560e27bda5
* refactor progress comments into a single bundled type + helper module
introduce ProgressComment ({ id, type: "issue" | "review" }) as the canonical handle for
the GitHub comment a run uses to report progress, and route every read/update/delete/create
through a single helper module (action/utils/progressComment.ts). previously every site that
touched the progress comment hardcoded octokit.rest.issues.*Comment, which made adding a
second comment type (review-thread replies) require duplicating the same branch in 6+ places
— the same shape that bit pullfrog/app#445.
new capability: when the address-reviews trigger fires for a one-off review comment, the
"Leaping into action" comment is now posted as a reply in that review thread instead of as
a top-level PR timeline comment. the helper handles failure (e.g. parent comment deleted)
by silently falling back to a top-level issue comment, so the run never loses its progress
surface.
changes:
- action/utils/progressComment.ts (new) — ProgressComment type + getProgressComment,
updateProgressComment, deleteProgressCommentApi, createLeapingProgressComment. uses a
structural Octokit interface to bridge the @octokit/rest version mismatch between the
action package (v22) and the root project (v21).
- action/internal/index.ts — re-export the new types and helpers for cross-boundary use.
- action/external.ts, action/utils/payload.ts — replace progressCommentId: string with
progressComment: { id: string, type: "issue" | "review" } in WriteablePayload + JsonPayload.
wire-format breaking, no legacy fallback (in-flight runs across the deploy lose their
progress comment, fine).
- action/mcp/server.ts — ToolState.progressCommentId becomes
progressComment: ProgressComment | null | undefined (same tristate semantics).
- action/main.ts, action/mcp/comment.ts, action/utils/errorReport.ts,
action/utils/postCleanup.ts — every issues.*Comment call against the progress comment
routes through the helper module. zero hardcoded API branching outside the helper.
- utils/github/triggerWorkflow.ts — drop createLeapingComment + updateCommentToLeaping;
dispatchAndTrackWorkflow gains a resolution chain (existingComment → replyToReviewComment
→ triggeringIssue → none) and an existingComment: ProgressComment param plus
replyToReviewComment: { pullNumber, commentId }.
- utils/webhooks/handleWebhook.ts — dispatch closure threads replyToReviewComment through;
the one-off review comment branch passes it and skips the now-redundant eyes reaction
on the comment we're about to reply to.
- app/trigger/[owner]/[repo]/[number]/page.tsx, utils/github/runActionLocal.ts,
app/api/cli/dispatch/route.ts, app/api/dispatch-workflow/route.ts — call sites updated to
new shape.
no schema or DB column changes. the existing WorkflowRun.progressCommentId column is still
written by id only; type lives only on the in-flight payload, which is sufficient for
runtime since it's the only thing that needs to know which API to call.
* anneal pass 1: fallback visibility + stale doc/comment updates
- progressComment.ts: when reviewReply→issue fallback fires, prepend a [!NOTE] callout
with a permalink back to the original review comment. without this, the parent comment
showed no eyes reaction (deliberately skipped) and no reply, leaving the user with no
signal that anything happened.
- wiki/post-cleanup.md: update progressCommentId references to progressComment, document
the new helper-based dispatch by type.
- wiki/main.md: update initToolState({ progressCommentId }) → ({ progressComment })
in the resolver-chain diagram.
- action/main.ts, action/mcp/review.ts: update two stale comments that referenced the
old field name.
* anneal pass 2: post-cleanup detection through fallback notice + log cleanup
- isLeapingIntoActionCommentBody: strip a leading GFM blockquote/alert before
testing the leaping prefix. without this, the [!NOTE] callout that the
reviewReply→issue fallback prepends would prevent post-cleanup from
recognizing the stuck "Leaping into action..." comment, leaving it permanently
on the PR timeline if the workflow died before any progress update.
- progressComment helper: switch from log.warning (action-flavored, emits a
::warning:: GitHub Actions annotation) to console.warn so the helper doesn't
pollute Vercel logs when invoked from the webhook context.
- triggerWorkflow.ts: drop the duplicate caller-side log on review-reply
failure — the helper already speaks loudly. Reword the catch-branch log to
reflect that it now only fires when both the reply AND the helper's internal
fallback failed.
- progressComment.ts: document that the [!NOTE] fallback notice is overwritten
on the first report_progress call, and explain the trade-off vs persisting
it through the action payload + ToolState.
* debloat: drop the [!NOTE] fallback callout
Reverting two pieces from the prior anneal pass:
- progressComment.ts: drop the [!NOTE] callout that the reviewReply→issue fallback
prepended to the leaping body. It disappeared on the agent's first report_progress
call, which made it half-committed to visibility — worse than either properly
persisting it (real engineering) or leaving the fallback silent (current choice).
The console.warn diagnostic and the workflow-run footer link in the leaping
comment itself give us enough signal for the rare case where both API endpoints
fail at once.
- isLeapingIntoActionCommentBody: revert the leading-blockquote stripping; only
needed to compensate for the [!NOTE] callout.
Keeping: the console.warn-vs-log.warning fix (real cross-runtime concern), the
duplicate-log drop in triggerWorkflow.ts, the wiki updates, and the two stale
source-comment fixes.
* fix: prevent stranded task list overwriting post-cleanup message
When a run is cancelled, the action's todoTracker may have an HTTP write in
flight to GitHub when SIGTERM lands. The action process dies, but the request
data has already left the socket — GitHub processes it and updates the comment
body to the (stale) task list. Meanwhile post-cleanup, running in a separate
process, writes the "This run was cancelled 🛑" message. If the tracker's
in-flight write happens to land *after* post-cleanup's write, the user never
sees the cancellation message.
Two-layer fix:
- Action side: cancel the tracker in the SIGTERM signal handler so no new
debounced writes get scheduled. This shrinks the race window but can't
un-send a request already on the wire.
- Post-cleanup side: after writing, verify the body landed and re-issue if
another write clobbered ours. Loops up to 3× with a 3s settle delay so
delayed in-flight writes from the dying action have time to arrive before
our read-back check decides whether to retry.
* lint: import createLeapingProgressComment from pullfrog/internal in test script
* address bot review findings: reply-target root, version bump, GET error handling
Three real findings from the bot reviews on #567 plus a small DRY pass:
1. handleWebhook reply-target: `newComments[0]` may be a reply, not a
top-level review comment. `getReviewCommentsWithReplies` returns root +
replies for any thread the review touched, and `pull_request_review_id`
filtering only narrows by *which review submitted*, not *root vs reply*.
When a user submits a single reply as their entire review (e.g. replying
to someone else's comment to ping @pullfrog), the reply ID flowed through
to `createReplyForReviewComment`, which 422s on replies-to-replies and
degraded to a top-level issue comment — exactly the polluted-PR-timeline
behavior this PR was built to remove. Walk up `in_reply_to` from the
already-fetched thread data to find the root and reply there instead.
2. action/package.json: bumped 0.0.202 → 0.0.204. main is at 0.0.203 and
our wire format changed; without a bump validateCompatibility can't
surface the mismatch on the deploy boundary, and the merge would have
gone backwards.
3. postCleanup writeAndVerify: distinguish a thrown verify-GET from a
"body got overwritten" mismatch. Treating a transient 5xx/rate-limit GET
the same as a clobber wasted PUT attempts and printed a misleading
"in-flight writes kept clobbering us" warning. We trust our PUT (which
returned 200) and exit instead of amplifying writes against a flaky API.
4. Small DRY: extracted parseProgressComment for the
`{ id: string; type } -> ProgressComment` parse that had drifted across
server.ts and postCleanup.ts.
174 lines
6.3 KiB
TypeScript
174 lines
6.3 KiB
TypeScript
import { isAbsolute, resolve } from "node:path";
|
|
import * as core from "@actions/core";
|
|
import { type } from "arktype";
|
|
import type { AuthorPermission, PayloadEvent } from "../external.ts";
|
|
import packageJson from "../package.json" with { type: "json" };
|
|
import type { RepoSettings } from "./runContext.ts";
|
|
import { validateCompatibility } from "./versioning.ts";
|
|
|
|
// tool permission enum types for inputs
|
|
const ShellPermissionInput = type.enumerated("disabled", "restricted", "enabled");
|
|
const PushPermissionInput = type.enumerated("disabled", "restricted", "enabled");
|
|
|
|
// schema for JSON payload passed via prompt (internal dispatch invocation)
|
|
// note: permissions are intentionally NOT included here to prevent injection attacks
|
|
// permissions are derived from event.authorPermission instead
|
|
export const JsonPayload = type({
|
|
"~pullfrog": "true",
|
|
version: "string",
|
|
"model?": "string | undefined",
|
|
prompt: "string",
|
|
"triggerer?": "string | undefined",
|
|
|
|
"eventInstructions?": "string",
|
|
"event?": "object",
|
|
"timeout?": "string | undefined",
|
|
"progressComment?": type({
|
|
id: "string",
|
|
type: "'issue' | 'review'",
|
|
}).or("undefined"),
|
|
});
|
|
|
|
// permission levels that indicate collaborator status (have push access)
|
|
const COLLABORATOR_PERMISSIONS: AuthorPermission[] = ["admin", "maintain", "write"];
|
|
|
|
// check if the event author has collaborator-level permissions
|
|
function isCollaborator(event: PayloadEvent): boolean {
|
|
const perm = event.authorPermission;
|
|
return perm !== undefined && COLLABORATOR_PERMISSIONS.includes(perm);
|
|
}
|
|
|
|
// inputs schema - action inputs from core.getInput()
|
|
// note: tool permissions use .or("undefined") because getInput() || undefined
|
|
// explicitly sets the property to undefined when empty, which is different from
|
|
// the property being absent. arktype's "prop?" means "optional to include" but
|
|
// if included, must match the type - so we need to explicitly allow undefined.
|
|
export const Inputs = type({
|
|
prompt: "string",
|
|
"model?": type.string.or("undefined"),
|
|
"timeout?": type.string.or("undefined"),
|
|
"push?": PushPermissionInput.or("undefined"),
|
|
"shell?": ShellPermissionInput.or("undefined"),
|
|
"cwd?": type.string.or("undefined"),
|
|
"output_schema?": type.string.or("undefined"),
|
|
});
|
|
|
|
export type Inputs = typeof Inputs.infer;
|
|
|
|
function isPayloadEvent(value: unknown): value is PayloadEvent {
|
|
return typeof value === "object" && value !== null && "trigger" in value;
|
|
}
|
|
|
|
function resolveCwd(cwd: string | undefined): string | undefined {
|
|
const workspace = process.env.GITHUB_WORKSPACE;
|
|
if (!cwd) return workspace;
|
|
if (isAbsolute(cwd)) return cwd;
|
|
return workspace ? resolve(workspace, cwd) : cwd;
|
|
}
|
|
|
|
export type ResolvedPromptInput = string | typeof JsonPayload.infer;
|
|
|
|
export function resolvePromptInput(): ResolvedPromptInput {
|
|
const prompt = core.getInput("prompt", { required: true });
|
|
|
|
let parsed: unknown;
|
|
try {
|
|
parsed = JSON.parse(prompt);
|
|
} catch {
|
|
// JSON parse error is fine (plain text prompt)
|
|
return prompt;
|
|
}
|
|
|
|
if (!parsed || typeof parsed !== "object" || !("~pullfrog" in parsed)) {
|
|
// if it doesn't look like a pullfrog payload, return the plain text prompt
|
|
return prompt;
|
|
}
|
|
|
|
// validation errors should propagate
|
|
const jsonPayload = JsonPayload.assert(parsed);
|
|
validateCompatibility(jsonPayload.version, packageJson.version);
|
|
return jsonPayload;
|
|
}
|
|
|
|
function resolveNonPromptInputs() {
|
|
return Inputs.omit("prompt").assert({
|
|
model: core.getInput("model") || undefined,
|
|
timeout: core.getInput("timeout") || undefined,
|
|
cwd: core.getInput("cwd") || undefined,
|
|
push: core.getInput("push") || undefined,
|
|
shell: core.getInput("shell") || undefined,
|
|
});
|
|
}
|
|
|
|
const isPullfrog = (actor: string | null | undefined): boolean => {
|
|
actor = actor?.replace("[bot]", "");
|
|
return !!actor && (actor === "pullfrog" || actor === "pullfrogdev");
|
|
};
|
|
|
|
export function resolvePayload(
|
|
resolvedPromptInput: ResolvedPromptInput,
|
|
repoSettings: RepoSettings
|
|
) {
|
|
const [prompt, jsonPayload] =
|
|
typeof resolvedPromptInput !== "string"
|
|
? [resolvedPromptInput.prompt, resolvedPromptInput]
|
|
: [resolvedPromptInput, undefined];
|
|
|
|
const inputs = resolveNonPromptInputs();
|
|
|
|
// resolve event - use type guard for jsonPayload.event, fallback to unknown trigger
|
|
const rawEvent = jsonPayload?.event;
|
|
const event: PayloadEvent = isPayloadEvent(rawEvent) ? rawEvent : { trigger: "unknown" };
|
|
|
|
const model = jsonPayload?.model ?? inputs.model ?? repoSettings.model ?? undefined;
|
|
|
|
// determine shell permission - strictest setting wins
|
|
// precedence: disabled > restricted > enabled
|
|
// non-collaborators always get at least "restricted"
|
|
const isNonCollaborator = !isCollaborator(event);
|
|
const repoShell = repoSettings.shell ?? "restricted";
|
|
const inputShell = inputs.shell;
|
|
|
|
// resolve shell: start with repo setting, then apply restrictions
|
|
let resolvedShell = repoShell;
|
|
|
|
// input can only make it stricter (disabled > restricted > enabled)
|
|
if (inputShell === "disabled") {
|
|
resolvedShell = "disabled";
|
|
} else if (inputShell === "restricted" && resolvedShell === "enabled") {
|
|
resolvedShell = "restricted";
|
|
}
|
|
|
|
// non-collaborators get at least "restricted" (can't have "enabled")
|
|
if (isNonCollaborator && resolvedShell === "enabled") {
|
|
resolvedShell = "restricted";
|
|
}
|
|
|
|
// build payload - precedence: inputs > repoSettings > fallbacks
|
|
// note: modes are NOT in payload - they come from repoSettings in main()
|
|
return {
|
|
"~pullfrog": true as const,
|
|
version: jsonPayload?.version ?? packageJson.version,
|
|
model,
|
|
prompt,
|
|
triggerer:
|
|
jsonPayload?.triggerer ??
|
|
// it's not a common use case but GITHUB_ACTOR can be a user when the workflow is manually triggered by a user through GitHub Actions UI
|
|
(!isPullfrog(process.env.GITHUB_ACTOR) ? process.env.GITHUB_ACTOR : undefined),
|
|
eventInstructions: jsonPayload?.eventInstructions,
|
|
event,
|
|
timeout: inputs.timeout ?? jsonPayload?.timeout,
|
|
cwd: resolveCwd(inputs.cwd),
|
|
progressComment: jsonPayload?.progressComment,
|
|
|
|
// permissions: inputs > repoSettings > fallbacks
|
|
push: inputs.push ?? repoSettings.push ?? "restricted",
|
|
shell: resolvedShell,
|
|
|
|
// set by proxy logic in main.ts when routing through OpenRouter
|
|
proxyModel: undefined as string | undefined,
|
|
};
|
|
}
|
|
|
|
export type ResolvedPayload = ReturnType<typeof resolvePayload>;
|