fix: anchor catalog type extraction regex to export block#1112
fix: anchor catalog type extraction regex to export block#1112
Conversation
The catalog population regex matched the first `type: "..."` anywhere
in a model source file instead of the one inside `export const model`.
In issue_lifecycle.ts, `type: "feature"` on line 81 (inside a helper
function call) was matched before the actual `type: "@si/issue-lifecycle"`
on line 113, permanently poisoning the catalog and making the model
undiscoverable.
Fix both the type and version regexes to anchor on the
`export const (model|extension) = {` block. Add a regression test
with a decoy `type:` property before the export block.
Also add Phase 0 (Environment Setup) to the issue-lifecycle skill for
worktree initialization and SWAMP_MODELS_DIR guidance in scratch repos.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
CI Security Review
Critical / High
None.
Medium
None.
Low
None.
Verdict
PASS — The only workflow change is downgrading Node.js from v24 to v22 in the skill-trigger-eval job (ci.yml:165). This is security-neutral — no changes to triggers, permissions, secrets handling, action pins, prompt templates, or tool scoping.
There was a problem hiding this comment.
CI Security Review
Critical / High
None.
Medium
None.
Low
None.
Verdict
PASS — The only workflow change is adding NODE_OPTIONS: "--experimental-require-module" as an environment variable to the skill-trigger-eval job (line 170). This is a benign Node.js runtime flag with no security implications. No new triggers, permissions, expression interpolations, or third-party actions were introduced. The remaining changes are to skill documentation and domain logic source files, which are outside the CI security review scope.
promptfoo's transitive dep @asamuzakjp/css-color@5.1.5 (via jsdom) uses top-level await, breaking Node's require(). Pass the flag through Deno.Command env so the npx subprocess can load it.
Version 5.1.5 uses top-level await in its ESM entry, which Node cannot require() (ERR_REQUIRE_ASYNC_MODULE). Write a temporary package.json with overrides to pin the working version.
npx -y ignores local package.json overrides, so the css-color pin had no effect. Switch to npm install + local npx to enforce the @asamuzakjp/css-color@5.1.4 override.
Node 22+ rejects require() of ESM modules with top-level await (ERR_REQUIRE_ASYNC_MODULE). promptfoo's transitive dep chain jsdom → @asamuzakjp/css-color@5.1.5 triggers this. Node 20 LTS does not have this restriction. Reverts script changes and just pins the CI node version.
There was a problem hiding this comment.
CI Security Review
Critical / High
None.
Medium
None.
Low
None.
Verdict
PASS — The only workflow change is pinning Node.js from v24 to v20 LTS in the skill-trigger-eval job (.github/workflows/ci.yml:165-168). This is a security-neutral version pin change with no impact on triggers, permissions, secrets, expression interpolation, or tool scoping.
2 participants
Summary
Fixes #1110
/type\s*:\s*["']([^"']+)["']/matched the firsttype: "..."anywhere in a model source file. Inissue_lifecycle.ts,type: "feature"on line 81 (inside asc.ensureIssue()call) was matched before the actualtype: "@si/issue-lifecycle"on line 113, permanently poisoning the extension catalog.export const (model|extension) = {block using/export\s+const\s+(?:model|extension)\s*=\s*\{[\s\S]*?type\s*:\s*["']([^"']+)["']/type:property before the export blockSWAMP_MODELS_DIRguidance in scratch reposTest Plan
catalog extracts type from export block, not from decoy propertiespassesdeno checkpassesdeno lintclean (pre-existing worktree issues only)deno fmtcleanmodel create @si/issue-lifecycle, confirmed catalog stores@si/issue-lifecycle(notfeature), subsequent commands work without clearing catalog🤖 Generated with Claude Code