Fix memory path resolution and redesign feedback learning for fork PRs (#35)

Author: derekmisler

.github/workflows/review-pr.yml

@@ -9,15 +9,14 @@
 #     pull_request_target:
 #       types: [ready_for_review, opened]
 #
-#   permissions:
-#     contents: read
-#     pull-requests: write
-#     issues: write
-#
 #   jobs:
 #     review:
 #       uses: docker/cagent-action/.github/workflows/review-pr.yml@latest
 #       secrets: inherit
+#       permissions:
+#         contents: read
+#         pull-requests: write
+#         issues: write
 
 name: PR Review
 
@@ -231,37 +230,53 @@ jobs:
           mistral-api-key: ${{ secrets.MISTRAL_API_KEY }}
 
   # ==========================================================================
-  # LEARN FROM FEEDBACK
-  # Processes replies to agent review comments for continuous improvement
+  # CAPTURE FEEDBACK
+  # Saves feedback data as an artifact for lazy processing. This job
+  # intentionally avoids using secrets so it works for fork PRs in public
+  # repos. The actual AI processing happens during the next review run,
+  # which has full secret access via pull_request_target or issue_comment.
   # ==========================================================================
-  learn-from-feedback:
+  capture-feedback:
     if: github.event_name == 'pull_request_review_comment' && github.event.comment.in_reply_to_id
     runs-on: ubuntu-latest
-    env:
-      HAS_APP_SECRETS: ${{ secrets.CAGENT_REVIEWER_APP_ID != '' }}
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Check if reply is to agent comment
+        id: check
+        shell: bash
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PARENT_ID: ${{ github.event.comment.in_reply_to_id }}
+        run: |
+          if [ -z "$PARENT_ID" ]; then
+            echo "is_agent=false" >> $GITHUB_OUTPUT
+            echo "⏭️ Not a reply comment, skipping"
+            exit 0
+          fi
 
-      # Generate GitHub App token for custom app identity (optional - falls back to github.token)
-      - name: Generate GitHub App token
-        if: env.HAS_APP_SECRETS == 'true'
-        id: app-token
-        continue-on-error: true  # Don't fail workflow if token generation fails
-        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2
-        with:
-          app_id: ${{ secrets.CAGENT_REVIEWER_APP_ID }}
-          private_key: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }}
+          parent=$(gh api repos/${{ github.repository }}/pulls/comments/$PARENT_ID 2>/dev/null || echo "{}")
+          if echo "$parent" | jq -r '.body // ""' | grep -q "<!-- cagent-review -->"; then
+            echo "is_agent=true" >> $GITHUB_OUTPUT
+            echo "✅ Reply is to an agent review comment"
+          else
+            echo "is_agent=false" >> $GITHUB_OUTPUT
+            echo "⏭️ Not a reply to agent comment, skipping"
+          fi
+
+      - name: Save feedback data
+        if: steps.check.outputs.is_agent == 'true'
+        shell: bash
+        env:
+          COMMENT_JSON: ${{ toJSON(github.event.comment) }}
+        run: |
+          mkdir -p feedback
+          echo "$COMMENT_JSON" > feedback/feedback.json
+          echo "📦 Saved feedback data for async processing"
 
-      - name: Learn from user feedback
-        uses: docker/cagent-action/review-pr/learn@latest
+      - name: Upload feedback artifact
+        if: steps.check.outputs.is_agent == 'true'
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          github-token: ${{ steps.app-token.outputs.token || github.token }}
-          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
-          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
-          google-api-key: ${{ secrets.GOOGLE_API_KEY }}
-          aws-bearer-token-bedrock: ${{ secrets.AWS_BEARER_TOKEN_BEDROCK }}
-          xai-api-key: ${{ secrets.XAI_API_KEY }}
-          nebius-api-key: ${{ secrets.NEBIUS_API_KEY }}
-          mistral-api-key: ${{ secrets.MISTRAL_API_KEY }}
+          name: pr-review-feedback
+          path: feedback/
+          retention-days: 90

action.yml

@@ -467,6 +467,10 @@ runs:
           ARGS+=("--hide-tool-calls" "--hide-tool-results")
         fi
 
+        # Set working directory so relative paths (e.g., memory toolset) resolve
+        # from the repo root, not from the agent YAML's parent directory
+        ARGS+=("--working-dir" "$(pwd)")
+
         # Add extra args if provided
         # Note: This uses simple word splitting. Quoted arguments with spaces are not supported.
         # Using eval would be a security risk with user-provided input.

review-pr/README.md

@@ -90,8 +90,6 @@ name: PR Review
 on:
   issue_comment:
     types: [created]
-  pull_request_review_comment:
-    types: [created]
 
 permissions:
   contents: read
@@ -111,18 +109,10 @@ jobs:
         with:
           anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
-
-  learn:
-    if: github.event_name == 'pull_request_review_comment' && github.event.comment.in_reply_to_id
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: docker/cagent-action/review-pr/learn@latest
-        with:
-          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
 ```
 
+> **Note:** When using the composite action directly, feedback learning is handled automatically — the review action collects and processes any pending feedback artifacts before each review. To capture feedback, use the reusable workflow which includes the `capture-feedback` job, or add the equivalent artifact upload step to your own workflow.
+
 ---
 
 ## Adding Language-Specific Guidelines
@@ -247,25 +237,6 @@ PR number and comment ID are auto-detected from `github.event` when not provided
 
 *At least one API key is required.
 
-### `review-pr/learn`
-
-Comment data is read automatically from `github.event.comment`.
-
-| Input | Description | Required |
-|-------|-------------|----------|
-| `anthropic-api-key` | Anthropic API key | No* |
-| `openai-api-key` | OpenAI API key | No* |
-| `google-api-key` | Google API key (Gemini) | No* |
-| `aws-bearer-token-bedrock` | AWS Bedrock token | No* |
-| `xai-api-key` | xAI API key (Grok) | No* |
-| `nebius-api-key` | Nebius API key | No* |
-| `mistral-api-key` | Mistral API key | No* |
-| `github-token` | GitHub token | No |
-| `model` | Model override | No |
-| `cagent-version` | CAgent version | No |
-
-*At least one API key is required.
-
 ---
 
 ## Cost
@@ -331,12 +302,12 @@ PR Diff → Drafter (hypotheses) → Verifier (confirm) → Post Comments
 ### Learning System
 
 When you reply to a review comment:
-1. Action checks if it's a reply to an agent comment (via `<!-- cagent-review -->` marker)
-2. If yes, processes your feedback
-3. Stores learnings in a memory database (cached per-repo)
-4. Future reviews avoid the same mistakes
+1. The `capture-feedback` job checks if it's a reply to an agent comment (via `<!-- cagent-review -->` marker)
+2. If yes, saves the feedback as a GitHub Actions artifact (no secrets required — works for fork PRs)
+3. On the next review run, pending feedback artifacts are downloaded and processed into the memory database
+4. Future reviews use these learnings to avoid repeating the same mistakes
 
-**Memory persistence:** The memory database is stored in GitHub Actions cache. Each run restores the previous cache, adds new learnings, and saves with a unique key. Old caches are automatically cleaned up (keeping the 5 most recent) to prevent cache proliferation while supporting concurrent reviews.
+**Memory persistence:** The memory database is stored in GitHub Actions cache. Each review run restores the previous cache, processes any pending feedback, runs the review, and saves with a unique key. Old caches are automatically cleaned up (keeping the 5 most recent).
 
 ---
 

review-pr/action.yml

@@ -157,13 +157,103 @@ runs:
       run: mkdir -p "${{ github.workspace }}/.cache"
 
     - name: Restore reviewer memory
+      id: restore-memory
       uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       with:
         path: ${{ github.workspace }}/.cache/pr-review-memory.db
         key: pr-review-memory-${{ github.repository }}-${{ github.run_id }}
         restore-keys: |
           pr-review-memory-${{ github.repository }}-
 
+    # ========================================
+    # PROCESS PENDING FEEDBACK
+    # Downloads feedback artifacts left by capture-feedback jobs
+    # and processes them into memory before the review runs.
+    # ========================================
+    - name: Collect pending feedback
+      id: pending-feedback
+      continue-on-error: true
+      shell: bash
+      env:
+        GH_TOKEN: ${{ steps.resolve-token.outputs.token }}
+      run: |
+        ARTIFACTS=$(gh api "repos/${{ github.repository }}/actions/artifacts?name=pr-review-feedback" \
+          --jq '.artifacts[].id' 2>/dev/null || echo "")
+
+        if [ -z "$ARTIFACTS" ]; then
+          echo "has_feedback=false" >> $GITHUB_OUTPUT
+          echo "ℹ️  No pending feedback to process"
+          exit 0
+        fi
+
+        mkdir -p pending_feedback
+        COMBINED=""
+        COUNT=0
+
+        for AID in $ARTIFACTS; do
+          # Download artifact zip
+          gh api "repos/${{ github.repository }}/actions/artifacts/$AID/zip" > "feedback_$AID.zip" 2>/dev/null || continue
+          unzip -o "feedback_$AID.zip" -d "pending_feedback/" 2>/dev/null || continue
+
+          if [ -f pending_feedback/feedback.json ]; then
+            FB_PATH=$(jq -r '.path // "unknown"' pending_feedback/feedback.json)
+            FB_LINE=$(jq -r '.line // "?"' pending_feedback/feedback.json)
+            FB_BODY=$(jq -r '.body // ""' pending_feedback/feedback.json)
+
+            COMBINED+="- **File:** ${FB_PATH} (line ${FB_LINE})"$'\n'
+            COMBINED+="  **Feedback:** ${FB_BODY}"$'\n\n'
+            ((COUNT++)) || true
+          fi
+
+          rm -f pending_feedback/feedback.json
+
+          # Delete processed artifact
+          gh api "repos/${{ github.repository }}/actions/artifacts/$AID" -X DELETE 2>/dev/null || true
+        done
+
+        if [ "$COUNT" -gt 0 ]; then
+          echo "has_feedback=true" >> $GITHUB_OUTPUT
+          {
+            echo "prompt<<FEEDBACK_EOF"
+            echo "$COMBINED"
+            echo "FEEDBACK_EOF"
+          } >> $GITHUB_OUTPUT
+          echo "✅ Found $COUNT pending feedback item(s) to process"
+        else
+          echo "has_feedback=false" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Process pending feedback
+      if: steps.pending-feedback.outputs.has_feedback == 'true'
+      continue-on-error: true
+      uses: docker/cagent-action@latest
+      with:
+        agent: ${{ github.action_path }}/agents/pr-review-feedback.yaml
+        prompt: |
+          Developers left feedback on previous review comments. Learn from each item:
+
+          ${{ steps.pending-feedback.outputs.prompt }}
+
+          For each item:
+          1. If they're correcting a false positive, add a memory to avoid this mistake
+          2. If they're asking for clarification, note what was unclear
+          3. If they're agreeing and adding context, store the additional insight
+
+          Use add_memory to record what you learned from each feedback item.
+        anthropic-api-key: ${{ inputs.anthropic-api-key }}
+        openai-api-key: ${{ inputs.openai-api-key }}
+        google-api-key: ${{ inputs.google-api-key }}
+        aws-bearer-token-bedrock: ${{ inputs.aws-bearer-token-bedrock }}
+        xai-api-key: ${{ inputs.xai-api-key }}
+        nebius-api-key: ${{ inputs.nebius-api-key }}
+        mistral-api-key: ${{ inputs.mistral-api-key }}
+        github-token: ${{ steps.resolve-token.outputs.token }}
+        cagent-version: ${{ inputs.cagent-version }}
+        extra-args: ${{ inputs.model && format('--model={0}', inputs.model) || '' }}
+
+    # ========================================
+    # BUILD REVIEW CONTEXT
+    # ========================================
     - name: Build review context
       id: context
       shell: bash
@@ -250,6 +340,7 @@ runs:
 
     - name: Save reviewer memory
       if: always()
+      continue-on-error: true  # Don't fail if memory file doesn't exist (first run)
       uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       with:
         path: ${{ github.workspace }}/.cache/pr-review-memory.db