ci: add 6 new workflows, Blacksmith runners, and CI speed optimizations#9
Merged
ci: add 6 new workflows, Blacksmith runners, and CI speed optimizations#9
Conversation
… cleanup, and re-draft workflows
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
🔴 Bundle Size Analysis
|
🔴 Bundle Size Analysis
|
devin-ai-integration
bot
changed the title
devin-ai-integration
bot
changed the title
🔴 Bundle Size Analysis
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
3 issues found across 9 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/cache-clean.yml">
<violation number="1" location=".github/workflows/cache-clean.yml:9">
P2: Cache deletion requires `actions: write` on the `GITHUB_TOKEN`. Without an explicit permissions block, `gh actions-cache delete` will fail on the default read-only token and the cleanup job won’t actually remove caches. Add job permissions for `actions: write` (and `contents: read` for checkout).</violation>
</file>
<file name=".github/workflows/security-audit.yml">
<violation number="1" location=".github/workflows/security-audit.yml:34">
P2: This step never fails and also calls the wrong audit command/flags. Bun’s audit is `bun audit --prod --audit-level=critical`; `bunx audit ... || true` bypasses failures and likely runs an unrelated package, so vulnerabilities won’t block CI as intended.</violation>
</file>
<file name=".github/workflows/ci.yml">
<violation number="1" location=".github/workflows/ci.yml:73">
P2: The Expo web cache key omits `utils/**`, so updates to shared utilities won’t invalidate the cache and can skip rebuilding `dist`, leaving stale artifacts. Include `utils/**` (and other shared root inputs) in the hashFiles list.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
volnei
approved these changes
Feb 18, 2026
devin-ai-integration bot
pushed a commit
that referenced
this pull request
Mar 13, 2026
…ng URLs - Add 'Managing Event Types' system prompt section with create/update/delete/list guidance, slug generation, common requests, and advanced settings redirect - Relax critical rule #9 to guard booking flows only, not explicit user requests - Add minimumBookingNotice, beforeEventBuffer, afterEventBuffer, slotInterval, scheduleId to create_event_type and update_event_type tool schemas + types - Update create/update/delete tool descriptions for clarity - Include bookingUrl in list_event_types response using linked user's username
14 tasks
dhairyashiil
added a commit
that referenced
this pull request
Mar 14, 2026
… event types, reschedule & more (#41) * feat: agentic cancel booking flow — enriched responses, recurring support, guided prompt * feat: agentic confirm/decline flow — enriched responses, guided prompt, batch support * update code * fix: error handling & API robustness — CalcomApiError classifier, friendly messages, schema fixes Part A: Fix misleading error messages - A1: Add isCalcomApiError classifier + friendlyCalcomError helper with status-specific messages - A2: Add isSlackAuthError guard to /cal slash command and retry_response handlers - A3: Soften Slack auth error message (less alarming, directs to admin) - A4: Sanitize confirm_booking error (don't expose raw API errors) - A5: Fix App Home catch-all to only suggest reconnecting on 401/403 Part B: Fix API schema mismatches - B1: Fix getAvailableSlots to use cal-api-version 2024-09-04 - B2: Rename responses → bookingFieldsResponses (matches OpenAPI spec) - B3: Add rescheduledBy param to rescheduleBooking for auto-confirm - B4: Add bookingUidToReschedule to GetSlotsParams for reschedule flow - B5: Remove phantom notes field from CreateBookingInput types Part C: Structural improvements - C1: Add CalcomApiError awareness to all getCustomErrorMessage callbacks - C2: Centralized friendlyCalcomError helper in bot.ts * update * feat: booking search enhancement — attendee/date filtering, sorting, past meeting lookup - Expand GetBookingsParams with attendeeEmail, attendeeName, afterStart, beforeEnd, sortStart - Pass new params through in getBookings() query string - Add all new params to list_bookings tool Zod schema - Update list_bookings description to mention attendee and date range filtering - Add FINDING PAST MEETINGS WITH SOMEONE section to system prompt * update - pass hosts * feat: 'Am I Free?' flow — availability prompt section, check_busy_times steering, critical rule - Add 'Checking Your Availability / Am I Free?' system prompt section with 3-step flow (determine time range, fetch bookings, answer question) and edge cases - Update check_busy_times description to note credential limitations and steer toward list_bookings - Add rule 10 to CRITICAL RULES: use list_bookings for availability checks * feat: profile management flow — system prompt guidance, Redis cache sync, tool descriptions - Add 'Profile Management' system prompt section with viewing/updating guidance, timezone abbreviation resolution, email verification warning, and fast-path - Sync email/timezone changes back to Redis via linkUser() after update_profile to prevent stale cache in system prompt and timezone conversions - Add linkUser import from user-linking - Update get_my_profile description to steer toward cached data for basic info - Update update_profile description to require confirmation and IANA timezones * feat: event type CRUD flow — prompt guidance, expanded schemas, booking URLs - Add 'Managing Event Types' system prompt section with create/update/delete/list guidance, slug generation, common requests, and advanced settings redirect - Relax critical rule #9 to guard booking flows only, not explicit user requests - Add minimumBookingNotice, beforeEventBuffer, afterEventBuffer, slotInterval, scheduleId to create_event_type and update_event_type tool schemas + types - Update create/update/delete tool descriptions for clarity - Include bookingUrl in list_event_types response using linked user's username * feat: no-show and unlink flows — mark_no_show body fix, expanded schema, prompt guidance * feat: agentic reschedule flow — prompt guidance, slot exclusion, rescheduledBy, recurring detection * feat: promote event type CRUD tools to CORE_TOOL_NAMES, remove stale ADMIN_KEYWORDS * refactor: eliminate keyword-based tool gating — always expose all tools * feat: add fetchWithRetry with exponential backoff and timeouts to all Cal.com API calls * feat: schedule availability tools — expose availability/overrides, enrich descriptions, add prompt section * feat: include bookingFields in list_event_types response to fix own-calendar booking with custom fields * feat: add skip param and hasMore pagination flag to list_bookings tool * feat: enrich tool descriptions for get_booking, confirm/decline, and schedule tools * feat: actionable error messages — overhaul friendlyCalcomError, consolidate CalcomApiError handling via deps * refactor: extract duplicates and magic numbers across agent, bot, and user-linking * feat: add get_event_type tool + gate agentic features behind org plan (#42) * feat: add get_event_type tool for fetching single event type details * fix: align get_event_type tool description with actual response fields * feat: gate agentic features behind Cal.com Organizations plan * fix: address review comments — org sync on refresh, split link check, withSlackToken wrapper * fix: disable retries for mutating API calls, reorder error handlers, re-read linked user after refresh
emrysal
pushed a commit
that referenced
this pull request
Mar 14, 2026
…edis persistence (#32) * feat: smart @mention booking flow with multi-attendee support - Rewrite booking flow in system prompt to clarification-first logic with fast-path for fully-specified requests - Add guestEmails field to book_meeting tool for email-only additional attendees (Strategy A: guests array in initial POST) - Add add_booking_attendee tool for full attendee records with name + timezone after booking (Strategy B: POST /bookings/{uid}/attendees) - Add AddAttendeeInput type and addBookingAttendee() client function - Add guests field to CreateBookingInput type - Relax CRITICAL RULES to support multi-step booking flows and re-calling check_availability for alternative slots - Update check_availability description to allow re-calls - Bump MAX_STEPS from 10 to 15 for multi-attendee flows - Update Available Capabilities to list add_booking_attendee * fix * refactor: simplify agent booking flow with pre-resolution, tool filtering, and Redis persistence - Remove check_account_linked tool (bot.ts already checks before agent) - Pre-resolve Slack @mentions to name+email before calling agent - Inject linked user context (email/timezone/username) into system prompt - Rewrite system prompt with checklist-based single-decision booking - Persist tool results in Redis (keyed by threadId, 30min TTL) - Context-aware tool filtering: CORE (7 booking tools) vs EXTENDED (admin) - Add loop guard: force text if same tool called 3x with identical args - Reduce MAX_STEPS from 15 to 8 (agent needs 3-4 steps with optimizations) * update * update 2 * fix: booking flow — timezone-aware dates, tighter loop guard, ASAP handling, tool context reuse - Replace bare ISO timestamp with timezone-aware date in system prompt - Add explicit past-date comparison rule against user's timezone - Lower loop guard threshold from 3 to 2 identical calls - Reduce MAX_STEPS from 8 to 6 - Rewrite tool context injection: user role, deduplicate by tool name, inject at start of history - Add ASAP/urgency shortcut section to booking flow - Add duration mismatch detection rule - Strengthen tool usage rules (no same tool twice per step, must use returned data) - Add single event type auto-select logic * update the code * feat: add attendee calendar booking flow — list_event_types_by_username tool - Add getEventTypesByUsername() to calcom/client.ts (public API, no auth needed) - Add list_event_types_by_username tool to agent createCalTools - Add list_event_types_by_username to CORE_TOOL_NAMES - Add WHOSE CALENDAR TO USE section to system prompt booking flow * update code * update * fix: prevent false-positive Slack auth error + add custom booking field support Fix 1: Updated getCustomErrorMessage in all 3 handlers to return generic error when lastStreamErrorRef is set and caught error is Slack auth error. Fix 2a: Added responses?: Record<string, unknown> to CreateBookingInput and CreatePublicBookingInput types. Fix 2b: Added responses parameter to book_meeting and book_meeting_public tool schemas, passed through to API calls. Fix 2c: Included bookingFields in list_event_types_by_username response. Fix 2d: Added CUSTOM BOOKING FIELDS section to system prompt instructing agent to collect required custom field values and pass as responses. Fix 3: Hardened postAgentStream to re-throw generic error when Slack auth error is secondary to an agent stream failure. Also fixed duplicate rule #6 numbering in CRITICAL RULES. * fix: replace non-null assertions with nullish coalescing in check_availability_public * revert the prod url in manifest * fix: encrypt tool-context in Redis + pass metadata for webhook notification routing 1. Encrypt tool-context entries in Redis using existing encryptData/decryptData (PII protection for attendee names, emails, booking details). Legacy plaintext entries are handled gracefully by decryptData. 2. Added metadata?: Record<string, string> to CreatePublicBookingInput. 3. Added platform parameter to createCalTools, threaded from runAgentStream. 4. Both book_meeting and book_meeting_public now pass metadata with slack_team_id/slack_user_id or telegram_chat_id so Cal.com webhooks can route notifications back to the correct Slack/Telegram user. * feat: agentic flows, error handling, API robustness, search, profile, event types, reschedule & more (#41) * feat: agentic cancel booking flow — enriched responses, recurring support, guided prompt * feat: agentic confirm/decline flow — enriched responses, guided prompt, batch support * update code * fix: error handling & API robustness — CalcomApiError classifier, friendly messages, schema fixes Part A: Fix misleading error messages - A1: Add isCalcomApiError classifier + friendlyCalcomError helper with status-specific messages - A2: Add isSlackAuthError guard to /cal slash command and retry_response handlers - A3: Soften Slack auth error message (less alarming, directs to admin) - A4: Sanitize confirm_booking error (don't expose raw API errors) - A5: Fix App Home catch-all to only suggest reconnecting on 401/403 Part B: Fix API schema mismatches - B1: Fix getAvailableSlots to use cal-api-version 2024-09-04 - B2: Rename responses → bookingFieldsResponses (matches OpenAPI spec) - B3: Add rescheduledBy param to rescheduleBooking for auto-confirm - B4: Add bookingUidToReschedule to GetSlotsParams for reschedule flow - B5: Remove phantom notes field from CreateBookingInput types Part C: Structural improvements - C1: Add CalcomApiError awareness to all getCustomErrorMessage callbacks - C2: Centralized friendlyCalcomError helper in bot.ts * update * feat: booking search enhancement — attendee/date filtering, sorting, past meeting lookup - Expand GetBookingsParams with attendeeEmail, attendeeName, afterStart, beforeEnd, sortStart - Pass new params through in getBookings() query string - Add all new params to list_bookings tool Zod schema - Update list_bookings description to mention attendee and date range filtering - Add FINDING PAST MEETINGS WITH SOMEONE section to system prompt * update - pass hosts * feat: 'Am I Free?' flow — availability prompt section, check_busy_times steering, critical rule - Add 'Checking Your Availability / Am I Free?' system prompt section with 3-step flow (determine time range, fetch bookings, answer question) and edge cases - Update check_busy_times description to note credential limitations and steer toward list_bookings - Add rule 10 to CRITICAL RULES: use list_bookings for availability checks * feat: profile management flow — system prompt guidance, Redis cache sync, tool descriptions - Add 'Profile Management' system prompt section with viewing/updating guidance, timezone abbreviation resolution, email verification warning, and fast-path - Sync email/timezone changes back to Redis via linkUser() after update_profile to prevent stale cache in system prompt and timezone conversions - Add linkUser import from user-linking - Update get_my_profile description to steer toward cached data for basic info - Update update_profile description to require confirmation and IANA timezones * feat: event type CRUD flow — prompt guidance, expanded schemas, booking URLs - Add 'Managing Event Types' system prompt section with create/update/delete/list guidance, slug generation, common requests, and advanced settings redirect - Relax critical rule #9 to guard booking flows only, not explicit user requests - Add minimumBookingNotice, beforeEventBuffer, afterEventBuffer, slotInterval, scheduleId to create_event_type and update_event_type tool schemas + types - Update create/update/delete tool descriptions for clarity - Include bookingUrl in list_event_types response using linked user's username * feat: no-show and unlink flows — mark_no_show body fix, expanded schema, prompt guidance * feat: agentic reschedule flow — prompt guidance, slot exclusion, rescheduledBy, recurring detection * feat: promote event type CRUD tools to CORE_TOOL_NAMES, remove stale ADMIN_KEYWORDS * refactor: eliminate keyword-based tool gating — always expose all tools * feat: add fetchWithRetry with exponential backoff and timeouts to all Cal.com API calls * feat: schedule availability tools — expose availability/overrides, enrich descriptions, add prompt section * feat: include bookingFields in list_event_types response to fix own-calendar booking with custom fields * feat: add skip param and hasMore pagination flag to list_bookings tool * feat: enrich tool descriptions for get_booking, confirm/decline, and schedule tools * feat: actionable error messages — overhaul friendlyCalcomError, consolidate CalcomApiError handling via deps * refactor: extract duplicates and magic numbers across agent, bot, and user-linking * feat: add get_event_type tool + gate agentic features behind org plan (#42) * feat: add get_event_type tool for fetching single event type details * fix: align get_event_type tool description with actual response fields * feat: gate agentic features behind Cal.com Organizations plan * fix: address review comments — org sync on refresh, split link check, withSlackToken wrapper * fix: disable retries for mutating API calls, reorder error handlers, re-read linked user after refresh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ci: add 6 new CI workflows + speed optimizations to companion
Summary
Adds CI workflows ported/adapted from calcom/cal to improve companion's CI coverage. Currently companion only has lint, typecheck, and build jobs.
New workflows:
bun pm untrustedand attempts a vulnerability audit on PRs and pushes to main.output/size, uploads baseline on main. On PRs, only posts a comment if the bundle size increases by more than 5KB compared to main (silent when size is stable or decreasing)extension,mobile,config,ci,api) and propagates labels from linked issuesCI speed optimizations (applied to existing
ci.ymland new workflows):build,bundle-analysis) toblacksmith-4vcpu-ubuntu-2404and lighter jobs (lint,typecheck,security-audit,cache-clean) toblacksmith-2vcpu-ubuntu-2404for ~2x faster execution. Trivial GitHub API workflows (labeler,semantic-pull-requests,re-draft,on-changes-requested) remain onubuntu-latest.ci.yml,security-audit.yml, andbundle-analysis.yml— cancels in-progress runs when a new push arrives on the same PRdist/) and browser extension (.output/) in the build job — skips rebuilds when source files haven't changedsecurity-audit.yml(was already present inci.ymlviasetup-bun)Review & Testing Checklist for Human
calcom/caland not org-wide orcalcom/companionspecifically, every CI job on a Blacksmith runner will fail with a "no matching runner" error. Verify in the Blacksmith console before merging.bunx auditis not a real Bun command. Both steps end with|| trueso the job will never fail on vulnerabilities. Consider replacing withnpm audit --production --audit-level=criticalor removing|| truefrom the critical step — otherwise this workflow only provides false confidence.app/**,components/**,hooks/**, etc. but does not includeutils/**,global.css, or other root-level files that may affect the build. A change to an unlisted directory won't invalidate the cache, potentially passing CI with stale build output. Verify the globs cover all directories that influence the Expo and extension builds.bunx expo export --platform weboutputs todist/andbun run ext:buildoutputs to.output/. If either path is wrong, caching and bundle analysis will silently do nothing. Verify both paths.extension,mobile,config,ci, andapilabels exist in the companion repo's GitHub settings before merging.Suggested test plan: After merge, open a test PR that touches a file in
extension/and verify: (1) CI runs on Blacksmith runners without "no matching runner" errors, (2) the labeler applies theextensionlabel, (3) semantic PR title check runs, (4) bundle analysis runs but doesn't post a comment (unless size increases >5KB), (5) security audit job runs, (6) pushing again to the same PR cancels the previous in-progress CI run. For re-draft, have someone request changes on a PR and confirm it converts to draft. For build caching, push a second commit with no source changes and confirm the build step is skipped.Notes
ubuntu-latestand use the same pricing model as cal.com's CIactions/cache@v4with content-based keys (hashFiles()) to invalidate when source files changeLink to Devin run: https://app.devin.ai/sessions/292c913761564e91aab85809b8ff9c86
Requested by: @dhairyashiil