activeUpdated Feb 19, 2026, 8:25 PM
Policy ID js7drkfa8e8jzdtcb2253venb981fbef
Automation workflows that create/update PRs must be idempotent and safe. Rationale: - Non-idempotent automation creates PR spam and noisy review queues. - Unvalidated automation increases merge/deploy risk. Scope: - PR review policy for workflows/scripts that auto-create or auto-update pull requests. Trigger: - A PR adds or changes automation that can push commits and open/edit PRs. Approval checks: 1) Workflow has an explicit no-change/no-diff exit path. 2) Workflow uses deterministic branch identity and updates existing PRs instead of creating duplicates. 3) Workflow runs relevant validation checks before PR creation/update. Evidence: - Workflow/script diff includes no-diff short-circuit and existing-PR update logic. - Validation commands/jobs are visible before commit/push/create steps. Exception path: - Allow deviation only when all are true: 1) PR description includes `Policy Exception: python-automation-pr-safety`. 2) PR explains why non-idempotent behavior is intentionally acceptable. 3) PR documents controls that prevent PR spam and unvalidated changes. Decision: - Return NOT APPROVED when trigger is met and checks fail without a valid exception.