diff --git a/.fullsend/config.yaml b/.fullsend/config.yaml new file mode 100644 index 00000000..973b9102 --- /dev/null +++ b/.fullsend/config.yaml @@ -0,0 +1,18 @@ +# fullsend per-repo configuration +# https://github.com/fullsend-ai/fullsend +# +# This file configures fullsend for per-repo installation mode. +# See ADR 0033 for details. +version: "1" +roles: + - triage + - coder + - review + - fix + - retro + - prioritize +create_issues: + allow_targets: + repos: + - samanthajayasinghe/backplane-cli + - fullsend-ai/fullsend diff --git a/.fullsend/customized/agents/.gitkeep b/.fullsend/customized/agents/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.fullsend/customized/env/.gitkeep b/.fullsend/customized/env/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.fullsend/customized/harness/.gitkeep b/.fullsend/customized/harness/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.fullsend/customized/plugins/.gitkeep b/.fullsend/customized/plugins/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.fullsend/customized/policies/.gitkeep b/.fullsend/customized/policies/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.fullsend/customized/schemas/.gitkeep b/.fullsend/customized/schemas/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.fullsend/customized/scripts/.gitkeep b/.fullsend/customized/scripts/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.fullsend/customized/skills/.gitkeep b/.fullsend/customized/skills/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.github/workflows/fullsend.yaml b/.github/workflows/fullsend.yaml new file mode 100644 index 00000000..5c6e77b5 --- /dev/null +++ b/.github/workflows/fullsend.yaml @@ -0,0 +1,90 @@ +# This file is managed by fullsend. Do not edit it directly. +# Upstream: https://github.com/fullsend-ai/fullsend/blob/main/internal/scaffold/fullsend-repo/.github/workflows/fullsend.yaml +--- +# fullsend shim workflow (per-repo installation mode) +# Routes events to agent workflows via reusable-dispatch.yml. +# All agent execution happens in this repo's context — no external +# config repo is needed. +# +# Security: pull_request_target runs the BASE branch version of this workflow, +# preventing PRs from modifying it to exfiltrate credentials. +# This shim never checks out PR code, so it is not vulnerable to "pwn request" +# attacks. +# +# Routing: this shim forwards the raw event context to reusable-dispatch.yml, +# which determines the stage and conditionally calls the appropriate +# reusable-{stage}.yml workflow. Adding a new stage requires only a case +# branch in reusable-dispatch.yml — zero changes to this repo. +# +# Concurrency: per-role cancel-in-progress groups live in reusable-dispatch.yml +# stage jobs and agent-scoped groups on reusable-{stage}.yml — not on this shim. +# A monolithic shim group would serialize unrelated roles and drop pending runs (#2452). +name: fullsend + +permissions: + actions: write + id-token: write + contents: write + issues: write + packages: read + pull-requests: write + +on: + issues: + types: [opened, edited, labeled] + issue_comment: + types: [created] + pull_request_target: + types: [opened, synchronize, ready_for_review, closed] + pull_request_review: + types: [submitted] + +jobs: + dispatch: + if: >- + github.event_name != 'issue_comment' + || github.event.comment.user.type != 'Bot' + uses: fullsend-ai/fullsend/.github/workflows/reusable-dispatch.yml@10b62b5510e1c8a22ed08ad0b1061aa346dd1373 # v0.21.0 + with: + event_action: ${{ github.event.action }} + install_mode: per-repo + mint_url: ${{ vars.FULLSEND_MINT_URL }} + gcp_region: ${{ vars.FULLSEND_GCP_REGION }} + fullsend_ai_ref: 10b62b5510e1c8a22ed08ad0b1061aa346dd1373 # v0.21.0 + secrets: + FULLSEND_GCP_WIF_PROVIDER: ${{ secrets.FULLSEND_GCP_WIF_PROVIDER }} + FULLSEND_GCP_PROJECT_ID: ${{ secrets.FULLSEND_GCP_PROJECT_ID }} + + stop-fix: + if: >- + github.event_name == 'issue_comment' + && github.event.issue.pull_request + && github.event.comment.user.type != 'Bot' + && github.event.comment.body == '/fs-fix-stop' + && ( + github.event.comment.author_association == 'OWNER' + || github.event.comment.author_association == 'MEMBER' + || github.event.comment.author_association == 'COLLABORATOR' + || github.event.comment.author_association == 'CONTRIBUTOR' + || github.event.comment.user.login == github.event.issue.user.login + ) + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + pull-requests: write + steps: + - name: Add fullsend-no-fix label and notify + env: + GH_TOKEN: ${{ github.token }} + PR_NUMBER: ${{ github.event.issue.number }} + REPO: ${{ github.repository }} + run: | + set -euo pipefail + gh label create "fullsend-no-fix" --repo "$REPO" \ + --description "Skip bot-triggered fix agent runs" --color "FBCA04" \ + --force 2>/dev/null || true + gh pr edit "$PR_NUMBER" --repo "$REPO" \ + --add-label "fullsend-no-fix" + gh pr comment "$PR_NUMBER" --repo "$REPO" \ + --body "Fix agent disabled for this PR. Remove the \`fullsend-no-fix\` label or use \`/fs-fix\` to re-engage."