fix: add CJS module-load syntax gate to prevent silent await/non-async regressions#43474
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
#43200) Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
🛠️ Agentic Maintenance updated this pull request branch. |
There was a problem hiding this comment.
Pull request overview
Adds a defense-in-depth CI gate to prevent CommonJS (.cjs) module-load SyntaxErrors (e.g., await inside a non-async function) from shipping unnoticed, by running node --check across runtime .cjs files in actions/setup/js/ and wiring that into the existing make lint flow.
Changes:
- Introduces
scripts/validate-cjs-syntax.shto parse-check non-test.cjsfiles withnode --check(no execution). - Adds a
validate-cjs-syntaxMake target and runs it as part oflint-cjs(and thereforelint). - Regenerates multiple workflow
.lock.ymlfiles, updating embedded awf-config JSON (notably adding alyriamodel alias in several files).
Show a summary per file
| File | Description |
|---|---|
| scripts/validate-cjs-syntax.sh | New script to syntax-check runtime .cjs files via node --check. |
| Makefile | Adds validate-cjs-syntax target and hooks it into lint-cjs / lint; updates make help. |
| .github/workflows/workflow-health-manager.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/schema-consistency-checker.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/safe-output-health.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/pr-triage-agent.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/poem-bot.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/gpclean.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-team-evolution-insights.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-safe-output-optimizer.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-regulatory.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-observability-report.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-multi-device-docs-tester.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-max-ai-credits-test.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-credit-limit-test.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-compiler-quality.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-cli-tools-tester.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/daily-cache-strategy-analyzer.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/copilot-centralization-optimizer.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/copilot-centralization-drilldown.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/code-simplifier.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/ci-coach.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
| .github/workflows/agentic-token-optimizer.lock.yml | Workflow lockfile updated for a source:-managed workflow (embedded awf-config JSON changed). |
| .github/workflows/agent-performance-analyzer.lock.yml | Workflow lockfile updated (embedded awf-config JSON changed). |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comments suppressed due to low confidence (1)
Makefile:1137
- The
helpoutput still describeslint-cjsas only formatting-related, butlint-cjsnow also runs the CJS syntax gate. Updating the help text avoids surprising users who rely onmake help.
@echo " golint-incremental - Run golangci-lint incrementally (only changed files, requires BASE_REF)"
@echo " lint - Run linter"
- Files reviewed: 2/2 changed files
- Comments generated: 1
- Review effort level: Low
| .PHONY: lint-cjs | ||
| lint-cjs: fmt-check-cjs | ||
| lint-cjs: fmt-check-cjs validate-cjs-syntax | ||
| @echo "✓ JavaScript formatting validated" |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Great work on the CJS syntax gate — catching One thing worth adding before this graduates from draft:
If you'd like a hand, you can assign this prompt to your coding agent: Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "patchdiff.githubusercontent.com"See Network Configuration for more information.
|
PR #43170 introduced
await coreObj.summary.write()inside a non-asyncfunction, producing aSyntaxErroratrequire()time and hard-failing every workflow step that loadedparse_mcp_gateway_log.cjs. Nothing in the existing pipeline caught this before workflows ran.Changes
scripts/validate-cjs-syntax.sh— new script that runsnode --checkon every non-test.cjsfile underactions/setup/js/. Parses without executing, so no@actions/coreruntime needed; catchesSyntaxError(includingawaitin non-async functions) at the source.Makefile: validate-cjs-syntaxtarget — exposes the check standalone (make validate-cjs-syntax) and wires it intolint-cjs, which is already part oflint→agent-report-progress.The
writeStepSummaryWithTokenUsagefunction isasyncin the current base and the ESLintrequire-await-core-summary-writerule already gates itsawaitsuggestion behindisInsideAsyncFunction— this PR adds the final defense-in-depth layer so the same class of mistake can't silently ship again.