The climax. You point REVIEWBOT at a pull request full of deliberately planted bugs, on its own repository, and watch it judge itself. Use your own build, or checkpoint-5-mcp which adds approvals, scheduling, and the MCP server.
Set up the bad PR
The branch pr/the-suspicious-change holds the bad diff. Fork or mirror reviewbot-agent to your own GitHub so REVIEWBOT can fetch it via the public API, then open the PR:
git push origin pr/the-suspicious-change
gh pr create --base main --head pr/the-suspicious-change \
--title "The suspicious change" --body "Various improvements."Run the review
In the chat:
Review PR #1 on
<your-org>/reviewbot-agent.
The risk tier comes back full because the diff touches security-sensitive paths, so all three specialists fire. Watch the workflow fan out and the findings panel fill in.
Approve, then reschedule
REVIEWBOT proposes postReview and asks for your approval. Approve it, and the status flips to posted. Bonus: ask it to “check this PR again in 30 seconds” to see scheduleRecheck in action.
Done when
- The reviewer flags at least the two critical security findings (the hardcoded token and the
evalof untrusted input). postReviewwaited for your approval before posting.- You can explain how risk tiering chose the specialists.