feat(ci): add PR review orchestrator — collapse agents, post unified summary#345
Merged
imran-siddique merged 12 commits intomicrosoft:mainfrom Mar 22, 2026
Merged
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add EU AI Act, Colorado AI Act, and GPAI obligations timeline with AGT coverage mapping. Reference Microsoft Purview DSPM for AI as complementary data governance layer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The Scorecard API rejects workflows with write permissions at the workflow level. id-token: write and security-events: write must be scoped to the job level only. Restores permissions: read-all at workflow level while keeping job-level write permissions intact. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ft#324) Add Google-style docstrings with Args, Returns, Raises, Attributes, and Example sections to MCPMessageType, MCPAdapter, and MCPServer classes. Also enhances docstrings for key methods including handle_message, _handle_tools_call, _handle_resources_read, and _map_tool_to_action. Fixes microsoft#316
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
…s (dependency confusion) (microsoft#325) - Replace !pip install agent-os with !pip install -e ../.. in all 6 notebooks; agent-os is not on PyPI and installing it from PyPI is a dependency confusion vector - Replace zendesk-sdk/freshdesk-sdk with zenpy/freshdesk (the real published SDKs) in customer-service/requirements.txt - Remove hashlib-compat from healthcare-hipaa/requirements.txt; hashlib is stdlib and hashlib-compat is not a real PyPI package
…stall agent-os with agent-os-kernel Replace all remaining instances of `pip install agent-os` (unregistered on PyPI) with `pip install agent-os-kernel` (the actual package) across docs, examples, TypeScript extensions, CLI source, tests, and SVG assets. Also fixes `pip install emk` references to point to `agent-os-kernel[full]` since emk is a submodule, not a standalone PyPI package. Completes the fix started in PR microsoft#325 which only covered notebooks. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Dify 65K→133K, AutoGen 42K→55K, CrewAI 28K→46K, Semantic Kernel 24K→27K, LangGraph 24K→27K, Haystack 22K→24K, Agent Framework 7.6K→8K. Added star counts for OpenAI Agents SDK (20K) and Google ADK (18K). Sorted by stars descending. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…summary - Wrap individual agent comments in <details> tags (collapsed by default) - Make agent comments idempotent (update on re-push, don't duplicate) - Add ai-pr-summary.yml workflow that posts one clean verdict table - Summary uses HTML marker for upsert behavior Contributors now see ONE summary table instead of 5-7 separate bot comments. Individual agent reports are preserved but collapsed for reference. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
🤖 AI Agent: code-reviewer
Review Summary
This PR introduces a new GitHub Actions workflow and updates existing logic to improve the user experience of PR reviews by consolidating bot comments into a single unified summary. The changes aim to reduce clutter, improve readability, and ensure idempotency of bot comments.
The changes are well-structured and address the stated problem effectively. However, there are some areas that require attention to ensure security, maintainability, and backward compatibility.
🔴 CRITICAL
-
Potential for Comment Spoofing
- The
findExistingCommentfunction relies on a simple marker string (e.g.,<!-- ai-agent:code-reviewer -->) to identify existing comments. This approach is vulnerable to spoofing, where a malicious user could create a comment containing the same marker, causing the bot to overwrite or fail to post its own comment. - Recommendation: Use a more robust mechanism to identify bot-generated comments, such as including a unique identifier (e.g., a hash or UUID) in the marker that is generated dynamically and stored securely.
- The
-
Insufficient Validation of PR Number
- The
ai-pr-summary.ymlworkflow retrieves the PR number from the triggering workflow using a combination of branch name and commit SHA. However, there is no validation to ensure the PR number is correct or that it matches the intended PR. - Recommendation: Add validation to ensure the PR number corresponds to the correct repository and branch. Consider using GitHub's
context.payload.pull_request.numberdirectly when available.
- The
-
Unvalidated User Input in Comment Parsing
- The
parseVerdictfunction processes user-generated content (PR comments) without sanitizing or escaping the input. This could lead to potential injection attacks or malformed output in the summary table. - Recommendation: Sanitize and escape user-generated content before including it in the summary table to prevent potential injection attacks or rendering issues.
- The
🟡 WARNING
- Backward Compatibility
- The introduction of the
ai-pr-summary.ymlworkflow and the changes toai-agent-runnermay alter the behavior of existing workflows and comments. For example:- Collapsing comments by default may affect users who rely on expanded comments for quick access.
- The unified summary table may not include all details from individual agent comments, which could impact users who rely on those details.
- Recommendation: Clearly document these changes in the release notes and provide a way to opt-out of the new behavior if needed.
- The introduction of the
💡 SUGGESTIONS
-
Error Handling for API Calls
- The
ghApifunction and other API calls (e.g.,github.rest.issues.listComments) lack robust error handling. If an API call fails, the workflow may silently fail or produce incomplete results. - Recommendation: Add error handling and retries for API calls to ensure the workflow is resilient to transient failures.
- The
-
Performance Optimization
- The
findExistingCommentfunction uses a paginated approach to search for existing comments. While this is functional, it could be optimized by limiting the number of pages fetched or using a more efficient search mechanism. - Recommendation: Consider using GitHub's GraphQL API for more efficient querying, as it allows filtering and searching comments directly.
- The
-
Improved Logging
- The logging in the
ai-pr-summary.ymlworkflow is minimal and does not provide detailed insights into the workflow's execution. - Recommendation: Add more granular logging to help debug issues, such as logging the number of comments fetched, the PR number identified, and the status of each agent.
- The logging in the
-
Test Coverage
- There is no evidence of automated tests for the new functionality introduced in this PR.
- Recommendation: Add unit tests for the helper functions (e.g.,
extractOneLiner,findExistingComment,parseVerdict) and integration tests for theai-pr-summary.ymlworkflow.
-
Documentation
- While the PR description is detailed, there is no accompanying documentation update for the new workflow and changes to the existing behavior.
- Recommendation: Update the repository's documentation to include details about the new workflow, how it works, and how users can customize or opt-out of the unified summary.
Final Verdict
The PR introduces valuable improvements to the CI/CD pipeline, but the identified critical issues must be addressed before merging. Additionally, implementing the suggested improvements will enhance the robustness, security, and maintainability of the changes.
🤖 AI Agent: security-scannerSecurity Analysis of the Pull RequestThis PR introduces a new GitHub Actions workflow and modifies an existing action to improve the presentation of bot-generated comments on pull requests. While the changes are primarily focused on improving the user experience, they involve handling user-generated content (e.g., PR comments) and interacting with the GitHub API, which can introduce potential security risks. Findings1. Prompt Injection Defense Bypass
2. Policy Engine Circumvention
3. Trust Chain Weaknesses
4. Credential Exposure
5. Sandbox Escape
6. Deserialization Attacks
7. Race Conditions
8. Supply Chain
Summary of Findings
ConclusionThis PR introduces useful improvements to the CI/CD pipeline, but it also introduces critical and high-severity security risks that must be addressed before merging. Specifically, the prompt injection vulnerability and policy engine circumvention are the most concerning issues. Addressing these vulnerabilities should be prioritized to ensure the integrity of the repository and its security features. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Contributors opening a 3-line fix get bombarded with 5-7 separate bot comments (code-reviewer, security-scanner, breaking-change-detector, docs-sync, test-generator, contributor-guide). This is overwhelming — especially for first-time contributors.
Solution
1. Collapsed agent comments
Individual agent comments are now wrapped in <details>\ tags — collapsed by default with a one-line summary visible:
\
▶ 🤖 AI Agent: security-scanner — No vulnerabilities detected
\\
Click to expand for full details.
2. Unified summary table
A new \�i-pr-summary.yml\ workflow runs after all agents complete and posts ONE clean verdict:
Verdict: Ready for human review
3. Idempotent comments
Agent comments now upsert (update existing, don't duplicate) — re-pushes update the same comment instead of posting new ones.
Files changed
Before/After
Before: 5-7 separate expanded bot comments cluttering the PR
After: 1 summary table + 5-7 collapsed details (one-liner visible)