Skip to content

fix(dev-lead): configure git identity, surface commit failures, add WebFetch tool access#282

Merged
don-petry merged 3 commits into
mainfrom
fix/dev-lead-git-identity-and-commit-failure
May 19, 2026
Merged

fix(dev-lead): configure git identity, surface commit failures, add WebFetch tool access#282
don-petry merged 3 commits into
mainfrom
fix/dev-lead-git-identity-and-commit-failure

Conversation

@don-petry

@don-petry don-petry commented May 19, 2026

Copy link
Copy Markdown
Collaborator

Summary

Fixes three issues diagnosed in run #26071797185 where the dev-lead agent's fixes were silently lost while falsely reporting "Changes committed and pushed."

  • Configure git identity in dev-lead.yml before writer steps — runners have no default user.email/user.name, causing all git commit calls to fail
  • Surface git commit failures in commit_and_push — the function was called from an if condition, suspending set -e and silently swallowing the failure; now uses || { exit 1; } to hard-fail CI visibly
  • Add WebFetch to run_writer allowed tools — agent can now look up SHA256 hashes, SonarCloud rule docs, etc. without curl guesswork

Root cause

commit_and_push was called as the condition of an if statement. In bash with set -euo pipefail, set -e is suspended for the entire function body in that position. So when git commit failed with "fatal: empty ident name not allowed", execution continued to git push (exited 0 with "Everything up-to-date"), the function returned 0, and post_reviews_terminal ... status=applied fired — posting a false "Changes committed and pushed" comment while all agent work was dropped.

Test plan

  • bats tests/dev-lead/unit/test_fix_reviews.bats — two new regression tests added (tests 16 & 17): verify commit_and_push failure exits non-zero and never posts a false status=applied marker
  • All previously-passing tests continue to pass (tests 10–14 & 6, 12, 27–28, 31 are pre-existing failures unrelated to this PR)
  • Re-trigger failed runs on PR ci: add required ci.yml workflow #80 after merge to confirm agent can now commit and push fixes

Closes #281

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features

    • WebFetch tool now available during write operations for enhanced functionality.
  • Bug Fixes

    • Improved git identity configuration in CI workflows for reliable commits.
    • Enhanced error handling for commit failures with explicit error messages instead of silent failures.
  • Tests

    • Added test coverage for commit failure scenarios to prevent undetected errors.

Review Change Stack

…ebFetch tool access

Fixes three issues diagnosed in run #26071797185 where the agent's fixes
were silently lost with a false "Changes committed and pushed" comment:

1. Configure git identity in dev-lead.yml before any writer steps run.
   GitHub Actions runners have no default git user.email/name, causing
   `git commit` to fail with "fatal: empty ident name not allowed".

2. Fix commit_and_push to surface git commit failures. The function was
   called from an `if` statement condition, suspending set -e for the
   entire body. A failing `git commit` was silently ignored — execution
   continued to `git push` (which exits 0 with "Everything up-to-date"),
   the function returned 0, and a false "applied" marker was posted. Now
   uses `|| { ...; exit 1; }` so any git commit failure hard-exits CI.

3. Add WebFetch to run_writer allowed tools so the agent can look up
   SHA256 hashes, SonarCloud rules, and other external resources without
   resorting to curl guesswork.

Adds two regression tests verifying commit failure exits non-zero and
never posts a false "status=applied" marker.

Closes #281
Copilot AI review requested due to automatic review settings May 19, 2026 02:32
@coderabbitai

coderabbitai Bot commented May 19, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@don-petry has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 54 minutes and 57 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 40c5baf6-fce5-4102-963b-10729c065518

📥 Commits

Reviewing files that changed from the base of the PR and between 8805c3a and b1c2852.

📒 Files selected for processing (2)
  • scripts/dev-lead-fix-reviews.sh
  • tests/dev-lead/unit/test_fix_reviews.bats
📝 Walkthrough

Walkthrough

The PR fixes three related issues preventing the dev-lead agent from reliably committing work. It configures git identity in the workflow, adds explicit error handling to the commit step to prevent silent failures, tests both failure modes, and expands Claude's write-mode tool access to include WebFetch for external verification.

Changes

Dev-lead workflow and commit reliability fixes

Layer / File(s) Summary
Workflow git identity configuration
.github/workflows/dev-lead.yml
New step configures global git user.email and user.name for the donpetry-bot identity before writer steps execute on non-skip intents.
Commit error handling and failure tests
scripts/dev-lead-fix-reviews.sh, tests/dev-lead/unit/test_fix_reviews.bats
commit_and_push now logs an error and exits with status 1 on git commit failure instead of silently continuing. Two new test cases verify the script fails non-zero on commit error and that false "applied" PR comments are not posted when commits fail.
Claude write-mode tool access expansion
scripts/engine.sh
WebFetch is added to the run_writer allowed-tools list, enabling the agent to fetch external content (release hashes, documentation, etc.) during write operations.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title directly matches the three main changes: configuring git identity, surfacing commit failures, and adding WebFetch tool access, clearly summarizing the primary fixes.
Linked Issues check ✅ Passed All three critical and enhancement objectives from issue #281 are addressed: git identity configuration step added to workflow, commit_and_push failure handling improved with explicit exit on error, and WebFetch added to allowed tools.
Out of Scope Changes check ✅ Passed All changes are directly scoped to issue #281: workflow git identity setup, commit failure handling, WebFetch tool access, and regression test coverage for commit_and_push failures.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/dev-lead-git-identity-and-commit-failure

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — human-pr (no-changes)

No changes were needed for this PR.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a silent failure mode in the dev-lead workflow where missing git identity caused git commit to fail, but the failure was masked by set -e suspension when commit_and_push was invoked as an if condition — resulting in falsely posted "Changes committed and pushed" comments while agent fixes were dropped.

Changes:

  • Configure global git identity (donpetry-bot) in dev-lead.yml before writer steps.
  • Make git commit failure in commit_and_push explicitly exit 1, bypassing the set -e suspension caveat.
  • Add WebFetch to the run_writer allowed tools list in engine.sh.
  • Add two regression bats tests asserting non-zero exit and no false status=applied marker on commit failure.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
.github/workflows/dev-lead.yml Adds a step to set global git user.email/user.name before writer steps run.
scripts/dev-lead-fix-reviews.sh Hard-fails (exit 1) on git commit failure with an error annotation.
scripts/engine.sh Includes WebFetch in the writer's --allowed-tools list.
tests/dev-lead/unit/test_fix_reviews.bats Adds two regression tests covering the commit-failure path.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-bot-comment (no-changes)

Engine ran but made no changes.

1 similar comment
@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-bot-comment (no-changes)

Engine ran but made no changes.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/dev-lead-fix-reviews.sh`:
- Around line 129-130: The conditional call to commit_and_push can silently
succeed even if the internal git push fails (because set -e doesn't stop
failures inside an if), so ensure failures are propagated: modify the caller or
the commit_and_push function to check git push's exit status and return non-zero
on error (e.g., capture the git push exit code and return it, or explicitly test
the call at the callsite with if ! commit_and_push; then return 1; fi) so that a
failed push cannot fall through and cause status=applied to be set.

In `@tests/dev-lead/unit/test_fix_reviews.bats`:
- Around line 477-483: After invoking the script with run bash
"$FIX_REVIEWS_SCRIPT", assert the command returned a non-zero exit status to
ensure the test exercised the commit-failure path; check the Bats-provided
status variable (e.g., assert [ "$status" -ne 0 ] or similar) before verifying
"$comment_file" contents so the test fails if the script unexpectedly succeeds.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d7f80a95-1fc6-495c-8d81-952acc07d2ea

📥 Commits

Reviewing files that changed from the base of the PR and between 0023f4e and 8805c3a.

📒 Files selected for processing (4)
  • .github/workflows/dev-lead.yml
  • scripts/dev-lead-fix-reviews.sh
  • scripts/engine.sh
  • tests/dev-lead/unit/test_fix_reviews.bats

Comment thread scripts/dev-lead-fix-reviews.sh Outdated
Comment thread tests/dev-lead/unit/test_fix_reviews.bats
@don-petry

Copy link
Copy Markdown
Collaborator Author

No description provided.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-reviews (no-changes)

No changes were needed for the open review threads.

…ertion

Per CodeRabbit review:
- `git push` had the same silent-swallow risk as `git commit` when called
  from an if-condition context; add `|| { exit 1; }` so push failures are
  surfaced the same way as commit failures
- Test 17 now asserts non-zero exit status before checking the comment
  file, so it fails correctly if the script unexpectedly succeeds
@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-bot-comment (no-changes)

Engine ran but made no changes.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — human-pr (no-changes)

No changes were needed for this PR.

@sonarqubecloud

Copy link
Copy Markdown

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-bot-comment (no-changes)

Engine ran but made no changes.

@don-petry don-petry merged commit dbea5f0 into main May 19, 2026
18 checks passed
@don-petry don-petry deleted the fix/dev-lead-git-identity-and-commit-failure branch May 19, 2026 02:39

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces explicit error handling for git commit in scripts/dev-lead-fix-reviews.sh to prevent silent failures when set -e is suspended, and adds WebFetch to the allowed tools for Claude in scripts/engine.sh. Additionally, new unit tests are included to verify the robustness of the commit process. Feedback suggests extending this error handling to the git push command and refactoring the new tests to reduce code duplication.

git commit -m "$commit_msg" || { echo "::error::git commit failed — check git identity configuration on the runner" >&2; exit 1; }
fi
git push
git push || {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The commit_and_push function is called from an if condition, which suspends set -e. While you've added error handling for git commit, the git push command on this line lacks similar protection. If git push fails (e.g., due to branch protection rules or network issues), the failure will be silently ignored, and the function will still return a success code. This could lead to the script falsely reporting that changes were pushed.

To ensure robustness, you should add explicit error handling for git push.

Suggested change
git push || {
git push || { echo "::error::git push failed" >&2; exit 1; }
References
  1. Keep error routing logic inline to avoid obscuring intent or introducing false positives.


# ── commit_and_push failure tests ─────────────────────────────────────────────

@test "fix-reviews: commit_and_push: git commit failure exits 1 (not silently swallowed)" {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

There is significant code duplication between the two new tests. Much of the setup code (environment variables, temporary git repository creation, claude stub) is identical in @test "fix-reviews: commit_and_push: git commit failure exits 1 (not silently swallowed)" and @test "fix-reviews: commit_and_push: no false 'applied' marker posted on git commit failure".

To improve maintainability and readability, consider refactoring the common setup logic into a helper function. This would make the tests more concise and easier to manage in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(dev-lead): git identity not configured + commit failure silently swallowed + missing WebFetch tool access

3 participants