Add 15 example agents#12
Open
adi-singh13 wants to merge 5 commits into
Open
Conversation
adi-singh13
force-pushed
the
add-15-example-agents
branch
from
4d0d024 to
0eef0dd
Compare
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
21 issues found across 111 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="nextjs-agentmail-starter/src/app/api/agentmail/webhook/route.ts">
<violation number="1" location="nextjs-agentmail-starter/src/app/api/agentmail/webhook/route.ts:4">
P2: Handle invalid JSON bodies explicitly; `request.json()` can throw and currently causes an unhandled 500.</violation>
<violation number="2" location="nextjs-agentmail-starter/src/app/api/agentmail/webhook/route.ts:6">
P1: Validate `event` and `data` before use to prevent runtime crashes on malformed webhook payloads.</violation>
</file>
<file name="nextjs-agentmail-starter/src/app/api/agentmail/threads/route.ts">
<violation number="1" location="nextjs-agentmail-starter/src/app/api/agentmail/threads/route.ts:18">
P1: This endpoint exposes inbox threads without any auth check. Add authentication/authorization before calling `client.inboxes.threads.list(...)` to prevent unauthenticated data access.</violation>
</file>
<file name="nextjs-agentmail-starter/src/app/api/agentmail/inboxes/route.ts">
<violation number="1" location="nextjs-agentmail-starter/src/app/api/agentmail/inboxes/route.ts:14">
P2: Handle invalid JSON input in POST to avoid returning a 500 for malformed client requests.</violation>
</file>
<file name="nextjs-agentmail-starter/src/app/page.tsx">
<violation number="1" location="nextjs-agentmail-starter/src/app/page.tsx:25">
P2: Handle failed/non-JSON inbox responses before calling `res.json()` to avoid runtime errors in the initial load path.</violation>
</file>
<file name="cc-the-agent/README.md">
<violation number="1" location="cc-the-agent/README.md:11">
P2: The README lists different response modes in different sections (`research` vs `auto`), so users may configure an invalid mode.</violation>
</file>
<file name="collections-agent/README.md">
<violation number="1" location="collections-agent/README.md:29">
P2: The install instructions point to a different repo than this examples monorepo, which can misdirect setup and cause users to run the wrong project.</violation>
</file>
<file name="cold-email-researcher/README.md">
<violation number="1" location="cold-email-researcher/README.md:31">
P2: Install instructions point to a different repository than the documented examples monorepo; this can cause users to clone the wrong project and fail setup.</violation>
</file>
<file name="hiring-screener-agent/README.md">
<violation number="1" location="hiring-screener-agent/README.md:29">
P2: Install instructions use a repo URL/path that conflicts with the documented monorepo structure, which can break quickstart setup.</violation>
</file>
<file name="agent-pen-pal/README.md">
<violation number="1" location="agent-pen-pal/README.md:10">
P3: The behavior description says the conversation runs indefinitely, but the documented config and defaults stop after `max_turns`.</violation>
</file>
<file name="email-to-cli/src/main.py">
<violation number="1" location="email-to-cli/src/main.py:16">
P1: `shlex.split(command)` raises `ValueError` on malformed input (e.g., unmatched quotes in the email subject). Since there's no exception handling here or in the calling `handle_messages` loop, a single malicious or accidental malformed subject line will crash the entire agent.</violation>
</file>
<file name="cc-the-agent/src/main.py">
<violation number="1" location="cc-the-agent/src/main.py:61">
P2: `unread` is cleared before processing succeeds, so transient failures can permanently drop messages from future polling.</violation>
<violation number="2" location="cc-the-agent/src/main.py:72">
P1: The analysis reply is sent to `msg.from_address`, which can leak private analysis to external senders instead of the requesting user.</violation>
</file>
<file name="email-to-cli/README.md">
<violation number="1" location="email-to-cli/README.md:14">
P3: The README references a demo GIF that is not present in this example, resulting in a broken image.</violation>
<violation number="2" location="email-to-cli/README.md:55">
P2: The documented Docker deployment command is not runnable because this example does not include a Dockerfile.</violation>
</file>
<file name="contract-redline-agent/src/main.py">
<violation number="1" location="contract-redline-agent/src/main.py:56">
P2: Direct indexing into AI response can crash on missing fields; use defaults before formatting.</violation>
<violation number="2" location="contract-redline-agent/src/main.py:85">
P1: `unread` is removed before processing succeeds, so failures can permanently skip contracts.</violation>
</file>
<file name="email-to-cli/src/config.py">
<violation number="1" location="email-to-cli/src/config.py:15">
P0: Allowing the `env` command can leak environment secrets because command output is emailed back to the requester.</violation>
<violation number="2" location="email-to-cli/src/config.py:22">
P1: `ALLOWED_SENDERS` is empty, which disables sender authentication and allows any email sender to run commands.</violation>
</file>
<file name="nextjs-agentmail-starter/src/app/api/agentmail/send/route.ts">
<violation number="1" location="nextjs-agentmail-starter/src/app/api/agentmail/send/route.ts:9">
P2: Wrap JSON parsing and send calls in error handling so malformed payloads and upstream API failures return a controlled response instead of an uncaught 500.</violation>
<violation number="2" location="nextjs-agentmail-starter/src/app/api/agentmail/send/route.ts:20">
P2: Validate `to` as a non-empty recipient list; `to: []` currently bypasses validation and results in an invalid send request.</violation>
</file>
Note: This PR contains a large number of files. cubic only reviews up to 75 files per PR, so some files may not have been reviewed. cubic prioritizes the most important files to review.
On a pro plan you can use ultrareview for larger PRs.
Fix all with cubic
|
|
||
| agentmail.messages.send( | ||
| inbox_id=inbox_id, | ||
| to=[sender], |
There was a problem hiding this comment.
P1: The analysis reply is sent to msg.from_address, which can leak private analysis to external senders instead of the requesting user.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At cc-the-agent/src/main.py, line 72:
<comment>The analysis reply is sent to `msg.from_address`, which can leak private analysis to external senders instead of the requesting user.</comment>
<file context>
@@ -0,0 +1,92 @@
+
+ agentmail.messages.send(
+ inbox_id=inbox_id,
+ to=[sender],
+ subject=f"Re: {subject} [Agent Analysis]",
+ text=f"Here is my {mode} analysis of the email thread:\n\n{analysis}\n\n---\nThis is a private reply from your email assistant ({agent_email}). Only you received this.",
</file context>
|
|
||
| def format_review(review: dict) -> str: | ||
| lines = [ | ||
| f"CONTRACT REVIEW - Risk Level: {review['risk_level'].upper()}", |
There was a problem hiding this comment.
P2: Direct indexing into AI response can crash on missing fields; use defaults before formatting.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At contract-redline-agent/src/main.py, line 56:
<comment>Direct indexing into AI response can crash on missing fields; use defaults before formatting.</comment>
<file context>
@@ -0,0 +1,130 @@
+
+def format_review(review: dict) -> str:
+ lines = [
+ f"CONTRACT REVIEW - Risk Level: {review['risk_level'].upper()}",
+ "=" * 50,
+ "",
</file context>
| } | ||
|
|
||
| const message = await client.messages.send(inboxId, { | ||
| to: Array.isArray(to) ? to : [to], |
There was a problem hiding this comment.
P2: Validate to as a non-empty recipient list; to: [] currently bypasses validation and results in an invalid send request.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At nextjs-agentmail-starter/src/app/api/agentmail/send/route.ts, line 20:
<comment>Validate `to` as a non-empty recipient list; `to: []` currently bypasses validation and results in an invalid send request.</comment>
<file context>
@@ -0,0 +1,26 @@
+ }
+
+ const message = await client.messages.send(inboxId, {
+ to: Array.isArray(to) ? to : [to],
+ subject,
+ text,
</file context>
| }); | ||
|
|
||
| export async function POST(request: NextRequest) { | ||
| const body = await request.json(); |
There was a problem hiding this comment.
P2: Wrap JSON parsing and send calls in error handling so malformed payloads and upstream API failures return a controlled response instead of an uncaught 500.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At nextjs-agentmail-starter/src/app/api/agentmail/send/route.ts, line 9:
<comment>Wrap JSON parsing and send calls in error handling so malformed payloads and upstream API failures return a controlled response instead of an uncaught 500.</comment>
<file context>
@@ -0,0 +1,26 @@
+});
+
+export async function POST(request: NextRequest) {
+ const body = await request.json();
+ const { inboxId, to, subject, text } = body;
+
</file context>
| - Creates two inboxes, one per agent, each with a distinct personality | ||
| - Agent A sends the first message on a configured topic | ||
| - Agent B receives, reads, and replies with its own perspective | ||
| - The conversation continues back and forth indefinitely |
There was a problem hiding this comment.
P3: The behavior description says the conversation runs indefinitely, but the documented config and defaults stop after max_turns.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At agent-pen-pal/README.md, line 10:
<comment>The behavior description says the conversation runs indefinitely, but the documented config and defaults stop after `max_turns`.</comment>
<file context>
@@ -0,0 +1,67 @@
+- Creates two inboxes, one per agent, each with a distinct personality
+- Agent A sends the first message on a configured topic
+- Agent B receives, reads, and replies with its own perspective
+- The conversation continues back and forth indefinitely
+- Each agent maintains context from the full thread
+- Labels track the conversation: `sent`, `received`, `turn-N`
</file context>
| - Supports an allowlist of safe commands | ||
| - Labels threads: `executed`, `blocked`, `error` | ||
|
|
||
|  |
There was a problem hiding this comment.
P3: The README references a demo GIF that is not present in this example, resulting in a broken image.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At email-to-cli/README.md, line 14:
<comment>The README references a demo GIF that is not present in this example, resulting in a broken image.</comment>
<file context>
@@ -0,0 +1,67 @@
+- Supports an allowlist of safe commands
+- Labels threads: `executed`, `blocked`, `error`
+
+
+
+## Why This Exists
</file context>
duharry0915
requested review from
duharry0915
and removed request for
duharry0915
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New Examples
Starter Templates: Next.js starter, Mastra template
Sales & Outreach: Cold email researcher, Podcast booking agent
Recruiting: Recruiter coordinator, Hiring screener agent
Operations: Collections agent, Legal intake agent, Receipt parser agent, Contract redline agent
Utilities: CC the agent, OAuth reset handler, Email to CLI, Voice to email, Agent pen pal
Test plan