feat(ci): enable auto-assignment for good first issues

[exploreriii]

Description:
This PR adds a new workflow, which is auto-assignment for anyone commenting:
/assign
inside 'Good First Issues'

if they don't comment /assign correctly, assumes they are interested and gives them a reminder on how to do that.

relies on complementary workflows:

• users can only be assigned 2 issues max
• spam users can only be assigned 1 issue max

disables the good first issue assignment notification request for the support team, as is redundant.

Templates adjust with correct instruction.

Related issue(s):

Fixes #1312
Fixes #1310

Notes for reviewer:
Tested various scenarios here from issue 69 to 83:
https://github.com/exploreriii/hiero_sdk_python/issues

Fixes 1310 as it becomes reundant.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@            Coverage Diff             @@
##             main    #1315      +/-   ##
==========================================
+ Coverage   92.14%   92.29%   +0.14%     
==========================================
  Files         139      139              
  Lines        8482     8515      +33     
==========================================
+ Hits         7816     7859      +43     
+ Misses        666      656      -10     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds automatic assignment for Good First Issues: users comment /assign to be auto-assigned. It adds a workflow and handler script, updates issue templates and developer docs, archives the previous notify-team script, and records the change in the changelog.

Changes

Cohort / File(s)	Summary
Automatic Assignment Bot .github/scripts/bot-gfi-assign-on-comment.js, .github/workflows/bot-gfi-assign-on-comment.yml	New GitHub Actions workflow and script that detect standalone /assign comments on issues labeled "Good First Issue", validate context, handle already-assigned cases, post reminders, and assign unassigned GFIs to the requester.
Issue Templates .github/ISSUE_TEMPLATE/01_good_first_issue_candidate.yml, .github/ISSUE_TEMPLATE/04_good_first_issue.yml	Replaced "Claim this issue"/"Wait for assignment" guidance with an explicit "Assignment" step requiring the commenter to post /assign; added prominent note and links to assignment training.
Archived Notification Infrastructure .github/scripts/archive/gfi_notify_team.js, .github/workflows/archive/bot-gfi-notify-team.yml	Marked old team-notify script as replaced and moved workflow to archive with minor formatting; no functional changes.
Docs & Changelog docs/sdk_developers/training/workflow/04_assigning_issues.md, CHANGELOG.md	Updated developer training to document the new /assign flow and outcomes; added changelog entry describing automatic GFI assignment and archival of notify-team flow.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant GitHub as GitHub API
    participant Workflow as GFI Assign Workflow
    participant Script as Assign Handler
    participant Issue as Issue System

    User->>GitHub: Post comment "/assign" on issue
    GitHub->>Workflow: issue_comment (created) event
    Workflow->>Script: Execute handler with context
    Script->>Script: Validate context (issue, comment, commenter)
    alt Comment requests assignment
        Script->>Script: Confirm label is "Good First Issue"
        alt Not GFI
            Script->>Script: Exit
        else Is GFI
            Script->>Issue: Check current assignee
            alt Already assigned
                Script->>GitHub: Post comment explaining assignment
            else Unassigned
                Script->>Issue: Assign issue to commenter
                Script->>GitHub: Log success
            end
        end
    else Comment not requesting assignment
        Script->>Script: Check for existing reminder
        alt No reminder
            Script->>GitHub: Post assignment reminder comment
        end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(ci): enable auto-assignment for good first issues' accurately summarizes the main change—implementing automatic assignment for Good First Issues via workflow automation.
Description check	✅ Passed	The description clearly explains the workflow's purpose, behavior, related dependencies, and template updates—all directly related to the changeset.
Linked Issues check	✅ Passed	The PR fulfills both linked issues: implements auto-assignment via /assign command for GFI [#1312], and disables redundant team notification by archiving the script [#1310].
Out of Scope Changes check	✅ Passed	All changes are within scope: new auto-assignment workflow and script, updated templates, documentation updates, archived/disabled scripts, and changelog entry—all directly address linked issues.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8980910 and d93a8f5.

📒 Files selected for processing (8)

• .github/ISSUE_TEMPLATE/01_good_first_issue_candidate.yml
• .github/ISSUE_TEMPLATE/04_good_first_issue.yml
• .github/scripts/archive/gfi_notify_team.js
• .github/scripts/bot-gfi-assign-on-comment.js
• .github/workflows/archive/bot-gfi-notify-team.yml
• .github/workflows/bot-gfi-assign-on-comment.yml
• CHANGELOG.md
• docs/sdk_developers/training/workflow/04_assigning_issues.md

🧰 Additional context used

📓 Path-based instructions (4)

docs/**

⚙️ CodeRabbit configuration file

docs/**: You are reviewing documentation for the Hiero Python SDK. These pages serve both SDK users and SDK developers.

Priority 1 - Correctness (code, commands, links)

1. Verify code snippets conceptually run and match the current SDK API.
2. Check shell commands and workflow steps against actual project tooling.
3. Validate URLs and cross-references; flag broken or misleading links.

Priority 2 - Clarity and completeness

1. Ensure each page states its purpose and expected outcome early.
2. Prefer concrete, step-wise explanations over vague descriptions.
3. Highlight missing prerequisites that would block a reader.
4. For larger gaps, suggest filing a follow-up issue instead of blocking.

Priority 3 - Consistency and navigation

1. Encourage consistent terminology with the SDK and examples.
2. Check headings form a logical reading path.
3. Confirm each page makes clear which audience it serves.

PHILOSOPHY

• Treat docs as work-in-progress: optimize for correctness and clarity over perfection.
• Keep feedback concise, action-oriented, and focused on reader success.
• Do not request large-scale restructures unless current structure blocks understanding.

AVOID

• Avoid lint-style feedback on Markdown formatting or minor wording.
• Avoid proposing new conventions without clear benefit.
• Avoid turning every high-level gap into a blocker.

Files:

• docs/sdk_developers/training/workflow/04_assigning_issues.md

docs/sdk_developers/**

⚙️ CodeRabbit configuration file

docs/sdk_developers/**: These documents are for SDK developers and contributors, including docs/sdk_developers/training/**.

Priority 1 - Workflow accuracy

1. Ensure contribution, branching, rebasing, signing (DCO, GPG), CI, linting, and testing instructions match the repo.
2. Verify git and GitHub flows agree with CONTRIBUTING.md and current practice.
3. Flag outdated references to scripts, directories, or configuration files.

Priority 2 - Training flow

1. For training docs, ensure logical progression and clear prerequisites.
2. Check that cross-links between training files are coherent.

PHILOSOPHY

• Treat these docs as a training ground for future maintainers and regular contributors.
• Help readers move from "I cloned the repo" to "I can safely extend and debug the SDK".
• Balance approachability for beginners with enough depth for experts.

Files:

• docs/sdk_developers/training/workflow/04_assigning_issues.md

.github/workflows/**/*

⚙️ CodeRabbit configuration file

.github/workflows/**/*: Review workflows as security-sensitive infrastructure.

A good workflow is small, focused, and boring.
If a workflow is clever, generic, or overly flexible, it is a risk.

---

PRIORITY 0 — ABSOLUTE REQUIREMENTS

• All third-party actions MUST be pinned to full commit SHAs, similar to other workflows.
• permissions: MUST be explicitly declared and minimally scoped.
• Workflows MUST behave safely when executed from forks.
• YAML MUST orchestrate steps, not implement business logic.
• Any workflow that mutates GitHub state MUST support dry-run mode.
• Dry-run behavior must be explicit and visible in logs.
• Workflows MUST NOT modify repository source code outside .github/.

---

PRIORITY 1 — SCOPE, FOCUS & RESTRAINT

• The title of each workflow must be relevant, match similar naming schemes, and match its script filename.
• Each workflow MUST have a single, clearly defined objective and SHOULD document this in a top-level comment.
• Flag workflows that:
  • Attempt to be generic “frameworks”
  • Include speculative or future-facing logic
  • Perform actions unrelated to the stated goal
• Over-abstraction and excess flexibility are maintenance risks.

---

PRIORITY 2 — INPUT HARDENING

• Treat ALL GitHub event data as potentially hostile input, including:
  • issue titles, bodies, and comments
  • labels, usernames, branch names
• Free-form user input MUST NOT be passed directly into:
  • shell commands
  • gh CLI arguments
  • Node.js exec / spawn calls
• Require strict allowlists or exact string matches.
• Flag any use of:
  • eval or bash -c
  • backticks or $(...) with user-controlled input

------------------...

Files:

• .github/workflows/bot-gfi-assign-on-comment.yml
• .github/workflows/archive/bot-gfi-notify-team.yml

.github/scripts/**/*.js

⚙️ CodeRabbit configuration file

.github/scripts/**/*.js: Review JavaScript scripts as long-lived automation code.

Scripts must remain:

• Focused

• Readable

• Purpose-built

• All context.payload fields MUST be validated

• Free-form text MUST NOT be trusted

• Dynamic code execution is prohibited

• Avoid child_process.exec; prefer execFile if needed

• All async operations MUST be wrapped in try/catch

• Errors MUST include contextual metadata

• Duplicate API calls MUST be avoided

• Marker-based deduplication is required

• Scripts MUST NOT assume write access

• Permission failures MUST be handled gracefully

Files:

• .github/scripts/bot-gfi-assign-on-comment.js
• .github/scripts/archive/gfi_notify_team.js

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Title Check
• GitHub Check: changelog-check
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: build-and-test (3.12)
• GitHub Check: run-examples
• GitHub Check: build-and-test (3.10)
• GitHub Check: build-and-test (3.13)
• GitHub Check: build-and-test (3.11)
• GitHub Check: StepSecurity Harden-Runner

🔇 Additional comments (10)

.github/scripts/archive/gfi_notify_team.js (1)

2-2: Good practice: archived script is clearly marked as superseded.

The comment explaining why this script is no longer used provides helpful context for future developers and is appropriately placed at the top of the file.

CHANGELOG.md (1)

10-10: Changelog entry accurately documents the feature with correct issue reference.

The entry appropriately mentions auto-assignment enablement, archival of the team notification, and template changes. Consider whether a brief mention of the user-facing benefit (faster assignment time for contributors) would be valuable for end users reading the changelog.

docs/sdk_developers/training/workflow/04_assigning_issues.md (2)

1-14: Documentation structure and clarity are well-organized.

The step-by-step flow is clear, the outcome messaging is encouraging, and the note about approval requirements for other issue types provides helpful context. Once the command syntax is corrected, this documentation will accurately guide contributors.

---

8-8: GitHub search URL is correctly formatted and accessible.

The URL properly encodes the search filters (open issues, unassigned, labeled "Good First Issue") and returns HTTP 200, confirming it directs readers to a valid issue list as intended.

.github/workflows/archive/bot-gfi-notify-team.yml (1)

22-42: LGTM - Minor formatting cleanup.

The workflow is properly structured with SHA-pinned actions and appropriately scoped permissions. The formatting changes (blank line removal in concurrency block) are acceptable.

.github/workflows/bot-gfi-assign-on-comment.yml (1)

24-38: Workflow steps are well-structured.

Good practices observed:

• Runner hardening with step-security
• SHA-pinned actions
• Clean script extraction with matching filename
• Proper context passing to the script

.github/scripts/bot-gfi-assign-on-comment.js (4)

16-27: LGTM - Assignment detection logic is sound.

The regex properly matches /assign as a standalone command (not within other words). Case-insensitive matching improves UX.

---

58-83: LGTM - Comment building helpers are well-designed.

Good practices:

• Marker-based deduplication (ASSIGN_REMINDER_MARKER)
• Clear, helpful user messaging
• Safe string interpolation (GitHub handles @ mention rendering)

---

98-117: LGTM - Input validation is thorough.

Proper validation chain: missing data → bot rejection → command detection. This follows defensive coding practices.

---

128-140: Consider adding an upper bound to pagination.

Per coding guidelines (PRIORITY 5), pagination must enforce hard upper bounds. For issues with many comments, this could be expensive. Consider either:

1. Using a non-paginated call with a reasonable per_page limit (checking recent comments is likely sufficient)
2. Adding iteration limit to paginate

Alternative: Check recent comments only

-            const comments = await github.paginate(
-                github.rest.issues.listComments,
-                {
-                    owner,
-                    repo,
-                    issue_number: issue.number,
-                    per_page: 100,
-                }
-            );
+            // Check recent comments only - reminder marker should be near the top
+            const { data: comments } = await github.rest.issues.listComments({
+                owner,
+                repo,
+                issue_number: issue.number,
+                per_page: 100,
+            });

If the reminder was posted among the last 100 comments, this is sufficient. For older issues, a duplicate reminder is acceptable.

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

.github/scripts/bot-gfi-assign-on-comment.js (1)

1-5: File header comment has incorrect filename.

The comment references bot-gfi_assign_on_comment.js (underscore) but the actual filename is bot-gfi-assign-on-comment.js (hyphen).

Proposed fix

-// .github/scripts/bot-gfi_assign_on_comment.js
+// .github/scripts/bot-gfi-assign-on-comment.js
 //
 // Assigns human user to Good First Issue when they comment "/assign".

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d93a8f5 and bcb9373.

📒 Files selected for processing (4)

• .github/ISSUE_TEMPLATE/01_good_first_issue_candidate.yml
• .github/ISSUE_TEMPLATE/04_good_first_issue.yml
• .github/scripts/bot-gfi-assign-on-comment.js
• docs/sdk_developers/training/workflow/04_assigning_issues.md

🧰 Additional context used

📓 Path-based instructions (3)

docs/**

⚙️ CodeRabbit configuration file

docs/**: You are reviewing documentation for the Hiero Python SDK. These pages serve both SDK users and SDK developers.

Priority 1 - Correctness (code, commands, links)

1. Verify code snippets conceptually run and match the current SDK API.
2. Check shell commands and workflow steps against actual project tooling.
3. Validate URLs and cross-references; flag broken or misleading links.

Priority 2 - Clarity and completeness

1. Ensure each page states its purpose and expected outcome early.
2. Prefer concrete, step-wise explanations over vague descriptions.
3. Highlight missing prerequisites that would block a reader.
4. For larger gaps, suggest filing a follow-up issue instead of blocking.

Priority 3 - Consistency and navigation

1. Encourage consistent terminology with the SDK and examples.
2. Check headings form a logical reading path.
3. Confirm each page makes clear which audience it serves.

PHILOSOPHY

• Treat docs as work-in-progress: optimize for correctness and clarity over perfection.
• Keep feedback concise, action-oriented, and focused on reader success.
• Do not request large-scale restructures unless current structure blocks understanding.

AVOID

• Avoid lint-style feedback on Markdown formatting or minor wording.
• Avoid proposing new conventions without clear benefit.
• Avoid turning every high-level gap into a blocker.

Files:

• docs/sdk_developers/training/workflow/04_assigning_issues.md

docs/sdk_developers/**

⚙️ CodeRabbit configuration file

docs/sdk_developers/**: These documents are for SDK developers and contributors, including docs/sdk_developers/training/**.

Priority 1 - Workflow accuracy

1. Ensure contribution, branching, rebasing, signing (DCO, GPG), CI, linting, and testing instructions match the repo.
2. Verify git and GitHub flows agree with CONTRIBUTING.md and current practice.
3. Flag outdated references to scripts, directories, or configuration files.

Priority 2 - Training flow

1. For training docs, ensure logical progression and clear prerequisites.
2. Check that cross-links between training files are coherent.

PHILOSOPHY

• Treat these docs as a training ground for future maintainers and regular contributors.
• Help readers move from "I cloned the repo" to "I can safely extend and debug the SDK".
• Balance approachability for beginners with enough depth for experts.

Files:

• docs/sdk_developers/training/workflow/04_assigning_issues.md

.github/scripts/**/*.js

⚙️ CodeRabbit configuration file

.github/scripts/**/*.js: Review JavaScript scripts as long-lived automation code.

Scripts must remain:

• Focused

• Readable

• Purpose-built

• All context.payload fields MUST be validated

• Free-form text MUST NOT be trusted

• Dynamic code execution is prohibited

• Avoid child_process.exec; prefer execFile if needed

• All async operations MUST be wrapped in try/catch

• Errors MUST include contextual metadata

• Duplicate API calls MUST be avoided

• Marker-based deduplication is required

• Scripts MUST NOT assume write access

• Permission failures MUST be handled gracefully

Files:

• .github/scripts/bot-gfi-assign-on-comment.js

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: build-and-test (3.12)
• GitHub Check: build-and-test (3.13)
• GitHub Check: build-and-test (3.11)
• GitHub Check: build-and-test (3.10)
• GitHub Check: run-examples
• GitHub Check: StepSecurity Harden-Runner

🔇 Additional comments (9)

.github/ISSUE_TEMPLATE/01_good_first_issue_candidate.yml (2)

240-242: LGTM! Template correctly updated with /assign command and fixed link syntax.

The assignment instructions now use the correct forward-slash /assign command with proper backtick formatting, and the markdown links are properly closed.

---

257-264: Consistent /assign formatting in contribution guide section.

The contribution steps and important notice both correctly use backtick-wrapped /assign command.

.github/ISSUE_TEMPLATE/04_good_first_issue.yml (2)

232-234: LGTM! Acceptance criteria updated with correct /assign syntax.

The assignment, changelog, and signing guide links are properly formatted with the correct forward-slash /assign command.

---

249-256: Contribution guide section is consistent.

The step-by-step guide and important notice both use the correct backtick-wrapped /assign command.

.github/scripts/bot-gfi-assign-on-comment.js (4)

86-117: Solid payload validation and bot rejection.

The script properly validates all required context.payload fields before proceeding and correctly rejects bot-authored comments to prevent workflow loops. This follows the coding guidelines well.

---

119-156: Good use of marker-based deduplication for reminders.

The ASSIGN_REMINDER_MARKER pattern correctly prevents duplicate reminder comments by checking existing comments before posting. This follows the coding guidelines for marker-based deduplication.

---

160-201: Assignment logic is correct and handles edge cases well.

The flow properly:

1. Validates the issue has the GFI label
2. Posts a helpful comment if already assigned (with link to find other issues)
3. Assigns the requester without a success comment (reducing noise)

---

204-212: Error handling includes contextual metadata.

The catch block properly logs error details including message, status, issueNumber, and commenter — meeting the coding guideline requirement for contextual error metadata.

docs/sdk_developers/training/workflow/04_assigning_issues.md (1)

3-14: No changes needed — documentation accurately reflects the /assign workflow.

The instructions correctly use the forward-slash /assign command, the Good First Issue URL matches the bot's configuration, and automatic assignment behavior for GFI is properly documented. The note about intermediate and advanced issues aligning with the assignment guard is appropriate.

[github-actions]

Hi, this is WorkflowBot.
Your pull request cannot be merged as it is not passing all our workflow checks.
Please click on each check to review the logs and resolve issues so all checks pass.
To help you:

• DCO signing guide
• Changelog guide
• Merge conflicts guide
• Rebase guide
• Testing guide
• Discord
• Community Calls
  Thank you for contributing!
  From the Hiero Python SDK Team

[MonaaEid]

Brilliant job! 👏🏼

[AntonioCeppellini]

letsgoooooo :D vamos

[Mounil2005]

This looks so good! This feature addresses a critical workflow need and significantly improves the contributor experience for good first issues. The implementation is well-thought-out with:

• Built-in safeguards (max 2 issues per user, 1 for spam accounts)
• Comprehensive testing across various scenarios
• Clear documentation and proper fallback handling
• Full test coverage maintained

The auto-assignment mechanism will reduce friction for newcomers and help them get started faster, which is exactly what good first issues are meant to do. The complementary workflows ensure the system remains spam-resistant and fair.

I believe this is ready to merge. Great work on the implementation and testing!

[tech0priyanshu]

+1 to this. I fully agree with the assessment above.

This feature meaningfully improves the good first issue workflow and lowers the barrier for new contributors in exactly the right way. The safeguards around assignment limits, spam handling, and fairness are well-designed, and it’s great to see such thorough testing and clear documentation backing it up.

The auto-assignment flow will make onboarding smoother while keeping the system robust and abuse-resistant. Overall, this is a thoughtful and well-executed implementation.

Nice job @exploreriii

[manishdait]

LGTM

[Akshat8510]

LGTM. Nice work on this, @exploreriii.👍

[exploreriii]

LGTM and see if they like it!
Thanks all!