t4205: auto-sync deployed agents after merge/release

[marcusquinn]

Summary

• Trigger deployed-agent sync automatically after github-cli-helper.sh merge-pr succeeds for marcusquinn/aidevops.
• Trigger deployed-agent sync automatically at the end of version-manager.sh release to keep ~/.aidevops/agents/ aligned after releases.
• Preserve plugin namespace directories during merge-deploy sync and add regression coverage for merge/release auto-sync triggers.

Closes #4205

Verification

• shellcheck .agents/scripts/deploy-agents-on-merge.sh .agents/scripts/github-cli-helper.sh .agents/scripts/version-manager.sh .agents/scripts/tests/test-agent-auto-sync.sh
• bash -n .agents/scripts/deploy-agents-on-merge.sh .agents/scripts/github-cli-helper.sh .agents/scripts/version-manager.sh .agents/scripts/tests/test-agent-auto-sync.sh
• bash .agents/scripts/tests/test-agent-auto-sync.sh

Summary by CodeRabbit

• New Features

  • Added plugin namespace support for agent deployments.
  • Enabled automated post-merge synchronization workflows following pull request merges.
  • Enabled automated post-release synchronization for release workflows.

• Tests

  • New test coverage for agent auto-sync functionality.

• Refactor

  • Improved code style and readability across deployment and version management scripts.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 403 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Mar 12 04:57:37 UTC 2026: Code review monitoring started
Thu Mar 12 04:57:37 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 403

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 403
• VULNERABILITIES: 0

Generated on: Thu Mar 12 04:57:40 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[marcusquinn]

Pulse triage: this PR is currently blocked by systemic qlty check failures tracked in #4216. Skipping per-PR fix dispatch to avoid duplicate effort; will re-run/merge after workflow-level fix lands.

[marcusquinn]

Dispatching remediation worker.\n- Model: default alternating (headless-runtime-helper)\n- Branch: bugfix/pr-4206-remediation\n- Scope: Address failing CI and produce merge-ready state for PR #4206.\n- Attempt: 1 of 1\n- Direction: Resolve CI/review blockers only; avoid unrelated refactors.

[coderabbitai]

Warning

Rate limit exceeded

@alex-solovyev has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 21 minutes and 17 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ade88379-c115-498b-a8c0-ae42d553d63c

📥 Commits

Reviewing files that changed from the base of the PR and between 455c2f6 and ff92bb1.

📒 Files selected for processing (4)

• .agents/scripts/deploy-agents-on-merge.sh
• .agents/scripts/github-cli-helper.sh
• .agents/scripts/tests/test-agent-auto-sync.sh
• .agents/scripts/version-manager.sh

Walkthrough

Introduces automatic post-merge and post-release synchronization of deployed agents to prevent runtime drift. Adds plugin namespace support to deployment scripts, integrates sync triggers into GitHub CLI helper and version manager, and provides comprehensive test coverage for the auto-sync workflow.

Changes

Cohort / File(s)	Summary
Plugin Namespace Support .agents/scripts/deploy-agents-on-merge.sh	Adds PLUGINS_FILE and PLUGIN_NAMESPACES configuration; introduces sanitize_plugin_namespace() and collect_plugin_namespaces() functions to read and validate plugin namespaces from plugins.json. Integrates namespace handling into deployment paths (rsync excludes, tar preserves, per-file skips) to avoid overwriting plugin-managed directories.
Post-Merge/Release Sync Integration .agents/scripts/github-cli-helper.sh, .agents/scripts/version-manager.sh	Implements post-merge sync trigger in github-cli-helper via trigger_aidevops_post_merge_sync() and resolve_aidevops_sync_repo_dir(). Adds post-release sync in version-manager via run_post_release_agent_sync(). Both conditionally invoke deploy-agents-on-merge.sh for the aidevops repo only. Refactors github-cli-helper style and consolidates entry-point guards for safe sourcing.
Auto-Sync Test Suite .agents/scripts/tests/test-agent-auto-sync.sh	New regression test file validating end-to-end auto-sync workflows. Includes four tests (merge sync for aidevops, merge sync skip for others, release sync for aidevops remote, release sync skip for others) with utilities for test setup, teardown, fake repo creation, and result reporting.

Sequence Diagram

sequenceDiagram
    participant GitHub
    participant GitHubCliHelper as GitHub CLI Helper
    participant DeployScript as Deploy Script
    participant FileSystem as File System
    
    GitHub->>GitHubCliHelper: Merge PR (for aidevops repo)
    activate GitHubCliHelper
    
    GitHubCliHelper->>GitHubCliHelper: Check if aidevops repo
    GitHubCliHelper->>FileSystem: Resolve sync repo directory
    activate FileSystem
    FileSystem-->>GitHubCliHelper: repo path
    deactivate FileSystem
    
    GitHubCliHelper->>DeployScript: Execute deploy-agents-on-merge.sh
    activate DeployScript
    
    DeployScript->>FileSystem: Read plugins.json
    activate FileSystem
    FileSystem-->>DeployScript: plugin namespaces
    deactivate FileSystem
    
    DeployScript->>DeployScript: Validate & sanitize namespaces
    
    alt Changed files deployment
        DeployScript->>FileSystem: Skip plugin namespace dirs
    else All agents deployment
        DeployScript->>FileSystem: Copy agents (exclude plugins)
        DeployScript->>FileSystem: Preserve custom/draft/loop-state + plugins
    end
    
    DeployScript-->>GitHubCliHelper: Exit code (0 or 2 = success)
    deactivate DeployScript
    
    GitHubCliHelper-->>GitHub: Sync complete
    deactivate GitHubCliHelper

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: auto-deploy agents after supervisor merges PRs (t213) #916: Extends the existing deploy-agents-on-merge.sh flow that this PR builds upon for post-merge integration.
• feat: extend setup.sh to deploy plugins during aidevops update (t136.3) #762: Implements plugin namespace collection from plugins.json, sharing similar logic patterns with the deployment namespace handling.
• GH#3916: Recover high-value hardening into mergeable replacement PR #4126: Modifies deploy_all_agents and deploy_changed_files paths in deploy-agents-on-merge.sh, overlapping with this PR's plugin-namespace enhancements.

Suggested labels

enhancement

Poem

🔄 Agents sync when merges land,
Plugin namespaces safe by hand,
Runtime drift now kept at bay,
Auto-deploy saves the day! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main objective: automatic synchronization of deployed agents after merge and release events.
Linked Issues check	✅ Passed	All core requirements from issue #4205 are addressed: post-merge auto-sync via github-cli-helper.sh, post-release sync via version-manager.sh, plugin namespace preservation, and regression test coverage.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the linked issue objectives: deploy script enhancements, post-merge/release sync integration, plugin namespace handling, and new test coverage.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/t4205-auto-sync-deployment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 402 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Mar 12 21:05:26 UTC 2026: Code review monitoring started
Thu Mar 12 21:05:27 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 402

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 402
• VULNERABILITIES: 0

Generated on: Thu Mar 12 21:05:29 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.agents/scripts/tests/test-agent-auto-sync.sh (1)

34-53: Add trap for cleanup on unexpected exit.

If a test function causes an unexpected exit (e.g., due to a sourced script failing under set -e), the temp directory won't be cleaned up. Adding a cleanup trap ensures resources are released even on failure.

♻️ Proposed improvement: Add cleanup trap

 setup() {
 	TEST_DIR=$(mktemp -d)
+	trap 'rm -rf "$TEST_DIR" 2>/dev/null' EXIT
 	mkdir -p "$TEST_DIR/repo/.agents/scripts"

With this trap, teardown becomes optional but can remain for explicit cleanup documentation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/tests/test-agent-auto-sync.sh around lines 34 - 53, Add a
cleanup trap to ensure teardown() runs on any exit: inside setup() after
creating TEST_DIR (and before returning), register a trap 'trap teardown EXIT'
so teardown() is invoked on unexpected exits; reference the existing setup(),
teardown(), and TEST_DIR to locate where to add the trap and keep the explicit
teardown function as-is for normal cleanup.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/scripts/github-cli-helper.sh:
- Around line 662-667: The main issue is that main() reads positional parameters
($2,$3,$4 and later $5-$7) without defaults which breaks when set -u is enabled;
update main() to assign all used positional params to local variables with safe
defaults (e.g., local account_name="${2:-}" local target="${3:-}" local
options="${4:-}" and similarly bind any $5,$6,$7 to descriptive locals before
they are referenced in case branches), then use those local variable names
throughout the case handlers (functions/blocks referencing account_name, target,
options, and the additional param locals) so no unset positional parameter is
read directly. Ensure every place that previously used raw $N now uses the
corresponding local variable to prevent set -u failures.

---

Nitpick comments:
In @.agents/scripts/tests/test-agent-auto-sync.sh:
- Around line 34-53: Add a cleanup trap to ensure teardown() runs on any exit:
inside setup() after creating TEST_DIR (and before returning), register a trap
'trap teardown EXIT' so teardown() is invoked on unexpected exits; reference the
existing setup(), teardown(), and TEST_DIR to locate where to add the trap and
keep the explicit teardown function as-is for normal cleanup.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f38362ef-129a-4514-bf56-14f1b4b10caa

📥 Commits

Reviewing files that changed from the base of the PR and between a881bf1 and 455c2f6.

📒 Files selected for processing (4)

• .agents/scripts/deploy-agents-on-merge.sh
• .agents/scripts/github-cli-helper.sh
• .agents/scripts/tests/test-agent-auto-sync.sh
• .agents/scripts/version-manager.sh

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 402 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Mar 12 21:13:31 UTC 2026: Code review monitoring started
Thu Mar 12 21:13:32 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 402

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 402
• VULNERABILITIES: 0

Generated on: Thu Mar 12 21:13:34 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 402 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Mar 12 21:18:23 UTC 2026: Code review monitoring started
Thu Mar 12 21:18:23 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 402

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 402
• VULNERABILITIES: 0

Generated on: Thu Mar 12 21:18:26 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[alex-solovyev]

@coderabbitai resolve

[alex-solovyev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Comments resolved and changes approved.

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.