From 92ccb6e4ea9d11c70055b87ba2a8231ea174f57b Mon Sep 17 00:00:00 2001 From: Harsh Mahajan Date: Thu, 2 Oct 2025 17:43:30 +0000 Subject: [PATCH 1/8] feat(vcs): expand GitHub comment tips --- docker-compose.yml | 2 +- src/Appwrite/Vcs/Comment.php | 35 +++++++++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 58b78fcd8e..afc32a518b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1033,7 +1033,7 @@ services: volumes: - appwrite-mariadb:/var/lib/mysql:rw ports: - - "3306:3306" + - "3307:3306" environment: - MYSQL_ROOT_PASSWORD=${_APP_DB_ROOT_PASS} - MYSQL_DATABASE=${_APP_DB_SCHEMA} diff --git a/src/Appwrite/Vcs/Comment.php b/src/Appwrite/Vcs/Comment.php index a66706a4a2..f81abca858 100644 --- a/src/Appwrite/Vcs/Comment.php +++ b/src/Appwrite/Vcs/Comment.php @@ -11,10 +11,37 @@ class Comment { // TODO: Add more tips protected array $tips = [ - 'Appwrite has a Discord community with over 16 000 members.', - 'You can use Avatars API to generate QR code for any text or URLs.', - 'Cursor pagination performs better than offset pagination when loading further pages.', - ]; + 'Appwrite has crossed the 50K GitHub stars milestone with hundreds of active contributors', + 'Discord community has grown to 24K passionate developers and counting', + 'Sites auto-generate unique domains with the pattern https://randomstring.appwrite.network', + 'Every Git commit and branch gets its own deployment URL automatically', + 'Custom domains work with both CNAME for subdomains and NS records for apex domains', + 'HTTPS and SSL certificates are handled automagically for all your Sites', + 'Functions can run for up to 15 minutes before timing out', + 'Schedule functions to run as often as every minute with cron expressions', + 'Environment variables can be scoped per function or shared across your project', + 'Function scopes give you fine-grained control over API permissions', + 'Sites support three domain rule types: Active deployment, Git branch, and Redirect', + 'Preview deployments create instant URLs for every branch and commit', + 'Trigger functions via HTTP, SDKs, events, webhooks, or scheduled cron jobs', + 'Each function runs in its own isolated container with custom environment variables', + 'Build commands execute in runtime containers during deployment', + 'Dynamic API keys are generated automatically for each function execution', + 'JWT tokens let functions act on behalf of users while preserving their permissions', + 'Storage files get ClamAV malware scanning and encryption by default', + 'Roll back Sites deployments instantly by switching between versions', + 'Git integration provides automatic deployments with optional PR comments', + 'Silent mode disables those chatty PR comments if you prefer peace and quiet', + 'Environment variable changes require redeployment to take effect', + 'SSR frameworks are fully supported with configurable build runtimes', + 'Global CDN and DDoS protection come free with every Sites deployment', + 'Deploy functions via zip upload or connect directly to your Git repo', + 'Realtime gives you live updates for users, storage, functions, and databases', + 'GraphQL API works alongside REST and WebSocket protocols', + 'Messaging handles push notifications, emails, and SMS through one unified API', + 'Teams feature lets you group users with membership management and role permissions', + 'MCP server integration brings LLM superpowers to Claude Desktop and Cursor IDE', + ]; protected string $statePrefix = '[appwrite]: #'; From 61a8f589ac11a82faac766bf4bbbe34c274e84f8 Mon Sep 17 00:00:00 2001 From: Harsh Mahajan Date: Thu, 2 Oct 2025 17:44:21 +0000 Subject: [PATCH 2/8] port issue --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index afc32a518b..58b78fcd8e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1033,7 +1033,7 @@ services: volumes: - appwrite-mariadb:/var/lib/mysql:rw ports: - - "3307:3306" + - "3306:3306" environment: - MYSQL_ROOT_PASSWORD=${_APP_DB_ROOT_PASS} - MYSQL_DATABASE=${_APP_DB_SCHEMA} From 64c3b7a2ffe4a7907f90eda92accfed2432dc2d2 Mon Sep 17 00:00:00 2001 From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com> Date: Thu, 2 Oct 2025 23:19:34 +0530 Subject: [PATCH 3/8] Update src/Appwrite/Vcs/Comment.php Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- src/Appwrite/Vcs/Comment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Appwrite/Vcs/Comment.php b/src/Appwrite/Vcs/Comment.php index f81abca858..325f7d30d1 100644 --- a/src/Appwrite/Vcs/Comment.php +++ b/src/Appwrite/Vcs/Comment.php @@ -41,7 +41,7 @@ class Comment 'Messaging handles push notifications, emails, and SMS through one unified API', 'Teams feature lets you group users with membership management and role permissions', 'MCP server integration brings LLM superpowers to Claude Desktop and Cursor IDE', - ]; + ]; protected string $statePrefix = '[appwrite]: #'; From 32dae9ad7c3e27ef399f7cd23a106fc54a70cf41 Mon Sep 17 00:00:00 2001 From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com> Date: Wed, 22 Oct 2025 10:05:18 +0530 Subject: [PATCH 4/8] Update Comment.php --- src/Appwrite/Vcs/Comment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Appwrite/Vcs/Comment.php b/src/Appwrite/Vcs/Comment.php index 325f7d30d1..d56c93dfe9 100644 --- a/src/Appwrite/Vcs/Comment.php +++ b/src/Appwrite/Vcs/Comment.php @@ -12,7 +12,7 @@ class Comment // TODO: Add more tips protected array $tips = [ 'Appwrite has crossed the 50K GitHub stars milestone with hundreds of active contributors', - 'Discord community has grown to 24K passionate developers and counting', + 'Our Discord community has grown to 24K developers, and counting', 'Sites auto-generate unique domains with the pattern https://randomstring.appwrite.network', 'Every Git commit and branch gets its own deployment URL automatically', 'Custom domains work with both CNAME for subdomains and NS records for apex domains', From 1468231de77086ffb93570c267ab54049a4e6a16 Mon Sep 17 00:00:00 2001 From: Harsh Mahajan <127186841+HarshMN2345@users.noreply.github.com> Date: Thu, 23 Oct 2025 20:20:16 +0530 Subject: [PATCH 5/8] Update Comment.php --- src/Appwrite/Vcs/Comment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Appwrite/Vcs/Comment.php b/src/Appwrite/Vcs/Comment.php index d56c93dfe9..06c8641ce8 100644 --- a/src/Appwrite/Vcs/Comment.php +++ b/src/Appwrite/Vcs/Comment.php @@ -16,7 +16,7 @@ class Comment 'Sites auto-generate unique domains with the pattern https://randomstring.appwrite.network', 'Every Git commit and branch gets its own deployment URL automatically', 'Custom domains work with both CNAME for subdomains and NS records for apex domains', - 'HTTPS and SSL certificates are handled automagically for all your Sites', + 'HTTPS and SSL certificates are handled automatically for all your Sites', 'Functions can run for up to 15 minutes before timing out', 'Schedule functions to run as often as every minute with cron expressions', 'Environment variables can be scoped per function or shared across your project', From c5d4551cab7dc76596c317b4d789c6871af0f23c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 1 Nov 2025 15:39:50 +0000 Subject: [PATCH 6/8] Initial plan From 1f9afc8cab16dab879e3bb1934c4c78d5274124a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 1 Nov 2025 15:47:43 +0000 Subject: [PATCH 7/8] Update issue-triage workflow to run daily and process last 24h issues Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- .github/workflows/issue-triage.lock.yml | 333 +++++++++++------------- .github/workflows/issue-triage.md | 30 ++- 2 files changed, 167 insertions(+), 196 deletions(-) diff --git a/.github/workflows/issue-triage.lock.yml b/.github/workflows/issue-triage.lock.yml index 3249affe00..ec37340b4b 100644 --- a/.github/workflows/issue-triage.lock.yml +++ b/.github/workflows/issue-triage.lock.yml @@ -5,7 +5,7 @@ # # Source: githubnext/agentics/workflows/issue-triage.md@0837fb7b24c3b84ee77fb7c8cfa8735c48be347a # -# Effective stop-time: 2025-11-27 03:00:29 +# Effective stop-time: 2025-12-01 15:46:50 # # Job Dependency Graph: # ```mermaid @@ -33,18 +33,29 @@ # add_labels --> update_reaction # missing_tool --> update_reaction # ``` +# +# Pinned GitHub Actions: +# - actions/checkout@v5 (08c6903cd8c0fde910a37f88322edcfb5dd907a8) +# https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8 +# - actions/download-artifact@v5 (634f93cb2916e3fdff6788551b99b062d0335ce0) +# https://github.com/actions/download-artifact/commit/634f93cb2916e3fdff6788551b99b062d0335ce0 +# - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) +# https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 +# - actions/upload-artifact@v4 (ea165f8d65b6e75b540449e92b4886f43607fa02) +# https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02 name: "Agentic Triage" "on": - issues: - types: - - opened - - reopened + schedule: + - cron: 0 0 * * * + workflow_dispatch: null permissions: read-all concurrency: - group: "gh-aw-${{ github.workflow }}-${{ github.event.issue.number }}" + group: "gh-aw-${{ github.workflow }}" run-name: "Agentic Triage" @@ -52,7 +63,7 @@ jobs: activation: needs: pre_activation if: needs.pre_activation.outputs.activated == 'true' - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: discussions: write issues: write @@ -414,9 +425,9 @@ jobs: - agent - detection if: > - ((!cancelled()) && (contains(needs.agent.outputs.output_types, 'add_comment'))) && (((github.event.issue.number) || - (github.event.pull_request.number)) || (github.event.discussion.number)) - runs-on: ubuntu-latest + (((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment'))) && + (((github.event.issue.number) || (github.event.pull_request.number)) || (github.event.discussion.number)) + runs-on: ubuntu-slim permissions: contents: read discussions: write @@ -805,9 +816,9 @@ jobs: - agent - detection if: > - ((!cancelled()) && (contains(needs.agent.outputs.output_types, 'add_labels'))) && ((github.event.issue.number) || - (github.event.pull_request.number)) - runs-on: ubuntu-latest + (((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels'))) && + ((github.event.issue.number) || (github.event.pull_request.number)) + runs-on: ubuntu-slim permissions: contents: read issues: write @@ -1046,6 +1057,8 @@ jobs: needs: activation runs-on: ubuntu-latest permissions: read-all + concurrency: + group: "gh-aw-copilot-${{ github.workflow }}" env: GH_AW_SAFE_OUTPUTS: /tmp/gh-aw/safeoutputs/outputs.jsonl GH_AW_SAFE_OUTPUTS_CONFIG: "{\"add_comment\":{\"max\":1},\"add_labels\":{\"max\":5},\"missing_tool\":{}}" @@ -1055,14 +1068,22 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + with: + persist-credentials: false - name: Create gh-aw temp directory run: | mkdir -p /tmp/gh-aw/agent echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} run: | git config --global user.email "github-actions[bot]@users.noreply.github.com" - git config --global user.name "${{ github.workflow }}" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL="${{ github.server_url }}" + SERVER_URL="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Checkout PR branch if: | @@ -1114,15 +1135,15 @@ jobs: env: COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 with: node-version: '24' - name: Install GitHub Copilot CLI - run: npm install -g @github/copilot@0.0.351 + run: npm install -g @github/copilot@0.0.353 - name: Downloading container images run: | set -e - docker pull ghcr.io/github/github-mcp-server:v0.19.1 + docker pull ghcr.io/github/github-mcp-server:v0.20.1 docker pull mcp/fetch - name: Setup Safe Outputs Collector MCP run: | @@ -1913,6 +1934,13 @@ jobs: chmod +x /tmp/gh-aw/safeoutputs/mcp-server.cjs - name: Setup MCPs + env: + GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GH_AW_SAFE_OUTPUTS_CONFIG: ${{ toJSON(env.GH_AW_SAFE_OUTPUTS_CONFIG) }} + GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} + GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} + GH_AW_ASSETS_ALLOWED_EXTS: ${{ env.GH_AW_ASSETS_ALLOWED_EXTS }} run: | mkdir -p /tmp/gh-aw/mcp-config mkdir -p /home/runner/.copilot @@ -1932,7 +1960,7 @@ jobs: "GITHUB_READ_ONLY=1", "-e", "GITHUB_TOOLSETS=default", - "ghcr.io/github/github-mcp-server:v0.19.1" + "ghcr.io/github/github-mcp-server:v0.20.1" ], "tools": ["*"], "env": { @@ -1949,7 +1977,9 @@ jobs: "GH_AW_SAFE_OUTPUTS_CONFIG": "\${GH_AW_SAFE_OUTPUTS_CONFIG}", "GH_AW_ASSETS_BRANCH": "\${GH_AW_ASSETS_BRANCH}", "GH_AW_ASSETS_MAX_SIZE_KB": "\${GH_AW_ASSETS_MAX_SIZE_KB}", - "GH_AW_ASSETS_ALLOWED_EXTS": "\${GH_AW_ASSETS_ALLOWED_EXTS}" + "GH_AW_ASSETS_ALLOWED_EXTS": "\${GH_AW_ASSETS_ALLOWED_EXTS}", + "GITHUB_REPOSITORY": "\${GITHUB_REPOSITORY}", + "GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}" } }, "web-fetch": { @@ -1983,20 +2013,23 @@ jobs: - You're a triage assistant for GitHub issues. Your task is to analyze issue #${{ github.event.issue.number }} and perform some initial triage tasks related to that issue. + You're a triage assistant for GitHub issues. Your task is to analyze issues created in the last 24 hours and perform initial triage tasks for each of them. - 1. Select appropriate labels for the issue from the provided list. + 1. First, use the `list_issues` tool to retrieve all issues created in the last 24 hours. Filter issues by using the `since` parameter with a timestamp from 24 hours ago (calculate: current time minus 24 hours in ISO 8601 format). - 2. Retrieve the issue content using the `get_issue` tool. If the issue is obviously spam, or generated by bot, or something else that is not an actual issue to be worked on, then add an issue comment to the issue with a one sentence analysis and exit the workflow. + 2. For each issue found, perform the following triage tasks: - 3. Next, use the GitHub tools to gather additional context about the issue: + 3. Select appropriate labels for the issue from the provided list. + + 4. Retrieve the issue content using the `get_issue` tool. If the issue is obviously spam, or generated by bot, or something else that is not an actual issue to be worked on, then add an issue comment to the issue with a one sentence analysis and move to the next issue. + + 5. Next, use the GitHub tools to gather additional context about the issue: - Fetch the list of labels available in this repository. Use 'gh label list' bash command to fetch the labels. This will give you the labels you can use for triaging issues. - Fetch any comments on the issue using the `get_issue_comments` tool - Find similar issues if needed using the `search_issues` tool - - List the issues to see other open issues in the repository using the `list_issues` tool - 4. Analyze the issue content, considering: + 6. Analyze the issue content, considering: - The issue title and description - The type of issue (bug report, feature request, question, etc.) @@ -2005,9 +2038,9 @@ jobs: - User impact - Components affected - 5. Write notes, ideas, nudges, resource links, debugging strategies and/or reproduction steps for the team to consider relevant to the issue. + 7. Write notes, ideas, nudges, resource links, debugging strategies and/or reproduction steps for the team to consider relevant to the issue. - 6. Select appropriate labels from the available labels list provided above: + 8. Select appropriate labels from the available labels list provided above: - Choose labels that accurately reflect the issue's nature - Be specific but comprehensive @@ -2017,13 +2050,13 @@ jobs: - Only select labels from the provided list above - It's okay to not add any labels if none are clearly applicable - 7. Apply the selected labels: + 9. Apply the selected labels: - Use the `update_issue` tool to apply the labels to the issue - DO NOT communicate directly with users - If no labels are clearly applicable, do not apply any labels - 8. Add an issue comment to the issue with your analysis: + 10. Add an issue comment to the issue with your analysis: - Start with "🎯 Agentic Issue Triage" - Provide a brief summary of the issue - Mention any relevant details that might help the team understand the issue better @@ -2035,6 +2068,8 @@ jobs: - If appropriate break the issue down to sub-tasks and write a checklist of things to do. - Use collapsed-by-default sections in the GitHub markdown to keep the comment tidy. Collapse all sections except the short main summary at the top. + 11. After processing all issues, provide a summary of how many issues were triaged. If no issues were created in the last 24 hours, simply note that no new issues needed triage. + PROMPT_EOF - name: Append XPIA security instructions to prompt env: @@ -2194,13 +2229,6 @@ jobs: name: prompt.txt path: /tmp/gh-aw/aw-prompts/prompt.txt if-no-files-found: warn - - name: Capture agent version - run: | - VERSION_OUTPUT=$(copilot --version 2>&1 || echo "unknown") - # Extract semantic version pattern (e.g., 1.2.3, v1.2.3-beta) - CLEAN_VERSION=$(echo "$VERSION_OUTPUT" | grep -oE 'v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+)?' | head -n1 || echo "unknown") - echo "AGENT_VERSION=$CLEAN_VERSION" >> $GITHUB_ENV - echo "Agent version: $VERSION_OUTPUT" - name: Generate agentic run info uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd with: @@ -2212,7 +2240,7 @@ jobs: engine_name: "GitHub Copilot CLI", model: "", version: "", - agent_version: process.env.AGENT_VERSION || "", + agent_version: "0.0.353", workflow_name: "Agentic Triage", experimental: false, supports_tools_allowlist: true, @@ -2226,6 +2254,9 @@ jobs: actor: context.actor, event_name: context.eventName, staged: false, + steps: { + firewall: "" + }, created_at: new Date().toISOString() }; @@ -2262,9 +2293,12 @@ jobs: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_SAFE_OUTPUTS_CONFIG: "{\"add_comment\":{\"max\":1},\"add_labels\":{\"max\":5},\"missing_tool\":{}}" + GITHUB_HEAD_REF: ${{ github.head_ref }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} + GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() @@ -2399,71 +2433,71 @@ jobs: script: | async function main() { const fs = require("fs"); - const maxBodyLength = 65000; - function sanitizeContent(content, maxLength) { - if (!content || typeof content !== "string") { - return ""; - } - const allowedDomainsEnv = process.env.GH_AW_ALLOWED_DOMAINS; - const defaultAllowedDomains = ["github.com", "github.io", "githubusercontent.com", "githubassets.com", "github.dev", "codespaces.new"]; - const allowedDomains = allowedDomainsEnv - ? allowedDomainsEnv - .split(",") - .map(d => d.trim()) - .filter(d => d) - : defaultAllowedDomains; - let sanitized = content; - sanitized = neutralizeMentions(sanitized); - sanitized = removeXmlComments(sanitized); - sanitized = sanitized.replace(/\x1b\[[0-9;]*[mGKH]/g, ""); - sanitized = sanitized.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, ""); - sanitized = sanitizeUrlProtocols(sanitized); - sanitized = sanitizeUrlDomains(sanitized); - const lines = sanitized.split("\n"); - const maxLines = 65000; - maxLength = maxLength || 524288; - if (lines.length > maxLines) { - const truncationMsg = "\n[Content truncated due to line count]"; - const truncatedLines = lines.slice(0, maxLines).join("\n") + truncationMsg; - if (truncatedLines.length > maxLength) { - sanitized = truncatedLines.substring(0, maxLength - truncationMsg.length) + truncationMsg; - } else { - sanitized = truncatedLines; - } - } else if (sanitized.length > maxLength) { - sanitized = sanitized.substring(0, maxLength) + "\n[Content truncated due to length]"; - } - sanitized = neutralizeBotTriggers(sanitized); - return sanitized.trim(); - function sanitizeUrlDomains(s) { - return s.replace(/\bhttps:\/\/[^\s\])}'"<>&\x00-\x1f,;]+/gi, match => { - const urlAfterProtocol = match.slice(8); - const hostname = urlAfterProtocol.split(/[\/:\?#]/)[0].toLowerCase(); - const isAllowed = allowedDomains.some(allowedDomain => { - const normalizedAllowed = allowedDomain.toLowerCase(); - return hostname === normalizedAllowed || hostname.endsWith("." + normalizedAllowed); - }); - return isAllowed ? match : "(redacted)"; - }); - } - function sanitizeUrlProtocols(s) { - return s.replace(/\b(\w+):\/\/[^\s\])}'"<>&\x00-\x1f]+/gi, (match, protocol) => { - return protocol.toLowerCase() === "https" ? match : "(redacted)"; - }); - } - function neutralizeMentions(s) { - return s.replace( - /(^|[^\w`])@([A-Za-z0-9](?:[A-Za-z0-9-]{0,37}[A-Za-z0-9])?(?:\/[A-Za-z0-9._-]+)?)/g, - (_m, p1, p2) => `${p1}\`@${p2}\`` - ); - } - function removeXmlComments(s) { - return s.replace(//g, "").replace(//g, ""); - } - function neutralizeBotTriggers(s) { - return s.replace(/\b(fixes?|closes?|resolves?|fix|close|resolve)\s+#(\w+)/gi, (match, action, ref) => `\`${action} #${ref}\``); - } + function sanitizeContent(content, maxLength) { + if (!content || typeof content !== "string") { + return ""; } + const allowedDomainsEnv = process.env.GH_AW_ALLOWED_DOMAINS; + const defaultAllowedDomains = ["github.com", "github.io", "githubusercontent.com", "githubassets.com", "github.dev", "codespaces.new"]; + const allowedDomains = allowedDomainsEnv + ? allowedDomainsEnv + .split(",") + .map(d => d.trim()) + .filter(d => d) + : defaultAllowedDomains; + let sanitized = content; + sanitized = neutralizeMentions(sanitized); + sanitized = removeXmlComments(sanitized); + sanitized = sanitized.replace(/\x1b\[[0-9;]*[mGKH]/g, ""); + sanitized = sanitized.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, ""); + sanitized = sanitizeUrlProtocols(sanitized); + sanitized = sanitizeUrlDomains(sanitized); + const lines = sanitized.split("\n"); + const maxLines = 65000; + maxLength = maxLength || 524288; + if (lines.length > maxLines) { + const truncationMsg = "\n[Content truncated due to line count]"; + const truncatedLines = lines.slice(0, maxLines).join("\n") + truncationMsg; + if (truncatedLines.length > maxLength) { + sanitized = truncatedLines.substring(0, maxLength - truncationMsg.length) + truncationMsg; + } else { + sanitized = truncatedLines; + } + } else if (sanitized.length > maxLength) { + sanitized = sanitized.substring(0, maxLength) + "\n[Content truncated due to length]"; + } + sanitized = neutralizeBotTriggers(sanitized); + return sanitized.trim(); + function sanitizeUrlDomains(s) { + s = s.replace(/\bhttps:\/\/([^\/\s\])}'"<>&\x00-\x1f,;]+)/gi, (match, domain) => { + const hostname = domain.split(/[\/:\?#]/)[0].toLowerCase(); + const isAllowed = allowedDomains.some(allowedDomain => { + const normalizedAllowed = allowedDomain.toLowerCase(); + return hostname === normalizedAllowed || hostname.endsWith("." + normalizedAllowed); + }); + return isAllowed ? match : "(redacted)"; + }); + return s; + } + function sanitizeUrlProtocols(s) { + return s.replace(/\b(\w+):(?:\/\/)?[^\s\])}'"<>&\x00-\x1f]+/gi, (match, protocol) => { + return protocol.toLowerCase() === "https" ? match : "(redacted)"; + }); + } + function neutralizeMentions(s) { + return s.replace( + /(^|[^\w`])@([A-Za-z0-9](?:[A-Za-z0-9-]{0,37}[A-Za-z0-9])?(?:\/[A-Za-z0-9._-]+)?)/g, + (_m, p1, p2) => `${p1}\`@${p2}\`` + ); + } + function removeXmlComments(s) { + return s.replace(//g, "").replace(//g, ""); + } + function neutralizeBotTriggers(s) { + return s.replace(/\b(fixes?|closes?|resolves?|fix|close|resolve)\s+#(\w+)/gi, (match, action, ref) => `\`${action} #${ref}\``); + } + } + const maxBodyLength = 65000; function getMaxAllowedForType(itemType, config) { const itemConfig = config?.[itemType]; if (itemConfig && typeof itemConfig === "object" && "max" in itemConfig && itemConfig.max) { @@ -4295,7 +4329,9 @@ jobs: detection: needs: agent runs-on: ubuntu-latest - permissions: read-all + permissions: {} + concurrency: + group: "gh-aw-copilot-${{ github.workflow }}" timeout-minutes: 10 steps: - name: Download prompt artifact @@ -4444,11 +4480,11 @@ jobs: env: COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 with: node-version: '24' - name: Install GitHub Copilot CLI - run: npm install -g @github/copilot@0.0.351 + run: npm install -g @github/copilot@0.0.353 - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -4471,8 +4507,11 @@ jobs: env: COPILOT_AGENT_RUNNER_TYPE: STANDALONE GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GITHUB_HEAD_REF: ${{ github.head_ref }} + GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} + GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd @@ -4522,8 +4561,8 @@ jobs: needs: - agent - detection - if: (!cancelled()) && (contains(needs.agent.outputs.output_types, 'missing_tool')) - runs-on: ubuntu-latest + if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'missing_tool')) + runs-on: ubuntu-slim permissions: contents: read timeout-minutes: 5 @@ -4651,89 +4690,15 @@ jobs: }); pre_activation: - runs-on: ubuntu-latest + runs-on: ubuntu-slim outputs: - activated: ${{ (steps.check_membership.outputs.is_team_member == 'true') && (steps.check_stop_time.outputs.stop_time_ok == 'true') }} + activated: ${{ steps.check_stop_time.outputs.stop_time_ok == 'true' }} steps: - - name: Check team membership for workflow - id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd - env: - GH_AW_REQUIRED_ROLES: admin,maintainer,write - with: - script: | - async function main() { - const { eventName } = context; - const actor = context.actor; - const { owner, repo } = context.repo; - const requiredPermissionsEnv = process.env.GH_AW_REQUIRED_ROLES; - const requiredPermissions = requiredPermissionsEnv ? requiredPermissionsEnv.split(",").filter(p => p.trim() !== "") : []; - if (eventName === "workflow_dispatch") { - const hasWriteRole = requiredPermissions.includes("write"); - if (hasWriteRole) { - core.info(`✅ Event ${eventName} does not require validation (write role allowed)`); - core.setOutput("is_team_member", "true"); - core.setOutput("result", "safe_event"); - return; - } - core.info(`Event ${eventName} requires validation (write role not allowed)`); - } - const safeEvents = ["workflow_run", "schedule"]; - if (safeEvents.includes(eventName)) { - core.info(`✅ Event ${eventName} does not require validation`); - core.setOutput("is_team_member", "true"); - core.setOutput("result", "safe_event"); - return; - } - if (!requiredPermissions || requiredPermissions.length === 0) { - core.warning("❌ Configuration error: Required permissions not specified. Contact repository administrator."); - core.setOutput("is_team_member", "false"); - core.setOutput("result", "config_error"); - core.setOutput("error_message", "Configuration error: Required permissions not specified"); - return; - } - try { - core.info(`Checking if user '${actor}' has required permissions for ${owner}/${repo}`); - core.info(`Required permissions: ${requiredPermissions.join(", ")}`); - const repoPermission = await github.rest.repos.getCollaboratorPermissionLevel({ - owner: owner, - repo: repo, - username: actor, - }); - const permission = repoPermission.data.permission; - core.info(`Repository permission level: ${permission}`); - for (const requiredPerm of requiredPermissions) { - if (permission === requiredPerm || (requiredPerm === "maintainer" && permission === "maintain")) { - core.info(`✅ User has ${permission} access to repository`); - core.setOutput("is_team_member", "true"); - core.setOutput("result", "authorized"); - core.setOutput("user_permission", permission); - return; - } - } - core.warning(`User permission '${permission}' does not meet requirements: ${requiredPermissions.join(", ")}`); - core.setOutput("is_team_member", "false"); - core.setOutput("result", "insufficient_permissions"); - core.setOutput("user_permission", permission); - core.setOutput( - "error_message", - `Access denied: User '${actor}' is not authorized. Required permissions: ${requiredPermissions.join(", ")}` - ); - } catch (repoError) { - const errorMessage = repoError instanceof Error ? repoError.message : String(repoError); - core.warning(`Repository permission check failed: ${errorMessage}`); - core.setOutput("is_team_member", "false"); - core.setOutput("result", "api_error"); - core.setOutput("error_message", `Repository permission check failed: ${errorMessage}`); - return; - } - } - await main(); - name: Check stop-time limit id: check_stop_time uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd env: - GH_AW_STOP_TIME: 2025-11-27 03:00:29 + GH_AW_STOP_TIME: 2025-12-01 15:46:50 GH_AW_WORKFLOW_NAME: "Agentic Triage" with: script: | @@ -4776,7 +4741,7 @@ jobs: if: > (((((always()) && (needs.agent.result != 'skipped')) && (needs.activation.outputs.comment_id)) && (!contains(needs.agent.outputs.output_types, 'add_comment'))) && (!contains(needs.agent.outputs.output_types, 'create_pull_request'))) && (!contains(needs.agent.outputs.output_types, 'push_to_pull_request_branch')) - runs-on: ubuntu-latest + runs-on: ubuntu-slim permissions: contents: read discussions: write diff --git a/.github/workflows/issue-triage.md b/.github/workflows/issue-triage.md index 2b4739988a..459cc7bd19 100644 --- a/.github/workflows/issue-triage.md +++ b/.github/workflows/issue-triage.md @@ -1,7 +1,8 @@ --- on: - issues: - types: [opened, reopened] + schedule: + - cron: '0 0 * * *' # Run daily at midnight UTC + workflow_dispatch: # Enable manual trigger stop-after: +30d # workflow will no longer trigger after 30 days. Remove this and recompile to run indefinitely reaction: eyes @@ -25,20 +26,23 @@ source: githubnext/agentics/workflows/issue-triage.md@0837fb7b24c3b84ee77fb7c8cf -You're a triage assistant for GitHub issues. Your task is to analyze issue #${{ github.event.issue.number }} and perform some initial triage tasks related to that issue. +You're a triage assistant for GitHub issues. Your task is to analyze issues created in the last 24 hours and perform initial triage tasks for each of them. -1. Select appropriate labels for the issue from the provided list. +1. First, use the `list_issues` tool to retrieve all issues created in the last 24 hours. Filter issues by using the `since` parameter with a timestamp from 24 hours ago (calculate: current time minus 24 hours in ISO 8601 format). -2. Retrieve the issue content using the `get_issue` tool. If the issue is obviously spam, or generated by bot, or something else that is not an actual issue to be worked on, then add an issue comment to the issue with a one sentence analysis and exit the workflow. +2. For each issue found, perform the following triage tasks: -3. Next, use the GitHub tools to gather additional context about the issue: +3. Select appropriate labels for the issue from the provided list. + +4. Retrieve the issue content using the `get_issue` tool. If the issue is obviously spam, or generated by bot, or something else that is not an actual issue to be worked on, then add an issue comment to the issue with a one sentence analysis and move to the next issue. + +5. Next, use the GitHub tools to gather additional context about the issue: - Fetch the list of labels available in this repository. Use 'gh label list' bash command to fetch the labels. This will give you the labels you can use for triaging issues. - Fetch any comments on the issue using the `get_issue_comments` tool - Find similar issues if needed using the `search_issues` tool - - List the issues to see other open issues in the repository using the `list_issues` tool -4. Analyze the issue content, considering: +6. Analyze the issue content, considering: - The issue title and description - The type of issue (bug report, feature request, question, etc.) @@ -47,9 +51,9 @@ You're a triage assistant for GitHub issues. Your task is to analyze issue #${{ - User impact - Components affected -5. Write notes, ideas, nudges, resource links, debugging strategies and/or reproduction steps for the team to consider relevant to the issue. +7. Write notes, ideas, nudges, resource links, debugging strategies and/or reproduction steps for the team to consider relevant to the issue. -6. Select appropriate labels from the available labels list provided above: +8. Select appropriate labels from the available labels list provided above: - Choose labels that accurately reflect the issue's nature - Be specific but comprehensive @@ -59,13 +63,13 @@ You're a triage assistant for GitHub issues. Your task is to analyze issue #${{ - Only select labels from the provided list above - It's okay to not add any labels if none are clearly applicable -7. Apply the selected labels: +9. Apply the selected labels: - Use the `update_issue` tool to apply the labels to the issue - DO NOT communicate directly with users - If no labels are clearly applicable, do not apply any labels -8. Add an issue comment to the issue with your analysis: +10. Add an issue comment to the issue with your analysis: - Start with "🎯 Agentic Issue Triage" - Provide a brief summary of the issue - Mention any relevant details that might help the team understand the issue better @@ -76,3 +80,5 @@ You're a triage assistant for GitHub issues. Your task is to analyze issue #${{ - If you have any debugging strategies, include them in the comment - If appropriate break the issue down to sub-tasks and write a checklist of things to do. - Use collapsed-by-default sections in the GitHub markdown to keep the comment tidy. Collapse all sections except the short main summary at the top. + +11. After processing all issues, provide a summary of how many issues were triaged. If no issues were created in the last 24 hours, simply note that no new issues needed triage. From 2f843153dabc8625da6c8529efd974a5a61fd057 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 3 Nov 2025 20:02:03 +0000 Subject: [PATCH 8/8] Add duplicate/related issues detection and listing to triage workflow Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- .github/workflows/issue-triage.lock.yml | 195 +++++++++++++++++++----- .github/workflows/issue-triage.md | 3 +- 2 files changed, 161 insertions(+), 37 deletions(-) diff --git a/.github/workflows/issue-triage.lock.yml b/.github/workflows/issue-triage.lock.yml index ec37340b4b..3fc2d5d190 100644 --- a/.github/workflows/issue-triage.lock.yml +++ b/.github/workflows/issue-triage.lock.yml @@ -5,7 +5,7 @@ # # Source: githubnext/agentics/workflows/issue-triage.md@0837fb7b24c3b84ee77fb7c8cfa8735c48be347a # -# Effective stop-time: 2025-12-01 15:46:50 +# Effective stop-time: 2025-12-03 20:01:19 # # Job Dependency Graph: # ```mermaid @@ -74,24 +74,82 @@ jobs: comment_url: ${{ steps.react.outputs.comment-url }} reaction_id: ${{ steps.react.outputs.reaction-id }} steps: + - name: Checkout workflows + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + with: + sparse-checkout: | + .github/workflows + sparse-checkout-cone-mode: false + fetch-depth: 1 + persist-credentials: false - name: Check workflow file timestamps - run: | - WORKFLOW_FILE="${GITHUB_WORKSPACE}/.github/workflows/$(basename "$GITHUB_WORKFLOW" .lock.yml).md" - LOCK_FILE="${GITHUB_WORKSPACE}/.github/workflows/$GITHUB_WORKFLOW" - - if [ -f "$WORKFLOW_FILE" ] && [ -f "$LOCK_FILE" ]; then - if [ "$WORKFLOW_FILE" -nt "$LOCK_FILE" ]; then - echo "🔴🔴🔴 WARNING: Lock file '$LOCK_FILE' is outdated! The workflow file '$WORKFLOW_FILE' has been modified more recently. Run 'gh aw compile' to regenerate the lock file." >&2 - echo "## ⚠️ Workflow Lock File Warning" >> $GITHUB_STEP_SUMMARY - echo "🔴🔴🔴 **WARNING**: Lock file \`$LOCK_FILE\` is outdated!" >> $GITHUB_STEP_SUMMARY - echo "The workflow file \`$WORKFLOW_FILE\` has been modified more recently." >> $GITHUB_STEP_SUMMARY - echo "Run \`gh aw compile\` to regenerate the lock file." >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - fi - fi + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd + env: + GH_AW_WORKFLOW_FILE: "issue-triage.lock.yml" + with: + script: | + const fs = require("fs"); + const path = require("path"); + async function main() { + const workspace = process.env.GITHUB_WORKSPACE; + const workflowFile = process.env.GH_AW_WORKFLOW_FILE; + if (!workspace) { + core.setFailed("Configuration error: GITHUB_WORKSPACE not available."); + return; + } + if (!workflowFile) { + core.setFailed("Configuration error: GH_AW_WORKFLOW_FILE not available."); + return; + } + const workflowBasename = path.basename(workflowFile, ".lock.yml"); + const workflowMdFile = path.join(workspace, ".github", "workflows", `${workflowBasename}.md`); + const lockFile = path.join(workspace, ".github", "workflows", workflowFile); + core.info(`Checking workflow timestamps:`); + core.info(` Source: ${workflowMdFile}`); + core.info(` Lock file: ${lockFile}`); + let workflowExists = false; + let lockExists = false; + try { + fs.accessSync(workflowMdFile, fs.constants.F_OK); + workflowExists = true; + } catch (error) { + core.info(`Source file does not exist: ${workflowMdFile}`); + } + try { + fs.accessSync(lockFile, fs.constants.F_OK); + lockExists = true; + } catch (error) { + core.info(`Lock file does not exist: ${lockFile}`); + } + if (!workflowExists || !lockExists) { + core.info("Skipping timestamp check - one or both files not found"); + return; + } + const workflowStat = fs.statSync(workflowMdFile); + const lockStat = fs.statSync(lockFile); + const workflowMtime = workflowStat.mtime.getTime(); + const lockMtime = lockStat.mtime.getTime(); + core.info(` Source modified: ${workflowStat.mtime.toISOString()}`); + core.info(` Lock modified: ${lockStat.mtime.toISOString()}`); + if (workflowMtime > lockMtime) { + const warningMessage = `🔴🔴🔴 WARNING: Lock file '${lockFile}' is outdated! The workflow file '${workflowMdFile}' has been modified more recently. Run 'gh aw compile' to regenerate the lock file.`; + core.error(warningMessage); + await core.summary + .addRaw("## ⚠️ Workflow Lock File Warning\n\n") + .addRaw(`🔴🔴🔴 **WARNING**: Lock file \`${lockFile}\` is outdated!\n\n`) + .addRaw(`The workflow file \`${workflowMdFile}\` has been modified more recently.\n\n`) + .addRaw("Run `gh aw compile` to regenerate the lock file.\n\n") + .write(); + } else { + core.info("✅ Lock file is up to date"); + } + } + main().catch(error => { + core.setFailed(error instanceof Error ? error.message : String(error)); + }); - name: Add eyes reaction to the triggering item id: react - if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.full_name == github.repository) + if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd env: GH_AW_REACTION: eyes @@ -2008,7 +2066,7 @@ jobs: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} run: | mkdir -p $(dirname "$GH_AW_PROMPT") - cat > $GH_AW_PROMPT << 'PROMPT_EOF' + cat > "$GH_AW_PROMPT" << 'PROMPT_EOF' # Agentic Triage @@ -2027,7 +2085,7 @@ jobs: - Fetch the list of labels available in this repository. Use 'gh label list' bash command to fetch the labels. This will give you the labels you can use for triaging issues. - Fetch any comments on the issue using the `get_issue_comments` tool - - Find similar issues if needed using the `search_issues` tool + - **Search for duplicate and related issues**: Use the `search_issues` tool to find similar issues by searching for key terms from the issue title and description. Look for both open and closed issues that might be related or duplicates. 6. Analyze the issue content, considering: @@ -2059,6 +2117,7 @@ jobs: 10. Add an issue comment to the issue with your analysis: - Start with "🎯 Agentic Issue Triage" - Provide a brief summary of the issue + - **If duplicate or related issues were found**, add a section listing them with links (e.g., "### 🔗 Potentially Related Issues" followed by a bullet list of related issues with their titles and links) - Mention any relevant details that might help the team understand the issue better - Include any debugging strategies or reproduction steps if applicable - Suggest resources or links that might be helpful for resolving the issue or learning skills related to the issue or the particular area of the codebase affected by it @@ -2075,7 +2134,7 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: | - cat >> $GH_AW_PROMPT << 'PROMPT_EOF' + cat >> "$GH_AW_PROMPT" << 'PROMPT_EOF' --- @@ -2107,7 +2166,7 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: | - cat >> $GH_AW_PROMPT << 'PROMPT_EOF' + cat >> "$GH_AW_PROMPT" << 'PROMPT_EOF' --- @@ -2120,7 +2179,7 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: | - cat >> $GH_AW_PROMPT << 'PROMPT_EOF' + cat >> "$GH_AW_PROMPT" << 'PROMPT_EOF' --- @@ -2145,7 +2204,7 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: | - cat >> $GH_AW_PROMPT << 'PROMPT_EOF' + cat >> "$GH_AW_PROMPT" << 'PROMPT_EOF' --- @@ -2214,14 +2273,14 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: | - echo "
" >> $GITHUB_STEP_SUMMARY - echo "Generated Prompt" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo '```markdown' >> $GITHUB_STEP_SUMMARY - cat $GH_AW_PROMPT >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "
" >> $GITHUB_STEP_SUMMARY + echo "
" >> "$GITHUB_STEP_SUMMARY" + echo "Generated Prompt" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo '```markdown' >> "$GITHUB_STEP_SUMMARY" + cat "$GH_AW_PROMPT" >> "$GITHUB_STEP_SUMMARY" + echo '```' >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "
" >> "$GITHUB_STEP_SUMMARY" - name: Upload prompt if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 @@ -2446,8 +2505,10 @@ jobs: .filter(d => d) : defaultAllowedDomains; let sanitized = content; + sanitized = neutralizeCommands(sanitized); sanitized = neutralizeMentions(sanitized); sanitized = removeXmlComments(sanitized); + sanitized = convertXmlTags(sanitized); sanitized = sanitized.replace(/\x1b\[[0-9;]*[mGKH]/g, ""); sanitized = sanitized.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, ""); sanitized = sanitizeUrlProtocols(sanitized); @@ -2469,21 +2530,66 @@ jobs: sanitized = neutralizeBotTriggers(sanitized); return sanitized.trim(); function sanitizeUrlDomains(s) { - s = s.replace(/\bhttps:\/\/([^\/\s\])}'"<>&\x00-\x1f,;]+)/gi, (match, domain) => { - const hostname = domain.split(/[\/:\?#]/)[0].toLowerCase(); + s = s.replace(/\bhttps:\/\/([^\s\])}'"<>&\x00-\x1f,;]+)/gi, (match, rest) => { + const hostname = rest.split(/[\/:\?#]/)[0].toLowerCase(); const isAllowed = allowedDomains.some(allowedDomain => { const normalizedAllowed = allowedDomain.toLowerCase(); return hostname === normalizedAllowed || hostname.endsWith("." + normalizedAllowed); }); - return isAllowed ? match : "(redacted)"; + if (isAllowed) { + return match; + } + const domain = hostname; + const truncated = domain.length > 12 ? domain.substring(0, 12) + "..." : domain; + core.info(`Redacted URL: ${truncated}`); + core.debug(`Redacted URL (full): ${match}`); + const urlParts = match.split(/([?&#])/); + let result = "(redacted)"; + for (let i = 1; i < urlParts.length; i++) { + if (urlParts[i].match(/^[?&#]$/)) { + result += urlParts[i]; + } else { + result += sanitizeUrlDomains(urlParts[i]); + } + } + return result; }); return s; } function sanitizeUrlProtocols(s) { - return s.replace(/\b(\w+):(?:\/\/)?[^\s\])}'"<>&\x00-\x1f]+/gi, (match, protocol) => { - return protocol.toLowerCase() === "https" ? match : "(redacted)"; + return s.replace(/(?&\x00-\x1f]+/g, (match, protocol) => { + if (protocol.toLowerCase() === "https") { + return match; + } + if (match.includes("::")) { + return match; + } + if (match.includes("://")) { + const domainMatch = match.match(/^[^:]+:\/\/([^\/\s?#]+)/); + const domain = domainMatch ? domainMatch[1] : match; + const truncated = domain.length > 12 ? domain.substring(0, 12) + "..." : domain; + core.info(`Redacted URL: ${truncated}`); + core.debug(`Redacted URL (full): ${match}`); + return "(redacted)"; + } + const dangerousProtocols = ["javascript", "data", "vbscript", "file", "about", "mailto", "tel", "ssh", "ftp"]; + if (dangerousProtocols.includes(protocol.toLowerCase())) { + const truncated = match.length > 12 ? match.substring(0, 12) + "..." : match; + core.info(`Redacted URL: ${truncated}`); + core.debug(`Redacted URL (full): ${match}`); + return "(redacted)"; + } + return match; }); } + function neutralizeCommands(s) { + const commandName = process.env.GH_AW_COMMAND; + if (!commandName) { + return s; + } + const escapedCommand = commandName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); + return s.replace(new RegExp(`^(\\s*)/(${escapedCommand})\\b`, "i"), "$1`/$2`"); + } function neutralizeMentions(s) { return s.replace( /(^|[^\w`])@([A-Za-z0-9](?:[A-Za-z0-9-]{0,37}[A-Za-z0-9])?(?:\/[A-Za-z0-9._-]+)?)/g, @@ -2493,6 +2599,23 @@ jobs: function removeXmlComments(s) { return s.replace(//g, "").replace(//g, ""); } + function convertXmlTags(s) { + const allowedTags = ["details", "summary", "code", "em", "b"]; + s = s.replace(//g, (match, content) => { + const convertedContent = content.replace(/<(\/?[A-Za-z][A-Za-z0-9]*(?:[^>]*?))>/g, "($1)"); + return `(![CDATA[${convertedContent}]])`; + }); + return s.replace(/<(\/?[A-Za-z!][^>]*?)>/g, (match, tagContent) => { + const tagNameMatch = tagContent.match(/^\/?\s*([A-Za-z][A-Za-z0-9]*)/); + if (tagNameMatch) { + const tagName = tagNameMatch[1].toLowerCase(); + if (allowedTags.includes(tagName)) { + return match; + } + } + return `(${tagContent})`; + }); + } function neutralizeBotTriggers(s) { return s.replace(/\b(fixes?|closes?|resolves?|fix|close|resolve)\s+#(\w+)/gi, (match, action, ref) => `\`${action} #${ref}\``); } @@ -4698,7 +4821,7 @@ jobs: id: check_stop_time uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd env: - GH_AW_STOP_TIME: 2025-12-01 15:46:50 + GH_AW_STOP_TIME: 2025-12-03 20:01:19 GH_AW_WORKFLOW_NAME: "Agentic Triage" with: script: | diff --git a/.github/workflows/issue-triage.md b/.github/workflows/issue-triage.md index 459cc7bd19..087f009106 100644 --- a/.github/workflows/issue-triage.md +++ b/.github/workflows/issue-triage.md @@ -40,7 +40,7 @@ You're a triage assistant for GitHub issues. Your task is to analyze issues crea - Fetch the list of labels available in this repository. Use 'gh label list' bash command to fetch the labels. This will give you the labels you can use for triaging issues. - Fetch any comments on the issue using the `get_issue_comments` tool - - Find similar issues if needed using the `search_issues` tool + - **Search for duplicate and related issues**: Use the `search_issues` tool to find similar issues by searching for key terms from the issue title and description. Look for both open and closed issues that might be related or duplicates. 6. Analyze the issue content, considering: @@ -72,6 +72,7 @@ You're a triage assistant for GitHub issues. Your task is to analyze issues crea 10. Add an issue comment to the issue with your analysis: - Start with "🎯 Agentic Issue Triage" - Provide a brief summary of the issue + - **If duplicate or related issues were found**, add a section listing them with links (e.g., "### 🔗 Potentially Related Issues" followed by a bullet list of related issues with their titles and links) - Mention any relevant details that might help the team understand the issue better - Include any debugging strategies or reproduction steps if applicable - Suggest resources or links that might be helpful for resolving the issue or learning skills related to the issue or the particular area of the codebase affected by it