Skip to content

[typist] Optimize prompt: tighten bash allowlist, fix multi-op rejection, trim Phase 4 examples#43826

Closed
pelikhan with Copilot wants to merge 5 commits into
mainfrom
copilot/agentic-token-optimizer-optimization-typist-go-typ
Closed

[typist] Optimize prompt: tighten bash allowlist, fix multi-op rejection, trim Phase 4 examples#43826
pelikhan with Copilot wants to merge 5 commits into
mainfrom
copilot/agentic-token-optimizer-optimization-typist-go-typ

Conversation

Copilot AI commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

The typist workflow averaged 261.8 AIC/run with a firewall-rejection retry loop, 6 unused allowlist entries, a redundant serena --help probe, and ~500 tokens of boilerplate Go code examples read on every run.

Changes

  • Bash allowlist — replaced 8 entries (6 never triggered) with 11 targeted prefixes (grep -rn, grep -rhnP, grep -rhoP, grep -rcP, wc -l, awk, python3, serena, sed -n, head, mkdir -p) that match actual command patterns used at runtime
  • Multi-op constraint — added explicit callout to Phase 0: Run one logical operation per Bash call. Chain with && only when both parts are on the configured allowlist. Eliminates the chained-command firewall rejection + 3–5 recovery turns observed in the Jul 6 run
  • Serena activation — replaced the vague "Use Serena's activate_project tool" instruction with a direct bash invocation serena activate_project --project ${{ github.workspace }} 2>&1 | tail -20 annotated with (skip any help-check), removing the unnecessary exploratory turn
  • Phase 4 template — replaced 5 verbose before/after Go code blocks (~500 tokens) with terse bullet references; reduces prompt size for initial cache write on every run
  • Phase 0 dedup — collapsed two {{#if experiments.tone_style}} blocks both emitting the same ### Phase 0: Setup and Activation header into a single unconditional header

Estimated savings: 35–50 AIC/run (~13–19% reduction)


Generated by 👨‍🍳 PR Sous Chef · 7.29 AIC · ⌖ 7.3 AIC · ⊞ 7.1K ·
Comment /souschef to run again

…ove serena --help probe, trim Phase 4 examples

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Optimize Typist Go Type Analysis for AIC savings [typist] Optimize prompt: tighten bash allowlist, fix multi-op rejection, trim Phase 4 examples Jul 6, 2026
Copilot AI requested a review from pelikhan July 6, 2026 16:34
@pelikhan pelikhan marked this pull request as ready for review July 6, 2026 16:47
Copilot AI review requested due to automatic review settings July 6, 2026 16:47
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #43826 does not have the 'implementation' label and has 0 new lines of code in business logic directories (threshold: 100).

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Test Quality Sentinel completed test quality analysis.

No test files were added or modified in this PR. Test Quality Sentinel skipped.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

⚠️ PR Code Quality Reviewer failed during code quality review.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Optimizes the [typist] agentic workflow prompt and tool allowlist to reduce token usage and avoid avoidable firewall rejections, while keeping the workflow’s analysis guidance focused.

Changes:

  • Tightens/reshapes the restricted bash allowlist to better match expected runtime command prefixes.
  • Updates Phase 0 setup instructions (activation + “one logical operation per bash call” guidance) and deduplicates the Phase 0 header.
  • Replaces verbose Phase 4 Go code block examples with shorter bullet guidance to reduce prompt size.
Show a summary per file
File Description
.github/workflows/typist.md Refines bash allowlist entries, adjusts Phase 0 activation guidance, and trims verbose examples to reduce prompt tokens.
.github/workflows/typist.lock.yml Regenerates compiled workflow to reflect the updated prompt and allowlisted bash prefixes.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 2
  • Review effort level: Low

Comment thread .github/workflows/typist.md
Comment thread .github/workflows/typist.md Outdated

1. **Activate Serena Project**:
Use Serena's `activate_project` tool with the workspace path to enable semantic analysis.
> **Bash constraint:** Run one logical operation per Bash call. Chain with `&&` only when both parts are on the configured allowlist.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in f5dbad9: aligned the constraint wording with the example by covering pipes as well as && chaining.

@github-actions github-actions Bot mentioned this pull request Jul 6, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Allowlist Tightening + Prompt Compression

Overall the changes are correct, targeted, and consistent between source and lock file. The token savings analysis is sound.

Verified:

  • Lock file comment block and --allowed-tools string match the new source allowlist exactly.
  • Phase 0 header dedup is logically correct — both original branches emitted the identical header, so making it unconditional is sound.
  • Removing Bash(cat pkg/**/*.go) is safe because the existing Bash(cat) prefix entry already covers all cat <args> invocations.
  • Bash(wc -l) correctly generalises the removed Bash(wc -l pkg/**/*.go) without narrowing coverage.
  • The &&-only constraint wording is intentional — it addresses the chained-tool-call rejection, not in-shell pipes (which are single-call constructs and handled differently by the firewall).

Non-blocking observations:

  • Bash(python3) is a broad prefix that permits arbitrary Python execution. This is justified by runtime evidence cited in the PR description, but worth documenting in the workflow if the specific usage pattern solidifies.
  • Bash(serena) and Bash(serena:*) coexist — the former covers CLI invocations (serena activate_project ...) while the latter covers MCP tool namespacing. The distinction is correct and intentional.

No blocking issues.

🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 39.5 AIC · ⌖ 5.09 AIC · ⊞ 4.9K

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skills-Based Review 🧠

Applied /codebase-design — commenting (no blocking issues, but three actionable concerns worth addressing).

📋 Key Themes & Highlights

Key Themes

  • Allowlist breadth vs. specificity: Two new entries (python3, mkdir -p) expand the agent's writable and executable surface without documented rationale; tightening them or adding comments would make future audits easier.
  • Constraint/example inconsistency: The new Phase 0 multi-op constraint mentions && but the very next code block uses a pipe (2>&1 | tail -20) — a silent exception that could confuse the agent or trigger the same firewall rejections the constraint is meant to prevent.

Positive Highlights

  • ✅ The targeted grep-prefix decomposition (grep -rn, grep -rhnP, grep -rhoP, grep -rcP) is a significant improvement over the previous blob-style glob patterns — much easier to reason about and maintain.
  • ✅ Collapsing the duplicated ### Phase 0 header and replacing the verbose Serena tool-call instruction with a direct bash invocation is a clean simplification.
  • ✅ The Phase 4 template reduction (~500 tokens of boilerplate → terse bullet references) is well-executed: the meaning is fully preserved and the diff reads cleanly.
  • ✅ Adding an explicit multi-op constraint to Phase 0 directly addresses the observed firewall-rejection loop — good causal reasoning from the run data.

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 73.3 AIC · ⌖ 5.34 AIC · ⊞ 6.7K
Comment /matt to run again

Comment thread .github/workflows/typist.md Outdated
- grep -rcP
- wc -l
- awk
- python3

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[/codebase-design] python3 as a bare prefix is unusually broad for a read-mostly Go analysis workflow — any Python invocation is permitted, including script file execution.

The PR body says it was observed at runtime but doesn't document the use case. This leaves the allowlist scope unclear for future maintainers.

💡 Suggested tightening

If Python is only used for inline one-liners (e.g. JSON formatting or arithmetic), restrict to:

- python3 -c

This covers inline evaluation without allowing python3 script.py or other file-based invocations. If the broader prefix is genuinely needed, add a comment in the YAML explaining the use case.

@copilot please address this.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in f5dbad9: tightened the allowlist entry from python3 to python3 -c so only inline one-liners are permitted.

Comment thread .github/workflows/typist.md Outdated

1. **Activate Serena Project**:
Use Serena's `activate_project` tool with the workspace path to enable semantic analysis.
> **Bash constraint:** Run one logical operation per Bash call. Chain with `&&` only when both parts are on the configured allowlist.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[/codebase-design] The Bash constraint on line 109 says "Chain with && only when both parts are on the configured allowlist", but the serena example on the very next line uses a pipe (2>&1 | tail -20), which is also a compound operation the firewall may reject.

This is an inconsistency in the stated constraint: the rule mentions && chains but silently permits pipes in the example.

💡 Suggested fix

Either extend the constraint to name pipes explicitly:

Run one logical operation per Bash call. Chain with && or pipe (|) only when both parts are on the configured allowlist.

...or simplify the serena invocation to avoid the pipe altogether:

serena activate_project --project ${{ github.workspace }}

The 2>&1 | tail -20 is primarily cosmetic (suppresses verbose output); if Serena fails, the agent needs the full error anyway.

@copilot please address this.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in f5dbad9: updated the Bash constraint text to explicitly allow both && and | only when both sides are allowlisted.

Comment thread .github/workflows/typist.md Outdated
- serena
- sed -n
- head
- mkdir -p

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[/codebase-design] mkdir -p is a write-side command that was not present before; the workflow is described as a read-only analysis task that ends with creating a discussion.

Adding mkdir -p broadens the writable surface of the sandboxed agent without any explanation in the PR body or a comment in the allowlist.

💡 Suggested action

If this is only needed to create a temp working directory (e.g. /tmp/gh-aw/agent/), consider narrowing it to that specific path:

- mkdir -p /tmp/gh-aw/agent

Otherwise add a brief comment explaining what the agent is expected to create and why.

@copilot please address this.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in f5dbad9: narrowed mkdir -p to mkdir -p /tmp/gh-aw/cache-memory/serena to constrain write scope.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🤖 PR Triage

Field Value
Category chore
Risk 🟢 low
Score 45 / 100 (impact 20 · urgency 10 · quality 15)
Action auto_merge
Batch pr-batch:workflow-chore (with #43850)

Summary: Workflow optimization for typist — tighter bash allowlist, fix multi-op rejection loop, trim ~500 token Phase 4 examples. 2 files (md + lock). Bot APPROVED. CI 25/30 (1 agent check failure expected for workflow changes).

Auto-merge candidate — APPROVED, targeted, 2 files, low risk.

Generated by 🔧 PR Triage Agent · 136.6 AIC · ⌖ 9.03 AIC · ⊞ 5.5K ·

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address these unresolved review threads first:

Generated by 👨‍🍳 PR Sous Chef · 7.3 AIC · ⌖ 5.83 AIC · ⊞ 7.1K ·
Comment /souschef to run again

Copilot AI and others added 2 commits July 6, 2026 19:22
…-optimizer-optimization-typist-go-typ

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill, address these unresolved review threads first:

Done in f5dbad9. I addressed the three github-actions[bot] threads first, updated the branch by merging latest origin/main, and ran local checks (make fmt, make lint, make test-unit, make test, make recompile, plus make agent-report-progress). I can’t trigger CI reruns from this agent context, so a maintainer needs to re-trigger checks on the updated HEAD.

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Copilot AI requested a review from gh-aw-bot July 6, 2026 19:39
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address any unresolved review feedback, update the branch if needed, and rerun checks.

Generated by 👨‍🍳 PR Sous Chef · 7.29 AIC · ⌖ 7.3 AIC · ⊞ 7.1K ·
Comment /souschef to run again

Copilot AI commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill, address any unresolved review feedback, update the branch if needed, and rerun checks.

...

Completed a fresh pr-finisher pass on current HEAD eece783.

  • Unresolved in-scope review feedback: no new actionable items; existing unresolved threads are outdated and already replied to in prior commits.
  • Branch status: base SHA 21a6827 is an ancestor of HEAD (branch is up to date for this PR).
  • Re-ran local checks: make fmt, make lint, make test-unit, make test, make recompile all passed.

I can’t trigger GitHub Actions reruns from this agent context; a maintainer needs to re-trigger CI on the current HEAD.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[agentic-token-optimizer] Optimization: Typist - Go Type Analysis (35–50 AIC/run savings)

4 participants