Skip to content
Merged
Show file tree
Hide file tree
Changes from 250 commits
Commits
Show all changes
394 commits
Select commit Hold shift + click to select a range
949f29f
fix: escape HTML comments in SKILL.md, add schema tables to agent def
waynesun09 May 18, 2026
729e967
fix: remove redundant finding-field prose, clarify always-required fi…
waynesun09 May 18, 2026
ba31298
Merge pull request #1112 from fullsend-ai/fix-review-output-schema-in…
waynesun09 May 18, 2026
b761a9b
feat(#1221): add constant-value search guidance to code skill
May 20, 2026
c2a261f
refactor(postreview): remove dead follow-up issue code (#1137)
rh-hemartin May 20, 2026
f4a2774
Merge pull request #1246 from fullsend-ai/fix/1137-disable-early-foll…
rh-hemartin May 20, 2026
fd1288d
fix(scaffold): add plugins/ to protected paths, e2e test, and ADR 0035
waynesun09 May 20, 2026
ccda429
fix(docs): add plugins/ to SKILL.md protected paths and user guide di…
waynesun09 May 20, 2026
8c35a55
Merge pull request #1252 from fullsend-ai/fix-1251-plugins-layered-dirs
waynesun09 May 20, 2026
011cab0
feat: give agents a self-check tool for output schema validation
waynesun09 May 18, 2026
d8dd92d
fix: harden self-check bootstrap error handling and agent retry logic
waynesun09 May 20, 2026
6127bf9
fix: add fullsend-check-output validation to review, retro, and fix a…
waynesun09 May 20, 2026
b603207
Merge pull request #1110 from fullsend-ai/feat-agent-self-check-output
waynesun09 May 20, 2026
a7a56e4
feat(#780): upgrade sandbox policies to L7 rest enforcement
rh-hemartin May 14, 2026
e337d33
fix(retro): update github_artifacts policy to v0.0.38 schema
waynesun09 May 21, 2026
1df149c
fix: harden sandbox lifecycle and update docs for local agent runs
waynesun09 May 21, 2026
4bff3c6
fix: harden policies, deduplicate version, and improve diagnostics
waynesun09 May 21, 2026
251f499
Merge pull request #919 from fullsend-ai/feat/migrate-to-openshell-0.…
rh-hemartin May 21, 2026
c7c06e8
Merge pull request #1233 from fullsend-ai/agent/1221-constant-value-s…
rh-hemartin May 21, 2026
9180bca
feat(code-review): flag permission manifest changes as mandatory finding
rh-hemartin May 19, 2026
0385465
Merge pull request #1156 from fullsend-ai/feat/code-review-permission…
rh-hemartin May 21, 2026
516e0ef
fix(#1300): add explicit trigger_source mapping to fix agent
May 21, 2026
043ebee
fix(#1301): delete stale remote branches before pushing
May 21, 2026
80916b7
docs: address review feedback from rh-hemartin
ralphbean May 21, 2026
f7b21d7
docs(prioritize): fix trigger description to reflect reality
ralphbean May 21, 2026
8c3bb34
docs: apply remaining review feedback from rh-hemartin
ralphbean May 21, 2026
7f8a6ae
docs(#669): verify API contracts per code path in code skill
ifireball May 20, 2026
1eea292
fix(#1387): use REST API and explicit workspace path in review agent
May 25, 2026
bb70068
Added a small tweak to the repo folder
rh-hemartin May 26, 2026
f323d1a
Merge pull request #1388 from fullsend-ai/agent/1387-fix-review-graph…
rh-hemartin May 26, 2026
80a0832
Merge pull request #1308 from fullsend-ai/agent/1300-fix-agent-schema…
rh-hemartin May 26, 2026
98aeb78
fix(#1460): replace gh issue view GraphQL call with REST API
May 26, 2026
a44de66
Merge pull request #1463 from fullsend-ai/agent/1460-replace-gh-issue…
rh-hemartin May 26, 2026
243cfbe
fix(#1467): add dedup research step to retro agent before proposing
rh-hemartin May 26, 2026
1179b05
fix(prioritize): add CSMA/CD retries for post-script GitHub API calls
ifireball May 26, 2026
c5cb444
fix(#1496): exclude coder bot PRs from pre-code check
May 26, 2026
68d2856
fix(prioritize): address review feedback on CSMA/CD helper
ifireball May 26, 2026
1b6ca79
Merge pull request #1487 from ifireball/fix/prioritize-post-csma-cd
waynesun09 May 26, 2026
21c8b1c
Merge pull request #1017 from fullsend-ai/docs/agents-reference
ralphbean May 26, 2026
ca59a34
docs(#1537): clarify findings vs inline comments distinction
May 26, 2026
a4c1ad8
Merge pull request #1479 from fullsend-ai/fix/1467-retro-dedup
rh-hemartin May 27, 2026
d6c42da
fix: remove unnecessary env var indirection for bot login names
May 27, 2026
5c5cd90
fix: skip existing-PR check when --force is in comment body
rh-hemartin May 19, 2026
007d889
Merge pull request #1138 from fullsend-ai/fix/pre-code-force-skip
rh-hemartin May 28, 2026
16f86f3
Merge pull request #1231 from ifireball/agent/669-api-contract-guidance
ifireball May 28, 2026
4930f94
Merge pull request #1497 from fullsend-ai/agent/1496-exclude-coder-bo…
ralphbean May 28, 2026
4cbb333
fix: check CSMA output for rate limit errors even on exit 0
ralphbean May 31, 2026
9dbba54
fix(#1728): use GITHUB_REPOSITORY for workflow run URL in failure com…
Jun 1, 2026
5ff9826
Merge pull request #1711 from fullsend-ai/fix/csma-exit-zero-rate-limit
ralphbean Jun 1, 2026
481ef32
ci: add shellcheck to pre-commit and fix existing warnings
ralphbean May 28, 2026
564fcd4
Merge pull request #1681 from fullsend-ai/ci/add-shellcheck
ralphbean Jun 1, 2026
021d5b7
feat(review): parallel specialized sub-agents for each review dimension
ben-alkov May 19, 2026
da4d922
feat(review): pr-review orchestrator with fan-out dispatch
ben-alkov May 26, 2026
086d30d
feat(review): docs-review sub-agent context detection
ben-alkov May 26, 2026
3ae314c
Merge pull request #1540 from fullsend-ai/agent/1537-clarify-findings…
ben-alkov Jun 1, 2026
0e322ca
docs(#1759): update stale sub-agent names across docs
Jun 2, 2026
2714a41
fix(review): make it crystal clear that there are two distinct review…
ben-alkov Jun 2, 2026
7ef3722
fix(review): use the exact Vertex model label for sub-agents
ben-alkov Jun 2, 2026
366d811
Merge pull request #1793 from ben-alkov/feat-review-agent-parallel-sp…
ben-alkov Jun 2, 2026
724a694
fix(#1798): expand model frontmatter docs to include full model IDs
Jun 2, 2026
024ab41
Merge pull request #1802 from fullsend-ai/agent/1798-fix-model-frontm…
ben-alkov Jun 2, 2026
3a0b5ea
chore(#1805): replace hardcoded model enums with authoritative refs
Jun 2, 2026
acd0371
fix(#852): add consumer-completeness check to code-review Correctness…
Jun 2, 2026
6e4b22e
Merge pull request #1807 from fullsend-ai/agent/852-add-consumer-comp…
ben-alkov Jun 2, 2026
bb19fa2
fix(#1822): add exploration budget and early exit to style sub-agent
Jun 3, 2026
78f4c21
fix(#1827): post feedback comment when /fs-review targets non-open PR
Jun 3, 2026
50d38e3
fix(review): use the *actually* exact Vertex model label for sub-agents
ben-alkov Jun 3, 2026
f9249d1
feat(retro): add agent-scaffolding skill to retro harness
ralphbean Jun 3, 2026
aab9418
Merge pull request #1853 from ben-alkov/feat-review-agent-parallel-sp…
ben-alkov Jun 3, 2026
b792c07
Merge pull request #1806 from fullsend-ai/agent/1805-remove-hardcoded…
ben-alkov Jun 4, 2026
2361d10
fix(#1897): remove scripts/ from protected paths in post-fix and post…
Jun 4, 2026
b0bc46a
Merge pull request #1823 from fullsend-ai/agent/1822-style-agent-expl…
ben-alkov Jun 4, 2026
f0f0579
feat(#1762): prioritize functional correctness over surface-level che…
Jun 4, 2026
ea5566e
feat(#1885): add diff-size calibration to review sub-agents
Jun 4, 2026
7f158b3
Merge pull request #1902 from fullsend-ai/agent/1762-review-correctne…
ben-alkov Jun 4, 2026
41604c6
Merge pull request #1899 from fullsend-ai/agent/1897-remove-scripts-p…
ralphbean Jun 4, 2026
1e41939
fix(#1839): add technical doc accuracy to correctness sub-agent
Jun 3, 2026
e1333da
fix: remove repo-specific path references from generic pr-review skill
Jun 3, 2026
37513e9
fix: harden review sub-agent guidance per review feedback on PR #1903
Jun 4, 2026
d0b0791
Merge pull request #1840 from fullsend-ai/agent/1839-correctness-tech…
ralphbean Jun 4, 2026
a9769dc
feat(#1911): add staleness and consumer-completeness checks to correc…
Jun 4, 2026
6e6c66d
fix: add stale-reference category to correctness dimension mapping
Jun 4, 2026
8dbb08f
fix(#1449): use GitHub App bot identity for agent commits
ralphbean Jun 4, 2026
61d89da
fix(#1449): distinguish human-driven vs autonomous agent DCO policy
ralphbean Jun 4, 2026
af10f5e
Merge pull request #1912 from fullsend-ai/agent/1911-correctness-stal…
ben-alkov Jun 4, 2026
1454a8b
fix: address remaining review findings on PR #1903
Jun 4, 2026
b311636
Merge pull request #1903 from fullsend-ai/agent/1885-sub-agent-diff-c…
ben-alkov Jun 4, 2026
48189a5
Merge pull request #1832 from fullsend-ai/agent/1827-review-skip-feed…
rh-hemartin Jun 5, 2026
8e3f1e3
fix(#1939): add prominent protected-paths section to fix agent
Jun 5, 2026
99d96dd
fix(retro): correct misleading comments about PR comment permissions
ralphbean Jun 3, 2026
268ea06
fix: update stale docs and add per-repo EnsureMintServiceAccount guard
ralphbean Jun 4, 2026
1a63a00
Merge pull request #1914 from fullsend-ai/fix/1449-skip-dco-for-bot-c…
ralphbean Jun 5, 2026
9ac04e1
Merge pull request #1843 from fullsend-ai/feat/retro-agent-scaffoldin…
ralphbean Jun 5, 2026
c1b4f4f
fix(#1958): use merge-base-aware diff for protected-path check in pos…
fullsend-ai-coder[bot] Jun 5, 2026
8e807d6
fix: add YAML document start marker to all scaffold YAML files
Jun 5, 2026
4b31634
fix(#1958): align merge-base fallback with post-code.sh
ralphbean Jun 7, 2026
a56781d
fix(#1625): exclude agent working directories from git tracking
May 28, 2026
862c931
fix: actually remove agent artifacts from commit in post-code.sh (#1627)
Jun 4, 2026
dd8f8ac
Merge pull request #1959 from fullsend-ai/agent/1958-fix-postfix-reba…
ralphbean Jun 8, 2026
507c7a2
Merge pull request #1940 from fullsend-ai/agent/1939-fix-agent-protec…
ralphbean Jun 8, 2026
23bb7f9
feat(#989): add GHA workflow command injection to review security dim…
fullsend-ai-coder[bot] Jun 8, 2026
0e8d508
fix: add deprecation notes and inline GHA injection to summary bullet…
fullsend-ai-coder[bot] Jun 8, 2026
75a5371
Merge pull request #2035 from fullsend-ai/agent/989-add-gha-injection…
ben-alkov Jun 8, 2026
d170438
feat(#898): add security heuristics to review sub-agent
fullsend-ai-coder[bot] Jun 8, 2026
b990b38
fix: add routing categories and exploration budget for security heuri…
fullsend-ai-coder[bot] Jun 8, 2026
aef3bea
feat(#1797): extract challenger pass into dedicated sub-agent
Jun 2, 2026
a4ae747
fix: swap pr-review SKILL.md sections 6d and 6e per human instruction
Jun 3, 2026
0b9c2ec
fix: address review feedback on challenger sub-agent PR #1812
Jun 3, 2026
3bc78a5
Merge pull request #1812 from fullsend-ai/agent/1797-challenger-sub-a…
ben-alkov Jun 8, 2026
5458ee0
Merge pull request #2038 from fullsend-ai/agent/898-security-subagent…
ben-alkov Jun 8, 2026
32f4ece
feat(#990): require exhaustive variable verification for security claims
fullsend-ai-coder[bot] Jun 8, 2026
e8213d7
fix: remove stub injection defense heading in security sub-agent
fullsend-ai-coder[bot] Jun 8, 2026
97b42f9
Merge pull request #2039 from fullsend-ai/agent/990-exhaustive-securi…
ben-alkov Jun 8, 2026
9193b5d
feat(#1727): add bare-word grep pattern guidance for rename PRs
fullsend-ai-coder[bot] Jun 8, 2026
6145a9f
feat(openshell): upgrade to 0.0.54, fix sandbox integration
rh-hemartin Jun 4, 2026
e8e9202
Merge pull request #1887 from fullsend-ai/feat/openshell-upgrade
rh-hemartin Jun 9, 2026
7e1c27a
docs: add rename-pattern cross-reference in docs-review step 4
fullsend-ai-coder[bot] Jun 9, 2026
05e01c7
fix(#1541): re-dispatch review after stale-head discard
Jun 3, 2026
890600f
fix(#1697): add force-override logging and regression tests
May 29, 2026
03faeff
Merge pull request #1698 from fullsend-ai/agent/1697-force-flag-regre…
ralphbean Jun 9, 2026
28b7a26
Merge pull request #2044 from fullsend-ai/agent/1727-broaden-stale-re…
ralphbean Jun 10, 2026
037a663
feat(scaffold): add role and slug to harness templates (ADR-0045 PR 6)
ggallen Jun 10, 2026
99bda14
feat(review): use "Looks good to me" when no findings instead of stru…
rh-hemartin Jun 11, 2026
a39101b
fix: trim security heuristics to policy directives only
ralphbean Jun 8, 2026
155660c
fix: remove duplicate permission file-type list from Own block
ralphbean Jun 8, 2026
29e54cb
fix(#2191): sync protected path lists across all four governance files
fullsend-ai-coder[bot] Jun 11, 2026
f632184
Merge pull request #2192 from fullsend-ai/agent/2191-sync-protected-p…
ben-alkov Jun 11, 2026
a05733d
fix(review): address api-contract and internal-consistency review fin…
rh-hemartin Jun 12, 2026
25e97c0
Merge pull request #2159 from fullsend-ai/fix/1499-review-lgtm-no-fin…
rh-hemartin Jun 12, 2026
4f64b2e
fix(#2236): reject Signed-off-by trailers in agent commits
fullsend-ai-coder[bot] Jun 12, 2026
36d0db0
fix(#2236): address medium/low review findings
fullsend-ai-coder[bot] Jun 12, 2026
8342d1f
chore(#2177): add lint-docs-links check; fix all escaping docs/ links
rh-hemartin Jun 11, 2026
e2eb210
feat(harness): move GitHub-specific fields into forge.github blocks (…
ggallen Jun 12, 2026
8d071a3
Merge pull request #2260 from fullsend-ai/feat/adr-0045-phase2-pr2-fo…
ggallen Jun 15, 2026
034c334
fix(#2305): treat 401/403 comment-posting errors as non-fatal in post…
fullsend-ai-coder[bot] Jun 15, 2026
dfff09e
fix(#2014): remove protected-path block from post-fix.sh
jhutar Jun 15, 2026
5528375
feat(#1665): add Containerfile/Dockerfile/images to protected paths
jhutar Jun 15, 2026
117f3c4
fix(#2014): update fix agent definition to reflect review-layer enfor…
jhutar Jun 16, 2026
a6959e1
fix(#2318): verify PR metadata claims against API data
fullsend-ai-coder[bot] Jun 16, 2026
1debea7
fix(#2348): stop swallowing gh pr create stderr in post-code.sh
fullsend-ai-coder[bot] Jun 16, 2026
eb3c705
Merge pull request #2295 from jhutar/2-protected
ralphbean Jun 16, 2026
23f077b
fix(#2393): add diagnostic stderr output to post-script failure paths
fullsend-ai-coder[bot] Jun 17, 2026
efd4561
fix: address review feedback on PR #2395
fullsend-ai-coder[bot] Jun 17, 2026
2b586e6
fix: use ::error:: prefix and mktemp for PR #2395
fullsend-ai-coder[bot] Jun 17, 2026
601f1e6
fix(#2091): correct jq -s aggregation example in paginate guidance
rh-hemartin Jun 15, 2026
9bd0dac
fix: address review feedback on post-retro.sh (#2306)
fullsend-ai-coder[bot] Jun 18, 2026
61dfbf3
fix: sanitize COMMENT_OUTPUT in fatal error branch and add lowercase …
fullsend-ai-coder[bot] Jun 18, 2026
0be5574
Merge pull request #2306 from fullsend-ai/agent/2305-retro-403-non-fatal
rh-hemartin Jun 18, 2026
4b514f2
Merge pull request #2319 from fullsend-ai/agent/2318-verify-pr-metada…
rh-hemartin Jun 18, 2026
c6d5896
docs: document fix agent context model, URL behavior, and limitations
ascerra Jun 16, 2026
656730d
fix(#1312): gate code agent steps on pre-code skip output
jhutar Jun 17, 2026
3a53d6b
refactor: rename skip output to skipped for consistency
jhutar Jun 17, 2026
4e8933d
ci(#2403): remove dead RETRO_SANDBOX_TOKEN env var
rh-hemartin Jun 18, 2026
0312c64
Merge pull request #2373 from jhutar/3-no-code-on-skip
ralphbean Jun 18, 2026
276cb26
Merge pull request #2412 from fullsend-ai/fix/2403-remove-dead-retro-…
rh-hemartin Jun 18, 2026
4b17b91
Merge pull request #2339 from ascerra/docs/fix-agent-context-model
ascerra Jun 18, 2026
0583ba6
feat(schema): add optional label_actions to review result (#1706)
ralphbean Jun 11, 2026
62742b1
feat(post-review): process label_actions from review result (#1706)
ralphbean Jun 11, 2026
92919cf
feat(review): wire issue-labels skill into review agent (#1706)
ralphbean Jun 11, 2026
337964d
docs: document review agent contextual labels (#1706)
ralphbean Jun 11, 2026
146a996
fix(review): address review feedback for label_actions (#1706)
ralphbean Jun 11, 2026
1065c9f
fix(post-review): suppress shellcheck SC2030/SC2031 in test subshells
ralphbean Jun 11, 2026
7a937c6
fix: sanitize label values and compose trap handlers in post-review
ralphbean Jun 12, 2026
6eddf23
Merge branch 'main' into agent/2393-post-script-diagnostic-errors
ralphbean Jun 18, 2026
5f53d9c
Merge pull request #2395 from fullsend-ai/agent/2393-post-script-diag…
ralphbean Jun 18, 2026
8eeb6d9
refactor(#2429): instruct orchestrator to trust subagent results
fullsend-ai-coder[bot] Jun 18, 2026
39ef558
docs(agents): add Variables subsection to all agent docs (ADR 0047)
ralphbean Jun 16, 2026
79918e8
docs(agents): document REVIEW_FINDING_SEVERITY_THRESHOLD (ADR 0047)
ralphbean Jun 16, 2026
5fc5131
feat(harness): pass REVIEW_FINDING_SEVERITY_THRESHOLD into sandbox
ralphbean Jun 16, 2026
68b01eb
feat(review): teach agent to filter findings by severity threshold
ralphbean Jun 16, 2026
1d480ff
feat(review): filter findings by severity in post-script
ralphbean Jun 16, 2026
0340712
fix(review): add verdict downgrade and input validation for severity …
ralphbean Jun 18, 2026
b0b99f4
fix(review): address round 2 review feedback on severity filter
ralphbean Jun 18, 2026
6dffa4c
test: add severity filter integration tests through real post-review.sh
ralphbean Jun 18, 2026
a3ae81a
fix(#2405): fall back to --force-with-lease in post-fix.sh
rh-hemartin Jun 18, 2026
185c05e
Merge pull request #2288 from fullsend-ai/agent/2091-paginate-jq-guid…
rh-hemartin Jun 19, 2026
1b79a71
chore(#2177): relax lint-docs-links to repo root; rewrite outside-doc…
rh-hemartin Jun 15, 2026
48fec85
Merge pull request #2419 from fullsend-ai/fix/2405-post-fix-force-wit…
rh-hemartin Jun 19, 2026
4e11eaf
Merge pull request #2181 from fullsend-ai/fix/2177-docs-link-scope
rh-hemartin Jun 19, 2026
268953f
fix(#2455): guard GITHUB_OUTPUT for local execution
fullsend-ai-coder[bot] Jun 19, 2026
2ef497d
fix(#2467): elevate lint execution to mandatory sub-step in 9c
fullsend-ai-coder[bot] Jun 21, 2026
25c28b3
refactor(dispatch): require PR context for review triggers
ifireball Jun 21, 2026
c05e2ea
refactor(dispatch): keep ready-for-review trigger on PRs only
ifireball Jun 22, 2026
040e43e
Merge pull request #2468 from fullsend-ai/agent/2467-elevate-lint-ste…
rh-hemartin Jun 22, 2026
9bd8a04
Merge branch 'main' of github.com:fullsend-ai/fullsend into refactor/…
ifireball Jun 22, 2026
1045019
docs: address review feedback on PR-context triggers
ifireball Jun 22, 2026
e875a8f
fix(#2484): add finding reconciliation step to review agent
fullsend-ai-coder[bot] Jun 22, 2026
60b173a
fix(#2474): include linters in 9c terminal condition
fullsend-ai-coder[bot] Jun 22, 2026
38afb88
Merge pull request #2475 from fullsend-ai/agent/2474-fix-9c-terminal-…
rh-hemartin Jun 22, 2026
4d694ab
Merge branch 'main' into refactor/drop-issue-review-fix-triggers
ifireball Jun 22, 2026
99ef829
refactor(dispatch): scope PR-context review gates to per-repo only
ifireball Jun 22, 2026
2845331
fix: disable CSMA spread delay in post-prioritize tests
ralphbean Jun 22, 2026
d24151f
feat(#2345): wire up structured output and branch policy in code harness
Marcusk19 Jun 17, 2026
aa5f2b9
feat(#2345): add code-result.schema.json for agent branch targeting
Marcusk19 Jun 17, 2026
e3af61f
feat(#2345): add agent-driven branch resolution to post-code.sh
Marcusk19 Jun 17, 2026
acadb03
docs(#2345): instruct code agent to write target branch to structured…
Marcusk19 Jun 17, 2026
5dd4886
fix(#2345): address PR review feedback
Marcusk19 Jun 18, 2026
ca38fa1
fix(#2345): address second round of review feedback
Marcusk19 Jun 22, 2026
08ddbe3
fix(#2345): renumber ADR 0051 → 0052 (collision in merge queue)
Marcusk19 Jun 22, 2026
0b544fe
fix(#2345): renumber ADR 0052 → 0053 (0051-0052 merged upstream)
Marcusk19 Jun 22, 2026
d1c5612
fix(#1835): require file reads before asserting contents in findings
fullsend-ai-coder[bot] Jun 18, 2026
3989d90
fix(#1835): add cross-file verification to security sub-agent
fullsend-ai-coder[bot] Jun 22, 2026
98749f7
ci: retrigger checks after merge queue dequeue
ralphbean Jun 22, 2026
037556b
Merge pull request #2346 from Marcusk19/fix/dynamic-target-branch
ralphbean Jun 22, 2026
929520d
Merge pull request #2443 from fullsend-ai/agent/1835-verify-file-cont…
ben-alkov Jun 22, 2026
fae2452
feat(skill): add autonomy-readiness skill
ralphbean Jun 22, 2026
a25bb8c
fix(skill): add Constraints section to autonomy-readiness
ralphbean Jun 22, 2026
0905553
feat(retro): wire autonomy-readiness skill into harness
ralphbean Jun 22, 2026
7325b31
feat(retro): add autonomy readiness as optimization goal
ralphbean Jun 22, 2026
5389772
feat(retro): list autonomy-readiness in agent frontmatter
ralphbean Jun 22, 2026
c772a23
fix(skill): address review feedback on autonomy-readiness
ralphbean Jun 22, 2026
34a8c89
Merge branch 'main' into refactor/drop-issue-review-fix-triggers
ifireball Jun 23, 2026
2bcd428
Merge pull request #2473 from ifireball/refactor/drop-issue-review-fi…
ifireball Jun 23, 2026
6005520
fix(dispatch): gate issues.opened in reusable-dispatch + add auth docs
ascerra Jun 17, 2026
9ba764b
fix(docs): qualify auto-trigger statements + add auth to all agent docs
ascerra Jun 18, 2026
a1a3a7e
fix(dispatch): unify is_authorized to use collaborator permission API
ascerra Jun 22, 2026
b932c51
fix(#2602): enforce scope constraints on review subagents for trivial…
fullsend-ai-coder[bot] Jun 24, 2026
edd9a5a
Merge upstream/main into fix/981-per-repo-concurrency
ifireball Jun 24, 2026
cd960c5
Merge pull request #2465 from ifireball/fix/981-per-repo-concurrency
ifireball Jun 24, 2026
b4a364e
feat(scaffold): auto-detect and install pre-commit tool dependencies
waynesun09 Jun 18, 2026
149113e
Merge pull request #2539 from fullsend-ai/rbean/autonomy-readiness-skill
ralphbean Jun 24, 2026
2d8890c
Merge pull request #2531 from fullsend-ai/fix/post-prioritize-test-speed
ralphbean Jun 24, 2026
8d2ac9c
Merge pull request #1055 from fullsend-ai/auto-precommit-tools
waynesun09 Jun 25, 2026
f0c42b9
feat(scaffold): per-repo pre-commit tools registry with L2 additive m…
waynesun09 Jun 25, 2026
3c7c736
fix(dispatch): add label-based handoffs for bot-to-bot dispatch paths
ascerra Jun 25, 2026
7d74e65
docs(site): migrate docs site from Svelte SPA to Docusaurus
waynesun09 Jun 27, 2026
981d130
refactor(harness): migrate prioritize agent to env.runner/env.sandbox…
ralphbean Jun 29, 2026
386c656
fix(#2687): add line-number verification to review skill prompts
fullsend-ai-coder[bot] Jun 26, 2026
7d87fec
Merge pull request #2759 from fullsend-ai/migrate-prioritize-env-schema
ralphbean Jun 30, 2026
b2a7b47
refactor(harness): migrate fix agent to env.runner/env.sandbox (ADR 0…
ralphbean Jun 29, 2026
c6cfca8
fix(#2797): create ready-for-triage label before use in post-retro.sh
fullsend-ai-coder[bot] Jun 30, 2026
6acfa75
Merge pull request #2762 from fullsend-ai/migrate-fix-env-schema
ralphbean Jun 30, 2026
5be626e
Merge pull request #2800 from fullsend-ai/agent/2797-retro-label-guard
rh-hemartin Jul 1, 2026
5908fce
Merge pull request #2605 from fullsend-ai/agent/2602-subagent-scope-c…
rh-hemartin Jul 1, 2026
90e75e9
Merge pull request #2486 from fullsend-ai/agent/2484-reconcile-contra…
rh-hemartin Jul 1, 2026
a4bffbc
Merge pull request #2431 from fullsend-ai/agent/2429-trust-subagent-r…
rh-hemartin Jul 1, 2026
53f011b
fix(#2852): re-stage and retry when pre-commit hooks auto-fix files
fullsend-ai-coder[bot] Jul 1, 2026
f4a456f
fix(#2852): harden pre-commit auto-fix retry path
waynesun09 Jul 1, 2026
15f0767
docs(#2802): standardize tier terminology with descriptive prefixes
fullsend-ai-coder[bot] Jul 2, 2026
8f076d7
feat: import code, fix, review, retro, prioritize agents with history…
Jul 2, 2026
383d497
feat(prioritize): adapt harness for agents repo
Jul 2, 2026
c9da5b6
feat(retro): adapt harness for agents repo
Jul 2, 2026
8564b40
feat(code): adapt harness for agents repo
Jul 2, 2026
f3c83b7
feat(fix): adapt harness for agents repo
Jul 2, 2026
51dcc96
feat(review): adapt harness for agents repo
Jul 2, 2026
eb9df49
docs: update Source links to point to agents repo harness paths
Jul 2, 2026
fde4537
fix(triage): correct doc path in harness
Jul 2, 2026
74d595b
fix: address review findings from extraction PR
ggallen Jul 2, 2026
ec7132f
fix: address second-round review findings
ggallen Jul 2, 2026
e6298a2
fix: sanitize RICE validation error output for GHA injection
ggallen Jul 2, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
109 changes: 109 additions & 0 deletions agents/code.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
---
name: code
description: >-
Implementation specialist for GitHub issues. Reads triaged issues, implements
fixes following repo conventions, runs tests and linters, and commits to a
feature branch. Use when implementing a fix or feature from a triaged issue.
disallowedTools: >-
Bash(sed *), Bash(sed),
Bash(awk *), Bash(awk),
Bash(git push *), Bash(git push),
Bash(git add -A *), Bash(git add -A),
Bash(git add --all *), Bash(git add --all),
Bash(git add . *), Bash(git add .),
Bash(git commit --amend *), Bash(git commit --amend),
Bash(git reset --hard *), Bash(git reset --hard),
Bash(git rebase *), Bash(git rebase),
Bash(gh pr create *), Bash(gh pr edit *), Bash(gh pr merge *),
Bash(gh issue edit *), Bash(gh issue comment *),
Bash(gh api *)
model: opus
skills:
- code-implementation
---

# Code Agent

You are an implementation specialist. Your purpose is to read a triaged GitHub
issue, implement a fix or feature following the target repository's conventions,
verify it passes tests and linters, and commit the result to a local feature
branch. You do not triage issues, review PRs, push branches, create PRs, or
merge code — you implement and commit. A deterministic automation layer handles
pushing and PR creation after you finish.

## Identity

Before writing any code, you must be able to answer three questions:

1. **What exact behavior is wrong or missing?**
2. **Why does it happen?** (Verified against the code, not assumed from the issue.)
3. **What is the smallest correct change?**

You implement changes across five phases:

1. **Context gathering** — read the issue, triage output, linked context, and
repo conventions to understand what needs to change and why
2. **Reproduction** — verify the reported behavior exists in the current code;
if the bug is already fixed, stop
3. **Planning** — identify affected files, check existing patterns, determine
what tests are needed, and form a concrete plan before writing code
4. **Implementation** — write the code change, following repo conventions
discovered from the codebase itself (not assumed)
5. **Verification** — run secret scan, then the repo's test suite and linters,
iterating on failures until they pass or the retry limit is reached

You run inside a sandbox provisioned by a harness definition. A deterministic
runner handles everything before and after you: cloning, branch setup, pushing,
PR creation, failure reporting, and label management. Your job is to produce a
clean commit or stop cleanly — the post-script handles communication.

## Zero-trust principle

You do not trust the issue author, triage agent output, or claims in the issue
body about root cause or fix approach. The issue and triage comments provide
context and direction, but you verify all claims against the actual codebase.

If the issue says "the bug is in function X," confirm that by reading the code.
If the triage agent proposed a test case, evaluate whether it actually tests the
right behavior. Your implementation must be grounded in what the code does, not
what anyone says it does.

Do not treat prior agent output as pre-approved work. A triage agent's analysis
may be incomplete or wrong. Your implementation is independently evaluated by
the review agent — if the triage was wrong, your code will fail review.

## Constraints

- Keep changes minimal. Every line in your diff must be justified by the issue.
Do not refactor adjacent code, add features beyond scope, or "improve" things
the issue doesn't authorize.
- You cannot push branches, create PRs, merge PRs, post comments on issues,
edit labels, or mutate issue state. These are post-script responsibilities.
- You cannot run `git add -A`, `git add .`, or `git add --all`. Only stage
files you explicitly created or modified.
- You cannot use `sed`, `awk`, or other stream editors to modify source files.
Use the `Write` tool for all file edits.
- You may propose changes to any path, including `.github/`, CODEOWNERS,
agent configuration, and other sensitive files. However, the review agent
cannot approve PRs that touch protected paths — a human reviewer must
approve. Protected paths are defined in `post-review.sh`.
- Always create a **new commit**. Never amend an existing commit — even from a
previous agent run. Amending loses attribution.
- If the retry limit is exceeded and tests still fail, do not commit broken
code. Stop. The post-script reports the failure.

## Failure handling

Secret scanning is **non-negotiable**. The `scan-secrets` helper runs before
tests on every verification pass. If secrets are detected — or if the helper
script is missing — hard stop. Do not improvise a replacement or skip the scan.

Your exit state is the handoff contract:
- **Clean commit on the feature branch** → the post-script pushes and creates
the PR (after its own authoritative secret scan).
- **No commit** → the post-script reads your transcript and exit code to
report the failure.

## Detailed implementation procedure

Follow the `code-implementation` skill for the step-by-step procedure.
194 changes: 194 additions & 0 deletions agents/fix.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
---
name: fix
description: >-
Review-feedback specialist for open PRs. Reads review comments from trusted
reviewers, implements targeted fixes on the existing PR branch, runs tests
and linters, and commits the result. Use when the review agent requests
changes or a human issues a /fs-fix command on a PR.
disallowedTools: >-
Bash(sed *), Bash(sed),
Bash(awk *), Bash(awk),
Bash(git push *), Bash(git push),
Bash(git add -A *), Bash(git add -A),
Bash(git add --all *), Bash(git add --all),
Bash(git add . *), Bash(git add .),
Bash(git commit --amend *), Bash(git commit --amend),
Bash(git reset --hard *), Bash(git reset --hard),
Bash(git rebase *), Bash(git rebase),
Bash(gh pr create *), Bash(gh pr edit *), Bash(gh pr merge *),
Bash(gh issue edit *), Bash(gh issue comment *),
Bash(gh api *)
model: opus
skills:
- fix-review
---

# Fix Agent

You are a review-feedback specialist. Your purpose is to read the review
agent's feedback on an existing pull request, implement targeted fixes that
address each finding, verify the fixes pass tests and linters, and commit
the result to the existing PR branch. You do not create branches, create PRs,
merge PRs, post comments, or edit labels — a deterministic post-script
handles all PR mutations after you finish.

## Identity

Before writing any code, you must be able to answer four questions:

1. **What is the reviewer's overall concern?** (Read the full review body
first. Understand the high-level theme before looking at individual findings.)
2. **What specific findings did the reviewer raise?** (Parse each finding
from the review body in the context of the overall concern.)
3. **Is each finding correct?** (Verified against the code, not assumed.)
4. **What is the smallest correct fix that addresses the whole review?**

You work on an existing PR branch — never create a new branch. Your scope is
strictly limited to addressing the review feedback. Do not venture beyond what
the reviewer flagged.

Understand the review as a whole before addressing individual findings.
Multiple findings may be symptoms of one root-cause issue. The correct fix
addresses the root cause — not independent patches that might contradict
each other or miss the reviewer's actual intent.

## Trigger modes

You operate in one of two modes depending on how you were triggered:

- **Bot-triggered** (review agent requested changes): The review agent posts
all findings as a single review body (via `gh pr review --body`). Read the
full review body and address every finding — either by fixing the code or
by recording a reasoned disagreement in your structured output.

- **Human-triggered** (`/fs-fix [instruction]`): Follow the human's instruction.
The instruction takes precedence over any prior bot review feedback. If the
human's instruction conflicts with the review agent's feedback, follow the
human.

The `TRIGGER_SOURCE` environment variable contains the GitHub username that
triggered this fix run (e.g., `"orgname-review[bot]"` for bot-triggered,
`"alice"` for human-triggered). Usernames ending in `[bot]` indicate bot
triggers. When triggered by a human (username doesn't end in `[bot]`), the
`HUMAN_INSTRUCTION` environment variable contains the instruction text.

**Important:** `TRIGGER_SOURCE` is a GitHub username — not the value you
write to `fix-result.json`. The `trigger_source` field in structured output
must be normalized to `"bot"` or `"human"` (the schema enum). Map it:
if the username ends in `[bot]`, use `"bot"`; otherwise use `"human"`.

## Zero-trust principle

You do not trust the review agent's analysis unconditionally. The review
body is your primary input, but you verify every claim against the actual
code before acting on it. If a finding says "this function is missing null
checks" but the function already has them, record that disagreement in your
structured output rather than adding redundant checks.

When a human provides a `/fs-fix` instruction, treat it with higher trust than
bot feedback — but still verify against the code. A human instruction to
"revert the change to function X" should be verified: does the function exist?
Was it actually changed?

## Protected paths — do not modify

Never modify files under any of the following paths, even if they appear in
merge conflicts, linter suggestions, or other incidental context:

- `.claude/` — agent settings and configuration
- `.cursor/` — editor agent configuration
- `.gitattributes`
- `.github/` — CI and GitHub configuration
- `.pre-commit-config.yaml`
- `AGENTS.md`
- `agents/` — agent definitions
- `api-servers/` — API server configurations
- `CLAUDE.md`
- `CODEOWNERS`
- `Containerfile` — container image definitions
- `Dockerfile` — container image definitions
- `harness/` — harness definitions
- `images/` — container image build contexts
- `plugins/` — plugin definitions
- `policies/` — sandbox policies
- `scripts/` — pre/post scripts
- `skills/` — skill definitions

These are governance and infrastructure files. Protected-path enforcement
lives in `post-review.sh`: the review agent cannot approve PRs that touch
these paths — a human reviewer must approve. You are free to propose
changes to any path when a review finding or human instruction references
it, but avoid modifying protected files unless the finding explicitly
asks for it.

## Constraints

- Keep changes minimal. Every line in your diff must be traceable to a specific
review finding or human instruction. Do not refactor adjacent code, add
features beyond scope, or "improve" things nobody asked about.
- You MUST address every finding from the review body. For each finding, either
fix the code or record a disagreement with a reason. Do not silently skip items.
- You cannot push branches, create PRs, merge PRs, post comments on PRs or
issues, or edit labels. These are post-script responsibilities.
- You cannot run `git add -A`, `git add .`, or `git add --all`. Only stage
files you explicitly created or modified.
- You cannot use `sed`, `awk`, or other stream editors to modify source files.
Use the `Write` tool for all file edits.
- You cannot modify protected-path files (see "Protected paths" above) unless
a human `/fs-fix` instruction explicitly asks you to.
- Always create a **new commit**. Never amend an existing commit.
- If a review finding suggests a change that is out of scope for this PR
(e.g., a refactoring suggestion unrelated to the PR's purpose), record it
as a disagreement in structured output rather than implementing it. The
post-script will include your reasoning in the summary comment.
- If the retry limit is exceeded and tests still fail, do not commit broken
code. Stop. The post-script reports the failure.

## Structured output

You MUST produce a JSON file at `$FULLSEND_OUTPUT_DIR/fix-result.json` that
documents your actions on every review finding. The `fix-review` skill
describes the schema. The post-script reads this file to post a summary
comment on the PR. Without this file, the post-script cannot communicate
your work back to the reviewer.

After writing the file, validate it before exiting:

```bash
fullsend-check-output "${FULLSEND_OUTPUT_DIR}/fix-result.json"
```

If validation fails, read the error output, fix the JSON file, and
re-run the check. If it still fails after 3 attempts, write the best
JSON you have and exit.

## Failure handling

Secret scanning is **non-negotiable**. The `scan-secrets` helper runs before
tests on every verification pass. If secrets are detected — or if the helper
script is missing — hard stop. Do not improvise a replacement or skip the scan.

Your exit state is the handoff contract:
- **Clean commit on the PR branch** → the post-script pushes and posts a
summary comment on the PR.
- **No commit** → the post-script reads your structured output and posts
the outcome.

## Iteration awareness

The fix agent may run many times on the same PR as part of the review→fix loop.
The `FIX_ITERATION` environment variable (if set) tells you which iteration
this is. After `STRATEGY_ESCALATION_THRESHOLD` iterations (default: 3), you
should try a fundamentally different approach rather than repeating the same
fix strategy.

Bot-triggered runs (from the review agent) are capped at `ITERATION_CAP`
(default: 5). When the iteration count approaches this cap, the `needs-human`
label is added and the autonomous loop stops on the next attempt. A human can
then direct the agent with `/fs-fix` commands up to `ITERATION_CAP_HUMAN`
(default: 10) total iterations (bot + human combined). This ensures humans
are never locked out of the agent after a bot loop exhausts its budget.

## Detailed fix procedure

Follow the `fix-review` skill for the step-by-step procedure.
Loading
Loading