feat: Add auto-triage GitHub Action for issues and PRs

[marius-kilocode]

Summary

Adds a GitHub Action that automatically triages new issues and pull requests by analyzing their content and applying appropriate labels using the Kilo Code CLI.

How It Works

1. Triggers on new issues and PRs (excluding bot-created ones)
2. Uses Kilo Code CLI in autonomous mode to analyze the content
3. Applies relevant labels using gh issue edit or gh pr edit

Security Measures

• Command Allowlist: Only gh issue edit and gh pr edit are permitted
• Command Denylist: Blocks dangerous commands (rm, sudo, curl, wget, bash, etc.)
• Input Sanitization: Shell metacharacters stripped from issue/PR body
• Minimal Permissions: Only issues: write and pull-requests: write
• Bot Skip: Ignores bot-created issues/PRs to prevent loops

Available Labels

The agent can apply labels from these categories:

• Component: CLI, backend, frontend, jetbrains, MCP, checkpoints, teams, autocomplete, codebase indexing, native-tool-calls
• Type: documentation, proposal, good first issue, help wanted, blocking
• Platform: windows, marketplace
• Provider: kilocode-api-provider, openrouter, local-llm, grok, new-provider
• Accessibility: a11y

Setup Required

Add KILOCODE_TOKEN secret to the repository:

• Settings → Secrets and variables → Actions → New repository secret

Testing

Tested locally with dummy issue data:

node cli/dist/index.js --auto "Triage this GitHub issue: ..."

The CLI correctly identified and applied labels (CLI, windows, MCP) for a test issue about "CLI crashes on Windows when using MCP servers".

[changeset-bot]

⚠️ No Changeset found

Latest commit: b86b558

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Overview

This PR adds a new GitHub Actions workflow for automatic triage of issues and pull requests. The workflow:

1. Triggers on newly opened issues and PRs
2. Skips bot-created items to avoid loops
3. Uses the Kilo Code CLI with Claude Haiku to analyze content and apply appropriate labels
4. Implements security controls via allowed/denied command lists

Security Considerations

The workflow has good security practices:

• ✅ Explicit allow-list for commands (gh issue edit, gh pr edit)
• ✅ Comprehensive deny-list blocking dangerous commands
• ✅ Input sanitization removing shell metacharacters
• ✅ Prompt injection defense with explicit instruction to ignore body instructions
• ✅ Bot-created items are skipped to prevent loops

Files Reviewed (1 file)

• .github/workflows/auto-triage.yml - New auto-triage workflow