Add project field campaign orchestration support to workflows (#12053)

Author: Copilot

.github/workflows/security-alert-burndown.lock.yml

@@ -0,0 +1,49 @@
+---
+name: Security Alert Burndown
+description: Discovers Dependabot PRs and assigns them to Copilot for review
+on:
+  schedule:
+    - cron: "0 * * * *"
+  workflow_dispatch:
+project:
+  url: https://github.com/orgs/githubnext/projects/134
+  scope:
+    - githubnext/gh-aw
+  id: security-alert-burndown
+  governance:
+    max-new-items-per-run: 3
+    max-discovery-items-per-run: 100
+    max-discovery-pages-per-run: 5
+    max-project-updates-per-run: 10
+---
+
+# Security Alert Burndown Campaign
+
+This campaign discovers Dependabot-created pull requests for JavaScript dependencies and assigns them to the Copilot coding agent for automated review and merging.
+
+## Objective
+
+Systematically process Dependabot dependency update PRs to keep JavaScript dependencies up-to-date and secure.
+
+## Discovery Strategy
+
+The orchestrator will:
+
+1. **Discover** pull requests opened by the `dependabot` bot
+2. **Filter** to PRs with labels `dependencies` and `javascript`
+3. **Assign** discovered PRs to the Copilot coding agent using `assign-to-agent`
+4. **Track** progress in the project board
+
+## Campaign Execution
+
+Each run:
+- Discovers up to 100 Dependabot PRs with specified labels
+- Processes up to 5 pages of results
+- Assigns up to 3 new items to Copilot
+- Updates project board with up to 10 status changes
+
+## Success Criteria
+
+- JavaScript dependency PRs are automatically triaged
+- Copilot agent reviews and processes assigned PRs
+- Project board reflects current state of dependency updates

.github/workflows/security-alert-burndown.md

@@ -0,0 +1,198 @@
+package campaign
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/githubnext/gh-aw/pkg/logger"
+	"github.com/githubnext/gh-aw/pkg/workflow"
+)
+
+var injectionLog = logger.New("campaign:injection")
+
+// InjectOrchestratorFeatures detects if a workflow has project field with campaign
+// configuration and injects orchestrator features directly into the workflow during compilation.
+// This transforms the workflow into a campaign orchestrator without generating separate files.
+func InjectOrchestratorFeatures(workflowData *workflow.WorkflowData) error {
+	injectionLog.Print("Checking workflow for campaign orchestrator features")
+
+	// Check if this workflow has project configuration with campaign fields
+	if workflowData.ParsedFrontmatter == nil || workflowData.ParsedFrontmatter.Project == nil {
+		injectionLog.Print("No project field detected, skipping campaign injection")
+		return nil
+	}
+
+	project := workflowData.ParsedFrontmatter.Project
+
+	// Check if project has any campaign orchestration fields to determine if this is a campaign
+	// Campaign indicators (any of these present means it's a campaign orchestrator):
+	// - workflows list (predefined workers)
+	// - governance policies (campaign-specific constraints)
+	// - bootstrap configuration (initial work item generation)
+	// - memory-paths, metrics-glob, cursor-glob (campaign state tracking)
+	// If only URL and scope are present, it's simple project tracking, not a campaign
+	isCampaign := len(project.Workflows) > 0 ||
+		project.Governance != nil ||
+		project.Bootstrap != nil ||
+		len(project.MemoryPaths) > 0 ||
+		project.MetricsGlob != "" ||
+		project.CursorGlob != ""
+
+	if !isCampaign {
+		injectionLog.Print("Project field present but no campaign indicators, treating as simple project tracking")
+		return nil
+	}
+
+	injectionLog.Printf("Detected campaign orchestrator: workflows=%d, has_governance=%v, has_bootstrap=%v",
+		len(project.Workflows), project.Governance != nil, project.Bootstrap != nil)
+
+	// Derive campaign ID from workflow name or use explicit ID
+	campaignID := workflowData.FrontmatterName
+	if project.ID != "" {
+		campaignID = project.ID
+	}
+
+	// Build campaign prompt data from project configuration
+	promptData := CampaignPromptData{
+		CampaignID:   campaignID,
+		CampaignName: workflowData.Name,
+		ProjectURL:   project.URL,
+		CursorGlob:   project.CursorGlob,
+		MetricsGlob:  project.MetricsGlob,
+		Workflows:    project.Workflows,
+	}
+
+	if project.Governance != nil {
+		promptData.MaxDiscoveryItemsPerRun = project.Governance.MaxDiscoveryItemsPerRun
+		promptData.MaxDiscoveryPagesPerRun = project.Governance.MaxDiscoveryPagesPerRun
+		promptData.MaxProjectUpdatesPerRun = project.Governance.MaxProjectUpdatesPerRun
+		promptData.MaxProjectCommentsPerRun = project.Governance.MaxCommentsPerRun
+	}
+
+	if project.Bootstrap != nil {
+		promptData.BootstrapMode = project.Bootstrap.Mode
+		if project.Bootstrap.SeederWorker != nil {
+			promptData.SeederWorkerID = project.Bootstrap.SeederWorker.WorkflowID
+			promptData.SeederMaxItems = project.Bootstrap.SeederWorker.MaxItems
+		}
+		if project.Bootstrap.ProjectTodos != nil {
+			promptData.StatusField = project.Bootstrap.ProjectTodos.StatusField
+			if promptData.StatusField == "" {
+				promptData.StatusField = "Status"
+			}
+			promptData.TodoValue = project.Bootstrap.ProjectTodos.TodoValue
+			if promptData.TodoValue == "" {
+				promptData.TodoValue = "Todo"
+			}
+			promptData.TodoMaxItems = project.Bootstrap.ProjectTodos.MaxItems
+			promptData.RequireFields = project.Bootstrap.ProjectTodos.RequireFields
+		}
+	}
+
+	if len(project.Workers) > 0 {
+		promptData.WorkerMetadata = make([]WorkerMetadata, len(project.Workers))
+		for i, w := range project.Workers {
+			promptData.WorkerMetadata[i] = WorkerMetadata{
+				ID:                  w.ID,
+				Name:                w.Name,
+				Description:         w.Description,
+				Capabilities:        w.Capabilities,
+				IdempotencyStrategy: w.IdempotencyStrategy,
+				Priority:            w.Priority,
+			}
+			// Convert payload schema
+			if len(w.PayloadSchema) > 0 {
+				promptData.WorkerMetadata[i].PayloadSchema = make(map[string]WorkerPayloadField)
+				for key, field := range w.PayloadSchema {
+					promptData.WorkerMetadata[i].PayloadSchema[key] = WorkerPayloadField{
+						Type:        field.Type,
+						Description: field.Description,
+						Required:    field.Required,
+						Example:     field.Example,
+					}
+				}
+			}
+			// Convert output labeling
+			promptData.WorkerMetadata[i].OutputLabeling = WorkerOutputLabeling{
+				Labels:         w.OutputLabeling.Labels,
+				KeyInTitle:     w.OutputLabeling.KeyInTitle,
+				KeyFormat:      w.OutputLabeling.KeyFormat,
+				MetadataFields: w.OutputLabeling.MetadataFields,
+			}
+		}
+	}
+
+	// Append orchestrator instructions to markdown content
+	markdownBuilder := &strings.Builder{}
+	markdownBuilder.WriteString(workflowData.MarkdownContent)
+	markdownBuilder.WriteString("\n\n")
+
+	// Add bootstrap instructions if configured
+	if project.Bootstrap != nil && project.Bootstrap.Mode != "" {
+		bootstrapInstructions := RenderBootstrapInstructions(promptData)
+		if bootstrapInstructions != "" {
+			AppendPromptSection(markdownBuilder, "BOOTSTRAP INSTRUCTIONS (PHASE 0)", bootstrapInstructions)
+		}
+	}
+
+	// Add workflow execution instructions
+	workflowExecution := RenderWorkflowExecution(promptData)
+	if workflowExecution != "" {
+		AppendPromptSection(markdownBuilder, "WORKFLOW EXECUTION (PHASE 0)", workflowExecution)
+	}
+
+	// Add orchestrator instructions
+	orchestratorInstructions := RenderOrchestratorInstructions(promptData)
+	if orchestratorInstructions != "" {
+		AppendPromptSection(markdownBuilder, "ORCHESTRATOR INSTRUCTIONS", orchestratorInstructions)
+	}
+
+	// Add project update instructions
+	projectInstructions := RenderProjectUpdateInstructions(promptData)
+	if projectInstructions != "" {
+		AppendPromptSection(markdownBuilder, "PROJECT UPDATE INSTRUCTIONS (AUTHORITATIVE FOR WRITES)", projectInstructions)
+	}
+
+	// Add closing instructions
+	closingInstructions := RenderClosingInstructions()
+	if closingInstructions != "" {
+		AppendPromptSection(markdownBuilder, "CLOSING INSTRUCTIONS (HIGHEST PRIORITY)", closingInstructions)
+	}
+
+	// Update the workflow markdown content with injected instructions
+	workflowData.MarkdownContent = markdownBuilder.String()
+	injectionLog.Printf("Injected campaign orchestrator instructions into workflow markdown")
+
+	// Configure safe-outputs for campaign orchestration
+	if workflowData.SafeOutputs == nil {
+		workflowData.SafeOutputs = &workflow.SafeOutputsConfig{}
+	}
+
+	// Configure dispatch-workflow for worker coordination (optional - only if workflows are specified)
+	if len(project.Workflows) > 0 && workflowData.SafeOutputs.DispatchWorkflow == nil {
+		workflowData.SafeOutputs.DispatchWorkflow = &workflow.DispatchWorkflowConfig{
+			BaseSafeOutputConfig: workflow.BaseSafeOutputConfig{Max: 3},
+			Workflows:            project.Workflows,
+		}
+		injectionLog.Printf("Configured dispatch-workflow safe-output for %d workflows", len(project.Workflows))
+	} else if len(project.Workflows) == 0 {
+		injectionLog.Print("No workflows specified - campaign will use custom discovery and dispatch logic")
+	}
+
+	// Configure update-project (already handled by applyProjectSafeOutputs, but ensure governance max is applied)
+	if project.Governance != nil && project.Governance.MaxProjectUpdatesPerRun > 0 {
+		if workflowData.SafeOutputs.UpdateProjects != nil {
+			workflowData.SafeOutputs.UpdateProjects.Max = project.Governance.MaxProjectUpdatesPerRun
+			injectionLog.Printf("Applied governance max-project-updates-per-run: %d", project.Governance.MaxProjectUpdatesPerRun)
+		}
+	}
+
+	// Add concurrency control for campaigns if not already set
+	if workflowData.Concurrency == "" {
+		workflowData.Concurrency = fmt.Sprintf("concurrency:\n  group: \"campaign-%s-orchestrator-${{ github.ref }}\"\n  cancel-in-progress: false", campaignID)
+		injectionLog.Printf("Added campaign concurrency control")
+	}
+
+	injectionLog.Printf("Successfully injected campaign orchestrator features for: %s", campaignID)
+	return nil
+}

pkg/campaign/injection.go

@@ -339,7 +339,7 @@ func BuildOrchestrator(spec *CampaignSpec, campaignFilePath string) (*workflow.W
 		if bootstrapInstructions == "" {
 			orchestratorLog.Print("Warning: Failed to render bootstrap instructions, template may be missing")
 		} else {
-			appendPromptSection(markdownBuilder, "BOOTSTRAP INSTRUCTIONS (PHASE 0)", bootstrapInstructions)
+			AppendPromptSection(markdownBuilder, "BOOTSTRAP INSTRUCTIONS (PHASE 0)", bootstrapInstructions)
 			orchestratorLog.Printf("Campaign '%s' orchestrator includes bootstrap mode: %s", spec.ID, spec.Bootstrap.Mode)
 		}
 	}
@@ -350,29 +350,29 @@ func BuildOrchestrator(spec *CampaignSpec, campaignFilePath string) (*workflow.W
 	if workflowExecution == "" {
 		orchestratorLog.Print("Warning: Failed to render workflow execution instructions, template may be missing")
 	} else {
-		appendPromptSection(markdownBuilder, "WORKFLOW EXECUTION (PHASE 0)", workflowExecution)
+		AppendPromptSection(markdownBuilder, "WORKFLOW EXECUTION (PHASE 0)", workflowExecution)
 		orchestratorLog.Printf("Campaign '%s' orchestrator includes workflow execution", spec.ID)
 	}
 
 	orchestratorInstructions := RenderOrchestratorInstructions(promptData)
 	if orchestratorInstructions == "" {
 		orchestratorLog.Print("Warning: Failed to render orchestrator instructions, template may be missing")
 	} else {
-		appendPromptSection(markdownBuilder, "ORCHESTRATOR INSTRUCTIONS", orchestratorInstructions)
+		AppendPromptSection(markdownBuilder, "ORCHESTRATOR INSTRUCTIONS", orchestratorInstructions)
 	}
 
 	projectInstructions := RenderProjectUpdateInstructions(promptData)
 	if projectInstructions == "" {
 		orchestratorLog.Print("Warning: Failed to render project update instructions, template may be missing")
 	} else {
-		appendPromptSection(markdownBuilder, "PROJECT UPDATE INSTRUCTIONS (AUTHORITATIVE FOR WRITES)", projectInstructions)
+		AppendPromptSection(markdownBuilder, "PROJECT UPDATE INSTRUCTIONS (AUTHORITATIVE FOR WRITES)", projectInstructions)
 	}
 
 	closingInstructions := RenderClosingInstructions()
 	if closingInstructions == "" {
 		orchestratorLog.Print("Warning: Failed to render closing instructions, template may be missing")
 	} else {
-		appendPromptSection(markdownBuilder, "CLOSING INSTRUCTIONS (HIGHEST PRIORITY)", closingInstructions)
+		AppendPromptSection(markdownBuilder, "CLOSING INSTRUCTIONS (HIGHEST PRIORITY)", closingInstructions)
 	}
 
 	// Campaign orchestrators can dispatch workflows and perform limited Project operations.

pkg/campaign/orchestrator.go

@@ -5,7 +5,9 @@ import (
 	"strings"
 )
 
-func appendPromptSection(b *strings.Builder, title, body string) {
+// AppendPromptSection appends a section with a header and body to the builder.
+// This is used to structure campaign orchestrator prompts with clear section boundaries.
+func AppendPromptSection(b *strings.Builder, title, body string) {
 	body = strings.TrimSpace(body)
 	if body == "" {
 		return

pkg/campaign/prompt_sections.go

@@ -122,7 +122,7 @@ func compileSingleFile(compiler *workflow.Compiler, file string, stats *Compilat
 	}
 
 	// Regular workflow file - compile normally
-	compileHelpersLog.Printf("Compiling: %s", file)
+	compileHelpersLog.Printf("Compiling as regular workflow: %s", file)
 	if verbose {
 		fmt.Fprintln(os.Stderr, console.FormatProgressMessage(fmt.Sprintf("Compiling: %s", file)))
 	}

pkg/cli/compile_helpers.go

@@ -137,6 +137,21 @@ func compileWorkflowFile(
 	}
 	result.workflowData = workflowData
 
+	// Inject campaign orchestrator features if project field has campaign configuration
+	// This transforms the workflow into a campaign orchestrator in-place
+	if err := campaign.InjectOrchestratorFeatures(workflowData); err != nil {
+		errMsg := fmt.Sprintf("failed to inject campaign orchestrator features: %v", err)
+		if !jsonOutput {
+			fmt.Fprintln(os.Stderr, console.FormatErrorMessage(errMsg))
+		}
+		result.validationResult.Valid = false
+		result.validationResult.Errors = append(result.validationResult.Errors, CompileValidationError{
+			Type:    "campaign_injection_error",
+			Message: err.Error(),
+		})
+		return result
+	}
+
 	compileWorkflowProcessorLog.Printf("Starting compilation of %s", resolvedFile)
 
 	// Compile the workflow