feat: improve Slack notification formatting + read issue comments

[Gkrumbach07]

Summary

Improve Slack notification formatting across the Amber issue handler workflow:

• Use jq -nc for JSON-safe payload construction in all Slack notification templates (prevents JSON injection from issue/PR titles containing quotes or newlines)
• Include issue/PR title in all notification messages for better context
• Add title resolution via gh issue/pr view before sending notifications
• Use heredoc/delimiter syntax for GITHUB_OUTPUT to safely handle multiline or special-character titles

Test plan

• Verify YAML syntax is valid (check-yaml pre-commit hook)
• Confirm all Slack notification templates use the jq -nc pattern consistently
• Confirm PR title is included in all notification payloads
• Test that titles with special characters (quotes, newlines) don't break notifications
• Verify GITHUB_OUTPUT handles multiline titles correctly

---

🤖 Ambient Session

Summary by CodeRabbit

• Chores
  • Improved workflow notifications to Slack: messages now include issue/PR titles, richer link formatting, and clearer, emoji-prefixed sections.
  • Notification payloads are built dynamically and include additional context (including title) and session/PR links where applicable.
  • Workflow steps now pass expanded environment/context information to downstream actions for more informative alerts.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d5d8017b-a86f-49ac-be04-c86d97fa3b36

📥 Commits

Reviewing files that changed from the base of the PR and between d1267bb and 8338b7e.

📒 Files selected for processing (1)

• .github/workflows/amber-issue-handler.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/amber-issue-handler.yml

---

📝 Walkthrough

Walkthrough

Workflow now sends Slack notifications before AskUserQuestion, dynamically builds mrkdwn Slack payloads by fetching issue/PR titles via gh and assembling JSON with jq (including a “PR created” message), exposes title as step outputs, and adds GITHUB_TOKEN to ambient-action envs.

Changes

Cohort / File(s)	Summary
Workflow Configuration .github/workflows/amber-issue-handler.yml	Reordered to send Slack notifications before AskUserQuestion. Replaced static curl payloads with dynamic construction: fetch title via gh ... --json title, assemble mrkdwn JSON with jq -nc (emoji-prefixed sections, `<URL

Sequence Diagram(s)

sequenceDiagram
  participant Workflow
  participant GH_CLI as "GitHub CLI"
  participant Payload as "jq (payload builder)"
  participant Slack as "Slack Webhook"
  participant Agent as "Agent / AskUserQuestion"

  Workflow->>GH_CLI: gh pr/issue view --json title
  GH_CLI-->>Workflow: title JSON
  Workflow->>Payload: build Slack JSON (jq -nc, mrkdwn links, emojis, session link)
  Payload-->>Workflow: assembled payload
  Workflow->>Slack: POST notification (send BEFORE AskUserQuestion)
  Slack-->>Workflow: 200 OK
  Workflow->>Agent: AskUserQuestion
  Note right of Workflow: on PR creation
  Workflow->>Payload: build "PR created" payload (PR link + session link)
  Payload-->>Workflow: PR payload
  Workflow->>Slack: POST "PR created" notification
  Slack-->>Workflow: 200 OK

Loading

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title follows Conventional Commits format (feat: scope) and accurately reflects the main changes: Slack notification formatting improvements and title inclusion in messages.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Performance And Algorithmic Complexity	✅ Passed	PR avoids N+1 patterns by fetching titles upfront in batch queries and executing API calls only in discrete workflow steps, not loops.
Security And Secret Handling	✅ Passed	PR demonstrates strong security practices with no hardcoded credentials, secure JSON construction patterns, list-based subprocess calls, proper Bearer token authentication, and no sensitive data leaks in logs.
Kubernetes Resource Safety	✅ Passed	PR modifies only .github/workflows/amber-issue-handler.yml, a GitHub Actions workflow file, with no changes to Kubernetes resources in ./components/manifests/ or other K8s directories.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/slack-on-pr-create

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch feat/slack-on-pr-create

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/amber-issue-handler.yml (1)

85-86: gh issue view --comments is required, but session auth/context is not guaranteed.

These new instructions make gh mandatory, but the ambient session env in this workflow doesn’t currently pass GH_TOKEN. If gh isn’t pre-authenticated in the agent runtime, this step will fail and block the intended behavior.

Suggested hardening

       environment-variables: >-
-        {"SLACK_WEBHOOK_URL": "${{ secrets.SLACK_WEBHOOK_URL }}", "PLATFORM_HOST": "${{ secrets.PLATFORM_HOST }}"}
+        {"SLACK_WEBHOOK_URL": "${{ secrets.SLACK_WEBHOOK_URL }}", "PLATFORM_HOST": "${{ secrets.PLATFORM_HOST }}", "GH_TOKEN": "${{ secrets.GITHUB_TOKEN }}"}

Apply similarly to both issue-fix ambient-action steps.

Also applies to: 281-282

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/amber-issue-handler.yml around lines 85 - 86, The workflow
requires running the CLI command `gh issue view --comments` but does not
guarantee `gh` is authenticated; update the two "issue-fix ambient-action" steps
that call `gh issue view --comments` to ensure authentication by either 1)
adding a preceding auth/setup step (e.g., use an `actions/setup-gh` or run `gh
auth login --with-token` with a provided secret), or 2) conditionally checking
`gh auth status` and falling back to using the REST API with
`GITHUB_TOKEN`/`secrets.GH_TOKEN`; ensure the `GH_TOKEN` (or `GITHUB_TOKEN`)
secret is passed into the job environment and referenced when authenticating so
the `gh` invocation cannot fail due to missing session auth.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/amber-issue-handler.yml:
- Around line 291-292: The Slack notification payloads only include the issue/PR
number (steps.context.outputs.number) and omit the title; update the message
templates that build the --data JSON (the lines using steps.context.outputs.url
and steps.context.outputs.number) to also interpolate the issue/PR title from
steps.context.outputs.title (or the equivalent output produced by the context
step) into the message text (e.g., "❓ *Question about <${{
steps.context.outputs.url }}|#${{ steps.context.outputs.number }} - ${{
steps.context.outputs.title }}>*"), and apply the same change to the other
similar templates referenced (the PR/comment question and PR notification
templates) so every Slack payload includes both number and title. Ensure proper
escaping/quoting in the JSON string when inserting the title.
- Around line 95-96: The Slack payload embeds ${{ steps.issue.outputs.title }}
directly into a JSON string which breaks when titles contain quotes or newlines;
update both occurrences of the JSON --data payload (the "text":"❓ *Question
about <https://github.com/${{ github.repository }}/issues/${{
steps.issue.outputs.number }}|#${{ steps.issue.outputs.number }} — ${{
steps.issue.outputs.title }}>*..." string) to properly JSON-escape the title
(and any other interpolated values) before sending—e.g., construct the payload
using jq or another JSON-safe method so the title is escaped and then post to
"$SLACK_WEBHOOK_URL"; apply the same change to the second similar payload later
in the file.

---

Nitpick comments:
In @.github/workflows/amber-issue-handler.yml:
- Around line 85-86: The workflow requires running the CLI command `gh issue
view --comments` but does not guarantee `gh` is authenticated; update the two
"issue-fix ambient-action" steps that call `gh issue view --comments` to ensure
authentication by either 1) adding a preceding auth/setup step (e.g., use an
`actions/setup-gh` or run `gh auth login --with-token` with a provided secret),
or 2) conditionally checking `gh auth status` and falling back to using the REST
API with `GITHUB_TOKEN`/`secrets.GH_TOKEN`; ensure the `GH_TOKEN` (or
`GITHUB_TOKEN`) secret is passed into the job environment and referenced when
authenticating so the `gh` invocation cannot fail due to missing session auth.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f119ef0a-2bb5-495d-959f-309ecddc9c49

📥 Commits

Reviewing files that changed from the base of the PR and between 1d94340 and 28b8163.

📒 Files selected for processing (1)

• .github/workflows/amber-issue-handler.yml

[Gkrumbach07]

@ambient-code

[ambient-code]

I've resolved the merge conflicts and fixed the security issues identified by CodeRabbit:

Fixed Issues

1. Merge conflicts: Resolved conflicts between PR changes and main branch updates
2. JSON injection vulnerability: Updated all Slack notification examples to use jq for proper JSON escaping of titles and other dynamic values
3. Missing authentication: Added GITHUB_TOKEN to environment-variables so the gh issue view --comments command can authenticate
4. Missing titles: Added title capture to the context resolution step and included titles in all Slack notifications

Changes Ready

All fixes are committed locally:

• Commit: 187291f4 - "Merge main and fix security issues"
• Branch: feat/slack-on-pr-create

Permission Issue

⚠️ Cannot push: The GitHub App token lacks workflows permission to modify .github/workflows/amber-issue-handler.yml. The changes are ready but require either:

1. Manual push by a user with appropriate permissions
2. Granting workflows permission to the ambient-code bot
3. Alternative push method

The local repository is at /workspace/repos/platform with all changes committed and ready to push.

🤖 Session

[ambient-code]

✅ Changes pushed successfully

Commit 187291f4 has been pushed to feat/slack-on-pr-create. All issues have been resolved:

• ✅ Merge conflicts resolved
• ✅ JSON injection vulnerability fixed (using jq for safe escaping)
• ✅ GITHUB_TOKEN added to environment variables
• ✅ PR/issue titles included in all Slack notifications

CI is now running. Waiting for checks to complete.

🤖 Session

[ambient-code]

✅ PR Maintenance Complete

All issues have been resolved and CI is green:

Fixed Issues

• ✅ Merge conflicts: Resolved conflicts with main branch
• ✅ JSON injection vulnerability: Updated all Slack notification examples to use jq for safe JSON escaping
• ✅ Missing authentication: Added GITHUB_TOKEN to environment variables for gh CLI
• ✅ Missing titles: Added title capture and included in all notifications

CI Status

• ✅ All 14 checks passed
• ✅ CodeQL: 4/4 analyses passed
• ✅ End-to-End Tests: passed (8m2s)
• ✅ All other checks: passed

PR State

• ✅ No merge conflicts (mergeable)
• ✅ Label: ambient-code:managed
• ✅ Retry count: 1
• ✅ Ready for human review

Next Steps: This PR is ready for final human review and merge.

🤖 Session

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/amber-issue-handler.yml (1)

700-706: ⚠️ Potential issue | 🟠 Major

Batch need-help notifications still use the old payload template.

This is now the last path still posting raw --data '{"text":...}' and only PR #{number}. That misses the title requirement for scheduled PR fixes, and the free-form "what you tried" text can still break JSON here. The loop already has pr["title"] on Lines 636-639, so this prompt should use the same jq -nc pattern as the other Slack templates.

Suggested shape

           for pr in prs:
               number = pr["number"]
               body = pr.get("body", "")
+              title = pr.get("title", "")
               fm = parse_frontmatter(body)
...
-          curl -X POST -H 'Content-type: application/json' \\
-            --data '{{"text":"🚨 *Need help with <https://github.com/{REPO}/pull/{number}|PR #{number}>*\\n<reason — what you tried and why you are stuck>\\n\\n<'"$PLATFORM_HOST/projects/$AGENTIC_SESSION_NAMESPACE/sessions/$AGENTIC_SESSION_NAME"'|View Session>"}}' \\
-            "$SLACK_WEBHOOK_URL"
+          PAYLOAD=$(jq -nc --arg text "🚨 *Need help with <https://github.com/{REPO}/pull/{number}|PR #{number} — {title}>*
+          <reason — what you tried and why you're stuck>
+
+          <$PLATFORM_HOST/projects/$AGENTIC_SESSION_NAMESPACE/sessions/$AGENTIC_SESSION_NAME|View Session>" '{{text: $text}}')
+          curl -X POST -H 'Content-type: application/json' --data "$PAYLOAD" "$SLACK_WEBHOOK_URL"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/amber-issue-handler.yml around lines 700 - 706, The batch
Slack notification is still using a raw --data JSON string that omits
pr["title"] and can break on unescaped free-form text; replace the curl --data
'{{"text":"..."} }' usage in the notification block with the same safe jq -nc
payload construction used earlier (the pattern that references pr["title"] at
lines ~636-639) so the message includes PR title and uses jq -R/--arg to safely
embed pr["title"], pr["number"], the user's free-form reason, and the session
link variables (PLATFORM_HOST/AGENTIC_SESSION_NAMESPACE/AGENTIC_SESSION_NAME)
before piping to curl "$SLACK_WEBHOOK_URL".

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/amber-issue-handler.yml:
- Around line 131-132: Remove the full write-scoped GITHUB_TOKEN from the
session environment injection: stop passing "GITHUB_TOKEN" via the
environment-variables payload and instead either fetch required GitHub data on
the runner before starting the model sessions (using the job's token locally) or
supply a separate read-only token scoped to the minimal "issues/PR read" scopes;
update the environment-variables entries (the "environment-variables" key and
its JSON) to exclude "GITHUB_TOKEN" and apply the same change to the other
occurrences mentioned (lines corresponding to the other environment-variables
blocks).

---

Duplicate comments:
In @.github/workflows/amber-issue-handler.yml:
- Around line 700-706: The batch Slack notification is still using a raw --data
JSON string that omits pr["title"] and can break on unescaped free-form text;
replace the curl --data '{{"text":"..."} }' usage in the notification block with
the same safe jq -nc payload construction used earlier (the pattern that
references pr["title"] at lines ~636-639) so the message includes PR title and
uses jq -R/--arg to safely embed pr["title"], pr["number"], the user's free-form
reason, and the session link variables
(PLATFORM_HOST/AGENTIC_SESSION_NAMESPACE/AGENTIC_SESSION_NAME) before piping to
curl "$SLACK_WEBHOOK_URL".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0d14b83b-2d22-4368-9b91-0a0a6808604e

📥 Commits

Reviewing files that changed from the base of the PR and between 28b8163 and 187291f.

📒 Files selected for processing (1)

• .github/workflows/amber-issue-handler.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don't give the session the write-scoped workflow token.

These env vars inject the job's GITHUB_TOKEN into model sessions; in the fix/issue flows, those same sessions are explicitly told to consume untrusted issue/PR text first. That makes prompt injection materially worse, even though the new gh issue/pr view ... / gh issue view --comments behavior only needs reads. Prefer fetching the needed GitHub data on the runner, or pass a separate read-only token scoped just to those reads.

As per coding guidelines, "Verify secrets are not exposed and permissions are scoped."

Also applies to: 352-353, 377-378

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/amber-issue-handler.yml around lines 131 - 132, Remove the
full write-scoped GITHUB_TOKEN from the session environment injection: stop
passing "GITHUB_TOKEN" via the environment-variables payload and instead either
fetch required GitHub data on the runner before starting the model sessions
(using the job's token locally) or supply a separate read-only token scoped to
the minimal "issues/PR read" scopes; update the environment-variables entries
(the "environment-variables" key and its JSON) to exclude "GITHUB_TOKEN" and
apply the same change to the other occurrences mentioned (lines corresponding to
the other environment-variables blocks).

[ambient-code]

Addressing CodeRabbit Review Comments

Batch Slack notification (lines 700-706) — Fixed ✅

Commit d1267bb updates the batch notification template to use jq -nc for JSON-safe payload construction and includes the PR title, matching all other notification templates.

GITHUB_TOKEN in environment-variables (lines 131-132, 352-353, 377-378) — Acknowledged, kept as-is

The GITHUB_TOKEN in environment-variables is required for sessions to use the gh CLI for GitHub API operations (gh issue view --comments, gh pr create, gh pr view, etc.). The ambient-action does not independently provide a GitHub token to session pods — git push credentials come from the platform's repo configuration, but gh CLI API calls need the token explicitly.

The token is the workflow's automatic GITHUB_TOKEN, already scoped by the workflow-level permissions: block (contents: read, issues: write, pull-requests: write, checks: write) — it is not a full-access PAT. This is a reasonable tradeoff for the current architecture. A future improvement could introduce a separate read-only token for sessions that only need to read issue/PR data.

GH_TOKEN for session auth (nitpick, lines 85-86) — Already covered

The sessions receive GITHUB_TOKEN via environment-variables, which the gh CLI automatically uses for authentication. No additional GH_TOKEN injection is needed.

🤖 Session

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/amber-issue-handler.yml (1)

72-72: 🛠️ Refactor suggestion | 🟠 Major

Pin action to full commit SHA.

ambient-code/ambient-action@v0.0.5 uses a tag. Per coding guidelines, pin to the commit SHA for reproducibility and supply-chain security:

-        uses: ambient-code/ambient-action@v0.0.5
+        uses: ambient-code/ambient-action@<full-40-char-sha>

Also applies to lines 232, 292, and 361.

As per coding guidelines: "Pin action versions to SHA."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/amber-issue-handler.yml at line 72, Replace the tagged
action reference uses: ambient-code/ambient-action@v0.0.5 with the action pinned
to its full commit SHA; search for all occurrences of the string "uses:
ambient-code/ambient-action@v0.0.5" (there are multiple instances) and update
each to use the corresponding full commit SHA (e.g.,
ambient-code/ambient-action@<commit-sha>) to ensure reproducible, secure
workflow runs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/amber-issue-handler.yml:
- Around line 196-197: The current raw echo into $GITHUB_OUTPUT for the TITLE
variable can break when the PR title contains newlines or percent signs; change
the write to use the GitHub Actions multiline delimiter syntax instead: replace
the echo "title=$TITLE" >> $GITHUB_OUTPUT with the heredoc-style pattern (echo
"title<<EOF" >> $GITHUB_OUTPUT; echo "$TITLE" >> $GITHUB_OUTPUT; echo "EOF" >>
$GITHUB_OUTPUT) so the full value (including newlines and special chars) is
preserved; apply the same fix to the other echo lines that write to
$GITHUB_OUTPUT (the other occurrences that currently use echo to write
variables) so all outputs use the delimiter syntax.

---

Outside diff comments:
In @.github/workflows/amber-issue-handler.yml:
- Line 72: Replace the tagged action reference uses:
ambient-code/ambient-action@v0.0.5 with the action pinned to its full commit
SHA; search for all occurrences of the string "uses:
ambient-code/ambient-action@v0.0.5" (there are multiple instances) and update
each to use the corresponding full commit SHA (e.g.,
ambient-code/ambient-action@<commit-sha>) to ensure reproducible, secure
workflow runs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d9c3b9a3-9168-49a6-9f75-871778a27ff9

📥 Commits

Reviewing files that changed from the base of the PR and between 187291f and d1267bb.

📒 Files selected for processing (1)

• .github/workflows/amber-issue-handler.yml

[ambient-code]

GITHUB_OUTPUT title safety — Fixed ✅

Commit 8338b7e switches all three title output locations (lines 53, 197, 211) to use the GitHub Actions heredoc/delimiter syntax, preventing corruption from titles with newlines or percent characters.

E2E test failure — Pre-existing flaky test

The sessions.cy.ts failure ("should interact with settings tab Runner API Keys and env vars") is a DOM detachment race condition (cy.type() fails because the page re-rendered). This same test also failed on main (run for commit 1f254b2). This PR only modifies .github/workflows/amber-issue-handler.yml and cannot affect E2E tests.

🤖 Session