Skip to content

Fix repo-memory glob matching for nested memory files#44215

Merged
pelikhan merged 16 commits into
mainfrom
copilot/discussion-task-miner-fix-repo-memory-persistence-again
Jul 8, 2026
Merged

Fix repo-memory glob matching for nested memory files#44215
pelikhan merged 16 commits into
mainfrom
copilot/discussion-task-miner-fix-repo-memory-persistence-again

Conversation

Copilot AI commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

discussion-task-miner was writing repo-memory state into a subdirectory, but the default repo-memory glob handling treated patterns like *.json and *.md as root-only matches. As a result, nested state files were silently skipped during persistence and the workflow reprocessed the same discussions on every run.

  • Behavior change

    • Update repo-memory glob matching so slashless patterns match basenames anywhere under the artifact root, not just at the top level.
    • This preserves existing directory-scoped patterns like metrics/** while making default extension filters work for nested memory layouts.
  • Repo-memory persistence path

    • Apply the new matching mode in push_repo_memory when evaluating FILE_GLOB_FILTER.
    • Nested files such as discussion-task-miner/processed-discussions.json and discussion-task-miner/latest-run.md are now eligible for persistence under the standard ["*.json", "*.jsonl", "*.csv", "*.md"] filter.
  • Regression coverage

    • Add focused tests for nested basename matching in the shared glob helper.
    • Extend repo-memory tests to cover the discussion-task-miner layout and assert that default extension globs match nested files.
  • Documentation

    • Clarify that slashless repo-memory globs match basenames at any depth within the artifact directory, while still matching relative paths rather than branch names.

Example:

globPatternToRegex("*.json", { matchBasename: true }).test(
  "discussion-task-miner/processed-discussions.json"
);
// true

Generated by 👨‍🍳 PR Sous Chef · 14.3 AIC · ⌖ 7.84 AIC · ⊞ 7.1K ·
Comment /souschef to run again

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix repo-memory persistence issue in discussion-task-miner Fix repo-memory glob matching for nested memory files Jul 8, 2026
Copilot AI requested a review from pelikhan July 8, 2026 06:22
@pelikhan pelikhan marked this pull request as ready for review July 8, 2026 06:32
Copilot AI review requested due to automatic review settings July 8, 2026 06:32

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR’s stated goal is to fix repo-memory glob matching so slashless patterns (e.g. *.json, *.md) match nested files under the artifact root when push_repo_memory evaluates FILE_GLOB_FILTER, preventing nested repo-memory state from being skipped.

Changes (as reflected by the diff provided):

  • Regenerates many GitHub Actions workflow .lock.yml files.
  • Updates embedded MCP gateway JSON configs in those lockfiles (notably adding sink-visibility: "public" to guard-policies.write-sink, plus refreshed heredoc identifiers).
Show a summary per file
File Description
.github/workflows/workflow-normalizer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/workflow-health-manager.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/workflow-generator.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/weekly-safe-outputs-spec-review.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/weekly-issue-summary.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/weekly-blog-post-writer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/unbloat-docs.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/uk-ai-operational-resilience.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/ubuntu-image-analyzer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/tidy.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/terminal-stylist.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/technical-doc-writer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/sub-issue-closer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/step-name-alignment.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/stale-repo-identifier.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/stale-pr-cleanup.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/spec-librarian.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/spec-extractor.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/spec-enforcer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-update-cross-repo-pr.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-project.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-pi.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-otel-backends.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-opencode.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-gemini.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-crush.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-create-cross-repo-pr.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-copilot.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-copilot-arm.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-copilot-aoai-entra.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-copilot-aoai-apikey.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-codex.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-claude-on-copilot.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-ci.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-antigravity.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-agent-public-approved.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/smoke-agent-all-none.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/skillet.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/security-review.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/security-compliance.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/schema-feature-coverage.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/schema-consistency-checker.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/repository-quality-improver.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/repo-audit-analyzer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/refiner.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/refactoring-cadence.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/q.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/pr-triage-agent.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/pr-nitpick-reviewer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/pr-description-caveman.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/pr-code-quality-reviewer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/plan.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/outcome-collector.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/org-health-report.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/objective-impact-report.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/notion-issue-summary.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/necromancer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/metrics-collector.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/mergefest.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/mattpocock-skills-reviewer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/linter-miner.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/layout-spec-maintainer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/jsweep.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/issue-triage-agent.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/issue-arborist.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/instructions-janitor.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/impeccable-skills-reviewer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/hourly-ci-cleaner.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/grumpy-reviewer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/gpclean.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/go-logger.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/glossary-maintainer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/github-remote-mcp-auth-test.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/github-mcp-tools-report.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/github-mcp-structural-analysis.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/functional-pragmatist.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/firewall-escape.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/example-permissions-warning.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/eslint-refiner.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/eslint-miner.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/draft-pr-cleanup.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/discussion-task-miner.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/dictation-prompt.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/dev.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/dev-hawk.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/designer-drift-audit.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/design-decision-gate.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/deployment-incident-monitor.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/dependabot-repair.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/dependabot-go-checker.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/dependabot-burner.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/delight.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/dead-code-remover.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/dataflow-pr-discussion-dataset.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-workflow-updater.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-windows-terminal-integration-builder.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-testify-uber-super-expert.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-team-status.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-spdd-spec-planner.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-semgrep-scan.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-security-red-team.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-security-observability.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-secrets-analysis.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-safeoutputs-git-simulator.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-safe-outputs-conformance.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-safe-output-integrator.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-repo-chronicle.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-regulatory.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-performance-summary.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-observability-report.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-model-resolution.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-model-inventory.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-mcp-concurrency-analysis.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-malicious-code-scan.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-issues-report.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-geo-optimizer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-formal-spec-verifier.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-firewall-report.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-file-diet.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-fact.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-experiment-report.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-doc-updater.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-doc-healer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-compiler-quality.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-community-attribution.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-code-metrics.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-cli-performance.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-choice-test.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-caveman-optimizer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-cache-strategy-analyzer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-assign-issue-to-user.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-ambient-context-optimizer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/craft.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/copilot-session-insights.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/copilot-pr-prompt-analysis.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/copilot-pr-nlp-analysis.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/copilot-opt.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/copilot-cli-deep-research.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/copilot-agent-analysis.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/contribution-check.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/commit-changes-analyzer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/codex-github-remote-mcp-test.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/code-simplifier.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/code-scanning-fixer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/ci-doctor.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/ci-coach.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/breaking-change-checker.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/bot-detection.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/avenger.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/artifacts-summary.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/archie.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/approach-validator.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/ai-moderator.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/agentic-token-optimizer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/agent-performance-analyzer.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).
.github/workflows/ab-testing-advisor.lock.yml Regenerated workflow lockfile; MCP gateway config updated (adds sink-visibility).

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 194/194 changed files
  • Comments generated: 1
  • Review effort level: Low

Comment on lines 781 to 788
"guard-policies": {
"write-sink": {
"accept": [
"*"
]
],
"sink-visibility": "public"
}
}

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The actual code changes are present in the branch — commits cf78248, 57625db (glob helper + matchSubfolderRoot option), 4c80ac6 (compiler/runtime absolute-path rejection), and the accompanying test updates. The lockfile churn has been reverted and the branch now matches main exactly on all .lock.yml files except those that needed recompilation after the main merge.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

PR Code Quality Reviewer completed the code quality review.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #44215 does not have the 'implementation' label and has 0 new lines of code in business logic directories (src/, lib/, pkg/, internal/, app/, core/, domain/, services/, api/).

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Test Quality Sentinel completed test quality analysis.

No test files were added or modified in this PR. Test Quality Sentinel skipped. PR #44215 contains only compiled workflow lock file changes (.lock.yml).

@github-actions github-actions Bot mentioned this pull request Jul 8, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

REQUEST_CHANGES — Two blocking issues found

This PR adds sink-visibility: "public" to 194 lockfiles, but contains two problems that need resolution before merge.

🔍 Blocking issues

1. Unrelated access-control regression in eslint-monster.lock.yml (HIGH)

The required_title_prefix guard on update_issue was silently dropped, allowing the eslint-monster agent to target any repo issue — not just those it owns. This appears to be accidental drift from the lockfile regeneration process, not an intentional policy change. Both the config.json block and the GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG env var need to be restored to include "required_title_prefix":"[eslint-monster] ".

2. PR description vs. changeset mismatch (HIGH)

The PR description promises JS source changes:

  • Updated glob matching in glob_pattern_helpers.cjs so slashless patterns match nested basenames
  • Updated push_repo_memory.cjs to apply the new mode
  • New tests for nested basename matching and discussion-task-miner layout

None of these files appear in the 194-file changeset, which is entirely lockfile regenerations. Either:

  • The implementation is missing and this PR is a partial work-in-progress, or
  • The description was written for a future commit and the PR was opened prematurely

The lockfile sink-visibility changes are fine in isolation, but merging under a description that implies glob logic was fixed is misleading and will leave the actual bug unresolved. Update the PR description to reflect what is actually changed, or add the missing source/test changes.

🔎 Code quality review by PR Code Quality Reviewer · 123.2 AIC · ⌖ 9.4 AIC · ⊞ 5.4K
Comment /review to run again

{"assign_to_agent":{"allowed":["copilot"],"max":3,"target":"*"},"close_issue":{"max":10,"required_title_prefix":"[eslint-monster] ","state_reason":"duplicate"},"create_discussion":{"category":"audits","close_older_discussions":true,"expires":48,"fallback_to_issue":true,"max":1,"title_prefix":"[eslint-monster] "},"create_issue":{"expires":168,"labels":["automation","eslint","cookie"],"max":3,"title_prefix":"[eslint-monster] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"update_issue":{"allow_body":true,"max":10,"required_title_prefix":"[eslint-monster] ","title_prefix":"[eslint-monster] "}}
GH_AW_SAFE_OUTPUTS_CONFIG_eaee126711029267_EOF
cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_a70707033a3aa7b2_EOF'
{"assign_to_agent":{"allowed":["copilot"],"max":3,"target":"*"},"close_issue":{"max":10,"required_title_prefix":"[eslint-monster] ","state_reason":"duplicate"},"create_discussion":{"category":"audits","close_older_discussions":true,"expires":48,"fallback_to_issue":true,"max":1,"title_prefix":"[eslint-monster] "},"create_issue":{"expires":168,"labels":["automation","eslint","cookie"],"max":3,"title_prefix":"[eslint-monster] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"update_issue":{"allow_body":true,"max":10,"title_prefix":"[eslint-monster] "}}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated policy weakening: required_title_prefix removed from update_issue — this silently expands the eslint-monster agent's write scope to any repo issue, not just issues it owns.

💡 Details and impact

The previous policy:

"update_issue":{"allow_body":true,"max":10,"required_title_prefix":"[eslint-monster] ","title_prefix":"[eslint-monster] "}

The new policy:

"update_issue":{"allow_body":true,"max":10,"title_prefix":"[eslint-monster] "}

required_title_prefix is the guard that restricts which issues may be targeted. title_prefix only controls what prefix is stamped on writes. Without the guard, the agent can call update_issue on any issue in the repository. This change is unrelated to the stated repo-memory glob fix and appears to be accidental policy drift introduced during lockfile regeneration.

The same removal is duplicated in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG at line 1750.

Restore "required_title_prefix":"[eslint-monster] " in both locations, or open a dedicated PR that explicitly describes and justifies this access expansion.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The required_title_prefix absence in update_issue for eslint-monster is a pre-existing condition in maingit diff origin/main -- .github/workflows/eslint-monster.lock.yml is empty. This PR did not introduce that change; the lockfiles were reverted to match main exactly.

{"assign_to_agent":{"allowed":["copilot"],"max":3,"target":"*"},"close_issue":{"max":10,"required_title_prefix":"[lint-monster] ","state_reason":"duplicate"},"create_discussion":{"category":"audits","close_older_discussions":true,"expires":48,"fallback_to_issue":true,"max":1,"title_prefix":"[lint-monster] "},"create_issue":{"expires":168,"labels":["automation","lint","cookie"],"max":3,"title_prefix":"[lint-monster] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"update_issue":{"allow_body":true,"max":10,"required_title_prefix":"[lint-monster] ","title_prefix":"[lint-monster] "}}
GH_AW_SAFE_OUTPUTS_CONFIG_0caeba2ce3ff905f_EOF
cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_77a7106ac1879fb2_EOF'
{"assign_to_agent":{"allowed":["copilot"],"max":3,"target":"*"},"close_issue":{"max":10,"required_title_prefix":"[lint-monster] ","state_reason":"duplicate"},"create_discussion":{"category":"audits","close_older_discussions":true,"expires":48,"fallback_to_issue":true,"max":1,"title_prefix":"[lint-monster] "},"create_issue":{"expires":168,"labels":["automation","lint","cookie"],"max":3,"title_prefix":"[lint-monster] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"update_issue":{"allow_body":true,"max":10,"title_prefix":"[lint-monster] "}}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same access-control regression as eslint-monster: required_title_prefix guard removed from update_issue — lint-monster can now call update_issue on any repo issue, not just its own.

💡 Details and impact

Previous policy had:

"update_issue":{"allow_body":true,"max":10,"required_title_prefix":"[lint-monster] ","title_prefix":"[lint-monster] "}

New policy:

"update_issue":{"allow_body":true,"max":10,"title_prefix":"[lint-monster] "}

required_title_prefix is the target guard — it restricts which issues the agent may edit. Without it, any issue in the repo is a valid target. The same drop is duplicated in the inline GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG env var at line 1745.

This affects both lint-monster and eslint-monster identically, suggesting it is a systematic regression introduced by whatever tooling regenerated these lockfiles. Restore "required_title_prefix":"[lint-monster] " in both locations.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above for lint-monstergit diff origin/main -- .github/workflows/lint-monster.lock.yml is empty. The missing required_title_prefix in update_issue is a pre-existing condition in main, not introduced by this PR.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Summary

/diagnosing-bugs + /tdd applied — requesting changes.

📋 What was found

The PR description is an excellent, well-structured bug analysis. However, after inspecting the diff, all 194 changed files are generated .lock.yml files (uniformly adding sink-visibility: "public" to MCP gateway configs). The source-code fix described in the PR body — matchBasename support in glob_pattern_helpers.cjs, the wiring in push_repo_memory.cjs, regression tests, and docs — is not present.

The silent-skip bug (discussion-task-miner/processed-discussions.json failing to match *.json) remains unresolved in this branch.

What still needs to land

  1. actions/setup/js/glob_pattern_helpers.cjs — Add a matchBasename option to globPatternToRegex so that slashless patterns (e.g. *.json) match on the basename of any nested path.
  2. actions/setup/js/push_repo_memory.cjs — At the FILE_GLOB_FILTER evaluation site (line ~308), detect slashless patterns and pass { matchBasename: true } (or test against path.basename(normalizedRelPath)).
  3. actions/setup/js/glob_pattern_helpers.test.cjs — Add a test: globPatternToRegex("*.json", { matchBasename: true }).test("discussion-task-miner/processed-discussions.json")true.
  4. actions/setup/js/push_repo_memory.test.cjs — Add an end-to-end scenario where the artifact directory has discussion-task-miner/processed-discussions.json and the default filter "*.json *.jsonl *.csv *.md" accepts it.
  5. Docs — Update docs/src/content/docs/reference/repo-memory.md to note that slashless patterns match basenames at any depth.

⚠️ There is also an existing test in glob_pattern_helpers.test.cjs line 358 that asserts the opposite of the intended fix (dir/history.jsonl should NOT match *.jsonl). Once matchBasename is added, that assertion will need to be updated to use the new option explicitly.

@copilot please address the review comments above.

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 161.4 AIC · ⌖ 7.54 AIC · ⊞ 6.6K ·
Comment /matt to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skills-Based Review 🧠

Applied /diagnosing-bugs and /tdd — requesting changes because the described fix is missing from the diff.

📋 Key Themes

Critical Gap

  • All 194 changed files are generated lock files (adding sink-visibility: "public" to the MCP gateway config). Zero source-code changes are present.
  • The described matchBasename fix does not exist in this PR. glob_pattern_helpers.cjs, push_repo_memory.cjs, and any new tests were not modified.
  • As a result, discussion-task-miner/processed-discussions.json still cannot match *.json via FILE_GLOB_FILTER, and the silent-skip bug is unresolved.

Positive Highlights

  • ✅ The PR body is an excellent bug analysis — root cause, fix plan, regression-test plan, and documentation intent are all clearly stated.
  • ✅ The lock file regeneration itself looks mechanically correct (consistent sink-visibility: "public" addition across all files).

What still needs to land

  1. actions/setup/js/glob_pattern_helpers.cjs — add matchBasename option to globPatternToRegex
  2. actions/setup/js/push_repo_memory.cjs — pass { matchBasename: true } for slashless patterns in FILE_GLOB_FILTER
  3. actions/setup/js/glob_pattern_helpers.test.cjs — add tests asserting *.json matches discussion-task-miner/processed-discussions.json with matchBasename: true
  4. actions/setup/js/push_repo_memory.test.cjs — end-to-end test that the discussion-task-miner nested layout passes the filter
  5. Docs update clarifying slashless repo-memory globs match basenames at any depth

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 161.4 AIC · ⌖ 7.54 AIC · ⊞ 6.6K
Comment /matt to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The core glob fix described in the PR body is not implemented in the current changeset.

The PR states:

Update repo-memory glob matching so slashless patterns match basenames anywhere under the artifact root

But glob_pattern_helpers.cjs does not implement a matchBasename option, and push_repo_memory.cjs line 308 calls globPatternToRegex(pattern) with no special option. The regex for *.json is still ^[^/]*\.json$ — anchored at root — so discussion-task-miner/processed-discussions.json will still not match and will still be silently skipped on every run.

What the diff actually contains:

  • All 194 lock files updated with sink-visibility: "public" added to write-sink config
  • eslint-monster.lock.yml: required_title_prefix removed from update_issue (aligns lock to source)
  • New files glob_pattern_helpers.cjs, push_repo_memory.cjs, discussion-task-miner.md, and test files — added to the repo, but without the claimed nested-basename matching logic

Fix required: Either (a) add matchBasename support to globPatternToRegex() so slashless patterns test against path.basename(filePath), or (b) update push_repo_memory.cjs to apply basename matching when a pattern contains no /. The discussion-task-miner.md workflow also needs file-glob patterns that actually work (e.g. **/*.json) until the basename fix is shipped.

🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 293.3 AIC · ⌖ 6.42 AIC · ⊞ 4.8K

@pelikhan

pelikhan commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

@copilot non recursive globs must match the root of the memory subfolder

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address these unresolved review threads, and rerun checks once the branch is up to date:

Generated by 👨‍🍳 PR Sous Chef · 14.3 AIC · ⌖ 7.84 AIC · ⊞ 7.1K ·
Comment /souschef to run again

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
@pelikhan

pelikhan commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

@copilot ensure extensive logging about files and filtered out files

…ilter decisions

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

@copilot ensure extensive logging about files and filtered out files

Done in commit feat(push_repo_memory): add extensive per-file logging for scan and filter decisions.

The scan now logs at every decision point:

  • Patterns are compiled once and each is logged with its derived regex
  • Every directory traversed: [dir] discussion-task-miner/
  • Every file/pattern test: [test] discussion-task-miner/processed-discussions.json pattern[1] "*.json" -> ✓ match
  • Accepted files: [keep] discussion-task-miner/processed-discussions.json (1234 bytes)
  • Filtered-out files: [skip] discussion-task-miner/archive/old.log (no pattern matched)
  • Post-scan summary: Scan complete: 2 file(s) accepted, 1 file(s) filtered out with a full list of filtered-out paths

@pelikhan

pelikhan commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

@copilot update specifications and documentation

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

@copilot update specifications and documentation

Done in commit docs: update repo-memory glob matching specs and documentation.

  • docs/reference/repo-memory.md: Replaced the single "Note" with a structured File Glob Matching Rules section covering depth-1-only semantics for slashless patterns, full-path matching for slash-containing patterns, and rejection of absolute paths. Added a concrete example using the discussion-task-miner layout.
  • docs/reference/frontmatter-full.md: Replaced the misleading '**/*.md', 'docs/**/*.json' example in the file-glob comment with accurate descriptions of slashless vs. slash-containing pattern semantics and the absolute-path rejection.
  • pkg/workflow/README.md: Added validateFileGlobPatterns to the Validation Functions table.

@pelikhan

pelikhan commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

…ages

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

@copilot lint go https://github.com/github/gh-aw/actions/runs/28944487517/job/85874708402?pr=44215

Fixed in the latest commit. All 6 error messages in repo_memory_validation.go now include Example: sections, bringing the file to 100% compliance and the overall score to 80% (meets the threshold).

@pelikhan pelikhan merged commit 03ef782 into main Jul 8, 2026
37 checks passed
@pelikhan pelikhan deleted the copilot/discussion-task-miner-fix-repo-memory-persistence-again branch July 8, 2026 13:58
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🎉 This pull request is included in a new release.

Release: v0.82.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

discussion-task-miner: repo-memory never persists — Step 1/6 write to a subdirectory excluded by the default file-glob

4 participants