background-agent: Scaffold week-one crash MVP pipeline#49299
Merged
Conversation
cla-bot
Bot
added
the
cla-signed
zed-community-bot
Bot
added
the
staff
Contributor
Have feedback on this plugin? Let's hear it! |
maxdeviant
changed the title
morgankrey
force-pushed
the
morgan/background-agent-mvp-week1
branch
2 times, most recently
from
8283ee8 to
38fe239
Compare
Adds a daily Factory-driven crash workflow with investigate -> link-issues -> fix stages, plus local dry-run tooling and candidate selection for top solvable/populous crashes. Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
## Summary
Security hardening for the background-agent crash MVP pipeline, based on
a three-agent security review (code audit, STRIDE threat model,
architecture review).
### Commit 1: Harden workflow security
- **Expression injection**: Move all `${{ inputs.* }}`, `${{ vars.* }}`,
and `${{ steps.*.outputs.* }}` from `run:` blocks to step-level `env:`
blocks — prevents shell metacharacter injection via `workflow_dispatch`
inputs
- **Secret scoping**: `SENTRY_AUTH_TOKEN` removed from workflow-level
`env:`, scoped only to the "Select crash candidates" step
- **Scoped staging**: Replace `git add -A` with explicit file patterns
(`*.rs`, `*.toml`, `Cargo.lock`, `ANALYSIS.md`, `LINKED_ISSUES.md`,
`PR_BODY.md`) plus a post-stage guard that aborts if `.github/`,
`.factory/`, or `script/` are modified
- **Crash ID validation**: Regex check (`^[A-Za-z0-9]+-[A-Za-z0-9]+$`)
in both the workflow and local script to prevent injection via branch
names or prompts
- **Deduplication**: Skip crash IDs that already have an open draft PR
- **Top cap**: Limit `--top` to 10 to prevent runaway pipeline runs
- **Concurrency**: Fixed group name (`background-agent-mvp`) so
scheduled and manual runs can't overlap
- **HTTP deadline**: Added 30s limit to Sentry API calls in
`select-sentry-crash-candidates`
- **Temp file hygiene**: Prompt file in local script moved from repo
root to system temp directory
### Commit 2: Revert shallow clone, add history limit to prompt
- Restore `fetch-depth: 0` so full history is available to the agent
- Instead of restricting at the git level, instruct the agent to limit
history traversal to the last 2 weeks
### Commit 3: Pre-fetch crash data so Droid never needs Sentry token
- Add `--select-only` and `--prefetch-dir` flags to
`run-background-agent-mvp-local`
- The select step (which holds `SENTRY_AUTH_TOKEN`) now resolves IDs and
fetches crash reports in one call via `script/sentry-fetch`, saving them
to `/tmp/crash-data/crash-{ID}.md`
- The pipeline step reads pre-fetched files — the agent prompt
explicitly blocks `sentry-fetch` calls
- `write_prompt()` gains a `crash_data_file` param to support both CI
(pre-fetched) and local (direct fetch) modes
- Fix all heredocs that produced content at column 1, which broke
`actionlint` YAML validation
- Cleanup step (`if: always`) removes `/tmp/crash-data` after the run
## Test plan
- [x] `python3 -m py_compile script/select-sentry-crash-candidates`
passes
- [x] `python3 -m py_compile script/run-background-agent-mvp-local`
passes
- [x] Both scripts' `--help` output shows new flags correctly
- [x] `actionlint` passes on the workflow file (original had
pre-existing failures)
- [x] Zero `${{ inputs/vars/steps }}` expressions inside any `run:`
block
- [x] `SENTRY_AUTH_TOKEN` appears on exactly 1 line (select step `env:`)
- [x] No direct `sentry-fetch` calls in the pipeline agent prompt
- [x] Crash ID regex accepts `ZED-4VS`, `ZED-123`; rejects `; echo
pwned`, `../etc/passwd`
- [x] `--select-only` with `--crash-ids` outputs correct comma-separated
IDs
- [x] `--select-only` filters invalid IDs with warning on stderr
- [x] `--select-only` exits 1 when all IDs are invalid
- [x] `--prefetch-dir` attempts fetch and warns gracefully without a
Sentry token
morgankrey
force-pushed
the
morgan/background-agent-mvp-week1
branch
from
75cb774 to
bce0063
Compare
rtfeldman
pushed a commit
that referenced
this pull request
Feb 17, 2026
## Summary - add a new crash issue-linking subagent prompt (`.factory/prompts/crash/link-issues.md`) - add a scheduled/manual GitHub workflow for week-one background-agent runs (`.github/workflows/background_agent_mvp.yml`) - add Sentry candidate selection script to rank top crashes by solvability × population (`script/select-sentry-crash-candidates`) - add a local dry-run runner for end-to-end MVP execution without push/PR actions (`script/run-background-agent-mvp-local`) ## Guardrails in this MVP - draft PRs only (no auto-merge) - reviewer routing defaults to: `eholk,morgankrey,osiewicz,bennetbo` - pipeline order is: investigate -> link-issues -> fix ## Validation - `python3 -m py_compile script/select-sentry-crash-candidates script/run-background-agent-mvp-local` - `python3 script/select-sentry-crash-candidates --help` - `python3 script/run-background-agent-mvp-local --help` --------- Co-authored-by: John D. Swanson <swannysec@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.factory/prompts/crash/link-issues.md).github/workflows/background_agent_mvp.yml)script/select-sentry-crash-candidates)script/run-background-agent-mvp-local)Guardrails in this MVP
eholk,morgankrey,osiewicz,bennetboValidation
python3 -m py_compile script/select-sentry-crash-candidates script/run-background-agent-mvp-localpython3 script/select-sentry-crash-candidates --helppython3 script/run-background-agent-mvp-local --help