Skip to content

Improve bug bounty agent with triage and review steps#2933

Merged
pfefferle merged 2 commits intotrunkfrom
update/bug-bounty-agent-triage-and-review
Feb 17, 2026
Merged

Improve bug bounty agent with triage and review steps#2933
pfefferle merged 2 commits intotrunkfrom
update/bug-bounty-agent-triage-and-review

Conversation

@pfefferle
Copy link
Member

@pfefferle pfefferle commented Feb 17, 2026

Summary

  • Add bug verification step (Step 3) that traces code paths and confirms issues are real bugs before attempting fixes — unverified issues get labeled "Needs triage" with a comment explaining why.
  • Only consider issues labeled "Bug" or "[Type] Bug", and skip issues already labeled "Needs triage".
  • Replace self-review step with the dedicated code-review agent for more thorough pre-PR review.
  • Simplify PR detection to search by issue number instead of unreliable timelineItems JSON field.
  • Add 30-minute timeout to CI polling to prevent infinite loops on stuck runs.

Test plan

  • Dry-run the agent workflow (Steps 1–3 only) — verified it correctly filters issues, skips "Needs triage", and produces a valid bug analysis.
  • Ran code-review agent against the file for quality checks.

@pfefferle
Improve bug bounty agent with triage step and review improvements
9303ace 
Add bug verification step (Step 3) that confirms issues are real bugs
before attempting fixes, labeling unverified issues as "Needs triage".
Skip issues already labeled "Needs triage" and require "Bug" or
"[Type] Bug" labels. Replace self-review with code-review agent,
simplify PR detection to search by issue number, and add 30-minute
timeout to CI polling.
Copilot AI review requested due to automatic review settings February 17, 2026 11:43
@github-actions github-actions bot added the Docs label Feb 17, 2026
@pfefferle pfefferle self-assigned this Feb 17, 2026
@pfefferle pfefferle added the Skip Changelog Disables the "Changelog Updated" action for PRs where changelog entries are not necessary. label Feb 17, 2026
Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the bug bounty agent workflow with better issue triage, more reliable PR detection, and improved quality checks. The changes add a verification step to confirm issues are actual bugs before attempting fixes, integrate the dedicated code-review agent for pre-PR review, and add safeguards like CI timeout to prevent infinite loops.

Changes:

  • Add Step 3 bug verification that confirms issues are real bugs before fixing; unverified issues get labeled "Needs triage" with an explanatory comment
  • Filter issue selection to only "Bug" or "[Type] Bug" labels and skip "Needs triage" issues
  • Replace PR detection with simpler gh pr list --search "#<number>" command instead of unreliable timelineItems field
  • Replace self-review step with dedicated code-review agent invocation for more thorough pre-PR review
  • Add 30-minute timeout (60 attempts at 30 seconds each) to CI polling to prevent infinite loops

@pfefferle pfefferle merged commit 7a7db27 into trunk Feb 17, 2026
5 checks passed
@pfefferle pfefferle deleted the update/bug-bounty-agent-triage-and-review branch February 17, 2026 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@pfefferle pfefferle

Labels

Docs Skip Changelog Disables the "Changelog Updated" action for PRs where changelog entries are not necessary.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pfefferle

Comments