Bootstrap initial agents package structure#2
Open
coisa wants to merge 14 commits into
Open
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughCreates a standalone fast-forward/agents Composer package with packaged agents and skills, repository docs/config, GitHub workflows, and a Python validator to enforce bundle structure and references. ChangesStandalone agents bundle and infrastructure
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related issues
Poem
✨ Finishing Touches🧪 Generate unit tests (beta)
|
|
Caution Docstrings generation - FAILED No docstrings were generated. |
|
Note Unit test generation is a public access feature. Expect some limitations and changes as we gather feedback and continue to improve it. Generating unit tests... This may take up to 20 minutes. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 27
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (5)
CHANGELOG.md (1)
1-17: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick winConsider adding footer reference links.
The changelog follows Keep a Changelog format correctly and accurately documents the bootstrap changes. However, per the Keep a Changelog format reference added in this PR (
.agents/skills/fast-forward-changelog-generator/references/keep-a-changelog-format.md), footer reference links should be included for linkable versions.📎 Suggested footer reference addition
- Prefix packaged Fast Forward agent files and skill directories with `fast-forward-` to reduce collisions with consumer-owned agents and skills. + +[Unreleased]: https://github.com/php-fast-forward/agents/commits/mainNote: Once the first version is released, update this to use the compare format as documented in the keep-a-changelog-format reference.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@CHANGELOG.md` around lines 1 - 17, Add Keep a Changelog-style footer reference links to the end of CHANGELOG.md: add link definitions for the "Unreleased" section (e.g., `[Unreleased]: <compare-or-placeholder-url>` and later a template for future version compare links) and include the suggested note about updating to the compare format once the first release is made; update the bottom of the file after the initial release to replace the placeholder with the proper compare URL..agents/agents/fast-forward-quality-pipeline-auditor.md (1)
51-51:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winAdd trailing newline.
The file should end with a single newline character for consistency.
📝 Proposed fix
- `sphinx-docs` +🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/agents/fast-forward-quality-pipeline-auditor.md at line 51, Add a single trailing newline character at the end of the file so it terminates with exactly one newline (ensure the file ends with "\n" and no extra blank lines); update the file content to include that final newline so editors and tools treat it as properly terminated..agents/agents/README.md (1)
32-32:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winAdd trailing newline.
The file should end with a single newline character for consistency.
📝 Proposed fix
repositories, while `.agents/skills` remains the procedural source of truth. +🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/agents/README.md at line 32, The README.md file is missing a trailing newline; open .agents/agents/README.md and add a single newline character at the end of the file so it ends with one blank line (ensure no extra blank lines are added), then save the file to normalize POSIX newline handling and satisfy the repository style check..agents/skills/fast-forward-github-issues/references/operations.md (1)
122-122:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winAdd trailing newline.
The file should end with a single newline character for consistency.
📝 Proposed fix
rewriting fields that already carry intentional values. +🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/skills/fast-forward-github-issues/references/operations.md at line 122, Add a single trailing newline character at the end of the file (ensure EOF ends with \n); open the file, move the cursor to the final byte, insert one newline and save so the file ends with exactly one trailing newline..agents/skills/fast-forward-sphinx-docs/references/update-triggers.md (1)
43-43:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winAdd trailing newline.
The file should end with a single newline character for consistency.
📝 Proposed fix
- Do not leave code blocks without language: `.. code-block:: php` +🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/skills/fast-forward-sphinx-docs/references/update-triggers.md at line 43, The file is missing a trailing newline at EOF; open the markdown file referenced (the update-triggers document) and add a single newline character at the end so the file ends with exactly one trailing newline (remove any extra blank lines if present), then save the file.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.agents/skills/fast-forward-changelog-generator/SKILL.md:
- Around line 12-100: Update the top-level ordered list numbering in SKILL.md so
every main step uses the repeated "1." style required by markdownlint MD029;
specifically replace the prefixes on the headings "1. Establish current state.",
"2. Backfill missing release history when needed.", "3. Choose the right local
command.", "4. Write human-readable entries.", "5. Respect the managed format.",
and "6. Verify the result." so each begins with "1." (leaving the rest of the
line text unchanged) to normalize the list without altering rendered output.
In @.agents/skills/fast-forward-github-pull-request/references/pr-drafting.md:
- Around line 30-43: Update the fallback PR body template to include explicit
"Verification Notes" and "Changelog" sections: add a "Verification Notes"
heading that asks for step-by-step reproduction/validation steps and expected
results, and add a "Changelog" heading that requires confirming whether
CHANGELOG.md was updated (and which packages/users are affected) for any
user-visible package, automation, or prompt change; modify the template content
(the existing markdown block used as the fallback PR body) to append these two
sections under "Testing" and ensure they follow the same bullet/list style as
"Changes" and "Testing".
In @.agents/skills/fast-forward-package-readme/references/examples.md:
- Line 114: The file ends without a trailing newline after the line "8.
**Links**: Repository, Packagist, RFCs/PSRs at minimum"; update the examples.md
file so it ends with a single newline character (one \n) at EOF, ensuring there
are no extra blank lines added.
In @.agents/skills/fast-forward-package-readme/references/update-triggers.md:
- Around line 34-35: Missing blank lines around fenced code blocks and missing
EOF newline in update-triggers.md; add a single blank line before and after each
fenced code block adjacent to headings (e.g., around the "### Adding New API"
block and the blocks containing "## 🧰 API Summary", "## ✨ Features", and "##
🛠️ Versioning & Breaking Changes") so they comply with MD022/MD031/MD047,
remove any stray '+' characters that were added in the suggested patch, and
ensure the file ends with exactly one trailing newline character.
In @.agents/skills/fast-forward-package-readme/SKILL.md:
- Around line 171-173: The Packagist namespace in the README list is
inconsistent: replace the Packagist URL that uses "php-fast-forward/component"
with the consistent "fast-forward/component" namespace used elsewhere in this
skill; update the Packagist link text and URL so the entry matches the other
examples (the line containing the Packagist link in SKILL.md).
- Around line 73-93: The README examples under the "Installation" and "Usage"
sections have nested triple-backtick fences that conflict; update the outer
fences to use four backticks so the inner language-specific triple-backticks
remain valid. Specifically, in SKILL.md change the outer fence that surrounds
the "## 📦 Installation" block (the fence that currently starts before that
header and ends after "Requirements: PHP 8.3+, ...") from three backticks to
four, and do the same for the outer fence that surrounds the "## 🛠️ Usage"
block (the fence wrapping the php example). Ensure inner ```bash and ```php
fences are unchanged.
In
@.agents/skills/fast-forward-phpunit-tests/references/generation-checklist.md:
- Line 21: The checklist rule 10 currently reads "Prefer generate random
data..." which is ungrammatical; update that entry (the line containing rule 10
/ the sentence "Prefer generate random data instead of fixed data for test cases
to increase entropy and edge cases. If the data is not random, it should be at
least diverse.") to use proper wording such as "Prefer generating random data
instead of fixed data for test cases to increase entropy and edge cases." (or
"Prefer random data instead of fixed data...") so the guidance is clear and
idiomatic.
In
@.agents/skills/fast-forward-pull-request-review/references/surface-priorities.md:
- Around line 1-2: The file uses reStructuredText-style underlines for headings
(e.g., the "Surface Priorities" title with ====== underline) instead of Markdown
heading syntax; replace the RST-style headings with Markdown headings (use "#"
for top-level like "# Surface Priorities" and "##" or "###" for subsequent
sections) and apply the same conversion to all other section headings in this
document so the format matches the rest of the agent/skill docs.
In @.agents/skills/fast-forward-sphinx-docs/references/rst-examples.md:
- Line 170: The file ends without a trailing newline causing MD047; open the
file and add a single final newline character after the last line ("6. Use
`-------` underline (dash) for section headers") so the file terminates with a
newline, then save and re-run linting to confirm the MD047 warning is resolved.
In @.agents/skills/fast-forward-sphinx-docs/references/structure.md:
- Line 78: The file ends without a trailing newline; update the end of
.agents/skills/fast-forward-sphinx-docs/references/structure.md so that the
final line (the table row containing "Complex library | +
advanced/customization, compatibility |") is followed by exactly one newline
character; ensure no extra blank lines are added and save the file with a single
trailing newline.
In @.agents/skills/fast-forward-sphinx-docs/references/update-triggers.md:
- Line 40: Change the lowercase "markdown" to the proper noun "Markdown" in the
sentence "Do not use markdown - RST is required" so it reads "Do not use
Markdown - RST is required"; locate that exact sentence in update-triggers.md
and update the capitalization.
In @.agents/skills/fast-forward-sphinx-docs/SKILL.md:
- Line 131: Replace the Portuguese fragment in the instruction line that begins
with "3. Always create or update sections" in SKILL.md with an English
equivalent; specifically change "mesmo que não esteja presente em outras libs"
to "even if it is not present in other libraries" so the entire sentence reads
in English and complies with the repository’s English-only rule for
skill/markdown files.
- Around line 10-92: Several headings in
.agents/skills/fast-forward-sphinx-docs/SKILL.md (e.g., "## General Principles",
"## Recommended Directory and File Structure", "## Minimum Required Topics and
Content", and subheadings like "### index.rst") are directly followed by list
items and trigger markdownlint MD022; insert a single blank line after each of
these heading lines in that section so every heading is separated from the
subsequent list/content by one empty line to satisfy the linter and preserve
formatting.
In @.github/CODEOWNERS:
- Line 12: The CODEOWNERS entry "* `@php-fast-forward` `@coisa`" uses an invalid
team reference; replace "@php-fast-forward" with a valid owner identifier
(either a user like "@username" or an org team slug like "@org/team-slug" e.g.
"@php-fast-forward/maintainers") so the line becomes a valid CODEOWNERS entry
and keeps the existing "@coisa" owner intact.
In @.github/ISSUE_TEMPLATE/bug-report.yml:
- Line 2: The bug-report template's wording uses "FastForward DevTools" in the
description and near lines 51–54; update the YAML values so the description and
any environment-collection prompts refer to the correct repository/package name
(fast-forward/agents) instead of "FastForward DevTools". Edit the description
field and the corresponding environment-detail prompts in
.github/ISSUE_TEMPLATE/bug-report.yml to replace "FastForward DevTools" with
"fast-forward/agents" (or the repo's canonical name) so issue reports record the
correct project context.
In @.github/ISSUE_TEMPLATE/config.yml:
- Around line 4-10: Update the ISSUE_TEMPLATE config to point the documented
contact URLs to this package's php-fast-forward/agents resources instead of the
dev-tools repo: replace the url values currently set to
https://php-fast-forward.github.io/dev-tools/ and the SUPPORT.md/SECURITY.md
links referenced alongside the name fields ("Support" and "Security") so they
resolve to the appropriate php-fast-forward/agents
documentation/support/security pages for this package; ensure each "url" and any
related "about" text is changed consistently so security reports and support
requests are routed to the correct repository.
In @.github/ISSUE_TEMPLATE/feature-request.yml:
- Line 2: Update the YAML "description" field to include the specific
repository/package name so new feature requests are scoped to the agents
package; change the value of the description key (currently "Propose an
improvement for FastForward DevTools") to mention "agents" (for example:
"Propose an improvement for the FastForward DevTools agents package") so the
template clearly targets the correct package.
In @.github/pull_request_template.md:
- Line 1: Change the first heading in the PR template from an H2 to an H1 to
satisfy MD041 linting; locate the "## Related Issue" heading in
.github/pull_request_template.md and replace it with "# Related Issue" so the
file begins with an H1.
In @.github/workflows/auto-assign.yml:
- Around line 4-15: The reusable workflow reference is pinned to `@main` which can
change; update the uses field in the auto-assign job to reference the immutable
commit SHA provided (replace
"php-fast-forward/dev-tools/.github/workflows/auto-assign.yml@main" with
"php-fast-forward/dev-tools/.github/workflows/auto-assign.yml@60ea8d40683cf20571e4face83b4c407dc9612ae")
so the auto-assign job uses a specific commit; also review other workflow uses
(wiki-maintenance.yml, review.yml, label-sync.yml, auto-resolve-conflicts.yml)
and pin them similarly to their current commit SHAs.
In @.github/workflows/auto-resolve-conflicts.yml:
- Line 5: The YAML has extra spaces inside the inline array for the branches
key; update the branches entry (branches: [ "main" ]) to remove the interior
spacing so it reads branches: ["main"] to satisfy YAMLlint and clear the
formatting error.
- Line 32: Replace the moving ref in the reusable workflow reference so it’s
pinned to an exact commit SHA instead of `@main`; locate the line containing
"uses:
php-fast-forward/dev-tools/.github/workflows/auto-resolve-conflicts.yml@main"
and change the tail to a specific commit SHA (e.g. ...@<commit-sha>) so the
workflow always uses that immutable version.
In @.github/workflows/label-sync.yml:
- Line 15: Replace the mutable ref used in the reusable workflow invocation
"uses: php-fast-forward/dev-tools/.github/workflows/label-sync.yml@main" with an
immutable commit SHA: find the "uses:
php-fast-forward/dev-tools/.github/workflows/label-sync.yml@main" line and
change the `@main` suffix to the exact commit SHA (e.g., @<commit-sha>) from the
target repository; obtain the SHA from that repo's commit history or by running
git ls-remote, then commit the updated workflow to pin the action to that
immutable ref.
- Around line 11-14: The workflow's permissions block currently sets "issues:
read" which prevents label modifications; update the permissions entry in the
"permissions" mapping to set issues: write so the workflow that runs on issues
events can add/update/remove/create labels (i.e., change the "issues: read" line
to "issues: write" in the permissions section).
In @.github/workflows/review.yml:
- Line 18: Replace the mutable branch ref in the reusable workflow usage string
"uses: php-fast-forward/dev-tools/.github/workflows/review.yml@main" with an
immutable commit SHA (e.g. fetch the latest commit SHA from that repo and use it
instead of `@main`); update the line so it points to the specific commit SHA to
ensure the pull_request_target job is pinned to an immutable revision and cannot
change unexpectedly.
In @.github/workflows/tests.yml:
- Around line 36-39: Replace the mutable action refs with immutable commit SHAs:
locate the uses entries "actions/checkout@v6" and "shivammathur/setup-php@v2"
and update them to the corresponding full-length Git commit SHAs (e.g.,
actions/checkout@<full-commit-sha> and shivammathur/setup-php@<full-commit-sha>)
so the workflow pins to exact versions; verify the SHAs against the respective
GitHub Action repositories and update any accompanying comments to record the
chosen SHAs.
In @.github/workflows/wiki-maintenance.yml:
- Around line 25-26: Replace the mutable ref on the reusable workflow reference
"php-fast-forward/dev-tools/.github/workflows/wiki-maintenance.yml@main" with an
immutable commit SHA: locate the uses line that currently ends with "@main" (the
job running on pull_request_target with secrets: inherit and contents: write)
and change it to reference a specific commit SHA from the dev-tools repo (e.g.
"@<commit-sha>"); ensure you update only the ref portion and keep the rest of
the uses line and any inputs/secrets unchanged so the job behavior remains
identical while pinning to an immutable ref.
In @.php-cs-fixer.dist.php:
- Around line 7-47: The file references an undeclared dependency
FastForward\DevTools\Path\WorkingProjectPathResolver and its constant
TOOLING_EXCLUDED_DIRECTORIES; remove the "use
FastForward\DevTools\Path\WorkingProjectPathResolver;" statement and update the
PhpCsFixer\Finder configuration (the $finder variable creation) to call
->exclude(...) with a hardcoded array of directory names to ignore (e.g.,
vendor, node_modules, .git, build, dist, .cache or whatever your project needs)
instead of using WorkingProjectPathResolver::TOOLING_EXCLUDED_DIRECTORIES so the
config no longer depends on the missing class.
---
Outside diff comments:
In @.agents/agents/fast-forward-quality-pipeline-auditor.md:
- Line 51: Add a single trailing newline character at the end of the file so it
terminates with exactly one newline (ensure the file ends with "\n" and no extra
blank lines); update the file content to include that final newline so editors
and tools treat it as properly terminated.
In @.agents/agents/README.md:
- Line 32: The README.md file is missing a trailing newline; open
.agents/agents/README.md and add a single newline character at the end of the
file so it ends with one blank line (ensure no extra blank lines are added),
then save the file to normalize POSIX newline handling and satisfy the
repository style check.
In @.agents/skills/fast-forward-github-issues/references/operations.md:
- Line 122: Add a single trailing newline character at the end of the file
(ensure EOF ends with \n); open the file, move the cursor to the final byte,
insert one newline and save so the file ends with exactly one trailing newline.
In @.agents/skills/fast-forward-sphinx-docs/references/update-triggers.md:
- Line 43: The file is missing a trailing newline at EOF; open the markdown file
referenced (the update-triggers document) and add a single newline character at
the end so the file ends with exactly one trailing newline (remove any extra
blank lines if present), then save the file.
In `@CHANGELOG.md`:
- Around line 1-17: Add Keep a Changelog-style footer reference links to the end
of CHANGELOG.md: add link definitions for the "Unreleased" section (e.g.,
`[Unreleased]: <compare-or-placeholder-url>` and later a template for future
version compare links) and include the suggested note about updating to the
compare format once the first release is made; update the bottom of the file
after the initial release to replace the placeholder with the proper compare
URL.
🪄 Autofix (Beta)
❌ Autofix failed (check again to retry)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 3136c83d-1490-46c4-a8dd-6a146a9767e9
📒 Files selected for processing (91)
.agents/agents/README.md.agents/agents/fast-forward-agents-maintainer.md.agents/agents/fast-forward-changelog-maintainer.md.agents/agents/fast-forward-consumer-sync-auditor.md.agents/agents/fast-forward-docs-writer.md.agents/agents/fast-forward-issue-editor.md.agents/agents/fast-forward-issue-implementer.md.agents/agents/fast-forward-php-style-curator.md.agents/agents/fast-forward-quality-pipeline-auditor.md.agents/agents/fast-forward-readme-maintainer.md.agents/agents/fast-forward-review-guardian.md.agents/agents/fast-forward-test-guardian.md.agents/skills/fast-forward-changelog-generator/SKILL.md.agents/skills/fast-forward-changelog-generator/agents/openai.yaml.agents/skills/fast-forward-changelog-generator/references/change-categories.md.agents/skills/fast-forward-changelog-generator/references/description-patterns.md.agents/skills/fast-forward-changelog-generator/references/keep-a-changelog-format.md.agents/skills/fast-forward-changelog-generator/references/official-example-template.md.agents/skills/fast-forward-create-agentsmd/SKILL.md.agents/skills/fast-forward-create-agentsmd/agents/openai.yaml.agents/skills/fast-forward-create-agentsmd/references/content-outline.md.agents/skills/fast-forward-github-issues/SKILL.md.agents/skills/fast-forward-github-issues/agents/openai.yaml.agents/skills/fast-forward-github-issues/references/architectural-criteria.md.agents/skills/fast-forward-github-issues/references/context.md.agents/skills/fast-forward-github-issues/references/metadata.md.agents/skills/fast-forward-github-issues/references/operations.md.agents/skills/fast-forward-github-issues/references/review-checklist.md.agents/skills/fast-forward-github-issues/references/templates.md.agents/skills/fast-forward-github-issues/references/triage.md.agents/skills/fast-forward-github-pull-request/SKILL.md.agents/skills/fast-forward-github-pull-request/agents/openai.yaml.agents/skills/fast-forward-github-pull-request/references/context-routing.md.agents/skills/fast-forward-github-pull-request/references/implementation-loop.md.agents/skills/fast-forward-github-pull-request/references/issue-selection.md.agents/skills/fast-forward-github-pull-request/references/pr-drafting.md.agents/skills/fast-forward-github-pull-request/references/review-checklist.md.agents/skills/fast-forward-package-readme/SKILL.md.agents/skills/fast-forward-package-readme/agents/openai.yaml.agents/skills/fast-forward-package-readme/references/badges.md.agents/skills/fast-forward-package-readme/references/examples.md.agents/skills/fast-forward-package-readme/references/update-triggers.md.agents/skills/fast-forward-phpdoc-code-style/SKILL.md.agents/skills/fast-forward-phpdoc-code-style/agents/openai.yaml.agents/skills/fast-forward-phpdoc-code-style/references/anti-patterns.md.agents/skills/fast-forward-phpdoc-code-style/references/checklist.md.agents/skills/fast-forward-phpdoc-code-style/references/examples.md.agents/skills/fast-forward-phpdoc-code-style/references/fast-forward-conventions.md.agents/skills/fast-forward-phpdoc-code-style/references/interface-contract-example.md.agents/skills/fast-forward-phpunit-tests/SKILL.md.agents/skills/fast-forward-phpunit-tests/agents/openai.yaml.agents/skills/fast-forward-phpunit-tests/references/generation-checklist.md.agents/skills/fast-forward-phpunit-tests/references/project-discovery.md.agents/skills/fast-forward-pull-request-review/SKILL.md.agents/skills/fast-forward-pull-request-review/agents/openai.yaml.agents/skills/fast-forward-pull-request-review/references/review-contract.md.agents/skills/fast-forward-pull-request-review/references/surface-priorities.md.agents/skills/fast-forward-pull-request-review/references/workflow-action-validation.md.agents/skills/fast-forward-sphinx-docs/SKILL.md.agents/skills/fast-forward-sphinx-docs/agents/openai.yaml.agents/skills/fast-forward-sphinx-docs/references/rst-examples.md.agents/skills/fast-forward-sphinx-docs/references/structure.md.agents/skills/fast-forward-sphinx-docs/references/update-triggers.md.docheader.editorconfig.gitattributes.github/CODEOWNERS.github/FUNDING.yml.github/ISSUE_TEMPLATE/bug-report.yml.github/ISSUE_TEMPLATE/config.yml.github/ISSUE_TEMPLATE/feature-request.yml.github/dependabot.yml.github/pull_request_template.md.github/workflows/auto-assign.yml.github/workflows/auto-resolve-conflicts.yml.github/workflows/changelog.yml.github/workflows/codeql.yml.github/workflows/label-sync.yml.github/workflows/reports.yml.github/workflows/review.yml.github/workflows/tests.yml.github/workflows/wiki-maintenance.yml.github/workflows/wiki.yml.gitignore.php-cs-fixer.dist.phpAGENTS.mdCHANGELOG.mdLICENSEREADME.mdcomposer.jsondocs/index.rst
Comment on lines
+12
to
+100
| 1. Establish current state. | ||
| - Resolve the target file path first. Default to `CHANGELOG.md`, but respect any caller-provided `--file` path. | ||
| - Check whether the changelog file exists. | ||
| - Record whether `Unreleased` already has entries and whether any published releases already exist. | ||
| - If the file does not exist yet, or if Git tags exist that are not documented yet, treat the task as a historical backfill before switching to incremental maintenance. | ||
|
|
||
| 2. Backfill missing release history when needed. | ||
| - If the repository has no changelog, or if some Git tags are still undocumented, walk the Git tags until the changelog is complete. | ||
| - Inspect tags in chronological order so each documented version can be derived from the diff against the previous tag. | ||
| - Treat version ordering as semantic version ordering, never plain string ordering. For example, `1.11.0` MUST sort after `1.10.0`, and `1.10.0` MUST sort after `1.9.0`. | ||
| - Capture the creation date for each tag and use it as the release date recorded in the changelog. | ||
| - For each missing released version: | ||
| 1. compare the previous tag to the current tag; | ||
| 2. record the current tag date; | ||
| 3. extract the notable user-facing, maintainer-facing, or automation-facing changes from that diff; | ||
| 4. resolve any associated pull request numbers from merge commits, squash commit titles, or release history; | ||
| 5. classify them with the standard Keep a Changelog categories; | ||
| 6. add them to the matching released section with `changelog:entry --release=<version> --date=<YYYY-MM-DD>`. | ||
| - Only after all historical tags are represented should new work continue in `Unreleased`. | ||
| - If a tag exists but the diff does not justify a notable entry, keep the release section minimal rather than inventing noise. | ||
|
|
||
| 3. Choose the right local command. | ||
| - To add one new entry to `Unreleased`: | ||
|
|
||
| ```bash | ||
| composer dev-tools changelog:entry -- --type=added "Add example workflow" | ||
| composer dev-tools changelog:entry -- --type=fixed "Fix release note validation" | ||
| ``` | ||
|
|
||
| - To add or amend an entry in a published section: | ||
|
|
||
| ```bash | ||
| composer dev-tools changelog:entry -- --type=changed --release=1.2.0 "Adjust published note" | ||
| composer dev-tools changelog:entry -- --type=fixed --release=1.1.0 --date=2026-04-09 "Correct release metadata handling" | ||
| ``` | ||
|
|
||
| - To validate that a branch added changelog content: | ||
|
|
||
| ```bash | ||
| composer dev-tools changelog:check | ||
| composer dev-tools changelog:check -- --against=refs/remotes/origin/main | ||
| composer dev-tools changelog:check -- --file=docs/CHANGELOG.md --against=origin/main | ||
| ``` | ||
|
|
||
| - To infer the next semantic version from `Unreleased`: | ||
|
|
||
| ```bash | ||
| composer dev-tools changelog:next-version | ||
| composer dev-tools changelog:next-version -- --file=docs/CHANGELOG.md | ||
| ``` | ||
|
|
||
| - To promote `Unreleased` into a release: | ||
|
|
||
| ```bash | ||
| composer dev-tools changelog:promote 1.2.0 -- --date=2026-04-19 | ||
| composer dev-tools changelog:promote 1.2.0 -- --file=docs/CHANGELOG.md | ||
| ``` | ||
|
|
||
| - To export release notes from one published section: | ||
|
|
||
| ```bash | ||
| composer dev-tools changelog:show 1.2.0 | ||
| composer dev-tools changelog:show 1.2.0 -- --file=docs/CHANGELOG.md | ||
| ``` | ||
|
|
||
| 4. Write human-readable entries. | ||
| - Keep each entry to one line. | ||
| - Prefer the user-visible effect over the implementation detail. | ||
| - Name the concrete surface when that helps: command, option, workflow, configuration, integration, or output. | ||
| - Avoid vague filler such as `misc improvements`, `cleanup`, or `refactorings`. | ||
| - When a change can be tied to a specific pull request, append that PR reference like `(#123)` to the entry. | ||
| - During tag backfill, actively look for PR numbers in merge commits, squash merge titles, or related release metadata before writing the final message. | ||
|
|
||
| 5. Respect the managed format. | ||
| - Keep `Unreleased` first. | ||
| - Keep released versions in reverse semantic version order unless the repository has an explicit non-semver release policy. | ||
| - Do not use lexical ordering for versions. `1.10.0` and `1.11.0` MUST remain above `1.9.0`, `1.8.0`, and `1.1.0`. | ||
| - Keep section order as: | ||
| 1. `Added` | ||
| 2. `Changed` | ||
| 3. `Deprecated` | ||
| 4. `Removed` | ||
| 5. `Fixed` | ||
| 6. `Security` | ||
| - Omit empty sections. | ||
| - Preserve the official introduction and footer-reference style from Keep a Changelog 1.1.0. | ||
| - Build compare links from the semantically previous published version, not from the previous string-sorted heading. | ||
|
|
||
| 6. Verify the result. |
There was a problem hiding this comment.
Normalize ordered-list numbering to satisfy markdownlint MD029.
The top-level workflow list uses 1. through 6., but your lint config expects the repeated 1. style. Converting each top-level item prefix to 1. will clear these warnings without changing rendered output.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 18-18: Ordered list item prefix
Expected: 1; Actual: 2; Style: 1/1/1
(MD029, ol-prefix)
[warning] 33-33: Ordered list item prefix
Expected: 1; Actual: 3; Style: 1/1/1
(MD029, ol-prefix)
[warning] 77-77: Ordered list item prefix
Expected: 1; Actual: 4; Style: 1/1/1
(MD029, ol-prefix)
[warning] 85-85: Ordered list item prefix
Expected: 1; Actual: 5; Style: 1/1/1
(MD029, ol-prefix)
[warning] 100-100: Ordered list item prefix
Expected: 1; Actual: 6; Style: 1/1/1
(MD029, ol-prefix)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/skills/fast-forward-changelog-generator/SKILL.md around lines 12 -
100, Update the top-level ordered list numbering in SKILL.md so every main step
uses the repeated "1." style required by markdownlint MD029; specifically
replace the prefixes on the headings "1. Establish current state.", "2. Backfill
missing release history when needed.", "3. Choose the right local command.", "4.
Write human-readable entries.", "5. Respect the managed format.", and "6. Verify
the result." so each begins with "1." (leaving the rest of the line text
unchanged) to normalize the list without altering rendered output.
| 5. **Usage**: Code block with minimal viable example | ||
| 6. **API Summary**: Table format for classes/methods | ||
| 7. **Integration**: Key dependencies and standards | ||
| 8. **Links**: Repository, Packagist, RFCs/PSRs at minimum No newline at end of file |
There was a problem hiding this comment.
Add trailing newline.
The file should end with a single newline character to maintain consistent formatting across the repository.
📝 Proposed fix
7. **Integration**: Key dependencies and standards
-8. **Links**: Repository, Packagist, RFCs/PSRs at minimum
\ No newline at end of file
+8. **Links**: Repository, Packagist, RFCs/PSRs at minimum
+📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| 8. **Links**: Repository, Packagist, RFCs/PSRs at minimum | |
| 7. **Integration**: Key dependencies and standards | |
| 8. **Links**: Repository, Packagist, RFCs/PSRs at minimum | |
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 114-114: Files should end with a single newline character
(MD047, single-trailing-newline)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/skills/fast-forward-package-readme/references/examples.md at line
114, The file ends without a trailing newline after the line "8. **Links**:
Repository, Packagist, RFCs/PSRs at minimum"; update the examples.md file so it
ends with a single newline character (one \n) at EOF, ensuring there are no
extra blank lines added.
Comment on lines
+34
to
+35
| ### Adding New API | ||
| ```markdown |
There was a problem hiding this comment.
Fix markdownlint violations around headings/fences and EOF newline.
Line 34/43/50 and Line 35/44/51 are missing required blank lines, and Line 62 needs a single trailing newline to satisfy MD022/MD031/MD047.
💡 Suggested patch
### Adding New API
+
```markdown
## 🧰 API Summary
| Method | Description |
|--------|-------------|
| existingMethod() | Was here |
| newMethod() | NEW: Does something |Updating Features
## ✨ Features
- Existing feature
- 🚀 NEW: Added featureVersioning Entry
## 🛠️ Versioning & Breaking Changes
- v2.1.0: Added newMethod() for improved handling
- v2.0.0: BREAKING: Changed signature of existingMethod()@@
- Do not add badges for services not actively used
- Do not invent features that don't exist
- Do not link to coverage/docs when not published
- Do not use deprecated badge styles
</details>
Also applies to: 43-44, 50-51, 62-62
<details>
<summary>🧰 Tools</summary>
<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>
[warning] 34-34: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
---
[warning] 35-35: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
</details>
</details>
<details>
<summary>🤖 Prompt for AI Agents</summary>
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/skills/fast-forward-package-readme/references/update-triggers.md
around lines 34 - 35, Missing blank lines around fenced code blocks and missing
EOF newline in update-triggers.md; add a single blank line before and after each
fenced code block adjacent to headings (e.g., around the "### Adding New API"
block and the blocks containing "## 🧰 API Summary", "## ✨ Features", and "##
🛠️ Versioning & Breaking Changes") so they comply with MD022/MD031/MD047,
remove any stray '+' characters that were added in the suggested patch, and
ensure the file ends with exactly one trailing newline character.
</details>
<!-- fingerprinting:phantom:triton:hawk -->
<!-- d98c2f50 -->
<!-- This is an auto-generated comment by CodeRabbit -->
Comment on lines
+73
to
+93
| - **Installation** | ||
|
|
||
| Example: | ||
| ```markdown | ||
| ## 📦 Installation | ||
| ```bash | ||
| composer require fast-forward/component | ||
| ``` | ||
| Requirements: PHP 8.3+, ... | ||
| ``` | ||
|
|
||
| - **Usage** | ||
|
|
||
| Example: | ||
| ```markdown | ||
| ## 🛠️ Usage | ||
| ```php | ||
| use FastForward\Component\Class; | ||
| $obj = new Class(...); | ||
| ``` | ||
| ``` |
There was a problem hiding this comment.
Fix malformed nested fences in README examples (Line 76 and Line 87).
The Installation and Usage examples currently leave fence boundaries ambiguous, which can break markdown rendering and downstream copy/paste.
Suggested fix
- ```markdown
+ ````markdown
## 📦 Installation
```bash
composer require fast-forward/component
```
Requirements: PHP 8.3+, ...
- ```
+ ````
...
- ```markdown
+ ````markdown
## 🛠️ Usage
```php
use FastForward\Component\Class;
$obj = new Class(...);
```
- ```
+ ````📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - **Installation** | |
| Example: | |
| ```markdown | |
| ## 📦 Installation | |
| ```bash | |
| composer require fast-forward/component | |
| ``` | |
| Requirements: PHP 8.3+, ... | |
| ``` | |
| - **Usage** | |
| Example: | |
| ```markdown | |
| ## 🛠️ Usage | |
| ```php | |
| use FastForward\Component\Class; | |
| $obj = new Class(...); | |
| ``` | |
| ``` | |
| - **Installation** | |
| Example: |
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 76-76: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 80-80: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 82-82: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 82-82: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 87-87: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 92-92: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 93-93: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 93-93: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/skills/fast-forward-package-readme/SKILL.md around lines 73 - 93,
The README examples under the "Installation" and "Usage" sections have nested
triple-backtick fences that conflict; update the outer fences to use four
backticks so the inner language-specific triple-backticks remain valid.
Specifically, in SKILL.md change the outer fence that surrounds the "## 📦
Installation" block (the fence that currently starts before that header and ends
after "Requirements: PHP 8.3+, ...") from three backticks to four, and do the
same for the outer fence that surrounds the "## 🛠️ Usage" block (the fence
wrapping the php example). Ensure inner ```bash and ```php fences are unchanged.
| contents: read | ||
| issues: read | ||
| pull-requests: write | ||
| uses: php-fast-forward/dev-tools/.github/workflows/label-sync.yml@main |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/label-sync.ymlRepository: php-fast-forward/agents
Length of output: 480
🌐 Web query:
GitHub Actions reusable workflow pinning security best practices commit SHA @main``
💡 Result:
For GitHub Actions reusable workflows, the security best practice is to pin references to a specific commit SHA rather than using branch references like @main or mutable tags. This ensures immutability, preventing supply chain attacks where a maintainer could push malicious code to the main branch or retag versions [1][2]. Official GitHub documentation states: "If you use a commit SHA when referencing the reusable workflow, you can ensure that everyone who reuses that workflow will always be using the same YAML code. However, if you reference a reusable workflow by a tag or branch, be sure that you can trust that version of the workflow" [1]. The Secure use reference applies the same principles to reusable workflows as to actions: "The same principles described above for using third-party actions also apply to using third-party workflows. You can help mitigate the risks associated with reusing workflows by following the same good practices outlined above," which include pinning to full-length commit SHAs [2]. Example usage in a calling workflow: jobs: call-reusable: uses: org/repo/.github/workflows/my-workflow.yml@abc123def4567890abcdef1234567890abcdef12 # v1.0.0 Add a comment with the corresponding version or tag for maintainability [3][4]. Using @main is risky because main branches can be updated with untrusted code, even by trusted maintainers if compromised, or via tag rewrites [5]. GitHub even uses SHA-pinned actions in their own repos [3][4]. Policies can enforce SHA pinning for actions (full-length commit SHA required), but reusable workflows can still be referenced by tag under these policies [6][7]. For maximum security, manually pin reusable workflows to SHAs. To find the SHA: Use git ls-remote https://github.com/owner/repo.git main or GitHub UI/tags [4]. Tools like Dependabot/Renovate can automate updates via PRs [8].
Citations:
- 1: https://docs.github.com/en/actions/concepts/workflows-and-actions/reusing-workflow-configurations
- 2: https://docs.github.com/en/actions/reference/security/secure-use
- 3: Pin GitHub Actions to commit SHAs in release workflow github/gh-aw#10021
- 4: Pin all GitHub Actions to immutable SHA commits for supply chain security github/gh-aw#5691
- 5: https://dev.to/kanywst/hacking-github-from-tag-rewrites-to-dangling-commits-where-the-git-protocol-trusts-you-without-2o4h
- 6: https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/
- 7: https://docs.github.com/en/enterprise-cloud@latest/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise
- 8: https://www.stepsecurity.io/blog/pinning-github-actions-for-enhanced-security-a-complete-guide
Pin the reusable workflow to an immutable ref.
On Line 15, using @main for a privileged reusable workflow is a mutable supply-chain boundary. Pin to a commit SHA instead. This ensures immutability and prevents supply chain attacks where the referenced repository could push malicious code to the main branch.
Suggested fix
- uses: php-fast-forward/dev-tools/.github/workflows/label-sync.yml@main
+ uses: php-fast-forward/dev-tools/.github/workflows/label-sync.yml@<commit-sha>🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/label-sync.yml at line 15, Replace the mutable ref used in
the reusable workflow invocation "uses:
php-fast-forward/dev-tools/.github/workflows/label-sync.yml@main" with an
immutable commit SHA: find the "uses:
php-fast-forward/dev-tools/.github/workflows/label-sync.yml@main" line and
change the `@main` suffix to the exact commit SHA (e.g., @<commit-sha>) from the
target repository; obtain the SHA from that repo's commit history or by running
git ls-remote, then commit the updated workflow to pin the action to that
immutable ref.
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| uses: php-fast-forward/dev-tools/.github/workflows/review.yml@main |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cd /tmp/repo && git ls-files '.github/workflows/'Repository: php-fast-forward/agents
Length of output: 127
🏁 Script executed:
if [ -f .github/workflows/review.yml ]; then
wc -l .github/workflows/review.yml
echo "---"
cat -n .github/workflows/review.yml
else
echo "File not found"
fiRepository: php-fast-forward/agents
Length of output: 776
Pin the reusable workflow ref to an immutable commit SHA
Line 18 references a mutable branch (@main) for a privileged pull_request_target review job. This weakens supply-chain integrity and can change behavior without review.
🔒 Suggested hardening
- uses: php-fast-forward/dev-tools/.github/workflows/review.yml@main
+ uses: php-fast-forward/dev-tools/.github/workflows/review.yml@<pinned-commit-sha>🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/review.yml at line 18, Replace the mutable branch ref in
the reusable workflow usage string "uses:
php-fast-forward/dev-tools/.github/workflows/review.yml@main" with an immutable
commit SHA (e.g. fetch the latest commit SHA from that repo and use it instead
of `@main`); update the line so it points to the specific commit SHA to ensure the
pull_request_target job is pinned to an immutable revision and cannot change
unexpectedly.
Comment on lines
+25
to
+26
| uses: php-fast-forward/dev-tools/.github/workflows/wiki-maintenance.yml@main | ||
| secrets: inherit |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/wiki-maintenance.ymlRepository: php-fast-forward/agents
Length of output: 928
Use an immutable ref for the privileged reusable workflow.
Line 25 uses @main (mutable) while this job runs on pull_request_target with contents: write permission and inherits secrets. Pin to a commit SHA to mitigate supply-chain risk.
Suggested fix
- uses: php-fast-forward/dev-tools/.github/workflows/wiki-maintenance.yml@main
+ uses: php-fast-forward/dev-tools/.github/workflows/wiki-maintenance.yml@<commit-sha>🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/wiki-maintenance.yml around lines 25 - 26, Replace the
mutable ref on the reusable workflow reference
"php-fast-forward/dev-tools/.github/workflows/wiki-maintenance.yml@main" with an
immutable commit SHA: locate the uses line that currently ends with "@main" (the
job running on pull_request_target with secrets: inherit and contents: write)
and change it to reference a specific commit SHA from the dev-tools repo (e.g.
"@<commit-sha>"); ensure you update only the ref portion and keep the rest of
the uses line and any inputs/secrets unchanged so the job behavior remains
identical while pinning to an immutable ref.
|
✅ Unit tests committed locally. Commit: |
|
Note Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it. ⛔ CodeRabbit does not have permission to push changes to this repository. Please ensure CodeRabbit has Contents: Read and write permission. |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@tests/validate-agents-payload.py`:
- Around line 258-262: The tests currently only assert presence of front-matter
keys but not their types, so add explicit type checks for "primary-skill" and
"supporting-skills": ensure assert_front_matter_field(fm, "primary-skill", ctx)
is followed by a type assertion that the value is a str, and ensure
assert_front_matter_field_exists(fm, "supporting-skills", ctx) is followed by a
type assertion that the value is a list whose items are all str; either extend
or create helper(s) (e.g., assert_front_matter_field_type or enhance
assert_front_matter_field/exists) and use them in the same blocks that reference
"primary-skill" and "supporting-skills" (and repeat this fix in the analogous
range around lines 511-546) so malformed types fail loudly instead of being
skipped.
- Around line 69-87: parse_front_matter currently accepts any YAML top-level
type which later causes errors when callers expect a mapping; update
parse_front_matter to trim the extracted yaml_block, load it with
yaml.safe_load, then validate that the result is either None or a dict
(mapping). If the loaded value is None return {}, if it's a dict return it,
otherwise call fail("YAML front matter must be a mapping", path) and return
None; reference the parse_front_matter function and the yaml.safe_load call to
locate where to add this type check so downstream uses of fm.get(...) won't
crash.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 98a1932a-7728-4558-b148-abd2df45539c
📒 Files selected for processing (1)
tests/validate-agents-payload.py
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
There was a problem hiding this comment.
♻️ Duplicate comments (1)
.agents/skills/fast-forward-github-pull-request/references/pr-drafting.md (1)
26-31:⚠️ Potential issue | 🟠 Major | ⚡ Quick winFallback PR body is missing; include concrete sections (including Verification Notes and Changelog).
The document says to use a fallback structure when no template exists, but no structure is provided under
## Fallback PR Body, so the workflow is incomplete.Suggested fix
## Fallback PR Body + +Use this when `.github/pull_request_template.md` is absent: + +```md +## Summary +- [What changed] + +## Changes +- [Concrete implementation detail] +- [Concrete implementation detail] + +## Testing +- [Command and result] +- [Command and result] + +## Verification Notes +- [Manual/automated validation steps and observed results] + +## Changelog +- [x] Updated `CHANGELOG.md` for user-visible package, automation, or prompt changes (or explain why not needed) + +Closes #<issue-number> +```Based on learnings: Include verification notes in pull requests and keep
CHANGELOG.mdupdated.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/skills/fast-forward-github-pull-request/references/pr-drafting.md around lines 26 - 31, The fallback PR body is missing under the "## Fallback PR Body" section; update that section to include concrete subsections such as "## Summary" (brief what changed), "## Changes" (bullet concrete implementation details), "## Testing" (commands and results), "## Verification Notes" (manual/automated validation steps and observed results), and "## Changelog" (checkbox or note about updating CHANGELOG.md and rationale), and finish with a "Closes #<issue-number>" line so the fallback is a complete, copy-pastable PR template referenced between the existing "## Fallback PR Body" and "## Title Guidance" headings.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In @.agents/skills/fast-forward-github-pull-request/references/pr-drafting.md:
- Around line 26-31: The fallback PR body is missing under the "## Fallback PR
Body" section; update that section to include concrete subsections such as "##
Summary" (brief what changed), "## Changes" (bullet concrete implementation
details), "## Testing" (commands and results), "## Verification Notes"
(manual/automated validation steps and observed results), and "## Changelog"
(checkbox or note about updating CHANGELOG.md and rationale), and finish with a
"Closes #<issue-number>" line so the fallback is a complete, copy-pastable PR
template referenced between the existing "## Fallback PR Body" and "## Title
Guidance" headings.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: f2762ab2-6216-4075-b2c6-b6b7a974abf3
📒 Files selected for processing (1)
.agents/skills/fast-forward-github-pull-request/references/pr-drafting.md
…QL workflow and PHP CS Fixer configuration Signed-off-by: Felipe Sayão Lobato Abreu <github@mentordosnerds.com>
Signed-off-by: Felipe Sayão Lobato Abreu <github@mentordosnerds.com>
Signed-off-by: Felipe Sayão Lobato Abreu <github@mentordosnerds.com>
Signed-off-by: Felipe Sayão Lobato Abreu <github@mentordosnerds.com>
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/changelog.yml:
- Around line 6-7: The workflow currently triggers on pull_request_target:
types: [closed] and runs the job(s) for any closed PR; update the job that runs
for the closed-event (the job block currently executing at lines ~38–49) to only
proceed for merged PRs by adding an if condition checking
github.event.pull_request.merged == true (i.e. add if:
github.event.pull_request.merged == true to that job); keep the
pull_request_target event but gate the job execution using
github.event.pull_request.merged so abandoned/unmerged closed PRs are skipped.
In @.github/workflows/wiki.yml:
- Around line 7-10: Remove the redundant job-level permissions block in the
`preview` job (the duplicated permissions section present in the job) and verify
the minimum required scopes; specifically remove the duplicate permissions block
entirely and change the workflow-level permissions from `actions: write` to only
`contents: write` and `pull-requests: read` unless `actions: write` is proven
necessary. Locate the `permissions:` block at the top of the workflow and the
duplicated `permissions:` inside the `preview` job, delete the job-level one and
update the top-level permissions to the narrower scopes.
- Around line 24-25: The workflow currently references the reusable workflow via
the "uses: php-fast-forward/dev-tools/.github/workflows/wiki-preview.yml@main"
line which pins to a mutable branch; change that to the full immutable commit
SHA of the upstream repo (replace "@main" with the commit SHA) so the "uses"
entry is fixed and cannot change unexpectedly—ensure the SHA corresponds to the
intended release commit and keep "secrets: inherit" as-is if you still want to
pass secrets.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 9b194654-018a-4efb-9953-cc5031d34251
⛔ Files ignored due to path filters (1)
docs/_static/mascot-banner.pngis excluded by!**/*.png
📒 Files selected for processing (6)
.gitattributes.github/workflows/changelog.yml.github/workflows/reports.yml.github/workflows/tests.yml.github/workflows/wiki.ymlcomposer.json
Comment on lines
+6
to
+7
| pull_request_target: | ||
| types: [closed] |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
tmp="$(mktemp)"
curl -fsSL "https://raw.githubusercontent.com/php-fast-forward/dev-tools/main/.github/workflows/changelog.yml" -o "$tmp"
echo "Looking for merged guards in downstream reusable workflow:"
rg -n -C2 'pull_request_target|types:\s*\[closed\]|pull_request\.merged|if:' "$tmp"Repository: php-fast-forward/agents
Length of output: 6176
🏁 Script executed:
git ls-files .github/workflows/changelog.ymlRepository: php-fast-forward/agents
Length of output: 99
🏁 Script executed:
cat -n .github/workflows/changelog.ymlRepository: php-fast-forward/agents
Length of output: 1906
Gate pull_request_target: closed to merged PRs only
The job at lines 38–49 runs on all closed PRs, including unmerged ones. Add a merged check to prevent unnecessary invocations on abandoned PRs.
Suggested patch
jobs:
changelog:
+ if: ${{ github.event_name != 'pull_request_target' || github.event.pull_request.merged == true }}
uses: php-fast-forward/dev-tools/.github/workflows/changelog.yml@main🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/changelog.yml around lines 6 - 7, The workflow currently
triggers on pull_request_target: types: [closed] and runs the job(s) for any
closed PR; update the job that runs for the closed-event (the job block
currently executing at lines ~38–49) to only proceed for merged PRs by adding an
if condition checking github.event.pull_request.merged == true (i.e. add if:
github.event.pull_request.merged == true to that job); keep the
pull_request_target event but gate the job execution using
github.event.pull_request.merged so abandoned/unmerged closed PRs are skipped.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issue
Closes #1
Motivation / Context
.agentspayload out into the newfast-forward/agentspackage as the first repository-side step for [agents] Extract packaged agents into fast-forward/agents and install via composer installer-paths dev-tools#195.dev-toolsas a global tool here for now so this package can later become a dependency ofdev-toolswithout a local package cycle.fast-forward/composer-installerspackage instead of the genericcomposer/installers+ extender path, so consumers receive copied payload files instead of package-root symlinks.fast-forward-to reduce collisions with consumer-owned local agents and skills.Changes
.agents/..agents/agents/fast-forward-*.md..agents/skills/fast-forward-*while preserving the skill names declared insideSKILL.md.fast-forward/agentsas afast-forward-resource-bundle.fast-forward/composer-installers:^0.1.composer/installers/oomphinc/composer-installers-extenderdependency and metadata assumptions.installer-pathsrules wherefast-forward/agentsmaterializes into.agents/, while a future workflow bundle can materialize into.github/workflows/.AgentBundlePHP API, Composer autoload metadata, PHPUnit dependency,phpunit.xml, and tests.Analyze (actions)status and keeps report/wiki publication deferred untildev-toolscan run its bundled toolchain globally.Verification
composer dev-toolsfull standards gate: deferred untildev-toolshas a standalone/global toolchain shim; the current global binary still expects local Rector/ECS/phpDocumentor/PhpMetrics binaries for that command.composer validate --strictlocally.composer validate --strictinsidebackup/..agents/agents,.agents/skills, prefixed agent files, prefixed skill directories, and Composer bundle metadata.composer dev-tools changelog:check -- --file=CHANGELOG.md --against=origin/mainYAML.load_file.backup/Composer smoke with symlinked path repositories for bothfast-forward/agentsandfast-forward/composer-installers, installing the installer as0.1.0.backup/payload smoke confirmed.agents/agents/fast-forward-issue-implementer.mdand.agents/skills/fast-forward-github-pull-requestare copied as regular paths, without the old unprefixed paths.backup/manifest smoke confirmedvendor/fast-forward/.composer-installers/fast-forward_agents.jsontracks the prefixed payload entries.Documentation / Generated Output
docs/updatedAGENTS.mdupdatedChangelog
CHANGELOG.mdentryReviewer Notes
fast-forward-resource-bundleis intentionally generic; the target directory is selected by package-specificinstaller-pathsentries.composer.jsonis the bundle contract untildev-toolshas a concrete integration need.backup/smoke project is ignored by git and configured to use path repositories for pre-release testing.