change oz review limit to 5 and refresh automatically after 24hr

[acarl005]

This PR has the following changes:

1. Bump review limit from 3 to 5.
2. The limit is daily, i.e. 5 invocations on the PR per day.
3. On the 5th invocation, inform the user that they have hit the daily limit for reviews and to try again. The message will include the remaining time they need to wait.

The goals are to:

1. Prevent abuse. Malicious actors will still be unable to spam us since there is a daily limit.
2. Unblock contributors. They get more reviews and it will replenish automatically after a day. We are also clearer about this limit existing.
3. Consume less Warp eng time. No manual intervention is required.

[oz-for-oss]

@acarl005

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[oz-for-oss]

Overview

This PR raises the explicit /oz-review cap to five invocations in a rolling 24-hour window and adds advisory/blocking comments with retry timing.

Concerns

• The daily abuse limit is still backed only by currently visible PR comments, so a contributor can delete prior /oz-review comments and keep the counted total below the cap.

Security

• Rate-limit state is attacker-controlled/deletable; persist invocation records in server-side state before relying on this as an abuse control.

Verdict

Found: 0 critical, 1 important, 0 suggestions

Request changes

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[vkodithala]

LGTM, great fix! Added a comment that's OOS but we should definitely fix; tracking here if you have bandwidth.

[acarl005]

/oz-verify

[oz-for-oss]

@acarl005

/oz-verify report

Status: failed

Summary

No verification-enabled skills were discovered for this PR, so no skill-specific checks were run. I checked out andy/allow-contributors-more-oz-reviews, fetched PR context and diff via the trusted script, and ran fallback validation. Syntax compilation passed for the modified Python files, but PYTHONPATH=. python -m unittest tests.test_builders failed: all 20 tests in that module error because core/workflows/__init__.py imports ENFORCEMENT_COMMENT_RUN_ID from the stubbed oz.helpers module in tests/test_builders.py, and the stub was not updated to define that symbol. The PR should be treated as not verified until this test failure is fixed.

Powered by Oz