Confirmation token stopped working

[camtugueder]

Hi, I just purchased your starter plan and was trying out the functionality on one of my private repos, and at first everything was going "smoothly", I was able to create a branch, commit changes to it and create a PR. However, when trying to modify a file to fix an error introduced by that PR, the GPT was no longer able to create a commit for those changes. I tried again many times and asked it to produce debug output, which it did here:

----------BEGIN----------
It appears that the attempt to update the file has failed again. Here's a detailed breakdown of the steps and errors encountered:

Branch Creation:

Successfully created a branch named fix-application-controller from the main branch.
File Checkout:

Successfully checked out the file app/controllers/application_controller.rb for editing.
File Update Attempt:

Attempted to update the file with the following details:
URL: https://github.com/camtugueder/shifts-happen
Branch: fix-application-controller
File Path: app/controllers/application_controller.rb
Content Patch:
Start Line: 20
End Line: 33
Insert Only: false
Content: (empty, as it is meant to delete the duplicate content)
Commit Message: Fix duplicate method definition in ApplicationController
Confirmation Token: <>
Error: The update operation failed. The specific error message was not provided, but it indicated that the operation could not be completed.
Please ensure:

The file path app/controllers/application_controller.rb is correct.
You have the necessary access permissions to the repository.
The authentication tokens or permissions are up to date.

--------END--------

The path is correct, and the permissions and tokens are all the same as 10 minutes earlier, when creating the commit did work. Can you please help me solve this issue? I'd really like to be able to use the tool.

[dsomok]

Hi @camtugueder,

Could you please share a demo conversation with me via the Share Chat button at the top right corner? This will greatly help me to better understand the issue you are experiencing.

About Confirmation Tokens

Confirmation tokens have been implemented to overcome the Indirect Prompt Injection vulnerability. Here’s a brief overview of how they work:

• Action Request: When GPT queries the AskTheCode endpoint to perform an action (e.g., branch creation, file updates).
• Token Issuance: AskTheCode responds by providing a confirmation token and instructs GPT to present the user with all changes it intends to perform. This token is issued for a specific user, specific operation, and is valid for 5 minutes.
• User Confirmation: GPT presents the user with details about the operation and warns about potential data loss or corruption. If the user confirms, the same data is sent again along with the valid confirmation token.

This process ensures that users are fully aware of the changes being made to their repositories, providing an extra layer of security.

Current Issue

The information above is intended to explain the goal of confirmation tokens. However, if you are experiencing issues with GPT passing invalid confirmation tokens, this is definitely an issue I will address immediately.

I would be grateful for any additional details regarding the issue, especially in a shared conversation if possible.

I am awaiting your details to investigate the issue.

[jsbien]

I had a similar issue, cf:
https://chatgpt.com/share/d57d0c53-3b66-4653-871d-80cfb54ce88f
https://support.github.com/ticket/personal/0/2944187