Before beginning your analysis, you MUST perform the following research:
 
 1.  **Read Memory**: Read `tools/gemini-cli-bot/lessons-learned.md` to
     understand the current state.
-2.  **Verify Request Context**: Use the GitHub CLI to verify the current state
+2.  **Ignore Pending Tasks**: You are in interactive mode. You MUST explicitly
+    ignore any FAILED, STUCK, or pending tasks listed in the
+    `lessons-learned.md` Task Ledger. Do not attempt to complete or resume them.
+    Your ONLY goal is to address the user's specific comment.
+3.  **Verify Request Context**: Use the GitHub CLI to verify the current state
     of the issue/PR you were mentioned in. If the user's request is already
     addressed or obsolete, inform them via `issue-comment.md`.
 
@@ -46,6 +50,10 @@ If your investigation confirms that a code or configuration change is required:
 
 - **Surgical Changes**: Apply the minimal set of changes needed to address the
   issue correctly and safely.
+- **Strict Scope**: You MUST strictly limit your changes to addressing the
+  user's specific request. You are STRICTLY FORBIDDEN from including any
+  unrelated updates (such as metrics updates, backlog triage changes, or
+  background housekeeping) when operating in interactive mode.
 - **Acknowledgment**: Write a brief acknowledgement to `issue-comment.md` (e.g.,
   "I've investigated the request and implemented a fix. A PR will be created
   shortly.").