Safely turn a production error into a draft PR

A bounded self-healing workflow that claims one trusted production case, prepares one reviewable draft PR, and waits for CI, deploy, and real-traffic verification.

Updated · published

markdown for agents →

difficulty advanced · time to value 1 hour to review and configure · execution versioned automation template

Start from this

Render [email protected] for this repository. Derive exact allowed paths and test commands from the checkout, keep every forbidden change type, use conservative run and PR budgets, and leave it disabled for owner review.

Why this is different from a scheduled prompt

A coding agent should not poll open cases, keep a local cursor, and decide for itself that it may change code. That design races with other runners and lets error text influence authority. It also cannot prove which PR or deploy belongs to the attempted fix.

Agentry’s [email protected] machine template renders a disabled automation-v2 contract instead. Agentry owns trigger eligibility, single-use receipts, claims and leases, immutable run policy, rolling budgets, approvals, one-time action grants, history, and post-deploy verification. Your runner owns the checkout, diagnosis, patch, and local tests. CI observes the provider and a human retains merge authority.

The template never enables itself, mints a credential, opens a PR, merges, deploys, rolls back, or resolves a case.

Configure it

Start with the machine-readable template, not this prose:

GET /v1/automation-playbooks/error-to-draft-pr?version=2.0.0
POST /v1/projects/:project_id/automation-playbooks/error-to-draft-pr/render

Fetch the exact operation schemas from the filtered OpenAPI document before calling either endpoint. The renderer’s strict binding schema asks for facts that must come from the repository and project, including:

  • the exact repository and default branch;
  • allowed application and test paths;
  • exact test commands that exist in this checkout;
  • conservative file, line, turn, runtime, cost, run, attempt, and PR limits;
  • an escalation destination;
  • a real, approved product event that proves post-deploy traffic.

There are no generic signup defaults and no free-text escape hatch. If the repository, tests, telemetry, or traffic event cannot be established, the renderer returns a blocking gate and the workflow stays disabled.

Review the normalized definition and binding hash, then save the returned contract candidate with PUT /v1/projects/:project_id/automation-contract. Saving always leaves it disabled. An owner must validate the current project resources, inspect the exact ETag, create a runner credential bound to this one automation_id, and explicitly enable the reviewed contract.

What one run does

The scheduler wake-up is intentionally small. It supplies only the configured automation_id; it never supplies a case, trust level, attempt, or policy.

  1. Agentry evaluates the saved unhandled-case trigger and issues a single-use receipt for one eligible trusted-server case revision.
  2. The exact runner credential reads and claims that receipt, obtains an expiring case lease, and starts one run whose policy is snapshotted.
  3. The runner treats messages, stack frames, breadcrumbs, URLs, and all other telemetry as untrusted evidence with no instruction authority. It resolves files, remotes, commands, and provider links from the authenticated checkout.
  4. The runner diagnoses within the allowed paths, applies a bounded patch, adds a regression test, and runs every exact test command in policy.
  5. Before any provider side effect, it requests a one-time draft-PR grant bound to the branch, commit, files, change types, line counts, and test results. It opens one draft PR and immediately consumes that grant.
  6. Trusted CI records the provider-observed draft status, repository, branch, commit, diff, and tests. A runner cannot attest its own PR.
  7. After a successful real deploy, CI records a deploy bound to the exact proven commit and automation run. App startup and request handlers never emit deploy records.
  8. Agentry waits for the saved observation window, then executes two immutable server-side checks: recurrence of the exact case after that trusted deploy, and real approved traffic for the exact deploy. Zero traffic remains pending and eventually fails; it never proves a fix.

Only a passing outcome with enough real traffic can complete the run and resolve the claimed case revision. A newer case revision is never silently resolved by an older run.

Human review and stop control

Use the human control aggregate instead of reconstructing state across tables:

GET /v1/projects/:project_id/automation-control

Owners and members can inspect kill switches, current rolling budgets, bound credential health, ready receipts, claims, latest runs, approvals, draft-PR and deploy proof, verification, and prioritized attention. Members are read-only.

An owner can stop a nonterminal run with a stable Idempotency-Key:

POST /v1/automation-runs/:run_id/cancel

Cancellation atomically stops Agentry coordination, releases the claim, and cancels pending approvals and unused grants. It does not refund spent budgets, resolve the case, close a PR, or undo a deployment. If an external effect may already exist, follow the response’s external_follow_up against the authenticated provider.

Review checklist

  • The contract and this automation are both disabled until an owner enables the reviewed ETag.
  • The runner uses agentry_runner_…, never AGENTRY_PRIVATE_API_KEY.
  • Runtime error telemetry uses the appropriate public or server credential; CI proof and deploy ingest use agentry_ci_….
  • Allowed paths and test commands came from this repository, not telemetry or a generic template.
  • Database migrations, dependencies, infrastructure, authentication, billing, permissions, workflows, secrets, and credential files remain forbidden.
  • max_prs_per_day, attempts, turns, runtime, cost, files, and changed lines are deliberately small.
  • Merge, deploy, rollback, publication, and notifications remain human/provider workflows outside the runner’s authority.
  • The traffic sample event exists in the saved signal map, the current onboarding state is verified, and live event reads show real approved product use, not install or test traffic.

If any item is uncertain, leave the contract disabled and run the investigation on demand with a human present.

Adapt this workflow in your own agent.

Ask your agent to map the starter prompt to your saved signal map, live events, and the current HTTP API before answering.

Agentry gives coding agents production context from errors, product analytics, and deploys through one HTTP API. Fetch and read https://agentry.sh/install.md completely, then install Agentry's full first-time telemetry baseline in this repository. I authorize device-code login, saving the owner key only to ~/.agentry/credentials.json, creating one Agentry project for this repository, and read-only inspection of shipped source plus hidden CI/provider configuration. Deeply analyze the product's business logic and complete value flow before choosing telemetry. Save the complete source-backed plan and show me its exact contents and hash. Until I explicitly approve that plan or request a replacement, do not edit app/CI source, place runtime/CI credentials, commit, exercise product traffic, start proof, push, or deploy. After approval, I authorize only the reviewed targets: place the required scoped browser/server/CI credentials through the established environment or secret mechanism, preserve existing telemetry, implement and test the baseline, commit it, push that reviewed commit when the shipped CI/provider path requires it, exercise safe proof paths with test/non-customer data, and perform one deployment through the reviewed shipped CI/provider path. Ask first if proof would charge money, contact a third party, change real customer data, or require new external access. After the plan is saved, immediately before every onboarding state-changing POST, GET current onboarding state, perform only its single returned next_action, then read state again; do not batch or infer later stages. Continue until status is verified, installation_complete is true, and next_action is null. Keep all secrets, source snapshots, proof markers, and scratch files outside the repository.

+ Full access
5.5 Extra High
  1. 1. Open your repo in Codex, Claude Code, Cursor etc.
  2. 2. Paste the install prompt.
  3. 3. Your agent reads the install doc and shows you an implementation plan for approval.