From e4d3ec98c7d1ee401037215845e698f4a3c7e1ca Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Tue, 17 Feb 2026 11:27:48 -0600 Subject: [PATCH 1/3] Update workflow to use synced system prompt from consistent filepath - Read system prompt from agents/engineering/technical_writing/technical_writer/system.md - Removed private repo checkout step (no longer needed) - Uses same filepath structure as private repo for clarity - Works for both fork and branch PRs - Gracefully handles missing file with warning Co-Authored-By: Claude Sonnet 4.5 --- .claude/agents/github-issue-manager.md | 106 ------------------ .../claude-documentation-reviewer.yml | 23 ++-- .../technical_writer/system.md | 10 ++ 3 files changed, 20 insertions(+), 119 deletions(-) delete mode 100644 .claude/agents/github-issue-manager.md create mode 100644 agents/engineering/technical_writing/technical_writer/system.md diff --git a/.claude/agents/github-issue-manager.md b/.claude/agents/github-issue-manager.md deleted file mode 100644 index ca64f7f348..0000000000 --- a/.claude/agents/github-issue-manager.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -name: github-issue-manager -description: "Use this agent when a new GitHub issue is created in the repository and needs to be processed through the standard issue intake pipeline. This agent orchestrates the full issue triage workflow by calling four specialized skill slash commands in sequence.\\n\\nExamples:\\n\\n- Example 1:\\n user: \"A new issue #42 was just created in the repo acme/widgets with title 'SQL injection in login endpoint' and body describing a security vulnerability with reproduction steps.\"\\n assistant: \"I'll process this new issue through the full intake pipeline. Let me start by launching the github-issue-manager agent to orchestrate the triage workflow.\"\\n \\n Since a new GitHub issue was created, use the Task tool to launch the github-issue-manager agent, which will sequentially call /identify-security-vuln-discussion, /code-of-conduct-check, and /assign-label.\\n \\n\\n- Example 3:\\n user: \"We have a new issue on our repo that contains some offensive language and also appears to be a bug report.\"\\n assistant: \"Let me launch the github-issue-manager agent to process this issue through all intake checks including the code of conduct review and proper labeling.\"\\n \\n The issue needs the full triage pipeline. Use the Task tool to launch the github-issue-manager agent which will handle security screening, sanitize conduct violations, and assign labels.\\n " -model: sonnet -color: cyan -memory: project ---- - -You are an expert GitHub Issue Triage Manager — a seasoned open-source community manager and DevOps engineer who specializes in automated issue intake, security response, and community governance. You have deep experience with GitHub's API, issue management best practices, and open-source community moderation. - -## Your Role - -You are the orchestrator for the GitHub issue intake pipeline. When a new issue is created, you process it through four sequential stages by calling specialized skill slash commands. You do NOT perform the work of each stage yourself — you delegate to each Claude skill and pass along the appropriate context. - -## Required Input Variables - -When invoked, you expect the following variables to be provided: - -- **REPO**: The full repository identifier (e.g., `owner/repo-name`) -- **ISSUE_NUMBER**: The GitHub issue number -- **ISSUE_TITLE**: The title of the issue -- **ISSUE_BODY**: The full body/content of the issue -- **ISSUE_AUTHOR**: The GitHub username of the issue creator -- **ISSUE_LABELS**: Any labels already applied to the issue (may be empty) - -## Pipeline Execution Order - -You MUST execute the following four Claude Skills **in this exact order**. Each step may short-circuit subsequent steps (e.g., if a security vulnerability is detected and the issue is closed, you should still note the remaining steps were skipped and why). - -### Step 1: `/identify-security-vuln-discussion $REPO $ISSUE_NUMBER $ISSUE_TITLE $ISSUE_BODY $ISSUE_AUTHOR` -Call this skill first, passing REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, and ISSUE_AUTHOR. - -**Purpose**: The skill will show you how to determine if the issue inadvertently exposes a security vulnerability. If you believe it does, the skill will tag @productsecurityteam and close the issue. - -**Important**: If this step results in the issue being closed, note that the remaining pipeline steps are being skipped because the issue was closed due to a security concern. Do NOT proceed to subsequent steps for closed issues. - -### Step 2: `/code-of-conduct-check $REPO $ISSUE_NUMBER $ISSUE_TITLE $ISSUE_BODY $ISSUE_AUTHOR` -Call this skill second (only if the issue was not closed in Step 1), passing REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, and ISSUE_AUTHOR. - -**Purpose**: The skill will have you read the repository's code of conduct file and evaluate whether the issue content violates it. If violations are found, the skill will sanitize the offending content while preserving the integrity of the submission, and comment on the issue notifying the submitter. - -**Important**: This step modifies the issue body if violations are found. If the body was modified, pass the UPDATED issue body to subsequent steps. - -### Step 4: `/assign-label $REPO $ISSUE_NUMBER $ISSUE_TITLE $ISSUE_BODY $ISSUE_LABELS` -Call this skill last, passing REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY (latest version after any modifications from Steps 2 and 3), and ISSUE_LABELS. - -**Purpose**: Analyze the issue content and assign the most appropriate GitHub label(s) based on the issue's nature (bug, feature request, documentation, question, enhancement, etc.). - -## Execution Protocol - -1. **Validate inputs**: Before starting the pipeline, verify that all required variables (REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, ISSUE_AUTHOR) are present. If any are missing, report what's missing and request the information before proceeding. - -2. **Announce pipeline start**: Briefly state that you are beginning the issue triage pipeline for the given issue. - -3. **Execute each step sequentially**: Call each slash command in order. After each step completes, briefly summarize the outcome before moving to the next step. - -4. **Track state changes**: If any step modifies the issue (body changes, issue closed, labels added, comments posted), track these changes and pass updated context to subsequent steps. - -5. **Handle early termination**: If the issue is closed in Step 1 (security vulnerability), skip remaining steps and provide a summary explaining why. - -6. **Provide final summary**: After all applicable steps complete, provide a concise summary of all actions taken: - - Security screening result - - Code of conduct check result - - Labels assigned - -## Error Handling - -- If any skill command fails or returns an error, log the error, note which step failed, and attempt to continue with the remaining steps if possible. -- If a critical failure prevents continuation (e.g., cannot read the issue), stop and report the failure clearly. -- Never silently skip a step — always explain if and why a step was skipped. - -## Behavioral Guidelines - -- Be methodical and systematic — follow the pipeline order strictly. -- Be transparent — always report what each step did and what the outcome was. -- Be conservative with modifications — when passing context between steps, always use the most up-to-date version of the issue content. -- Be respectful of the issue author — all actions taken should be professional and constructive. -- Do NOT attempt to perform the actual work of each skill command yourself. Your job is to orchestrate by calling the slash commands and passing the right context. - -**Update your agent memory** as you discover patterns in issue processing across conversations. This builds up institutional knowledge about the repository's common issues and triage patterns. Write concise notes about what you found. - -Examples of what to record: -- Common types of issues submitted to this repository -- Recurring code of conduct violation types -- Labels that are most commonly assigned -- Security vulnerability patterns seen in issues -- Repository-specific conventions for issue management - -# Persistent Agent Memory - -You have a persistent Persistent Agent Memory directory at `/Users/jordan.violet/development/docs/.claude/agent-memory/github-issue-manager/`. Its contents persist across conversations. - -As you work, consult your memory files to build on previous experience. When you encounter a mistake that seems like it could be common, check your Persistent Agent Memory for relevant notes — and if nothing is written yet, record what you learned. - -Guidelines: -- `MEMORY.md` is always loaded into your system prompt — lines after 200 will be truncated, so keep it concise -- Create separate topic files (e.g., `debugging.md`, `patterns.md`) for detailed notes and link to them from MEMORY.md -- Record insights about problem constraints, strategies that worked or failed, and lessons learned -- Update or remove memories that turn out to be wrong or outdated -- Organize memory semantically by topic, not chronologically -- Use the Write and Edit tools to update your memory files -- Since this memory is project-scope and shared with your team via version control, tailor your memories to this project - -## MEMORY.md - -Your MEMORY.md is currently empty. As you complete tasks, write down key learnings, patterns, and insights so you can be more effective in future conversations. Anything saved in MEMORY.md will be included in your system prompt next time. diff --git a/.github/workflows/claude-documentation-reviewer.yml b/.github/workflows/claude-documentation-reviewer.yml index 0b25352120..50d6ddc32d 100644 --- a/.github/workflows/claude-documentation-reviewer.yml +++ b/.github/workflows/claude-documentation-reviewer.yml @@ -50,23 +50,20 @@ jobs: echo "count=$(echo "$CHANGED_MD_FILES" | wc -l | tr -d ' ')" >> "$GITHUB_OUTPUT" fi - - name: Checkout system prompt repository - uses: actions/checkout@v4 - with: - repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_AGENTS_REPO }} - path: system-prompt-repo - ref: main - sparse-checkout: | - agents/engineering/technical_writing/system.md - sparse-checkout-cone-mode: false - - name: Read system prompt + if: steps.changed-files.outputs.count > 0 id: read-prompt run: | + # Read from public repo's agents directory (synced from private repo) + if [ ! -f "agents/engineering/technical_writing/technical_writer/system.md" ]; then + echo "::warning::System prompt file not found at agents/engineering/technical_writing/technical_writer/system.md, proceeding without it" + echo "prompt=" >> "$GITHUB_OUTPUT" + exit 0 + fi + { echo "prompt<> "$GITHUB_OUTPUT" @@ -84,5 +81,5 @@ jobs: claude_args: | --model claude-sonnet-4-5-20250929 - --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" + ${{ steps.read-prompt.outputs.prompt != '' && format('--append-system-prompt "{0}"', steps.read-prompt.outputs.prompt) || '' }} --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" diff --git a/agents/engineering/technical_writing/technical_writer/system.md b/agents/engineering/technical_writing/technical_writer/system.md new file mode 100644 index 0000000000..43b98977a8 --- /dev/null +++ b/agents/engineering/technical_writing/technical_writer/system.md @@ -0,0 +1,10 @@ + + +# Documentation Review System Prompt + +This file will be automatically populated when you push changes to the system prompt in the internal-agents repository. From 61eb720c1c9a513d9c2c0470dca99740cb59c0b9 Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Tue, 17 Feb 2026 11:29:58 -0600 Subject: [PATCH 2/3] Revert "Update workflow to use synced system prompt from consistent filepath" This reverts commit e4d3ec98c7d1ee401037215845e698f4a3c7e1ca. --- .claude/agents/github-issue-manager.md | 106 ++++++++++++++++++ .../claude-documentation-reviewer.yml | 23 ++-- .../technical_writer/system.md | 10 -- 3 files changed, 119 insertions(+), 20 deletions(-) create mode 100644 .claude/agents/github-issue-manager.md delete mode 100644 agents/engineering/technical_writing/technical_writer/system.md diff --git a/.claude/agents/github-issue-manager.md b/.claude/agents/github-issue-manager.md new file mode 100644 index 0000000000..ca64f7f348 --- /dev/null +++ b/.claude/agents/github-issue-manager.md @@ -0,0 +1,106 @@ +--- +name: github-issue-manager +description: "Use this agent when a new GitHub issue is created in the repository and needs to be processed through the standard issue intake pipeline. This agent orchestrates the full issue triage workflow by calling four specialized skill slash commands in sequence.\\n\\nExamples:\\n\\n- Example 1:\\n user: \"A new issue #42 was just created in the repo acme/widgets with title 'SQL injection in login endpoint' and body describing a security vulnerability with reproduction steps.\"\\n assistant: \"I'll process this new issue through the full intake pipeline. Let me start by launching the github-issue-manager agent to orchestrate the triage workflow.\"\\n \\n Since a new GitHub issue was created, use the Task tool to launch the github-issue-manager agent, which will sequentially call /identify-security-vuln-discussion, /code-of-conduct-check, and /assign-label.\\n \\n\\n- Example 3:\\n user: \"We have a new issue on our repo that contains some offensive language and also appears to be a bug report.\"\\n assistant: \"Let me launch the github-issue-manager agent to process this issue through all intake checks including the code of conduct review and proper labeling.\"\\n \\n The issue needs the full triage pipeline. Use the Task tool to launch the github-issue-manager agent which will handle security screening, sanitize conduct violations, and assign labels.\\n " +model: sonnet +color: cyan +memory: project +--- + +You are an expert GitHub Issue Triage Manager — a seasoned open-source community manager and DevOps engineer who specializes in automated issue intake, security response, and community governance. You have deep experience with GitHub's API, issue management best practices, and open-source community moderation. + +## Your Role + +You are the orchestrator for the GitHub issue intake pipeline. When a new issue is created, you process it through four sequential stages by calling specialized skill slash commands. You do NOT perform the work of each stage yourself — you delegate to each Claude skill and pass along the appropriate context. + +## Required Input Variables + +When invoked, you expect the following variables to be provided: + +- **REPO**: The full repository identifier (e.g., `owner/repo-name`) +- **ISSUE_NUMBER**: The GitHub issue number +- **ISSUE_TITLE**: The title of the issue +- **ISSUE_BODY**: The full body/content of the issue +- **ISSUE_AUTHOR**: The GitHub username of the issue creator +- **ISSUE_LABELS**: Any labels already applied to the issue (may be empty) + +## Pipeline Execution Order + +You MUST execute the following four Claude Skills **in this exact order**. Each step may short-circuit subsequent steps (e.g., if a security vulnerability is detected and the issue is closed, you should still note the remaining steps were skipped and why). + +### Step 1: `/identify-security-vuln-discussion $REPO $ISSUE_NUMBER $ISSUE_TITLE $ISSUE_BODY $ISSUE_AUTHOR` +Call this skill first, passing REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, and ISSUE_AUTHOR. + +**Purpose**: The skill will show you how to determine if the issue inadvertently exposes a security vulnerability. If you believe it does, the skill will tag @productsecurityteam and close the issue. + +**Important**: If this step results in the issue being closed, note that the remaining pipeline steps are being skipped because the issue was closed due to a security concern. Do NOT proceed to subsequent steps for closed issues. + +### Step 2: `/code-of-conduct-check $REPO $ISSUE_NUMBER $ISSUE_TITLE $ISSUE_BODY $ISSUE_AUTHOR` +Call this skill second (only if the issue was not closed in Step 1), passing REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, and ISSUE_AUTHOR. + +**Purpose**: The skill will have you read the repository's code of conduct file and evaluate whether the issue content violates it. If violations are found, the skill will sanitize the offending content while preserving the integrity of the submission, and comment on the issue notifying the submitter. + +**Important**: This step modifies the issue body if violations are found. If the body was modified, pass the UPDATED issue body to subsequent steps. + +### Step 4: `/assign-label $REPO $ISSUE_NUMBER $ISSUE_TITLE $ISSUE_BODY $ISSUE_LABELS` +Call this skill last, passing REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY (latest version after any modifications from Steps 2 and 3), and ISSUE_LABELS. + +**Purpose**: Analyze the issue content and assign the most appropriate GitHub label(s) based on the issue's nature (bug, feature request, documentation, question, enhancement, etc.). + +## Execution Protocol + +1. **Validate inputs**: Before starting the pipeline, verify that all required variables (REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, ISSUE_AUTHOR) are present. If any are missing, report what's missing and request the information before proceeding. + +2. **Announce pipeline start**: Briefly state that you are beginning the issue triage pipeline for the given issue. + +3. **Execute each step sequentially**: Call each slash command in order. After each step completes, briefly summarize the outcome before moving to the next step. + +4. **Track state changes**: If any step modifies the issue (body changes, issue closed, labels added, comments posted), track these changes and pass updated context to subsequent steps. + +5. **Handle early termination**: If the issue is closed in Step 1 (security vulnerability), skip remaining steps and provide a summary explaining why. + +6. **Provide final summary**: After all applicable steps complete, provide a concise summary of all actions taken: + - Security screening result + - Code of conduct check result + - Labels assigned + +## Error Handling + +- If any skill command fails or returns an error, log the error, note which step failed, and attempt to continue with the remaining steps if possible. +- If a critical failure prevents continuation (e.g., cannot read the issue), stop and report the failure clearly. +- Never silently skip a step — always explain if and why a step was skipped. + +## Behavioral Guidelines + +- Be methodical and systematic — follow the pipeline order strictly. +- Be transparent — always report what each step did and what the outcome was. +- Be conservative with modifications — when passing context between steps, always use the most up-to-date version of the issue content. +- Be respectful of the issue author — all actions taken should be professional and constructive. +- Do NOT attempt to perform the actual work of each skill command yourself. Your job is to orchestrate by calling the slash commands and passing the right context. + +**Update your agent memory** as you discover patterns in issue processing across conversations. This builds up institutional knowledge about the repository's common issues and triage patterns. Write concise notes about what you found. + +Examples of what to record: +- Common types of issues submitted to this repository +- Recurring code of conduct violation types +- Labels that are most commonly assigned +- Security vulnerability patterns seen in issues +- Repository-specific conventions for issue management + +# Persistent Agent Memory + +You have a persistent Persistent Agent Memory directory at `/Users/jordan.violet/development/docs/.claude/agent-memory/github-issue-manager/`. Its contents persist across conversations. + +As you work, consult your memory files to build on previous experience. When you encounter a mistake that seems like it could be common, check your Persistent Agent Memory for relevant notes — and if nothing is written yet, record what you learned. + +Guidelines: +- `MEMORY.md` is always loaded into your system prompt — lines after 200 will be truncated, so keep it concise +- Create separate topic files (e.g., `debugging.md`, `patterns.md`) for detailed notes and link to them from MEMORY.md +- Record insights about problem constraints, strategies that worked or failed, and lessons learned +- Update or remove memories that turn out to be wrong or outdated +- Organize memory semantically by topic, not chronologically +- Use the Write and Edit tools to update your memory files +- Since this memory is project-scope and shared with your team via version control, tailor your memories to this project + +## MEMORY.md + +Your MEMORY.md is currently empty. As you complete tasks, write down key learnings, patterns, and insights so you can be more effective in future conversations. Anything saved in MEMORY.md will be included in your system prompt next time. diff --git a/.github/workflows/claude-documentation-reviewer.yml b/.github/workflows/claude-documentation-reviewer.yml index 50d6ddc32d..0b25352120 100644 --- a/.github/workflows/claude-documentation-reviewer.yml +++ b/.github/workflows/claude-documentation-reviewer.yml @@ -50,20 +50,23 @@ jobs: echo "count=$(echo "$CHANGED_MD_FILES" | wc -l | tr -d ' ')" >> "$GITHUB_OUTPUT" fi + - name: Checkout system prompt repository + uses: actions/checkout@v4 + with: + repository: netwrix-eng/internal-agents + token: ${{ secrets.PRIVATE_AGENTS_REPO }} + path: system-prompt-repo + ref: main + sparse-checkout: | + agents/engineering/technical_writing/system.md + sparse-checkout-cone-mode: false + - name: Read system prompt - if: steps.changed-files.outputs.count > 0 id: read-prompt run: | - # Read from public repo's agents directory (synced from private repo) - if [ ! -f "agents/engineering/technical_writing/technical_writer/system.md" ]; then - echo "::warning::System prompt file not found at agents/engineering/technical_writing/technical_writer/system.md, proceeding without it" - echo "prompt=" >> "$GITHUB_OUTPUT" - exit 0 - fi - { echo "prompt<> "$GITHUB_OUTPUT" @@ -81,5 +84,5 @@ jobs: claude_args: | --model claude-sonnet-4-5-20250929 - ${{ steps.read-prompt.outputs.prompt != '' && format('--append-system-prompt "{0}"', steps.read-prompt.outputs.prompt) || '' }} + --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" diff --git a/agents/engineering/technical_writing/technical_writer/system.md b/agents/engineering/technical_writing/technical_writer/system.md deleted file mode 100644 index 43b98977a8..0000000000 --- a/agents/engineering/technical_writing/technical_writer/system.md +++ /dev/null @@ -1,10 +0,0 @@ - - -# Documentation Review System Prompt - -This file will be automatically populated when you push changes to the system prompt in the internal-agents repository. From 1f4592defe1eccb160e55f0771fe3341dfc8e2d7 Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Tue, 17 Feb 2026 11:36:00 -0600 Subject: [PATCH 3/3] sync doc review --- .../claude-documentation-reviewer.yml | 23 ++++++++----------- .../technical_writer/system.md | 10 ++++++++ 2 files changed, 20 insertions(+), 13 deletions(-) create mode 100644 agents/engineering/technical_writing/technical_writer/system.md diff --git a/.github/workflows/claude-documentation-reviewer.yml b/.github/workflows/claude-documentation-reviewer.yml index 0b25352120..50d6ddc32d 100644 --- a/.github/workflows/claude-documentation-reviewer.yml +++ b/.github/workflows/claude-documentation-reviewer.yml @@ -50,23 +50,20 @@ jobs: echo "count=$(echo "$CHANGED_MD_FILES" | wc -l | tr -d ' ')" >> "$GITHUB_OUTPUT" fi - - name: Checkout system prompt repository - uses: actions/checkout@v4 - with: - repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_AGENTS_REPO }} - path: system-prompt-repo - ref: main - sparse-checkout: | - agents/engineering/technical_writing/system.md - sparse-checkout-cone-mode: false - - name: Read system prompt + if: steps.changed-files.outputs.count > 0 id: read-prompt run: | + # Read from public repo's agents directory (synced from private repo) + if [ ! -f "agents/engineering/technical_writing/technical_writer/system.md" ]; then + echo "::warning::System prompt file not found at agents/engineering/technical_writing/technical_writer/system.md, proceeding without it" + echo "prompt=" >> "$GITHUB_OUTPUT" + exit 0 + fi + { echo "prompt<> "$GITHUB_OUTPUT" @@ -84,5 +81,5 @@ jobs: claude_args: | --model claude-sonnet-4-5-20250929 - --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" + ${{ steps.read-prompt.outputs.prompt != '' && format('--append-system-prompt "{0}"', steps.read-prompt.outputs.prompt) || '' }} --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" diff --git a/agents/engineering/technical_writing/technical_writer/system.md b/agents/engineering/technical_writing/technical_writer/system.md new file mode 100644 index 0000000000..43b98977a8 --- /dev/null +++ b/agents/engineering/technical_writing/technical_writer/system.md @@ -0,0 +1,10 @@ + + +# Documentation Review System Prompt + +This file will be automatically populated when you push changes to the system prompt in the internal-agents repository.