Examples: Add PR review, multi-repo migration, and security audit use cases#290
Closed
axon-agent[bot] wants to merge 1 commit intomainfrom
Closed
Examples: Add PR review, multi-repo migration, and security audit use cases#290axon-agent[bot] wants to merge 1 commit intomainfrom
axon-agent[bot] wants to merge 1 commit intomainfrom
Conversation
… security audit Add production-ready TaskSpawner examples that demonstrate Axon's versatility beyond basic bug fixing: - 05-pr-review-spawner: Label-driven PR review with AgentConfig and custom skills. Shows the githubIssues source with types: [pulls] and the excludeLabels feedback pattern. - 06-multi-repo-migration: Fleet-wide migration pattern with one TaskSpawner per repository sharing a common AgentConfig. Demonstrates Axon's parallel execution for cross-repo refactoring. - 07-security-audit-cron: Periodic security scanning with conditional output (only creates issues when findings exist). Shows cron-based TaskSpawner with AgentConfig for structured audit instructions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
github-actions
bot
added
needs-triage
needs-kind
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
6 issues found across 19 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="examples/06-multi-repo-migration/taskspawners.yaml">
<violation number="1" location="examples/06-multi-repo-migration/taskspawners.yaml:25">
P2: `# TODO: replace with actual migration` is inside a YAML block scalar (`|`), so it will be sent as literal text to the AI agent — it is NOT a YAML comment. This is inconsistent with the other `# TODO:` placeholders in this file (e.g., on `schedule:` lines) which are real YAML comments. Move this TODO to a YAML comment above the `promptTemplate:` key so users see it but the agent doesn't.</violation>
</file>
<file name="examples/05-pr-review-spawner/agentconfig.yaml">
<violation number="1" location="examples/05-pr-review-spawner/agentconfig.yaml:30">
P2: Using `--body "<review>"` is fragile — code reviews routinely contain double quotes, backticks, and other shell metacharacters that will break this command. Prefer `--body-file` to avoid shell quoting issues.</violation>
</file>
<file name="examples/06-multi-repo-migration/README.md">
<violation number="1" location="examples/06-multi-repo-migration/README.md:9">
P2: The "How It Works" section opens with "A single TaskSpawner" which contradicts the actual pattern (one TaskSpawner per repo) clarified two paragraphs later. This will confuse readers. Consider rewriting the opening to accurately describe the architecture from the start.</violation>
<violation number="2" location="examples/06-multi-repo-migration/README.md:43">
P2: Inconsistent CLI usage: this example uses `axon get tasks -w` but examples 01–04 and the parent `examples/README.md` all use `kubectl get tasks -w`. Use `kubectl` for consistency, or update all examples together.</violation>
</file>
<file name="examples/07-security-audit-cron/taskspawner.yaml">
<violation number="1" location="examples/07-security-audit-cron/taskspawner.yaml:28">
P2: Incorrect command name: `go vuln check` doesn't exist. The Go vulnerability scanning tool is `govulncheck` (single word, separate tool). An AI agent following this prompt would fail to run the vulnerability scan.</violation>
</file>
<file name="examples/07-security-audit-cron/README.md">
<violation number="1" location="examples/07-security-audit-cron/README.md:38">
P2: Inconsistent CLI usage: this example uses `axon` commands while existing examples and the main `examples/README.md` use `kubectl`. The main README lists only `kubectl` as a prerequisite; users may not have the `axon` CLI installed. Consider using `kubectl` for consistency, or update the main README to list `axon` as a prerequisite.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| Migrate this repository from the deprecated `log/v1` package to `log/v2`. | ||
|
|
||
| Steps: | ||
| 1. Find all imports of `github.com/your-org/log/v1`. # TODO: replace with actual migration |
There was a problem hiding this comment.
P2: # TODO: replace with actual migration is inside a YAML block scalar (|), so it will be sent as literal text to the AI agent — it is NOT a YAML comment. This is inconsistent with the other # TODO: placeholders in this file (e.g., on schedule: lines) which are real YAML comments. Move this TODO to a YAML comment above the promptTemplate: key so users see it but the agent doesn't.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At examples/06-multi-repo-migration/taskspawners.yaml, line 25:
<comment>`# TODO: replace with actual migration` is inside a YAML block scalar (`|`), so it will be sent as literal text to the AI agent — it is NOT a YAML comment. This is inconsistent with the other `# TODO:` placeholders in this file (e.g., on `schedule:` lines) which are real YAML comments. Move this TODO to a YAML comment above the `promptTemplate:` key so users see it but the agent doesn't.</comment>
<file context>
@@ -0,0 +1,106 @@
+ Migrate this repository from the deprecated `log/v1` package to `log/v2`.
+
+ Steps:
+ 1. Find all imports of `github.com/your-org/log/v1`. # TODO: replace with actual migration
+ 2. Replace them with `github.com/your-org/log/v2`.
+ 3. Update any changed API calls (see migration guide below).
</file context>
| 2. Read the diff: `git diff main...HEAD` | ||
| 3. Read the PR description: `gh pr view <number>` | ||
| 4. Read any existing review comments: `gh api repos/{owner}/{repo}/pulls/<number>/comments` | ||
| 5. Post your review: `gh pr review <number> --comment --body "<review>"` |
There was a problem hiding this comment.
P2: Using --body "<review>" is fragile — code reviews routinely contain double quotes, backticks, and other shell metacharacters that will break this command. Prefer --body-file to avoid shell quoting issues.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At examples/05-pr-review-spawner/agentconfig.yaml, line 30:
<comment>Using `--body "<review>"` is fragile — code reviews routinely contain double quotes, backticks, and other shell metacharacters that will break this command. Prefer `--body-file` to avoid shell quoting issues.</comment>
<file context>
@@ -0,0 +1,31 @@
+ 2. Read the diff: `git diff main...HEAD`
+ 3. Read the PR description: `gh pr view <number>`
+ 4. Read any existing review comments: `gh api repos/{owner}/{repo}/pulls/<number>/comments`
+ 5. Post your review: `gh pr review <number> --comment --body "<review>"`
+ 6. Swap the labels: `gh pr edit <number> --remove-label needs-ai-review --add-label ai-reviewed`
</file context>
| 4. Monitor progress: | ||
|
|
||
| ```bash | ||
| axon get tasks -w |
There was a problem hiding this comment.
P2: Inconsistent CLI usage: this example uses axon get tasks -w but examples 01–04 and the parent examples/README.md all use kubectl get tasks -w. Use kubectl for consistency, or update all examples together.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At examples/06-multi-repo-migration/README.md, line 43:
<comment>Inconsistent CLI usage: this example uses `axon get tasks -w` but examples 01–04 and the parent `examples/README.md` all use `kubectl get tasks -w`. Use `kubectl` for consistency, or update all examples together.</comment>
<file context>
@@ -0,0 +1,53 @@
+4. Monitor progress:
+
+```bash
+axon get tasks -w
+```
+
</file context>
|
|
||
| ## How It Works | ||
|
|
||
| Each repository gets its own Workspace resource. A single TaskSpawner on |
There was a problem hiding this comment.
P2: The "How It Works" section opens with "A single TaskSpawner" which contradicts the actual pattern (one TaskSpawner per repo) clarified two paragraphs later. This will confuse readers. Consider rewriting the opening to accurately describe the architecture from the start.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At examples/06-multi-repo-migration/README.md, line 9:
<comment>The "How It Works" section opens with "A single TaskSpawner" which contradicts the actual pattern (one TaskSpawner per repo) clarified two paragraphs later. This will confuse readers. Consider rewriting the opening to accurately describe the architecture from the start.</comment>
<file context>
@@ -0,0 +1,53 @@
+
+## How It Works
+
+Each repository gets its own Workspace resource. A single TaskSpawner on
+a cron schedule creates one Task per Workspace. Axon handles the
+parallelism — all agents run concurrently in isolated Pods.
</file context>
| passwords in source files — not test fixtures or examples). | ||
| 2. Review dependency files (go.mod, package.json, requirements.txt, etc.) | ||
| for known vulnerabilities. Use available tools if present (e.g., | ||
| `go vuln check`, `npm audit`). |
There was a problem hiding this comment.
P2: Incorrect command name: go vuln check doesn't exist. The Go vulnerability scanning tool is govulncheck (single word, separate tool). An AI agent following this prompt would fail to run the vulnerability scan.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At examples/07-security-audit-cron/taskspawner.yaml, line 28:
<comment>Incorrect command name: `go vuln check` doesn't exist. The Go vulnerability scanning tool is `govulncheck` (single word, separate tool). An AI agent following this prompt would fail to run the vulnerability scan.</comment>
<file context>
@@ -0,0 +1,41 @@
+ passwords in source files — not test fixtures or examples).
+ 2. Review dependency files (go.mod, package.json, requirements.txt, etc.)
+ for known vulnerabilities. Use available tools if present (e.g.,
+ `go vuln check`, `npm audit`).
+ 3. Scan for injection vulnerabilities in code that handles user input.
+ 4. Check configuration files for insecure defaults.
</file context>
| 3. Check results after the next cron tick: | ||
|
|
||
| ```bash | ||
| axon get tasks |
There was a problem hiding this comment.
P2: Inconsistent CLI usage: this example uses axon commands while existing examples and the main examples/README.md use kubectl. The main README lists only kubectl as a prerequisite; users may not have the axon CLI installed. Consider using kubectl for consistency, or update the main README to list axon as a prerequisite.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At examples/07-security-audit-cron/README.md, line 38:
<comment>Inconsistent CLI usage: this example uses `axon` commands while existing examples and the main `examples/README.md` use `kubectl`. The main README lists only `kubectl` as a prerequisite; users may not have the `axon` CLI installed. Consider using `kubectl` for consistency, or update the main README to list `axon` as a prerequisite.</comment>
<file context>
@@ -0,0 +1,47 @@
+3. Check results after the next cron tick:
+
+```bash
+axon get tasks
+axon logs <task-name>
+```
</file context>
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 Axon Agent @gjkim42
Summary
Adds three new production-ready example directories that demonstrate Axon's versatility beyond the existing bug-fix and dependency-update patterns:
05-pr-review-spawner: Automated PR review using
githubIssueswithtypes: [pulls], label-driven triggering (needs-ai-review/ai-reviewed), and AgentConfig with a custom review skill. This is the first example to combine TaskSpawner + AgentConfig + plugins.06-multi-repo-migration: Fleet-wide refactoring pattern using one TaskSpawner per repository, all sharing a common AgentConfig. Demonstrates Axon's strength in parallel execution across microservice fleets — a key selling point for platform teams.
07-security-audit-cron: Weekly security scanning with conditional output — the agent only creates GitHub issues when it finds actual vulnerabilities, avoiding noise. Shows how to use AgentConfig for structured audit checklists.
Each example includes all required resources (Workspace, Secrets, AgentConfig, TaskSpawner) with
# TODO:placeholders, following the established pattern from examples 01-04.Why these use cases
The existing examples (01-04) cover the fundamentals well but all follow the same pattern: single repo, bug-fix or dependency-update prompt. These three new examples expand Axon's demonstrated reach into:
Test plan
kubectl apply --dry-run=client -f examples/05-pr-review-spawner/)# TODO:placeholders are clear and consistent with existing examples🤖 Generated with Claude Code
Summary by cubic
Adds three production-ready examples showing Axon handling PR review, multi-repo migrations, and scheduled security audits. Updates the examples README to include 05–07.
Written for commit 5b17c8b. Summary will update on new commits.