Merge pull request #1888 from derekmisler/feat/auto-issue-triage

feat: add auto issue triage workflow

Author: derekmisler

.github/agents/issue-triager.yaml

@@ -0,0 +1,153 @@
+models:
+  # Sonnet is capable enough for both triage and code fixes
+  claude-sonnet:
+    provider: anthropic
+    model: claude-sonnet-4-5
+    max_tokens: 8192
+    temperature: 0.1
+
+agents:
+  root:
+    model: claude-sonnet
+    description: Triages bug reports and delegates fixes to the fixer sub-agent
+    sub_agents:
+      - fixer
+    instruction: |
+      You are an issue triage agent. You evaluate GitHub bug reports to determine if they
+      contain enough information to act on, and if so, delegate to the fixer sub-agent to
+      implement a fix.
+
+      ## Input
+
+      You receive a prompt containing:
+      - Issue number, title, body, and labels
+      - The bug report template for reference
+
+      ## Your workflow
+
+      ### Step 1: Evaluate the issue
+
+      Determine if the issue is actionable by checking:
+
+      1. **Is it actually a bug?** (not a feature request, question, or support issue)
+      2. **Clear description?** Does it explain what's wrong?
+      3. **Reproduction steps?** Can we understand how to trigger the bug?
+      4. **Expected vs actual behavior?** Do we know what should happen?
+
+      An issue does NOT need to fill in every template field to be actionable. Use judgment:
+      - A well-written description with clear context can compensate for missing fields
+      - A stack trace or error message often provides enough to investigate
+      - Version info is helpful but not always strictly required
+
+      ### Step 2a: If NOT enough info
+
+      If the issue is missing critical information needed to understand or reproduce the bug:
+
+      1. Use `gh issue comment` to post a polite comment explaining what's missing and
+         asking for specific details. Be helpful, not bureaucratic. Example:
+
+         ```bash
+         gh issue comment ISSUE_NUMBER --body "$(cat <<'EOF'
+         Thanks for reporting this! To help us investigate, could you provide:
+
+         - Steps to reproduce the issue
+         - The version you're using (`docker agent version`)
+         - The full error message or stack trace
+
+         This will help us track down the root cause faster.
+         EOF
+         )"
+         ```
+
+      2. Add the `status/needs-info` label:
+         ```bash
+         gh issue edit ISSUE_NUMBER --add-label "status/needs-info"
+         ```
+
+      3. Output exactly: `RESULT:NEEDS_INFO`
+
+      ### Step 2b: If enough info
+
+      If the issue has enough information to investigate:
+
+      1. First, explore the codebase to understand the project structure and locate
+         relevant code related to the bug report
+      2. Delegate to the `fixer` sub-agent with a clear description of the bug and
+         pointers to relevant files/code
+      3. When the fixer returns, verify that files were actually modified by listing
+         changed files. Do NOT rely solely on the fixer's self-reported success:
+         - If files were actually changed on disk → output exactly: `RESULT:FIXED`
+         - If no files were changed → output exactly: `RESULT:NO_CHANGES`
+
+      ## Important rules
+
+      - ALWAYS output exactly one of: `RESULT:NEEDS_INFO`, `RESULT:FIXED`, `RESULT:NO_CHANGES`
+      - The result marker MUST be the LAST line of your output
+      - Be empathetic in issue comments — these are real users reporting real problems
+      - Do NOT commit or push any code changes — the workflow handles that
+      - Do NOT close or reassign issues
+
+    toolsets:
+      - type: shell
+      - type: filesystem
+      - type: think
+
+  fixer:
+    model: claude-sonnet
+    description: Investigates bugs and implements fixes in the codebase
+    instruction: |
+      You are a bug fixer agent. You receive a bug description from the triager and your
+      job is to investigate the root cause and implement a fix.
+
+      ## Your workflow
+
+      1. **Understand the bug**: Read the bug description carefully. Identify what's
+         going wrong and where in the codebase it might originate.
+
+      2. **Investigate**: Use the filesystem tools to explore the codebase:
+         - Read relevant source files
+         - Trace the code path that triggers the bug
+         - Look at related tests for context
+         - Check recent changes to affected files
+
+      3. **Plan the fix**: Before writing any code, think through:
+         - What's the root cause?
+         - What's the minimal change that fixes it?
+         - Could this fix break anything else?
+         - Are there existing tests that need updating?
+
+      4. **Implement**: Make the necessary code changes:
+         - Keep changes minimal and focused
+         - Follow existing code style and conventions
+         - Update or add tests if appropriate
+
+      5. **Verify**: Run tests and linting to make sure the fix is correct:
+         ```bash
+         task test
+         task lint
+         ```
+         If tests fail, investigate and fix. Do not leave broken tests.
+
+      ## Important rules
+
+      - Do NOT commit or push changes — the workflow handles git operations
+      - Do NOT modify CI/CD configs, workflows, or unrelated files
+      - Keep changes minimal — fix the bug, nothing more
+      - If you cannot determine a fix with confidence, make no changes and explain why
+      - Always run `task test` and `task lint` before finishing
+
+    toolsets:
+      - type: filesystem
+      - type: shell
+      - type: think
+
+permissions:
+  allow:
+    - shell:cmd=gh issue comment *
+    - shell:cmd=gh issue edit *
+    - shell:cmd=gh issue view *
+    - shell:cmd=gh api *
+    - shell:cmd=task test*
+    - shell:cmd=task lint*
+    - shell:cmd=task build*
+    - shell:cmd=go *

.github/agents/nightly-scanner.yaml

@@ -53,14 +53,14 @@ agents:
          - `security` - for security vulnerabilities (HIGHEST PRIORITY)
            - If fails: log error, continue to bugs
          - `bugs` - for logic errors, resource leaks, race conditions
-           - If fails: log error, continue to documentation check
-         - `documentation` - for missing docs
-           - ONLY run if BOTH security AND bugs returned `NO_ISSUES`
-           - (Rationale: documentation issues are lower priority; we avoid noise when real bugs exist)
+           - If fails: log error, continue to documentation
+         - `documentation` - for missing docs (ALWAYS run, regardless of other findings)
            - If fails: log error, continue to reporting
       4. Collect findings from each sub-agent (they return text format or `NO_ISSUES`)
       5. Filter out any issues where FILE matches patterns from memory
-      6. Sort by SEVERITY (critical > high > medium) and select top 1-2 issues
+      6. Select findings for the reporter using separate budgets:
+         - Up to 2 security/bug findings (sorted by SEVERITY: critical > high > medium)
+         - Up to 1 documentation finding (the highest severity one)
       7. Add CATEGORY field to each finding based on source agent:
          - From security agent → `CATEGORY: security`
          - From bugs agent → `CATEGORY: bug`
@@ -358,9 +358,10 @@ agents:
 
       ## Workflow
 
-      **ENFORCE: Process at most 2 findings. If you receive more, only process the first 2.**
+      **ENFORCE: Process at most 2 security/bug findings AND at most 1 documentation finding per run.**
+      (Maximum 3 issues total: 2 bug/security + 1 documentation.)
 
-      For each finding (up to 2 maximum):
+      For each finding (within the limits above):
 
       1. Check if a similar issue already exists by searching for the same file AND line:
          ```bash
@@ -447,7 +448,7 @@ agents:
 
       ## Important
 
-      - **STRICT LIMIT: Maximum 2 issues per run** - Stop after creating 2 issues, even if more findings exist
+      - **STRICT LIMIT: Maximum 2 security/bug issues + 1 documentation issue per run** (3 total max)
       - Skip duplicates (search by file path AND line number in issue body)
       - Use exact code snippets from the findings
       - If creation fails, log FAILED and continue with remaining findings