You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Status: ⚠️ Multiple low-severity-but-persistent consistency gaps; none block compilation, all are paper-cuts for users and maintainers.
No critical (bug-causing) inconsistencies were found this run. All findings are documentation gaps, dead/defensive code, or schema-metadata omissions. They have been stable across several prior audits and remain unaddressed.
Critical Issues
None this run. No type mismatches or field-handling gaps that would let invalid frontmatter silently compile.
Documentation Gaps
1. Three schema fields have ZERO curated documentation (S7)
check-for-updates, disable-model-invocation, and run-install-scripts (nested under runtimes) appear only in the auto-generated frontmatter-full.md. No curated page in docs/src/content/docs/ mentions them.
run-install-scripts is defined at main_workflow_schema.json:11472 and carries a supply-chain security warning — it deserves a real doc entry given its security relevance.
Impact: Users cannot discover or understand these fields from the human-written docs.
2. Schema doc-link anchors point to non-existent headings (S12)
The schema descriptions for check-for-updates and run-install-scripts link to reference/frontmatter/#check-for-updates and .../#run-install-scripts, but no matching heading exists in docs/src/content/docs/reference/frontmatter.md. These are dead deep-links shipped in the schema itself.
3. `user-invokable` silently ignored but undocumented (S17)
pkg/constants/constants.go:315 lists user-invokable in IgnoredFrontmatterFields (a Copilot custom-agent field that is silently dropped). The field name appears nowhere in docs/, so users get no explanation of why it is accepted-but-ignored.
4. `applyTo` accepted by parser, absent from schema & docs (S9)
pkg/parser/include_processor.go:267 keeps applyTo in its validFields allowlist, but applyTo is not a property in main_workflow_schema.json and has zero curated-doc mentions. The parser accepts a field the schema does not know about and nobody documents.
Both describe themselves as deprecated/legacy in prose but carry no deprecated: true flag, so editors/tooling cannot surface the deprecation.
False-positive watch: strict matches a naive grep because its description lists "(5) Deprecated Fields" as a strict-mode FEATURE — it is not deprecated; exclude it.
6. Dead `$defs` entry: `templatable_integer` (S13)
templatable_integer is defined in $defs but never $ref'd (1 occurrence total = the definition itself). Its sibling templatable_boolean has 10 occurrences. Either wire it up where integer templating is allowed, or remove the dead def.
7. Inconsistent `expires` default across safe-outputs (S15)
create-discussion.expires declares default: 7 in the schema, but create-issue.expires declares no default (null). If both are meant to expire after 7 days the schema is misleading; if not, the asymmetry should be documented.
Parser Updates Required
8. Legacy `rate-limit` deprecation is debug-only, not user-visible (S8)
pkg/workflow/role_checks.go:301 handles the legacy rate-limit alias with roleLog.Print("Extracted legacy rate-limit configuration") — a debug-level log. There is no user-facing deprecation warning steering users toward user-rate-limit. (For contrast, user-rate-limit itself emits an EXPERIMENTAL warning at compile time.)
Workflow Violations
None. No .github/workflows/*.md file uses a field rejected by the schema. The field_gaps.in_used_not_schema entries are all flattened nested keys / template variables (e.g. score, verdict, run_dir), not real top-level violations.
Dead/defensive allowlist entries (S16) — code hygiene, not a violation
SharedWorkflowForbiddenFields in pkg/constants/constants.go lists command (line 334) and roles (line 342), neither of which is a top-level schema property. Since the top-level schema is additionalProperties: false, these can never appear, making the entries dead/defensive. Harmless but worth a cleanup comment.
Recommendations
Add curated doc sections (with matching #anchor headings) for check-for-updates, disable-model-invocation, and run-install-scripts — the latter is security-relevant and most urgent.
Add "deprecated": true (and an x-deprecation-message) to the inline-sub-agents and rate-limit schema entries.
Promote the legacy rate-limit debug log to a user-visible deprecation warning pointing at user-rate-limit.
Reconcile create-issue.expires default with create-discussion.expires (default: 7), or document the difference.
Either reference or remove the dead templatable_integer$def.
Document or remove applyTo and user-invokable handling so accepted-but-undocumented fields stop surprising users.
Add a brief comment marking command/roles as defensive entries in SharedWorkflowForbiddenFields.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
mainthis run)No critical (bug-causing) inconsistencies were found this run. All findings are documentation gaps, dead/defensive code, or schema-metadata omissions. They have been stable across several prior audits and remain unaddressed.
Critical Issues
None this run. No type mismatches or field-handling gaps that would let invalid frontmatter silently compile.
Documentation Gaps
1. Three schema fields have ZERO curated documentation (S7)
check-for-updates,disable-model-invocation, andrun-install-scripts(nested underruntimes) appear only in the auto-generatedfrontmatter-full.md. No curated page indocs/src/content/docs/mentions them.run-install-scriptsis defined atmain_workflow_schema.json:11472and carries a supply-chain security warning — it deserves a real doc entry given its security relevance.2. Schema doc-link anchors point to non-existent headings (S12)
The schema descriptions for
check-for-updatesandrun-install-scriptslink toreference/frontmatter/#check-for-updatesand.../#run-install-scripts, but no matching heading exists indocs/src/content/docs/reference/frontmatter.md. These are dead deep-links shipped in the schema itself.3. `user-invokable` silently ignored but undocumented (S17)
pkg/constants/constants.go:315listsuser-invokableinIgnoredFrontmatterFields(a Copilot custom-agent field that is silently dropped). The field name appears nowhere indocs/, so users get no explanation of why it is accepted-but-ignored.4. `applyTo` accepted by parser, absent from schema & docs (S9)
pkg/parser/include_processor.go:267keepsapplyToin itsvalidFieldsallowlist, butapplyTois not a property inmain_workflow_schema.jsonand has zero curated-doc mentions. The parser accepts a field the schema does not know about and nobody documents.Schema Improvements Needed
5. Deprecated/legacy fields lack JSON-Schema deprecation metadata (S10)
deprecatedflagx-deprecation-messageinline-sub-agentsnullnullrate-limitnullnullBoth describe themselves as deprecated/legacy in prose but carry no
deprecated: trueflag, so editors/tooling cannot surface the deprecation.False-positive watch:
strictmatches a naive grep because its description lists "(5) Deprecated Fields" as a strict-mode FEATURE — it is not deprecated; exclude it.6. Dead `$defs` entry: `templatable_integer` (S13)
templatable_integeris defined in$defsbut never$ref'd (1 occurrence total = the definition itself). Its siblingtemplatable_booleanhas 10 occurrences. Either wire it up where integer templating is allowed, or remove the dead def.7. Inconsistent `expires` default across safe-outputs (S15)
create-discussion.expiresdeclaresdefault: 7in the schema, butcreate-issue.expiresdeclares no default (null). If both are meant to expire after 7 days the schema is misleading; if not, the asymmetry should be documented.Parser Updates Required
8. Legacy `rate-limit` deprecation is debug-only, not user-visible (S8)
pkg/workflow/role_checks.go:301handles the legacyrate-limitalias withroleLog.Print("Extracted legacy rate-limit configuration")— a debug-level log. There is no user-facing deprecation warning steering users towarduser-rate-limit. (For contrast,user-rate-limititself emits an EXPERIMENTAL warning at compile time.)Workflow Violations
None. No
.github/workflows/*.mdfile uses a field rejected by the schema. Thefield_gaps.in_used_not_schemaentries are all flattened nested keys / template variables (e.g.score,verdict,run_dir), not real top-level violations.Dead/defensive allowlist entries (S16) — code hygiene, not a violation
SharedWorkflowForbiddenFieldsinpkg/constants/constants.golistscommand(line 334) androles(line 342), neither of which is a top-level schema property. Since the top-level schema isadditionalProperties: false, these can never appear, making the entries dead/defensive. Harmless but worth a cleanup comment.Recommendations
#anchorheadings) forcheck-for-updates,disable-model-invocation, andrun-install-scripts— the latter is security-relevant and most urgent."deprecated": true(and anx-deprecation-message) to theinline-sub-agentsandrate-limitschema entries.rate-limitdebug log to a user-visible deprecation warning pointing atuser-rate-limit.create-issue.expiresdefault withcreate-discussion.expires(default: 7), or document the difference.templatable_integer$def.applyToanduser-invokablehandling so accepted-but-undocumented fields stop surprising users.command/rolesas defensive entries inSharedWorkflowForbiddenFields.Strategy Performance
Next Steps
inline-sub-agentsandrate-limitin the schemarate-limitlog to a user-facing warningcheck-for-updates,disable-model-invocation,run-install-scriptsand fix their doc anchorsexpiresdefaults across safe-outputstemplatable_integerdef; tidySharedWorkflowForbiddenFieldsReferences: §26705611078
Beta Was this translation helpful? Give feedback.
All reactions