From 1f8a2e636c5fac3d06249508484105bc155c9c42 Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Mon, 27 Apr 2026 13:10:37 +0200 Subject: [PATCH] Avoid unsafe docs-review suggestions for substitutions Prevent the docs-review agent from offering apply-ready GitHub suggestions when Elastic substitution syntax could be escaped by safe-output sanitization. Co-authored-by: GPT-5.5 Made-with: Cursor --- .github/workflows/gh-aw-docs-review.lock.yml | 24 +++++++++++--------- .github/workflows/gh-aw-docs-review.md | 2 ++ 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/gh-aw-docs-review.lock.yml b/.github/workflows/gh-aw-docs-review.lock.yml index 71e2a93..76d6284 100644 --- a/.github/workflows/gh-aw-docs-review.lock.yml +++ b/.github/workflows/gh-aw-docs-review.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8aecc4bd358d6452945318375b4b1603faac0510eaa5e3845d1784f7b7f7400d","compiler_version":"v0.71.1","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5b7018a203219870ebd51c384e62b9d6fc0e76720bf467e2dd367143154b4cbc","compiler_version":"v0.71.1","agent_id":"copilot"} # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_PLUGINS_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"239aec45b78c8799417efdd5bc6d8cc036629ec1","version":"v0.71.1"},{"repo":"microsoft/apm-action","sha":"a190b0b1a91031057144dc136acf9757a59c9e4d","version":"v1.4.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.28","digest":"sha256:a8834e285807654bf680154faa710d43fe4365a0868142f5c20e48c85e137a7a","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.28@sha256:a8834e285807654bf680154faa710d43fe4365a0868142f5c20e48c85e137a7a"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.28","digest":"sha256:93290f2393752252911bd7c39a047f776c0b53063575e7bde4e304962a9a61cb","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.28@sha256:93290f2393752252911bd7c39a047f776c0b53063575e7bde4e304962a9a61cb"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.28","digest":"sha256:844c18280f82cd1b06345eb2f4e91966b34185bfc51c9f237c3e022e848fb474","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.28@sha256:844c18280f82cd1b06345eb2f4e91966b34185bfc51c9f237c3e022e848fb474"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.0"},{"image":"ghcr.io/github/github-mcp-server:v1.0.2"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) @@ -223,14 +223,14 @@ jobs: run: | bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh" { - cat << 'GH_AW_PROMPT_e436e092c93d7e1e_EOF' + cat << 'GH_AW_PROMPT_fb4cf12cdc60bda9_EOF' - GH_AW_PROMPT_e436e092c93d7e1e_EOF + GH_AW_PROMPT_fb4cf12cdc60bda9_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_e436e092c93d7e1e_EOF' + cat << 'GH_AW_PROMPT_fb4cf12cdc60bda9_EOF' Tools: create_pull_request_review_comment(max:20), submit_pull_request_review, missing_tool, missing_data, noop @@ -262,9 +262,9 @@ jobs: {{/if}} - GH_AW_PROMPT_e436e092c93d7e1e_EOF + GH_AW_PROMPT_fb4cf12cdc60bda9_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_e436e092c93d7e1e_EOF' + cat << 'GH_AW_PROMPT_fb4cf12cdc60bda9_EOF' @@ -443,6 +443,8 @@ jobs: - keep the suggested replacement as small as possible while still fixing the issue, and - avoid suggestion blocks only when GitHub would not be able to apply them cleanly. + Do not use GitHub suggestion blocks when the proposed replacement contains Elastic substitution syntax such as `{{...}}`. Safe-output sanitization may escape the braces before GitHub applies the suggestion. In those cases, provide the exact replacement as prose, or suggest only the part of the line that does not include the substitution. + Treat low-priority nits differently: - avoid nits unless they are grounded in the Elastic style guide or another explicit review rule in this workflow, @@ -500,7 +502,7 @@ jobs: __GH_AW_EXPR_49B959F1__ - GH_AW_PROMPT_e436e092c93d7e1e_EOF + GH_AW_PROMPT_fb4cf12cdc60bda9_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -722,9 +724,9 @@ jobs: mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs" mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_0b3e9f6020f371e4_EOF' + cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_962121e1803406d6_EOF' {"create_pull_request_review_comment":{"max":20,"side":"RIGHT"},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"submit_pull_request_review":{"allowed_events":["COMMENT"],"max":1,"target":"triggering"}} - GH_AW_SAFE_OUTPUTS_CONFIG_0b3e9f6020f371e4_EOF + GH_AW_SAFE_OUTPUTS_CONFIG_962121e1803406d6_EOF - name: Write Safe Outputs Tools env: GH_AW_TOOLS_META_JSON: | @@ -944,7 +946,7 @@ jobs: mkdir -p /home/runner/.copilot GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_4d30a67f3b7641f9_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_d8e2299152cb1077_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { "elastic-docs": { @@ -1002,7 +1004,7 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_4d30a67f3b7641f9_EOF + GH_AW_MCP_CONFIG_d8e2299152cb1077_EOF - name: Clean git credentials continue-on-error: true run: bash "${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh" diff --git a/.github/workflows/gh-aw-docs-review.md b/.github/workflows/gh-aw-docs-review.md index 7330772..2ae8634 100644 --- a/.github/workflows/gh-aw-docs-review.md +++ b/.github/workflows/gh-aw-docs-review.md @@ -224,6 +224,8 @@ For inline comments with concrete replacements: - keep the suggested replacement as small as possible while still fixing the issue, and - avoid suggestion blocks only when GitHub would not be able to apply them cleanly. +Do not use GitHub suggestion blocks when the proposed replacement contains Elastic substitution syntax such as `{{...}}`. Safe-output sanitization may escape the braces before GitHub applies the suggestion. In those cases, provide the exact replacement as prose, or suggest only the part of the line that does not include the substitution. + Treat low-priority nits differently: - avoid nits unless they are grounded in the Elastic style guide or another explicit review rule in this workflow,