Skip to content

Add /fix-issue workflow for automated issue fixing#1313

Open
vikrantpuppala wants to merge 2 commits intodatabricks:mainfrom
vikrantpuppala:claude-fix-issue-workflow
Open

Add /fix-issue workflow for automated issue fixing#1313
vikrantpuppala wants to merge 2 commits intodatabricks:mainfrom
vikrantpuppala:claude-fix-issue-workflow

Conversation

@vikrantpuppala
Copy link
Copy Markdown
Collaborator

@vikrantpuppala vikrantpuppala commented Mar 24, 2026

Summary

  • Adds a new GitHub Actions workflow (claude-fix-issue.yml) that lets maintainers comment /fix-issue on any issue to trigger Claude to automatically reproduce, fix, test, and create a PR
  • Updates fix-github-issue.md skill with security guidance for treating issue content as untrusted data and CI non-interactive mode support
  • Security model: maintainer-gated trigger, hardcoded prompt treats issue body as data (not instructions), WebFetch/WebSearch blocked, audit trail comment posted before code changes begin

Test plan

  • Open a test issue on the repo, have a maintainer comment /fix-issue, verify the workflow triggers
  • Verify the author_association gate blocks non-maintainer triggers
  • Verify Claude posts a summary comment before making code changes
  • Verify Claude creates a PR with the fix (not just a branch link like [BUG]IS_NULLABLE field is incorrect for OSS JDBC metadata getColumns operation #1299)
  • Test with an issue containing prompt injection attempts (e.g., "ignore previous instructions and...") to verify they're ignored

NO_CHANGELOG=true

This pull request was AI-assisted by Isaac.

@vikrantpuppala
Add /fix-issue workflow for maintainer-triggered automated issue fixing
958d48e 
Adds a new GitHub Actions workflow that lets maintainers comment /fix-issue
on any issue to trigger Claude to automatically reproduce, fix, test, and
create a PR. Security-hardened: maintainer-gated trigger, issue body treated
as data not instructions, WebFetch/WebSearch blocked, audit trail comment
posted before code changes.

Also updates fix-github-issue.md skill with security guidance for treating
issue content as untrusted data and CI non-interactive mode support.

Co-authored-by: Isaac
Signed-off-by: Vikrant Puppala <vikrant.puppala@databricks.com>
@shivam2680
Copy link
Copy Markdown
Collaborator

shivam2680 commented Mar 24, 2026

can we make sure the instructions are aligned with https://docs.google.com/document/d/1V2iiC62e2azHNc6y7m7y0a9R47yg4nE6WFIe2cY2KzQ/edit?tab=t.0#heading=h.2r1eilc881sn?

@vikrantpuppala
Align security instructions with Agentic Security Threats doc
5d533ca 
Apply recommendations from the internal "Agentic Security Threats and
Mitigations" document: add non-override language for security rules,
spotlighting guidance for untrusted content, explicit prohibition of
external data exfiltration tools, and expanded prompt injection patterns.

Co-authored-by: Isaac
Signed-off-by: Vikrant Puppala <vikrant.puppala@databricks.com>
@samikshya-db
Copy link
Copy Markdown
Collaborator

samikshya-db commented Mar 25, 2026

/review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shivam2680 shivam2680 shivam2680 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vikrantpuppala @shivam2680 @samikshya-db