feat(offload): remove browser opener and make review-pr actionable

.gemini/settings.json

@@ -6,5 +6,15 @@
   },
   "general": {
     "devtools": true
+  },
+  "maintainer": {
+    "deepReview": {
+      "remoteHost": "cli",
+      "remoteWorkDir": "~/.offload/workspace",
+      "terminalType": "iterm2",
+      "syncAuth": true,
+      "geminiSetup": "isolated",
+      "ghSetup": "isolated"
+    }
   }
-}
+}

.gemini/skills/offload/policy.toml

@@ -58,6 +58,7 @@ name = "pr-address-comments"
 toolName = "run_shell_command"
 commandPrefix = [
   "git checkout",
+  "git merge",
   "git blame",
   "git show",
   "git grep",
@@ -82,10 +83,12 @@ commandPrefix = [
 decision = "allow"
 priority = 100
 
-# GitHub CLI (Read-only)
+# GitHub CLI (State Changing & Read-only)
 [[rule]]
 toolName = "run_shell_command"
 commandPrefix = [
+  "gh pr review",
+  "gh pr comment",
   "gh workflow list",
   "gh auth status",
   "gh checkout view",

.gemini/skills/offload/scripts/orchestrator.ts

@@ -79,8 +79,7 @@ export async function runOrchestrator(args: string[], env: NodeJS.ProcessEnv = p
 
   // 3. Construct Clean Command
   const envLoader = 'export NVM_DIR="$HOME/.nvm"; [ -s "$NVM_DIR/nvm.sh" ] && \\. "$NVM_DIR/nvm.sh"';
-  // Set FORCE_LOCAL_OPEN=1 to signal the worker to use OSC 1337 for links
+  const remoteWorker = `export GEMINI_CLI_HOME=${ISOLATED_GEMINI} && export GH_CONFIG_DIR=${ISOLATED_GH} && ./node_modules/.bin/tsx .gemini/skills/offload/scripts/entrypoint.ts ${prNumber} ${branchName} ${remotePolicyPath} ${action}`;
-  const remoteWorker = `export FORCE_LOCAL_OPEN=1 && export GEMINI_CLI_HOME=${ISOLATED_GEMINI} && export GH_CONFIG_DIR=${ISOLATED_GH} && ./node_modules/.bin/tsx .gemini/skills/offload/scripts/entrypoint.ts ${prNumber} ${branchName} ${remotePolicyPath} ${action}`;
   
   const tmuxCmd = `cd ${remoteWorkDir} && ${envLoader} && ${remoteWorker}; exec $SHELL`;
   const sshInternal = `tmux attach-session -t ${sessionName} 2>/dev/null || tmux new-session -s ${sessionName} -n ${q(branchName)} ${q(tmuxCmd)}`;

.gemini/skills/offload/scripts/setup.ts

@@ -33,10 +33,11 @@ async function confirm(question: string): Promise<boolean> {
 }
 
 export async function runSetup(env: NodeJS.ProcessEnv = process.env) {
-  console.log('\n🌟 Initializing Deep Review Skill Settings...');
+  console.log('\n🌟 Initializing Offload Skill Settings...');
-  
+
+  const OFFLOAD_BASE = '~/.offload';
   const remoteHost = await prompt('Remote SSH Host', 'cli');
-  const remoteWorkDir = await prompt('Remote Work Directory', '~/gcli/deepreview');
+  const remoteWorkDir = await prompt('Remote Work Directory', `${OFFLOAD_BASE}/workspace`);
 
   console.log(`🔍 Checking state of ${remoteHost}...`);
 
@@ -48,8 +49,8 @@ export async function runSetup(env: NodeJS.ProcessEnv = process.env) {
   const ghChoice = await prompt('GitHub CLI Setup: Use [p]re-existing instance or [i]solated sandbox instance? (Isolated is recommended)', 'i');
   const ghSetup = ghChoice.toLowerCase() === 'p' ? 'preexisting' : 'isolated';
 
-  const ISOLATED_GEMINI_CONFIG = '~/.offload/gemini-cli-config';
+  const ISOLATED_GEMINI_CONFIG = `${OFFLOAD_BASE}/gemini-cli-config`;
-  const ISOLATED_GH_CONFIG = '~/.offload/gh-cli-config';
+  const ISOLATED_GH_CONFIG = `${OFFLOAD_BASE}/gh-cli-config`;
 
   console.log(`🔍 Checking state of ${remoteHost}...`);
   // Use a login shell to ensure the same PATH as the interactive user
@@ -102,12 +103,16 @@ export async function runSetup(env: NodeJS.ProcessEnv = process.env) {
         const globalGHAuth = spawnSync('ssh', [remoteHost, 'sh -lc "gh auth status"'], { stdio: 'pipe' });
         if (globalGHAuth.status === 0) {
             if (await confirm('     Global GH auth found. Sync it to isolated instance?')) {
-                spawnSync('ssh', [remoteHost, `cp -r ~/.config/gh/* ${ISOLATED_GH_CONFIG}/`]);
+                spawnSync('ssh', [remoteHost, `mkdir -p ${ISOLATED_GH_CONFIG} && cp -r ~/.config/gh/* ${ISOLATED_GH_CONFIG}/`]);
-                console.log('     ✅ GH Auth synced.');
+                const verifySync = spawnSync('ssh', [remoteHost, `sh -lc "export GH_CONFIG_DIR=${ISOLATED_GH_CONFIG} && gh auth status"`], { stdio: 'pipe' });
+                if (verifySync.status === 0) {
+                    console.log('     ✅ GitHub CLI successfully authenticated via sync.');
+                    return; // Skip the "may need to login" message
+                }
             }
         }
     }
-    if (!isGHAuthRemote) console.log('     You may need to run "gh auth login" on the remote machine later.');
+    console.log('     ⚠️  GitHub CLI is not yet authenticated. You may need to run "gh auth login" on the remote machine later.');
   }
 
   // Gemini Auth Check

.gemini/skills/review-pr/SKILL.md

@@ -46,12 +46,20 @@ The agent must follow these steps to conduct the review:
 
 ## Final Assessment
 
-Provide a final recommendation with three sections:
+Provide a final recommendation with four sections:
 
 1.  **Summary**: High-level verdict (Approve / Needs Work / Reject).
 2.  **Verified Behavior**: Describe the scripts/commands you ran to prove the
     feature works.
 3.  **Findings**: List Critical issues, Improvements, and Nitpicks.
+4.  **Actionable URL**: Explicitly print the PR URL: `gh pr view --web`.
+
+### Approval Protocol
+
+After presenting the synthesis, the agent MUST determine the all-up recommendation and ask the user for confirmation:
+
+*   "Based on the verification, I recommend **[APPROVE / COMMENT / REJECT]**. Would you like me to post this review to GitHub?"
+*   If the user agrees, execute the appropriate `gh pr review` command (e.g., `gh pr review <PR_NUMBER> --approve --body "<Summary>"`).
 
 ## Best Practices
 - **Be Skeptical**: Just because CI is green doesn't mean the feature is complete. Look for missing edge cases.