Review intelligence proposals
propose_change is the only sanctioned path for agents to mutate tenant or repo markdown intelligence (/guides/tenant-overlay/, /guides/repo-overlay/). Each call validates payloads, pushes a branch (coro/proposal/<jobId>-<layer>-<slug>), opens a Git PR via your SCM plugin, and records metadata for UI / list_proposals.
Why human review matters
Agents cannot silently change how teammates route jobs, escalate risk, interpret compliance, or document production pitfalls. Merge gates keep SOC2-style change control: every behavioural edit is reviewer-attributable Git history identical to library code changes.
Runtime also enforces one proposal per (jobId, layer) bundle — if you see duplicates, escalate tooling bugs rather than merging twice.
What to scan in each PR
- Ownership & routing — confirm paths intentionally target
.coro/...(repo) versus tenant root (agents/,memory/, …). Mis-routed overlays silently affect the wrong repos. - Diff size vs budget — memory entries must honour evaluator caps (
known-pitfallsshorter than narratives, actionable recipes). - Secret leakage — redact credentials, bearer tokens, customer data. Markdown should reference vault names, not payloads.
- Behaviour changes — for
agents/*.mdedits, skim before vs after for tool allowlist drift, escalate rules, reviewer obligations. - Skill scope — new
.claude/skills/*/SKILL.mdfiles remain focused (description:field matches actual content). Bloated encyclopaedias degrade Skill tool retrieval. - Append-only merges —
memory-updateentries should merge cleanly with existing headings; curator PRs intentionally rewrite — treat those like refactors (/guides/manage-memory/).
Approval workflow
Typical SCM flow:
- CI (if configured on intelligence repo) — lint prose or custom policy checks optional.
- Area owner approvals — platform team for cross-cutting workflows, component lead for scoped skills.
- Merge → next job resolves new overlay automatically (
gitRemotetenants pull on refresh; rerunningcoro startsuffices). - Close loop — if the originating job awaited human yes/no, acknowledge in dashboard commentary so operators know autopilot resumed.
Reject or request changes when the PR violates guardrails (proposal-markdown-only, etc.—see /guides/configure-guardrails/).
Relationship to application PRs
Intelligence PRs ride in their own repos distinct from coding PRs opened by Coders (scm_create_pr). Keep naming conventions distinguishable (“coro proposal …” branches are automatic). Link back to originating job IDs logged in dashboard when auditing.
Related reading
/reference/cli/— inspecting jobs that produced proposals (/reference/cli/).- /guides/webhooks/ — proposals do not substitute for webhook-driven merges of application PRs — both coexist.