Skip to content

fix: use agent repo root for tests and commits#95

Merged
Bryan-Roe merged 2 commits into
mainfrom
pushable-agent-fix
Mar 26, 2026
Merged

fix: use agent repo root for tests and commits#95
Bryan-Roe merged 2 commits into
mainfrom
pushable-agent-fix

Conversation

@Bryan-Roe

Copy link
Copy Markdown
Owner

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings March 26, 2026 17:25

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Bryan-Roe! 👋

Your private repo does not have access to Sourcery.

Please upgrade to continue using Sourcery ✨

@Bryan-Roe Bryan-Roe merged commit 351201d into main Mar 26, 2026
1 of 13 checks passed
@Bryan-Roe Bryan-Roe deleted the pushable-agent-fix branch March 26, 2026 17:26

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the autonomous code agent to run tests and create commits relative to the agent’s configured repository root (self.repo.repo_root) rather than the module-level REPO_ROOT, and adds regression tests to ensure the behavior doesn’t silently revert.

Changes:

  • Update CodeAgent.run_tests() to locate scripts/test_runner.py and run subprocesses with cwd=self.repo.repo_root.
  • Update CodeAgent.commit_changes() to stage and commit with cwd=self.repo.repo_root.
  • Add tests that verify run_tests()/commit_changes() use the agent repo root even when the global REPO_ROOT is intentionally wrong.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

File Description
scripts/autonomous_code_agent.py Uses self.repo.repo_root for test execution and git commit/stage working directory.
tests/test_autonomous_code_agent.py Adds regression tests to confirm repo-root selection for tests and commits.

Comment on lines +119 to +126
wrong_root = tmp_path / "wrong-root"
wrong_root.mkdir()
monkeypatch.setattr(aca, "REPO_ROOT", wrong_root)
monkeypatch.setattr(aca, "DATA_OUT", tmp_path / "data_out")
monkeypatch.setattr(aca, "STATUS_FILE", tmp_path / "data_out" / "status.json")

agent = aca.CodeAgent(llm_type="echo")
agent.repo.repo_root = tmp_path

Copilot AI Mar 26, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new tests patch aca.DATA_OUT/aca.STATUS_FILE but don’t clear the module logger handlers like _configure_agent_repo() does. Since CodeAgent.__init__() always adds a FileHandler, this test (and later tests) will accumulate handlers and can leave open file descriptors across tests (potentially causing tmp dir cleanup issues on some platforms). Consider reusing _configure_agent_repo() here (and/or explicitly closing/removing existing handlers) before constructing CodeAgent.

Copilot uses AI. Check for mistakes.
Comment on lines +155 to +163
wrong_root = tmp_path / "wrong-root"
wrong_root.mkdir()
monkeypatch.setattr(aca, "REPO_ROOT", wrong_root)
monkeypatch.setattr(aca, "DATA_OUT", tmp_path / "data_out")
monkeypatch.setattr(aca, "STATUS_FILE", tmp_path / "data_out" / "status.json")

agent = aca.CodeAgent(llm_type="echo")
agent.repo.repo_root = tmp_path

Copilot AI Mar 26, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue here: this test patches aca.DATA_OUT/aca.STATUS_FILE but doesn’t clear/close existing _LOGGER handlers before instantiating CodeAgent, so handlers can pile up across tests. Reusing _configure_agent_repo() (or adding a small helper to reset logger handlers safely) would keep tests isolated.

Copilot uses AI. Check for mistakes.
Comment on lines 634 to 639
subprocess.run(
["git", "add", "--"] + files_to_stage,
cwd=REPO_ROOT,
cwd=self.repo.repo_root,
check=True,
capture_output=True,
)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:
Detected subprocess function 'run' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.

To resolve this comment:

🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

  • /fp <comment> for false positive
  • /ar <comment> for acceptable risk
  • /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by dangerous-subprocess-use-audit.

You can view more details about this finding in the Semgrep AppSec Platform.

@bryan-roe-bot

bryan-roe-bot Bot commented Mar 26, 2026

Copy link
Copy Markdown
Contributor

Semgrep found 1 dangerous-subprocess-use-audit finding:

Detected subprocess function 'run' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants