auto-triage improvements: security improvements, sandbox updates, skill refinements#15545
auto-triage improvements: security improvements, sandbox updates, skill refinements#15545FredKSchott wants to merge 38 commits intomainfrom
Conversation
|
FredKSchott
changed the title
|
Can you make it check if the issue is a duplicate? This is an example of one that is: #15518 |
Reorganize AGENTS.md with clearer sections for monorepo guide, bgproc, and agent-browser workflows. Add bgproc as a dev dependency for managing long-running dev/preview servers.
FredKSchott
force-pushed
the
fks/triage-9
branch
from
9f19981 to
c32bd2c
Compare
…tions in AGENTS.md
FredKSchott
changed the title
Would love to do this in the future. |
…ll with direct fetch calls
|
Aside from the skills, a lot of the stuff in here is quite generic. Would the plan be to eventually abstract that away into an action, or inside Flue? |
| Note: Edits to source files take effect after rebuilding the package via `pnpm build`. | ||
| Edits to source files take effect after rebuilding the package via `pnpm build`. | ||
|
|
||
| Use `pnpm -C <dir> <command>` for project-local script commands when working in packages/examples/triage directories (Example: `pnpm -C packages/astro build`, `pnpm -C examples/blog dev`). Only omit `-C` flag when intentionally working in the monorepo root (Example: `pnpm format`, `pnpm lint`, `pnpm test:types`). |
There was a problem hiding this comment.
The examples directory isn't part of the workspace, it should be excluded
There was a problem hiding this comment.
the examples folder is connected to the workspace? https://github.com/withastro/astro/blob/main/pnpm-workspace.yaml#L4
| 1. `pnpm exec bgproc start -n devserver --wait-for-port 10 --force -- pnpm -C examples/minimal dev` - Start the dev server | ||
| 2. `pnpm exec bgproc logs -n devserver` - View logs from the dev server. Useful for debugging server logs. | ||
| 3. `pnpm exec bgproc stop -n devserver` - Stop when dev server when your work is complete | ||
| 4. `pnpm exec bgproc list` - List all running servers, background processes. Useful for cleanup. |
There was a problem hiding this comment.
Change the example. The examples folder isn't connected to the workspace, so it won't work in debugging. Instead, instruct the agent to run a fixture this way, which is more useful during development and testing
There was a problem hiding this comment.
the examples folder is connected to the workspace? https://github.com/withastro/astro/blob/main/pnpm-workspace.yaml#L4
| # `bgproc` | ||
|
|
||
| Use `pnpm exec bgproc` to start, stop, and manage long-running `astro dev` & `astro preview` servers in the background. Do not manually start detatched servers with `&` if you can use `bgproc` instead. | ||
|
|
||
| Use `pnpm exec bgproc --help` to see all available commands. |
There was a problem hiding this comment.
I really don't understand the point of running the background thing. We have already pnpm dev in the workspace AND per library. The agent can run the build in the background for "continuous build" and then run the test.
If you're still set on this way of working, then I suggest explicitly setting what's the purpose, and when the agent should use it
There was a problem hiding this comment.
Proven to help, in CI and local. Agents are not good at managing detatched servers, IME
| 3. `agent-browser click @e1` / `fill @e2 "text"` - Interact using refs | ||
| 4. Re-snapshot after all page changes, navigations, interactions. | ||
|
|
||
| Note: `agent-browser` should be installed globally, and is not a dependency of this monorepo. If `agent-browser` isn't available on this machine, ask the user to run `npm install -g agent-browser && agent-browser install`. If you are running in headless mode with no human operator and need this tool to complete your job, it is best to fail the job vs. trying to work around not having the tool. |
There was a problem hiding this comment.
I would avoid these instructions. We're basically giving consensus to the agent of installing things globally to the users machines. Then if someone has npm I -g allowed, it gets worse. Please consider changing the strategy here
There was a problem hiding this comment.
TBC this is already in the AGENTS.md file, I'm just reformatting our existing AGENTS.md file here which is why it appears as a diff.
Can we not block this PR (which just reformats / moves it?) and then address as a fast-follow? I don't think the concern is as dramatic as what you're saying but I'm happy to address separately.
4 participants
Changes
proxiessupport to the triage workflow. Replaces manualGH_TOKENenv passing with a safergithubproxy from@flue/client/proxies.SCOPEinstructions to all sub-skills, promote git blame in verify skill, refine comment template formatting.node -eover python), addbgproc(by @ascorbic!) to help agents manage background dev servers.@flue/clito 0.0.43 and@flue/clientto 0.0.27.And two unrelated things:
analyze-github-action-logsskill for debugging CI logs. Useful for powering a prompt like "review the last 10 completed github action runs of type XXX for issues or potential improvements"issue-*workflows (issue-opened,issue-needs-repro,issue-wontfix).Testing
No good way to test CI locally, will need to test post-merge.
Docs
No docs needed.