This page explains how the AI agent moves through the system. For exact request models, prompt templates, and GitHub payload handling, follow the source files linked here instead of treating this doc as a protocol spec.
- A trusted human adds the
agentlabel or comments/implement; the trigger contract lives in.github/workflows/implement.yaml. - The workflow creates a repo-scoped GitHub App token, joins the tailnet, and
POSTs to
POST /implementon the Beelink agent API. stacks/agents/app/main.pyvalidates the triggering actor, then startsworker-implement-<issue>viaservices/docker.py.- The worker mounts the shared
repo-cache:/repo.gitandreviews:/reviewsvolumes, posts or updates the progress comment fromworker.py, and callsimplement/orchestrator.py. - The implement orchestrator validates that prompt content is trusted
(
trust.py), creates theagent/issue-<N>worktree (services/git.py), and launches Copilot CLI throughservices/copilot.py. - The CLI owns the repo work: edit files, commit, push, create the draft PR,
wait for checks, mark ready, and merge. The lifecycle contract lives in
.github/skills/bot-implement/SKILL.md. - The worker prints a JSON result; the API monitor in
main.pyrecords Prometheus metrics, removes the stopped worker container, and if the run produced a PR, comments/reviewon that PR. - That
/reviewcomment starts the independent advisory review flow in a fresh worker session.
- A trusted human, or the implement monitor, comments
/reviewon a PR; the workflow contract lives in.github/workflows/code-review.yaml. - The workflow mints a GitHub App token, joins Tailscale, and POSTs to
POST /review. main.pyvalidates the triggering actor and spawnsworker-review-<pr>.worker.pyposts a progress comment and callsreview/orchestrator.py.- The review orchestrator fetches the PR, rejects forks, loads trusted linked
issues, creates a review worktree in
/reviews/pr-<N>, and launches Copilot CLI. - The CLI owns the review itself: it reads the diff and posts the PR review via
GitHub. The review contract lives in
.github/skills/bot-review/SKILL.md.
Trust validation is intentionally split across layers:
| Layer | Source of truth |
|---|---|
| Workflow trigger gate | .github/workflows/implement.yaml and .github/workflows/code-review.yaml |
| Actor allowlist for API requests | stacks/agents/app/trust.py |
| Content trust for issue and PR text injected into prompts | stacks/agents/app/trust.py, implement/orchestrator.py, review/orchestrator.py |
| Fork PR rejection for review | .github/workflows/code-review.yaml and review/orchestrator.py |
Do not copy the actor list into docs; trust.py is the single source of truth.
Workers are short-lived containers created from the same image as the API
container (services/docker.py, stacks/agents/compose.yaml).
- Naming:
worker-implement-<N>andworker-review-<N> - Shared state:
repo-cache:/repo.gitfor the bare clone,reviews:/reviewsfor worktrees and CLI transcripts - Lifetime: started per task, monitored by the API, and removed after exit; startup cleanup also reaps orphaned stopped workers
| Surface | Owns |
|---|---|
| GitHub Actions workflows | Trigger parsing, GitHub App token minting, Tailscale connectivity, dispatch to the Beelink API |
| FastAPI API + orchestrators | Trust checks, worker spawn/monitoring, worktree setup, metrics, progress plumbing, post-implement /review trigger |
| Copilot CLI | File edits, git operations, PR lifecycle, and the review comment itself |
That split is the current contract from ADR-010 and ADR-011.