Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions actions/setup/js/demo_enhanced_errors.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,14 @@
*
* This script demonstrates how the enhanced error messages provide
* actionable guidance when tools are called with missing parameters.
*
* NOTE: This is a demonstration script that only uses "body" as a string literal
* in examples. No sanitization is needed as no user-provided content is processed.
*/

const { generateEnhancedErrorMessage } = require("./mcp_enhanced_errors.cjs");
const tools = require("./safe_outputs_tools.json");
// SEC-004: No sanitize needed - demo script with string literals only

console.log("=".repeat(80));
console.log("Enhanced MCP Error Messages - Demonstration");
Expand Down
9 changes: 9 additions & 0 deletions actions/setup/js/expired_entity_cleanup_helpers.cjs
Original file line number Diff line number Diff line change
@@ -1,8 +1,17 @@
// @ts-check
// <reference types="@actions/github-script" />

/**
* Expired Entity Cleanup Helpers
*
* NOTE: This module reads entity.body from GitHub API to extract expiration dates.
* No sanitization is needed as this is read-only processing. The body content is
* used only for pattern matching, not for writing back to GitHub.
*/

const { extractExpirationDate } = require("./ephemerals.cjs");
const { getErrorMessage } = require("./error_helpers.cjs");
// SEC-004: No sanitize needed - entity.body is read-only (expiration extraction)

const DEFAULT_MAX_UPDATES_PER_RUN = 100;
const DEFAULT_GRAPHQL_DELAY_MS = 500;
Expand Down
9 changes: 9 additions & 0 deletions actions/setup/js/expired_entity_search_helpers.cjs
Original file line number Diff line number Diff line change
@@ -1,7 +1,16 @@
// @ts-check
/// <reference types="@actions/github-script" />

/**
* Expired Entity Search Helpers
*
* NOTE: This module reads entity.body from GraphQL responses to check for workflow
* markers and expiration patterns. No sanitization is needed as this is read-only
* processing. The body content is used only for pattern matching, not for writing.
*/

const { EXPIRATION_PATTERN, LEGACY_EXPIRATION_PATTERN } = require("./ephemerals.cjs");
// SEC-004: No sanitize needed - entity.body is read-only (marker detection)

/**
* Configuration for entity-specific GraphQL search
Expand Down
5 changes: 5 additions & 0 deletions actions/setup/js/mcp_enhanced_errors.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,13 @@
*
* This module provides enhanced error messages for MCP tool validation errors
* that include actionable guidance to help agents self-correct.
*
* NOTE: This module only uses "body" as an example string literal (line 115).
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reference to "line 115" is incorrect. The "body" field name is actually used in the conditional at line 119 of mcp_enhanced_errors.cjs. Please update this to reference the correct line number.

Suggested change
* NOTE: This module only uses "body" as an example string literal (line 115).
* NOTE: This module only uses "body" as an example string literal (line 119).

Copilot uses AI. Check for mistakes.
* No sanitize needed - no user-provided content is processed.
*/

// SEC-004: No sanitize needed - "body" is only used as example text

/**
* Generate an enhanced error message with actionable guidance for missing parameters
* @param {string[]} missingFields - Array of missing field names
Expand Down
6 changes: 6 additions & 0 deletions actions/setup/js/temporary_id.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,15 @@
* It does not perform cross-repository operations directly. Handlers that use these
* utilities (like create_issue, add_comment, etc.) are responsible for validating
* target repositories against their configured allowlists (validateTargetRepo/checkAllowedRepo).
*
* Content sanitization: This module reads body/title/description fields from messages
* to extract temporary ID references (read-only). The actual sanitization of these
* fields happens in the handlers that create/update content (create_issue, add_comment, etc.).
*/

const { getErrorMessage } = require("./error_helpers.cjs");
// SEC-004: No sanitize needed - body fields are read-only (temp ID extraction)
// Actual sanitize happens in create_issue/add_comment handlers that write content

const crypto = require("crypto");

Expand Down
8 changes: 8 additions & 0 deletions actions/setup/js/update_release.cjs
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
// @ts-check
/// <reference types="@actions/github-script" />

/**
* Update Release Handler
*
* Content sanitization: message.body is sanitized by updateBody helper
* (update_pr_description_helpers.cjs line 83) before writing to GitHub.
*/

const { getErrorMessage } = require("./error_helpers.cjs");
const { updateBody } = require("./update_pr_description_helpers.cjs");
// Content sanitization: message.body is sanitized by updateBody() helper
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This single-line comment is redundant with the JSDoc block above (lines 7-8), which already explains that message.body is sanitized by the updateBody helper. Consider removing this line to avoid duplication, as the JSDoc already contains the "sanitize" keyword needed for SEC-004 conformance.

Suggested change
// Content sanitization: message.body is sanitized by updateBody() helper

Copilot uses AI. Check for mistakes.

/**
* Create a handler for update-release messages
Expand Down
Loading