Refactor safe output type validation into data-driven validator engine #5086
Conversation
- Create safe_output_type_validator.cjs with VALIDATION_CONFIG containing all safe output types - Move validation logic from collect_ndjson_output.cjs to validator engine - Add sanitize, maxLength, itemSanitize, itemMaxLength flags in VALIDATION_CONFIG - Register validator with bundler in js.go - Add comprehensive test suite for the validator - Update collect_ndjson_output.cjs to use the new validator - Fix test assertions to match new consistent error message format - Fix Go tests that were naively matching JavaScript object properties as YAML keys Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
.github/workflows/archie.lock.yml
Outdated
| if (fieldName.includes("create_code_scanning_alert 'line'")) { | ||
| const MAX_BODY_LENGTH = 65000; | ||
| const MAX_GITHUB_USERNAME_LENGTH = 39; | ||
| const VALIDATION_CONFIG = { |
There was a problem hiding this comment.
@copilot VALIDATON_CONFIG should be part of the Go compiler and use at compile time to generate the safe output tools.json / config.json files. It should NOT be part of the JavaScript code. The entire configuration should be loaded from the config file.
There was a problem hiding this comment.
Moved VALIDATION_CONFIG to Go as the single source of truth in pkg/workflow/safe_output_validation_config.go. The Go compiler now generates validation.json at compile time, which JavaScript loads at runtime. The JavaScript code no longer contains any hardcoded validation config. (2672e21)
- Add pkg/workflow/safe_output_validation_config.go with all validation rules - Add pkg/workflow/safe_output_validation_config_test.go with comprehensive tests - Update mcp_servers.go to write validation.json from Go config - Update collect_ndjson_output.cjs to load from validation.json file - Update safe_output_type_validator.cjs to load config from env var - Fix test setup in collect_ndjson_output.test.cjs to provide validation config - Fix safe_output_type_validator.test.cjs sanitization test assertion The VALIDATION_CONFIG is now part of the Go compiler and generates the validation.json file at compile time. JavaScript code loads this config at runtime instead of having duplicate inline config. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
@copilot Only generate validation info for activated tools in the safe output MCP server to keep validation.json small. Write indented JSON to avoid merge issues. |
…onfig - Upgrade validation config parsing error from warning to error level - Add 'error' mock to safe_output_type_validator tests - Update test assertion to check for error instead of warning Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
- Update GetValidationConfigJSON to accept enabledTypes filter parameter - Extract enabled types from safeOutputConfig in mcp_servers.go - Use json.MarshalIndent for pretty-printed JSON output - Add tests for filtered and unfiltered validation config generation - validation.json now only contains configs for activated safe output types Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Implemented in c798020. |
|
🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request... |
|
📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident... |
|
💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...] |
|
🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰 |
|
🤖 SYSTEM_INIT: Smoke Copilot No Firewall ACTIVATED. PROCESSING pull request. ALL SUBSYSTEMS ONLINE. |
|
@copilot update add-safe-output-type agent.md file with update instructions to add a safe output type and the new validation scheme |
|
Merged PRs:
|
Smoke Test SummaryStatus: PASS ✅ Test Results
|
Smoke Test Results - 2025-11-29T16:58:05ZLast 2 Merged PRs:
Test Results:
Status: PASS
|
safe_output_type_validator.cjswith data-driven validator engineVALIDATION_CONFIGcovering all 18 safe output typesvalidateItem()andvalidateField()functionscollect_ndjson_output.cjsto use the validator enginejs.go)safe_output_validation_config.go)validation.jsonfile at compile time from Go configOriginal prompt
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.
Changeset
Smoke Test Summary
Test Run: 2025-11-29T16:58:05Z
Status: PASS
Summary: All smoke tests passed - GitHub MCP, file writing, bash tools, and Playwright validated