feat: Add Devin PR review workflow

[devin-ai-integration]

Issue

• resolve: https://github.com/route06/liam-internal/issues/5975

Why is this change needed?

We want to enable automated code review by Devin when a pull request is labeled devin-review in this repository, matching the workflow already used elsewhere. This reduces manual overhead, standardizes review prompts, and improves review consistency through shared guidelines.

What’s included

• New GitHub Actions workflow: .github/workflows/devin-pr-review.yml

  • Trigger: pull_request labeled with devin-review
  • API key auto-selection based on the labeler’s GitHub username (six supported users)
  • Loads review guidelines from docs/review-guidelines.md and embeds them in the Devin session prompt
  • Calls Devin API to create a review session
  • Posts a comment on the PR with the Devin session URL (if available)
  • Robust error handling: HTTP status checks, JSON validation, and PR comment on failure

• New documentation: docs/review-guidelines.md

  • Repository-specific review principles covering Biome usage, Turbo build dependencies, monorepo structure, lint/test expectations, and common pitfalls
  • Checklist for reviewers to drive consistent reviews

Notes and important review points

• Secrets required in liam-hq/liam:

  • DEVIN_API_KEY_MH4GF
  • DEVIN_API_KEY_HOSHINOTSUYOSHI
  • DEVIN_API_KEY_FUNAMA_YUKINA
  • DEVIN_API_KEY_JUNKISAI
  • DEVIN_API_KEY_NORITAKE_IKEDA
  • DEVIN_API_KEY_KUMANOAYUMI
    Ensure these are configured; otherwise the job will error when the label is applied.

• User mapping

  • Mapped to the label sender (github.event.sender.login). Verify these logins match your org users exactly:
    MH4GF, hoshinotsuyoshi, FunamaYukina, junkisai, NoritakaIkeda, kumanoayumi

• Guidelines path and content

  • Workflow expects docs/review-guidelines.md to exist and be non-empty. Content is tailored to this monorepo (Biome/Turbo/pnpm). Please confirm the guidance matches current standards and adjust as needed.

• Tooling assumptions

  • ubuntu-latest should include gh and jq. If these ever aren’t present, steps may need explicit setup.

• Language of the Devin prompt

  • The prompt body is currently in Japanese. If you prefer English prompts for Devin, we can switch.

• Concurrency and duplicate runs

  • No concurrency guard; re-labeling quickly could create multiple sessions. If that’s a concern, consider adding a concurrency group or idempotency logic.

Human review checklist

• Confirm all six DEVIN_API_KEY_* secrets exist in liam-hq/liam
• Validate GitHub usernames in the case mapping are correct
• Sanity-check docs/review-guidelines.md content per team conventions
• Decide whether the Devin prompt should be in English for consistency
• Consider adding concurrency/idempotency to avoid duplicate sessions
• Verify workflow permissions (contents: read, pull-requests: write) are appropriate

Link to Devin run

• https://app.devin.ai/sessions/9818fc313273423a8b97a69da70b5582

Requested by: [email protected] (@MH4GF)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
liam-app	Ready	Preview	Comment	Oct 29, 2025 10:02am
liam-assets	Ready	Preview	Comment	Oct 29, 2025 10:02am
liam-erd-sample	Ready	Preview	Comment	Oct 29, 2025 10:02am
liam-storybook	Ready	Preview	Comment	Oct 29, 2025 10:02am

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
liam-docs	Ignored	Preview		Oct 29, 2025 10:02am

[giselles-ai]

Finished running flow.

Step	Status	Updated(UTC)
1	✅	Oct 29, 2025 9:49am
2	✅	Oct 29, 2025 9:50am
3	✅	Oct 29, 2025 9:50am

[supabase]

Updates to Preview Branch (devin/1761731112-add-devin-pr-review-workflow) ↗︎

Deployments	Status	Updated
Database	✅	Wed, 29 Oct 2025 09:53:42 UTC
Services	✅	Wed, 29 Oct 2025 09:53:42 UTC
APIs	✅	Wed, 29 Oct 2025 09:53:42 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks	Status	Updated
Configurations	✅	Wed, 29 Oct 2025 09:53:43 UTC
Migrations	✅	Wed, 29 Oct 2025 09:53:43 UTC
Seeding	✅	Wed, 29 Oct 2025 09:53:44 UTC
Edge Functions	✅	Wed, 29 Oct 2025 09:53:44 UTC

---

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[giselles-ai]

Check changeset necessity

Status: NOT REQUIRED

Reason:

• Only affects CI tooling and docs: adds .github/workflows/devin-pr-review.yml and docs/review-guidelines.md
• No changes to versioned target packages: @liam-hq/cli, @liam-hq/erd-core, @liam-hq/schema, @liam-hq/ui
• No user-facing features, bug fixes, API or behavioral changes in published packages
• Classified as “Development tooling changes” and “Documentation only,” which do not require a changeset per the guide

Changeset (copy & paste):

N/A – no changeset required for this PR