Cloud agent automation backlog
Date: 2026-03-28
Status: Proposal — prioritization only; no implementation commitment in this PR.
Prioritized ideas for cloud-agent automations tailored to this monorepo, grounded in existing GitHub Actions and internal plans, so new agents add net value without duplicating CI.
Follow-up work (from planning)
- Dagster CI vs agent: Decide whether to extend
.github/workflows/ci.ymlforapps/dagster-pipelines/**or use a dedicated cloud agent that runspytestand comments. - PR hygiene + secret scan: Spec triggers (
opened/edited) and checks: PR template sections, Linear ID in title, diff patterns for secrets. - dbt impact (phase 1): Scope paths, dbt project location, compile-only vs test + diff.
What you already have (avoid duplicating)
- PR review assistant:
.github/workflows/pr_agent.yml(Qodo PR Agent onapps/**PRs + comment thread). - Lint/types repair loop:
.github/workflows/codex-auto-fix.ymlruns Codex when CI fails (focused onnpm run lint/npm run types—note it uses rootnpm ci; platform work is mostly underapps/platform/). - Long-form doc review:
.github/workflows/document-council-on-pr.ymlforknowledge/plans/**,knowledge/gtm/**, and selectedstandards/**. - Heavy CI:
.github/workflows/ci.yml— platform lint, types, Playwright E2E (via 1Password), Slack assistant tests. - Scheduled hygiene:
.github/workflows/weekly-repository-cleanup-report.yml, daily/weekly platform summaries, auto-label PRs.
A typical cloud stack (skill audit, test coverage, docs, vuln scan) complements this; the highest-value new agents fill gaps CI does not cover or orchestrate cross-cutting checks with human-readable PR comments.
Tier 1 — Highest impact / efficacy for a cloud agent
| Automation | Why it matters here | Efficacy notes |
|---|---|---|
| Dagster/Python PR gate + summary | AGENTS.md states Dagster changes should run pytest pipelines_tests until dedicated Python CI exists; today main CI does not gate apps/dagster-pipelines/**. | Agent checks out PR, venv + pip install, runs pytest, posts a short pass/fail summary + failing test names. Very high signal per run. |
| dbt / analytics PR impact report | Cloud agent data environment report calls “dbt PR impact” the highest-leverage data move: modified models, compile/test, risk narrative. | Fits long-running, judgment-heavy work agents do well; can start read-only (compile + dbt ls / graph summary) before full diff automation. |
| PR hygiene bot (description + Linear title) | Cursor rules (e.g. .cursor/rules/github-pr-description.mdc, .cursor/rules/linear-github-branch.mdc) require PR body sections and Linear ID in title for integration. | Cheap to run on opened/edited; high team leverage, low flake rate. Post a checklist comment or ✅ when satisfied. |
| Secret-leak / env-in-diff scanner | Complements generic “vuln scan”: catch accidental .env, API keys, op:// mishaps in the diff. | Rules like .cursor/rules/no-secrets-in-repo.mdc encode intent; automation enforces it on every PR. |
Tier 2 — Strong value, slightly narrower or more maintenance
| Automation | Why | Caveats |
|---|---|---|
| Monorepo path router | PRs can touch apps/platform/, apps/dagster-pipelines/, and apps/paperclip/ with different install/build commands. Some work also hands off to separate repos such as brainforge-work. | Agent comments “run these checks locally” or triggers awareness; avoid fighting existing per-app workflows under apps/*/.github/. |
| Subtree / integration drift nudge | Dagster is still a subtree in AGENTS.md, while Work has moved to a separate repo and still has Platform handoff points. | On changes under those surfaces, comment with the right sync/playbook docs; efficacy depends on keeping links current. |
| CI failure explainer (non-auto-fix) | When CI fails and Codex auto-fix does not apply (E2E, Slack tests, wrong cwd), agent summarizes logs and suggests next step. | Useful when failures are env/credentials vs code; avoid duplicating Codex’s lint/types loop. |
| Dependency / lockfile consistency | Platform uses npm ci --legacy-peer-deps in CI; lockfile drift causes churn. | Agent flags package.json changed without package-lock.json, or documents required follow-up. |
Tier 3 — Nice-to-have
- Stale PR / review SLA ping (Slack or comment): process, not repo-specific.
- Post-merge smoke reminder (e.g. Railway health): only if wired to deploy URLs and secrets policy allows.
- Structured PR security summary comment: overlaps PR Agent + vuln scan; only add if you want an OWASP-style template distinct from existing tools.
Suggested order to implement
- Dagster pytest on PRs (or widen
ci.ymlwith apathsjob) — closes a real quality hole. - PR hygiene + secret-in-diff — minimal cost, aligns with team rules.
- dbt impact report — strategic for data work; phase as compile-only then expand.