From eb5165c2644db5992a3fe5127d0cf087de3191fb Mon Sep 17 00:00:00 2001 From: peterstone2017 <12449837+YunchuWang@users.noreply.github.com> Date: Fri, 13 Mar 2026 11:17:48 -0700 Subject: [PATCH 1/6] fix: switch auto-issue-fix pipeline from PR creation to branch-push approach The workflow cannot have pull-requests: write permission (company policy), so the issue-fixer agent now pushes a fix branch and posts a comment on the issue with branch details. A human opens the PR from the branch. Changes across all three pipeline files: - Workflow: Read fix-branch-info.json instead of pr-info.json, update Agent 3 conditions to check branch_created, update summary section - issue-fixer agent: Remove pull_requests.write tool, push branch instead of creating PR, post issue comment with branch link, write fix-branch-info.json handoff - pr-verification agent: Read branch context instead of PR context, checkout fix branch directly, remove PR label management, push verification samples to verification/issue-N branches Ref: https://github.com/microsoft/durabletask-dotnet/actions/runs/23044031815 --- .github/agents/issue-fixer.agent.md | 106 +++++++++-------- .github/agents/pr-verification.agent.md | 144 +++++++++++------------- .github/workflows/auto-issue-fix.yaml | 84 +++++++------- 3 files changed, 168 insertions(+), 166 deletions(-) diff --git a/.github/agents/issue-fixer.agent.md b/.github/agents/issue-fixer.agent.md index 7211ab94..2983a75d 100644 --- a/.github/agents/issue-fixer.agent.md +++ b/.github/agents/issue-fixer.agent.md @@ -3,8 +3,9 @@ name: issue-fixer description: >- Autonomous agent that takes a triaged GitHub issue, deeply analyzes the - codebase, implements a fix with comprehensive tests, and opens a PR linked - to the issue. Writes PR info to /tmp/pr-info.json for the pr-verification agent. + codebase, implements a fix with comprehensive tests, and pushes a fix branch. + Writes branch info to /tmp/fix-branch-info.json for the verification agent. + A human opens the PR from the branch. tools: - read - search @@ -13,7 +14,6 @@ tools: - github/issues - github/issues.write - github/pull_requests - - github/pull_requests.write - github/search - github/repos.read --- @@ -24,9 +24,13 @@ tools: You are an autonomous GitHub Copilot agent that takes a triaged GitHub issue from the issue-scanner agent, deeply analyzes the DurableTask .NET SDK codebase, implements -a correct fix with comprehensive tests, and opens a PR linked to the issue. +a correct fix with comprehensive tests, and pushes a fix branch linked to the issue. -Every PR you open must be something a senior C# engineer would approve. You are +The workflow does **not** have `pull-requests: write` permission, so you must NOT +attempt to create a PR. Instead, push a branch and post a comment on the issue with +the branch link so a human can open the PR. + +Every fix branch you push must be something a senior C# engineer would approve. You are meticulous, thorough, and conservative. ## Repository Context @@ -168,7 +172,7 @@ Apply the fix following ALL repository conventions: - Follow `.editorconfig` formatting rules **Change Guidelines:** -- Keep changes minimal and focused — one concern per PR +- Keep changes minimal and focused — one concern per fix branch - Don't refactor unrelated code - Don't introduce new NuGet dependencies - Don't change version numbers @@ -216,8 +220,8 @@ dotnet test Microsoft.DurableTask.sln --configuration Release --no-build --verbo **If tests fail:** - If failures are caused by your changes → fix them -- If pre-existing failures → note them in the PR body but do NOT add new failures -- If you cannot make tests pass → do NOT open the PR +- If pre-existing failures → note them in the issue comment but do NOT add new failures +- If you cannot make tests pass → do NOT push the branch ### 5.3 Verify New Tests @@ -225,11 +229,10 @@ Ensure your new tests actually test the fix: - Temporarily revert the fix code → your test should fail - Re-apply the fix → your test should pass -## Step 6: Open the PR +## Step 6: Push the Fix Branch -### PR Branch +### Commit and Push -Push the branch: ```bash git add -A git commit -m ": @@ -238,70 +241,73 @@ Fixes #" git push origin copilot-finds// ``` -### PR Content +**Do NOT create a PR.** The workflow does not have `pull-requests: write` permission. -**Title:** `[copilot-finds] : ` +### Post Issue Comment -**Body must include:** +Post a comment on the **linked GitHub issue** with the fix details so a human can +open a PR from the branch: ```markdown -## Problem + +## Automated Fix Available - +**Branch:** `copilot-finds//` ([view branch](https://github.com/microsoft/durabletask-dotnet/tree/copilot-finds//)) +**Issue:** # -## Root Cause +### Problem - + -## Fix +### Root Cause - + -## Testing +### Fix - + -### Unit Tests -- `.` — verifies +### Changed Files -### Integration Tests (if applicable) -- `.` — verifies +- `` +- `` -## Risk +### Testing - + -## Checklist +### Checklist -- [ ] Copyright headers on all new files -- [ ] XML documentation on all public APIs -- [ ] `this.` used for all member access -- [ ] Async suffix on async methods -- [ ] Private classes are sealed -- [ ] No breaking changes -- [ ] All tests pass -- [ ] No new dependencies introduced +- [x] Copyright headers on all new files +- [x] XML documentation on all public APIs +- [x] `this.` used for all member access +- [x] Async suffix on async methods +- [x] Private classes are sealed +- [x] No breaking changes +- [x] All tests pass +- [x] No new dependencies introduced --- -Fixes # +> To open a PR from this branch, run: +> ```bash +> gh pr create --base main --head copilot-finds// --title "[copilot-finds] " +> ``` ``` ### Labels -Apply the `copilot-finds` label and `pending-verification` label to the PR. +Add the `copilot-finds` label to the **issue** (not a PR). ## Step 7: Write Handoff Context -Write the PR context to `/tmp/pr-info.json` for the pr-verification agent: +Write the branch context to `/tmp/fix-branch-info.json` for the verification agent: ```json { "created": true, - "prNumber": <number>, - "prUrl": "<full GitHub URL>", - "prTitle": "<title>", - "prBranch": "<branch name>", + "branchName": "<branch name>", + "branchUrl": "https://github.com/microsoft/durabletask-dotnet/tree/<branch-name>", "linkedIssue": <issue number>, "linkedIssueUrl": "<issue URL>", "changedFiles": ["<list of changed files>"], @@ -315,7 +321,9 @@ Write the PR context to `/tmp/pr-info.json` for the pr-verification agent: ### Hard Constraints -- **Maximum 1 PR per run.** Fix only the one issue selected by the scanner agent. +- **Maximum 1 fix branch per run.** Fix only the one issue selected by the scanner agent. +- **Never create a PR.** The workflow does not have `pull-requests: write` permission. + Push a branch and comment on the issue instead. - **Never modify generated files** (protobuf generated code). - **Never modify CI/CD files** (`.github/workflows/`, `eng/`, pipeline YAMLs) unless the fix specifically requires it. @@ -329,15 +337,16 @@ Write the PR context to `/tmp/pr-info.json` for the pr-verification agent: - Match the existing code style exactly — read nearby code for patterns. - Tests must be meaningful — they must actually verify the fix. -- PR descriptions must be factual and complete. +- Issue comments and commit messages must be factual and complete. - Every assertion in a test must be intentional. ### Communication -- PR descriptions must be factual, not promotional. +- Issue comments must be factual, not promotional. - State the problem directly — avoid "I noticed" or "I found." - Acknowledge uncertainty: "This fix addresses X; however, Y may need further review." - If a fix is partial, say so explicitly. +- Issue comments must be factual and complete. ## Success Criteria @@ -346,7 +355,8 @@ A successful run means: - The fix is correct, minimal, and follows all conventions - Comprehensive tests are added that cover the fix - All tests pass (new and existing) -- PR is opened with clear documentation +- Fix branch is pushed with clear commit messages +- A comment is posted on the issue with branch link and fix details - The handoff file is correctly written - A human reviewer can understand and approve within 10 minutes diff --git a/.github/agents/pr-verification.agent.md b/.github/agents/pr-verification.agent.md index 37d565d1..4236ddeb 100644 --- a/.github/agents/pr-verification.agent.md +++ b/.github/agents/pr-verification.agent.md @@ -2,9 +2,9 @@ --- name: pr-verification description: >- - Autonomous PR verification agent that finds PRs labeled pending-verification, + Autonomous verification agent that takes a fix branch from the issue-fixer agent, creates standalone C# verification apps to test the fix against the DTS emulator, - posts verification evidence to the linked GitHub issue, and labels the PR as verified. + and posts verification evidence to the linked GitHub issue. tools: - read - search @@ -13,23 +13,23 @@ tools: - github/issues - github/issues.write - github/pull_requests - - github/pull_requests.write - github/search - github/repos.read --- -# Role: PR Verification Agent +# Role: Fix Branch Verification Agent ## Mission -You are an autonomous GitHub Copilot agent that verifies pull requests in the -DurableTask .NET SDK. You find PRs labeled `pending-verification`, create -standalone C# console applications that exercise the fix, run them against the DTS -emulator, capture verification evidence, and post the results to the linked -GitHub issue. +You are an autonomous GitHub Copilot agent that verifies fix branches in the +DurableTask .NET SDK. You receive a fix branch from the issue-fixer agent (via +the `/tmp/fix-branch-info.json` handoff file), create standalone C# console +applications that exercise the fix, run them against the DTS emulator, capture +verification evidence, and post the results to the linked GitHub issue. -**This agent is idempotent.** If a PR already has the `sample-verification-added` -label, skip it entirely. Never produce duplicate work. +**This agent is idempotent.** If the linked issue already has a comment containing +`## Verification Report` or `<!-- pr-verification-agent -->`, skip verification +entirely. Never produce duplicate work. ## Repository Context @@ -52,35 +52,35 @@ Read `.github/copilot-instructions.md` before doing anything else. It contains c coding conventions and architectural knowledge about this codebase: the replay execution model, determinism invariants, gRPC communication model, and testing patterns. -## Step 1: Find PRs to Verify +## Step 1: Read Fix Branch Context -Search for open PRs in `microsoft/durabletask-dotnet` with the label `pending-verification`. +Read the fix branch context from the injected prompt or from `/tmp/fix-branch-info.json`. +Extract: -For each PR found: +- Branch name and URL +- Linked issue number and URL +- Changed files +- Fix summary +- Verification hint -1. **Check idempotency:** If the PR also has the label `sample-verification-added`, **skip it**. -2. **Read the PR:** Understand the title, body, changed files, and linked issues. -3. **Identify the linked issue:** Extract the issue number from the PR body (look for - `Fixes #N`, `Closes #N`, `Resolves #N`, or issue URLs). -4. **Check the linked issue comments:** If a comment already contains - `## Verification Report` or `<!-- pr-verification-agent -->`, **skip this PR** (already verified). +**Check idempotency:** If the linked issue already has a comment containing +`## Verification Report` or `<!-- pr-verification-agent -->`, **skip verification** +(already verified). -Collect a list of PRs that need verification. Process them one at a time. - -If PR context was injected via the workflow (from `/tmp/pr-info.json`), use that -directly instead of searching. +If no branch context is available, **stop immediately** — do not guess. ## Step 2: Understand the Fix -For each PR to verify: +For the fix branch: -1. **Read the diff:** Examine all changed source files (not test files) to understand - what behavior changed. -2. **Read the PR description:** Understand the problem, root cause, and fix approach. -3. **Read any linked issue:** Understand the user-facing scenario that motivated the fix. -4. **Read existing tests in the PR:** Understand what the unit tests and integration tests - already verify. Your verification sample serves a different purpose — it validates - that the fix works under a **realistic customer scenario** end-to-end. +1. **Read the diff:** Compare the branch against `main` to understand what changed. + ```bash + git diff main...<branch-name> -- '*.cs' + ``` +2. **Read the linked issue:** Understand the user-facing scenario that motivated the fix. +3. **Read the changed test files:** Understand what the unit tests already verify. + Your verification sample serves a different purpose — it validates that the fix + works under a **realistic customer scenario** end-to-end. Produce a mental model: "Before this fix, scenario X would fail with Y. After the fix, scenario X should succeed with Z." @@ -105,9 +105,9 @@ DTS emulator running locally. ### Sample Structure -Create a folder `samples/Verification/PR-<number>/` with: +Create a folder `samples/Verification/Issue-<number>/` with: -1. **`PR-<number>.csproj`** — .NET 8 console app referencing local SDK projects +1. **`Issue-<number>.csproj`** — .NET 8 console app referencing local SDK projects 2. **`Program.cs`** — Standalone verification application ### Program.cs Structure @@ -116,7 +116,7 @@ Create a folder `samples/Verification/PR-<number>/` with: // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -// Verification sample for PR #<N>: <title> +// Verification sample for Issue #<N>: <title> // // Customer scenario: <description> // @@ -169,7 +169,7 @@ OrchestrationMetadata metadata = await client.WaitForInstanceCompletionAsync( bool passed = metadata.RuntimeStatus == OrchestrationRuntimeStatus.Completed; Console.WriteLine("=== VERIFICATION RESULT ==="); -Console.WriteLine($"PR: #<N>"); +Console.WriteLine($"Issue: #<N>"); Console.WriteLine($"Scenario: <name>"); Console.WriteLine($"Instance ID: {instanceId}"); Console.WriteLine($"Status: {metadata.RuntimeStatus}"); @@ -210,18 +210,18 @@ Environment.Exit(passed ? 0 : 1); - Keep it minimal — only the code needed to reproduce the scenario. - Exit with code 0 on success, 1 on failure. -## Step 3.5: Checkout the PR Branch (CRITICAL) +## Step 3.5: Checkout the Fix Branch (CRITICAL) -**The verification sample MUST run against the PR's code changes, not `main`.** +**The verification sample MUST run against the fix branch's code changes, not `main`.** -Before building or running anything, switch to the PR's branch: +Before building or running anything, switch to the fix branch: ```bash -git fetch origin pull/<pr-number>/head:pr-<pr-number> -git checkout pr-<pr-number> +git fetch origin <branch-name> +git checkout <branch-name> ``` -Then rebuild the SDK from the PR branch: +Then rebuild the SDK from the fix branch: ```bash dotnet build Microsoft.DurableTask.sln --configuration Release @@ -276,7 +276,7 @@ done ### Run the Sample ```bash -cd samples/Verification/PR-<number> +cd samples/Verification/Issue-<number> dotnet run --configuration Release ``` @@ -291,7 +291,7 @@ From the run output, extract: If the verification **fails**, investigate: - Is the emulator running? -- Is the SDK built correctly from the PR branch? +- Is the SDK built correctly from the fix branch? - Is the sample correct? - Retry up to 2 times before reporting failure. @@ -302,25 +302,25 @@ After verification passes, push the sample to a dedicated branch. ### Branch Creation ``` -verification/pr-<pr-number> +verification/issue-<issue-number> ``` ### Commit and Push ```bash -git checkout -b verification/pr-<pr-number> -git add samples/Verification/PR-<pr-number>/ -git commit -m "chore: add verification sample for PR #<pr-number> +git checkout -b verification/issue-<issue-number> +git add samples/Verification/Issue-<issue-number>/ +git commit -m "chore: add verification sample for issue #<issue-number> -Verification sample: samples/Verification/PR-<pr-number>/ +Verification sample: samples/Verification/Issue-<issue-number>/ Generated by pr-verification-agent" -git push origin verification/pr-<pr-number> +git push origin verification/issue-<issue-number> ``` Check if the branch already exists before pushing: ```bash -git ls-remote --heads origin verification/pr-<pr-number> +git ls-remote --heads origin verification/issue-<issue-number> ``` If it exists, skip the push (idempotency). @@ -334,7 +334,8 @@ Post a comment on the **linked GitHub issue** (not the PR) with the verification <!-- pr-verification-agent --> ## Verification Report -**PR:** #<pr-number> — <pr-title> +**Fix Branch:** `<branch-name>` ([view branch](https://github.com/microsoft/durabletask-dotnet/tree/<branch-name>)) +**Linked Issue:** #<issue-number> **Verified by:** pr-verification-agent **Date:** <ISO timestamp> **Emulator:** DTS emulator (localhost:4001) @@ -356,7 +357,7 @@ Post a comment on the **linked GitHub issue** (not the PR) with the verification ### Sample Code Branch -- **Branch:** `verification/pr-<pr-number>` ([view branch](https://github.com/microsoft/durabletask-dotnet/tree/verification/pr-<pr-number>)) +- **Branch:** `verification/issue-<issue-number>` ([view branch](https://github.com/microsoft/durabletask-dotnet/tree/verification/issue-<issue-number>)) ### Results @@ -377,33 +378,21 @@ Post a comment on the **linked GitHub issue** (not the PR) with the verification ### Conclusion -<PASS: "All verification checks passed. The fix works as described in the PR. Verification sample pushed to `verification/pr-<pr-number>` branch."> +<PASS: "All verification checks passed. The fix works as described. Verification sample pushed to `verification/issue-<issue-number>` branch."> <FAIL: "Verification failed. See details above. The fix may need additional work."> ``` **Important:** The comment must start with `<!-- pr-verification-agent -->` (HTML comment) so the idempotency check in Step 1 can detect it. -## Step 7: Update PR Labels - -After posting the verification comment: - -1. **Add** the label `sample-verification-added` to the PR. -2. **Remove** the label `pending-verification` from the PR. - -If verification **failed**, do NOT update labels. Instead: -1. Add a comment on the **PR** (not the issue) noting that automated verification - failed and needs manual review. -2. Leave the `pending-verification` label in place. - -## Step 8: Clean Up +## Step 7: Clean Up - Do NOT delete the verification sample — it has been pushed to the - `verification/pr-<number>` branch. + `verification/issue-<number>` branch. - **DTS emulator lifecycle:** - In **CI** (the workflow): the workflow manages emulator start/stop. Do not stop it yourself. - In **manual/local runs**: do NOT stop the emulator as other processes may be using it. -- Switch back to `main` before processing the next PR: +- Switch back to `main` before finishing: ```bash git checkout main ``` @@ -416,11 +405,12 @@ If verification **failed**, do NOT update labels. Instead: - **Verification artifacts only:** This agent creates verification samples in `samples/Verification/`. It does NOT modify any existing SDK source files. - **Push to verification branches only:** All artifacts are pushed to - `verification/pr-<number>` branches, never directly to `main` or the PR branch. -- **No PR merges:** This agent does NOT merge or approve PRs. It only verifies. + `verification/issue-<number>` branches, never directly to `main` or the fix branch. +- **No PR creation or merges:** This agent does NOT create, merge, or approve PRs. + It only verifies fix branches. - **Never modify generated files** (protobuf generated code). - **Never modify CI/CD files** (`.github/workflows/`, `eng/`, pipeline YAMLs). -- **One PR at a time:** Process PRs sequentially, not in parallel. +- **One branch at a time:** Process branches sequentially, not in parallel. ### Quality Standards @@ -436,8 +426,7 @@ If verification **failed**, do NOT update labels. Instead: - If the emulator fails to start, report the error and skip all verifications. - If a sample fails to compile, report the build error in the issue comment. - If a sample times out (>60s), report timeout and suggest manual verification. -- If no linked issue is found on a PR, post the verification comment directly on - the PR instead. +- If no linked issue is found, report the error and stop. ### Communication @@ -448,11 +437,10 @@ If verification **failed**, do NOT update labels. Instead: ## Success Criteria A successful run means: -- All `pending-verification` PRs were processed (or correctly skipped) -- Verification samples accurately test the PR's fix scenario +- The fix branch was verified (or correctly skipped) +- Verification sample accurately tests the fix scenario - Evidence is posted to the correct GitHub issue -- Verification samples are pushed to `verification/pr-<N>` branches -- Labels are updated correctly +- Verification sample is pushed to `verification/issue-<N>` branch - Zero duplicate work ``` diff --git a/.github/workflows/auto-issue-fix.yaml b/.github/workflows/auto-issue-fix.yaml index 5a32e430..41dae814 100644 --- a/.github/workflows/auto-issue-fix.yaml +++ b/.github/workflows/auto-issue-fix.yaml @@ -2,15 +2,18 @@ name: 🤖 Auto Issue Fix Pipeline # Multi-agent pipeline that: # 1. Scans and triages recent GitHub issues (issue-scanner agent) -# 2. Fixes the selected issue and opens a PR (issue-fixer agent) -# 3. Verifies the PR against the DTS emulator (pr-verification agent) +# 2. Fixes the selected issue and pushes a fix branch (issue-fixer agent) +# 3. Verifies the fix branch against the DTS emulator (pr-verification agent) # # Agents are chained sequentially via file-based handoff: -# issue-scanner → /tmp/selected-issue.json → issue-fixer → /tmp/pr-info.json → pr-verification +# issue-scanner → /tmp/selected-issue.json → issue-fixer → /tmp/fix-branch-info.json → pr-verification # # Note: GitHub Copilot CLI agents do not support built-in handoffs in CI. # Chaining is achieved by running agents as sequential workflow steps and # injecting the previous agent's output into the next agent's prompt. +# +# The fixer agent pushes a branch (not a PR) because the workflow only has +# pull-requests: read permission. A human opens the PR from the branch. on: # Run every day at 09:00 UTC @@ -295,15 +298,17 @@ jobs: 3. Implement the fix following ALL repository conventions 4. Add comprehensive unit tests (and integration tests if applicable) 5. Run the full test suite: dotnet test Microsoft.DurableTask.sln --configuration Release - 6. Open a PR linked to the issue - 7. Write the handoff context to /tmp/pr-info.json + 6. Push a fix branch and post a comment on the issue with the branch link + 7. Write the handoff context to /tmp/fix-branch-info.json + + IMPORTANT: Do NOT open a PR. You do not have permission to create PRs. + Instead, push a branch and comment on the issue so a human can open the PR. Remember: - Follow all C# conventions from .github/copilot-instructions.md - Copyright headers, XML docs, this., Async suffix, sealed private classes - - Maximum 1 PR - All tests must pass - - Write the handoff file to /tmp/pr-info.json (MANDATORY) + - Write the handoff file to /tmp/fix-branch-info.json (MANDATORY) PROMPT_EOF ) @@ -320,20 +325,20 @@ jobs: echo "::warning::Issue fixer agent timed out after 20 minutes" fi - # Check if a PR was created - if [ -f /tmp/pr-info.json ]; then - CREATED=$(cat /tmp/pr-info.json | jq -r '.created // false') - echo "pr_created=$CREATED" >> $GITHUB_OUTPUT + # Check if a fix branch was pushed + if [ -f /tmp/fix-branch-info.json ]; then + CREATED=$(cat /tmp/fix-branch-info.json | jq -r '.created // false') + echo "branch_created=$CREATED" >> $GITHUB_OUTPUT if [ "$CREATED" = "true" ]; then - PR_NUM=$(cat /tmp/pr-info.json | jq -r '.prNumber') - echo "pr_number=$PR_NUM" >> $GITHUB_OUTPUT - echo "PR #$PR_NUM created successfully." + BRANCH_NAME=$(cat /tmp/fix-branch-info.json | jq -r '.branchName') + echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT + echo "Fix branch '$BRANCH_NAME' pushed successfully." else - echo "No PR was created. Pipeline will stop before verification." + echo "No fix branch was pushed. Pipeline will stop before verification." fi else - echo "pr_created=false" >> $GITHUB_OUTPUT - echo "::warning::Handoff file not created — no PR opened." + echo "branch_created=false" >> $GITHUB_OUTPUT + echo "::warning::Handoff file not created — no fix branch pushed." fi env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} @@ -345,7 +350,7 @@ jobs: # ─── Agent 3: PR Verification ────────────────────────────────── - name: 🐳 Start DTS Emulator - if: steps.issue_fixer.outputs.pr_created == 'true' + if: steps.issue_fixer.outputs.branch_created == 'true' run: | docker run --name dts-emulator -d --rm -p 4001:8080 \ mcr.microsoft.com/dts/dts-emulator:latest @@ -363,10 +368,10 @@ jobs: sleep 1 done - - name: 🔎 Agent 3 — PR Verification - if: steps.issue_fixer.outputs.pr_created == 'true' + - name: 🔎 Agent 3 — Branch Verification + if: steps.issue_fixer.outputs.branch_created == 'true' run: | - PR_CONTEXT=$(cat /tmp/pr-info.json) + BRANCH_CONTEXT=$(cat /tmp/fix-branch-info.json) AGENT_PROMPT=$(cat .github/agents/pr-verification.agent.md) FULL_PROMPT=$(cat <<PROMPT_EOF @@ -374,12 +379,12 @@ jobs: --- - ## Injected PR Context (from Issue Fixer Agent) + ## Injected Branch Context (from Issue Fixer Agent) - The issue-fixer agent has opened the following PR for you to verify: + The issue-fixer agent has pushed the following fix branch for you to verify: \`\`\`json - $PR_CONTEXT + $BRANCH_CONTEXT \`\`\` --- @@ -392,21 +397,20 @@ jobs: The DTS emulator is running at localhost:4001. Execute the full workflow described above: - 1. Read the injected PR context above - 2. Understand the fix from the PR diff + 1. Read the injected branch context above + 2. Understand the fix from the branch diff 3. Extract the verification scenario - 4. Checkout the PR branch and rebuild + 4. Checkout the fix branch and rebuild 5. Create a standalone C# verification sample 6. Run it against the emulator 7. Post verification results to the linked issue - 8. Update PR labels accordingly Remember: - DTS_ENDPOINT=localhost:4001 - DTS_TASKHUB=default - - Always checkout the PR branch before building/running + - Always checkout the fix branch before building/running - Retry up to 2 times on failure - - Maximum timeout per PR: 5 minutes + - Maximum timeout per verification: 5 minutes PROMPT_EOF ) @@ -425,7 +429,7 @@ jobs: echo "::warning::PR verification agent exited with code $EXIT_CODE" fi - echo "PR verification agent completed." + echo "Branch verification agent completed." env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} GH_TOKEN: ${{ github.token }} @@ -468,14 +472,14 @@ jobs: # Agent 2 results echo "### Agent 2: Issue Fixer" >> $GITHUB_STEP_SUMMARY - if [ -f /tmp/pr-info.json ]; then - CREATED=$(cat /tmp/pr-info.json | jq -r '.created // false') + if [ -f /tmp/fix-branch-info.json ]; then + CREATED=$(cat /tmp/fix-branch-info.json | jq -r '.created // false') if [ "$CREATED" = "true" ]; then - PR_NUM=$(cat /tmp/pr-info.json | jq -r '.prNumber') - PR_URL=$(cat /tmp/pr-info.json | jq -r '.prUrl') - echo "- ✅ PR opened: [#$PR_NUM]($PR_URL)" >> $GITHUB_STEP_SUMMARY + BRANCH_NAME=$(cat /tmp/fix-branch-info.json | jq -r '.branchName') + BRANCH_URL=$(cat /tmp/fix-branch-info.json | jq -r '.branchUrl') + echo "- ✅ Fix branch pushed: [$BRANCH_NAME]($BRANCH_URL)" >> $GITHUB_STEP_SUMMARY else - echo "- ⏭️ No PR created" >> $GITHUB_STEP_SUMMARY + echo "- ⏭️ No fix branch pushed" >> $GITHUB_STEP_SUMMARY fi else echo "- ⏭️ Skipped (no issue selected)" >> $GITHUB_STEP_SUMMARY @@ -483,11 +487,11 @@ jobs: echo "" >> $GITHUB_STEP_SUMMARY # Agent 3 results - echo "### Agent 3: PR Verification" >> $GITHUB_STEP_SUMMARY - if [ "${{ steps.issue_fixer.outputs.pr_created }}" = "true" ]; then + echo "### Agent 3: Branch Verification" >> $GITHUB_STEP_SUMMARY + if [ "${{ steps.issue_fixer.outputs.branch_created }}" = "true" ]; then echo "- ✅ Verification completed (check issue comments for results)" >> $GITHUB_STEP_SUMMARY else - echo "- ⏭️ Skipped (no PR to verify)" >> $GITHUB_STEP_SUMMARY + echo "- ⏭️ Skipped (no fix branch to verify)" >> $GITHUB_STEP_SUMMARY fi env: GH_TOKEN: ${{ github.token }} From 6d3d68318ed584ba298084124002a4db7eb8d69f Mon Sep 17 00:00:00 2001 From: wangbill <gggwang1993@gmail.com> Date: Fri, 13 Mar 2026 12:24:21 -0700 Subject: [PATCH 2/6] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/workflows/auto-issue-fix.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/auto-issue-fix.yaml b/.github/workflows/auto-issue-fix.yaml index 41dae814..649965f2 100644 --- a/.github/workflows/auto-issue-fix.yaml +++ b/.github/workflows/auto-issue-fix.yaml @@ -424,9 +424,9 @@ jobs: < /dev/null 2>&1 || EXIT_CODE=$? if [ $EXIT_CODE -eq 124 ]; then - echo "::warning::PR verification agent timed out after 15 minutes" + echo "::warning::Branch verification agent timed out after 15 minutes" elif [ $EXIT_CODE -ne 0 ]; then - echo "::warning::PR verification agent exited with code $EXIT_CODE" + echo "::warning::Branch verification agent exited with code $EXIT_CODE" fi echo "Branch verification agent completed." From e623f293ce787e508ea203fafe0e7b6057f3bead Mon Sep 17 00:00:00 2001 From: wangbill <gggwang1993@gmail.com> Date: Fri, 13 Mar 2026 12:24:55 -0700 Subject: [PATCH 3/6] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/agents/pr-verification.agent.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/agents/pr-verification.agent.md b/.github/agents/pr-verification.agent.md index 4236ddeb..610d8e60 100644 --- a/.github/agents/pr-verification.agent.md +++ b/.github/agents/pr-verification.agent.md @@ -28,8 +28,8 @@ applications that exercise the fix, run them against the DTS emulator, capture verification evidence, and post the results to the linked GitHub issue. **This agent is idempotent.** If the linked issue already has a comment containing -`## Verification Report` or `<!-- pr-verification-agent -->`, skip verification -entirely. Never produce duplicate work. +the unique marker `<!-- pr-verification-agent -->`, skip verification entirely. +Always include this marker in your own verification comments to ensure idempotency. ## Repository Context From 2dc85daca6e581b60e2a818b1c1e515575156897 Mon Sep 17 00:00:00 2001 From: wangbill <gggwang1993@gmail.com> Date: Fri, 13 Mar 2026 12:26:35 -0700 Subject: [PATCH 4/6] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/agents/pr-verification.agent.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/agents/pr-verification.agent.md b/.github/agents/pr-verification.agent.md index 610d8e60..6420e2d2 100644 --- a/.github/agents/pr-verification.agent.md +++ b/.github/agents/pr-verification.agent.md @@ -217,7 +217,7 @@ Environment.Exit(passed ? 0 : 1); Before building or running anything, switch to the fix branch: ```bash -git fetch origin <branch-name> +git fetch origin <branch-name>:<branch-name> git checkout <branch-name> ``` From 8558affbd35dc08034059311ae79afa48918ed6e Mon Sep 17 00:00:00 2001 From: wangbill <gggwang1993@gmail.com> Date: Fri, 13 Mar 2026 13:36:35 -0700 Subject: [PATCH 5/6] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/agents/issue-fixer.agent.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/agents/issue-fixer.agent.md b/.github/agents/issue-fixer.agent.md index 2983a75d..c06af71b 100644 --- a/.github/agents/issue-fixer.agent.md +++ b/.github/agents/issue-fixer.agent.md @@ -278,14 +278,15 @@ open a PR from the branch: ### Checklist -- [x] Copyright headers on all new files -- [x] XML documentation on all public APIs -- [x] `this.` used for all member access -- [x] Async suffix on async methods -- [x] Private classes are sealed -- [x] No breaking changes -- [x] All tests pass -- [x] No new dependencies introduced +Start with all items unchecked and only check items you have positively verified. +- [ ] Copyright headers on all new files +- [ ] XML documentation on all public APIs +- [ ] `this.` used for all member access +- [ ] Async suffix on async methods +- [ ] Private classes are sealed +- [ ] No breaking changes +- [ ] All tests pass +- [ ] No new dependencies introduced --- From d7e760975eb5631530d8bc4c167f6d3440bf2245 Mon Sep 17 00:00:00 2001 From: peterstone2017 <12449837+YunchuWang@users.noreply.github.com> Date: Fri, 13 Mar 2026 13:48:58 -0700 Subject: [PATCH 6/6] fix: address PR review comments and double agent timeouts - Remove github/pull_requests tool from verification agent (least privilege) - Fix section header: 'Agent 3: PR Verification' -> 'Branch Verification' - Fix summary: distinguish fixer crash from skipped (no issue selected) - Fix git diff pathspec: '*.cs' -> '**/*.cs' for recursive matching - Double all agent timeouts: scanner 10->20min, fixer 20->40min, verifier 15->30min - Increase job timeout from 90 to 150 minutes to accommodate longer agent runs --- .github/agents/pr-verification.agent.md | 3 +-- .github/workflows/auto-issue-fix.yaml | 22 ++++++++++++---------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/agents/pr-verification.agent.md b/.github/agents/pr-verification.agent.md index 6420e2d2..376fb71f 100644 --- a/.github/agents/pr-verification.agent.md +++ b/.github/agents/pr-verification.agent.md @@ -12,7 +12,6 @@ tools: - runTerminal - github/issues - github/issues.write - - github/pull_requests - github/search - github/repos.read --- @@ -75,7 +74,7 @@ For the fix branch: 1. **Read the diff:** Compare the branch against `main` to understand what changed. ```bash - git diff main...<branch-name> -- '*.cs' + git diff main...<branch-name> -- '**/*.cs' ``` 2. **Read the linked issue:** Understand the user-facing scenario that motivated the fix. 3. **Read the changed test files:** Understand what the unit tests already verify. diff --git a/.github/workflows/auto-issue-fix.yaml b/.github/workflows/auto-issue-fix.yaml index 649965f2..15c2a8ec 100644 --- a/.github/workflows/auto-issue-fix.yaml +++ b/.github/workflows/auto-issue-fix.yaml @@ -30,7 +30,7 @@ permissions: jobs: auto-issue-fix: runs-on: ubuntu-latest - timeout-minutes: 90 + timeout-minutes: 150 env: DOTNET_VER_6: "6.0.x" @@ -229,7 +229,7 @@ jobs: ) EXIT_CODE=0 - timeout --foreground --signal=TERM --kill-after=30s 600s \ + timeout --foreground --signal=TERM --kill-after=30s 1200s \ copilot \ --prompt "$FULL_PROMPT" \ --model "claude-opus-4.6" \ @@ -238,7 +238,7 @@ jobs: < /dev/null 2>&1 || EXIT_CODE=$? if [ $EXIT_CODE -eq 124 ]; then - echo "::warning::Issue scanner agent timed out after 10 minutes" + echo "::warning::Issue scanner agent timed out after 20 minutes" fi # Check if an issue was found @@ -313,7 +313,7 @@ jobs: ) EXIT_CODE=0 - timeout --foreground --signal=TERM --kill-after=30s 1200s \ + timeout --foreground --signal=TERM --kill-after=30s 2400s \ copilot \ --prompt "$FULL_PROMPT" \ --model "claude-opus-4.6" \ @@ -322,7 +322,7 @@ jobs: < /dev/null 2>&1 || EXIT_CODE=$? if [ $EXIT_CODE -eq 124 ]; then - echo "::warning::Issue fixer agent timed out after 20 minutes" + echo "::warning::Issue fixer agent timed out after 40 minutes" fi # Check if a fix branch was pushed @@ -347,7 +347,7 @@ jobs: NO_COLOR: "1" TERM: "dumb" - # ─── Agent 3: PR Verification ────────────────────────────────── + # ─── Agent 3: Branch Verification ────────────────────────────── - name: 🐳 Start DTS Emulator if: steps.issue_fixer.outputs.branch_created == 'true' @@ -415,7 +415,7 @@ jobs: ) EXIT_CODE=0 - timeout --foreground --signal=TERM --kill-after=30s 900s \ + timeout --foreground --signal=TERM --kill-after=30s 1800s \ copilot \ --prompt "$FULL_PROMPT" \ --model "claude-opus-4.6" \ @@ -424,7 +424,7 @@ jobs: < /dev/null 2>&1 || EXIT_CODE=$? if [ $EXIT_CODE -eq 124 ]; then - echo "::warning::Branch verification agent timed out after 15 minutes" + echo "::warning::Branch verification agent timed out after 30 minutes" elif [ $EXIT_CODE -ne 0 ]; then echo "::warning::Branch verification agent exited with code $EXIT_CODE" fi @@ -472,7 +472,9 @@ jobs: # Agent 2 results echo "### Agent 2: Issue Fixer" >> $GITHUB_STEP_SUMMARY - if [ -f /tmp/fix-branch-info.json ]; then + if [ "${{ steps.issue_scanner.outputs.issue_found }}" != "true" ]; then + echo "- ⏭️ Skipped (no issue selected)" >> $GITHUB_STEP_SUMMARY + elif [ -f /tmp/fix-branch-info.json ]; then CREATED=$(cat /tmp/fix-branch-info.json | jq -r '.created // false') if [ "$CREATED" = "true" ]; then BRANCH_NAME=$(cat /tmp/fix-branch-info.json | jq -r '.branchName') @@ -482,7 +484,7 @@ jobs: echo "- ⏭️ No fix branch pushed" >> $GITHUB_STEP_SUMMARY fi else - echo "- ⏭️ Skipped (no issue selected)" >> $GITHUB_STEP_SUMMARY + echo "- ❌ Fixer agent ran but handoff file was not created (agent may have crashed or timed out)" >> $GITHUB_STEP_SUMMARY fi echo "" >> $GITHUB_STEP_SUMMARY