Skip to content

[Experiment] Create a .NET SDK Issue Monster#55243

Open
nagilson wants to merge 10 commits into
dotnet:mainfrom
nagilson:issue-monster
Open

[Experiment] Create a .NET SDK Issue Monster#55243
nagilson wants to merge 10 commits into
dotnet:mainfrom
nagilson:issue-monster

Conversation

@nagilson

@nagilson nagilson commented Jul 10, 2026

Copy link
Copy Markdown
Member

Summary

Adds an Agentic Workflow to automatically assign selected issues to copilot.

image

A sample run is present in: nagilson#15

Related #55185

Expected Impact

  • Reduce burden on developers having to assign simple issues to CoPilot and wait for CoPilot. This removes the time from the dev-loop to recontextualize the issue and prevents having to monitor the assigned issue fix.
  • Increase velocity on the repository.
  • Combined with other workflows such as a triager, we could further enable improvements on the repository by identifying known build errors or flakes, and have an autonomous workflow e2e monitoring and proposing and discovering areas of improvement across repository code quality and CI. Of course, actual engineers still are required as the maintainers and QA for these.
  • Reduce technical debt.

Criteria

  1. It does not overwhelm developers on the .NET SDK repo with PRs; a deterministically defined limit on the number of issues to assign per run helps with this.
  2. It does not waste tokens on issues we don't want PRs for; assumption: AI agents cannot be trusted with feature requests or large-scale changes autonomously. However, we assume that they can be relatively worthwhile to run autonomously on simpler issues, e.g. documentation updates, small bug fixes, isolated CI fixes, small refactors, etc.
  3. It does not allow using too many tokens; the limit on reviews per run helps with this; we assume that the CoPilot review tool has its own stopgaps to prevent exceedingly large token consumption, but that is not a new problem addressed here since it limits the number of assigned issues.
  4. The 'cookie' label must be applied to select from the pool of issues, which depends on an agentic triager.
  5. It can properly assess base_branch(es) since this is vital to working in the .NET SDK repo.

Concerns

The default COPILOT_PAT tokens we have today as secrets are for running agentic workflows, but they do not give permission to assign CoPilot to a PR. This necessitates a new token that enables that permission. We should consider whether we are willing to accept that risk.

Context

I spent some time looking into agentic workflows as part of a process to improve triaging scenarios.

One of the more fascinating things I discovered was the concept of an 'issue monster' that finds issues and assigns them to CoPilot. Inspired by https://github.com/github/gh-aw/blob/main/.github/workflows/issue-monster.md, I decided to look into whether the .NET SDK repository could have an automated CoPilot assigner to issues.

I believe that the 'cookie monster' framing of this tool helps explain what it does without needing to go into too much detail. It's a principle I think of from game-design, where the framing of a gameplay concept helps explain it to players without them really needing to know anything about it.

For Reviewers

The history starts with a clean baseline off the workflow that lives inside gh-aw and then slowly removes gh-aw specific components, then adds in sdk specific components in separated commits.

You may notice the gh-aw has several other concepts such as an oltp export for the session itself, a cli-proxy and an App, but I did not determine those to be necessary for our use case. They also use 'pi' which is an experimental AI but we rely on copilot since it is more 'stable'.

@nagilson nagilson marked this pull request as ready for review July 10, 2026 23:03
Copilot AI review requested due to automatic review settings July 10, 2026 23:03

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Agentic Workflow (“Issue Monster”) to periodically select open issues labeled cookie and assign up to three of them to the Copilot coding agent, with safeguards for integrity filtering, branch routing, and rate-limit detection.

Changes:

  • Introduces the issue-monster agentic workflow source (.md) plus its compiled lock workflow (.lock.yml) for scheduled and manual runs.
  • Adds a shared GitHub MCP guard policy that treats the cookie label as an approval label for integrity checks.
  • Updates the agentic workflows action lock to reference github/gh-aw-actions/setup@v0.81.6.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/shared/github-guard-policy.md Defines cookie as an approval label for GitHub MCP tool-call integrity checks.
.github/workflows/issue-monster.md New Issue Monster agentic workflow definition: issue search/scoring, base-branch inference, and safe-output assignment/comment guidance.
.github/workflows/issue-monster.lock.yml Generated workflow implementation compiled from issue-monster.md.
.github/aw/actions-lock.json Bumps pinned github/gh-aw-actions/setup action to v0.81.6.

Comment on lines +175 to +179
// Fetch full details for each issue to get labels, assignees, sub-issues, and linked PRs
// Track integrity-filtered issues to emit a diagnostic summary
const integrityFilteredIssues = [];
const issuesWithDetails = (await Promise.all(
response.data.items.map(async (issue) => {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants