feat: Add AI-powered issue triage and PR review bot#260
Open
sudsali wants to merge 17 commits intoawslabs:masterfrom
Open
feat: Add AI-powered issue triage and PR review bot#260sudsali wants to merge 17 commits intoawslabs:masterfrom
sudsali wants to merge 17 commits intoawslabs:masterfrom
Conversation
SamPom100
reviewed
Apr 21, 2026
… retries, smoke tests
…render injection, pagination
…eduplicate API calls
…ials false, metadata footer, os.walk, retention 30d
…n, remove dead code
… boto3 from act job
…ontaining security strings
…tives on security code
… diffs Bedrock Guardrails scan all content (system prompt AND user message). PR diffs containing the bot's own security code (e.g. 'ignore previous instructions' in sanitizer.py) trigger guardrail false positives. Fix: add use_guardrail parameter to invoke(). PR reviews pass use_guardrail=False since diffs are code, not user-generated attacks. Issue/followup prompts still use the guardrail (default True). Reverts _split_prompt to the original simple <knowledge_base> split.
…pt to avoid guardrail false positives
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a GitHub Actions bot that automatically triages issues and reviews PRs using Amazon Bedrock. Runs on issue open/reopen, issue comments, and PR open/reopen/synchronize events.
Issue Handling
PR Review
REQUEST_CHANGESwhen findings existsynchronizetrigger)Architecture
Security
guardContentand run through guardrail.string.Template.safe_substituteinstead of.format()#Nreferences wrapped in backticks to prevent auto-linkingFiles
issue-bot.ymlmain.pyanalyze/act)config.pybedrock_client.pygithub_client.pyknowledge_base.pyslack_client.pysanitizer.pyprompts.pyschemas/*.jsontests/test_bot.pyRequired GitHub Secrets
AWS_ROLE_ARN,KB_S3_BUCKET,KB_S3_KEY,BEDROCK_MODEL_ID,BEDROCK_API_VERSION,SLACK_WEBHOOK_URL,ISSUE_CLASSIFY_PROMPT,ISSUE_RESPOND_PROMPT,PR_FILE_REVIEW_PROMPT,FOLLOWUP_PROMPT,GUARDRAIL_IDTesting
Supports
workflow_dispatchwithdry_run: true. Tested on the fork against bug reports, usage questions, feature requests, follow-ups, dissatisfaction escalation, prompt injection, duplicate runs, PR inline reviews, and re-reviews on new commits.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.