feat: add @droid fix command for PR code fixes

[factory-nizar]

Summary

Add a new @droid fix command that triggers Droid to commit actual code changes when users @tag droid in PR comments.

Features

• Command detection: @droid fix parsed alongside existing fill/review/security commands
• Comment hierarchy logic:
  • Top-level PR comment (issue_comment): fix all review findings in scope
  • Review thread reply (pull_request_review_comment): fix the specific issue from that thread (uses file path, line number, parent comment body)
• Fix command handler: checks out PR branch, configures file-editing + git push tools, generates targeted prompts
• fix_model action input: optional model override (like fill_model/review_model)

Files added

• src/tag/commands/fix.ts -- command handler
• src/create-prompt/templates/fix-prompt.ts -- prompt template with hierarchy logic
• test/modes/tag/fix-command.test.ts -- 6 handler tests
• test/create-prompt/templates/fix-prompt.test.ts -- 6 prompt tests

Files modified

• src/github/utils/command-parser.ts -- added fix to DroidCommand + regex
• src/tag/index.ts -- routed fix command
• src/create-prompt/index.ts + types.ts -- added FixContext passthrough
• action.yml -- added fix_model input

Related

• FAC-14318 (Arbitrary @droid instructions in PR comments)

[factory-droid]

Droid finished @factory-nizar's task —— View job

---

[factory-droid]

Droid finished @factory-nizar's task —— View job

---

✅ Review complete for PR #63

2 issues found (2 approved, 1 rejected):

• [P1] @droid fix regex can false-positive on fixes/fixed/fixing → code-pushing flow triggered unintentionally
• [P1] Untrusted comment content embedded verbatim in fix prompt → prompt injection risk in code-pushing flow

View review

[factory-droid]

[P1] Tighten @droid fix matching to avoid false positives

The regex /@droid\s+fix/i will also match prefixes like "@droid fixed" or "@droid fixes", unintentionally triggering fix mode from ordinary PR discussion. The security matcher in this same file already uses (?:\s|$|[^-\w]) to enforce a word boundary — apply the same pattern here to prevent false triggers.

Suggested change

	const fixMatch = text.match(/@droid\s+fix/i);
	const fixMatch = text.match(/@droid\s+fix(?:\s|$|[^-\w])/i);

[factory-droid]

The @droid fix feature is well-structured with good test coverage. One concrete issue: the fix command regex lacks a word boundary (unlike the existing security matcher in the same file), causing false positives on common words like "fixed" and "fixes". The remaining review suggestions are either speculative, design preferences, or consistent with existing codebase patterns.

[factory-droid]

[P1] Untrusted comment content is embedded verbatim into the fix prompt

parentCommentBody and user-supplied instructions are interpolated directly into the LLM prompt (including inside a fenced block), so a malicious review comment can break the fence (```), inject higher-priority instructions, or otherwise steer the agent into unsafe actions in a code-pushing flow; consider escaping fence sequences, clearly labeling these sections as untrusted data the model must not follow as instructions, and avoid embedding unescaped values in example shell commands.

[factory-droid]

[P1] @droid fix detection can match fixes/fixed/fixing

The current regex /@droid\s+fix/i will also match @droid fixes or @droid fixed, which can unintentionally route to fix mode and start a code-modifying run; tighten this to require a word boundary/end (e.g. /@droid\s+fix\b/i or /@droid\s+fix(?:\s|$)/i) and add a regression test for @droid fixes.

[factory-droid]

Good feature addition with solid test coverage. Two actionable issues found: the @droid fix regex can false-positive on natural language like @droid fixes/@droid fixed (triggering a code-pushing flow unintentionally), and untrusted review comment content is embedded verbatim into the fix prompt without fence-break protection in a flow that has git push capability.