feat: add automated issue triage via OpenCode and AI Gateway (#12517)

Co-authored-by: devin-ai-integration[bot] <158243242+devin-ai-integration[bot]@users.noreply.github.com>

Author: ascorbic

.github/opencode.json

@@ -0,0 +1,24 @@
+{
+	"$schema": "https://opencode.ai/config.json",
+	"disabled_providers": ["opencode"],
+	"enabled_providers": ["cloudflare-ai-gateway"],
+	"provider": {
+		"cloudflare-ai-gateway": {
+			"models": {
+				"anthropic/claude-sonnet-4-5": {}
+			}
+		}
+	},
+	"permission": {
+		"read": "allow",
+		"edit": "allow",
+		"glob": "allow",
+		"grep": "allow",
+		"bash": "deny",
+		"task": "allow",
+		"skill": "allow",
+		"todoread": "allow",
+		"todowrite": "allow",
+		"webfetch": "deny"
+	}
+}

.github/skills/issue-review.md

@@ -0,0 +1,162 @@
+---
+name: github-issue-review
+description: Triage a GitHub issue on cloudflare/workers-sdk. Assesses quality, identifies the component, checks for duplicates, and recommends next steps.
+---
+
+# GitHub Issue Triage Skill
+
+This skill triages a GitHub issue to assess its quality, identify the affected component, and recommend next steps for the maintainers.
+
+**Important:** This skill runs without bash or network access. All analysis is based on the pre-fetched issue data in `context.json`. Use only `read`, `glob`, `grep`, `edit`, and `write` tools.
+
+## Input
+
+Pre-fetched issue data at `data/<issue_number>/context.json` containing the full issue details from the GitHub API (title, body, comments, labels, author, dates).
+
+## Triage Process
+
+Perform the following steps in order. **Stop and skip to Output as soon as you have sufficient evidence for a recommendation.**
+
+### Step 1: Load Issue Details
+
+Read the pre-fetched `context.json` file using the `read` tool.
+
+Extract and note:
+
+- Title and description
+- Issue type (bug report vs feature request vs question)
+- Product/component affected
+- Version reported against (if any)
+- Operating system (if any)
+- Reproduction steps or reproduction link (if any)
+- Error messages (if any)
+- Comment count and any relevant comment content
+
+### Step 2: Check for Empty or Invalid Issues
+
+Recommend **CLOSE** if:
+
+- The body is empty or contains only template headers with no content filled in
+- The issue is clearly spam or off-topic (not related to workers-sdk)
+- The reporter confirmed the issue is resolved (in comments)
+- A maintainer indicated it should be closed (in comments)
+
+Recommend **NEEDS MORE INFO** if:
+
+- Bug report has no reproduction steps or link (the template requires one)
+- Bug report is missing version information
+- The description is too vague to act on
+
+**STOP HERE if** the issue is clearly closeable or clearly needs more info. Skip to Output.
+
+### Step 3: Identify Component
+
+Map the issue to a package based on labels, title, and body content:
+
+| Signal                                                   | Package                                         |
+| -------------------------------------------------------- | ----------------------------------------------- |
+| `wrangler` label, wrangler CLI commands, `wrangler.toml` | `packages/wrangler`                             |
+| `miniflare` label, local dev simulation                  | `packages/miniflare`                            |
+| `d1` label, D1 database                                  | `packages/wrangler` (D1 code is in wrangler)    |
+| `vitest` label, worker tests                             | `packages/vitest-pool-workers`                  |
+| `vite-plugin` label, vite dev                            | `packages/vite-plugin-cloudflare`               |
+| `c3` label, `create-cloudflare`, project scaffolding     | `packages/create-cloudflare`                    |
+| `pages` label, Pages deployment                          | `packages/wrangler` (Pages code is in wrangler) |
+| R2, KV, Queues, Durable Objects bindings                 | `packages/wrangler`                             |
+| Workers runtime behavior (not tooling)                   | May be a platform issue, not workers-sdk        |
+
+If the issue describes Workers **runtime** behavior (e.g., fetch API quirks, V8 issues, compatibility flags) rather than **tooling** behavior, note that it may belong in a different repo.
+
+### Step 4: Assess Reproducibility and Severity
+
+For **bug reports**, evaluate:
+
+- **Has reproduction?** Does the issue include a minimal repro link or clear steps?
+- **Severity estimate:** Is this a crash, data loss, incorrect behavior, or cosmetic issue?
+- **Scope:** Does it affect all users or a specific configuration?
+- **Workaround available?** Did the reporter or comments mention one?
+
+For **feature requests**, evaluate:
+
+- **Clarity:** Is the proposed solution clearly described?
+- **Use case:** Is the motivation explained?
+- **Scope:** Small enhancement vs large new feature?
+
+## Output Format
+
+### Report Directory Structure
+
+```
+./data/<issue_number>/
+├── report.md          # Full detailed report
+└── summary.md         # Single-line tab-separated summary
+```
+
+### Output Step 1: Write Full Report
+
+Write the full report to `./data/<issue_number>/report.md`:
+
+```markdown
+# Issue Triage: <owner/repo>#<number>
+
+## Summary
+
+<One-line summary of the issue>
+
+## Classification
+
+- **Type:** <Bug | Feature Request | Question | Discussion>
+- **Component:** <package name or "unknown">
+- **Severity:** <Critical | High | Medium | Low | N/A>
+- **Has Reproduction:** <Yes (with link) | No | N/A>
+- **Quality:** <Complete | Partial | Incomplete>
+
+## Findings
+
+- **Created:** <date>
+- **Author:** <username>
+- **Version:** <reported version, or "not specified">
+- **Labels:** <labels, or "none">
+- **Comments:** <count>
+
+### Analysis
+
+<2-5 bullet points covering what you found — component identification,
+reproducibility assessment, severity reasoning. Only include what's relevant.>
+
+## Recommendation
+
+**Status:** <CLOSE | KEEP OPEN | NEEDS MORE INFO | NEEDS VERIFICATION>
+
+**Reasoning:** <2-3 sentences explaining why>
+
+**Action:** <What a maintainer should do next>
+
+**Suggested Labels:** <labels to add, if any>
+
+### Suggested Comment
+
+> <The exact comment to post on the issue, if applicable. For NEEDS MORE INFO,
+> ask specific questions. For CLOSE, explain why.
+> Omit this section if no comment is needed.>
+```
+
+### Output Step 2: Write Summary File
+
+Write a single tab-separated line to `./data/<issue_number>/summary.md` with these 7 fields:
+
+```
+[<issue_number>](https://github.com/<owner>/<repo>/issues/<issue_number>)	<title>	<CLOSE|KEEP OPEN|NEEDS MORE INFO|NEEDS VERIFICATION>	<easy|medium|hard|n/a>	<brief reasoning>	<brief suggested action>	<Yes|No|N/A>
+```
+
+**Column definitions:**
+
+- **Issue #**: Link to the issue in markdown format `[number](url)`
+- **Title**: Issue title (remove any emoji prefixes like "Bug:")
+- **Recommendation**: One of CLOSE, KEEP OPEN, NEEDS MORE INFO, NEEDS VERIFICATION
+- **Difficulty**: Estimated fix difficulty - `easy`, `medium`, `hard`, or `n/a` (for feature requests or closures)
+- **Reasoning**: Brief summary of why (1-2 sentences)
+- **Suggested Action**: Brief description of next steps
+- **Suggested Comment**: "Yes" if a comment template is provided, "No" or "N/A" otherwise
+
+**CRITICAL:** Use actual tab characters (`\t`) as column delimiters. Write only the single data line, no header.

.github/workflows/triage-issue.yml

@@ -0,0 +1,151 @@
+name: Triage New Issue
+
+on:
+  issues:
+    types: [opened]
+  workflow_dispatch:
+    inputs:
+      issue-number:
+        description: "Issue number to triage"
+        required: true
+        type: number
+
+permissions:
+  contents: read
+  issues: read
+
+# Cancel in-progress runs for the same issue
+concurrency:
+  group: triage-${{ github.event.issue.number || inputs.issue-number }}
+  cancel-in-progress: true
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    # For issue events: skip PRs and bot-created issues. Always run for workflow_dispatch.
+    if: >-
+      github.event_name == 'workflow_dispatch' ||
+      (!github.event.issue.pull_request &&
+      github.event.issue.user.type != 'Bot')
+    timeout-minutes: 15
+    steps:
+      - name: Resolve issue number
+        id: issue
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            echo "number=${{ inputs.issue-number }}" >> "$GITHUB_OUTPUT"
+          else
+            echo "number=${{ github.event.issue.number }}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Checkout (sparse — just the skill and opencode config)
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            .github/skills
+            .github/opencode.json
+
+      - name: Install OpenCode
+        run: |
+          npm install -g opencode-ai
+          cp .github/opencode.json ./opencode.json
+
+      - name: Fetch issue data
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          ISSUE=${{ steps.issue.outputs.number }}
+          mkdir -p data/${ISSUE}
+
+          gh issue view ${ISSUE} \
+            --repo ${{ github.repository }} \
+            --json number,title,body,comments,createdAt,updatedAt,labels,state,author \
+            > data/${ISSUE}/context.json
+
+      - name: Analyze issue with OpenCode
+        env:
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_AI_GATEWAY_ACCOUNT_ID }}
+          CLOUDFLARE_GATEWAY_ID: ${{ secrets.CF_AI_GATEWAY_NAME }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CF_AI_GATEWAY_TOKEN }}
+        run: |
+          ISSUE=${{ steps.issue.outputs.number }}
+          REPO=${{ github.repository }}
+
+          opencode run \
+            --print-logs \
+            "Analyze GitHub issue ${REPO}#${ISSUE} using the skill at .github/skills/issue-review.md.
+
+          The issue data has been pre-fetched to data/${ISSUE}/context.json.
+          Read it with the read tool and follow the triage process.
+
+          Create:
+          - data/${ISSUE}/report.md (full report)
+          - data/${ISSUE}/summary.md (single tab-separated summary line)
+          "
+
+      - name: Upload report to dashboard
+        env:
+          CF_ACCESS_CLIENT_ID: ${{ secrets.CF1_ACCESS_CLIENT_ID }}
+          CF_ACCESS_CLIENT_SECRET: ${{ secrets.CF1_ACCESS_CLIENT_SECRET }}
+          DASHBOARD_URL: ${{ secrets.REPORTS_DASHBOARD_URL }}
+        run: |
+          ISSUE=${{ steps.issue.outputs.number }}
+
+          # Check files were created
+          if [ ! -f "data/${ISSUE}/report.md" ]; then
+            echo "::error::report.md was not generated"
+            exit 1
+          fi
+          if [ ! -f "data/${ISSUE}/summary.md" ]; then
+            echo "::error::summary.md was not generated"
+            exit 1
+          fi
+
+          # Parse the tab-separated summary.md into variables
+          SUMMARY=$(cat "data/${ISSUE}/summary.md")
+          TITLE=$(echo "$SUMMARY" | cut -f2)
+          RECOMMENDATION=$(echo "$SUMMARY" | cut -f3)
+          DIFFICULTY=$(echo "$SUMMARY" | cut -f4)
+          REASONING=$(echo "$SUMMARY" | cut -f5)
+          SUGGESTED_ACTION=$(echo "$SUMMARY" | cut -f6)
+          SUGGESTED_COMMENT=$(echo "$SUMMARY" | cut -f7)
+          REPORT=$(cat "data/${ISSUE}/report.md")
+
+          # Build JSON payload
+          PAYLOAD=$(jq -n \
+            --arg title "$TITLE" \
+            --arg githubUrl "https://github.com/${{ github.repository }}/issues/${ISSUE}" \
+            --arg recommendation "$RECOMMENDATION" \
+            --arg difficulty "$DIFFICULTY" \
+            --arg reasoning "$REASONING" \
+            --arg suggestedAction "$SUGGESTED_ACTION" \
+            --arg suggestedComment "$SUGGESTED_COMMENT" \
+            --arg reportMarkdown "$REPORT" \
+            '{
+              title: $title,
+              githubUrl: $githubUrl,
+              recommendation: $recommendation,
+              difficulty: $difficulty,
+              reasoning: $reasoning,
+              suggestedAction: $suggestedAction,
+              suggestedComment: $suggestedComment,
+              reportMarkdown: $reportMarkdown
+            }')
+
+          # POST to dashboard API
+          HTTP_STATUS=$(curl -s -o response.json -w "%{http_code}" \
+            -X POST "${DASHBOARD_URL}/api/report/${ISSUE}" \
+            -H "Content-Type: application/json" \
+            -H "CF-Access-Client-Id: ${CF_ACCESS_CLIENT_ID}" \
+            -H "CF-Access-Client-Secret: ${CF_ACCESS_CLIENT_SECRET}" \
+            -d "$PAYLOAD")
+
+          echo "Dashboard API response: HTTP ${HTTP_STATUS}"
+          cat response.json
+
+          if [ "$HTTP_STATUS" != "200" ]; then
+            echo "::error::Failed to upload report (HTTP ${HTTP_STATUS})"
+            exit 1
+          fi
+
+          echo "Report uploaded for issue #${ISSUE}"