Extend the daily Renovate review so it triages instead of only advising,
and surface results in the interactive shell.
- Auto-approve: PRs graded low risk (patch/minor bumps to tooling, infra,
test or framework libs; symmetric diff; CI passing; no app logic) that
are not already approved get an APPROVE review via
pull_request_review_write. These repos automerge on approval, so this
merges them with no human in the loop -- intentional. Medium/high risk,
failing/pending CI, stale branches and anything needing judgement are
left untouched for Emma. No merge tool is granted.
- State + reminder: each run records ~/.local/state/renovate-review/
{last-run,needs-review.txt}. A once-a-day interactive zsh reminder
(programs.zsh.initContent) warns if the timer hasn't run, lists the PRs
needing review, or confirms an all-clear.
Verified: nix build (eval + shellcheck) green; triage parsing and the
reminder's run/stale/all-clear/throttle branches exercised against
synthetic state. The first live auto-approval is left for a supervised
scheduled/manual run.
Add a systemd user timer on the EDaaS/WSL host that runs Claude Code
headless once a day (08:47) to review Renovate dependency PRs awaiting
Emma's review. It queries GitHub via the project-scoped github MCP
server, excludes PRs against archived repositories, grades each PR's
risk, and writes a recommendation-only summary to the journal
(journalctl --user -u renovate-review). It never approves or merges.
- lyrathorpe/home/renovate-review.nix: wrapper + service + timer.
Auth is Vertex AI via the inherited project/region/model env; Claude
Code provisions its own network egress, so no proxy is set. The
prompt lives in a store file so its literal backticks/$ don't trip
shellcheck in the wrapper.
- lyrathorpe/home/work.nix: import the module (host-scoped to EDaaS).
- system/machine/EDaaS/configuration.nix: enable user linger so the
timer fires without an attached login session.
Emma Thorpe