From fe289a3b55064ee48b417932ae7156c39206be38 Mon Sep 17 00:00:00 2001 From: Alan Jowett Date: Tue, 14 Apr 2026 09:35:40 -0700 Subject: [PATCH 1/2] Fix investigate-security protocol mismatch breaking CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove inline YAML comment from investigate-security.md frontmatter that the lightweight YAML parsers were not stripping, causing 'exhaustive-path-tracing' to be parsed as 'exhaustive-path-tracing # optional — apply selectively to parser/decoder functions'. Also harden both validate-manifest.py and validate-graph-integrity.py to strip inline YAML comments from list items, preventing similar issues in the future. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- templates/investigate-security.md | 2 +- tests/validate-graph-integrity.py | 9 ++++++--- tests/validate-manifest.py | 7 ++++++- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/templates/investigate-security.md b/templates/investigate-security.md index cf57c3c..b36e079 100644 --- a/templates/investigate-security.md +++ b/templates/investigate-security.md @@ -14,7 +14,7 @@ protocols: - guardrails/operational-constraints - guardrails/adversarial-falsification - analysis/security-vulnerability - - reasoning/exhaustive-path-tracing # optional — apply selectively to parser/decoder functions + - reasoning/exhaustive-path-tracing taxonomies: - stack-lifetime-hazards format: investigation-report diff --git a/tests/validate-graph-integrity.py b/tests/validate-graph-integrity.py index 2c27577..748bb19 100644 --- a/tests/validate-graph-integrity.py +++ b/tests/validate-graph-integrity.py @@ -78,9 +78,12 @@ def _parse_template_frontmatter(text: str) -> dict[str, object] | None: if indent > 0: # Still collect multi-line list items at indent 2 if current_list_field and stripped.startswith("- "): - result[current_list_field].append( - stripped[2:].strip().strip("'\"") - ) + val = stripped[2:].strip().strip("'\"") + # Strip inline YAML comments + comment_match = re.match(r"^([^#]+?)\s+#", val) + if comment_match: + val = comment_match.group(1).strip().strip("'\"") + result[current_list_field].append(val) elif stripped and current_list_field and not stripped.startswith("#"): current_list_field = None continue diff --git a/tests/validate-manifest.py b/tests/validate-manifest.py index e3da1ff..559e2b9 100644 --- a/tests/validate-manifest.py +++ b/tests/validate-manifest.py @@ -47,7 +47,12 @@ def parse_yaml_frontmatter(text: str) -> dict[str, object] | None: continue if in_protocols: if stripped.startswith("- "): - protocols.append(stripped[2:].strip().strip("'\"")) + val = stripped[2:].strip().strip("'\"") + # Strip inline YAML comments + comment_match = re.match(r"^([^#]+?)\s+#", val) + if comment_match: + val = comment_match.group(1).strip().strip("'\"") + protocols.append(val) else: in_protocols = False return {"protocols": protocols} From b57a30c07316778e61c031be8b40d8be309c7ce3 Mon Sep 17 00:00:00 2001 From: Alan Jowett Date: Tue, 14 Apr 2026 09:47:19 -0700 Subject: [PATCH 2/2] Use re.split for YAML comment stripping to preserve # in values Address PR review feedback: replace regex that treats any # as a comment delimiter with re.split(r'\s+#', ...) which only strips # when preceded by whitespace, matching YAML comment semantics. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- tests/validate-graph-integrity.py | 6 ++---- tests/validate-manifest.py | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/validate-graph-integrity.py b/tests/validate-graph-integrity.py index 748bb19..e67da06 100644 --- a/tests/validate-graph-integrity.py +++ b/tests/validate-graph-integrity.py @@ -79,10 +79,8 @@ def _parse_template_frontmatter(text: str) -> dict[str, object] | None: # Still collect multi-line list items at indent 2 if current_list_field and stripped.startswith("- "): val = stripped[2:].strip().strip("'\"") - # Strip inline YAML comments - comment_match = re.match(r"^([^#]+?)\s+#", val) - if comment_match: - val = comment_match.group(1).strip().strip("'\"") + # Strip inline YAML comments only when `#` follows whitespace + val = re.split(r"\s+#", val, maxsplit=1)[0].strip().strip("'\"") result[current_list_field].append(val) elif stripped and current_list_field and not stripped.startswith("#"): current_list_field = None diff --git a/tests/validate-manifest.py b/tests/validate-manifest.py index 559e2b9..e0a5916 100644 --- a/tests/validate-manifest.py +++ b/tests/validate-manifest.py @@ -48,10 +48,8 @@ def parse_yaml_frontmatter(text: str) -> dict[str, object] | None: if in_protocols: if stripped.startswith("- "): val = stripped[2:].strip().strip("'\"") - # Strip inline YAML comments - comment_match = re.match(r"^([^#]+?)\s+#", val) - if comment_match: - val = comment_match.group(1).strip().strip("'\"") + # Strip inline YAML comments only when '#' is preceded by whitespace. + val = re.split(r"\s+#", val, maxsplit=1)[0].strip().strip("'\"") protocols.append(val) else: in_protocols = False