From 2e773601326bab88e5c135388026634246064c3f Mon Sep 17 00:00:00 2001 From: Jeremy Eder Date: Thu, 26 Mar 2026 16:24:10 -0400 Subject: [PATCH 1/3] Add wait + post results back to GitHub issue - Wait for ACP session to complete before exiting - Post session phase and result as a comment on the issue - Add issues: write permission for commenting - Show result in a collapsible details block Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/ambient.yml | 37 +++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/.github/workflows/ambient.yml b/.github/workflows/ambient.yml index 3c9a8de..c7e2d21 100644 --- a/.github/workflows/ambient.yml +++ b/.github/workflows/ambient.yml @@ -6,6 +6,7 @@ on: permissions: contents: read + issues: write jobs: ambient: @@ -15,6 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: ambient-code/ambient-action@v0.0.2 + id: session with: api-url: ${{ secrets.AMBIENT_API_URL }} api-token: ${{ secrets.AMBIENT_BOT_TOKEN }} @@ -23,3 +25,38 @@ jobs: display-name: "Issue #${{ github.event.issue.number }}" repos: '[{"url": "https://github.com/${{ github.repository }}", "branch": "ambient/issue-${{ github.event.issue.number }}", "autoPush": true}]' labels: '{"source": "github-issue", "issue": "${{ github.event.issue.number }}"}' + wait: 'true' + timeout: '30' + + - name: Post result to issue + if: always() + env: + GH_TOKEN: ${{ github.token }} + SESSION_NAME: ${{ steps.session.outputs.session-name }} + SESSION_PHASE: ${{ steps.session.outputs.session-phase }} + SESSION_RESULT: ${{ steps.session.outputs.session-result }} + run: | + if [ "$SESSION_PHASE" = "Completed" ]; then + EMOJI="✅" + elif [ -z "$SESSION_PHASE" ]; then + EMOJI="❌" + SESSION_PHASE="CreateFailed" + else + EMOJI="⚠️" + fi + + BODY="${EMOJI} **Ambient session ${SESSION_PHASE}** (\`${SESSION_NAME}\`)" + if [ -n "$SESSION_RESULT" ]; then + BODY="${BODY} + +
+ Session output + + ${SESSION_RESULT} + +
" + fi + + gh issue comment "${{ github.event.issue.number }}" \ + --repo "${{ github.repository }}" \ + --body "$BODY" From b15038852affe43caa70d0c9c521a189c1142378 Mon Sep 17 00:00:00 2001 From: Jeremy Eder Date: Thu, 26 Mar 2026 16:27:01 -0400 Subject: [PATCH 2/3] Increase session timeout to 300 Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/ambient.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ambient.yml b/.github/workflows/ambient.yml index c7e2d21..ad57ec2 100644 --- a/.github/workflows/ambient.yml +++ b/.github/workflows/ambient.yml @@ -26,7 +26,7 @@ jobs: repos: '[{"url": "https://github.com/${{ github.repository }}", "branch": "ambient/issue-${{ github.event.issue.number }}", "autoPush": true}]' labels: '{"source": "github-issue", "issue": "${{ github.event.issue.number }}"}' wait: 'true' - timeout: '30' + timeout: '300' - name: Post result to issue if: always() From 2ac37a4c95f740c92b558b36cf56a6e15e2167bf Mon Sep 17 00:00:00 2001 From: Jeremy Eder Date: Thu, 26 Mar 2026 16:30:06 -0400 Subject: [PATCH 3/3] Fix shell injection risk in issue comment posting Use --body-file instead of interpolating SESSION_RESULT into a shell string, which could break on backticks or $() in output. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/ambient.yml | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ambient.yml b/.github/workflows/ambient.yml index ad57ec2..cadbbd4 100644 --- a/.github/workflows/ambient.yml +++ b/.github/workflows/ambient.yml @@ -45,18 +45,15 @@ jobs: EMOJI="⚠️" fi - BODY="${EMOJI} **Ambient session ${SESSION_PHASE}** (\`${SESSION_NAME}\`)" - if [ -n "$SESSION_RESULT" ]; then - BODY="${BODY} - -
- Session output - - ${SESSION_RESULT} - -
" - fi + { + printf '%s\n' "${EMOJI} **Ambient session ${SESSION_PHASE}** (\`${SESSION_NAME}\`)" + if [ -n "$SESSION_RESULT" ]; then + printf '\n
\nSession output\n\n' + printf '%s\n' "$SESSION_RESULT" + printf '\n
\n' + fi + } > "$RUNNER_TEMP/comment-body.md" gh issue comment "${{ github.event.issue.number }}" \ --repo "${{ github.repository }}" \ - --body "$BODY" + --body-file "$RUNNER_TEMP/comment-body.md"