docs(agents): add MANDATORY AI QA review protocol before merge#266
docs(agents): add MANDATORY AI QA review protocol before merge#266jbdevprimary merged 12 commits intomainfrom
Conversation
BREAKING CHANGE: Agents must now engage AI reviewers before any merge. Changes: - Updated .cursor/rules/15-ai-qa-engagement.mdc with comprehensive mandatory protocol - Added AI QA review section to .ruler/AGENTS.md - Added review commands: /gemini review, /q review, @copilot review, @cursor review - Added merge checklist requiring AI review completion - Added feedback addressing requirements (fix or justify, never ignore) This ensures quality by requiring peer review from AI agents on all PRs.
|
⏳ Code review in progress. Analyzing for code quality issues and best practices. You can monitor the review status in the checks section at the bottom of this pull request. Detailed findings will be posted upon completion. Using Amazon Q Developer for GitHubAmazon Q Developer1 is an AI-powered assistant that integrates directly into your GitHub workflow, enhancing your development process with intelligent features for code development, review, and transformation. Slash Commands
FeaturesAgentic Chat Code Review CustomizationYou can create project-specific rules for Amazon Q Developer to follow:
Example rule: FeedbackTo provide feedback on Amazon Q Developer, create an issue in the Amazon Q Developer public repository. For more detailed information, visit the Amazon Q for GitHub documentation. Footnotes
|
|
/gemini review |
|
@cursor review |
|
/q review |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
⏳ Code review in progress. Analyzing for code quality issues and best practices. You can monitor the review status in the checks section at the bottom of this pull request. Detailed findings will be posted upon completion. Using Amazon Q Developer for GitHubAmazon Q Developer1 is an AI-powered assistant that integrates directly into your GitHub workflow, enhancing your development process with intelligent features for code development, review, and transformation. Slash Commands
FeaturesAgentic Chat Code Review CustomizationYou can create project-specific rules for Amazon Q Developer to follow:
Example rule: FeedbackTo provide feedback on Amazon Q Developer, create an issue in the Amazon Q Developer public repository. For more detailed information, visit the Amazon Q for GitHub documentation. Footnotes
|
Summary of ChangesHello @jbcom, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a critical update to the development workflow by making AI-driven code quality assurance a mandatory step for all pull requests. The primary goal is to significantly enhance code quality, reduce bugs, and ensure consistent adherence to best practices by leveraging multiple AI review agents. This change aims to prevent previous issues where PRs were merged without adequate review, thereby strengthening the overall integrity of the codebase. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![amazon-q-developer[bot]](https://avatars.githubusercontent.com/in/1220912?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review Summary
This PR introduces a mandatory AI QA review protocol, which is a valuable addition to ensure code quality. However, there are several critical issues that need to be addressed before merge:
Critical Issues Found:
- Logic contradiction in when reviews are required vs. when they can be skipped
- Ambiguous enforcement mechanism without clear authority or conditions
- Inconsistent checklist items between the two files that could cause confusion
- Missing conflict resolution process for cross-agent collaboration
Key Concerns:
- The protocol needs clearer boundaries on when it applies
- Enforcement mechanisms should be specific and actionable
- Cross-file consistency is essential for a mandatory protocol
- Conflict resolution paths are needed for agent disagreements
The concept is sound and addresses a real need for consistent code review practices. Once these clarity and consistency issues are resolved, this will be a strong addition to the project's quality assurance processes.
Please address all feedback items before merging, as this protocol will govern how all future PRs are handled.
You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.
| - Any code changes (not just docs) | ||
| - Bug fixes (even "simple" ones) | ||
| - New features | ||
| - Refactors of any size | ||
| - Dependency updates that affect code | ||
| - Security-related changes | ||
| - API changes | ||
|
|
||
| ### May Skip Review For: | ||
| - Pure documentation changes (README, comments only) | ||
| - Whitespace/formatting-only changes | ||
| - Automated dependency bumps (Dependabot) with no code changes |
There was a problem hiding this comment.
🛑 Logic Error: The protocol contradicts itself by requiring AI review for "any code changes" but then allowing skips for documentation changes. This creates ambiguity about when the mandatory protocol applies.
| - Any code changes (not just docs) | |
| - Bug fixes (even "simple" ones) | |
| - New features | |
| - Refactors of any size | |
| - Dependency updates that affect code | |
| - Security-related changes | |
| - API changes | |
| ### May Skip Review For: | |
| - Pure documentation changes (README, comments only) | |
| - Whitespace/formatting-only changes | |
| - Automated dependency bumps (Dependabot) with no code changes | |
| ### ALWAYS Request Review For: | |
| - New features | |
| - Bug fixes (even "simple" ones) | |
| - Refactors of any size | |
| - Dependency updates that affect code | |
| - Security-related changes | |
| - API changes | |
| - Infrastructure/configuration changes | |
| ### May Skip Review For: | |
| - Pure documentation changes (README, comments only) | |
| - Whitespace/formatting-only changes | |
| - Automated dependency bumps (Dependabot) with no code changes |
| This is a MANDATORY protocol. PRs merged without proper AI review engagement | ||
| may be reverted. The goal is quality, not speed. |
There was a problem hiding this comment.
The enforcement mechanism lacks specificity. "May be reverted" is vague and doesn't define who has authority to revert or under what conditions. This could lead to conflicts between agents or team members.
| This is a MANDATORY protocol. PRs merged without proper AI review engagement | |
| may be reverted. The goal is quality, not speed. | |
| ## Enforcement | |
| This is a MANDATORY protocol. PRs merged without proper AI review engagement | |
| will be flagged for review by the team lead and may be reverted if they contain | |
| unaddressed critical issues. The goal is quality, not speed. |
|
|
||
| ## Cross-Agent Collaboration | ||
| - [ ] CI is green (all checks pass) | ||
| - [ ] At least ONE AI review requested (`/gemini review`, `/q review`, etc.) |
There was a problem hiding this comment.
The checklist item is ambiguous. "At least ONE AI review requested" doesn't specify whether the review must be completed or just requested. This could allow premature merging while reviews are still pending.
| - [ ] At least ONE AI review requested (`/gemini review`, `/q review`, etc.) | |
| - [ ] At least ONE AI review requested and completed (`/gemini review`, `/q review`, etc.) |
| 1. Request fresh AI review | ||
| 2. Don't dismiss previous agent's decisions without justification | ||
| 3. Tag original agent if making significant changes | ||
| 4. Maintain the feedback resolution record |
There was a problem hiding this comment.
The cross-agent collaboration section lacks clarity on conflict resolution. When agents disagree on feedback or approach, there's no defined escalation path or decision-making authority.
| 1. Request fresh AI review | |
| 2. Don't dismiss previous agent's decisions without justification | |
| 3. Tag original agent if making significant changes | |
| 4. Maintain the feedback resolution record | |
| When taking over another agent's PR: | |
| 1. Request fresh AI review | |
| 2. Don't dismiss previous agent's decisions without justification | |
| 3. Tag original agent if making significant changes | |
| 4. Maintain the feedback resolution record | |
| 5. If conflicts arise, escalate to team lead or create discussion issue |
.ruler/AGENTS.md
Outdated
|
|
||
| Before merging ANY PR: | ||
| - [ ] CI is green | ||
| - [ ] At least ONE AI review requested |
There was a problem hiding this comment.
Inconsistent with the detailed protocol in the other file. This checklist item is less specific than the corresponding item in .cursor/rules/15-ai-qa-engagement.mdc which could lead to confusion about requirements.
| - [ ] At least ONE AI review requested | |
| - [ ] At least ONE AI review requested and completed |
There was a problem hiding this comment.
Review Summary
This PR establishes a mandatory AI QA review protocol, which is a valuable addition to ensure code quality. However, there are several logical inconsistencies and implementation gaps that need to be addressed before merge:
Critical Issues Found:
- Logic Contradiction: The protocol requires AI review for "any code changes" but then exempts documentation changes, creating confusion about when the mandatory protocol applies
- Inconsistent Examples: The workflow example uses generic commit format instead of the project's required scope-based conventional commits
- Enforcement Gap: The enforcement section lacks specific implementation details and measurable criteria
Recommendations:
- Clarify the scope of mandatory reviews to resolve the contradiction
- Align examples with project-specific conventional commit requirements
- Define specific enforcement mechanisms and criteria
- Consider specifying which AI systems qualify as "QA agents"
The intent behind this protocol is excellent for maintaining code quality, but the implementation needs refinement to be practically enforceable and logically consistent.
You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.
| - Any code changes (not just docs) | ||
| - Bug fixes (even "simple" ones) | ||
| - New features | ||
| - Refactors of any size | ||
| - Dependency updates that affect code | ||
| - Security-related changes | ||
| - API changes | ||
|
|
||
| ### May Skip Review For: | ||
| - Pure documentation changes (README, comments only) | ||
| - Whitespace/formatting-only changes | ||
| - Automated dependency bumps (Dependabot) with no code changes |
There was a problem hiding this comment.
🛑 Logic Error: The protocol contradicts itself by requiring AI review for "any code changes" but then allowing skips for documentation changes. This PR itself is a documentation change that would be exempt under the "May Skip Review For" section, creating a logical inconsistency in the mandatory protocol.
| - Any code changes (not just docs) | |
| - Bug fixes (even "simple" ones) | |
| - New features | |
| - Refactors of any size | |
| - Dependency updates that affect code | |
| - Security-related changes | |
| - API changes | |
| ### May Skip Review For: | |
| - Pure documentation changes (README, comments only) | |
| - Whitespace/formatting-only changes | |
| - Automated dependency bumps (Dependabot) with no code changes | |
| ### ALWAYS Request Review For: | |
| - New features | |
| - Bug fixes (even "simple" ones) | |
| - Refactors of any size | |
| - Dependency updates that affect code | |
| - Security-related changes | |
| - API changes | |
| - Infrastructure or configuration changes that affect runtime behavior | |
| ### May Skip Review For: | |
| - Pure documentation changes (README, comments only) that don't affect code behavior | |
| - Whitespace/formatting-only changes with no functional impact | |
| - Automated dependency bumps (Dependabot) with no code changes |
|
|
||
| ```bash | ||
| # 1. Create PR | ||
| gh pr create --title "fix: resolve API bug" |
There was a problem hiding this comment.
The example workflow shows a conventional commit format that doesn't match the project's documented scope requirements. According to the project guidelines, commits should use specific scopes like edt, logging, dic, connectors, etc.
| gh pr create --title "fix: resolve API bug" | |
| gh pr create --title "fix(dic): resolve API validation bug" |
| This is a MANDATORY protocol. PRs merged without proper AI review engagement | ||
| may be reverted. The goal is quality, not speed. |
There was a problem hiding this comment.
The enforcement section lacks specific implementation details. How will "PRs merged without proper AI review engagement" be detected? What constitutes "proper AI review engagement"? The protocol needs clear, measurable criteria to be enforceable.
| **NEVER merge a PR without:** | ||
| 1. Requesting AI review from at least ONE QA agent |
There was a problem hiding this comment.
The requirement to request review from "at least ONE QA agent" is ambiguous. The listed commands invoke different AI systems with varying capabilities. Consider specifying which AI reviewers are considered "QA agents" or requiring multiple reviewers for critical changes.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a mandatory AI QA review protocol, formalizing the process with detailed rules, checklists, and enforcement measures. The changes are a significant improvement, making the process much clearer and stricter. My review focuses on enhancing the clarity and consistency of these new documents. I've identified a potential conflict in the policy for handling critical issues, suggested clarifying the definition of a 'resolved' review thread, and pointed out inconsistencies in the merge checklist and feedback guidelines between the two updated files. Addressing these points will help ensure the new protocol is unambiguous and can be followed effectively.
| - Fixing the issue | ||
| - "This is intentional because [technical reason]" | ||
| - "False positive - [explanation with evidence]" | ||
| - "Out of scope for this PR - created issue #X" |
There was a problem hiding this comment.
The option to defer a fix by creating a new issue (Out of scope for this PR - created issue #X) appears to conflict with the rule for Critical/High severity feedback, which states they MUST be fixed before merge (line 61).
To prevent confusion and ensure critical issues are always addressed before a merge, I recommend clarifying that this option does not apply to critical or high-severity feedback. You could add a note specifying this exception.
| - [ ] ALL critical/high severity items fixed | ||
| - [ ] ALL medium severity items fixed or justified | ||
| - [ ] Responses posted to ALL feedback items | ||
| - [ ] No unresolved review threads |
There was a problem hiding this comment.
The requirement for "No unresolved review threads" could be ambiguous. For instance, what is the defined process if a PR author and an AI reviewer disagree, even after the author provides a justification as per line 66? Does the thread need to be manually marked as 'Resolved' in the UI?
To avoid blocking PRs, consider clarifying the definition of a 'resolved' thread. For example, you could specify that a thread is considered resolved once the PR author has responded with either a code fix or a clear technical justification for not implementing the suggestion.
.ruler/AGENTS.md
Outdated
| - [ ] CI is green | ||
| - [ ] At least ONE AI review requested | ||
| - [ ] AI review completed (not pending) | ||
| - [ ] ALL critical/high severity items fixed | ||
| - [ ] ALL feedback items responded to | ||
| - [ ] No unresolved threads |
There was a problem hiding this comment.
The merge checklist in this document is missing a key item present in the main protocol file (.cursor/rules/15-ai-qa-engagement.mdc, line 109): [ ] ALL medium severity items fixed or justified.
To maintain consistency and prevent confusion, the checklists in both documents should be identical. Please add the missing item to this list.
| - [ ] CI is green | |
| - [ ] At least ONE AI review requested | |
| - [ ] AI review completed (not pending) | |
| - [ ] ALL critical/high severity items fixed | |
| - [ ] ALL feedback items responded to | |
| - [ ] No unresolved threads | |
| - [ ] CI is green | |
| - [ ] At least ONE AI review requested | |
| - [ ] AI review completed (not pending) | |
| - [ ] ALL critical/high severity items fixed | |
| - [ ] ALL medium severity items fixed or justified | |
| - [ ] ALL feedback items responded to | |
| - [ ] No unresolved threads |
.ruler/AGENTS.md
Outdated
| ### Addressing Feedback | ||
|
|
||
| 1. **Fix** the issue, OR | ||
| 2. **Reply** with technical justification for disagreeing | ||
| 3. **NEVER** ignore or dismiss without response | ||
| 4. **Re-request** review after significant changes |
There was a problem hiding this comment.
This "Addressing Feedback" section omits the crucial concept of handling feedback based on severity (Critical/High, Medium, Low), which is a core part of the detailed protocol in .cursor/rules/15-ai-qa-engagement.mdc.
To avoid misinterpretation of the protocol, I recommend either briefly mentioning the severity-based handling here or explicitly linking to the more detailed section in the other document. This will ensure agents are aware of the different expectations for different severity levels.
There was a problem hiding this comment.
Code Review
This pull request does an excellent job of formalizing a mandatory AI QA review protocol. The new guidelines in both .cursor/rules/15-ai-qa-engagement.mdc and .ruler/AGENTS.md are comprehensive, clear, and will undoubtedly help improve code quality and consistency. The inclusion of merge checklists, example workflows, and explicit enforcement rules is particularly valuable. My review includes a few suggestions to resolve a minor contradiction in how critical/high severity feedback is handled, ensuring the process is both robust and flexible.
|
|
||
| 1. **Read ALL feedback** - Every comment from every AI reviewer | ||
| 2. **Categorize by severity**: | ||
| - 🛑 **Critical/High** - MUST fix before merge |
There was a problem hiding this comment.
The term MUST fix is a bit too strong and contradicts the acceptable responses in lines 78-82, which allow for justifying false positives or deferring work. A critical issue that is a false positive should be documented and resolved, not 'fixed'. I suggest clarifying the language to reflect this, allowing for resolution beyond just a code fix.
- 🛑 **Critical/High** - MUST be resolved before merge
| - [ ] CI is green (all checks pass) | ||
| - [ ] At least ONE AI review requested (`/gemini review`, `/q review`, etc.) | ||
| - [ ] AI review completed (not pending) | ||
| - [ ] ALL critical/high severity items fixed |
There was a problem hiding this comment.
For consistency with the principle that critical issues can be resolved in ways other than fixing (e.g., confirmed as a false positive), I recommend changing 'fixed' to 'resolved' in the merge checklist. This makes the process clearer and more flexible.
- [ ] ALL critical/high severity items resolved
.ruler/AGENTS.md
Outdated
| - [ ] CI is green | ||
| - [ ] At least ONE AI review requested | ||
| - [ ] AI review completed (not pending) | ||
| - [ ] ALL critical/high severity items fixed |
There was a problem hiding this comment.
To maintain consistency with the main protocol document and to accurately reflect that critical issues can be resolved without a code change (e.g., if it's a false positive), it's better to use 'resolved' instead of 'fixed' in this checklist.
| - [ ] ALL critical/high severity items fixed | |
| - [ ] ALL critical/high severity items resolved |
Fixes based on AI review feedback: 1. Clarified scope - explicit 'Required' vs 'Optional' sections 2. Fixed example to use conventional commit with scope 3. Added specific enforcement criteria 4. Added AI-to-AI conflict resolution process 5. Made checklists consistent between both files 6. Added audit trail and revert policy to enforcement
Addressing Amazon Q FeedbackThank you for the thorough review. I've addressed all feedback items: Issue 1: Logic contradiction (Required vs Skip)Fixed: Added explicit "Scope" section with clear "Required" and "Optional" categories. The contradiction is resolved - code changes always require review, only pure docs/whitespace/Dependabot are optional. Issue 2: Inconsistent example (conventional commits)Fixed: Updated example to use proper scope-based conventional commits: Issue 3: Enforcement gapFixed: Added specific enforcement criteria:
Issue 4: Missing conflict resolutionFixed: Added "Resolving AI-to-AI Conflicts" section with 5-step process:
Issue 5: Checklist consistencyFixed: Both files now have identical checklist items including:
Requesting re-review to verify fixes: /q review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Addressed feedback items: From Amazon Q: - Clarified 'ALWAYS Request Review For' to be specific items not 'any code changes' - Added escalation path for cross-agent conflicts - Updated example to use project-specific scope (dic) - Specified all listed commands are valid QA agents - Added detection mechanism for enforcement - Clarified checklist item to require review 'completed' - Added team lead escalation for revert policy From Gemini: - Changed 'MUST fix' to 'MUST be resolved' (allows false positive handling) - Clarified 'Out of scope' not valid for critical/high items - Added Thread Resolution section defining when thread is resolved - Made checklists identical between both files - Added severity-based feedback section to AGENTS.md - Changed 'fixed' to 'resolved' in all checklists
Addressing ALL Inline FeedbackI've addressed every piece of feedback from Amazon Q and Gemini. Here's the complete response: Amazon Q Feedback - All Addressed ✅
Gemini Feedback - All Addressed ✅
All 12 feedback items have been addressed with code changes. Requesting re-review: /q review |
There was a problem hiding this comment.
Pull request overview
This PR establishes a mandatory AI QA review protocol that agents must follow before merging any pull request, converting previous optional guidance into enforceable requirements.
Key changes:
- Converts AI review from optional to mandatory for all code changes
- Adds comprehensive merge checklists and feedback handling requirements
- Introduces severity-based feedback triage with specific resolution requirements
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.cursor/rules/15-ai-qa-engagement.mdc |
Converts optional AI review guidance to mandatory protocol with merge checklists, reviewer commands, severity-based feedback handling, and enforcement policies |
.ruler/AGENTS.md |
Adds "MANDATORY: AI QA Review Before Merge" section with reviewer commands, merge checklist, and feedback addressing requirements to reinforce the protocol for agents |
| # 1. Create PR with conventional commit scope (use project-specific scopes) | ||
| gh pr create --title "fix(dic): resolve API validation bug" |
There was a problem hiding this comment.
The example workflow should demonstrate using GITHUB_JBCOM_TOKEN for authentication, consistent with the authentication guidelines in .ruler/AGENTS.md which mandate GH_TOKEN=\"$GITHUB_JBCOM_TOKEN\" for all jbcom repo operations.
| # 6. Verify merge checklist complete | ||
|
|
||
| # 7. Only after ALL feedback addressed: | ||
| gh pr merge --squash |
There was a problem hiding this comment.
The merge command should include authentication using GITHUB_JBCOM_TOKEN and the --delete-branch flag as shown in .ruler/AGENTS.md examples: GH_TOKEN=\"$GITHUB_JBCOM_TOKEN\" gh pr merge 123 --squash --delete-branch
| gh pr merge --squash | |
| GH_TOKEN="$GITHUB_JBCOM_TOKEN" gh pr merge <PR_NUMBER> --squash --delete-branch |
.ruler/AGENTS.md
Outdated
| 4. **Re-request** review after significant changes | ||
|
|
||
| ### Resolving AI Conflicts | ||
| When AI reviewers disagree: evaluate both, apply project conventions, document your decision, prefer security/correctness. Escalate to team lead if genuinely ambiguous |
There was a problem hiding this comment.
[nitpick] This single-line instruction should be formatted as a list or separate sentences for better readability, matching the structure used in .cursor/rules/15-ai-qa-engagement.mdc lines 115-120 which covers the same conflict resolution process.
| When AI reviewers disagree: evaluate both, apply project conventions, document your decision, prefer security/correctness. Escalate to team lead if genuinely ambiguous | |
| When AI reviewers disagree: | |
| 1. Evaluate both reviewers' feedback. | |
| 2. Apply project conventions. | |
| 3. Document your decision. | |
| 4. Prefer security and correctness. | |
| 5. Escalate to team lead if genuinely ambiguous. |
There was a problem hiding this comment.
Code Review
This pull request introduces a mandatory AI QA review protocol, which is a significant and positive step towards improving code quality and consistency. The new rules are detailed in .cursor/rules/15-ai-qa-engagement.mdc and summarized in .ruler/AGENTS.md. The documentation is comprehensive, clear, and well-structured, covering everything from when to request a review to how to handle feedback and conflicts. My review focuses on ensuring consistency between the two documents and improving the clarity of examples. I've suggested a few minor changes to align the summary in AGENTS.md with the main rule file and to make an example in the workflow more intuitive.
|
|
||
| ```bash | ||
| # 1. Create PR with conventional commit scope (use project-specific scopes) | ||
| gh pr create --title "fix(dic): resolve API validation bug" |
There was a problem hiding this comment.
In the example workflow, the conventional commit scope dic in fix(dic): ... is a bit obscure. To improve clarity and provide a more common example, consider using a more recognizable scope like api or core. This would make the example easier to understand for someone not familiar with project-specific scopes, even with the note present.
gh pr create --title "fix(api): resolve API validation bug"
.ruler/AGENTS.md
Outdated
|
|
||
| ### Scope | ||
| - **Required**: All code changes, bug fixes, features, refactors, API changes, config changes affecting runtime | ||
| - **Optional**: Pure docs (README only), whitespace-only, Dependabot with no code changes |
There was a problem hiding this comment.
The scope for optional reviews here is slightly inconsistent with the main rule file. This file states Pure docs (README only), while .cursor/rules/15-ai-qa-engagement.mdc is more permissive, stating Pure documentation changes (README, comments only) that don't affect code behavior. To avoid confusion and ensure consistency, it would be better to align this summary with the main rule, clarifying that changes to comments are also exempt.
| - **Optional**: Pure docs (README only), whitespace-only, Dependabot with no code changes | |
| - Optional: Pure documentation changes (e.g., README, comments), whitespace-only, Dependabot with no code changes |
.ruler/AGENTS.md
Outdated
| - [ ] CI is green (all checks pass) | ||
| - [ ] At least ONE AI review requested and completed | ||
| - [ ] ALL critical/high severity items resolved (fixed OR documented as false positive) | ||
| - [ ] ALL medium items resolved or justified with technical reasoning |
There was a problem hiding this comment.
For consistency with the main rule file (.cursor/rules/15-ai-qa-engagement.mdc), it would be clearer to include the word 'severity' in this checklist item. The main file says ALL medium severity items....
| - [ ] ALL medium items resolved or justified with technical reasoning | |
| - [ ] ALL medium severity items resolved or justified with technical reasoning |
Co-authored-by: jon <jon@jonbogaty.com>
…tings Addressed feedback: - Copilot: Added GITHUB_JBCOM_TOKEN to example workflow - Copilot: Added --delete-branch flag to merge command - Copilot: Added scope explanations in comments - Gemini: Clarified 'dic' scope with full list of scopes - Gemini: Made optional scope description consistent between files New section: - Added 'Repository Settings for Automatic AI Review' with instructions for enabling Copilot code review, rulesets, and CODEOWNERS config
Addressing Latest Feedback (Copilot + Gemini)Copilot Feedback - All Addressed ✅
Gemini Feedback - All Addressed ✅
New: Automatic AI Review SettingsAdded new section documenting how to enable automatic Copilot review via repo settings. Created issue #267 to track enabling these settings. Why @copilot review didn't work: Copilot needs to be added as a reviewer in GitHub UI or enabled via repo settings - comment mentions don't trigger it like Gemini/Q. Requesting final review: /q review |
…matic - /gemini review, /q review, @coderabbitai review -> Comment-triggered - Copilot -> Automatic via repo settings OR manual assignment - Cursor Bugbot -> Automatic on all PRs This explains why '@copilot review' comment didn't work - Copilot needs to be enabled in repo settings or manually added as reviewer.
There was a problem hiding this comment.
Code Review
This pull request introduces a mandatory AI QA review protocol, a significant and well-documented process improvement. The changes in .cursor/rules/15-ai-qa-engagement.mdc are comprehensive, covering everything from when to request a review to how to handle feedback and resolve conflicts. The corresponding summary in .ruler/AGENTS.md effectively distills the key points for agents. My review includes a few suggestions to enhance clarity and consistency, such as specifying the reporting channel for AI false positives, improving readability in the summary document, and ensuring perfect alignment between the two documents regarding exceptions.
| 2. Add your feedback as comments, not force-pushes | ||
| 3. Tag them for significant changes: `@cursor what about...` | ||
| 4. Respect their ownership | ||
| This is a **MANDATORY** protocol enforced as follows: |
There was a problem hiding this comment.
The protocol mentions that false positives should be reported, which is a great practice for improving the AI reviewers. However, it doesn't specify the process for reporting them. To make this actionable, it would be helpful to clarify how and where agents should report false positives. For example, should they create an issue in a specific repository or post in a dedicated chat channel?
5. **Continuous improvement** - False positives from AI reviewers should be reported by creating an issue in the project's meta repository.
| - Copilot - Enable in Settings > Code security | ||
| - Cursor Bugbot - Automatic on all PRs | ||
|
|
||
| ### Scope |
There was a problem hiding this comment.
The main protocol document (.cursor/rules/15-ai-qa-engagement.mdc) specifies "Automated Dependabot bumps with no code changes" as an exception. This summary omits the word "Automated". While "Dependabot with no code changes" is likely understood correctly, adding "Automated" would make it perfectly consistent and avoid any ambiguity about manually triggered Dependabot updates that might require more scrutiny.
| ### Scope | |
| - **Optional**: Pure documentation changes (README, comments only), whitespace/formatting-only, Automated Dependabot bumps with no code changes |
| 2. **Reply** with technical justification for disagreeing | ||
| 3. **NEVER** ignore or dismiss without response | ||
| 4. **Re-request** review after significant changes | ||
|
|
There was a problem hiding this comment.
This line is a dense summary of the conflict resolution process. Breaking it into a bulleted list would significantly improve readability and make the individual steps easier to digest at a glance.
| When AI reviewers disagree: | |
| - Evaluate both positions | |
| - Apply project conventions | |
| - Document your decision | |
| - Prefer security/correctness | |
| - Escalate to a team lead if ambiguous |
- Added specific false positive reporting process (create issue with ai-review-feedback label) - Added 'automated' to Dependabot exception for consistency - Formatted AI conflict resolution as bulleted list for readability
Final Gemini Feedback Addressed ✅
All feedback from Amazon Q, Gemini, Copilot, and Cursor has been addressed across 6 commits. Created Issue #267 to track enabling automatic Copilot review in repo settings. /q review |
✅ Merge Checklist CompleteFollowing the very protocol this PR introduces:
Total commits: 6 iterations addressing feedback Ready to merge when you approve. This PR demonstrates the exact workflow it documents. |
There was a problem hiding this comment.
Code Review
This pull request introduces a mandatory AI QA review protocol, which is a great step towards improving code quality and consistency. The documentation in both .cursor/rules/15-ai-qa-engagement.mdc and .ruler/AGENTS.md is comprehensive and detailed. I've provided a few suggestions to improve clarity and consistency across the documents, mainly regarding the list of review commands and some minor wording and path corrections. Overall, this is a solid and important update.
| /gemini review # Google Gemini Code Assist | ||
| /q review # Amazon Q Developer | ||
| @coderabbitai review # CodeRabbit AI review |
There was a problem hiding this comment.
The list of comment-triggered reviewers seems incomplete. The PR description lists @cursor review and @copilot review as commands, but they are missing here. @cursor review was also in the previous version of this file. While Copilot is mentioned as an automatic reviewer, it can also be triggered via the @copilot review command, which is a useful option to document. Please consider adding both to this list for completeness and consistency with the PR description.
/gemini review # Google Gemini Code Assist
/q review # Amazon Q Developer
@copilot review # GitHub Copilot
@cursor review # Cursor AI
@coderabbitai review # CodeRabbit AI review
| /gemini review security # Security-focused review | ||
| /q review performance # Performance analysis | ||
| @copilot review tests # Test coverage review | ||
| @cursor review architecture # Architecture review |
There was a problem hiding this comment.
The syntax for requesting focused reviews appears inconsistent. For example, /gemini review security passes the focus area as an argument, whereas @copilot review tests and @cursor review architecture seem to have a different structure. This can be confusing for users. For clarity, please either make the syntax consistent if possible, or add a note explaining the differences for each tool. For instance, GitHub Copilot's documentation often shows focused reviews using natural language, e.g., @copilot review to focus on tests.
| /gemini review # Google Gemini Code Assist | ||
| /q review # Amazon Q Developer | ||
| @coderabbitai review # CodeRabbit AI review |
There was a problem hiding this comment.
This list of comment-triggered reviewers is missing @cursor review and @copilot review, which are mentioned in the PR description and the main protocol document. For consistency and to provide a complete list of options, please consider adding them.
| /gemini review # Google Gemini Code Assist | |
| /q review # Amazon Q Developer | |
| @coderabbitai review # CodeRabbit AI review | |
| /gemini review # Google Gemini Code Assist | |
| /q review # Amazon Q Developer | |
| @copilot review # GitHub Copilot | |
| @cursor review # Cursor AI | |
| @coderabbitai review # CodeRabbit AI review |
.ruler/AGENTS.md
Outdated
| ``` | ||
|
|
||
| **Automatic** (via repo settings): | ||
| - Copilot - Enable in Settings > Code security |
There was a problem hiding this comment.
The path to enable Copilot is mentioned as Settings > Code security, but the correct path in GitHub is Settings > Code security and analysis. This is correctly stated later in the document on line 176. Please correct this line for consistency and accuracy.
| - Copilot - Enable in Settings > Code security | |
| - Copilot - Enable in Settings > Code security and analysis |
.ruler/AGENTS.md
Outdated
|
|
||
| ### Scope | ||
| - **Required**: All code changes, bug fixes, features, refactors, API changes, config changes affecting runtime | ||
| - **Optional**: Pure documentation changes (README, comments only), whitespace/formatting-only, automated Dependabot bumps with no code changes |
There was a problem hiding this comment.
The term "Optional" for changes that do not require a review could be ambiguous. It might imply that a review is recommended but not mandatory. The corresponding section in .cursor/rules/15-ai-qa-engagement.mdc uses "Review NOT Required (explicit exceptions)", which is clearer. To avoid confusion, I suggest aligning the wording to be more explicit that reviews are not required for these cases.
| - **Optional**: Pure documentation changes (README, comments only), whitespace/formatting-only, automated Dependabot bumps with no code changes | |
| - **Not Required**: Pure documentation changes (README, comments only), whitespace/formatting-only, automated Dependabot bumps with no code changes |
Co-authored-by: jon <jon@jonbogaty.com>
1. Added @copilot review and @cursor review to comment-triggered list 2. Fixed focused review syntax examples (Copilot uses natural language) 3. Fixed Copilot settings path: 'Code security and analysis' 4. Changed 'Optional' to 'Not Required' for clarity
Co-authored-by: jon <jon@jonbogaty.com>
✅ All Feedback Addressed - Ready for Final ReviewThis PR has gone through 9 commits addressing feedback from:
Summary of Changes:
Merge Checklist:
Note: Also built Ready for final approval or merge. /gemini review |
New package providing automated PR triage capabilities: - GitHubClient: Fetch PR data, CI status, feedback - Analyzer: AI-powered analysis using Claude via Vercel AI SDK - Resolver: Auto-resolve feedback and blockers - Triage: Orchestrate full triage workflows CLI commands: - ai-triage analyze <pr> - Full triage report - ai-triage status <pr> - Quick status check - ai-triage plan <pr> - Resolution plan without execution - ai-triage resolve <pr> - Auto-resolve issues - ai-triage run <pr> - Full workflow until ready Built to address the manual triage burden demonstrated in PR #266.
There was a problem hiding this comment.
Code Review
This pull request introduces a significant and well-documented process improvement by making AI QA reviews mandatory before merging. The new protocol in .cursor/rules/15-ai-qa-engagement.mdc is comprehensive, clear, and provides excellent guidance with checklists and enforcement policies. The accompanying summary in .ruler/AGENTS.md is a helpful addition. The new packages/ai-triage/ARCHITECTURE.md document is also very thorough and lays a strong foundation for automating this workflow. My review includes a few suggestions to enhance the clarity, consistency, and usability of these new documents.
Address Gemini feedback for consistency with main protocol document.
Latest Fix (Commit 10)Addressed remaining Gemini feedback:
Complete Summary - All Feedback Addressed ✅Feedback Resolution by Reviewer
Merge Checklist (Per This Protocol)
Ready for final approval. This PR has been thoroughly reviewed by AI agents and demonstrates the exact workflow it documents. /gemini review |
|
Thank you, @jbcom, for the comprehensive updates and for diligently addressing all the feedback from the various AI agents, including Gemini. Your detailed summary clearly outlines the significant improvements made throughout this pull request. I will now proceed with a re-review of the changes to verify that all points have been resolved as described. It's great to see the new AI QA review protocol being thoroughly demonstrated within this PR itself. |
… * docs(agents): add MANDATORY AI QA review protocol before merge BREAKING CHANGE: Agents must now engage AI reviewers before any merge. Changes: - Updated .cursor/rules/15-ai-qa-engagement.mdc with comprehensive mandatory protocol - Added AI QA review section to .ruler/AGENTS.md - Added review commands: /gemini review, /q review, @copilot review, @cursor review - Added merge checklist requiring AI review completion - Added feedback addressing requirements (fix or justify, never ignore) This ensures quality by requiring peer review from AI agents on all PRs. * fix(agents): address Amazon Q feedback on QA protocol Fixes based on AI review feedback: 1. Clarified scope - explicit 'Required' vs 'Optional' sections 2. Fixed example to use conventional commit with scope 3. Added specific enforcement criteria 4. Added AI-to-AI conflict resolution process 5. Made checklists consistent between both files 6. Added audit trail and revert policy to enforcement * fix(agents): address ALL inline feedback from Amazon Q and Gemini Addressed feedback items: From Amazon Q: - Clarified 'ALWAYS Request Review For' to be specific items not 'any code changes' - Added escalation path for cross-agent conflicts - Updated example to use project-specific scope (dic) - Specified all listed commands are valid QA agents - Added detection mechanism for enforcement - Clarified checklist item to require review 'completed' - Added team lead escalation for revert policy From Gemini: - Changed 'MUST fix' to 'MUST be resolved' (allows false positive handling) - Clarified 'Out of scope' not valid for critical/high items - Added Thread Resolution section defining when thread is resolved - Made checklists identical between both files - Added severity-based feedback section to AGENTS.md - Changed 'fixed' to 'resolved' in all checklists * Checkpoint before follow-up message Co-authored-by: jon <jon@jonbogaty.com> * fix(agents): address Copilot/Gemini feedback + add auto AI review settings Addressed feedback: - Copilot: Added GITHUB_JBCOM_TOKEN to example workflow - Copilot: Added --delete-branch flag to merge command - Copilot: Added scope explanations in comments - Gemini: Clarified 'dic' scope with full list of scopes - Gemini: Made optional scope description consistent between files New section: - Added 'Repository Settings for Automatic AI Review' with instructions for enabling Copilot code review, rulesets, and CODEOWNERS config * fix(agents): clarify which AI reviewers are comment-triggered vs automatic - /gemini review, /q review, @coderabbitai review -> Comment-triggered - Copilot -> Automatic via repo settings OR manual assignment - Cursor Bugbot -> Automatic on all PRs This explains why '@copilot review' comment didn't work - Copilot needs to be enabled in repo settings or manually added as reviewer. * fix(agents): address final Gemini feedback - Added specific false positive reporting process (create issue with ai-review-feedback label) - Added 'automated' to Dependabot exception for consistency - Formatted AI conflict resolution as bulleted list for readability * Checkpoint before follow-up message Co-authored-by: jon <jon@jonbogaty.com> * fix(agents): address 5 Gemini feedback items 1. Added @copilot review and @cursor review to comment-triggered list 2. Fixed focused review syntax examples (Copilot uses natural language) 3. Fixed Copilot settings path: 'Code security and analysis' 4. Changed 'Optional' to 'Not Required' for clarity * Checkpoint before follow-up message Co-authored-by: jon <jon@jonbogaty.com> * feat(ai-triage): add AI-powered PR triage package New package providing automated PR triage capabilities: - GitHubClient: Fetch PR data, CI status, feedback - Analyzer: AI-powered analysis using Claude via Vercel AI SDK - Resolver: Auto-resolve feedback and blockers - Triage: Orchestrate full triage workflows CLI commands: - ai-triage analyze <pr> - Full triage report - ai-triage status <pr> - Quick status check - ai-triage plan <pr> - Resolution plan without execution - ai-triage resolve <pr> - Auto-resolve issues - ai-triage run <pr> - Full workflow until ready Built to address the manual triage burden demonstrated in PR #266. * fix(agents): add 'severity' to medium items checklist Address Gemini feedback for consistency with main protocol document. --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat: Complete agentic architecture - Claude Code, cycles, wiki (#190)
* feat: Integrate anthropics/claude-code-action for AI-driven workflows
Add comprehensive Claude Code integration for GitHub automation:
## New Workflows
- claude.yml: Interactive @claude mentions in issues/PRs/comments
- claude-pr-review.yml: Automatic PR code review with inline comments
- claude-issue-triage.yml: Auto-label and categorize new issues
- claude-ci-fix.yml: Auto-fix CI failures and create fix PRs
## Custom Commands (.claude/commands/)
- label-issue.md: Issue triage and labeling
- review-pr.md: Comprehensive PR review checklist
- fix-ci.md: CI failure diagnosis and fix
- ecosystem-sync.md: Cross-repo health check
## Configuration
- CLAUDE.md: Project context for Claude Code
- Updated .gitignore to allow CLAUDE.md
## Key Features
- Progress tracking with visual checkboxes
- Inline code comments on PRs
- AI-to-AI collaboration (allows bot interactions)
- Custom system prompts with project context
- Restricted tool access per workflow
## Authentication
Requires ANTHROPIC_API_KEY secret to be set.
Existing CURSOR_API_KEY kept for fallback workflows.
The agent-*.yml workflows remain as simpler gh CLI fallbacks.
* feat: Add agentic cycle orchestration architecture
Implements distributed agent coordination between control plane and repos:
## Architecture (docs/AGENTIC-ORCHESTRATION.md)
- Control plane decomposes cycles to repo-specific tasks
- Repos work independently with Claude Code tooling
- Bidirectional communication via GitHub Issues
- Aggregation and completion tracking
## New Workflows
- agentic-cycle.yml: Orchestrates decompose/aggregate/complete phases
- sync-claude-tooling.yml: Push standardized tooling to managed repos
## Templates (templates/claude/)
- CLAUDE.md.template: Project context for managed repos
- Workflow templates for repos
- Upstream notify workflow for feedback to control plane
## Issue Template
- agentic-cycle.yml: Easy creation of new cycles
## Key Concepts
- Agentic Cycles replace holding PRs open
- Each repo has its own Claude Code setup
- Station-to-station coordination via issue links
- Control plane aggregates and tracks progress
* docs: Update progress log with orchestration session
* feat: Add wiki-based documentation system
Implements GitHub Wiki as the central documentation hub:
## New Tools
- wiki-cli: Read/write/migrate wiki content
- wiki-read action: Read wiki pages in workflows
- wiki-write action: Write wiki pages in workflows
## Workflows
- wiki-manage.yml: Initialize, migrate, and cleanup
## Architecture (docs/WIKI-ARCHITECTURE.md)
- Wiki structure for Memory Bank, Agentic Rules, Documentation
- Cross-repo access patterns
- Migration plan from repo files to wiki
## Templates
- Minimal AGENTS.md pointing to wiki
- Minimal cursor rules pointing to wiki
## Benefits
- Single source of truth (wiki)
- Cross-repo accessible
- No more ruler concatenation
- Clean repo structure
- Live updates via wiki API
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Use JBCOM_TOKEN secret (GitHub disallows GITHUB_ prefix) (#191)
- Updated agentic-cycle.yml
- Updated sync-claude-tooling.yml
- Updated claude-upstream-notify.yml template
- Added JBCOM_TOKEN secret to repo
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* refactor: Migrate documentation to GitHub Wiki (#193)
All documentation now lives in the wiki: https://github.com/jbcom/jbcom-control-center/wiki
Changes:
- Migrated memory-bank/, docs/, .ruler/ to wiki pages
- Minimal AGENTS.md, CLAUDE.md, copilot-instructions.md pointing to wiki
- Single .cursor/rules/00-wiki.mdc Cursor rule
- Updated wiki-cli for programmatic access
- Fixed Claude PR review to allow cursor bot
* feat: Add wiki/ folder with github-wiki-action (#194)
Proper flat wiki structure per github-wiki-action docs.
- 26 wiki pages with actual content
- README.md → Home (via preprocess)
- Sidebar navigation
- All original content from memory-bank/, .ruler/, docs/
Wiki will sync on push to main.
* perf: Optimize PR review with correct claude-code-action settings (#195)
Based on official docs:
- use_sticky_comment: true (avoid comment spam)
- --max-turns 10 in claude_args (not timeout_minutes)
- Correct tool names (mcp__github_inline_comment__create_inline_comment)
- Skip wiki/docs only PRs
- Job timeout-minutes: 10 (GitHub Actions level)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Add missing Claude command templates for repo sync (#196)
- ecosystem-sync.md
- fix-ci.md
- review-pr.md
- Updated label-issue.md
- Updated claude.yml workflow template
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Use pipe delimiter in sed to handle repo paths with slashes (#197)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Detect new untracked files in Claude sync workflow (#198)
git diff only shows changes in tracked files. Need to stage first
with git add -A to detect new files like CLAUDE.md and .claude/commands/
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Remove invalid YAML workflows (#199)
Removed workflows with multiline string YAML parsing issues:
- agent-issue-triage.yml
- agent-post-merge.yml
- agent-project-management.yml
- agentic-cycle.yml
These workflows had heredoc/multiline strings that caused YAML
parsing failures (content at column 1 interpreted as YAML keys).
Keeping working workflows:
- CI (main workflow)
- claude-*.yml (Claude Code automation)
- sync-claude-tooling.yml (cross-repo sync)
- publish-wiki.yml
- reusable-*.yml
Will recreate the removed workflows with proper YAML formatting
in a follow-up PR.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* 🚀 Cycle 001: Control Plane Activation
* cycle: 001 - Control Plane Activation
Comprehensive cycle documentation for activating the jbcom control plane
and cascading management to personal and enterprise repositories.
## Completed
- CI/CD pipeline
- Wiki documentation (28 pages)
- Claude Code integration
- Cross-repo sync
- All 4 packages on PyPI
## In Progress
- Enterprise integration (FlipsideCrypto)
- Expanded automation workflows
## Next
- Inventory enterprise repos
- Update terraform-modules
- Recreate valid YAML workflows
* docs: Add Active Cycle page and update wiki navigation
- New Active-Cycle.md with current cycle status
- Updated _Sidebar.md with Active Cycle link at top
- Updated README.md (Home) with cycle status
Links to PR #200 for tracking.
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* cycle: Update Phase 1 progress - terraform-modules PR created (#201)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* cycle: Complete Phase 1 - Enterprise Integration (#202)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(deps)(deps): Bump the github-actions-all group with 4 updates (#207)
Bumps the github-actions-all group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node), [actions/github-script](https://github.com/actions/github-script) and [Andrew-Chen-Wang/github-wiki-action](https://github.com/andrew-chen-wang/github-wiki-action).
Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)
Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)
Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)
Updates `Andrew-Chen-Wang/github-wiki-action` from 4 to 5
- [Release notes](https://github.com/andrew-chen-wang/github-wiki-action/releases)
- [Commits](https://github.com/andrew-chen-wang/github-wiki-action/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions-all
- dependency-name: actions/setup-node
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions-all
- dependency-name: actions/github-script
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions-all
- dependency-name: Andrew-Chen-Wang/github-wiki-action
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions-all
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: Add file operations to EDT and exit_run to lifecyclelogging
## Summary
Adds foundational capabilities to enable terraform-modules (and other consumers) to fully adopt the jbcom ecosystem.
### Extended Data Types (`extended-data-types`)
- File operations: `read_file`, `write_file`, `decode_file`, `delete_file`
- URL validation using `validators` library
- String transformations exported
### Lifecyclelogging (`lifecyclelogging`)
- `exit_run` method with key transforms, prefixing, base64 encoding, sorting
- Fixed bug: prefix transformation now properly handles nested lists of dicts
- `log_results` method for writing to log files
- `ExitRunError` exception and `KeyTransform` type alias
### Infrastructure
- UV workspace configuration for all packages
- Tox configuration with tox-uv and tox-gh plugins
- Updated CI workflows for proper workspace support
- Comprehensive linting fixes (ruff, mypy)
All 18 review comments addressed and resolved.
* docs: Add recovery summary for agent bc-7d1997bf (#203)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore: Add VS Code MCP configuration (#205)
* feat: Add file operations to EDT and exit_run to lifecyclelogging (#209)
* feat: Add file operations to EDT and exit_run to lifecyclelogging
Extended Data Types:
- Add read_file, write_file, decode_file, delete_file for unified file I/O
- Add resolve_local_path for path resolution relative to TLD
- Add is_url helper for URL detection
- Export string transformation functions (to_snake_case, to_camel_case, etc.)
- Full test coverage for all new file operations
Lifecyclelogging:
- Add exit_run method for formatted output and clean exit
- Add log_results for writing results to log files
- Add ExitRunError exception for formatting errors
- Support key_transform parameter with built-in transforms:
- "snake_case", "camel_case", "pascal_case", "kebab_case"
- Custom callable transforms
- Recursive key transformation for nested dicts/lists
- Full test coverage including all transform variants
This enables terraform-modules to:
- Replace local utils.py file operations with EDT imports
- Replace local exit_run with lifecyclelogging.Logging.exit_run
- Use extended-data-types as the canonical source for data transformations
* Fix: Handle duplicate values when sorting by field
Co-authored-by: jon <jon@jonbogaty.com>
* Update packages/lifecyclelogging/src/lifecyclelogging/logging.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update packages/extended-data-types/src/extended_data_types/file_data_type.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update packages/extended-data-types/src/extended_data_types/file_data_type.py
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* Update packages/extended-data-types/src/extended_data_types/file_data_type.py
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* Update packages/lifecyclelogging/src/lifecyclelogging/logging.py
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* Update packages/lifecyclelogging/src/lifecyclelogging/logging.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor logging and exit_run, improve type hints and error handling
Co-authored-by: jon <jon@jonbogaty.com>
* Remove noxfile.py configuration
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor: Use uv for workspace dependency management
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor CI to use tox for linting and testing
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor file_data_type: improve error handling and documentation
Co-authored-by: jon <jon@jonbogaty.com>
* Initial plan
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jon <jon@jonbogaty.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
* feat!: Migrate from pycalver to python-semantic-release (#213)
feat!: Migrate from pycalver to python-semantic-release
## Summary
- Replace pycalver with python-semantic-release (PSR) for per-package versioning
- Add monorepo commit parser for scoped version bumps
- Update all documentation for new versioning approach
- Version format: YYYYMM.MINOR.PATCH (e.g., 202511.3.0)
## Changes
- scripts/psr/monorepo_parser.py - Custom commit parser
- packages/*/pyproject.toml - PSR configuration per package
- .github/workflows/ci.yml - Consolidated release workflow
- Documentation updates across README, CONTRIBUTING, wiki, agent configs
## Commit Scopes
- edt → extended-data-types
- logging → lifecyclelogging
- dic → directed-inputs-class
- connectors → vendor-connectors
Fixes #212
BREAKING CHANGE: Requires conventional commits for version bumps
* fix(ci): Use uv tool install instead of --system for externally managed Python (#216)
Fix CI failure for externally managed Python on Ubuntu 24.04
* fix(connectors): Trigger initial 202511.3.0 release to PyPI (#217)
The version was set to 202511.3.0 by the SemVer migration (PR #213) but was never
published to PyPI due to CI failures. This commit triggers the release.
Downstream: terraform-modules PR #203 requires vendor-connectors>=202511.3
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(ci): Fix syntax error in monorepo commit parser (#218)
The commit_body_components_separator function had malformed code:
- Missing 'if match := self.issue_selector.match(text):' conditional
- Orphaned 'has_number.search,' line that was a copy-paste artifact
This was causing semantic-release to fail with:
unexpected indent (monorepo_parser.py, line 256)
Without this fix, no packages can be released because semantic-release
cannot parse commit messages.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(connectors): Trigger vendor-connectors 202511.4.0 release
Unblocks downstream:
- terraform-modules PR #203 (vendor-connectors>=202511.3)
- terraform-modules PR #209 (depends on #203)
* chore(connectors-release): release vendor-connectors v202511.4.0 [skip ci]
Automatically generated by python-semantic-release
* fix(connectors): Disable GitHub release creation for vendor-connectors
The CI token doesn't have permission to create releases. This disables
VCS release creation since we only need PyPI publishing.
* chore(connectors-release): release vendor-connectors v202511.4.1 [skip ci]
Automatically generated by python-semantic-release
* fix(ci): Pass GH_TOKEN to semantic-release and skip VCS release
- Add GH_TOKEN env var to Bump version step
- Add --no-vcs-release flag to skip GitHub release creation
* feat(connectors): Force new release to sync with PyPI
PyPI has 202511.2 but repo has 202511.4.1. This commit triggers a new
version bump to ensure PyPI gets the latest code.
* chore(connectors-release): release vendor-connectors v202511.5.0 [skip ci]
Automatically generated by python-semantic-release
* fix(ci): Use PYPI_API_TOKEN for PyPI publishing
Trusted Publishing (OIDC) isn't configured for all packages. Fall back
to API token authentication.
* feat(connectors): Trigger release with PYPI_API_TOKEN configured
Previous release attempts failed due to Trusted Publishing not being
configured. Now using PYPI_API_TOKEN for authentication.
* style(connectors): Fix formatting
* chore(connectors-release): release vendor-connectors v202511.6.0 [skip ci]
Automatically generated by python-semantic-release
* fix(connectors): Use correct PYPI_TOKEN secret for PyPI publishing
The workflow was using PYPI_API_TOKEN but the secret is named PYPI_TOKEN.
This fix enables PyPI publishing for vendor-connectors.
Unblocks:
- terraform-modules PR #203 (requires vendor-connectors>=202511.3)
- terraform-modules PR #209 (depends on #203)
* chore(connectors-release): release vendor-connectors v202511.6.1 [skip ci]
Automatically generated by python-semantic-release
* feat: add FSC fleet coordination support
Merge PR #221
* chore(edt-release): release extended-data-types v202511.4.0 [skip ci]
Automatically generated by python-semantic-release
* feat(connectors): add list_secrets to AWS and Vault connectors (#223)
## Summary
Add list_secrets methods to AWS and Vault connectors:
- AWS: Support name prefix filtering, optional value fetching, skip empty secrets
- Vault: Recursive KV v2 listing with max depth control
- Security: Input validation for path traversal prevention
- CI: Fixed tox cache key to include package source files
## Test Plan
- [x] All tests pass including new security validation tests
- [x] CI cache invalidation working correctly
* chore(logging-release): release lifecyclelogging v202511.4.0 [skip ci]
Automatically generated by python-semantic-release
* fix(ci): remove automatic AI review from CI (#224)
Remove automatic AI review - use manual triggers (@cursor review, /q review, etc.) when needed
* chore(dic-release): release directed-inputs-class v202511.4.0 [skip ci]
Automatically generated by python-semantic-release
* docs(rules): add manual AI QA engagement protocol (#225)
Add manual AI QA engagement rule for agents
* chore(connectors-release): release vendor-connectors v202511.7.0 [skip ci]
Automatically generated by python-semantic-release
* feat(vendor-connectors): Add cloud API call param utilities (#226)
* feat(vendor-connectors): Add cloud API call param utilities
Add utilities for building properly formatted parameter dictionaries
for cloud provider APIs:
- get_cloud_call_params(): Base function with key casing options
- get_aws_call_params(): AWS-specific (PascalCase, default 100 results)
- get_google_call_params(): Google-specific (camelCase, default 200 results)
These functions help standardize API calls across different cloud providers
by handling common patterns like pagination limits and key transformations.
Migrated from terraform-modules utils.py as part of ecosystem consolidation.
* fix(vendor-connectors): Address review feedback
- Fix max_results=0 edge case (use 'is not None' instead of truthiness check)
- Revert manual version change (let semantic-release handle it)
- Fix docstring example to match actual behavior
- Add test for max_results=0 edge case
* style: Fix lint issues in test_cloud_params.py
* style: Format cloud_params.py
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(vendor-connectors): Improve cloud_params module docstring (#227)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(connectors): Add cloud_params module with API parameter utilities (#228)
Add get_cloud_call_params, get_aws_call_params, and get_google_call_params
functions for building properly formatted parameter dicts for cloud APIs.
This was added in #226 but needs a properly scoped commit for release.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(connectors-release): release vendor-connectors v202511.8.0 [skip ci]
Automatically generated by python-semantic-release
* feat: Add AWS Secrets Manager create, update, delete operations (#236)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat: Add Slack usergroup and conversation listing (#237)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat: Add Vault AWS IAM role helpers (#239)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Bump directed-inputs-class and vendor-connectors versions (#240)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat: Add filtering and transformation to Google user/group listing (#241)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(edt-release): release extended-data-types v202511.5.0 [skip ci]
Automatically generated by python-semantic-release
* Migrate aws codedeploy to new module (#238)
* feat: Add AWS CodeDeploy vendor connector
Co-authored-by: jon <jon@jonbogaty.com>
* fix: Resolve lint errors (E402, C416) in CodeDeploy module
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(logging-release): release lifecyclelogging v202511.5.0 [skip ci]
Automatically generated by python-semantic-release
* docs: add FSC Control Center counterparty awareness (#220)
Addresses review feedback from Amazon Q and Gemini - CalVer version format and broken link fixes.
* chore(dic-release): release directed-inputs-class v202511.5.0 [skip ci]
Automatically generated by python-semantic-release
* feat(packages): add @jbcom/cursor-fleet for unified agent management (#222)
Adds cursor-fleet package for unified agent management. Resolves merge conflicts with main.
* Replay agent activity for terraform-modules migration (#229)
## terraform-modules Migration Integration
### Summary
Complete migration of cloud-specific Python code from terraform-modules to vendor-connectors using modular mixin architecture.
### Added AWS Submodules
- `organizations.py` - AWS Organizations & Control Tower account management
- `s3.py` - S3 bucket & object operations with JSON/YAML support
- `sso.py` - IAM Identity Center (SSO) operations
### Added Google Submodules
- `billing.py` - Billing account management
- `cloud.py` - Resource Manager, IAM, Compute, Container, Storage
- `services.py` - Service usage management
- `workspace.py` - Google Workspace Admin Directory
### GitHub Enhancements
- Organization members, repositories, teams management
- GraphQL query support
### Architecture
- Mixin-based composition for flexible connector assembly
- All 74 tests passing
- AI reviews addressed (Amazon Q, Gemini)
5,027 lines of migrated code from terraform-modules.
* docs: update orchestration with completion status
- All PRs merged: #220, #222, #229
- Spawned verification agent in terraform-modules
- Document migration statistics (5,027+ lines migrated)
* feat(connectors): Add terraform-aligned Google constants and idempotent create methods (#244)
Adds unique contributions from PR #243 to the modular architecture:
- constants.py: Terraform-modules aligned scopes, GCP settings, roles, APIs
- workspace.py: create_or_update_user, create_or_update_group with idempotent behavior
- __init__.py: get_connector_for_user for user impersonation
This properly integrates bc-f5391b3e's work with the modular mixin structure
that was established via PR #241.
Fixes #231 (partial - completes terraform-parity additions)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(connectors-release): release vendor-connectors v202511.9.0 [skip ci]
Automatically generated by python-semantic-release
* docs: Update wiki and orchestration for architectural evolution
* docs: Update wiki and orchestration for architectural evolution
Update documentation to reflect the decorator-based refactoring work:
- wiki/Active-Context.md: Current architectural state and PR plan
- wiki/Progress.md: Session history with completed work
- ORCHESTRATION.md: Full migration context and handoff instructions
- PR_PLAN.md: Dependency chain for focused PRs
This PR should merge FIRST to establish context for subsequent PRs:
1. PR #2: directed-inputs-class decorator API
2. PR #3: python-terraform-bridge package
3. PR #4: vendor-connectors migration
* docs: Update PR_PLAN.md with actual PR numbers
Added PR links and URLs:
- PR #246: Documentation & Wiki Update
- PR #247: directed-inputs-class Decorator API
- PR #248: python-terraform-bridge Package
- PR #249: vendor-connectors Migration Functions
* docs: Address Gemini review feedback
- Fix 'label_account' → 'label_aws_account' in ORCHESTRATION.md
- Consolidate PR Plan sections to reference PR_PLAN.md as single source of truth
- Fix '11 remaining' → '4 remaining' in Progress.md
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* docs: Update PR_PLAN with agent fleet assignments
- Added active fleet section with agent IDs
- Updated PR chain to reflect #246 merged, #249 closed
- Agents spawned for PRs #245, #247, #248
- Control manager coordinating via cursor-fleet
* feat: Add python-terraform-bridge package (#248)
New OSS package for Terraform ↔ Python bridging with decorator-based
method registration.
## Components
- `TerraformModuleParameter`: Type-inferred Terraform variable definitions
- `TerraformModuleResources`: Module generation from Python methods
- `TerraformRegistry`: Decorator-based method registration
- `runtime.py`: External data provider runtime execution
- `cli.py`: CLI tool (terraform-bridge generate/list/run)
## Key Features
- `@registry.data_source()` decorator for external data sources
- `@registry.null_resource()` decorator for null resources
- Automatic parameter inference from type hints
- Docstring-based configuration (legacy support)
- Module generation to Terraform JSON
## Tests
- 50 tests passing
- Covers parameter, module_resources, registry
## Usage
```python
from python_terraform_bridge import TerraformRegistry
registry = TerraformRegistry()
@registry.data_source(key="users", module_class="github")
def list_users(org: str | None = None) -> dict:
return {...}
registry.generate_modules("./terraform-modules")
```
Part of terraform-modules migration.
Depends on: PR #246 (docs), PR #247 (directed-inputs-class)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(edt-release): release extended-data-types v202511.6.0 [skip ci]
Automatically generated by python-semantic-release
* 🤖 Fleet Coordination Channel (HOLD OPEN) (#251)
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat(fleet): Add bidirectional coordination channel
- Add FLEET_COORDINATION.md for coordination protocol docs
- Add coordinator.ts for bidirectional event loop
- OUTBOUND: Fan-out status checks to sub-agents
- INBOUND: Poll coordination PR for @cursor mentions
- Add fleet-coordinator to process-compose.yml
- Creates GitHub as message bus for agent coordination
Implements the pattern where:
1. Control manager periodically checks sub-agents (outbound)
2. Sub-agents report status via PR comments (inbound)
3. @cursor mentions trigger automated dispatch
* feat(fleet): Add bidirectional coordination to Fleet class
- Add coordinate() method for bidirectional event loop
- OUTBOUND: Fan-out status checks to sub-agents
- INBOUND: Poll coordination PR for @cursor mentions
- Add fetchPRComments() and postPRComment() for GitHub integration
- Add 'coordinate' CLI command
- Add fleet-coordinator to process-compose.yml
- Add FLEET_COORDINATION.md docs
Uses GitHub as message bus:
1. Control manager periodically checks sub-agents (outbound)
2. Sub-agents report status via PR comments (inbound)
3. @cursor mentions trigger automated dispatch
* Refactor fleet to handle COMPLETED status and improve GitHub API calls
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat(ruler): Restore .ruler/ structure + add fleet coordination
Restores .ruler/ directory that was migrated to wiki in PR #193.
Core agent rules MUST be in-repo for bootstrap (chicken-egg problem).
Added:
- .ruler/fleet-coordination.md - cursor-fleet usage and coordination protocol
Restored from 6d0c81d:
- AGENTS.md, README.md, copilot.md, cursor.md, ecosystem.md
- agent-self-sufficiency.md, environment-setup.md, ruler.toml
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* refactor: Remove wiki, use GitHub Issues for session tracking
- Delete wiki/ directory (redundant sync to GitHub wiki)
- Delete publish-wiki.yml workflow
- Remove wiki references from .cursor/rules/
- Update .ruler/AGENTS.md to use GitHub Issues for session context
- cursor-fleet for agent coordination instead of wiki pages
GitHub Issues + Projects replace wiki for:
- Session context tracking
- Progress updates
- Blockers
- Agent coordination
* chore: Regenerate agent configs with ruler apply
- Updated AGENTS.md, CLAUDE.md with new session tracking approach
- Regenerated all agent-specific instruction files
- Updated .gitignore with ruler-managed paths
- Updated MCP configs
All agent rules now sourced from .ruler/ directory.
Session tracking now via GitHub Issues (not wiki).
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(logging-release): release lifecyclelogging v202511.6.0 [skip ci]
Automatically generated by python-semantic-release
* feat(connectors): Complete terraform-modules migration gaps - 100% feature parity (#245)
* feat(connectors): complete terraform-modules migration gaps
## Summary
Implements all missing functions identified in issue #220 to achieve 100%
feature parity with terraform-modules.
## AWS Additions (~67% → 100%)
- `label_account`: Apply labels/tags to AWS accounts
- `classify_accounts`: Classify accounts by OU/tags (prod, staging, dev, etc)
- `preprocess_organization`: Preprocess org data for terraform consumption
- `get_bucket_sizes`: Get S3 bucket sizes via CloudWatch metrics
## Google Additions (~72% → 100%)
- `get_project_iam_users`: Get IAM users with roles for a project
- `get_pubsub_resources_for_project`: Aggregate Pub/Sub topics and subscriptions
- `find_inactive_projects`: Find projects without resources or non-ACTIVE state
- `list_available_licenses`: List Google Workspace license assignments
- `get_license_summary`: Summarize license usage by product/SKU
- `get_bigquery_billing_dataset`: Get billing export dataset configuration
- `setup_billing_export`: Set up BigQuery billing export
## GitHub Additions (~75% → 100%)
- `get_users_with_verified_emails`: Get verified domain emails via GraphQL
- `build_workflow`: Build GitHub Actions workflow structure
- `build_workflow_job`: Build workflow job configuration
- `build_workflow_step`: Build workflow step configuration
- `create_python_ci_workflow`: Create standard Python CI workflow
Closes migration gaps from bc-e4aa4260 verification agent findings.
* test(connectors): cover aws org + google billing mixins
Add regression tests for org classification/labeling and billing pagination to satisfy the package coverage gate.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(dic-release): release directed-inputs-class v202511.6.0 [skip ci]
Automatically generated by python-semantic-release
* feat(dic): Add decorator-based input handling API (#247)
* feat(dic): Add decorator-based input handling API
Add @directed_inputs class decorator and @input_config method decorator
as modern alternatives to DirectedInputsClass inheritance.
## New Features
- `@directed_inputs` class decorator for automatic input loading
- `@input_config` method decorator for per-parameter configuration
- Automatic type coercion (bool, int, float, Path, datetime, dict, list)
- Case-insensitive key lookup
- Full backward compatibility with legacy DirectedInputsClass API
## Components
- `decorators.py`: New decorator implementations
- `InputContext`: Runtime input storage and lookup
- `InputConfig`: Per-parameter configuration dataclass
## Tests
- 23 new tests for decorator API
- 39 total tests passing (16 legacy + 23 new)
Part of terraform-modules migration architectural refactor.
Depends on: PR #246 (docs/wiki-orchestration-update)
* fix(dic): Address AI review feedback for decorator API
Fixes:
- Python 3.9 compatibility: types.UnionType check now uses hasattr
- Security: Stdin limited to 1MB to prevent DoS (CWE-400)
- Bug: Positional arguments now correctly override env values
- Import: Fixed docstring import path to directed_inputs_class
- Bug: Fixed decode_yaml self-reference in _decode_value
Added test for positional argument override behavior.
Addresses feedback from Amazon Q, Gemini, Copilot, and Cursor reviews.
* fix(dic): Add type coercion error handling and update README link
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(dic-release): release directed-inputs-class v202511.7.0 [skip ci]
Automatically generated by python-semantic-release
* Fix critical issues in python-terraform-bridge (#253)
* feat: Add decorator support for DirectedInputsClass
Co-authored-by: jon <jon@jonbogaty.com>
* fix(lint): Fix all linting errors in directed-inputs-class and python-terraform-bridge
- Move Mapping/MutableMapping imports to TYPE_CHECKING block
- Extract error message strings to module-level constants
- Remove dead code after return statement in _format_public_error
- Fix sorted(list()) to just sorted()
- Add noqa comment for intentional private attribute access in decorator
* fix(bridge): Complete truncated _print_help method
The _print_help method was truncated and missing the actual help output.
Added data source and null resource listing back.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(connectors-release): release vendor-connectors v202511.10.0 [skip ci]
Automatically generated by python-semantic-release
* fix(ci): Add python-terraform-bridge to CI release matrix (#255)
* Bump directed-inputs-class to 202511.7.0
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(ci): add python-terraform-bridge to CI release matrix
Also fixes .ruler/AGENTS.md documentation to accurately describe the
actual release workflow (PSR + CalVer), not the non-existent CalVer +
GitHub run number workflow that was confusing agents.
Changes:
- Add python-terraform-bridge to build, test, release, and docs matrices
- Rewrite .ruler/AGENTS.md to document actual PSR-based workflow
- Document conventional commit scopes for all packages
* fix(ci): add python-terraform-bridge to tox.ini
* fix(ci): exclude python-terraform-bridge from Python 3.9 tests
PTB requires Python 3.10+ per its pyproject.toml requires-python setting.
* fix(bridge): restore Python 3.9 compatibility
- Remove misguided CI exclusion for Python 3.9 tests
- Fix requires-python back to >=3.9
- Code already uses 'from __future__ import annotations' so union syntax works
* fix(ci): use correct test extra name for python-terraform-bridge
PTB uses [test] not [tests] as the optional dependency name.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(ptb-release): release python-terraform-bridge v1.0.0 [skip ci]
Automatically generated by python-semantic-release
* feat(fleet): Add direct CursorAPI client for bidirectional coordination (#261)
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(fleet): Address AI review security and validation feedback
Addresses critical issues from Amazon Q and Gemini code review:
Security Fixes:
- Add sanitizeError() to prevent API key/token leakage in errors
- Redact Bearer tokens and API keys from error messages
Input Validation:
- Add validateAgentId() with pattern matching (alphanumeric + hyphens)
- Add validatePromptText() with length limits
- Add validateRepository() with format validation
- All user inputs now validated before API calls
Reliability Fixes:
- Move clearTimeout to finally block for proper cleanup
- Handle empty responses (204 No Content)
- Handle non-JSON responses gracefully
- Catch JSON parsing errors with proper error message
Configuration:
- Make base URL configurable via options or CURSOR_API_BASE_URL env
- Add CursorAPIOptions interface for cleaner configuration
- Add static create() for backwards compatibility
- URL-encode agent IDs in all endpoints
Refs: #256
* feat(fleet): Add conversation splitter for large conversation analysis
Implements conversation splitting for easier analysis of agent sessions:
- splitConversation() - splits into batches and individual files
- quickSplit() - minimal options for rapid splitting
- Creates both JSON and readable text versions
- Organizes into /messages, /batches, and summary files
- Preserves original conversation JSON
- Handles Message type with text/type fields
Exports SplitOptions and SplitResult interfaces.
Refs: #256
* feat(fleet): Integrate CursorAPI and add split command
Major updates to cursor-fleet package:
CursorAPI Integration:
- All operations now prefer direct API when CURSOR_API_KEY is set
- Falls back to MCP client when API key not available
- Better performance and reliability for large conversations
New Features:
- split command: Split conversation into readable batches and files
- Creates /messages, /batches directories with JSON and TXT versions
- Integrates conversation-splitter module
API Methods Updated:
- list() - uses CursorAPI when available
- status() - uses CursorAPI when available
- spawn() - uses CursorAPI when available
- followup() - uses CursorAPI when available
- conversation() - uses CursorAPI when available (important for large convos)
- repositories() - uses CursorAPI when available
- split() - new method wrapping conversation-splitter
Refs: #256
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat(fleet): Add AI-powered analysis with Vercel AI SDK + Claude
Major addition: AIAnalyzer module using @ai-sdk/anthropic for:
- Conversation analysis (completed/outstanding tasks, blockers)
- Code review with structured output
- Quick triage of text input
- Auto-generation of GitHub issues from analysis
New CLI Commands:
- cursor-fleet analyze <agent-id> --create-issues --dry-run
- cursor-fleet triage <text>
- cursor-fleet review --base main --head HEAD
Uses Claude claude-sonnet-4-20250514 by default for balance of speed/quality.
Zod schemas for structured output ensure type safety.
Also fixes:
- Add DEBUG logging for CursorAPI fallback (addresses AI review feedback)
This enables intelligent self-assessment before pushing:
- Analyze agent conversations automatically
- Create GitHub issues from outstanding work
- Review code changes with AI before push
Refs: #256
* docs(fleet): Add AI analysis documentation to README
* feat(fleet): Add Copilot integration for auto-PR creation from issues
Enhances AI analyzer to create Copilot-ready issues:
- Issues automatically get `copilot` label for auto-pickup
- Priority labels (`priority:critical`, `priority:high`) added
- Issue body includes clear acceptance criteria
- Context section guides AI agents to .ruler documentation
CLI updates:
- `--no-copilot` flag to skip copilot label if not wanted
Documentation:
- Comprehensive rewrite of .ruler/copilot.md
- Includes workflow for auto-generated issues
- Code patterns, testing requirements, security rules
- PR creation guidelines and commit message format
Labels created:
- `copilot` - Issues for Copilot auto-PR
- `priority:critical` - Critical priority
- `priority:high` - High priority
This creates a pipeline:
1. `cursor-fleet analyze` identifies outstanding tasks
2. Creates GitHub issues with `copilot` label
3. GitHub Copilot auto-creates PRs
4. CI validates, humans review and merge
Refs: #256
* feat(fleet): Add station-to-station handoff protocol
Enables seamless agent continuity across sessions:
Handoff Flow:
1. Predecessor completes SOW, identifies outstanding tasks
2. Predecessor initiates handoff, spawning successor
3. Successor confirms health back to predecessor
4. Successor retrieves predecessor's full conversation
5. Successor merges predecessor's PR (closes them out)
6. Successor creates own PR and continues work
New Components:
- HandoffManager class for managing handoff lifecycle
- HandoffContext for preserving state between agents
- Health check protocol (successor confirms to predecessor)
CLI Commands:
- cursor-fleet handoff initiate <id> --pr --branch --tasks
- cursor-fleet handoff confirm <predecessor-id>
- cursor-fleet handoff takeover <predecessor-id> <pr> <new-branch>
- cursor-fleet handoff status <id>
What Gets Preserved:
- Full conversation history (split into readable files)
- AI-analyzed completed work summary
- Outstanding tasks for successor
- Key decisions made
- PR and branch information
This solves the "agent discontinuity" problem where each agent
starts fresh. Instead, we have a chain of custody with proper
handoff and context preservation.
Refs: #256
* fix(fleet): Correct API endpoints and add self-identification
Fixes:
- Changed /background-agents to /agents (correct Cursor API endpoint)
- Fixed type definitions for AgentTarget (added prUrl, autoCreatePr, etc.)
- Handle both array and {agents: []} response formats
New Features:
- cursor-fleet self - Identify current running agent
- Matches by branch name or repository
Now agents can find themselves using their own tooling.
Refs: #256
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* docs: align instructions with SemVer (#263)
Completing docs/SemVer alignment from agent bc-57463b64 - Issue #257
* feat(connectors): migrate remaining terraform helpers (#264)
Completing terraform migrations from agent bc-57463b64 - Issue #258
* fix(fleet): correct API response parsing for list endpoints (#265)
Bug fix for cursor-fleet API response parsing - enables fleet list/repos commands to work correctly
* chore(connectors-release): release vendor-connectors v202511.11.0 [skip ci]
Automatically generated by python-semantic-release
* docs(agents): add MANDATORY AI QA review protocol before merge (#266)
* docs(agents): add MANDATORY AI QA review protocol before merge
BREAKING CHANGE: Agents must now engage AI reviewers before any merge.
Changes:
- Updated .cursor/rules/15-ai-qa-engagement.mdc with comprehensive mandatory protocol
- Added AI QA review section to .ruler/AGENTS.md
- Added review commands: /gemini review, /q review, @copilot review, @cursor review
- Added merge checklist requiring AI review completion
- Added feedback addressing requirements (fix or justify, never ignore)
This ensures quality by requiring peer review from AI agents on all PRs.
* fix(agents): address Amazon Q feedback on QA protocol
Fixes based on AI review feedback:
1. Clarified scope - explicit 'Required' vs 'Optional' sections
2. Fixed example to use conventional commit with scope
3. Added specific enforcement criteria
4. Added AI-to-AI conflict resolution process
5. Made checklists consistent between both files
6. Added audit trail and revert policy to enforcement
* fix(agents): address ALL inline feedback from Amazon Q and Gemini
Addressed feedback items:
From Amazon Q:
- Clarified 'ALWAYS Request Review For' to be specific items not 'any code changes'
- Added escalation path for cross-agent conflicts
- Updated example to use project-specific scope (dic)
- Specified all listed commands are valid QA agents
- Added detection mechanism for enforcement
- Clarified checklist item to require review 'completed'
- Added team lead escalation for revert policy
From Gemini:
- Changed 'MUST fix' to 'MUST be resolved' (allows false positive handling)
- Clarified 'Out of scope' not valid for critical/high items
- Added Thread Resolution section defining when thread is resolved
- Made checklists identical between both files
- Added severity-based feedback section to AGENTS.md
- Changed 'fixed' to 'resolved' in all checklists
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(agents): address Copilot/Gemini feedback + add auto AI review settings
Addressed feedback:
- Copilot: Added GITHUB_JBCOM_TOKEN to example workflow
- Copilot: Added --delete-branch flag to merge command
- Copilot: Added scope explanations in comments
- Gemini: Clarified 'dic' scope with full list of scopes
- Gemini: Made optional scope description consistent between files
New section:
- Added 'Repository Settings for Automatic AI Review' with instructions
for enabling Copilot code review, rulesets, and CODEOWNERS config
* fix(agents): clarify which AI reviewers are comment-triggered vs automatic
- /gemini review, /q review, @coderabbitai review -> Comment-triggered
- Copilot -> Automatic via repo settings OR manual assignment
- Cursor Bugbot -> Automatic on all PRs
This explains why '@copilot review' comment didn't work - Copilot needs
to be enabled in repo settings or manually added as reviewer.
* fix(agents): address final Gemini feedback
- Added specific false positive reporting process (create issue with ai-review-feedback label)
- Added 'automated' to Dependabot exception for consistency
- Formatted AI conflict resolution as bulleted list for readability
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(agents): address 5 Gemini feedback items
1. Added @copilot review and @cursor review to comment-triggered list
2. Fixed focused review syntax examples (Copilot uses natural language)
3. Fixed Copilot settings path: 'Code security and analysis'
4. Changed 'Optional' to 'Not Required' for clarity
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat(ai-triage): add AI-powered PR triage package
New package providing automated PR triage capabilities:
- GitHubClient: Fetch PR data, CI status, feedback
- Analyzer: AI-powered analysis using Claude via Vercel AI SDK
- Resolver: Auto-resolve feedback and blockers
- Triage: Orchestrate full triage workflows
CLI commands:
- ai-triage analyze <pr> - Full triage report
- ai-triage status <pr> - Quick status check
- ai-triage plan <pr> - Resolution plan without execution
- ai-triage resolve <pr> - Auto-resolve issues
- ai-triage run <pr> - Full workflow until ready
Built to address the manual triage burden demonstrated in PR #266.
* fix(agents): add 'severity' to medium items checklist
Address Gemini feedback for consistency with main protocol document.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(ai-triage): complete AI-powered PR triage package with MCP integration (#270)
* docs(agents): add MANDATORY AI QA review protocol before merge
BREAKING CHANGE: Agents must now engage AI reviewers before any merge.
Changes:
- Updated .cursor/rules/15-ai-qa-engagement.mdc with comprehensive mandatory protocol
- Added AI QA review section to .ruler/AGENTS.md
- Added review commands: /gemini review, /q review, @copilot review, @cursor review
- Added merge checklist requiring AI review completion
- Added feedback addressing requirements (fix or justify, never ignore)
This ensures quality by requiring peer review from AI agents on all PRs.
* fix(agents): address Amazon Q feedback on QA protocol
Fixes based on AI review feedback:
1. Clarified scope - explicit 'Required' vs 'Optional' sections
2. Fixed example to use conventional commit with scope
3. Added specific enforcement criteria
4. Added AI-to-AI conflict resolution process
5. Made checklists consistent between both files
6. Added audit trail and revert policy to enforcement
* fix(agents): address ALL inline feedback from Amazon Q and Gemini
Addressed feedback items:
From Amazon Q:
- Clarified 'ALWAYS Request Review For' to be specific items not 'any code changes'
- Added escalation path for cross-agent conflicts
- Updated example to use project-specific scope (dic)
- Specified all listed commands are valid QA agents
- Added detection mechanism for enforcement
- Clarified checklist item to require review 'completed'
- Added team lead escalation for revert policy
From Gemini:
- Changed 'MUST fix' to 'MUST be resolved' (allows false positive handling)
- Clarified 'Out of scope' not valid for critical/high items
- Added Thread Resolution section defining when thread is resolved
- Made checklists identical between both files
- Added severity-based feedback section to AGENTS.md
- Changed 'fixed' to 'resolved' in all checklists
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(agents): address Copilot/Gemini feedback + add auto AI review settings
Addressed feedback:
- Copilot: Added GITHUB_JBCOM_TOKEN to example workflow
- Copilot: Added --delete-branch flag to merge command
- Copilot: Added scope explanations in comments
- Gemini: Clarified 'dic' scope with full list of scopes
- Gemini: Made optional scope description consistent between files
New section:
- Added 'Repository Settings for Automatic AI Review' with instructions
for enabling Copilot code review, rulesets, and CODEOWNERS config
* fix(agents): clarify which AI reviewers are comment-triggered vs automatic
- /gemini review, /q review, @coderabbitai review -> Comment-triggered
- Copilot -> Automatic via repo settings OR manual assignment
- Cursor Bugbot -> Automatic on all PRs
This explains why '@copilot review' comment didn't work - Copilot needs
to be enabled in repo settings or manually added as reviewer.
* fix(agents): address final Gemini feedback
- Added specific false positive reporting process (create issue with ai-review-feedback label)
- Added 'automated' to Dependabot exception for consistency
- Formatted AI conflict resolution as bulleted list for readability
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(agents): address 5 Gemini feedback items
1. Added @copilot review and @cursor review to comment-triggered list
2. Fixed focused review syntax examples (Copilot uses natural language)
3. Fixed Copilot settings path: 'Code security and analysis'
4. Changed 'Optional' to 'Not Required' for clarity
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat: Upgrade AI SDK and add EnhancedAgent
This commit upgrades the AI SDK to v5/v6, introducing the new EnhancedAgent class. This agent provides advanced capabilities like reasoning, web search, and tool approval, along with improved MCP integration. The CLI and package exports have been updated to reflect these changes.
Co-authored-by: jon <jon@jonbogaty.com>
* fix(ai-triage): address critical security feedback from AI reviewers
Security improvements:
- Add path traversal protection (validatePath utility)
- Add filename sanitization for shell commands
- Fix git diff command injection vulnerability
- Fix delete_file path traversal vulnerability
- Fix process.env type assertion in MCP clients
Addresses Amazon Q and Gemini critical/high severity feedback.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(fleet): station-to-station handoff context bc-3248f18e → bc-c34f7797 (#272)
* feat(fleet): add station-to-station handoff context
Handoff from bc-3248f18e to bc-c34f7797:
- Predecessor context saved for successor
- Active coordination with terraform agent bc-d25d79d9
- All completed work documented
* fix(fleet): align handoff context.json with HandoffContext interface
- Rename keyDecisions → decisions (matches interface)
- Add predecessorPr: 272 (required by CLI)
- Add predecessorBranch (required by CLI)
Fixes JSON schema mismatch that would cause TypeError when
running `cursor-fleet handoff status bc-3248f18e...`.
Re: Gemini's structured outstandingTasks suggestion - deferred
to a separate PR as it requires interface changes in handoff.ts.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* docs: fix test instructions + repository health audit (#275)
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* docs: fix test instructions to use tox instead of uv run pytest
The agent documentation incorrectly stated tests should be run with
`uv run pytest`. The actual testing infrastructure uses tox with
tox-uv for CI-consistent isolated testing.
Updated:
- .ruler/AGENTS.md - Local development section
- .ruler/environment-setup.md - Running tests and quick reference sections
Regenerated all agent configs via `ruler apply`:
- AGENTS.md, CLAUDE.md, .github/copilot-instructions.md
- .codex/rules, .roo/rules
* docs: use $HOME instead of /root for portable path
Address Gemini review feedback - hardcoded /root/.local/bin assumes
root user, $HOME/.local/bin works for any user.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(fleet): Document agent-to-agent communication pattern and add COPILOT_MCP_* env support (#276)
* Initial plan
* Initial investigation: Assess Cursor API followup limitation
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Add COPILOT_MCP_ environment variable support for testing
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Prioritize COPILOT_MCP_* environment variables across all packages
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Add Context7 API key and finalize COPILOT_MCP_* support
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Fix code review feedback: correct paths and remove unimplemented auto-gen docs
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Update packages/cursor-fleet/docs/FOLLOWUP_INVESTIGATION.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Final cleanup: fix date, require TEST_REPO for safety
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Reframe as working-as-designed: PR comments are the correct pattern for agent coordination
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor status command to use envVars array
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor MCP client configuration and environment variable handling
Co-authored-by: jon <jon@jonbogaty.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Co-authored-by: Jon Bogaty <jon@jonbogaty.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(ci): Replace manual version parsing and git operations with PSR and official GitHub Actions (#279)
* Initial plan
* fix(ci): Replace hacky version parsing with PSR, add GitHub release action
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* fix(ci): Replace grep/sed version parsing in docs step with Python tomllib
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* feat(ci): Replace all hacky scripts with proper GitHub Actions for sync and docs
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* fix(ci): Address code review feedback - add skip-existing and fix terminology
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* docs: Add before/after comparison document
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Update CI to ignore new cache dirs and use latest actions
Co-authored-by: jon <jon@jonbogaty.com>
* Update .github/sync/extended-data-types.yml
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* Update .github/workflows/ci.yml
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* fix(ci): Use PSR for version detection in docs job, remove manual parsing
- Replace hacky Python tomllib parsing with `semantic-release version --print-last-released`
- Add fetch-depth: 0 for git history access
- Fix corrupted extended-data-types.yml sync config
- Remove 2>/dev/null suppressions
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jon <jon@jonbogaty.com>
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* fix(ci): correct repo-file-sync-action version to v1.21.1 (#280)
The version v1.22.0 does not exist. Latest available is v1.21.1.
This was causing all release jobs to fail during "Set up job" phase.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(ci): remove invalid --skip-existing flag from semantic-release (#281)
The --skip-existing flag doesn't exist in python-semantic-release.
The "Check if release needed" step already handles this logic.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Revert "fix(ci): correct repo-file-sync-action version to v1.21.1" (#282)
* Revert "fix(ci): correct repo-file-sync-action version to v1.21.1 (#280)"
This reverts commit 8548ef167113f5ace90618fb1b5a182fb61f4648.
* Update GitHub Actions checkout and other action versions
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(ci): pin all GitHub Actions to commit SHAs with latest versions
Updated ALL workflow files with SHA-pinned actions fetched from GitHub releases API:
ci.yml:
- actions/checkout: v6.0.0 (1af3b93b6815bc44a9784bd300feb67ff0d1eeb3)
- hynek/build-and-inspect-python-package: v2.14.0 (efb823f52190ad02594531168b7a2d5790e66516)
- actions/setup-python: v6.1.0 (83679a892e2d95755f2dac6acb0bfd1e9ac5d548)
- hynek/setup-cached-uv: v2.3.0 (757bedc3f972eb7227a1aa657651f15a8527c817)
- actions/cache: v4.3.0 (0057852bfaa89a56745cba8c7296529d2fc39830)
- re-actors/alls-green: v1.2.2 (05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe)
- actions/download-artifact: v6.0.0 (018cc2cf5baa6db3ef3c5f8a56943fffe632ef53)
- pypa/gh-action-pypi-publish: v1.13.0 (ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e)
- softprops/action-gh-release: v2.4.2 (5be0e66d93ac7ed76da52eca8bb058f665c3a5fe)
- BetaHuhn/repo-file-sync-action: v1.21.1 (8b92be3375cf1d1b0cd579af488a9255572e4619)
- peaceiris/actions-gh-pages: v4.0.0 (4f9cc6602d3f66b9c108549d475ec49e8ef4d45e)
Other workflows:
- dependabot/fetch-metadata: v2.4.0 (08eff52bf64351f401fb50d4972fa95b9f2c2d1b)
- actions/github-script: v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd)
- anthropics/claude-code-action: v1 (a7e4c51380c42dd89b127f5e5f9be7b54020bc6b)
All SHAs verified by fetching latest releases from GitHub API and resolving
annotated tags to their underlying commit SHAs.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Check pypi token config for trusted publishing (#283)
* Fix: Remove unnecessary PyPI token permissions
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Fix: Update mypy dependencies to use specific type stubs
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Update .ruler/environment-setup.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor: Clarify tool usage rules for agents
Co-authored-by: jon <jon@jonbogaty.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat: Unified agentic-control package with intelligent multi-org token switching (#285)
* feat: add unified agentic-control package with intelligent token switching
Introduces agentic-control - a new public npm package that unifies all agent
tooling under one product-grade package with:
Core Features:
- Intelligent token switching (GITHUB_FSC_TOKEN for FlipsideCrypto,
GITHUB_JBCOM_TOKEN for jbcom, consistent PR review identity)
- Fleet management (spawn, monitor, coordinate Cursor Background Agents)
- AI-powered triage (conversation analysis, code review)
- Station-to-station handoff protocol
- Token-aware GitHub operations
Package Structure:
- packages/agentic-control/src/core/ - Types, tokens, config
- packages/agentic-control/src/fleet/ - Cursor agent management
- packages/agentic-control/src/triage/ - AI analysis
- packages/agentic-control/src/github/ - Multi-org GitHub client
- packages/agentic-control/src/handoff/ - Agent handoff protocols
- packages/agentic-control/src/cli.ts - Unified CLI
Also updates Dockerfile to include:
- @intellectronica/ruler (globally installed)
- @anthropic-ai/claude-code (globally installed)
- Verification step for all tools
Tests: 19 passing tests for token management
* fix(agentic-control): address all security issues and make fully configurable
Security fixes:
- Fix command injection vulnerabilities using spawnSync instead of execSync
- Fix ReDoS vulnerability in extractOrg regex
- Fix SSRF vulnerability by removing env var override for baseUrl
- Fix token leakage in git clone by using stdio: pipe
- Add input validation for git refs, branch names, PR numbers
Configuration improvements:
- Remove ALL hardcoded organization names and tokens
- Make package fully configurable via agentic.config.json
- Add environment variable patterns for dynamic org configuration
- Require explicit repo configuration for issue creation
Other improvements:
- Add LICENSE file (MIT)
- Set version to 0.0.0 for semantic-release
- Use crypto.randomUUID() for unique IDs
- Add proper try-catch to all CLI handlers
- Add parseInt validation for CLI options
- Update Dockerfile with version pinning and consistent pnpm usage
- Update tests to work with configurable token system (27 tests passing)
- Update README with generic examples instead of hardcoded orgs
This makes agentic-control a proper OSS package ready for public release.
* Refactor: Update dependencies and fix build issues
Co-authored-by: jon <jon@jonbogaty.com>
* feat(agentic-control): add workspace configuration for dog-fooding
Add the actual configuration that we use internally:
- agentic.config.json: Configure jbcom and FlipsideCrypto organizations
with their respective tokens and PR review settings
- .env.example: Document all required environment variables
- .ruler/cursor.md: Update agent rules to reference agentic-control CLI
This completes the transition from hardcoded values in the package
to user-provided configuration. We now dog-food our own package.
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix: address Gemini review feedback
- Combine Docker RUN commands for global tools
- Fix existsSync import (use ES module import, remove require)
- Remove unused _owner/_repo params from outboundLoop
- Add APPROX_CHARS_PER_MESSAGE constant for clarity
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(edt-release): release extended-data-types v202511.7.0 [skip ci]
Automatically generated by python-semantic-release
* fix: update default model to claude-4-opus for Cursor compatibility (#290)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(edt-release): release extended-data-types v202511.7.1 [skip ci]
Automatically generated by python-semantic-rele…
Summary
Adds a mandatory AI QA review protocol that agents MUST follow before merging any PR.
Changes
.cursor/rules/15-ai-qa-engagement.mdc/gemini review- Google Gemini Code Assist/q review- Amazon Q Developer@copilot review- GitHub Copilot@cursor review- Cursor AI@coderabbitai review- CodeRabbit AI.ruler/AGENTS.mdWhy This Matters
Previous PRs were being merged without proper AI review engagement, leading to:
This protocol ensures every PR gets peer review from AI agents.
Testing
This PR itself will follow the protocol:
Requesting AI QA Review:
/gemini review
/q review
@copilot review
@cursor review
Note
Makes AI QA review mandatory before merging and adds reviewer commands, merge checklists, and feedback-handling rules in
/.cursor/rulesand/.ruler/AGENTS.md./.cursor/rules/15-ai-qa-engagement.mdcto a mandatory pre-merge review policy./.ruler/AGENTS.md.Written by Cursor Bugbot for commit 24ac5c3. This will update automatically on new commits. Configure here.