Skip to content

fix(triage-panel): dispatch project-sync per themed issue #971

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
danielmeppiel merged 1 commit into from
Apr 26, 2026
Merged

fix(triage-panel): dispatch project-sync per themed issue #971

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 36 additions & 15 deletions .github/workflows/triage-panel.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

38 changes: 36 additions & 2 deletions .github/workflows/triage-panel.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,14 @@ network:
# humans apply, only humans remove.
# - assign-milestone: lets the panel set the milestone when the
# issue has none. The prompt forbids overwriting an existing one.
# - dispatch-workflow `project-sync`: triggers the PGS project board
# sync per themed issue. Required because gh-aw safe-output label
# writes run under GITHUB_TOKEN, and GitHub does NOT fan out
# downstream workflow events from GITHUB_TOKEN-driven label changes.
# Without this dispatch, themed issues silently miss the project
# board (Theme/Area/Kind/Priority columns stay blank). max:10 mirrors
# the SCHEDULED_SWEEP issue cap; gh-aw enforces a 5s delay between
# dispatches so the worst-case latency add is ~50s per sweep.
safe-outputs:
add-comment:
max: 12
Expand Down Expand Up @@ -193,6 +201,16 @@ safe-outputs:
target: "*"
assign-milestone:
max: 12
# Same-repo only; compile-time validated (project-sync.yml must exist
# and declare workflow_dispatch). The agent passes `content_id` (the
# issue's GraphQL node ID, e.g. I_kwDO...) as the dispatch input.
# max:10 matches SCHEDULED_SWEEP issue ceiling (one dispatch per
# themed issue, worst case). gh-aw enforces a 5s delay between
# consecutive dispatches.
dispatch-workflow:
workflows:
- project-sync
max: 10

timeout-minutes: 30
---
Expand Down Expand Up @@ -269,7 +287,7 @@ gh issue list \
--repo "${{ github.repository }}" \
--state open \
--limit 200 \
--json number,title,author,labels,locked,createdAt,body
--json number,title,author,labels,locked,createdAt,body,id
```

In your reasoning step (no shell required), filter the result:
Expand Down Expand Up @@ -320,7 +338,7 @@ The triggering issue is `#${{ github.event.issue.number }}`. Read it:
```bash
gh issue view "${{ github.event.issue.number }}" \
--repo "${{ github.repository }}" \
--json number,title,author,labels,locked,state,body,milestone,createdAt
--json number,title,author,labels,locked,state,body,milestone,createdAt,id
gh issue view "${{ github.event.issue.number }}" \
--repo "${{ github.repository }}" --comments
```
Expand Down Expand Up @@ -438,6 +456,22 @@ safe-output tools. Required label-set hygiene per issue:
MUST emit a corresponding `assign_milestone` call -- the verdict
text and the applied state must agree.** Only skip emission if you
explicitly omitted milestone from the verdict.
- **`dispatch_workflow` (project-sync)**: For every issue where you
added at least one `theme/*` label in this run, you MUST also call
`dispatch_workflow` with `workflow_name: "project-sync"` and inputs
`{"content_id": "<issue node id>"}` -- where `<issue node id>` is
the `id` field returned by `gh issue list --json id` / `gh issue
view --json id` (it looks like `I_kwDO...`, NOT the integer issue
number). This triggers the PGS project board sync for that issue.
It is required because gh-aw applies `add-labels` under
`GITHUB_TOKEN`, and GitHub does NOT fire downstream workflow events
from `GITHUB_TOKEN`-driven label changes -- so without this dispatch
the issue gets the right labels but never lands on the project
board. If you did NOT add any `theme/*` label (for example a
re-triage that only touches `status/*`), do NOT dispatch -- the
project-sync workflow only acts on themed items, so the dispatch
would be a no-op. Cap is 10 dispatches per run (matches sweep
ceiling); gh-aw enforces a 5s delay between consecutive dispatches.
Comment on lines +459 to +474
Copy link

Copilot AI Apr 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new dispatch guidance appears to describe calling a generic dispatch_workflow tool with workflow_name + inputs, but the compiled lockfile exposes a workflow-specific safe-output tool named project_sync that only accepts a content_id argument. Please align the instructions with the actual tool name/signature generated by gh-aw (and explicitly state that the dispatched content_id must come from the same issue(s) in BATCH_ALLOW_LIST to preserve the prompt-injection safety rail).

Suggested change
- **`dispatch_workflow` (project-sync)**: For every issue where you
added at least one `theme/*` label in this run, you MUST also call
`dispatch_workflow` with `workflow_name: "project-sync"` and inputs
`{"content_id": "<issue node id>"}` -- where `<issue node id>` is
the `id` field returned by `gh issue list --json id` / `gh issue
view --json id` (it looks like `I_kwDO...`, NOT the integer issue
number). This triggers the PGS project board sync for that issue.
It is required because gh-aw applies `add-labels` under
`GITHUB_TOKEN`, and GitHub does NOT fire downstream workflow events
from `GITHUB_TOKEN`-driven label changes -- so without this dispatch
the issue gets the right labels but never lands on the project
board. If you did NOT add any `theme/*` label (for example a
re-triage that only touches `status/*`), do NOT dispatch -- the
project-sync workflow only acts on themed items, so the dispatch
would be a no-op. Cap is 10 dispatches per run (matches sweep
ceiling); gh-aw enforces a 5s delay between consecutive dispatches.
- **`project_sync`**: For every issue where you added at least one
`theme/*` label in this run, you MUST also call the dedicated
safe-output tool `project_sync` with only
`content_id: "<issue node id>"` -- where `<issue node id>` is the
`id` field for that same issue returned by `gh issue list --json id`
/ `gh issue view --json id` (it looks like `I_kwDO...`, NOT the
integer issue number). Do NOT construct `content_id` from model
output or copy it from any other issue, comment, or external source:
the dispatched `content_id` MUST come from the same issue currently
being processed, and therefore from the same issue set already
admitted by `BATCH_ALLOW_LIST`. This triggers the PGS project board
sync for that issue. It is required because gh-aw applies
`add-labels` under `GITHUB_TOKEN`, and GitHub does NOT fire
downstream workflow events from `GITHUB_TOKEN`-driven label changes
-- so without this dispatch the issue gets the right labels but
never lands on the project board. If you did NOT add any `theme/*`
label (for example a re-triage that only touches `status/*`), do
NOT dispatch -- the project-sync workflow only acts on themed
items, so the dispatch would be a no-op. Cap is 10 dispatches per
run (matches sweep ceiling); gh-aw enforces a 5s delay between
consecutive dispatches.

Copilot uses AI. Check for mistakes.

If the panel decides on a label that does not exist in APM's
taxonomy (the `add-labels` allow-list, which is enumerated literally
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed

- Fixed TLS validation failure behind corporate TLS-intercepting proxies and firewalls: `install/validation.py` now uses `requests` (honouring `REQUESTS_CA_BUNDLE`) instead of stdlib `urllib`, and surfaces a single CA-trust hint at default verbosity instead of a misleading auth error. (#911)
- Triage Panel themed issues now reach the PGS project board: the workflow dispatches `project-sync` per themed issue via the new `safe-outputs.dispatch-workflow` channel, working around GitHub's rule that `GITHUB_TOKEN`-driven label changes never fire downstream `issues: labeled` workflows. Without this, sweeps applied `theme/*` labels but the project-sync trigger silently no-op'd, leaving the board empty.
Copy link

Copilot AI Apr 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changelog entries in this repo consistently end with the PR number in parentheses (e.g. "(#911)"). This new Fixed entry is missing the required "(#PR_NUMBER)" suffix, which will break the one-line-per-PR convention used throughout CHANGELOG.md.

Suggested change
- Triage Panel themed issues now reach the PGS project board: the workflow dispatches `project-sync` per themed issue via the new `safe-outputs.dispatch-workflow` channel, working around GitHub's rule that `GITHUB_TOKEN`-driven label changes never fire downstream `issues: labeled` workflows. Without this, sweeps applied `theme/*` labels but the project-sync trigger silently no-op'd, leaving the board empty.
- Triage Panel themed issues now reach the PGS project board: the workflow dispatches `project-sync` per themed issue via the new `safe-outputs.dispatch-workflow` channel, working around GitHub's rule that `GITHUB_TOKEN`-driven label changes never fire downstream `issues: labeled` workflows. Without this, sweeps applied `theme/*` labels but the project-sync trigger silently no-op'd, leaving the board empty. (#PR_NUMBER)

Copilot uses AI. Check for mistakes.

## [0.9.3] - 2026-04-26

Expand Down
Loading