add automated PR review workflow with read-only token

[elithrar]

Every PR currently requires a manual /bonk invocation for AI review. This adds an automated review that runs on every new PR, using a read-only scoped token so the reviewer agent physically cannot push code.

Depends on ask-bonk/ask-bonk#138 which adds the token_permissions input.

• .github/workflows/new-pr-review.yml — triggers on pull_request: [opened], uses token_permissions: READ_ONLY to scope the installation token to read-only (can comment/review, cannot push), runs the reviewer agent with Kimi K2, skips bot/dependabot PRs, 15min timeout
• .github/bonk_reviewer.md — hardened reviewer prompt with anti-injection anchoring (system boundary at top and bottom), vinext-specific review checklist (server parity, RSC/SSR boundary, Next.js compat), clear read-only constraints

# The key security line:
token_permissions: READ_ONLY
# Results in: { contents: "read", issues: "write", pull_requests: "write", metadata: "read" }

[ask-bonk]

ProviderModelNotFoundError

github run

[ask-bonk]

@elithrar Bonk workflow failed. Check the logs for details.

View workflow run · To retry, trigger Bonk again.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/vinext@227

commit: 4c027f5

[github-actions]

Example	Preview	Production	Original
app-router-cloudflare	preview	production
pages-router-cloudflare	preview	production
app-router-playground	preview	production	original
realworld-api-rest	preview	production
nextra-docs-template	preview	production
benchmarks	preview	production
hackernews	preview	production	original

[ask-bonk]

remote: Internal Server Error
fatal: unable to access 'https://github.com/cloudflare/vinext.git/': The requested URL returned error: 500

github run

[elithrar]

/bonk Refer to the latest ask-bonk changes in ask-bonk/ask-bonk#138 (now merged). Use them to understand the Bonk API and then:

• Update this PR to use the new PUSH_ONLY token_permissions directive
• Validate that only actors >= 30 days invoke the automation
• That the agent only looks at the PR diff, ignoring the description.
• The agent focuses on providing concise, actionable output to the PR author.
• Self-review this PR, including all changes, against our original design goal of allowing automated review on new PR submission.

When you make changes, self-review again per our instructions.

[ask-bonk]

To https://github.com/cloudflare/vinext.git
! [remote rejected] feat/auto-pr-review -> feat/auto-pr-review (refusing to allow a GitHub App to create or update workflow .github/workflows/new-pr-review.yml without workflows permission)
error: failed to push some refs to 'https://github.com/cloudflare/vinext.git'

github run

[elithrar]

(When you forget that you didn’t give the app workflow edit permissions for security reasons)