Skip to main content

Bring Your Own Pipeline (BYOP) Setup

The CI-Native Agent runs no hosted sandbox. Tier 2 validation uses the CI pipeline you already have. This page covers wiring it in.

Prerequisitesโ€‹

  • The SquireX GitHub App installed on the repository
  • GitHub Advanced Security enabled (the agent reacts to code_scanning_alert)
  • An existing CI workflow that runs your tests (sf apex run test, ServiceNow ATF, or MuleSoft MUnit)

1. Enable the agentโ€‹

The CI-Native Agent is opt-in per installation. It only runs when the feature flag is set:

AUTOFIX_ENABLED=true

Select an LLM provider:

LLM_PROVIDER=anthropic     # Claude Sonnet with prompt caching (default)
# or
LLM_PROVIDER=copilot       # GitHub Copilot via the GitHub Models API

Provide the matching credential (ANTHROPIC_API_KEY for Anthropic; the GitHub token scope for Copilot).

2. Confirm GitHub App permissionsโ€‹

The app manifest requests the minimum needed to run the loop:

  • contents: write โ€” branch creation and single-file commits
  • actions: read โ€” downloading CI failure logs for retry context
  • Webhook events: code_scanning_alert, check_run

Add the proactive scan workflow so alerts are generated automatically. It runs on push to main and on a weekly schedule, uploads SARIF to GHAS, and the resulting code_scanning_alert webhook drives the autofix loop:

# .github/workflows/proactive-scan.yml is included by the SquireX setup
on:
  push:
    branches: [main]
  schedule:
    - cron: '0 6 * * 1'

4. Your CI is the only test runnerโ€‹

No changes to your test pipeline are required. SquireX does not run your tests โ€” it reacts to the check_run.completed webhook your existing workflow already emits. Keep using your own credentials, runners, and org connections.

Verifying the loopโ€‹

  1. Trigger a known violation (e.g., an Apex file with an AGENTFORCE-1.1 issue).
  2. Confirm a branch squirex-autofix/alert-{id} is created with the patched file.
  3. Confirm your CI runs and a check_run webhook is received.
  4. Green CI: the draft PR comments "Fixed. Tests green. Ready to merge."
  5. Red CI: a new commit is pushed to the same branch with the CI error in context.
  6. Merge the PR and confirm a billing record is created.

See The Fix Loop for the full state machine.