From 1e984a88872b163d996633595db970673e8ad3c4 Mon Sep 17 00:00:00 2001 From: mvm Date: Tue, 19 May 2026 09:40:48 -0500 Subject: [PATCH 1/5] fix: remove redundant CODEOWNERS check from bonk-auto-review --- .github/workflows/bonk.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/bonk.yml b/.github/workflows/bonk.yml index cf5f70a44dafff1..38362ab18c3c751 100644 --- a/.github/workflows/bonk.yml +++ b/.github/workflows/bonk.yml @@ -141,7 +141,6 @@ jobs: with: model: "cloudflare-ai-gateway/workers-ai/@cf/moonshotai/kimi-k2.6" agent: docs - permissions: CODEOWNERS token_permissions: NO_PUSH prompt: | Review this pull request. Review the title, description, and diff. From 7578db78b078e4aa96f62a0fa41784820a2637a3 Mon Sep 17 00:00:00 2001 From: mvm Date: Tue, 19 May 2026 09:43:43 -0500 Subject: [PATCH 2/5] fix: use write permission check in bonk-auto-review as defense-in-depth --- .github/workflows/bonk.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/bonk.yml b/.github/workflows/bonk.yml index 38362ab18c3c751..cfd368119bdf586 100644 --- a/.github/workflows/bonk.yml +++ b/.github/workflows/bonk.yml @@ -141,6 +141,7 @@ jobs: with: model: "cloudflare-ai-gateway/workers-ai/@cf/moonshotai/kimi-k2.6" agent: docs + permissions: write token_permissions: NO_PUSH prompt: | Review this pull request. Review the title, description, and diff. From 4abd4c6a895e6762a92f7bff87ce6ad13aac11f2 Mon Sep 17 00:00:00 2001 From: mvm Date: Tue, 19 May 2026 09:45:31 -0500 Subject: [PATCH 3/5] fix: drop permissions input from bonk-auto-review --- .github/workflows/bonk.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/bonk.yml b/.github/workflows/bonk.yml index cfd368119bdf586..38362ab18c3c751 100644 --- a/.github/workflows/bonk.yml +++ b/.github/workflows/bonk.yml @@ -141,7 +141,6 @@ jobs: with: model: "cloudflare-ai-gateway/workers-ai/@cf/moonshotai/kimi-k2.6" agent: docs - permissions: write token_permissions: NO_PUSH prompt: | Review this pull request. Review the title, description, and diff. From 74bd1690dd6f0152c3344a1dbf22ed5783618f64 Mon Sep 17 00:00:00 2001 From: mvm Date: Tue, 19 May 2026 09:51:31 -0500 Subject: [PATCH 4/5] fix: use permissions: write in bonk-auto-review --- .github/workflows/bonk.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/bonk.yml b/.github/workflows/bonk.yml index 38362ab18c3c751..cfd368119bdf586 100644 --- a/.github/workflows/bonk.yml +++ b/.github/workflows/bonk.yml @@ -141,6 +141,7 @@ jobs: with: model: "cloudflare-ai-gateway/workers-ai/@cf/moonshotai/kimi-k2.6" agent: docs + permissions: write token_permissions: NO_PUSH prompt: | Review this pull request. Review the title, description, and diff. From a64017798063b9aa714e62fe026f0e10c5669b9a Mon Sep 17 00:00:00 2001 From: mvm Date: Tue, 19 May 2026 09:55:57 -0500 Subject: [PATCH 5/5] fix: replace CODEOWNERS permission with write in bonk step --- .github/workflows/bonk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bonk.yml b/.github/workflows/bonk.yml index cfd368119bdf586..d67cc7b010d25ee 100644 --- a/.github/workflows/bonk.yml +++ b/.github/workflows/bonk.yml @@ -87,7 +87,7 @@ jobs: model: "cloudflare-ai-gateway/workers-ai/@cf/moonshotai/kimi-k2.6" agent: docs mentions: "/bonk" - permissions: CODEOWNERS + permissions: write bonk-auto-review: needs: check-codeowner