From 6dd3c67427d65751d42f2dbc0c3db3d829c697de Mon Sep 17 00:00:00 2001
From: Luke Mino-Altherr <luke@comfy.org>
Date: Thu, 28 May 2026 15:07:22 -0700
Subject: [PATCH] Add unreviewed merge detector for SOC 2 compliance (#14146)

---
 .github/workflows/detect-unreviewed-merge.yml | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/detect-unreviewed-merge.yml

diff --git a/.github/workflows/detect-unreviewed-merge.yml b/.github/workflows/detect-unreviewed-merge.yml
new file mode 100644
index 000000000..4fabecb94
--- /dev/null
+++ b/.github/workflows/detect-unreviewed-merge.yml
@@ -0,0 +1,24 @@
+name: Detect Unreviewed Merge
+
+# SOC 2 compliance — reusable workflow lives in Comfy-Org/github-workflows,
+# tracking issues are filed in Comfy-Org/unreviewed-merges.
+
+on:
+  push:
+    branches: [master]
+
+concurrency:
+  group: detect-unreviewed-merge-${{ github.sha }}
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  detect:
+    uses: Comfy-Org/github-workflows/.github/workflows/detect-unreviewed-merge.yml@4d9cb6b87f953bb7cd69954280e1465fb9bd2040 # v1
+    with:
+      approval-mode: latest-per-reviewer
+    secrets:
+      UNREVIEWED_MERGES_TOKEN: ${{ secrets.UNREVIEWED_MERGES_TOKEN }}