Skip to content

feat: add report issue system for specs and implementations#3285

Merged
MarkusNeusinger merged 2 commits intomainfrom
feat/report-issue-system
Jan 7, 2026
Merged

feat: add report issue system for specs and implementations#3285
MarkusNeusinger merged 2 commits intomainfrom
feat/report-issue-system

Conversation

@MarkusNeusinger
Copy link
Copy Markdown
Owner

Summary

  • Add structured system for reporting issues with specs and implementations
  • Rename issue templates from plot-*.yml to spec-*.yml for consistency
  • Add frontend links for "suggest spec" (catalog) and "report issue" (spec pages)
  • Responsive design: icon on mobile, text on desktop

Changes

  • Issue Templates: New report-issue.yml, renamed spec-request.yml and spec-update.yml
  • Workflow: report-validate.yml for AI-powered issue analysis
  • Frontend: Breadcrumb links in CatalogPage and SpecPage
  • Documentation: Updated contributing.md, README.md, added report-issue.md

Test plan

  • Verify "suggest spec" link appears in catalog breadcrumb
  • Verify "report issue" link appears in spec page breadcrumb
  • Test responsive behavior (icon on mobile xs/sm, text on md+)
  • Check GitHub issue templates are available

🤖 Generated with Claude Code

- Add report-issue.yml template with auto-labels
- Rename plot-*.yml templates to spec-*.yml for consistency
- Add "suggest spec" link in CatalogPage breadcrumb
- Add "report issue" link in SpecPage breadcrumb (responsive: icon on mobile, text on desktop)
- Add report-validate.yml workflow for AI-powered issue analysis
- Add report-analysis.md prompt for structured issue validation
- Update contributing.md and README.md with 3 main input paths
- Change filter label from "example" to "spec" for clarity

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings January 7, 2026 22:16
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a comprehensive system for reporting issues with existing plot specifications and implementations, with AI-powered validation and structured analysis.

Key changes:

  • New issue reporting workflow with AI validation
  • Renamed issue templates from plot-* to spec-* for consistency
  • Frontend integration with "suggest spec" and "report issue" links
  • Responsive design that shows icons on mobile and text on desktop

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
.github/workflows/report-validate.yml New workflow that validates user reports, checks spec/impl existence, and posts AI-structured analysis
.github/ISSUE_TEMPLATE/report-issue.yml New issue template for reporting spec/impl problems with dropdowns for target, library, and category
.github/ISSUE_TEMPLATE/spec-request.yml Updated label from plot-request to spec-request for consistency
.github/ISSUE_TEMPLATE/spec-update.yml Updated label from plot-request to spec-update for consistency
prompts/workflow-prompts/report-analysis.md AI prompt for analyzing and structuring user-submitted issue reports
docs/workflows/report-issue.md Complete user guide for the report system with examples and workflow diagrams
docs/workflows/overview.md Added report pipeline documentation and label reference tables
docs/contributing.md Updated with three contribution paths: suggest spec, report spec issue, report impl issue
README.md Simplified contribution section with table format and updated footer links
CLAUDE.md Added report workflow documentation and label reference for AI agent
app/src/pages/SpecPage.tsx Added "report issue" link in breadcrumb with URL pre-filling based on current page context
app/src/pages/CatalogPage.tsx Added "suggest spec" link in breadcrumb pointing to spec-request template
app/src/types/index.ts Updated filter labels from "example" to "spec" for consistent terminology

@@ -0,0 +1,84 @@
name: Report Issue
description: Report an issue with an existing plot spec or implementation
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The report-issue.yml template is missing a title field. Unlike spec-update.yml which provides a title template, this template relies on users to create their own titles which may lead to inconsistent issue titles. Consider adding a title field similar to spec-update.yml to ensure consistency, for example: title: "Report Issue: " or title: "[SPEC-ID] ". The workflow will update the title later with the proper format, but having a template helps guide users.

Suggested change
description: Report an issue with an existing plot spec or implementation
description: Report an issue with an existing plot spec or implementation
title: "Report Issue: [SPEC-ID] "

Copilot uses AI. Check for mistakes.
Comment on lines +20 to +30
1. **Verify spec exists:**
```bash
ls plots/{spec_id}/
```
If not found → post comment, close issue, STOP

2. **If implementation issue, verify library exists:**
```bash
ls plots/{spec_id}/implementations/{library}.py
```
If not found → post comment, close issue, STOP
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This prompt instructs the Claude Code workflow to run shell commands like ls plots/{spec_id}/ and ls plots/{spec_id}/implementations/{library}.py using spec_id and library values parsed directly from the user-submitted issue body. Because those fields are fully user-controlled, an attacker can choose a spec_id containing shell metacharacters so that, when substituted into these commands by the agent, it causes command injection on the GitHub Actions runner with the ability to run arbitrary CLI commands and potentially exfiltrate tokens or other sensitive data via issue comments. To reduce this risk, ensure spec_id (and any other interpolated fields) are strictly validated/normalized before they ever reach this prompt (e.g., enforce a safe [a-z0-9-]+ pattern and stop on mismatch) and avoid embedding them directly in shell command strings by having the agent treat them as opaque data, not interpolated into bash snippets.

Copilot uses AI. Check for mistakes.
Comment on lines +86 to +88
Update the issue title to include the spec ID:
```bash
gh issue edit {number} --title "[{spec_id}] {brief description of the issue}"
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This prompt also instructs the Claude Code workflow to call gh issue edit {number} --title "[{spec_id}] {brief description of the issue}", again interpolating the user-supplied spec_id directly into a shell command that will be executed by the agent. If a malicious reporter provides a spec_id containing shell metacharacters or command substitution syntax, this title-edit command can be turned into an injected shell payload on the GitHub Actions runner, enabling arbitrary CLI execution and possible token or data exfiltration via subsequent gh calls. To mitigate this, validate and normalize spec_id to a strict safe pattern before use and avoid constructing shell commands by string interpolation of untrusted values, instead treating them as opaque data or passing them via safer mechanisms.

Suggested change
Update the issue title to include the spec ID:
```bash
gh issue edit {number} --title "[{spec_id}] {brief description of the issue}"
Update the issue title to include the spec ID. Before using `spec_id` in any shell command, ensure it
strictly matches the allowed pattern (lowercase letters, digits, and hyphens only).
```bash
# Validate spec_id matches a safe pattern before using it in any shell commands
if ! printf '%s\n' "{spec_id}" | grep -Eq '^[a-z0-9-]+$'; then
echo "Invalid spec_id; expected lowercase letters, numbers, and hyphens only."
exit 1
fi
SAFE_SPEC_ID="{spec_id}"
SAFE_TITLE="[$SAFE_SPEC_ID] {brief description of the issue}"
gh issue edit "{number}" --title "$SAFE_TITLE"

Copilot uses AI. Check for mistakes.
- Add title field to report-issue.yml template
- Add input validation section to report-analysis.md
- Validate spec_id matches ^[a-z0-9-]+$ pattern before use
- Validate library is one of allowed values
- Remove shell command examples to prevent injection risks

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@MarkusNeusinger MarkusNeusinger merged commit b365bbc into main Jan 7, 2026
6 checks passed
@MarkusNeusinger MarkusNeusinger deleted the feat/report-issue-system branch January 7, 2026 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants