intruders-triage

star 0

Triage open Intruders issues in the liferay-headless/liferay-portal repository.

liferay-headless By liferay-headless schedule Updated 5/13/2026
play_arrow Run Skill in Manus View GitHub

description: Triage open Intruders issues in the liferay-headless/liferay-portal repository. name: intruders-triage

Intruders Triage

The Intruders bot opens an issue whenever someone outside the Headless team modifies code under our components. Each issue lists commits grouped by directory. This skill assesses every commit, posts a per-issue verdict, closes tickets whose commits are all low risk, and aggregates the high-risk findings into a fresh executive summary issue.

Preconditions

Before doing anything else, verify that the current working directory itself is the root of a liferay-portal clone by checking that its origin remote URL ends with /liferay-portal. Do not walk up parent directories looking for a matching repository — only the current directory counts. Do not attempt the triage from an unrelated repository.

Once the clone is confirmed, switch the working copy to master and fast-forward it from the upstream remote so every short SHA referenced by the Intruders issues resolves locally — without that, the commit diffs cannot be inspected. If the working tree has uncommitted changes, abort and ask the user to stash or commit first; do not silently move their work.

Input

Open issues titled "Intruders 🦹‍♂️" in the liferay-headless/liferay-portal repository. Each issue body is grouped by directory; under each directory it lists one line per commit with the form <short-sha> <author-email> <LPD-key> <commit subject>. The commits are reachable in any local clone that tracks liferay/liferay-portal master.

Risk Assessment Rules

High

  • Potentially breaking changes — anything altering a published REST contract (path, verb, parameter shape, status codes, OpenAPI emission), an exposed manager interface, or error semantics that callers rely on.
  • Architectural changes — adding, removing, or relocating a service, listener, registry, or other top-level component.
  • Any logic change under modules/util/portal-tools-rest-builder, regardless of how mechanical it looks. This tool shapes every generated REST surface, so concurrency, caching, hashing, and ordering tweaks can subtly alter generated output across the entire codebase.
  • User-visible behavior changes whose intent has not been communicated to the team.

Medium

  • Strictly additive behavior changes. Mention these in the per-issue comment but do not block closing, because no existing client breaks.

Low

  • SF and source-formatter commits, including additions to source-formatter-suppressions.xml.
  • Regenerate and other autogenerated REST or persistence output.
  • Baseline commits (bnd baseline bumps).
  • Pure test additions or updates under *-rest-test, playwright/tests/*, and integration test migrations.
  • Playwright feature flag toggles, color or contrast CSS or JSP tweaks.
  • Mechanical search or boolean query API migrations (for example new BooleanQueryImpl() to new BooleanQuery()).
  • Pure extract refactors that preserve behavior on every realistic input.
  • Renames and inlines confined to private helpers.
  • Version bumps of any kind, including dependency version bumps inside the rest-builder or service-builder build.gradle. Version churn alone does not warrant escalation.

Expected Output

Executive Summary Issue

File one new issue titled Intruders 🦹‍♂️🤖 that holds the consolidated HIGH commits.

The body opens with a single top-level heading # High Risk Changes and then jumps straight into the first area section — no preamble paragraph. It does not reference the original Intruders ticket numbers; the only navigation links are the per-commit URLs. Below the title, group by area of code, with one section per directory (for example modules/apps/object/object-rest-impl, modules/util/portal-tools-rest-builder). Within each section, render a two-column table:

| Commits | Why It Matters |

  • The Commits cell groups every commit that addresses the same underlying concern (typically the same LPD key or the same architectural intent) and lists each abbreviated SHA as a Markdown link to https://github.com/liferay-headless/liferay-portal/commit/<sha>. Separate the SHA links with single spaces (no commas). Aim for one row per cluster, not one row per commit.
  • The Why It Matters cell is one sentence explaining the actual risk for the whole cluster — which contract is altered, which generator behavior shifts, which user-visible flow changes.

Per-Issue Comment and Closure

Every original Intruders issue receives exactly one comment, then is closed. The comment contains:

  • A link to the executive summary issue, written as Triage consolidated into #N.
  • A brief listing of what was dismissed as not risky in that issue, grouped by LPD key with a short label (mechanical refactor, regenerated output, tests, source format, version bumps, additive feature flag rollout, and so on). When every commit in the issue was elevated to the summary, state that explicitly so the reader knows nothing was hidden.

The detailed risk explanations live in the executive summary issue; the per-issue comment exists only to point there and account for the dismissed commits.

Install via CLI
npx skills add https://github.com/liferay-headless/liferay-headless --skill intruders-triage
Repository Details
star Stars 0
call_split Forks 4
navigation Branch main
article Path SKILL.md
More from Creator
liferay-headless
liferay-headless Explore all skills →