fix: tighten pentest substring checks to anchored regex in signals.py#205
fix: tighten pentest substring checks to anchored regex in signals.py#205
Conversation
Replace permissive substring matches ("source: pentest" not in fm and
"target: recursive" not in fm) with anchored multiline regex patterns
(re.search(r"^source:\s*pentest\s*$", ...)) in both
count_pending_pentest_framework_tasks() and count_recent_pentest_tasks().
This prevents false matches on compound values like source: pentest-extended-v2
and makes the matching consistent with how status: and priority: fields are
checked elsewhere in the same file. Closes task #211.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 73f072fc25
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| for f in archive.glob("[0-9]*.md"): | ||
| fm = _read_frontmatter(f) | ||
| if not fm or "source: pentest" not in fm: | ||
| if not fm or not re.search(r"^source:\s*pentest\s*$", fm, re.MULTILINE): |
There was a problem hiding this comment.
This exact-match filter drops real pentest tasks that include run metadata in source (for example archived tasks like 0154.md/0169.md/0184.md use source: pentest-...), so they no longer contribute to count_recent_pentest_tasks(). Because count_recent_security_sessions() uses this count as its structured fallback, the anti-loop demotion can fail to trigger when recent pentest work is present but tagged with the existing pentest-* convention and feature keywords are absent.
Useful? React with 👍 / 👎.
All four unanchored `^status:\s*pending` patterns now use `^status:\s*pending\s*$` to prevent false matches on values like `status: pending-review`. Also tightens `^priority:\s*urgent` to `^priority:\s*urgent\s*$` for consistency. Addresses task #216 and the meta-reviewer advisory note from PR #205.
1 participant
Summary
"source: pentest" not in fm,"target: recursive" not in fm) with anchored multiline regex patterns incount_pending_pentest_framework_tasks()andcount_recent_pentest_tasks()source: pentest-extended-v2ortarget: recursive-frameworksource:andtarget:field matching consistent with howstatus:andpriority:are already matched in the same fileChanges
File:
.recursive/engine/signals.pycount_pending_pentest_framework_tasks(): replaced two substring checks withre.search(r"^source:\s*pentest\s*$", fm, re.MULTILINE)andre.search(r"^target:\s*recursive\s*$", fm, re.MULTILINE)count_recent_pentest_tasks(): replaced one substring check with the same anchoredsource:regex patternTest plan
make checkpasses (925 tests, ruff, mypy, dry-run, shell syntax, ASCII checks all green)^source:\s*pentest\s*$matches canonical frontmatter format)source: pentest-extended-v2would NOT match the new regex (intended tightening)Closes task #211.