|
1 | | -export PR_NUMBER="${PR_NUMBER}" |
2 | | -export REPO_FULL_NAME="${REPO_FULL_NAME}" |
3 | | -export TRIGGER_SOURCE="${TRIGGER_SOURCE}" |
4 | | -export HUMAN_INSTRUCTION="${HUMAN_INSTRUCTION}" |
5 | | -export FIX_ITERATION="${FIX_ITERATION}" |
6 | | - |
7 | | -# GH_TOKEN in the sandbox is a READ-ONLY scoped app installation token |
8 | | -# (contents:read, issues:read, pull_requests:read). Set by |
9 | | -# setup-agent-env.sh from FIX_GH_TOKEN. This token CANNOT push code |
10 | | -# or create PRs — the read-only scope is the actual enforcement layer. |
11 | | -# The separate write-enabled PUSH_TOKEN (runner_env) never enters the sandbox. |
12 | | -export GH_TOKEN="${GH_TOKEN}" |
13 | | - |
14 | | -# Author name is "fullsend-fix" (not "fullsend-code") so fix-agent |
15 | | -# commits are distinguishable for iteration counting. Both agents share |
16 | | -# the same GitHub App (coder role), so GIT_BOT_EMAIL resolves to the |
17 | | -# same bot noreply address. This makes the Probot DCO app auto-exempt |
18 | | -# agent commits (author.type === "Bot"). |
19 | | -export GIT_AUTHOR_NAME="fullsend-fix" |
20 | | -export GIT_AUTHOR_EMAIL="${GIT_BOT_EMAIL}" |
21 | | -export GIT_COMMITTER_NAME="fullsend-fix" |
22 | | -export GIT_COMMITTER_EMAIL="${GIT_BOT_EMAIL}" |
23 | | - |
24 | | -# Retry budget — the agent re-runs secret scan + tests on failure. |
25 | | -# Pre-commit is capped at 2 runs total (not per retry). |
26 | | -export MAX_RETRIES=1 |
27 | | - |
28 | | -# Hard timeout for the sandbox session in seconds. Must match |
29 | | -# timeout_minutes in harness/fix.yaml. |
30 | | -export TIMEOUT_SECONDS=1500 |
31 | | - |
32 | | -# Strategy escalation: after this many fix iterations, the agent should |
33 | | -# try a fundamentally different approach. |
34 | | -export STRATEGY_ESCALATION_THRESHOLD=3 |
35 | | - |
36 | | -# Iteration caps: bot-triggered runs (review→fix loop) have a tighter cap |
37 | | -# than human-triggered runs (/fix commands). When the iteration count |
38 | | -# approaches the bot cap, the 'needs-human' label is added and a human can |
39 | | -# still direct the agent with /fix up to ITERATION_CAP_HUMAN total iterations |
40 | | -# (bot + human combined). |
41 | | -export ITERATION_CAP=5 |
42 | | -export ITERATION_CAP_HUMAN=10 |
43 | | - |
44 | | -# Go toolchain — PATH is set in the sandbox image via Containerfile ENV. |
45 | | -# Do NOT set PATH here: this file uses expand: true (harness host_files), so |
46 | | -# ${PATH} would be replaced with the GitHub Actions runner's PATH by |
47 | | -# os.ExpandEnv, clobbering /sandbox/workspace/bin and breaking sandbox-local |
48 | | -# binaries. See code-agent.env lines 27-33 for the full explanation. |
49 | | -export GOPATH="/sandbox/go" |
50 | | -export GOMODCACHE="/sandbox/go/pkg/mod" |
51 | | - |
52 | 1 | # SSL certs — same workaround as code agent for OpenShell TLS termination. |
53 | 2 | if [ -f /etc/openshell-tls/ca-bundle.pem ]; then |
54 | 3 | export GIT_SSL_CAINFO=/etc/openshell-tls/ca-bundle.pem |
|
0 commit comments