feat: brain-autofix reusable workflows (auto-rebase + auto-fix-tests)#2
Merged
Merged
Conversation
Two opt-in reusable workflows that complement the divine-brain
pipeline. Each repo opts in by adding ~10 lines of caller workflow;
opts out per-PR via label or per-repo via a `.brain-autofix.disabled`
file.
auto-rebase.yml — pure-git, no LLM. On pull_request synchronize /
labeled / opened / reopened / ready_for_review:
- skip if PR labeled do-not-touch or wip
- skip if .brain-autofix.disabled at repo root
- skip if last commit carries [skip-autofix] (loop-break)
- merge or rebase from base; auto-resolve trivial conflicts:
lockfiles (pnpm/npm/yarn/cargo/go) regenerated via the relevant
tool; generated artifacts (dist/, build/, .next/, .turbo/) kept
PR-side and rebuilt on next CI
- any non-trivial conflict aborts cleanly with a PR comment listing
files that need human help
- push back to PR branch with [brain-autofix][skip-autofix] trailer
- --force-with-lease only in rebase mode; merge mode is fast-forward
- explicit refusal to push to the repo default branch
auto-fix-tests.yml — Claude Code in runner. Triggered by:
- pull_request labeled (label = `auto-fix`), OR
- issue_comment containing `/brain-fix` from a maintainer, OR
- workflow_run completed=failure on a PR carrying the `auto-fix` label
Then:
- all the same skip checks as auto-rebase plus an idempotency tag
keyed by head_sha (max 1 attempt per push)
- install deps, capture failing test output (last 8KB), hand to
Claude Code with --max-turns and a tight system prompt
- re-run tests; ONLY push if they now pass
- commit with [brain-autofix][skip-autofix] trailer + a note saying
human review still required (auto-fix may have masked a real bug)
- posts a PR comment with the agent's run log on success / failure /
no-changes paths
ANTHROPIC_API_KEY flows via `secrets:` not `env:` and is never echoed.
README documents opt-in for both, including the caller-workflow
snippets and the four guardrail mechanisms (loop-break trailer,
disable file, label opt-out, idempotency tag).
Found four bugs reviewing the previous commit with fresh eyes:
1. Lockfile regen could commit a broken file. If the repo's package
manager (pnpm/yarn/cargo/go) wasn't on the runner, the regen would
silently fail, but my code still `git add`ed the file with
conflict markers in it. Fixed via a `regen()` helper that:
- early-returns "unresolved" when the tool isn't on PATH
- sanity-checks the regenerated file for `<<<<<<<` / `=======`
markers and treats their presence as failure
- captures regen output to /tmp/regen.log for the PR comment
2. Fork PR push-back fails silently. `secrets.GITHUB_TOKEN` can't
write to a fork branch. Both workflows now skip cleanly with a
"PR is from a fork, cannot push back" reason. Documented in README.
3. Missing concurrency. Two close webhooks (labeled right after
synchronize) raced. Both workflows now have a `concurrency:` group
keyed on the PR number with `cancel-in-progress: true` — the
later event has fresher info anyway.
4. README caller example mentioned `push: branches: [main]`, but the
v0 job filter only accepts pull_request events. Removed the
misleading example and added a "Note on triggers" callout.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two opt-in reusable workflows that solve the two pain points from chat: tests failing on PRs, and PRs not merging cleanly with origin/main.
`auto-rebase` — pure git, no LLM
On every `pull_request.synchronize`/`labeled`/`opened`, updates the PR branch from base. Resolves trivial conflicts automatically:
Any non-trivial conflict aborts cleanly with a PR comment listing files needing human help.
`auto-fix-tests` — Claude Code in runner, opt-in via label
Triggered by:
Spins up Claude Code in the runner with a tight prompt + the failing test output, lets it make ONE focused fix, re-runs tests once to verify, only pushes if they pass.
Four guardrails (per the agreed list)
Plus defense-in-depth:
Caller usage
See README — each repo adds ~10 lines.
Test plan