core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/.github/workflows/agent-verify.yml
dependabot[bot] 15bc295fd4 deps(actions): bump actions/github-script from 7 to 8 (#269) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Snider <snider@host.uk.com>
2026-02-04 01:30:54 +00:00

133 lines
4.7 KiB
YAML
Raw Blame History

name: Agent Verification Workflow
on:
issues:
types: [labeled]
jobs:
# When work is claimed, track the implementer
track-implementer:
if: github.event.label.name == 'agent:wip'
runs-on: ubuntu-latest
steps:
- name: Record implementer
run: |
echo "Implementer: ${{ github.actor }}"
# Could store in issue body or external system
# When work is submitted for review, add to verification queue
request-verification:
if: github.event.label.name == 'agent:review'
runs-on: ubuntu-latest
steps:
- name: Add to Workstation for verification
uses: actions/add-to-project@v1.0.2
with:
project-url: https://github.com/orgs/host-uk/projects/2
github-token: ${{ secrets.PROJECT_TOKEN }}
- name: Comment verification needed
uses: actions/github-script@v8
with:
script: |
const implementer = context.payload.sender.login;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `## 🔍 Verification Required\n\nWork submitted by @${implementer}.\n\n**Rule:** A different agent must verify this work.\n\nTo verify:\n1. Review the implementation\n2. Run tests if applicable\n3. Add \`verified\` or \`verify-failed\` label\n\n_Self-verification is not allowed._`
});
# Block self-verification
check-verification:
if: github.event.label.name == 'verified' || github.event.label.name == 'verify-failed'
runs-on: ubuntu-latest
steps:
- name: Get issue details
id: issue
uses: actions/github-script@v8
with:
script: |
const issue = await github.rest.issues.get({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number
});
// Check timeline for who added agent:wip
const timeline = await github.rest.issues.listEventsForTimeline({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
per_page: 100
});
const wipEvent = timeline.data.find(e =>
e.event === 'labeled' && e.label?.name === 'agent:wip'
);
const implementer = wipEvent?.actor?.login || 'unknown';
const verifier = context.payload.sender.login;
console.log(`Implementer: ${implementer}`);
console.log(`Verifier: ${verifier}`);
if (implementer === verifier) {
core.setFailed(`Self-verification not allowed. ${verifier} cannot verify their own work.`);
}
return { implementer, verifier };
- name: Record verification
if: success()
uses: actions/github-script@v8
with:
script: |
const label = context.payload.label.name;
const verifier = context.payload.sender.login;
const status = label === 'verified' ? '✅ Verified' : '❌ Failed';
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `## ${status}\n\nVerified by @${verifier}`
});
// Remove agent:review label
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name: 'agent:review'
});
} catch (e) {
console.log('agent:review label not present');
}
# If verification failed, reset for rework
handle-failure:
if: github.event.label.name == 'verify-failed'
runs-on: ubuntu-latest
needs: check-verification
steps:
- name: Reset for rework
uses: actions/github-script@v8
with:
script: |
// Remove verify-failed after processing
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name: 'verify-failed'
});
// Add back to ready queue
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: ['agent:ready']
});
Reference in a new issue View git blame Copy permalink