You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Analysis of commit def67ceb11bd83b0121a5ad22873e3e8cbc5990f found a repeated prompt-template path construction pattern in production CommonJS handlers. The current PR adds another instance in actions/setup/js/handle_agent_failure.cjs for cache_memory_miss.md, bringing attention to a broader repeated pattern around \$\{process.env.RUNNER_TEMP}/gh-aw/prompts/....
Duplication Details
Pattern: Direct prompt template path construction
Severity: Medium
Occurrences: 26 production .cjs occurrences across multiple handlers
Maintainability: Prompt directory resolution is duplicated instead of centralized, so changes to runtime prompt location or fallback behavior must be applied in many files.
Bug Risk: A handler can drift from the intended prompt path convention or miss future support for GH_AW_PROMPTS_DIR style overrides already used in some nearby code.
Code Bloat: The repeated snippet is small per call site, but it is highly repetitive across failure, noop, detection, checkout, and PR fallback handlers.
Refactoring Recommendations
Add a shared prompt path helper
Extract common path resolution to actions/setup/js/messages_core.cjs, for example getPromptTemplatePath(name) or renderPromptTemplate(name, context).
Prefer GH_AW_PROMPTS_DIR when set, otherwise default to \$\{RUNNER_TEMP}/gh-aw/prompts.
Estimated effort: Low to Medium.
Migrate call sites incrementally
Start with actions/setup/js/handle_agent_failure.cjs because it has the highest concentration of repeated prompt path construction.
Then migrate smaller handlers such as handle_noop_message.cjs, handle_detection_runs.cjs, and create_*_issue.cjs.
Implementation Checklist
Add shared helper in actions/setup/js/messages_core.cjs
Update the repeated prompt path call sites to use the helper
Preserve existing fallback behavior in firewall_blocked_domains.cjs
Add or update focused .test.cjs coverage for override/default path resolution
Run make fmt-cjs, make lint-cjs, and relevant targeted tests
Analysis Metadata
Analyzed Files: 1 eligible changed production source file (actions/setup/js/handle_agent_failure.cjs)
Excluded Files: 1 test file and 1 Markdown prompt template
Detection Method: Serena symbol overview and pattern search, plus targeted production .cjs path search
The following domains were blocked by the firewall during workflow execution:
ab.chatgpt.com
api.github.com
chatgpt.com
github.com
💡 Tip:api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:
tools:
github:
mode: gh-proxy
See GitHub Tools for more information on gh-proxy mode.
To allow these domains, add them to the network.allowed list in your workflow frontmatter:
Summary
Analysis of commit
def67ceb11bd83b0121a5ad22873e3e8cbc5990ffound a repeated prompt-template path construction pattern in production CommonJS handlers. The current PR adds another instance inactions/setup/js/handle_agent_failure.cjsforcache_memory_miss.md, bringing attention to a broader repeated pattern around\$\{process.env.RUNNER_TEMP}/gh-aw/prompts/....Duplication Details
Pattern: Direct prompt template path construction
.cjsoccurrences across multiple handlersactions/setup/js/handle_agent_failure.cjs:621actions/setup/js/handle_agent_failure.cjs:621,:700,:714,:730,:755,:793,:810,:840,:918,:1266,:1431actions/setup/js/create_pull_request.cjs:1620,:1637,:1837actions/setup/js/handle_detection_runs.cjs:49,:110actions/setup/js/handle_noop_message.cjs:51,:187actions/setup/js/create_missing_data_issue.cjs:23actions/setup/js/create_missing_tool_issue.cjs:23actions/setup/js/create_report_incomplete_issue.cjs:25actions/setup/js/checkout_pr_branch.cjs:326actions/setup/js/setup_threat_detection.cjs:28actions/setup/js/push_to_pull_request_branch.cjs:470actions/setup/js/firewall_blocked_domains.cjs:213Code sample from the changed file:
Similar examples elsewhere:
Impact Analysis
GH_AW_PROMPTS_DIRstyle overrides already used in some nearby code.Refactoring Recommendations
Add a shared prompt path helper
actions/setup/js/messages_core.cjs, for examplegetPromptTemplatePath(name)orrenderPromptTemplate(name, context).GH_AW_PROMPTS_DIRwhen set, otherwise default to\$\{RUNNER_TEMP}/gh-aw/prompts.Migrate call sites incrementally
actions/setup/js/handle_agent_failure.cjsbecause it has the highest concentration of repeated prompt path construction.handle_noop_message.cjs,handle_detection_runs.cjs, andcreate_*_issue.cjs.Implementation Checklist
actions/setup/js/messages_core.cjsfirewall_blocked_domains.cjs.test.cjscoverage for override/default path resolutionmake fmt-cjs,make lint-cjs, and relevant targeted testsAnalysis Metadata
actions/setup/js/handle_agent_failure.cjs).cjspath searchdef67ceb11bd83b0121a5ad22873e3e8cbc5990fReferences:
Warning
Firewall blocked 4 domains
The following domains were blocked by the firewall during workflow execution:
ab.chatgpt.comapi.github.comchatgpt.comgithub.com💡 Tip:
api.github.comis blocked because GitHub API access uses the built-in GitHub tools by default. Instead of addingapi.github.comtonetwork.allowed, usetools.github.mode: gh-proxyfor direct pre-authenticated GitHub CLI access without requiring network access toapi.github.com:See GitHub Tools for more information on
gh-proxymode.To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:See Network Configuration for more information.