Apply strict matching to slash commands (startsWith + exact equality) #14702
Conversation
…ality Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
🧪 Smoke Project is now testing project operations... |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
✅ Changeset Generator completed successfully! |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
✅ Smoke Project completed successfully. All project operations validated. |
Agent Container Tool Check ✅All required development tools are available in the agent container:
Result: 12/12 tools available ✅ All common development tools (shell, VCS, JSON/YAML processing, HTTP, GitHub CLI, and programming runtimes) are properly installed and accessible in the container environment.
|
|
🤖 Beep boop! The smoke test agent was here! 🚀 Just finished testing all the systems and wanted to leave a fun note in your awesome static analysis discussion. Keep up the great work catching those security issues! 🔒✨ May your workflows always compile and your tests always pass! 🎉
|
|
PRs: Fix detection job checkout failure from missing contents permission; chore: create workflow video with voice over
|
|
🎭 The Smoke Test Agent drops by 🎭 Hey there! Just ran through the smoke tests for PR #14702 and wanted to share the results: Test Results:
Overall Status: PARTIAL PASS cc @pelikhan
|
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
There was a problem hiding this comment.
Pull request overview
This PR updates how slash commands are detected in generated GitHub Actions expressions to avoid false positives when a command appears mid-text, and regenerates affected compiled workflows and tests accordingly.
Changes:
- Updated command condition generation to use
startsWith(..., '/cmd ') || body == '/cmd'instead ofcontains(...). - Adjusted multiple Go tests to expect strict matching patterns.
- Recompiled committed
.lock.ymlworkflows to reflect the new command-matching expressions.
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/command.go | Implements strict command matching using startsWith + exact equality. |
| pkg/workflow/compiler_events_test.go | Updates expected if condition substrings for command-triggered workflows. |
| pkg/workflow/command_test.go | Updates assertions to accept strict matching patterns and avoid contains(...). |
| pkg/workflow/command_precision_test.go | Updates precision expectations to verify strict matching terms appear for each event body accessor. |
| pkg/workflow/permission_restriction_test.go | Updates permission-check test to accept strict matching patterns. |
| .github/workflows/unbloat-docs.lock.yml | Regenerated compiled workflow with strict command matching. |
| .github/workflows/tidy.lock.yml | Regenerated compiled workflow with strict command matching. |
| .github/workflows/security-review.lock.yml | Regenerated compiled workflow with strict command matching. |
| .github/workflows/scout.lock.yml | Regenerated compiled workflow with strict command matching across multiple event bodies. |
| .github/workflows/q.lock.yml | Regenerated compiled workflow with strict command matching across multiple event bodies. |
| .github/workflows/pr-nitpick-reviewer.lock.yml | Regenerated compiled workflow with strict command matching across multiple event bodies. |
| .github/workflows/poem-bot.lock.yml | Regenerated compiled workflow with strict command matching for issues body. |
| .github/workflows/plan.lock.yml | Regenerated compiled workflow with strict command matching for comment bodies. |
| .github/workflows/pdf-summary.lock.yml | Regenerated compiled workflow with strict command matching for issues + issue_comment bodies. |
| .github/workflows/mergefest.lock.yml | Regenerated compiled workflow with strict command matching for PR comment bodies. |
| .github/workflows/grumpy-reviewer.lock.yml | Regenerated compiled workflow with strict command matching for issue_comment and review_comment bodies. |
| .github/workflows/craft.lock.yml | Regenerated compiled workflow with strict command matching for issues body. |
| .github/workflows/cloclo.lock.yml | Regenerated compiled workflow with strict command matching across multiple event bodies. |
| .github/workflows/brave.lock.yml | Regenerated compiled workflow with strict command matching for issue_comment bodies. |
| .github/workflows/archie.lock.yml | Regenerated compiled workflow with strict command matching for issues/issue_comment/pull_request bodies. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| commandText := fmt.Sprintf("/%s", commandName) | ||
| commandOrChecks = append(commandOrChecks, BuildContains( | ||
| commandWithSpace := fmt.Sprintf("/%s ", commandName) | ||
|
|
||
| // Check for exact match (command without arguments) | ||
| exactMatch := BuildEquals( | ||
| BuildPropertyAccess(bodyAccessor), | ||
| BuildStringLiteral(commandText), | ||
| )) | ||
| ) | ||
|
|
||
| // Check for command with arguments (starts with "/<command> ") | ||
| startsWithMatch := BuildFunctionCall("startsWith", | ||
| BuildPropertyAccess(bodyAccessor), | ||
| BuildStringLiteral(commandWithSpace), | ||
| ) | ||
|
|
||
| // Combine: exact match OR starts with pattern | ||
| commandCheck := &OrNode{ | ||
| Left: startsWithMatch, | ||
| Right: exactMatch, | ||
| } | ||
|
|
||
| commandOrChecks = append(commandOrChecks, commandCheck) |
There was a problem hiding this comment.
The new strict match only triggers on an exact "/" or when the body starts with "/ " (a literal space). This will not match commands preceded by leading whitespace/newlines (e.g. "\n /cmd ...") or commands followed by other whitespace (e.g. "/cmd\narg"), but the runtime command parser in actions/setup/js/check_command_position.cjs trims and splits on \s+ (and its tests explicitly expect leading whitespace to still pass). This mismatch can cause valid commands to be skipped before check_command_position ever runs. Consider aligning the workflow if generation with the parser’s whitespace handling (or tightening the parser/tests to match the new definition) so command triggering is consistent.
🔍 PR Triage ResultsCategory: test | Risk: low | Priority: 41/100 Scores Breakdown
📋 Recommended Action: BATCH_REVIEW✅ Batched with PR #14682 as Changes: Updates slash command matching to use strict regex (startsWith/exact match) preventing false positives. Includes comprehensive test updates across 20 files (360 lines). Batch Context: Part of test infrastructure improvements. Both PRs in this batch focus on test coverage and validation paths. Next Steps:
Triaged by PR Triage Agent on 2026-02-10 00:45 UTC
|
Slash commands previously matched anywhere in issue/PR/comment bodies using
contains(), causing false positives when commands appeared in documentation or quoted text.Changes
pkg/workflow/command.go: Modified
buildMultiCommandCheckto generate strict matching conditions:startsWith(body, '/command ')for commands with argumentsbody == '/command'for exact match(startsWith(...) || body == '...')Test updates: Updated expectations in
command_precision_test.go,command_test.go,compiler_events_test.go, andpermission_restriction_test.goWorkflow recompilation: All 148 workflows regenerated with new pattern
Example
Before (false positives):
After (strict):
This matches the pattern used in secure GitHub Actions slash command implementations.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.
Changeset