Skip to content

[PR Triage Report] PR Triage Report — 2026-04-05 #4246

Closed as not planned
Closed as not planned
[PR Triage Report] PR Triage Report — 2026-04-05#4246
Labels
triage:complete
@github-actions

Description

@github-actions
github-actions
bot
opened on Apr 5, 2026

Workflow Run: 24001345647
Open PRs analyzed: 15 (1 draft, 14 active)

Executive Summary

Category Count
Total open PRs 15
Draft PRs 1 (#4243, expires Apr 6)
New/untriaged 1 (#4245)
Security-flagged 3 (#4245, #4236, #4228)
High-priority 5 (#4245, #4236, #4228, #4212, #4207)
External-contributor PRs 3 (#4234, #4112, #3984)
Stale base (not on current main) 7
Potential duplicates 2 groups

PR Inventory

PR Title Risk Priority Labels Notes
#4245 fix(recipes): replace heredocs with direct env-var assignment Security High (none) Untriaged — needs labels
#4243 [docs] Daily doc update: ADO + heredoc fix Low Low documentation, automation Draft; expires Apr 6
#4236 fix(recipes): step-03 quoting + PR URL resolution Security High medium-risk, security-review Possible duplicate of #4228/#4245
#4234 Fix: Issue #4233 (automated, external) Low Low low-risk Bot-pattern PR; verify legitimacy
#4228 fix: repair step-03 shell quoting (#4221) Security High medium-risk, has-tests, security-review Possible duplicate of #4236/#4245
#4216 feat: safe Anthropic disablement via ANTHROPIC_DISABLED Medium Medium medium-risk, has-tests 41 tests; ready for review
#4212 feat(recipes): ADO dual-provider step-16 + step-19d Medium High medium-risk, has-tests 239 tests pass; author self-reports merge-ready
#4207 fix: SEARCH_TITLE quoting + unsafe conditions Low High low-risk, has-tests CI all green; ready to merge
#4203 fix(#4169): smart-orchestrator teardown + atlas refresh Medium High medium-risk, has-tests Stale base (9a218fe); needs rebase
#4199 fix(recipe-runner): auto-update rust runner binary Low Medium low-risk Stale base (6966ad2); needs rebase
#4198 fix(knowledge_builder): guard copilot flag Low Medium low-risk Stale base (6966ad2); needs rebase
#4190 fix(cli): preserve entrypoint and patch surfaces Medium Medium medium-risk, has-tests Stale base (9a218fe); needs rebase
#4186 docs(multitask): add TIMEOUT_LIFECYCLE.md Low Low low-risk, has-tests Stale base (0d7507c); needs rebase
#4112 docs: clarify API keys in .env setup Low Low documentation, low-risk External; stale base; possible duplicate of #3984
#3984 docs: clarify API keys in CONTRIBUTING.md Low Low documentation, low-risk External; very stale base; likely duplicate of #4112

Key Findings

1. New Untriaged PR: #4245 (Security Fix)

#4245 fixes the recipe-runner 0.3.4 heredoc injection bug across 4 workflow steps (step-03, step-03b, step-16, step-19d) using direct env-var assignment instead of quoted heredocs. This supersedes the approach taken in #4228/#4236. No triage labels applied yet — requires immediate assessment.

2. Shell Quoting PR Consolidation Needed

Three PRs (#4245, #4236, #4228) all address step-03 shell quoting/injection. Only one should be merged:

Recommendation: Review #4245 first (broadest fix, addresses 4 steps). If it supersedes #4236 and #4228, close those. If #4236's PR URL resolution fix is independent, it may still need to land.

3. Stale Base Commits

7 PRs target commits that have since been superseded on main (current: 4c04a74):

PR Stale Base Age Gap
#4203, #4190 9a218fe ~2 days
#4199, #4198 6966ad2 ~2 days
#4186 0d7507c >2 days
#4112 ee2b8ed ~4 days
#3984 138de0d >4 days

These need rebase onto current main before merging.

4. Duplicate Documentation PRs

#4112 and #3984 both clarify API key requirements in CONTRIBUTING.md/.env docs. #3984 has a much more stale base and provides less detail. Recommend closing #3984 in favor of #4112.

5. External/Automated PR Scrutiny

#4234 from sonusonukgupta-gif is described as an "automated technical solution" — bot-pattern language. It targets the same issue (#4233) that #4236 also addresses. Recommend verifying this PR's legitimacy and diff quality before any action.

Priority Action Queue

  1. Triage fix(recipes): replace quoted heredocs with direct env-var assignment (skwaq#469) #4245 — apply labels, security review, determine if it supersedes fix: repair shell quoting in step-03 issue creation (#4221) #4228/fix(recipes): step-03 shell quoting + PR URL resolution (#4221, #4233) #4236
  2. Consolidate shell quoting PRs — pick the winner among fix(recipes): replace quoted heredocs with direct env-var assignment (skwaq#469) #4245, fix(recipes): step-03 shell quoting + PR URL resolution (#4221, #4233) #4236, fix: repair shell quoting in step-03 issue creation (#4221) #4228; close the others
  3. Merge fix: correct SEARCH_TITLE quoting and unsafe conditions in default-workflow #4207 — CI green, low risk, high priority; no blockers
  4. Review feat(recipes): ADO dual-provider step-16 resilience and step-19d agent conversion (#4205) #4212 — ADO dual-provider, 239 tests, author self-reports merge-ready
  5. Close docs: clarify API keys required vs optional in CONTRIBUTING.md #3984 — superseded by docs: clarify required vs optional API keys in .env setup (#3844) #4112, very stale base
  6. Act on [docs] docs: daily documentation update — ADO provider support and heredoc security fix (2026-04-05) #4243 draft — review or let expire before Apr 6
  7. Rebase stale PRsfix(#4169): smart-orchestrator teardown hardening + atlas refresh #4203, fix(recipe-runner): auto-update rust runner binary on version mismatch (#4189) #4199, fix(knowledge_builder): guard --dangerously-skip-permissions against copilot binary (#4188) #4198, fix(cli): preserve entrypoint and patch surfaces #4190, docs(multitask): add TIMEOUT_LIFECYCLE.md and update reference docs #4186 onto current main
  8. Scrutinize Fix: Issue #4233 #4234 — verify bot PR legitimacy before merge consideration

Generated by PR Triage Agent ·

  • expires on Apr 6, 2026, 12:22 PM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    triage:complete

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions