Skip to content

fix: prevent assign_to_agent from posting error comments on PRs#41475

Merged
pelikhan merged 6 commits into
mainfrom
copilot/review-issue-monster
Jun 25, 2026
Merged

fix: prevent assign_to_agent from posting error comments on PRs#41475
pelikhan merged 6 commits into
mainfrom
copilot/review-issue-monster

Conversation

Copilot AI commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

assign_to_agent was posting ⚠️ Assignment failed comments on pull requests. GitHub's issues.get API returns PR data without error when given a PR number, so the code would attempt (and fail) the assignment and then post the error comment on the PR itself.

Changes

  • assign_agent_helpers.cjsgetIssueDetails now checks issue.pull_request in the response and throws a typed { isPullRequest: true } error early:

    if (issue.pull_request) {
      throw Object.assign(
        new Error(`#${issueNumber} is a pull request, not an issue — assign_to_agent only supports issues`),
        { isPullRequest: true }
      );
    }
  • assign_to_agent.cjs — Catch block detects isPullRequest and skips silently with a warning; no comment is posted on the PR.

  • issue-monster.md — Step 4 and Important Guidelines now explicitly prohibit passing PR numbers to assign_to_agent, with a note on how to detect a PR via issue_read if uncertain.

  • assign_to_agent.test.cjs — New test: when issues.get returns a PR, no comment is created and setFailed is not called.

Copilot AI and others added 3 commits June 25, 2026 14:39
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
- In getIssueDetails (assign_agent_helpers.cjs): detect when the GitHub
  issues API returns a PR (pull_request field present) and throw a typed
  error with isPullRequest=true
- In assign_to_agent.cjs: handle isPullRequest errors by skipping
  silently without posting any comment on the PR
- In issue-monster.md: add explicit guideline never to call
  assign_to_agent with a PR number
- Add test covering the new behavior

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Use Object.assign to attach the isPullRequest flag to the thrown Error,
avoiding the TypeScript property-does-not-exist error. Rename prError
to pullRequestError per code review feedback.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI requested a review from pelikhan June 25, 2026 14:54
@pelikhan pelikhan marked this pull request as ready for review June 25, 2026 17:35
Copilot AI review requested due to automatic review settings June 25, 2026 17:35

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR prevents assign_to_agent from posting “Assignment failed” comments on pull requests when an issue_number actually resolves to a PR via issues.get, by detecting PR-shaped issue responses early and treating them as a skip rather than a failure/comment action.

Changes:

  • Reject PRs in getIssueDetails by throwing a typed { isPullRequest: true } error when issues.get returns an object with pull_request.
  • In assign_to_agent, detect isPullRequest errors and skip with a warning (no PR comment, no workflow failure).
  • Add workflow guidance (Issue Monster) and a unit test ensuring PR targets do not get comments and do not call setFailed.
Show a summary per file
File Description
actions/setup/js/assign_agent_helpers.cjs Detects PR-shaped “issues” from issues.get and throws a typed error to prevent misclassification.
actions/setup/js/assign_to_agent.cjs Skips PR targets surfaced via issue_number without posting error comments on PRs.
actions/setup/js/assign_to_agent.test.cjs Adds coverage ensuring PR-shaped issues.get responses do not trigger PR comments or failures.
.github/workflows/issue-monster.md Documents that assign_to_agent should only be used for issues and how to detect PRs.
.github/workflows/issue-monster.lock.yml Regenerated lockfile reflecting the workflow markdown update.
.github/workflows/smoke-copilot.lock.yml Lockfile regenerated; also changes compiled strictness (needs confirmation).
.github/workflows/smoke-copilot-aoai-entra.lock.yml Lockfile regenerated; also changes compiled strictness (needs confirmation).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 7/7 changed files
  • Comments generated: 5


// When the agent specified an issue_number that turns out to be a PR, skip
// silently without posting a comment — error comments on PRs are confusing.
if (/** @type {any} */ error.isPullRequest) {
} catch (error) {
const errorMessage = getErrorMessage(error);
core.error(`Failed to get issue details: ${errorMessage}`);
if (!(/** @type {any} */ error.isPullRequest)) {
// GitHub's issues API returns pull requests too; reject them here so callers
// never accidentally treat a PR as an assignable issue.
if (issue.pull_request) {
throw Object.assign(new Error(`#${issueNumber} is a pull request, not an issue — assign_to_agent only supports issues`), { isPullRequest: true });
GH_AW_INFO_FIREWALL_TYPE: "squid"
GH_AW_INFO_FRONTMATTER_EMOJI: "🧪"
GH_AW_COMPILED_STRICT: "true"
GH_AW_COMPILED_STRICT: "false"
GH_AW_INFO_FIREWALL_TYPE: "squid"
GH_AW_INFO_FRONTMATTER_EMOJI: "🧪"
GH_AW_COMPILED_STRICT: "true"
GH_AW_COMPILED_STRICT: "false"
@github-actions

This comment has been minimized.

@github-actions

This comment has been minimized.

@github-actions

Copy link
Copy Markdown
Contributor

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Details

Potential security threats were detected in the agent output.

Review the workflow run logs for details.

Great work on this fix, @Copilot! 👋 Stopping assign_to_agent from posting spurious ⚠️ Assignment failed comments on PRs is a clean and well-scoped improvement to the agentic workflow.

The PR is well-structured:

  • The typed { isPullRequest: true } sentinel error in assign_agent_helpers.cjs is a precise and non-breaking way to distinguish this case.
  • The silent-skip in assign_to_agent.cjs’s catch block ensures no noise is left behind on PRs.
  • The issue-monster.md doc update closes the feedback loop for future agents.
  • A dedicated test in assign_to_agent.test.cjs covers the new behavior correctly.

This looks ready for review. ✅

Generated by ✅ Contribution Check · 390.9 AIC · ⌖ 20.1 AIC · ⊞ 6K ·

@pelikhan

Copy link
Copy Markdown
Collaborator

@copilot run pr-finisher skill

- Use /** @type {any} */ (error) with parentheses so ts-check casts
  the variable before property access, not just the expression result
- Update error message to direct callers to use pull_number instead of
  issue_number when targeting a pull request

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

@copilot run pr-finisher skill

Done. Three issues addressed in commit 8fba8de:

  1. TypeScript cast (assign_to_agent.cjs:397 and assign_agent_helpers.cjs:298): Changed /** @type {any} */ error.isPullRequest/** @type {any} */ (error).isPullRequest so the cast applies to the variable before property access.

  2. Error message (assign_agent_helpers.cjs:281): Updated to "use pull_number instead of issue_number to assign to a pull request" so callers know the correct parameter rather than thinking PR assignment is unsupported.

  3. Lock files: The strict: false in those lock files pre-dates this PR — confirmed git diff origin/main..HEAD shows no changes to those files; the reviewer was looking at a diff against an older base commit.

Local validation: make fmt, make test-unit, and make agent-report-progress all pass. CI re-trigger needed from a maintainer before merge.

@pelikhan pelikhan merged commit dbf1d23 into main Jun 25, 2026
32 checks passed
@pelikhan pelikhan deleted the copilot/review-issue-monster branch June 25, 2026 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants