Skip to content

chore: add dotagents #871

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
KooshaPari wants to merge 5 commits into from
+81 −0
Closed

chore: add dotagents #871

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8b6a26c
docs: Turn 12 mass synchronization - Quality/Protection/Security/Auto…
KooshaPari Mar 24, 2026
d002075
docs: Turn 13 mass synchronization - Release/Dependabot/Security/Cont…
KooshaPari Mar 24, 2026
8933678
docs: Turn 15 mass synchronization - Issue Templates/CODEOWNERS/Secur…
KooshaPari Mar 24, 2026
cd6da0e
chore: add dotagents for agent configuration management
KooshaPari Mar 24, 2026
62792e3
chore: add dotagents lockfile
KooshaPari Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Bug Report
description: File a report to help us improve Phenotype
Copy link

@coderabbitai coderabbitai bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Update repository name in bug template description.

Line 2 uses Phenotype; this should match the current project name to avoid confusion.

Suggested patch 
-description: File a report to help us improve Phenotype
+description: File a report to help us improve cliproxyapi-plusplus
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
description: File a report to help us improve Phenotype
description: File a report to help us improve cliproxyapi-plusplus
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/ISSUE_TEMPLATE/bug_report.yml at line 2, Update the YAML description
value on the bug report template by replacing the outdated project name
"Phenotype" with the current repository/project name; specifically edit the
description field (the string assigned to the description key) so it reflects
the correct project name throughout the .github/ISSUE_TEMPLATE/bug_report.yml
file.

labels: ["bug"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to fill out this bug report!
- type: textarea
id: bug-description
attributes:
label: Bug Description
description: A clear and concise description of what the bug is.
placeholder: What happened?
validations:
required: true
11 changes: 11 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: Feature Request
description: Suggest an idea for Phenotype
Copy link

@coderabbitai coderabbitai bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix product name in template copy.

Line 2 still references Phenotype, which doesn’t match this repository and can confuse issue reporters.

Suggested patch 
-description: Suggest an idea for Phenotype
+description: Suggest an idea for cliproxyapi-plusplus
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
description: Suggest an idea for Phenotype
description: Suggest an idea for cliproxyapi-plusplus
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/ISSUE_TEMPLATE/feature_request.yml at line 2, The description field
currently contains the product name "Phenotype" (see the string "description:
Suggest an idea for Phenotype"); update that string to the correct
product/repository name (or a neutral term like "project" if unsure) so the
issue template no longer references the wrong product; ensure only the text
after "description:" is changed and preserve YAML formatting.

labels: ["enhancement"]
body:
- type: textarea
id: feature-description
attributes:
label: Feature Description
description: A clear and concise description of what you want to happen.
validations:
required: true
9 changes: 9 additions & 0 deletions .github/workflows/quality-gate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: quality-gate
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run quality checks
run: ./scripts/quality-gate.sh verify
Comment on lines +1 to +9
Copy link

@coderabbitai coderabbitai bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Set explicit GITHUB_TOKEN permissions for least privilege.

This workflow has no permissions block, so token scope depends on repo defaults. Since it only needs source checkout and local script execution, lock it down to read-only contents.

Suggested patch 
 name: quality-gate
 on: [pull_request]
+permissions:
+  contents: read
 jobs:
   verify:
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
name: quality-gate
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run quality checks
run: ./scripts/quality-gate.sh verify
name: quality-gate
on: [pull_request]
permissions:
contents: read
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run quality checks
run: ./scripts/quality-gate.sh verify
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/quality-gate.yml around lines 1 - 9, Add an explicit
permissions block to the "quality-gate" workflow to limit GITHUB_TOKEN to the
least privilege required (readonly repo contents); modify the workflow top-level
to include permissions: contents: read so the "verify" job (and steps like the
"Run quality checks" step) only get read access to repository contents and
nothing more.

12 changes: 12 additions & 0 deletions .github/workflows/release-drafter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: Release Drafter
on:
push:
branches:
- main
jobs:
update_release_draft:
runs-on: ubuntu-latest
steps:
- uses: release-drafter/release-drafter@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Comment on lines +7 to +12
Copy link

@coderabbitai coderabbitai bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

For release-drafter/release-drafter@v6, what exact workflow permissions are required for GITHUB_TOKEN?

💡 Result:

For release-drafter/release-drafter@v6 using the default GITHUB_TOKEN, the workflow requires the following permissions: permissions: contents: write pull-requests: read contents: write is required to create and update GitHub releases (draft or published). pull-requests: read is required to access pull request data for generating release notes from merged PRs. If using the autolabeler feature, upgrade to pull-requests: write. These permissions can be set at the workflow level (applied to the job/step) or job/step level for finer control. Workflow-level read permissions (e.g., contents: read) are often used at the top for initial checkout/access, with write escalated in the release-drafter job. Example workflow: name: Release Drafter on: push: branches: [main] permissions: contents: write pull-requests: read jobs: update_release_draft: runs-on: ubuntu-latest steps: - uses: release-drafter/release-drafter@v6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Citations:

Declare explicit token permissions for Release Drafter.

Without a permissions block, this job depends on repo defaults and can break in hardened repositories or be over-permissive in others. Set explicit scopes required by release-drafter/release-drafter@v6: contents: write (to create and update releases) and pull-requests: read (to access PR data for release notes).

Suggested patch 
 name: Release Drafter
 on:
   push:
     branches:
       - main
+permissions:
+  contents: write
+  pull-requests: read
 jobs:
   update_release_draft:
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release-drafter.yml around lines 7 - 12, Add an explicit
permissions block to the update_release_draft job (the job that runs
release-drafter/release-drafter@v6) instead of relying on repo defaults: set
contents: write and pull-requests: read so the action can create/update releases
and read PR data; keep the existing env GITHUB_TOKEN usage and ensure the
permissions are declared at the job level for update_release_draft.

9 changes: 9 additions & 0 deletions .github/workflows/self-merge-gate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: self-merge-gate
on: [pull_request_review]
jobs:
check:
runs-on: ubuntu-latest
if: github.event.review.state == 'approved'
steps:
- name: Check self-merge eligibility
run: ./scripts/self-merge-gate.sh
Comment on lines +7 to +9
Copy link

@coderabbitai coderabbitai bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Add repository checkout before running local script.

Line 9 executes a repo script, but the job never checks out code. This will fail at runtime.

Suggested patch 
 jobs:
   check:
     runs-on: ubuntu-latest
     if: github.event.review.state == 'approved'
     steps:
+      - uses: actions/checkout@v4
       - name: Check self-merge eligibility
         run: ./scripts/self-merge-gate.sh
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
steps:
- name: Check self-merge eligibility
run: ./scripts/self-merge-gate.sh
steps:
- uses: actions/checkout@v4
- name: Check self-merge eligibility
run: ./scripts/self-merge-gate.sh
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/self-merge-gate.yml around lines 7 - 9, The workflow step
"Check self-merge eligibility" runs ./scripts/self-merge-gate.sh but never
checks out the repository; add a prior step that uses the checkout action (e.g.,
actions/checkout@v4) before the step that runs ./scripts/self-merge-gate.sh so
the script and repository files are present at runtime; ensure the new step is
placed immediately before the existing "Check self-merge eligibility" step in
the job.

12 changes: 12 additions & 0 deletions .github/workflows/tag-automation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: Tag Automation
on:
push:
tags:
- 'v*'
jobs:
tag:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Create release tag
run: echo "Creating release for ${{ github.ref_name }}"
Comment on lines +11 to +12
Copy link

@coderabbitai coderabbitai bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Implement real tag automation (current step is a no-op).

Line 12 only prints a message; it does not create any release or perform tag-related automation.

Suggested patch 
 name: Tag Automation
 on:
   push:
     tags:
       - 'v*'
+permissions:
+  contents: write
 jobs:
   tag:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
       - name: Create release tag
-        run: echo "Creating release for ${{ github.ref_name }}"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh release create "${{ github.ref_name }}" --generate-notes
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/tag-automation.yml around lines 11 - 12, The "Create
release tag" step is a no-op printing github.ref_name; replace it with real
tagging/publishing logic: ensure the job includes actions/checkout so the repo
is available, then either (A) run shell commands to configure git (git config
user.name/email), fetch history, create an annotated tag (git tag -a "${{
github.ref_name }}" -m "Release ${{ github.ref_name }}") and push it (git push
origin "${{ github.ref_name }}"), or (B) use actions/create-release (e.g.,
actions/create-release@v1) with tag_name: ${{ github.ref_name }} and upload
assets as needed; update the step named "Create release tag" to perform one of
these real actions instead of echo.

7 changes: 7 additions & 0 deletions agents.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Auto-generated by dotagents. Do not edit.
version = 1

[skills.dotagents]
source = "getsentry/dotagents"
resolved_url = "https://github.com/getsentry/dotagents"
resolved_path = "skills/dotagents"
5 changes: 5 additions & 0 deletions agents.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
version = 1

[[skills]]
name = "dotagents"
source = "getsentry/dotagents"
Loading