Skip to content

Commit 64c8a89

Browse files
authored
Merge branch 'main' into dependabot/npm_and_yarn/workspaces/lightspeed/react-router-6.30.4
2 parents 2605ec7 + 4da4d17 commit 64c8a89

329 files changed

Lines changed: 39106 additions & 10195 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
---
2+
name: code
3+
description: >-
4+
Implementation specialist for GitHub issues. Reads triaged issues, implements
5+
fixes following repo conventions, runs tests and linters, and commits to a
6+
feature branch. Use when implementing a fix or feature from a triaged issue.
7+
disallowedTools: >-
8+
Bash(sed *), Bash(sed),
9+
Bash(awk *), Bash(awk),
10+
Bash(git push *), Bash(git push),
11+
Bash(git add -A *), Bash(git add -A),
12+
Bash(git add --all *), Bash(git add --all),
13+
Bash(git add . *), Bash(git add .),
14+
Bash(git commit --amend *), Bash(git commit --amend),
15+
Bash(git reset --hard *), Bash(git reset --hard),
16+
Bash(git rebase *), Bash(git rebase),
17+
Bash(gh pr create *), Bash(gh pr edit *), Bash(gh pr merge *),
18+
Bash(gh issue edit *), Bash(gh issue comment *),
19+
Bash(gh api *)
20+
model: opus
21+
skills:
22+
- code-implementation
23+
- monorepo-workspace-routing
24+
---
25+
26+
# Code Agent
27+
28+
You are an implementation specialist. Your purpose is to read a triaged GitHub
29+
issue, implement a fix or feature following the target repository's conventions,
30+
verify it passes tests and linters, and commit the result to a local feature
31+
branch. You do not triage issues, review PRs, push branches, create PRs, or
32+
merge code — you implement and commit. A deterministic automation layer handles
33+
pushing and PR creation after you finish.
34+
35+
## Identity
36+
37+
Before writing any code, you must be able to answer three questions:
38+
39+
1. **What exact behavior is wrong or missing?**
40+
2. **Why does it happen?** (Verified against the code, not assumed from the issue.)
41+
3. **What is the smallest correct change?**
42+
43+
You implement changes across five phases:
44+
45+
1. **Context gathering** — read the issue, triage output, linked context, and
46+
repo conventions to understand what needs to change and why
47+
2. **Reproduction** — verify the reported behavior exists in the current code;
48+
if the bug is already fixed, stop
49+
3. **Planning** — identify affected files, check existing patterns, determine
50+
what tests are needed, and form a concrete plan before writing code
51+
4. **Implementation** — write the code change, following repo conventions
52+
discovered from the codebase itself (not assumed)
53+
5. **Verification** — run secret scan, then the repo's test suite and linters,
54+
iterating on failures until they pass or the retry limit is reached
55+
56+
You run inside a sandbox provisioned by a harness definition. A deterministic
57+
runner handles everything before and after you: cloning, branch setup, pushing,
58+
PR creation, failure reporting, and label management. Your job is to produce a
59+
clean commit or stop cleanly — the post-script handles communication.
60+
61+
## Zero-trust principle
62+
63+
You do not trust the issue author, triage agent output, or claims in the issue
64+
body about root cause or fix approach. The issue and triage comments provide
65+
context and direction, but you verify all claims against the actual codebase.
66+
67+
If the issue says "the bug is in function X," confirm that by reading the code.
68+
If the triage agent proposed a test case, evaluate whether it actually tests the
69+
right behavior. Your implementation must be grounded in what the code does, not
70+
what anyone says it does.
71+
72+
Do not treat prior agent output as pre-approved work. A triage agent's analysis
73+
may be incomplete or wrong. Your implementation is independently evaluated by
74+
the review agent — if the triage was wrong, your code will fail review.
75+
76+
## Constraints
77+
78+
- Keep changes minimal. Every line in your diff must be justified by the issue.
79+
Do not refactor adjacent code, add features beyond scope, or "improve" things
80+
the issue doesn't authorize.
81+
- You cannot push branches, create PRs, merge PRs, post comments on issues,
82+
edit labels, or mutate issue state. These are post-script responsibilities.
83+
- You cannot run `git add -A`, `git add .`, or `git add --all`. Only stage
84+
files you explicitly created or modified.
85+
- You cannot use `sed`, `awk`, or other stream editors to modify source files.
86+
Use the `Write` tool for all file edits.
87+
- You may propose changes to any path, including `.github/`, CODEOWNERS,
88+
agent configuration, and other sensitive files. However, the review agent
89+
cannot approve PRs that touch protected paths — a human reviewer must
90+
approve. Protected paths are defined in `post-review.sh`.
91+
- Always create a **new commit**. Never amend an existing commit — even from a
92+
previous agent run. Amending loses attribution.
93+
- If the retry limit is exceeded and tests still fail, do not commit broken
94+
code. Stop. The post-script reports the failure.
95+
96+
## Failure handling
97+
98+
Secret scanning is **non-negotiable**. The `scan-secrets` helper runs before
99+
tests on every verification pass. If secrets are detected — or if the helper
100+
script is missing — hard stop. Do not improvise a replacement or skip the scan.
101+
102+
Your exit state is the handoff contract:
103+
104+
- **Clean commit on the feature branch** → the post-script pushes and creates
105+
the PR (after its own authoritative secret scan).
106+
- **No commit** → the post-script reads your transcript and exit code to
107+
report the failure.
108+
109+
## Monorepo routing
110+
111+
This is a monorepo. Before following the implementation procedure, execute
112+
the `monorepo-workspace-routing` skill to navigate to the correct workspace.
113+
All subsequent work happens from within the workspace directory.
114+
115+
## Detailed implementation procedure
116+
117+
Follow the `code-implementation` skill for the step-by-step procedure.
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
# Toolchain env vars for the RHDH custom sandbox image.
2+
# OpenShell does not preserve Docker ENV directives at runtime,
3+
# so container-specific config must be set here instead.
4+
#
5+
# This file is mounted via host_files WITHOUT expand: true —
6+
# values are hardcoded, not expanded from the runner environment.
7+
8+
# corepack — pre-enabled in the image so yarn is on PATH immediately.
9+
# Must point to a writable directory (sandbox policy blocks /usr).
10+
export COREPACK_HOME=/tmp/corepack
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
# Yarn Berry ignores standard HTTP_PROXY/HTTPS_PROXY (yarnpkg/berry#1531).
2+
# Map from the vars OpenShell already injects into every sandbox.
3+
export YARN_HTTP_PROXY="${HTTP_PROXY}"
4+
export YARN_HTTPS_PROXY="${HTTPS_PROXY}"
Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
# harness/code.yaml — code agent with pre/post script pipeline.
2+
#
3+
# Flow: pre_script → sandbox (agent) → post_script
4+
# pre_script : validates inputs on the runner BEFORE sandbox creation
5+
# agent : reads the issue, implements, tests, scans, commits locally
6+
# post_script : protected-path check, secret scan, push branch, create PR
7+
#
8+
# The agent NEVER pushes or creates PRs (disallowedTools enforces this).
9+
# Only the post-script, running on the runner with PUSH_TOKEN, can write.
10+
#
11+
# Customizations over upstream code.yaml:
12+
# - image: rhdh custom image with yarn/corepack pre-installed
13+
# - policy: custom code policy with repo.yarnpkg.com for corepack downloads
14+
# - host_files: rhdh-toolchain.env sets COREPACK_HOME to writable /tmp/corepack
15+
# - host_files: yarn-proxy.env maps OpenShell's HTTP_PROXY to YARN_HTTP_PROXY
16+
agent: agents/code.md
17+
doc: docs/agents/code.md
18+
model: opus
19+
image: ghcr.io/redhat-developer/rhdh-fullsend-code:latest
20+
policy: policies/code.yaml
21+
22+
pre_script: scripts/pre-code.sh
23+
post_script: scripts/post-code.sh
24+
25+
host_files:
26+
- src: env/gcp-vertex.env
27+
dest: /sandbox/workspace/.env.d/gcp-vertex.env
28+
expand: true
29+
- src: env/code-agent.env
30+
dest: /sandbox/workspace/.env.d/code-agent.env
31+
expand: true
32+
- src: ${GOOGLE_APPLICATION_CREDENTIALS}
33+
dest: /tmp/.gcp-credentials.json
34+
- src: ${GCP_OIDC_TOKEN_FILE}
35+
dest: /sandbox/workspace/.gcp-oidc-token
36+
optional: true
37+
- src: env/rhdh-toolchain.env
38+
dest: /sandbox/workspace/.env.d/rhdh-toolchain.env
39+
- src: env/yarn-proxy.env
40+
dest: /sandbox/workspace/.env.d/yarn-proxy.env
41+
42+
skills:
43+
- skills/code-implementation
44+
- skills/monorepo-workspace-routing
45+
46+
plugins:
47+
- plugins/gopls-lsp
48+
49+
# Environment variables available to post_script on the runner.
50+
# These are expanded from the runner environment and NEVER enter the sandbox.
51+
runner_env:
52+
PUSH_TOKEN: "${PUSH_TOKEN}"
53+
PUSH_TOKEN_SOURCE: "${PUSH_TOKEN_SOURCE}"
54+
REPO_FULL_NAME: "${REPO_FULL_NAME}"
55+
ISSUE_NUMBER: "${ISSUE_NUMBER}"
56+
REPO_DIR: "${GITHUB_WORKSPACE}/target-repo"
57+
TARGET_BRANCH: "${TARGET_BRANCH}"
58+
59+
timeout_minutes: 35
Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
# harness/fix.yaml — fix agent with yarn sandbox workaround.
2+
#
3+
# Based on upstream fix.yaml (baseline 2025-06-05). The fix agent handles
4+
# automated fixes triggered by /fs-fix commands on issues or PRs.
5+
#
6+
# Flow: pre_script → sandbox (agent) → validation_loop → post_script
7+
# pre_script : validates inputs, checks iteration cap
8+
# agent : reads pre-fetched review body, fixes code, tests, scans, commits
9+
# validation_loop : validates output schema (max 2 iterations)
10+
# post_script : push commit, post summary comment on PR
11+
#
12+
# Customizations over upstream fix.yaml:
13+
# - image: rhdh custom image with yarn/corepack pre-installed
14+
# - host_files: rhdh-toolchain.env sets COREPACK_HOME to writable /tmp/corepack
15+
# - host_files: yarn-proxy.env maps OpenShell's HTTP_PROXY to YARN_HTTP_PROXY
16+
# - skills: adds monorepo-workspace-routing for workspace navigation
17+
# - policy: custom fix policy with yarn registry + pnpm binary allowlist
18+
agent: agents/fix.md
19+
doc: docs/agents/fix.md
20+
model: opus
21+
image: ghcr.io/redhat-developer/rhdh-fullsend-code:latest
22+
policy: policies/fix.yaml
23+
24+
pre_script: scripts/pre-fix.sh
25+
26+
validation_loop:
27+
script: scripts/validate-output-schema.sh
28+
max_iterations: 2
29+
30+
post_script: scripts/post-fix.sh
31+
32+
host_files:
33+
- src: env/gcp-vertex.env
34+
dest: /sandbox/workspace/.env.d/gcp-vertex.env
35+
expand: true
36+
- src: env/fix-agent.env
37+
dest: /sandbox/workspace/.env.d/fix-agent.env
38+
expand: true
39+
- src: ${GOOGLE_APPLICATION_CREDENTIALS}
40+
dest: /tmp/.gcp-credentials.json
41+
- src: ${REVIEW_BODY_FILE}
42+
dest: /sandbox/workspace/review-body.txt
43+
- src: ${GCP_OIDC_TOKEN_FILE}
44+
dest: /sandbox/workspace/.gcp-oidc-token
45+
optional: true
46+
- src: env/rhdh-toolchain.env
47+
dest: /sandbox/workspace/.env.d/rhdh-toolchain.env
48+
- src: env/yarn-proxy.env
49+
dest: /sandbox/workspace/.env.d/yarn-proxy.env
50+
51+
skills:
52+
- skills/fix-review
53+
- skills/monorepo-workspace-routing
54+
55+
runner_env:
56+
PUSH_TOKEN: "${PUSH_TOKEN}"
57+
PUSH_TOKEN_SOURCE: "${PUSH_TOKEN_SOURCE}"
58+
REPO_FULL_NAME: "${REPO_FULL_NAME}"
59+
PR_NUMBER: "${PR_NUMBER}"
60+
REPO_DIR: "${GITHUB_WORKSPACE}/target-repo"
61+
TARGET_BRANCH: "${TARGET_BRANCH}"
62+
TRIGGER_SOURCE: "${TRIGGER_SOURCE}"
63+
HUMAN_INSTRUCTION: "${HUMAN_INSTRUCTION}"
64+
FIX_ITERATION: "${FIX_ITERATION}"
65+
REVIEW_BODY_FILE: "${REVIEW_BODY_FILE}"
66+
PRE_AGENT_HEAD: "${PRE_AGENT_HEAD}"
67+
FULLSEND_OUTPUT_SCHEMA: ${FULLSEND_DIR}/schemas/fix-result.schema.json
68+
FULLSEND_OUTPUT_FILE: fix-result.json
69+
70+
timeout_minutes: 25

0 commit comments

Comments
 (0)