From 3c732dc4d59735b5d6155bf8449e15b046b1a779 Mon Sep 17 00:00:00 2001
From: Jerop Kipruto <jerop@google.com>
Date: Wed, 10 Sep 2025 15:46:31 -0400
Subject: [PATCH] fix: enforce COMMENT event type for
 submit_pending_pull_request_review

- Explicitly specify event type 'COMMENT' for MCP tool submit_pending_pull_request_review
- Add clear instructions listing all available event types (APPROVE, REQUEST_CHANGES, COMMENT)
- Explicitly prohibit use of APPROVE and REQUEST_CHANGES event types
- Ensures bot only comments on PRs and never approves them automatically
- Note: Best practices already recommend branch protection rules and PR approval restrictions (see docs/best-practices.md)
---
 .github/workflows/gemini-review.yml            | 2 +-
 examples/workflows/pr-review/gemini-review.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml
index f3cc8b8ba..863c68239 100644
--- a/.github/workflows/gemini-review.yml
+++ b/.github/workflows/gemini-review.yml
@@ -251,7 +251,7 @@ jobs:
                     {{SEVERITY}} {{COMMENT_TEXT}}
                     </COMMENT>
 
-            3. **Submit Final Review:** Call `mcp__github__submit_pending_pull_request_review` with a summary comment. **DO NOT** approve the pull request. **DO NOT** request changes. The summary comment **MUST** use this exact markdown format:
+            3. **Submit Final Review:** Call `mcp__github__submit_pending_pull_request_review` with a summary comment and event type "COMMENT". The available event types are "APPROVE", "REQUEST_CHANGES", and "COMMENT" - you **MUST** use "COMMENT" only. **DO NOT** use "APPROVE" or "REQUEST_CHANGES" event types. The summary comment **MUST** use this exact markdown format:
 
                 <SUMMARY>
                 ## 📋 Review Summary
diff --git a/examples/workflows/pr-review/gemini-review.yml b/examples/workflows/pr-review/gemini-review.yml
index 9d1b992cd..4464632de 100644
--- a/examples/workflows/pr-review/gemini-review.yml
+++ b/examples/workflows/pr-review/gemini-review.yml
@@ -251,7 +251,7 @@ jobs:
                     {{SEVERITY}} {{COMMENT_TEXT}}
                     </COMMENT>
 
-            3. **Submit Final Review:** Call `mcp__github__submit_pending_pull_request_review` with a summary comment. **DO NOT** approve the pull request. **DO NOT** request changes. The summary comment **MUST** use this exact markdown format:
+            3. **Submit Final Review:** Call `mcp__github__submit_pending_pull_request_review` with a summary comment and event type "COMMENT". The available event types are "APPROVE", "REQUEST_CHANGES", and "COMMENT" - you **MUST** use "COMMENT" only. **DO NOT** use "APPROVE" or "REQUEST_CHANGES" event types. The summary comment **MUST** use this exact markdown format:
 
                 <SUMMARY>
                 ## 📋 Review Summary