cockroachdb
diff --git a/‎.github/workflows/issue-autosolve.yml‎
Lines changed: 345 additions & 0 deletions b/‎.github/workflows/issue-autosolve.yml‎
Lines changed: 345 additions & 0 deletions
@@ -0,0 +1,345 @@
+name: Issue Auto-Solver
+
+on:
+  issues:
+    types: [labeled]
+
+concurrency:
+  group: autosolve-issue-${{ github.event.issue.number }}
+  cancel-in-progress: true
+
+jobs:
+  auto-solve-issue:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    if: github.event.label.name == 'c-autosolve'
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+      id-token: write
+
+    steps:
+      - name: Validate required secrets
+        run: |
+          if [ -z "${{ secrets.AUTOSOLVER_PAT }}" ]; then
+            echo "::error::AUTOSOLVER_PAT secret is not configured"
+            exit 1
+          fi
+
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Authenticate to Google Cloud
+        uses: 'google-github-actions/auth@v3'
+        with:
+          project_id: 'vertex-model-runners'
+          service_account: '[email protected]'
+          workload_identity_provider: 'projects/72497726731/locations/global/workloadIdentityPools/ai-review/providers/ai-review'
+
+      - name: Stage 1 - Assess Issue Feasibility
+        id: assess
+        uses: cockroachdb/claude-code-action@v1
+        env:
+          ANTHROPIC_VERTEX_PROJECT_ID: vertex-model-runners
+          CLOUD_ML_REGION: us-east5
+          # Pass user-controlled content via env vars to prevent prompt injection
+          ISSUE_TITLE: ${{ github.event.issue.title }}
+          ISSUE_BODY: ${{ github.event.issue.body }}
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          use_vertex: "true"
+          claude_args: |
+            --model claude-opus-4-5@20251101
+            --allowedTools "Read,Grep,Glob,Bash(gh issue view:*)"
+          prompt: |
+            Assess GitHub issue #${{ github.event.issue.number }}
+
+            The issue title and body are provided in the ISSUE_TITLE and ISSUE_BODY environment variables.
+            Use `gh issue view ${{ github.event.issue.number }}` to read the full issue details.
+
+            Determine if this issue is suitable for automated one-shot resolution.
+
+            Criteria for PROCEED:
+            - Clear bug description (reproduction steps or description of how to reproduce)
+            - Single component affected
+            - No architectural changes required
+
+            Criteria for SKIP:
+            - Requires design decisions or RFC
+            - Affects multiple major components
+            - Requires human judgment on product direction
+
+            **OUTPUT REQUIREMENT**: End your response with a single line containing only:
+            - `ASSESSMENT_RESULT - PROCEED` or
+            - `ASSESSMENT_RESULT - SKIP`
+
+      - name: Extract Assessment Result
+        id: assess_result
+        if: steps.assess.conclusion == 'success'
+        run: |
+          if [ ! -f "${{ steps.assess.outputs.execution_file }}" ]; then
+            echo "::error::Execution file not found: ${{ steps.assess.outputs.execution_file }}"
+            exit 1
+          fi
+
+          RESULT=$(jq -r '.[] | select(.type == "result") | .result' "${{ steps.assess.outputs.execution_file }}") || {
+            echo "::error::Failed to parse execution file with jq"
+            exit 1
+          }
+
+          if [ -z "$RESULT" ]; then
+            echo "::error::No result found in execution file"
+            exit 1
+          fi
+
+          {
+            echo 'result<<EOF'
+            echo "$RESULT"
+            echo 'EOF'
+          } >> "$GITHUB_OUTPUT"
+          echo "Assessment result extracted (${#RESULT} characters)"
+
+          # Validate that the result contains a valid assessment marker
+          if ! echo "$RESULT" | grep -qE 'ASSESSMENT_RESULT - (PROCEED|SKIP)'; then
+            echo "::error::Assessment result does not contain valid ASSESSMENT_RESULT marker"
+            echo "Expected 'ASSESSMENT_RESULT - PROCEED' or 'ASSESSMENT_RESULT - SKIP'"
+            exit 1
+          fi
+
+      - name: Stage 2 - Implement Fix
+        id: implement
+        if: contains(steps.assess_result.outputs.result, 'ASSESSMENT_RESULT - PROCEED')
+        uses: cockroachdb/claude-code-action@v1
+        env:
+          ANTHROPIC_VERTEX_PROJECT_ID: vertex-model-runners
+          CLOUD_ML_REGION: us-east5
+          # Pass user-controlled content via env vars to prevent prompt injection
+          ISSUE_TITLE: ${{ github.event.issue.title }}
+          ISSUE_BODY: ${{ github.event.issue.body }}
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          use_vertex: "true"
+          claude_args: |
+            --model claude-opus-4-5@20251101
+            --allowedTools "Read,Write,Edit,Grep,Glob,Bash(gh issue view:*),Bash(./dev test:*),Bash(./dev testlogic:*),Bash(./dev build:*),Bash(./dev generate:*),Bash(git:*)"
+          prompt: |
+            Fix GitHub issue #${{ github.event.issue.number }}
+
+            The issue title and body are provided in the ISSUE_TITLE and ISSUE_BODY environment variables.
+            Use `gh issue view ${{ github.event.issue.number }}` or read the env vars to understand the issue.
+
+            Instructions:
+            1. Read CLAUDE.md for project conventions and commit message format
+            2. Read and understand the issue
+            3. Implement the minimal fix required
+            4. Add or update tests to verify the fix
+            5. Run tests with ./dev test or ./dev testlogic
+            6. Stage all changes with git add
+
+            When formatting commits and PRs, follow the guidelines in CLAUDE.md.
+
+            **OUTPUT REQUIREMENT**: End your response with a single line containing only:
+            - `IMPLEMENTATION_RESULT - SUCCESS` or
+            - `IMPLEMENTATION_RESULT - FAILED`
+
+      - name: Extract Implementation Result
+        id: implement_result
+        if: steps.implement.conclusion == 'success'
+        run: |
+          if [ ! -f "${{ steps.implement.outputs.execution_file }}" ]; then
+            echo "::error::Execution file not found: ${{ steps.implement.outputs.execution_file }}"
+            exit 1
+          fi
+
+          RESULT=$(jq -r '.[] | select(.type == "result") | .result' "${{ steps.implement.outputs.execution_file }}") || {
+            echo "::error::Failed to parse execution file with jq"
+            exit 1
+          }
+
+          if [ -z "$RESULT" ]; then
+            echo "::error::No result found in execution file"
+            exit 1
+          fi
+
+          {
+            echo 'result<<EOF'
+            echo "$RESULT"
+            echo 'EOF'
+          } >> "$GITHUB_OUTPUT"
+          echo "Implementation result extracted (${#RESULT} characters)"
+
+      - name: Create branch and push to fork
+        id: push
+        if: contains(steps.implement_result.outputs.result, 'IMPLEMENTATION_RESULT - SUCCESS')
+        env:
+          AUTOSOLVER_PAT: ${{ secrets.AUTOSOLVER_PAT }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          git config user.name "crdb-autosolver"
+          git config user.email "[email protected]"
+
+          # Configure git credential helper to use PAT for the fork (avoids exposing token in URLs)
+          git config --global credential.helper store
+          echo "https://crdb-autosolver:${AUTOSOLVER_PAT}@github.com" > ~/.git-credentials
+          chmod 600 ~/.git-credentials
+
+          # Add the fork as a remote (handle case where it already exists)
+          git remote add fork https://github.com/crdb-autosolver/cockroach.git 2>/dev/null || \
+            git remote set-url fork https://github.com/crdb-autosolver/cockroach.git
+
+          # Create branch first, then add files
+          BRANCH_NAME="fix/issue-${{ github.event.issue.number }}"
+          git checkout -b "$BRANCH_NAME"
+          git add -A
+
+          # Check if there are any staged changes to commit
+          if git diff --quiet --cached; then
+            echo "::error::No changes were staged by the implementation step"
+            exit 1
+          fi
+
+          # Get issue title for commit message and sanitize it
+          # Remove newlines and limit length to prevent commit message issues
+          ISSUE_TITLE=$(gh issue view ${{ github.event.issue.number }} --json title -q '.title' 2>/dev/null || echo "fix issue #${{ github.event.issue.number }}")
+          # Sanitize: remove newlines, backticks, and limit to 100 chars for commit title
+          ISSUE_TITLE=$(echo "$ISSUE_TITLE" | tr '\n\r' ' ' | tr '`' "'" | cut -c1-100)
+
+          # Get the first package modified for commit prefix (use --cached since files are now staged)
+          PREFIX=$(git diff --name-only --cached 2>/dev/null | grep '\.go$' | head -1 | sed 's|pkg/||' | cut -d'/' -f1)
+          if [ -z "$PREFIX" ]; then
+            PREFIX="*"
+          fi
+
+          # Create commit with proper formatting per CLAUDE.md
+          # Using quoted heredoc ('EOF') to prevent variable expansion issues
+          git commit -F - <<EOF
+${PREFIX}: ${ISSUE_TITLE}
+
+Fixes #${{ github.event.issue.number }}
+
+Release note: None
+
+Epic: None
+
+Generated by Claude Code Auto-Solver
+Co-Authored-By: Claude <[email protected]>
+EOF
+
+          # Push to the fork
+          # NOTE: Force push is safe here because we're pushing to a new branch on the bot's fork,
+          # not to a shared branch. This ensures a clean branch state for each issue attempt.
+          git push -u fork "$BRANCH_NAME" --force
+
+          echo "branch_name=$BRANCH_NAME" >> "$GITHUB_OUTPUT"
+
+      - name: Create PR
+        id: create_pr
+        if: steps.push.conclusion == 'success'
+        env:
+          GH_TOKEN: ${{ secrets.AUTOSOLVER_PAT }}
+        run: |
+          # Get issue title and sanitize for safe use in PR body
+          ISSUE_TITLE=$(gh issue view ${{ github.event.issue.number }} --repo ${{ github.repository }} --json title -q '.title' 2>/dev/null || echo "Issue #${{ github.event.issue.number }}")
+          # Sanitize: remove newlines and backticks
+          ISSUE_TITLE=$(echo "$ISSUE_TITLE" | tr '\n\r' ' ' | tr '`' "'")
+
+          # Get commit stats (already safe as git output)
+          STATS=$(git diff --stat HEAD~1..HEAD 2>/dev/null || echo "No stats available")
+
+          # Get commit title
+          COMMIT_TITLE=$(git log -1 --pretty=%s)
+
+          # Create PR body using heredoc for safe variable interpolation
+          PR_BODY=$(cat <<'PREOF'
+Fixes #${{ github.event.issue.number }}
+
+## Summary
+
+This PR fixes **ISSUE_TITLE_PLACEHOLDER**.
+
+### Changes Made
+
+```
+STATS_PLACEHOLDER
+```
+
+## Test Plan
+
+- [x] Tests pass locally
+
+---
+
+*This PR was auto-generated by [crdb-issue-autosolver](https://github.com/ajstorm/crdb-issue-autosolver) using Claude Code.*
+*Please review carefully before approving.*
+PREOF
+          )
+
+          # Substitute placeholders with actual values (using | as delimiter to avoid issues with /)
+          PR_BODY=$(echo "$PR_BODY" | sed "s|ISSUE_TITLE_PLACEHOLDER|${ISSUE_TITLE}|g")
+          PR_BODY=$(echo "$PR_BODY" | sed "s|STATS_PLACEHOLDER|${STATS}|g")
+
+          # Create the PR from fork to upstream
+          PR_URL=$(gh pr create \
+            --repo ${{ github.repository }} \
+            --head crdb-autosolver:${{ steps.push.outputs.branch_name }} \
+            --base master \
+            --draft \
+            --title "$COMMIT_TITLE" \
+            --body "$PR_BODY" \
+            --label "o-autosolver")
+
+          echo "pr_url=$PR_URL" >> "$GITHUB_OUTPUT"
+          echo "Created PR: $PR_URL"
+
+      - name: Comment on issue - Success
+        if: steps.create_pr.conclusion == 'success'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh issue comment ${{ github.event.issue.number }} --body \
+            "Auto-solver has created a draft PR to address this issue: ${{ steps.create_pr.outputs.pr_url }}
+
+          Please review the changes carefully before approving."
+
+      - name: Comment on issue - Skipped
+        if: contains(steps.assess_result.outputs.result, 'ASSESSMENT_RESULT - SKIP')
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh issue comment ${{ github.event.issue.number }} --body \
+            "Auto-solver assessed this issue but determined it is not suitable for automated resolution.
+
+          **Assessment:**
+          ${{ steps.assess_result.outputs.result }}
+
+          This issue may require human intervention due to complexity, architectural considerations, or ambiguity."
+
+      - name: Comment on issue - Failed
+        if: |
+          (steps.implement.conclusion == 'failure' ||
+           contains(steps.implement_result.outputs.result, 'IMPLEMENTATION_RESULT - FAILED')) &&
+          !contains(steps.assess_result.outputs.result, 'ASSESSMENT_RESULT - SKIP')
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh issue comment ${{ github.event.issue.number }} --body \
+            "Auto-solver attempted to fix this issue but was unable to complete the implementation.
+
+          This issue may require human intervention."
+
+      - name: Remove c-autosolve label
+        if: always()
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh issue edit ${{ github.event.issue.number }} --remove-label "c-autosolve" || true
+
+      - name: Cleanup credentials
+        if: always()
+        run: |
+          # Remove credentials file to prevent potential exposure in artifacts/logs
+          rm -f ~/.git-credentials
+          git config --global --unset credential.helper || true