fix: PR fingerprint check blocks plain-text mentions of Cursor/Copilot#279
Merged
c-vigo merged 4 commits intorelease/0.3.0from Mar 12, 2026
Merged
fix: PR fingerprint check blocks plain-text mentions of Cursor/Copilot#279c-vigo merged 4 commits intorelease/0.3.0from
c-vigo merged 4 commits intorelease/0.3.0from
Conversation
Tests cover: - allow_patterns loading from TOML - plain-prose name mentions pass through (the false-positive repro) - attribution-context phrases still blocked - allow_patterns stripping before name matching - email matching stays unconditional Refs: #274
load_blocklist now loads allow_patterns from the TOML as compiled regexes. contains_agent_fingerprint strips allow_patterns matches before checking and only flags names on lines containing attribution phrases (authored/generated/created/powered by, bot, agent, etc.). Emails and trailers keep their existing matching behaviour. Refs: #274
There was a problem hiding this comment.
Pull request overview
Adjusts the PR title/body AI-agent fingerprint detection used by check-pr-agent-fingerprints to avoid false positives from plain-prose mentions of tool names (e.g., “Cursor”, “Copilot”), and activates the previously-configured allow_patterns support from the blocklist TOML.
Changes:
- Load
allow_patternsfromagent-blocklist.tomland apply them by stripping known-safe text before scanning. - Restrict
namesmatching to lines that appear to be attribution/agent-identity context (instead of scanning the entire content). - Add unit tests covering allow-pattern loading/stripping and attribution-vs-prose behavior; add changelog entry for the fix.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| packages/vig-utils/src/vig_utils/utils.py | Loads/uses allow_patterns and narrows name matching to attribution-context lines via a new regex. |
| packages/vig-utils/tests/test_utils.py | Adds tests to prevent regressions for plain-prose mentions and verify allow-pattern stripping behavior. |
| CHANGELOG.md | Documents the fix under the current release’s “Fixed” section. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The validate-commit-msg step ran without --blocked-patterns, falling through to a hardcoded fallback that does not apply attribution-context filtering. Pass the canonical blocklist so the fixed code path is used. Skipping TDD: CI workflow config change, not unit-testable. Refs: #274
The standalone words "bot", "agent", "assistant" triggered false positives when they appeared in compound terms like "check-pr-agent-fingerprints" on a line that also mentioned a blocked name. Restrict the context regex to explicit "X by" phrases which are specific enough to catch genuine attribution. Refs: #274
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The PR fingerprint check (
check-pr-agent-fingerprints) produces false positives when normal prose mentions AI tool names like "Cursor" or "Copilot". The root cause is case-insensitive substring matching ofnamesagainst the entire PR title+body.This PR narrows name matching to attribution-context lines only and wires up the previously unused
allow_patternsfromagent-blocklist.toml.Type of Change
feat-- New featurefix-- Bug fixdocs-- Documentation onlychore-- Maintenance task (deps, config, etc.)refactor-- Code restructuring (no behavior change)test-- Adding or updating testsci-- CI/CD pipeline changesbuild-- Build system or dependency changesrevert-- Reverts a previous commitstyle-- Code style (formatting, whitespace)Modifiers
!) -- This change breaks backward compatibilityChanges Made
packages/vig-utils/src/vig_utils/utils.pyload_blocklist: now loadsallow_patternsfrom TOML as compiled regexescontains_agent_fingerprint: stripsallow_patternsmatches from content before checking; restrictsnamesmatching to lines containing attribution-context phrases (authored by,generated by,powered by,bot,agent, etc.)_ATTRIBUTION_CONTEXT_REcompiled regexpackages/vig-utils/tests/test_utils.pyTestAgentBlocklistHelpers: allow_patterns loading, plain-prose pass-through, attribution-context blocking, allow_patterns stripping, combined stripping+attribution, email unconditional matchingCHANGELOG.md### Fixedin[0.3.0]Changelog Entry
Fixed
contains_agent_fingerprintnow restricts name matching to attribution-context lines (e.g. "generated by", "authored by") instead of scanning the entire contentallow_patternsfromagent-blocklist.tomlto strip known-safe text (dotfile paths, doc filenames) before checkingTesting
just test)Manual Testing Details
N/A
Checklist
docs/templates/, then runjust docs)CHANGELOG.mdin the[Unreleased]section (and pasted the entry above)Additional Notes
N/A
Refs: #221, #274