Skip to content

feat: add generic critique agent#87

Open
ascerra wants to merge 3 commits into
mainfrom
feat/add-critique-agent
Open

feat: add generic critique agent#87
ascerra wants to merge 3 commits into
mainfrom
feat/add-critique-agent

Conversation

@ascerra

@ascerra ascerra commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds a platform-agnostic adversarial reviewer agent that validates refinement plans against quality dimensions
  • Includes create-children.sh for child issue creation (GitHub sub-issues API + Jira hierarchy with fallbacks)
  • Test suite with 35 tests covering verdict routing, label logic, critique history, escalation, and JSON extraction
  • Depends on shared scripts from feat: add generic explore agent #11 (explore agent) — comment-helpers.sh, pre-explore.sh, and markdown-to-adf.py

Related Issue

Continuation of agent migration from konflux-ci/refinement to generic agents repo.

Changes

File Description
agents/critique.md Generic critique agent prompt (no Konflux-specific references)
harness/critique.yaml Harness config with env.runner/env.sandbox format
policies/critique.yaml Sandbox policy with read-only GitHub API access
schemas/critique-result.schema.json Output schema with description_clarity and project_routing dimensions
scripts/pre-critique.sh Context preparation (issue, exploration, refine result, platform, routing)
scripts/post-critique.sh Verdict handling (approved/revise/needs_input), label management, escalation
scripts/post-critique-test.sh 35-test suite covering all verdict paths and edge cases
scripts/create-children.sh Child issue creation for GitHub (sub-issues) and Jira (hierarchy with fallbacks)
env/critique.env Sandbox environment variables
docs/critique.md User-facing documentation
config.yaml Registers harness/critique.yaml
README.md Lists critique agent in agent table

Testing

  • bash scripts/post-critique-test.sh — 35/35 tests passing
  • Integration test with live issue (post-merge)

Checklist

  • No Konflux-specific references in agent code
  • Sandbox policy enforces read-only GitHub API access
  • PUT verb blocked in disallowedTools
  • Uses add_label helper consistently (not raw gh api)
  • No deprecated customized/ overlay references
  • Forge block uses env.runner/env.sandbox format
  • Pipeline labels parameterized via environment variables
  • description_clarity and project_routing in critique schema

Made with Cursor

Add a platform-agnostic adversarial reviewer agent that validates
refinement plans against quality dimensions. Includes harness config,
sandbox policy (read-only GitHub API), pre/post scripts, result schema
with description_clarity and project_routing dimensions, create-children.sh
for child issue creation (GitHub sub-issues + Jira hierarchy), and test
suite (35 tests).

Depends on shared scripts from PR #11 (explore agent) — comment-helpers.sh,
pre-explore.sh, and markdown-to-adf.py.

Signed-off-by: Adam Scerra <ascerra@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@ascerra ascerra requested a review from a team as a code owner July 9, 2026 17:45
@qodo-code-review

Copy link
Copy Markdown

PR Summary by Qodo

Add generic critique agent with verdict routing and child-issue creation

✨ Enhancement 🧪 Tests 📝 Documentation ⚙️ Configuration changes 🕐 40+ Minutes

Grey Divider

AI Description

• Add a platform-agnostic critique agent to approve/revise/escalate refinement plans.
• Wire critique stage into the harness with read-only sandbox policy and output schema validation.
• Implement pre/post scripts, child issue creation, and a 35-case shell test suite.
Diagram

graph TD
A["Issue (GitHub/Jira)"] --> B["scripts/pre-critique.sh"] --> C[("refine-result.json") ] --> D["Critique agent (sandbox)"] --> E[("critique-result.json") ] --> F["scripts/post-critique.sh"] --> G["scripts/create-children.sh"] --> H["Child issues"]
Loading
High-Level Assessment

The following are alternative approaches to this PR:

1. Move child creation logic to a small Python CLI
  • ➕ More robust JSON handling and error reporting than bash/jq for complex flows
  • ➕ Easier unit testing/mocking of GitHub/Jira APIs
  • ➕ Cleaner abstraction for platform-specific hierarchy/linking rules
  • ➖ Adds runtime/dependency surface area to the runner image
  • ➖ May diverge from existing repo convention if other agents are bash-first
2. Use a reusable GitHub Action / composite action for verdict routing
  • ➕ Standardizes label/comment behavior across agents
  • ➕ Makes post-script logic easier to share/version across pipelines
  • ➖ Harder to reuse outside GitHub Actions (e.g., local runs or other CI systems)
  • ➖ Still needs scripting for Jira APIs unless paired with a library/CLI

Recommendation: The PR’s approach (bash pre/post orchestration + sandboxed prompt + JSON schema contract) fits a repo that favors shell-based pipelines and keeps the agent read-only. The main follow-up worth considering is extracting the Jira/GitHub child-creation logic into a more testable module (Python CLI or shared library) if this script is expected to grow or be reused by other agents.

Files changed (12) +2188 / -0

Enhancement (4) +1454 / -0
critique.mdIntroduce platform-agnostic critique agent prompt and constraints +419/-0

Introduce platform-agnostic critique agent prompt and constraints

• Adds a new critique agent definition with explicit scoring dimensions, verdict criteria, and strict read-only/tooling constraints. Defines required inputs (context files, routing/platform context, history) and the JSON output contract expectations.

agents/critique.md

create-children.shCreate child issues in GitHub (sub-issues) or Jira (hierarchy with fallback) +473/-0

Create child issues in GitHub (sub-issues) or Jira (hierarchy with fallback)

• Implements child issue creation from an approved refinement plan, including topological ordering via parent_title, deduplication against existing children, and per-child platform/project overrides. Supports GitHub sub-issues linking and Jira parent creation with fallback to 'Relates' linking when hierarchy is rejected.

scripts/create-children.sh

post-critique.shRoute critique verdicts into comments, labels, escalation, and optional creation +332/-0

Route critique verdicts into comments, labels, escalation, and optional creation

• Adds the post-processing script that reads critique output, posts sticky comments, updates critique history, and attaches critique feedback for downstream use. Implements verdict handling for approved/revise/needs_input, including max-round escalation behavior and optional child creation through create-children.sh.

scripts/post-critique.sh

pre-critique.shAssemble critique context from issue, exploration, refine artifacts, and skills +230/-0

Assemble critique context from issue, exploration, refine artifacts, and skills

• Adds the pre-processing script that ensures issue context, downloads/extracts refine artifacts (with Jira attachment and GHA artifact fallbacks), and prepares critique history for later rounds. Loads optional routing skill and platform context, then exports all required paths into the environment.

scripts/pre-critique.sh

Tests (1) +357 / -0
post-critique-test.shAdd 35-case shell test suite for post-critique routing and jq extraction +357/-0

Add 35-case shell test suite for post-critique routing and jq extraction

• Adds an isolated bash test harness to validate verdict routing, label selection, critique history updates, iteration output discovery, and JSON field extraction. Avoids live API calls by mirroring key decision functions from post-critique.sh.

scripts/post-critique-test.sh

Documentation (2) +73 / -0
README.mdRegister Critique agent in the public agent table +1/-0

Register Critique agent in the public agent table

• Adds the Critique agent entry to the README agent matrix, describing it as the quality gate for refinement plans and its trigger label.

README.md

critique.mdAdd user-facing documentation for critique pipeline behavior +72/-0

Add user-facing documentation for critique pipeline behavior

• Documents how critique works, the verdict outcomes and labels, and how it fits into the explore→refine→critique pipeline. Describes when and how child issue creation happens via AUTO_CREATE and /fs-create.

docs/critique.md

Other (5) +304 / -0
config.yamlRegister critique harness in global agent config +1/-0

Register critique harness in global agent config

• Adds harness/critique.yaml to the list of agent harness sources so the critique stage is available to the platform.

config.yaml

critique.envDefine sandbox paths for critique stage inputs +6/-0

Define sandbox paths for critique stage inputs

• Adds environment variables pointing the sandbox to expected issue/explore/refine/history/routing/platform context file locations.

env/critique.env

critique.yamlAdd critique harness wiring (host files, env.runner/env.sandbox, schema validation) +75/-0

Add critique harness wiring (host files, env.runner/env.sandbox, schema validation)

• Introduces the critique harness definition including sandbox image, policy, host file mounts for context artifacts, and pre/post scripts. Adds schema validation loop for schemas/critique-result.schema.json and uses the env.runner/env.sandbox split (plus forge config).

harness/critique.yaml

critique.yamlAdd read-only sandbox policy for critique agent +71/-0

Add read-only sandbox policy for critique agent

• Defines filesystem and network restrictions for the critique sandbox, allowing read-only GitHub API access and read-only Jira API access while permitting model endpoints. Ensures the agent cannot mutate issues; mutations happen in post-script on the runner.

policies/critique.yaml

critique-result.schema.jsonDefine critique output schema including description_clarity and project_routing +151/-0

Define critique output schema including description_clarity and project_routing

• Adds a JSON schema for critique results with verdict-specific required fields and structured assessment dimensions. Includes conditional requirements for approved/revise/needs_input and caps for comment/summary length.

schemas/critique-result.schema.json

@fullsend-ai-review

fullsend-ai-review Bot commented Jul 9, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 5:47 PM UTC · Completed 6:03 PM UTC
Commit: 23d7556 · View workflow run →

@qodo-code-review

qodo-code-review Bot commented Jul 9, 2026

Copy link
Copy Markdown

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📜 Skill insights (1)

Context used
✅ Compliance rules (platform): 55 rules
✅ Skills: 4 invoked
  code-review
  code-implementation
  pr-review
  docs-review

Grey Divider


Action required

1. Docs overclaim no external access ✓ Resolved 📜 Skill insight ⚙ Maintainability
Description
docs/critique.md claims the critique agent cannot interact with external services, but the
harness/policy explicitly grants read-only access to GitHub and Jira APIs (and inference endpoints).
This contradiction can mislead operators about the system’s actual network capabilities.
Code

docs/critique.md[R11-13]

+The critique agent runs after the refine agent has produced a decomposition plan. It reads the original work item, exploration context, the proposed plan, and any prior critique history (for revision rounds). It evaluates the plan across seven dimensions — coverage, granularity, dependency coherence, implementability, scope accuracy, assumption grounding, and description clarity — and produces a structured verdict.
+
+The agent runs in a read-only sandbox. It cannot modify issues, create children, or interact with external services. Its only output is a structured JSON critique result consumed by the post-script, which posts a summary comment, attaches feedback, and applies labels to signal the next pipeline step.
Relevance

⭐⭐⭐ High

Team fixes doc accuracy issues; e.g., corrected broken docs links/consistency in PR #15.

PR-#15

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
PR Compliance ID 1538422 requires documentation not to contradict current code/config behavior. The
documentation says no external service interaction, while the new policy/harness explicitly allow
network access to GitHub/Jira endpoints (and model endpoints).

docs/critique.md[11-13]
policies/critique.yaml[20-69]
harness/critique.yaml[5-7]
Skill: docs-review

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Documentation states the agent cannot interact with external services, contradicting the configured network policies.

## Issue Context
The critique sandbox is configured with allowed egress to GitHub and Jira (read-only) and inference endpoints.

## Fix Focus Areas
- docs/critique.md[11-13]
- policies/critique.yaml[20-69]
- harness/critique.yaml[5-7]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


2. Missing helper script dependencies ✓ Resolved 📜 Skill insight ≡ Correctness
Description
Several newly added critique/child-creation scripts hard-depend on helper artifacts
(comment-helpers.sh, pre-explore.sh, markdown-to-adf.py) that are not present in this
repository and are invoked without existence checks, causing the pipeline to fail at runtime before
key verdict handling or Jira child creation can run. This breaks the intended producer/consumer
contract for the critique and child-creation flow and makes critique runs brittle when optional
inputs are absent.
Code

scripts/post-critique.sh[R36-38]

+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${SCRIPT_DIR}/comment-helpers.sh"
+
Relevance

⭐⭐⭐ High

Missing companion scripts treated as real bug; fixed via workspace fallback in PR #41.

PR-#41

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
The scripts demonstrate unconditional dependencies that will hard-fail when the referenced files are
missing: scripts/post-critique.sh runs under set -euo pipefail and immediately sources
scripts/comment-helpers.sh, so absence of that helper terminates the script before any
comment/label/attachment/child-creation logic executes. scripts/pre-critique.sh treats a missing
/tmp/workspace/issue-context.json as fatal unless scripts/pre-explore.sh exists, yet the harness
config marks issue-context.json as optional, making valid executions fail pre-agent. In the Jira
path, scripts/create-children.sh unconditionally shells out to `python3
${SCRIPT_DIR}/markdown-to-adf.py` to build the Jira payload, so Jira child creation cannot proceed
without that converter. This violates the runtime inter-component contract expectations (PR
Compliance IDs 1538370/1538315) because required helper artifacts are not shipped and there is no
fallback besides immediate failure.

scripts/post-critique.sh[36-38]
scripts/pre-critique.sh[36-43]
scripts/create-children.sh[125-127]
scripts/post-critique.sh[34-38]
harness/critique.yaml[23-25]
scripts/pre-critique.sh[35-44]
scripts/create-children.sh[120-127]
docs/critique.md[60-66]
Skill: pr-review
Skill: code-review

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The critique and child-creation scripts introduced/modified in this PR unconditionally `source` or execute helper files (`comment-helpers.sh`, `pre-explore.sh`, `markdown-to-adf.py`) that are not present in-repo and are not guarded by existence checks, leading to immediate runtime failures (often before verdict handling or Jira API calls can occur). Update the pipeline so these dependencies are either vendored into the repo/PR or resolved via robust fallback discovery with clear errors, and ensure critique does not fail simply because optional harness inputs are absent.

## Issue Context
- `post-critique.sh` runs with `set -euo pipefail` and unconditionally sources `scripts/comment-helpers.sh`, so the post phase terminates immediately if the helper is missing, preventing verdict handling (comments/labels/attachments/child creation).
- `pre-critique.sh` exits if `/tmp/workspace/issue-context.json` is missing and `scripts/pre-explore.sh` is not present, but the harness mounts `issue-context.json` as optional, making critique runs brittle and able to fail before the agent starts.
- `create-children.sh` always runs `python3 ${SCRIPT_DIR}/markdown-to-adf.py` in the Jira creation path with no fallback; without the converter, Jira child creation fails before issuing the Jira API request.
- Other scripts in the repo sometimes implement fallback discovery for companion scripts (e.g., searching workspace locations); critique currently does not.
- Docs indicate Jira child creation is supported, but the implementation assumes the converter exists locally.

## Fix Focus Areas
- scripts/post-critique.sh[34-38]
- scripts/pre-critique.sh[35-44]
- harness/critique.yaml[23-25]
- scripts/create-children.sh[120-127]
- docs/critique.md[60-66]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


3. Null acceptance criteria crash ✓ Resolved 🐞 Bug ☼ Reliability
Description
scripts/create-children.sh assumes .children[].acceptance_criteria is always an array and calls
map(...) directly; if it is null/missing, jq errors and the script aborts due to set -e. This
can break auto-create even when all other child fields are usable.
Code

scripts/create-children.sh[R320-324]

+    CHILD_PARENT_TITLE=$(jq -r ".children[${i}].parent_title // \"\"" "${RESULT_FILE}")
+    CHILD_TYPE=$(jq -r ".children[${i}].type" "${RESULT_FILE}")
+    CHILD_DESC=$(jq -r ".children[${i}].description" "${RESULT_FILE}")
+    CHILD_AC=$(jq -r ".children[${i}].acceptance_criteria | map(\"- [ ] \" + .) | join(\"\n\")" "${RESULT_FILE}")
+    CHILD_LABELS=$(jq -c ".children[${i}].labels // []" "${RESULT_FILE}")
Relevance

⭐⭐⭐ High

Team accepts jq/bash hardening to avoid set -e failures (robustness fixes accepted in PR #10).

PR-#10

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
The script has set -euo pipefail enabled, and it runs map(...) over acceptance_criteria
without // [], which causes jq to exit non-zero on null input and abort the script.

scripts/create-children.sh[25-26]
scripts/create-children.sh[320-324]
scripts/create-children.sh[414-419]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`jq` will fail on `null | map(...)`, terminating child creation when a child omits `acceptance_criteria`.

### Issue Context
This failure occurs in both the main creation loop and the orphan fallback loop.

### Fix Focus Areas
- scripts/create-children.sh[25-26]
- scripts/create-children.sh[320-327]
- scripts/create-children.sh[414-419]

### Expected fix
Change the jq extraction to default to an empty array:
- `.children[i].acceptance_criteria // [] | map(...) | join("\n")`
Optionally omit the entire Acceptance Criteria section when the resulting string is empty.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


View more (4)
4. Output filename mismatch ✓ Resolved 🐞 Bug ≡ Correctness
Description
harness/critique.yaml sets FULLSEND_OUTPUT_FILE=critique-result.json, but the critique agent
prompt and post-critique.sh both use agent-result.json. This will cause the validation loop to
look for the wrong output filename and fail the run even when the agent wrote valid JSON.
Code

harness/critique.yaml[R59-66]

+    REVIEW_ROUND: "${REVIEW_ROUND}"
+    MAX_REVIEW_ROUNDS: "${MAX_REVIEW_ROUNDS}"
+    AUTO_CREATE: "${AUTO_CREATE}"
+    FULLSEND_OUTPUT_FILE: critique-result.json
+  sandbox:
+    GH_TOKEN: "${GH_TOKEN}"
+    REVIEW_ROUND: "${REVIEW_ROUND}"
+    MAX_REVIEW_ROUNDS: "${MAX_REVIEW_ROUNDS}"
Relevance

⭐⭐ Medium

No close historical precedent found for FULLSEND_OUTPUT_FILE vs agent-result.json naming mismatches.

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
The harness forces schema validation to read output/${FULLSEND_OUTPUT_FILE}, but the critique
agent prompt instructs writing agent-result.json and the post-script searches for
agent-result.json in iteration outputs.

harness/critique.yaml[52-66]
agents/critique.md[250-257]
scripts/validate-output-schema.sh[27-40]
scripts/post-critique.sh[43-53]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The critique harness config validates `output/critique-result.json`, but the critique agent prompt and post-script contract are `output/agent-result.json`, so validation will fail with “file not found”.

### Issue Context
`validate-output-schema.sh` uses `FULLSEND_OUTPUT_FILE` to decide which filename to validate. Other sandbox agents that write `agent-result.json` do not override `FULLSEND_OUTPUT_FILE`.

### Fix Focus Areas
- harness/critique.yaml[52-66]
- agents/critique.md[250-257]
- scripts/validate-output-schema.sh[27-40]

### Expected fix
Either:
1) Remove `FULLSEND_OUTPUT_FILE: critique-result.json` from the critique harness (so validation uses the default `agent-result.json`), OR
2) Change the critique agent prompt + post-script to write/read `critique-result.json` consistently (less consistent with existing agent conventions).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


5. Policy adds network access unapproved ✗ Dismissed 📜 Skill insight ⛨ Security
Description
A new permission-declaring sandbox policy is introduced with explicit egress allowlists (GitHub,
Jira, and inference endpoints), but the PR does not provide a linked issue/ADR explicitly
authorizing and justifying this permission set. Permission-manifest changes require least-privilege
review with explicit authorization.
Code

policies/critique.yaml[R20-68]

+network_policies:
+  vertex_ai:
+    name: vertex-ai
+    endpoints:
+      - host: "api.anthropic.com"
+        port: 443
+        protocol: rest
+        enforcement: enforce
+        access: read-write
+      - host: "*.googleapis.com"
+        port: 443
+        protocol: rest
+        enforcement: enforce
+        access: read-write
+    binaries:
+      - path: "**/claude"
+      - path: "**/node"
+
+  github_api:
+    name: github-api
+    endpoints:
+      - host: "api.github.com"
+        port: 443
+        protocol: rest
+        enforcement: enforce
+        access: read-only
+      - host: "github.com"
+        port: 443
+        protocol: rest
+        enforcement: enforce
+        access: read-only
+      - host: "raw.githubusercontent.com"
+        port: 443
+        protocol: rest
+        enforcement: enforce
+        access: read-only
+    binaries:
+      - path: "**/gh"
+      - path: "**/git"
+      - path: "**/node"
+
+  jira_api:
+    name: jira-api
+    endpoints:
+      - host: "*.atlassian.net"
+        port: 443
+        protocol: rest
+        enforcement: enforce
+        access: read-only
Relevance

⭐⭐ Medium

Repo enforces permission/least-privilege justification in workflows (partially accepted in PR #25),
but no direct network-policy precedent.

PR-#25

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
PR Compliance ID 1538316 requires permission-manifest changes to follow least privilege and include
explicit justification/authorization. This PR adds a new policy file that grants network access to
multiple endpoints, but no explicit authorization artifact is provided in the PR content.

policies/critique.yaml[20-68]
Skill: code-review

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
A new permission manifest (sandbox policy) is added without an explicit linked authorization/justification for the allowed egress and capabilities.

## Issue Context
Compliance requires least-privilege review and an explicit issue/ADR for permission expansions/introductions.

## Fix Focus Areas
- policies/critique.yaml[20-68]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


6. Protected paths modified in PR ✗ Dismissed 📜 Skill insight § Compliance
Description
This PR modifies multiple protected governance/infrastructure paths (agents/, harness/,
policies/, scripts/), which must not be auto-approved and require explicit review/justification.
A protected-path finding is required whenever these directories are touched.
Code

harness/critique.yaml[R1-7]

+---
+agent: agents/critique.md
+doc: docs/critique.md
+model: opus
+image: ghcr.io/fullsend-ai/fullsend-sandbox:latest
+policy: policies/critique.yaml
+
Relevance

⭐⭐ Medium

Protected-path review requirement appears in history but outcomes are “undetermined” (PRs #29, #59).

PR-#29
PR-#59

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
PR Compliance ID 1538392 mandates raising a finding whenever protected paths are modified, because
these are governance/infrastructure surfaces requiring human approval.

harness/critique.yaml[1-7]
policies/critique.yaml[1-19]
scripts/post-critique.sh[1-10]
agents/critique.md[1-15]
Skill: pr-review

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Protected governance/infrastructure paths were modified and must be explicitly flagged for human review; these PRs must not be auto-approved.

## Issue Context
Protected paths include `agents/`, `harness/`, `policies/`, `scripts/`.

## Fix Focus Areas
- harness/critique.yaml[1-7]
- policies/critique.yaml[1-19]
- scripts/post-critique.sh[1-10]
- agents/critique.md[1-15]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


7. No linked issue for feature ✗ Dismissed 📜 Skill insight § Compliance
Description
This PR is a non-trivial feature addition (new agent, harness, policy, schema, and multiple scripts)
but does not include a linked issue (e.g., Fixes #123 / Jira key URL) that authorizes the work.
Non-trivial changes require explicit authorization via a linked issue.
Code

scripts/post-critique.sh[R1-10]

+#!/usr/bin/env bash
+# post-critique.sh — Process critique agent output.
+#
+# Reads the critique result and performs one of:
+#   - verdict=approved + AUTO_CREATE=true: creates child issues immediately
+#   - verdict=approved + AUTO_CREATE=false: posts approval, adds label for human gate
+#   - verdict=revise + under iteration limit: posts feedback, signals refine via label
+#   - verdict=revise + at iteration limit: posts final plan for human decision
+#
+# Agents are decoupled — they communicate through labels and issue attachments.
Relevance

⭐⭐ Medium

No clear historical enforcement found requiring linked issue for non-trivial PRs; closest is release
workflow closing #26 in PR #25.

PR-#25

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
PR Compliance ID 1538390 requires a linked issue for non-trivial changes; the diff shows substantial
new feature/pipeline code, triggering the authorization requirement.

scripts/post-critique.sh[1-10]
Skill: pr-review

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Non-trivial PR lacks an explicit linked authorizing issue.

## Issue Context
Add a concrete issue link (GitHub issue/PR or Jira ticket URL/key) in the PR description (e.g., `Fixes #...` / `Resolves PROJECT-...`) that authorizes this feature work.

## Fix Focus Areas
- scripts/post-critique.sh[1-10]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools



Remediation recommended

8. Escalation rewrites verdict ✓ Resolved 🐞 Bug ◔ Observability
Description
When max rounds are reached, post-critique.sh mutates the latest critique-history entry by
changing its verdict to approved. This loses audit fidelity by no longer preserving that the
agent actually returned revise for the final round (even though it does add escalated: true).
Code

scripts/post-critique.sh[R244-247]

+    if [[ -f "$CRITIQUE_HISTORY_FILE" ]]; then
+      UPDATED=$(jq '.rounds[-1].verdict = "approved" | .rounds[-1].escalated = true' "$CRITIQUE_HISTORY_FILE")
+      echo "$UPDATED" > "$CRITIQUE_HISTORY_FILE"
+    fi
Relevance

⭐⭐ Medium

No historical evidence found about preserving critique-history verdict vs mutating during
escalation.

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
The script first records the agent verdict in history, then later overwrites the last record's
verdict to approved during escalation, which changes the recorded outcome semantics.

scripts/post-critique.sh[89-106]
scripts/post-critique.sh[244-247]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
On escalation, the script overwrites the recorded verdict from the agent. This makes critique-history.json ambiguous for consumers that expect verdict to reflect the agent's output.

### Issue Context
The script already appends a history record earlier in the run using the agent-provided verdict.

### Fix Focus Areas
- scripts/post-critique.sh[89-106]
- scripts/post-critique.sh[244-247]

### Expected fix
Do not change `.rounds[-1].verdict`. Instead, keep the original verdict and record escalation separately, e.g.:
- `.rounds[-1].escalated = true`
- optionally `.rounds[-1].escalation_reason = "max_rounds"` or a separate `final_state` field.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


9. GitHub deduplication absent ✓ Resolved 🐞 Bug ☼ Reliability
Description
create-children.sh only populates EXISTING_TITLES (dedup) for Jira, but the docs claim re-runs
are deduplicated. On GitHub, re-running auto-create can create duplicate child issues with the same
title.
Code

scripts/create-children.sh[R255-283]

+# --- Fetch existing children for deduplication ---
+
+declare -A EXISTING_TITLES
+
+if [[ "${ISSUE_SOURCE:-}" == "jira" && -n "${JIRA_HOST:-}" && -n "${JIRA_EMAIL:-}" ]]; then
+  _dedup_auth=$(printf '%s:%s' "$JIRA_EMAIL" "$JIRA_API_TOKEN" | base64 -w0)
+
+  # Child work items (parent hierarchy)
+  _children_json=$(curl -sf \
+    -H "Authorization: Basic $_dedup_auth" \
+    -H "Accept: application/json" \
+    "https://${JIRA_HOST}/rest/api/3/search?jql=parent%3D${ISSUE_KEY}&fields=summary,status&maxResults=100" 2>/dev/null || echo '{"issues":[]}')
+
+  while IFS='|' read -r _ck _cs; do
+    [[ -n "$_ck" ]] && EXISTING_TITLES["$_cs"]="$_ck"
+  done < <(echo "$_children_json" | jq -r '.issues[]? | "\(.key)|\(.fields.summary)"')
+
+  # Linked issues (Relates)
+  _links_json=$(curl -sf \
+    -H "Authorization: Basic $_dedup_auth" \
+    -H "Accept: application/json" \
+    "https://${JIRA_HOST}/rest/api/3/issue/${ISSUE_KEY}?fields=issuelinks" 2>/dev/null || echo '{"fields":{"issuelinks":[]}}')
+
+  while IFS='|' read -r _lk _ls; do
+    [[ -n "$_lk" && -z "${EXISTING_TITLES[$_ls]:-}" ]] && EXISTING_TITLES["$_ls"]="$_lk"
+  done < <(echo "$_links_json" | jq -r '.fields.issuelinks[]? | (.outwardIssue // .inwardIssue) | "\(.key)|\(.fields.summary)"')
+
+  echo "Found ${#EXISTING_TITLES[@]} existing child/linked issue(s) for dedup"
+fi
Relevance

⭐⭐ Medium

Dedup-related reliability suggestions were accepted (PR #10), but no specific GitHub child-issue
dedup precedent found.

PR-#10

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
The dedup fetch is guarded by ISSUE_SOURCE == jira, so GitHub executions never populate
EXISTING_TITLES, contradicting the documented behavior and allowing duplicates on reruns.

scripts/create-children.sh[255-283]
docs/critique.md[60-66]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
Deduplication is only implemented for Jira; GitHub runs do not query existing sub-issues/linked issues, so `EXISTING_TITLES` stays empty and the dedup check never triggers.

### Issue Context
Docs explicitly advertise deduplication to avoid double-creation on re-runs.

### Fix Focus Areas
- scripts/create-children.sh[255-283]
- scripts/create-children.sh[306-318]
- docs/critique.md[60-66]

### Expected fix
Implement GitHub dedup by fetching existing children under the parent issue (sub-issues API) and/or searching issues by title within the repo, then populating `EXISTING_TITLES` similarly to the Jira path so repeated runs skip existing children.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools



Informational

10. ::warning:: interpolates title unescaped 📜 Skill insight ⛨ Security
Description
New scripts emit GitHub Actions workflow commands (e.g., ::warning::, ::notice::) while
interpolating untrusted variables like issue titles and API error output without sanitization. This
enables workflow-command injection via ::, %0A/%0D, ANSI, or control characters embedded in
those values.
Code

scripts/create-children.sh[R66-68]

+  result=$(printf '%s' "$body" | gh issue create "${args[@]}" --body-file - 2>&1) || {
+    echo "::warning::Failed to create issue '${title}': ${result}" >&2
+    echo "FAILED"
Relevance

⭐ Low

Workflow-command injection sanitization was explicitly rejected previously (Makefile ::debug:: case)
in PR #37.

PR-#37

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
PR Compliance ID 1538382 requires every interpolated value in GHA workflow commands to be sanitized
individually. The new code emits ::warning::/::notice:: while directly embedding variables like
${title} and ${result} (and other dynamic values) without any sanitize function.

scripts/create-children.sh[66-68]
scripts/create-children.sh[82-83]
scripts/post-critique.sh[139-143]
scripts/pre-critique.sh[33-33]
Skill: pr-review

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
GitHub Actions workflow commands are emitted with interpolated values that are not individually sanitized, allowing command injection.

## Issue Context
`scripts/create-children.sh`, `scripts/post-critique.sh`, and `scripts/pre-critique.sh` use `echo "::notice::..."` / `echo "::warning::..."` / `echo "::error::..."` while including variables such as titles, HTTP codes, and command output.

## Fix Focus Areas
- scripts/create-children.sh[66-83]
- scripts/create-children.sh[392-400]
- scripts/create-children.sh[469-469]
- scripts/post-critique.sh[139-143]
- scripts/post-critique.sh[149-180]
- scripts/pre-critique.sh[33-33]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Grey Divider

Qodo Logo

Comment thread scripts/post-critique.sh
Comment thread docs/critique.md Outdated
Comment thread policies/critique.yaml
Comment thread scripts/post-critique.sh
Comment thread harness/critique.yaml
Comment thread harness/critique.yaml
Comment thread scripts/create-children.sh
Comment thread scripts/create-children.sh
Comment thread scripts/post-critique.sh
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review — #87

Verdict Comment
Reviewed 13d4552
Findings 3 medium, 3 low
Re-review 1 of 4 prior findings addressed

Summary

The latest commit (13d4552) resolves the highest-severity finding from the prior review: post-critique-test.sh is now registered in the Makefile script-test target. Additional improvements include additionalProperties: false throughout the schema, shellcheck fixes, a curl fallback pattern fix, and grouped env exports.

The three medium-severity findings from the prior review remain unresolved and are carried forward unchanged. No new issues were introduced by the latest commit. The PR is functional for the primary GitHub flow; the remaining findings affect Jira integration completeness, display accuracy for edge-case verdicts, and defense-in-depth security hardening.


Medium

1. GHA workflow command injection via unsanitized interpolated values (unresolved from prior review)

create-children.sh, post-critique.sh, and pre-critique.sh interpolate unsanitized values into ::notice:: and ::warning:: GHA workflow commands. The repo has an established sanitize_gha() pattern in post-scribe.sh that strips ::, %0A, %0D, and newline characters. The highest-risk emissions are:

  • create-children.sh: $title and $summary (from agent JSON .children[].title), $body (raw Jira API error response — can contain arbitrary content), $CHILD_TITLE, $CREATED_KEYS
  • post-critique.sh: $CHILD_SUMMARY (contains API-returned issue keys), $ISSUE_KEY
  • pre-critique.sh: $ISSUE_KEY, $ISSUE_SOURCE

An attacker controlling the refine agent's output JSON (e.g., via prompt injection through an issue description) can craft child titles containing %0A::set-env name=... sequences to inject additional workflow commands.

Remediation: Import or duplicate sanitize_gha() from post-scribe.sh and apply to all interpolated variables in workflow commands.

2. Schema does not require assessment for non-approved verdicts (unresolved from prior review)

The JSON schema's allOf conditional validation only requires assessment when verdict is approved. The revise and needs_input conditional blocks do not include assessment in their required arrays. However, post-critique.sh unconditionally reads .assessment.overall // 0 and displays it in the comment table for all verdict paths. When the agent validly omits assessment for a revise or needs_input result (which the schema allows), the posted comment shows "Score: 0/100", which is misleading — it implies the plan scored zero rather than that the score was not computed.

Remediation: Either (a) add assessment to the required arrays for revise and needs_input in the schema, or (b) conditionally omit the Score row from the comment table when .assessment is null/absent.

3. Jira label handling missing for 3 of 4 verdict paths (unresolved from prior review)

The revise under limit verdict path adds labels to Jira issues via a curl PUT to /rest/api/3/issue/${ISSUE_KEY} with label update payload. The other three verdict paths — approved, revise at limit (escalation), and needs_input — only add labels on GitHub via add_label. Jira issues will not receive refine-approved, refine-needs-human, refine-escalated, or refine-needs-input labels, breaking label-based pipeline signaling for Jira-sourced work items.

Remediation: Add Jira label handling (matching the existing pattern in the revise under limit path) to the approved, escalation, and needs_input verdict paths.


Low

  • Tests re-implement logicpost-critique-test.sh defines its own copies of determine_reply_target, determine_verdict_action, and determine_labels rather than testing the actual post-critique.sh code paths. If the script's inline logic diverges from the test's copy, tests will pass while the real script has bugs.
  • Missing token maskingpost-critique.sh does not call ::add-mask:: for GH_TOKEN, PUSH_TOKEN, or JIRA_API_TOKEN. Every other post-script in the repo masks its tokens at the top of the file (post-review.sh, post-fix.sh, post-scribe.sh, post-retro.sh, post-code.sh).
  • Implicit contract in create-children.sh — The script assumes RESULT_FILE contains a .children array (from the refine result) but has no validation beyond JSON parsing. If the wrong file is passed, jq '.children | length' returns 0 and the script exits successfully with zero children created and no warning.
Previous run

Review — #87

Verdict Request Changes
Reviewed 6d0c112
Findings 1 high, 3 medium
Re-review 5 of 9 prior findings addressed

Summary

The fix commit addresses the most critical findings from the prior review: the cross-platform parent key mismatch (via resolve_github_parent_number()), the unguarded source, the disallowedTools bypass, the FULLSEND_OUTPUT_FILE mismatch, sandbox GH_TOKEN leakage, and the refine-approved/refine-escalated label disambiguation. The escalation history mutation is also corrected — verdict is now preserved as revise with an escalated flag rather than being rewritten to approved.

However, three prior findings remain unresolved (Makefile test registration, GHA workflow command injection, schema/post-script assessment contract mismatch), and one new logic gap was found (Jira label handling is only implemented for one of four verdict paths).


High

1. Test suite not registered in Makefile (unresolved from prior review)

scripts/post-critique-test.sh (35 tests) is not added to the script-test target in the Makefile. CI runs make test via the script-test target. Every other agent's test suite is registered (triage, prioritize, code, review, fix, retro, scribe, validate-output-schema). Critique tests are never executed in CI.

Remediation: Add $(call run-timed,bash scripts/post-critique-test.sh) to the script-test target in the Makefile.


Medium

2. GHA workflow command injection via unsanitized interpolated values (unresolved from prior review)

create-children.sh, post-critique.sh, and pre-critique.sh interpolate unsanitized values into ::notice:: and ::warning:: GHA workflow commands. The repo has an established sanitize_gha() pattern in post-scribe.sh that strips ::, %0A, %0D, and newline characters.

3. Schema does not require assessment for non-approved verdicts (unresolved from prior review)

The JSON schema's allOf conditional validation only requires assessment when verdict is approved.

4. Jira label handling missing for 3 of 4 verdict paths

The revise under limit verdict path adds labels to Jira issues. The other three verdict paths only add labels on GitHub.


Low

  • Tests re-implement logic
  • Missing token masking
  • Implicit contract in create-children.sh
Previous run

Review — #87

Verdict Request Changes
Reviewed 23d7556
Findings 3 high, 6 medium

Summary

This PR adds a well-structured critique agent following the repo's established pre-script → sandbox → post-script pipeline. The agent prompt is thorough, the schema uses conditional validation correctly, and the test suite covers core verdict routing. However, there are several code-level issues.

Previous run

Review — #87

Verdict Request Changes
Reviewed 6d0c112
Findings 1 high, 3 medium
Re-review 5 of 9 prior findings addressed

Summary

The fix commit addresses the most critical findings from the prior review: the cross-platform parent key mismatch (via resolve_github_parent_number()), the unguarded source, the disallowedTools bypass, the FULLSEND_OUTPUT_FILE mismatch, sandbox GH_TOKEN leakage, and the refine-approved/refine-escalated label disambiguation. The escalation history mutation is also corrected — verdict is now preserved as revise with an escalated flag rather than being rewritten to approved.

However, three prior findings remain unresolved (Makefile test registration, GHA workflow command injection, schema/post-script assessment contract mismatch), and one new logic gap was found (Jira label handling is only implemented for one of four verdict paths).


High

1. Test suite not registered in Makefile (unresolved from prior review)

scripts/post-critique-test.sh (35 tests) is not added to the script-test target in the Makefile. CI runs make test via the script-test target. Every other agent's test suite is registered (triage, prioritize, code, review, fix, retro, scribe, validate-output-schema). Critique tests are never executed in CI.

Remediation: Add $(call run-timed,bash scripts/post-critique-test.sh) to the script-test target in the Makefile.


Medium

2. GHA workflow command injection via unsanitized interpolated values (unresolved from prior review)

create-children.sh, post-critique.sh, and pre-critique.sh interpolate unsanitized values into ::notice:: and ::warning:: GHA workflow commands. The repo has an established sanitize_gha() pattern in post-scribe.sh that strips ::, %0A, %0D, and newline characters. The highest-risk emissions are:

  • create-children.sh: $title and $summary (from agent JSON .children[].title), $body (raw Jira API error response — can contain arbitrary content), $CHILD_TITLE, $CREATED_KEYS
  • post-critique.sh: $CHILD_SUMMARY (contains API-returned issue keys), $ISSUE_KEY
  • pre-critique.sh: $ISSUE_KEY, $ISSUE_SOURCE

An attacker controlling the refine agent's output JSON (e.g., via prompt injection through an issue description) can craft child titles containing %0A::set-env name=... sequences to inject additional workflow commands.

Remediation: Import or duplicate sanitize_gha() from post-scribe.sh and apply to all interpolated variables in workflow commands.

3. Schema does not require assessment for non-approved verdicts (unresolved from prior review)

The JSON schema's allOf conditional validation only requires assessment when verdict is approved. The revise and needs_input conditional blocks do not include assessment in their required arrays. However, post-critique.sh unconditionally reads .assessment.overall // 0 and displays it in the comment table for all verdict paths. When the agent validly omits assessment for a revise or needs_input result (which the schema allows), the posted comment shows "Score: 0/100", which is misleading — it implies the plan scored zero rather than that the score was not computed.

Remediation: Either (a) add assessment to the required arrays for revise and needs_input in the schema, or (b) conditionally omit the Score row from the comment table when .assessment is null/absent.

4. Jira label handling missing for 3 of 4 verdict paths

The revise under limit verdict path adds labels to Jira issues via a curl PUT to /rest/api/3/issue/${ISSUE_KEY} with label update payload. The other three verdict paths — approved, revise at limit (escalation), and needs_input — only add labels on GitHub via add_label. Jira issues will not receive refine-approved, refine-needs-human, refine-escalated, or refine-needs-input labels, breaking label-based pipeline signaling for Jira-sourced work items.

The revise under limit path proves the Jira label pattern works, so the omission in the other paths appears to be an oversight.

Remediation: Add Jira label handling (matching the existing pattern in the revise under limit path) to the approved, escalation, and needs_input verdict paths.


Low

  • Tests re-implement logicpost-critique-test.sh defines its own copies of determine_reply_target, determine_verdict_action, and determine_labels rather than testing the actual post-critique.sh code paths. If the script's inline logic diverges from the test's copy, tests will pass while the real script has bugs. Partially justified by the comment-helpers.sh dependency.
  • Missing token maskingpost-critique.sh does not call ::add-mask:: for GH_TOKEN, PUSH_TOKEN, or JIRA_API_TOKEN. Every other post-script in the repo masks its tokens at the top of the file (post-review.sh, post-fix.sh, post-scribe.sh, post-retro.sh, post-code.sh).
  • Implicit contract in create-children.sh — The script assumes RESULT_FILE contains a .children array (from the refine result) but has no validation beyond JSON parsing. post-critique.sh reassigns RESULT_FILE to the refine result path before sourcing, making the contract fragile — passing the wrong file would result in silent zero-child creation.
Previous run (2)

Review — #87

Verdict Request Changes
Reviewed 23d7556
Findings 3 high, 6 medium

Summary

This PR adds a well-structured critique agent following the repo's established pre-script → sandbox → post-script pipeline. The agent prompt is thorough, the schema uses conditional validation correctly, and the test suite covers core verdict routing. However, there are several code-level issues — a confirmed logic bug in cross-platform issue creation, missing CI registration for the test suite, GHA workflow command injection gaps, and defense-in-depth issues in the sandbox configuration — that require resolution.


High

1. Cross-platform parent key mismatch — create-children.sh

When ISSUE_SOURCE=jira (parent key is e.g. PROJ-123) and a child has target_platform=github, the code passes the Jira key as a GitHub issue number to the sub-issues API: repos/{repo}/issues/PROJ-123/sub_issues. This call returns 404/422 and is silently suppressed by 2>/dev/null || warning. The child issue is created but never linked to its parent.

Remediation: When the parent is on a different platform than the child, skip sub-issue linking or require an explicit GITHUB_ISSUE_NUMBER for cross-platform scenarios.

2. Test suite not registered in Makefile

scripts/post-critique-test.sh (35 tests) is not added to the Makefile script-test target. CI runs make test, so critique agent tests will not execute. Every other agent's test suite is registered.

Remediation: Add $(call run-timed,bash scripts/post-critique-test.sh) to the script-test target in the Makefile.

3. Unguarded source of missing dependency

post-critique.sh line 36 runs source "${SCRIPT_DIR}/comment-helpers.sh" with set -euo pipefail active. This file is provided by PR #11 (acknowledged in the PR body) but does not exist on main. If this PR merges first, post-critique.sh crashes on every invocation with no diagnostic message.

Remediation: Add a guard: if [[ ! -f "${SCRIPT_DIR}/comment-helpers.sh" ]]; then echo "ERROR: comment-helpers.sh not found (requires PR #11)" >&2; exit 1; fi


Medium

4. GHA workflow command injection via unsanitized interpolated values

create-children.sh and post-critique.sh interpolate agent-derived and API-response values (issue titles, verdict strings, scores) into ::notice:: and ::warning:: GHA workflow commands without sanitizing for :: sequences, %0A/%0D encoded newlines, or raw newlines. The repo already has a sanitization pattern in post-scribe.sh (sanitize_gha()).

Remediation: Apply the same sanitization pattern — strip ::, %0A, %0D, and newline characters from all interpolated variables before they appear in workflow commands.

5. disallowedTools pattern bypass for implicit gh api POST

The agent blocks Bash(gh api *POST*) but gh api endpoint -F field=value performs POST implicitly without containing the literal string "POST". The network policy (access: read-only) provides a backstop, but the application-level control has a gap.

Remediation: Add patterns for -F, -f, --input flags, or use a blanket Bash(gh api *) block as the fix agent does.

6. FULLSEND_OUTPUT_FILE mismatch in harness config

harness/critique.yaml sets FULLSEND_OUTPUT_FILE: critique-result.json in env.runner, but the agent prompt writes agent-result.json and the post-script searches for agent-result.json. Currently benign (the validation script defaults to agent-result.json in the sandbox), but creates a latent inconsistency. No other agent harness sets this variable to a non-default value while the agent writes agent-result.json.

Remediation: Remove the FULLSEND_OUTPUT_FILE override from the harness, or align the agent prompt to write critique-result.json.

7. GH_TOKEN passed to sandbox without clear need

The sandbox receives GH_TOKEN via env.sandbox, but the agent reads pre-staged context files (issue-context.json, refine-result.json, etc.) and the prompt does not instruct gh api calls for data retrieval. Passing secrets to a sandbox when they are not needed violates least privilege.

Remediation: Remove GH_TOKEN from env.sandbox. If the agent needs read-only GitHub API access, consider minting a read-only scoped token.

8. refine-approved label has dual meaning

The label is applied both for genuine approvals (line 162) and for max-rounds escalation (line 192), where the critique agent still has unresolved concerns. Downstream automation triggering on refine-approved cannot distinguish between the two cases.

Remediation: Use a distinct label for escalation (e.g., refine-escalated) or ensure AUTO_CREATE is not acted upon in the escalation path.

9. Schema does not require assessment for revise/needs_input but post-script reads it unconditionally

The JSON schema only requires assessment for the approved verdict. But post-critique.sh unconditionally reads .assessment.overall // 0 for all verdicts, and the history tracking records overall_score for every round. If the agent omits assessment for a revise result (which the schema allows), the comment displays "Score: 0/100".

Remediation: Either add assessment to the required arrays for all verdict types in the schema, or handle missing assessment gracefully in the post-script.


Low

  • Missing icons/critique.pngdocs/critique.md references icons/critique.png but the file is not in the PR or on main.
  • Escalation path rewrites history — When max rounds reached, critique history changes the last round's verdict from revise to approved with an escalated: true flag, which could mislead downstream consumers checking .verdict == "approved".
  • Missing token masking — Other post-scripts use ::add-mask:: for write tokens; post-critique.sh does not mask GH_TOKEN/PUSH_TOKEN/JIRA_API_TOKEN. Baseline inconsistency (post-triage.sh also lacks masking).

fullsend-ai-review[bot]

This comment was marked as outdated.

- Block all gh api calls in sandbox (match fix agent pattern)
- Remove FULLSEND_OUTPUT_FILE override and GH_TOKEN from sandbox
- Guard shared script dependencies with clear PR #11 messages
- Fix cross-platform GitHub parent linking via resolve_github_parent_number
- Default null acceptance_criteria to empty array in create-children.sh
- Add GitHub sub-issue deduplication alongside existing Jira dedup
- Use refine-escalated label instead of refine-approved on max rounds
- Preserve original verdict in critique history on escalation
- Clarify sandbox network capabilities in user docs

Signed-off-by: Adam Scerra <ascerra@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 9, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 6:12 PM UTC · Completed 6:42 PM UTC
Commit: 6d0c112 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

- Fix SC2034/SC2015/SC2129 shellcheck failures
- Upgrade schema to draft/2020-12 with additionalProperties: false
- Add fullsend-check-output after result write
- Document refine-escalated control label
- Register post-critique-test.sh in Makefile script-test target

Signed-off-by: Adam Scerra <ascerra@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 9, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 7:57 PM UTC · Completed 8:07 PM UTC
Commit: 13d4552 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot dismissed stale reviews from themself July 9, 2026 20:06

Superseded by updated review

@fullsend-ai-review fullsend-ai-review Bot added the requires-manual-review Review requires human judgment label Jul 9, 2026
Comment thread env/critique.env

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move this to the harness, then env.sandbox.

@rh-hemartin rh-hemartin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to move some vars to the harness file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

requires-manual-review Review requires human judgment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants