fix: migrate to pi-sidecar and improve AI cherry-pick conflict resolution#1127
Conversation
|
Report bugs in Issues Welcome! 🎉This pull request will be automatically processed with the following features: 🔄 Automatic Actions
📋 Available CommandsPR Status Management
Review & Approval
Testing & Validation
Container Operations
Cherry-pick Operations
Branch Management
Label Management
✅ Merge RequirementsThis PR will be automatically approved when the following conditions are met:
📊 Review ProcessApprovers and ReviewersApprovers:
Reviewers:
Available Labels
AI Features
Security Checks
💡 Tips
For more information, please refer to the project documentation or contact the maintainers. |
PR Summary by QodoMigrate AI integration to pi-sidecar and harden AI cherry-pick conflict resolution Description
Diagram
High-Level Assessment
Files changed (11)
|
Code Review by Qodo
Context used✅ Compliance rules (platform):
24 rules 1. _resolve_cherry_pick_with_ai prompt vague
|
0a5c894 to
7876be6
Compare
|
Code review by qodo was updated up to the latest commit 7876be6 |
7876be6 to
ebe489d
Compare
ebe489d to
b35be0b
Compare
|
Code review by qodo was updated up to the latest commit b35be0b |
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
Overall, this looks in good shape.
A couple of intentional skips to keep in mind:
So my read is: no remaining blocking issues from the review set, unless you want to harden the optional sidecar startup behavior further. |
|
Code review by qodo was updated up to the latest commit 72c8e5d |
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
- Remove git command instructions from AI prompt (no bash access) - Update system_prompt to reference file reading/editing tools - Add PR title to cherry-pick conflict resolution prompt - Add diff verification instruction to prompt - Change git add -u to git add -A (stage new files) - Check run_command rc in _verify_cherry_pick_scope - Narrow exception from Exception to (OSError, ValueError) - Document prompt injection risk mitigation in AGENTS.md
Change cherry-pick prompt verification from comparing against stat-only context to reading resolved files directly — achievable with available read/edit tools.
- Add internal /internal/git-tools/run endpoint with read-only allowlist - Build custom tools (git_diff, git_log, git_show, git_status) for pi-sidecar - Conventional title: uses git_diff + git_log custom tools (no builtin tools) - Cherry-pick resolution: builtin file tools + custom git tools - No bash access anywhere — all git operations via restricted HTTP endpoint - Add 20 tests for git tools endpoint and helper
- Fix shell injection: create_subprocess_shell → create_subprocess_exec - Fix timeout subprocess leak: kill + wait on timeout - Narrow exception: Exception → OSError - Read server port from config instead of hardcoding 5000 - Handle wildcard mode in AI title regex extraction - Add security comment for internal git-tools endpoint - Update test mocks for subprocess_exec
- Add sidecar healthcheck before AI calls - Add localhost-only middleware for /internal/ endpoints - Log error when sidecar fails readiness check - Cache server port in RunnerHandler (no blocking Config read) - Add git tool instructions to cherry-pick prompt
- Replace FastAPI router with standalone aiohttp server in daemon thread - Own event loop — no contention with main webhook server during CI checks - Binds to 127.0.0.1:5001 (localhost-only, no middleware needed) - Custom tools now point to port 5001 - Add aiohttp dependency - 23 tests rewritten for aiohttp test client
- Replace git-specific server with generic tool registry - ToolDef dataclass: command_prefix, timeout, blocked_flags, success_exit_codes - Callers select which tools AI sees per session - Easy to add new tools — one registry entry
Explicitly explain conflict marker semantics (HEAD=target, >>>=cherry-picked). Add concrete rules: keep new methods, use cherry-picked modifications. Prohibit keeping HEAD version — defeats cherry-pick purpose.
- Narrow exception handling (ValueError/TypeError instead of Exception) - Validate and clamp tool timeout (1-300s) - Fix conflict marker explanation in cherry-pick prompt - Honest startup log (starting vs started)
|
Clean rebase detected — no code changes compared to previous head ( |
|
Code review by qodo was updated up to the latest commit 603ee07 |
Broad JSON catch, type validation for cwd/args
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
Thanks — those reviewed comments have been marked addressed in the PR discussion. What that means
Still-open Qodo findings in the current indexThe remaining active items are findings If you want, I can help triage any of those next. |
|
Code review by qodo was updated up to the latest commit 10eb56b |
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
Yes — the listed review comments look addressed in this patch.
If you want, I can also review the remaining active findings still open in the index. |
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
Thanks — that set of review comments is now covered.
So for this batch, there doesn’t appear to be anything left to action. If you want, I can also help triage the remaining active findings in the PR. |
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
Thanks — those reviewed comments are now marked as addressed. A few of the remaining open items in the PR are still active outside that list, for example If you want, I can help triage or fix any of those next. |
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
Thanks — those reviewed comments have been marked addressed in the PR discussion.
If you want, I can also summarize the remaining active findings by risk level. |
|
New container for ghcr.io/myk-org/github-webhook-server:latest published |
Closes #1126