chore(ai-workflow): tighten agent workflow and worktree tooling#1107
Merged
tomcasaburi merged 3 commits intomasterfrom Mar 17, 2026
Merged
chore(ai-workflow): tighten agent workflow and worktree tooling#1107tomcasaburi merged 3 commits intomasterfrom
tomcasaburi merged 3 commits intomasterfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughConsolidates hook logic into centralized scripts under Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant Hook as Hook wrapper (.codex/.cursor)
participant Script as scripts/agent-hooks/verify.sh
participant ToolA as yarn (build/lint/type-check/audit)
participant Git as git (restore/cleanup)
Hook->>Script: exec repo-root/scripts/agent-hooks/verify.sh
Script->>ToolA: run yarn build
ToolA-->>Script: build status
Script->>ToolA: run yarn lint
ToolA-->>Script: lint status
Script->>ToolA: run yarn type-check
ToolA-->>Script: type-check status
Script->>ToolA: run yarn audit (non-blocking)
ToolA-->>Script: audit info
Script->>Git: cleanup_generated_dir (git restore / rm -rf)
Script-->>Hook: exit 0 (or non-zero in strict mode)
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
📝 Coding Plan
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/agent-playbooks/hooks-setup.md`:
- Around line 48-53: The sample verify hook records only the last command's exit
status (status=$?) which allows earlier failures in commands like yarn build or
yarn lint to be ignored; update the snippet so each command sets a failure flag
on error (e.g., run yarn build || failures=1; yarn lint || failures=1; yarn
type-check || failures=1) and at the end exit with that flag (exit $failures) or
alternatively enable strict failure handling (set -e) to enforce a hard gate;
ensure the informational yarn audit line remains non-fatal as shown.
In `@docs/agent-playbooks/templates/feature-list.template.json`:
- Line 3: The template currently hardcodes "last_updated": "2026-03-17" which
will become stale; update the feature-list.template.json to use a placeholder
instead (e.g., set the value of the "last_updated" key to a template variable
like "{{last_updated}}" or an explicit null/empty placeholder) so new tasks
populate this field dynamically rather than carrying a fixed date.
In `@docs/agent-playbooks/templates/progress.template.md`:
- Line 5: Replace the hardcoded heading "## 2026-03-17 14:30" in the progress
template with a neutral placeholder (e.g., "## [SESSION START]" or a template
variable like "{{session_timestamp}}") so the template contains no date-specific
defaults; update the line that currently reads "## 2026-03-17 14:30" to the
chosen placeholder.
In `@scripts/agent-hooks/format.sh`:
- Around line 6-19: The current parsing of input into file_path is fragile and
unsafe; replace the regex extraction with robust JSON parsing using jq (read
from stdin variable input) to extract .file_path, then resolve and validate the
path using realpath: compute repo_root (from git rev-parse or pwd), compute
resolved_path via realpath --canonicalize-missing or equivalent, and ensure
resolved_path starts with repo_root (or is inside it) before cd and running
formatters; if jq is unavailable or validation fails, gracefully exit without
running commands. Use the variables input, file_path, repo_root, and
resolved_path to locate and validate the path and skip formatting for
out-of-repo or invalid paths.
In `@scripts/agent-hooks/sync-git-branches.sh`:
- Around line 100-110: The deletion step currently force-deletes branches with
git branch -D when a local_pr_number is present, which can wipe local commits;
update the deletion to use the non-forcing git branch -d instead of -D in the
block that checks local_pr_number (the code that echoes "=== merged PR
#$local_pr_number allows deleting $branch ===" and runs git branch -D
"$branch"), so that branches with unmerged local commits are preserved and
deletion is refused unless the branch is fully merged; keep the existing
echo/logging and the || true fallback behavior unchanged.
In `@scripts/AGENTS.md`:
- Around line 5-9: Update the guideline that currently forbids implicitly
deleting or rewriting branches to allow a validated, conservative exception for
the stop-hook behavior in scripts/agent-hooks/sync-git-branches.sh: state that
Git and worktree helpers must validate input, default to safe operations, and
never delete or rewrite branches implicitly except when a documented,
confirmable "stop" hook (e.g., sync-git-branches.sh stop) explicitly
auto-deletes only ephemeral/integrated temp branches; require the script to
validate branch naming (ephemeral prefix), confirm integration status, and log
the exact branch names and rationale before deletion.
In `@scripts/create-task-worktree.sh`:
- Line 61: The git worktree add invocation uses the wrong argument order; move
the -b <new-branch> option before the path so the command becomes: call git
worktree add with -b referencing $branch_name first, then the $worktree_path,
and then $base_ref (i.e., ensure the -b $branch_name option appears before the
$worktree_path positional argument in the line containing git worktree add,
which currently references $worktree_path, $branch_name, and $base_ref).
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: ec37223b-8c96-49c6-8e0e-14ba395fe5da
📒 Files selected for processing (23)
.codex/hooks/format.sh.codex/hooks/sync-git-branches.sh.codex/hooks/verify.sh.codex/hooks/yarn-install.sh.codex/skills/make-closed-issue/SKILL.md.cursor/hooks/format.sh.cursor/hooks/sync-git-branches.sh.cursor/hooks/verify.sh.cursor/hooks/yarn-install.sh.cursor/skills/make-closed-issue/SKILL.mdAGENTS.mddocs/agent-playbooks/hooks-setup.mddocs/agent-playbooks/long-running-agent-workflow.mddocs/agent-playbooks/templates/feature-list.template.jsondocs/agent-playbooks/templates/progress.template.mdscripts/AGENTS.mdscripts/agent-hooks/format.shscripts/agent-hooks/sync-git-branches.shscripts/agent-hooks/verify.shscripts/agent-hooks/yarn-install.shscripts/agent-init.shscripts/create-task-worktree.shsrc/AGENTS.md
scripts/AGENTS.md
Outdated
Comment on lines
+5
to
+9
| - Keep scripts non-interactive and idempotent. Print the command, URL, branch, or path being acted on so failures are diagnosable. | ||
| - Use repo-relative paths and environment variables instead of user-specific absolute paths. | ||
| - For dev-server helpers, default to `http://5chan.localhost:1355` and respect the existing `PORTLESS=0` fallback instead of hard-coding alternate ports. | ||
| - Keep shell helpers thin. When logic becomes stateful or cross-platform, prefer a Node script. | ||
| - Git and worktree helpers must validate input, default to safe operations, and never delete or rewrite branches implicitly. |
There was a problem hiding this comment.
Line 9 conflicts with the new stop-hook behavior.
scripts/agent-hooks/sync-git-branches.sh now auto-deletes integrated temp branches on stop, so the blanket “never delete or rewrite branches implicitly” rule leaves two incompatible policies in the same workflow. Please carve out that exception here or restate the rule in terms of conservative, validated deletion.
📝 Suggested wording
-- Git and worktree helpers must validate input, default to safe operations, and never delete or rewrite branches implicitly.
+- Git and worktree helpers must validate input and default to safe operations.
+- If a helper deletes local branches automatically, document the exact eligibility checks and keep the behavior conservative.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@scripts/AGENTS.md` around lines 5 - 9, Update the guideline that currently
forbids implicitly deleting or rewriting branches to allow a validated,
conservative exception for the stop-hook behavior in
scripts/agent-hooks/sync-git-branches.sh: state that Git and worktree helpers
must validate input, default to safe operations, and never delete or rewrite
branches implicitly except when a documented, confirmable "stop" hook (e.g.,
sync-git-branches.sh stop) explicitly auto-deletes only ephemeral/integrated
temp branches; require the script to validate branch naming (ephemeral prefix),
confirm integration status, and log the exact branch names and rationale before
deletion.
|
|
||
| echo "Creating branch $branch_name from $base_ref" | ||
| echo "Creating worktree at $worktree_path" | ||
| git worktree add "$worktree_path" -b "$branch_name" "$base_ref" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify expected syntax from local git help output (read-only).
git worktree add -h | sed -n '1,60p'Repository: bitsocialnet/5chan
Length of output: 820
Fix git worktree add argument order.
The -b option must appear before the <path> positional argument. According to git worktree add usage, the correct order is: git worktree add [-b <new-branch>] <path> [<commit-ish>]. The current code places the path before the -b option, which violates the required argument order.
Suggested fix
-git worktree add "$worktree_path" -b "$branch_name" "$base_ref"
+git worktree add -b "$branch_name" "$worktree_path" "$base_ref"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| git worktree add "$worktree_path" -b "$branch_name" "$base_ref" | |
| git worktree add -b "$branch_name" "$worktree_path" "$base_ref" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@scripts/create-task-worktree.sh` at line 61, The git worktree add invocation
uses the wrong argument order; move the -b <new-branch> option before the path
so the command becomes: call git worktree add with -b referencing $branch_name
first, then the $worktree_path, and then $base_ref (i.e., ensure the -b
$branch_name option appears before the $worktree_path positional argument in the
line containing git worktree add, which currently references $worktree_path,
$branch_name, and $base_ref).
Member
Author
|
Addressed the valid review findings in Fixed:
Declined / non-blocking:
Re-verified locally with |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
docs/agent-playbooks/hooks-setup.md (1)
83-83: Align the “Format Hook” example with the new delegation model.Line 83 states wrappers should delegate, but the example at Line 27-Line 39 still shows bespoke parsing logic. That can reintroduce drift if copied.
Suggested doc update
### Format Hook ```bash #!/bin/bash -# Auto-format JS/TS files after AI edits -# Hook receives JSON via stdin with file_path - -input=$(cat) -file_path=$(echo "$input" | grep -o '"file_path"[[:space:]]*:[[:space:]]*"[^"]*"' | sed 's/.*:.*"\([^"]*\)"/\1/') - -case "$file_path" in - *.js|*.ts|*.tsx|*.mjs) npx oxfmt "$file_path" 2>/dev/null ;; -esac -exit 0 +# Delegate to shared implementation +repo_root="$(git rev-parse --show-toplevel 2>/dev/null || pwd)" +exec "$repo_root/scripts/agent-hooks/format.sh"</details> Based on learnings: Treat `.codex/` and `.cursor/` as repo-managed contributor tooling; keep equivalent workflow files aligned across both toolchains. <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@docs/agent-playbooks/hooks-setup.mdat line 83, The "Format Hook" example
should be changed from bespoke stdin parsing to a thin wrapper that delegates to
the shared implementation: replace the custom parsing/formatting logic in the
example with a simple wrapper that resolves the repository root (e.g. via git
rev-parse --show-toplevel or pwd) and execs the shared script
scripts/agent-hooks/format.sh; ensure the example demonstrates the wrapper
pattern used for .codex/hooks/.sh and .cursor/hooks/.sh (resolve repo_root
then exec "$repo_root/scripts/agent-hooks/format.sh") so both toolchains remain
aligned.</details> </blockquote></details> </blockquote></details> <details> <summary>🤖 Prompt for all review comments with AI agents</summary>Verify each finding against the current code and only fix it if needed.
Inline comments:
In@scripts/agent-hooks/format.sh:
- Line 22: The script sets resolved_path using realpath with the GNU-only -m
flag; replace that invocation to be BSD/macOS compatible by removing -m and
adding a portable fallback: attempt realpath "$repo_root/$file_path" first
(assign to resolved_path), and if that fails (empty) fallback to a portable
resolution strategy such as changing to the file's directory with cd -P and
using pwd -P combined with the file's basename or using a short Python one-liner
to resolve the absolute path; update the assignment of resolved_path and any
error handling around it (references: the resolved_path variable assignment and
the subsequent path check) so formatting still runs correctly on both Linux and
macOS.
Nitpick comments:
In@docs/agent-playbooks/hooks-setup.md:
- Line 83: The "Format Hook" example should be changed from bespoke stdin
parsing to a thin wrapper that delegates to the shared implementation: replace
the custom parsing/formatting logic in the example with a simple wrapper that
resolves the repository root (e.g. via git rev-parse --show-toplevel or pwd) and
execs the shared script scripts/agent-hooks/format.sh; ensure the example
demonstrates the wrapper pattern used for .codex/hooks/.sh and
.cursor/hooks/.sh (resolve repo_root then exec
"$repo_root/scripts/agent-hooks/format.sh") so both toolchains remain aligned.</details> --- <details> <summary>ℹ️ Review info</summary> <details> <summary>⚙️ Run configuration</summary> **Configuration used**: defaults **Review profile**: CHILL **Plan**: Pro **Run ID**: `fbe3b08e-04f2-4d14-a3ef-f41a8dc3895d` </details> <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 4135308d2fc8e6d2967c836fb81fd43d2601db46 and 1ad07b746cdd13701339875307368393d75adbc7. </details> <details> <summary>📒 Files selected for processing (6)</summary> * `docs/agent-playbooks/hooks-setup.md` * `docs/agent-playbooks/templates/feature-list.template.json` * `docs/agent-playbooks/templates/progress.template.md` * `scripts/AGENTS.md` * `scripts/agent-hooks/format.sh` * `scripts/agent-hooks/sync-git-branches.sh` </details> <details> <summary>✅ Files skipped from review due to trivial changes (2)</summary> * scripts/AGENTS.md * docs/agent-playbooks/templates/feature-list.template.json </details> <details> <summary>🚧 Files skipped from review as they are similar to previous changes (2)</summary> * docs/agent-playbooks/templates/progress.template.md * scripts/agent-hooks/sync-git-branches.sh </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
Member
Author
|
Addressed the new valid portability finding in Fixed:
Re-verified locally with:
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| ;; | ||
| esac | ||
|
|
||
| slug="$(printf '%s' "$slug_input" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9._-]+/-/g; s/^-+//; s/-+$//')" |
There was a problem hiding this comment.
Slug sanitization allows .. producing invalid git refs
Low Severity
The slug sanitization regex [^a-z0-9._-]+ preserves dots, so inputs like v1..2 or .. pass the empty-slug check but produce branch names containing .. (e.g. codex/feature/v1..2). Git's check-ref-format rules forbid two consecutive dots anywhere in a ref name, so git worktree add -b fails with a confusing git error instead of a clear validation message. Stripping consecutive dots from the slug (or running git check-ref-format --branch before proceeding) would catch this earlier with a user-friendly message.
This was referenced Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tighten the repo-managed AI workflow so long-running tasks, worktree creation, and shared hook behavior follow one documented path.
Closes #1106
Note
Medium Risk
Changes agent hook behavior (verification now fails the hook on build/lint/type-check errors by default) and adds automation that can delete eligible local branches, so misconfiguration could disrupt contributor workflows.
Overview
Centralizes AI lifecycle hooks by turning
.codex/hooks/*.shand.cursor/hooks/*.shinto thin wrappers that delegate to new shared implementations underscripts/agent-hooks/.Tightens end-of-session verification:
scripts/agent-hooks/verify.shnow hard-fails onyarn build/lint/type-check(with anAGENT_VERIFY_MODE=advisoryescape hatch) while keepingyarn auditinformational, and continues cleaning generatedbuild//distoutputs.Standardizes branch/worktree workflow by introducing
scripts/create-task-worktree.sh(createscodex/<type>/<slug>branches + worktrees) and updating docs/skills to require thecodex/prefix;sync-git-branchesis updated to recognizecodex/*temporary branches and delete only integrated/no-upstream ones.Adds a long-running task playbook + templates and a new
scripts/agent-init.shhelper to start/wait for the dev server and optionally run a smoke flow.Written by Cursor Bugbot for commit ee7bf6e. This will update automatically on new commits. Configure here.
Summary by CodeRabbit
Documentation
New Features
Chores