feat(agents): add scribe agent#10
Conversation
b1a5291 to
0079218
Compare
PR Summary by QodoAdd scribe agent package (prompt, harness, policy, schema, pre/post scripts)
AI Description
Diagram
High-Level Assessment
Files changed (6)
|
|
🤖 Finished Review · ✅ Success · Started 7:48 PM UTC · Completed 8:00 PM UTC |
Code Review by Qodo
1.
|
ReviewRe-review at Fresh analysis of the new commit found one new medium bug: the confidence validation in the new issues loop references FindingsHigh
Medium
Low
Prior review resolution: 2 of 3 medium findings from Previous runReviewRe-review at Fresh analysis of the full squashed diff found two new medium findings: a fail-open edge case in confidence validation, and a dedup-merge interaction that can silently reject valid topics. FindingsHigh
Medium
Low
Previous runReviewRe-review at Fresh analysis of the full squashed diff found two new medium findings: a fail-open edge case in confidence validation, and a dedup-merge interaction that can silently reject valid topics. FindingsHigh
Medium
Low
Prior review resolution: 2 of 6 findings from Labels: PR adds a new agent (scribe) with documentation, harness, policy, schema, and scripts Previous run (2)ReviewRe-review at FindingsHigh
Medium
Low
Previous run (3)ReviewRe-review at FindingsHigh
Medium
Low
Prior review resolution: 4 of 6 findings from Previous run (4)ReviewRe-review at Fresh analysis found one new medium finding: the documentation file path diverges from the established repo pattern. FindingsHigh
Medium
Low
Previous run (5)ReviewRe-review at Fresh analysis found one new medium finding: the documentation file path diverges from the established repo pattern. FindingsHigh
Medium
Low
Prior review resolution: 3 of 6 medium findings from Previous run (6)ReviewRe-review at Fresh analysis found additional issues: GHA workflow command injection, ISSUE_NUM input validation gap, comment-count reporting bug, and missing tests. FindingsHigh
Medium
Low
Previous run (7)ReviewRe-review at Fresh analysis found additional issues: GHA workflow command injection, ISSUE_NUM input validation gap, comment-count reporting bug, and missing tests. FindingsHigh
Medium
Low
Prior review resolution: 5 of 6 prior findings resolved in Previous run (8)ReviewVerdict: request-changes Re-review at the same commit ( HighH1 ·
|
8070758 to
dc4f09e
Compare
|
🤖 Review · |
|
🤖 Finished Review · ❌ Failure · Started 8:20 PM UTC · Completed 8:33 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 8:42 PM UTC · Completed 8:52 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 11:54 AM UTC · Completed 12:12 PM UTC |
|
🤖 Review · |
|
🤖 Finished Review · ✅ Success · Started 1:17 PM UTC · Completed 1:29 PM UTC |
ascerra
left a comment
There was a problem hiding this comment.
Review
Re-review at 04fbdcc. Commit 04fbdcc addresses all actionable feedback from Ralph and the prior review bot run.
Resolved
- [doc-path-inconsistency] Moved user docs to
docs/scribe.mdand updatedharness/scribe.yamldoc:field to match the flat repo pattern. - [test-adequacy] Added
scripts/post-scribe-test.sh(9 cases: dry-run gate, confidence/public_safe/sensitive/code-block gates, dedup merge, comments-only mode, paginated idempotency). - [secrets-handling]
GH_TOKENmasked via::add-mask::at post-script entry. - [error-handling] Removed unused
POSTED/CREATEDcounters; reporting uses tracking arrays consistently. - Ralph (pagination) Idempotency checks now use
gh api --paginate ... | jq -s 'add | ...'. - Ralph (prompt) Agent output rules document the triple-backtick rejection in post-script gates.
- Ralph (naming) Docs and harness env mapping aligned to
SCRIBE_-prefixed vars per ADR 0049.
Remaining (non-blocking)
- [protected-path] Human approval required — expected for new agent infrastructure.
- [pii-scrubbing] Anchored medium; documented limitation with
public_safedefense-in-depth. - [missing-authorization] No linked issue; PR body documents rationale.
bash scripts/post-scribe-test.sh — all 9 tests pass locally.
|
🤖 Finished Review · ✅ Success · Started 11:54 AM UTC · Completed 12:09 PM UTC |
Add the scribe agent package for mapping Google Drive meeting notes to the GitHub issue backlog: agent prompt, harness, policy, schema, pre/post scripts, user docs, and post-scribe-test.sh. Signed-off-by: Adam Scerra <ascerra@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
6e55224 to
354ef05
Compare
|
🤖 Finished Review · ✅ Success · Started 1:23 PM UTC · Completed 1:37 PM UTC |
Superseded by updated review
Superseded by updated review
Reject non-numeric SCRIBE_MIN_CONFIDENCE and per-topic confidence values instead of fail-open bc comparisons. Truncate merged dedup summaries that exceed MAX_COMMENT_LEN. Signed-off-by: Adam Scerra <ascerra@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
|
🤖 Finished Review · ✅ Success · Started 1:42 PM UTC · Completed 1:53 PM UTC |
|
|
||
| # Gate: confidence | ||
| if ! is_valid_confidence "${CONFIDENCE}"; then | ||
| gate_reject "${TOPIC}" "invalid confidence value" |
There was a problem hiding this comment.
[medium] wrong-variable-in-gate-reject
The confidence validation added in 264175e calls gate_reject "${TOPIC}" in the new issues loop, but the loop-local variable is TITLE (line 369), not TOPIC (existing-issues loop, line 249). Under set -u, if SCRIBE_MODE=new_issues_only the topics loop is skipped, TOPIC is unbound, and the script crashes. If the topics loop did run, TOPIC holds a stale value producing a misleading log message. Line 380 correctly uses ${TITLE}, confirming a copy-paste error.
Suggested fix: Change line 376 from gate_reject "${TOPIC}" to gate_reject "${TITLE}".
| | sed -E '/^Participants:?$/d' \ | ||
| | sed -E 's/^(Organizer|Host|Co-host):?.*/[meeting role line removed]/g' \ | ||
| | sed -n '/^Details/,$!p' \ | ||
| | sed -E 's/\[[A-Z][a-zA-Z .,-]+\]/[attendee]/g' \ |
There was a problem hiding this comment.
[medium] pii-scrubbing
Name scrubbing regex only catches bracketed Gemini-format names (e.g., [John Smith]). Unbracketed names in Summary/Next Steps sections pass through unscrubbed. The code comments acknowledge this limitation and the docs describe defense-in-depth reliance on the agent's public_safe gate. Severity anchored from prior review.
|
🤖 Finished Retro · ✅ Success · Started 1:59 PM UTC · Completed 2:08 PM UTC |
|
PR #10 added the scribe agent to fullsend-ai/agents (1538 additions, 9 files) over 8 days with 10 review bot runs. The review agent caught genuine security issues (curl in sandbox with GCP credentials, command injection, GHA workflow injection, prompt injection). However, a medium-severity copy-paste bug ( Proposals filed
|
Summary
fullsend-ai/.fullsend/customized/fullsend agent add/ configagents:(ADR 0058) instead of maintaining inline customized copiesFiles added
agents/scribe.mdharness/scribe.yamlpolicies/scribe.yamlschemas/scribe-result.schema.jsonscripts/pre-scribe.shscripts/post-scribe.shSecurity review
GH_TOKEN,SCRIBE_*,GOOGLE_APPLICATION_CREDENTIALS, etc.).fullsend/customized/)Follow-up (separate PR)
After merge, register in
fullsend-ai/.fullsend:fullsend agent add \ https://github.com/fullsend-ai/agents/blob/main/harness/scribe.yaml \ --name scribe \ --fullsend-dir .Test plan
fullsend-dev agent addagainst the merged harness URLfullsend-dev agent list --fullsend-dir .fullsendshows scribeMade with Cursor