You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rename the "coder" agent role to "code" across the entire codebase for
consistency with stage naming (triage/triage, code/code, review/review,
fix/fix, retro/retro, prioritize/prioritize, fullsend/fullsend).
Updates all references in Go source, configs, tests, workflows, docs,
scaffold templates, admin UI, and the mint-enroll skill. Adds a
transitional "coder" alias in the mint's rolePermissions for backward
compatibility during migration.
Also fixes a pre-existing gap where the admin UI's VALID_ROLES only had
4 roles (fullsend, triage, coder, review) while Go's ValidRoles() had 7.
Updated to match: fullsend, triage, code, review, fix, retro, prioritize.
BREAKING CHANGE: The "coder" role is renamed to "code". Existing
installations must update GitHub App slugs, Secret Manager secrets,
and ROLE_APP_IDS env vars. See deployment sequence in PR description.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Greg Allen <gallen@redhat.com>
Copy file name to clipboardExpand all lines: docs/ADRs/0033-per-repo-installation-mode.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ Some users cannot or do not want to use the per-org model:
35
35
36
36
Three ADRs and the implementation in PR 792 create the building blocks that make per-repo possible:
37
37
38
-
- ADR 0029 replaces PEM secrets and dispatch PATs with OIDC-based credential issuance via a central token mint. The `mint-token` composite action takes a role name (triage, coder, review, fix) and returns a scoped GitHub App installation token — no PEMs or client IDs in the calling repo.
38
+
- ADR 0029 replaces PEM secrets and dispatch PATs with OIDC-based credential issuance via a central token mint. The `mint-token` composite action takes a role name (triage, code, review, fix) and returns a scoped GitHub App installation token — no PEMs or client IDs in the calling repo.
39
39
-[ADR 0031](0031-reusable-workflows-for-action-installed-distribution.md) publishes five reusable workflows (`reusable-triage.yml`, `reusable-code.yml`, `reusable-review.yml`, `reusable-fix.yml`, `reusable-retro.yml`) and four composite actions (`fullsend`, `mint-token`, `validate-enrollment`, `setup-gcp`) from `fullsend-ai/fullsend`, enabling any repo to call fullsend infrastructure via `workflow_call` without copying workflow files. Scaffold stage workflows in `.fullsend` are now thin callers (41–66 lines) that delegate to these reusable workflows.
40
40
-[ADR 0034](0034-centralized-shim-routing-via-dispatch.md) centralizes event-to-stage routing in `dispatch.yml` within the `.fullsend` config repo. The enrolled-repo shim (~70 lines) forwards raw event context to `dispatch.yml` via `workflow_call`; `dispatch.yml` (~370 lines) determines the stage, mints an OIDC dispatch token, validates the stage, checks the kill switch, and dispatches to the matching thin caller via `workflow_call`. Adding a new stage requires only a case branch in `dispatch.yml` — zero changes to enrolled repos.
41
41
- ADR 0035 introduces layered content resolution: upstream defaults (agents, skills, schemas, harness, policies, scripts) are sparse-checked from `fullsend-ai/fullsend` at runtime, then org overrides from `customized/` are copied on top. The scaffold installs only org-specific files (~23 files instead of ~68).
@@ -64,19 +64,19 @@ Run `fullsend admin install` targeting a single repo instead of an org. Copy all
64
64
65
65
Use one GitHub App for triage, code, review, and fix roles to simplify per-repo setup.
66
66
67
-
**Rejected**: GitHub suppresses events triggered by pushes made with any `GITHUB_TOKEN` or GitHub App installation token, to prevent infinite loops. Two separate Apps work because a push made with App-A's token _does_ generate events that trigger workflows authenticated as App-B. The fix→review loop requires the coder/fix agent to push commits that trigger review — if both roles share one App, the push token matches the workflow's App and the event is silently suppressed, breaking the feedback cycle. At minimum, coder and review must be separate Apps.
67
+
**Rejected**: GitHub suppresses events triggered by pushes made with any `GITHUB_TOKEN` or GitHub App installation token, to prevent infinite loops. Two separate Apps work because a push made with App-A's token _does_ generate events that trigger workflows authenticated as App-B. The fix→review loop requires the code/fix agent to push commits that trigger review — if both roles share one App, the push token matches the workflow's App and the event is silently suppressed, breaking the feedback cycle. At minimum, code and review must be separate Apps.
68
68
69
69
### Alternative 3: Per-repo as a separate codebase
70
70
71
71
Build a standalone per-repo tool or action that does not share infrastructure with per-org fullsend.
72
72
73
73
**Rejected**: Duplicates agent logic, composite action, and security controls. Per-repo should reuse the same reusable workflows as per-org, with mode detection to adapt behavior.
74
74
75
-
### Alternative 4: Two-app minimum (coder + review)
75
+
### Alternative 4: Two-app minimum (code + review)
76
76
77
77
Reduce per-repo to two Apps instead of matching the full per-org app set.
78
78
79
-
**Rejected**: Dropping the triage App forces triage to share one of the other App identities, which conflates permissions (triage only needs `issues:write`, while coder has `contents:write`). The full per-role model (ADR 0007) provides least-privilege isolation. CLI automation (`fullsend admin install`) makes creating the Apps straightforward.
79
+
**Rejected**: Dropping the triage App forces triage to share one of the other App identities, which conflates permissions (triage only needs `issues:write`, while code has `contents:write`). The full per-role model (ADR 0007) provides least-privilege isolation. CLI automation (`fullsend admin install`) makes creating the Apps straightforward.
80
80
81
81
## Decision
82
82
@@ -217,7 +217,7 @@ Per-repo maps to these profiles:
217
217
|**Self-managed**| Per-repo user deploys own mint + own Apps |`fullsend admin install owner/repo --mint-project=my-proj` creates everything |
218
218
219
219
**SaaS profile (default)**: The simplest path. Shared public Apps
220
-
(`fullsend-ai-triage`, `fullsend-ai-coder`, `fullsend-ai-review`) are pre-created
220
+
(`fullsend-ai-triage`, `fullsend-ai-code`, `fullsend-ai-review`) are pre-created
221
221
by the platform operator and installed on the per-repo user's repo (requires
222
222
org admin approval). The `mint-token` composite action exchanges a GitHub
223
223
OIDC token for a scoped installation token — no PEMs, client IDs, or App
@@ -255,7 +255,7 @@ Shared flags (valid for both per-org and per-repo):
255
255
-`--mint-url` — token mint URL for OIDC token exchange (optional; auto-discovered from `--mint-project`/`--mint-region` if omitted)
256
256
-`--mint-project` — GCP project containing the mint function (defaults to `--inference-project` in per-repo)
257
257
-`--mint-region` — cloud region for the mint function (default: `us-central1`)
-`--skip-mint-deploy` — skip Cloud Function deployment, reuse existing mint URL
@@ -336,7 +336,7 @@ Ordered by the project's threat priority (external injection > insider > drift >
336
336
-**Base-branch config reads**: Reusable workflows read `.fullsend/`, `AGENTS.md`, and workflow files from the base branch only (enforced by `pull_request_target`). PR authors cannot inject modified agent instructions or policies via their PR.
337
337
-**Template validation**: `fullsend admin install` generates the workflow file with `pull_request_target`. Users who modify it are warned in documentation.
338
338
-**Minimal payload**: Following per-org `dispatch.yml`, `reusable-dispatch.yml` reads event context from `github.event.*` expressions (available in `workflow_call` callee context) rather than passing the full payload as an input.
339
-
-**Clear error messages**: Credential auto-detection reports why coder and review Apps must be separate, with a link to setup documentation.
339
+
-**Clear error messages**: Credential auto-detection reports why code and review Apps must be separate, with a link to setup documentation.
340
340
-**Migration path**: Per-repo users who outgrow the model can migrate to per-org without changing agent behavior — the same reusable workflows power both modes.
Copy file name to clipboardExpand all lines: docs/agents/code.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# Code Agent
2
2
3
-

3
+

4
4
5
5
Implementation specialist that reads triaged GitHub issues, implements fixes or features following repository conventions, runs tests and linters, and commits to a local feature branch.
0 commit comments