feat: smart fix mode — issue-weight scoring + config-as-code + @coco fix trigger

[kameshsampath]

Overview

Replace the single auto-fix-everything flow with a smarter system:

1. Scan scores each issue for severity + complexity + confidence
2. Per-issue decision — coco:auto-fix or coco:needs-review label applied
3. Global ceiling — .github/coco-config.yml sets the policy; vars.COCO_MAX_AUTO overrides for experiments
4. @coco fix comment — manual trigger that works on any issue regardless of label

---

Workflow

flowchart TD
    scan[cortex-scan.yml] --> score["Score each issue\nseverity × complexity × confidence"]
    score --> decision{FIX_DECISION}
    decision -->|auto-fix| ceiling{Check ceiling\nCOCO_MAX_AUTO}
    decision -->|needs-review| issue2["Label: coco:needs-review\nCreate issue — wait for human"]
    ceiling -->|allows| autofix[cortex-fix.yml\nauto PR]
    ceiling -->|blocks| issue2
    issue2 --> comment["Developer comments\n@coco fix"]
    comment --> manual[cortex-comment-fix.yml]
    manual --> autofix

Loading

---

Fix mode resolution (highest priority wins)

1. vars.COCO_MAX_AUTO        ← runtime experiment (GitHub Actions variable)
2. .github/coco-config.yml   ← config-as-code default (auditable via git history)
3. Built-in default: "conservative"

CONFIG_VALUE=$(python3 -c "
import re, pathlib
cfg = pathlib.Path('.github/coco-config.yml')
m = re.search(r'max_auto:\s*(\w+)', cfg.read_text()) if cfg.exists() else None
print(m.group(1) if m else 'conservative')
" 2>/dev/null || echo "conservative")

VARS_VALUE="${{ vars.COCO_MAX_AUTO }}"
MAX_AUTO="${VARS_VALUE:-$CONFIG_VALUE}"
SOURCE=$( [ -n "$VARS_VALUE" ] && echo "vars override" || echo ".github/coco-config.yml" )
echo "::notice::COCO_MAX_AUTO=$MAX_AUTO (source: $SOURCE)"

::notice:: surfaces in the Actions summary — every fix decision is auditable.

---

.github/coco-config.yml — ships in template

# CoCo agent behaviour — change via PR for full audit trail
fix_mode:
  max_auto: conservative  # aggressive | conservative | off
  # aggressive:   trust issue scoring — auto-fix when AI is confident
  # conservative: auto-fix LOW severity only, regardless of complexity
  # off:          never auto-fix — always require @coco fix comment

---

Issue scoring in scan prompt

Output per issue:

SEVERITY: high
COMPLEXITY: low
CONFIDENCE: high
FIX_DECISION: auto

Heuristic:

• Any + LOW complexity + HIGH confidence → auto
• HIGH severity + HIGH complexity → needs-review
• Any + LOW confidence → needs-review

---

@coco fix trigger — cortex-comment-fix.yml (new)

on:
  issue_comment:
    types: [created]
jobs:
  handle-fix:
    if: |
      contains(github.event.comment.body, '@coco fix') ||
      contains(github.event.comment.body, '@coco-agent fix')
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run fix
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          cortex exec "Fix issue #${{ github.event.issue.number }}: \
            ${{ github.event.issue.title }}" --no-history < /dev/null

---

Implementation tasks

• Add .github/coco-config.yml to template (conservative default)
• Update scan prompt to output SEVERITY / COMPLEXITY / CONFIDENCE / FIX_DECISION
• Update cortex-scan.yml: parse scoring, apply labels, check ceiling before calling fix
• Add cortex-comment-fix.yml for @coco fix trigger
• Add COCO_MAX_AUTO as a var (not secret) in scaffold step-4a
• ::notice:: audit log on every fix decision point

Timing

.github/coco-config.yml can ship in the template immediately (no workflow changes).
Workflow changes (scoring + comment trigger) are post-v0.1.0.