تشغيل أي مهارة في Manus بنقرة واحدة

ابدأ الآن

error-pattern-safety

النجوم٤٬٦٧٨

التفرعات٤٢٥

آخر تحديث١٢ مايو ٢٠٢٦ في ٢٢:٤٥

Apply safe error-pattern matching rules for agentic engines.

التثبيت

التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.

تشغيل في Manus

المصدر

github

github/gh-aw

فتح مستودع GitHub عرض مستودعات المنشئ

تنزيل

تشغيل في Manus

المهن ذات الصلةSOC

استنادا إلى تصنيف SOC المهني

محللو أمن المعلوماتمهن الحاسوب والرياضيات·SOC 15-1212

SKILL.md

readonly

name	error-pattern-safety
description	Apply safe error-pattern matching rules for agentic engines.

Error Pattern Safety Guidelines

Use these regex safety rules in agentic engines to prevent JavaScript infinite loops.

The Problem

With the JavaScript global flag (/pattern/g), zero-width matches can cause infinite loops because:

JavaScript's regex.exec() with the g flag uses lastIndex to track position
When a pattern matches zero-width, lastIndex doesn't advance
The same position is matched repeatedly, causing an infinite loop

Dangerous Pattern Examples

❌ NEVER USE THESE PATTERNS:

// Pure .* - matches everything including empty string at end
/.*/g

// Single character with * - matches zero or more (including zero)
/a*/g

// Patterns that can match empty string
/(x|y)*/g

Safe Pattern Examples

✅ ALWAYS USE PATTERNS LIKE THESE:

// Required prefix before .*
/error.*/gi
/error.*permission.*denied/gi

// Specific structure with required content
/\[(\d{4}-\d{2}-\d{2})\]\s+(ERROR):\s+(.+)/g

// Required characters throughout
/access denied.*user.*not authorized/gi

Pattern Safety Rules

Always require at least one character match
- Use .+ instead of .* when you need "something"
- Ensure pattern has required prefix/suffix
Never use bare .* as the entire pattern
- Always combine with required text: error.*
- Never just .* or .*?

Test patterns against empty string

const regex = /your-pattern/g;
if (regex.test("")) {
  throw new Error("Pattern matches empty string - DANGEROUS!");
}

Use specific anchors when possible
- Start: ^error.*
- End: .*error$
- Word boundaries: \berror\b

Validation Tests

All error patterns must pass these tests:

Go Tests (pkg/workflow/engine_error_patterns_infinite_loop_test.go)

// Test that pattern doesn't match empty string
func TestPatternSafety(t *testing.T) {
    pattern := "your-pattern"
    regex := regexp.MustCompile(pattern)
    
    if regex.MatchString("") {
        t.Error("Pattern matches empty string!")
    }
}

JavaScript Tests (pkg/workflow/js/validate_errors.test.cjs)

test("should not match empty string", () => {
  const regex = new RegExp("your-pattern", "g");
  expect(regex.test("")).toBe(false);
});

Safety Mechanisms in validate_errors.cjs

The validate_errors.cjs script has built-in protections:

Zero-width detection: Checks if regex.lastIndex stops advancing
Iteration warning: Warns at 1000 iterations
Hard limit: Stops at 10,000 iterations to prevent hang

// Safety check in validate_errors.cjs
if (regex.lastIndex === lastIndex) {
  core.error(`Infinite loop detected! Pattern: ${pattern.pattern}`);
  break;
}

Adding New Error Patterns

When adding new error patterns to engines:

Write the pattern with required content

{
    Pattern:      `(?i)error.*permission.*denied`,
    LevelGroup:   0,
    MessageGroup: 0,
    Description:  "Permission denied error",
}

Test against empty string
- Run: make test-unit
- Checks: TestAllEnginePatternsSafe
Test with actual log samples
- Ensure it matches real errors
- Ensure it doesn't match informational text
Document the pattern
- Add clear description
- Note what it's designed to catch

Pattern Conversion: Go to JavaScript

Patterns are converted from Go to JavaScript:

// Go pattern (case-insensitive flag)
Pattern: `(?i)error.*permission.*denied`

// Converted to JavaScript
new RegExp("error.*permission.*denied", "gi")

The (?i) prefix is removed because JavaScript uses the i flag instead.

Examples from Current Codebase

✅ Safe Patterns

// Requires "error" prefix
Pattern: `(?i)error.*permission.*denied`

// Requires specific timestamp format
Pattern: `(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z)\s+\[(ERROR)\]\s+(.+)`

// Requires "access denied" prefix
Pattern: `(?i)access denied.*user.*not authorized`

How to Fix Unsafe Patterns

If you find a pattern that matches empty string:

Before (unsafe):

Pattern: `.*error.*`  // Can match empty at start/end

After (safe):

Pattern: `error.*`     // Requires "error" at start
// OR
Pattern: `.*error.+`   // Requires "error" and at least one char after
// OR
Pattern: `\berror\b.*` // Requires word "error"

Testing Checklist

Before committing pattern changes:

Run make test-unit
Check TestAllEnginePatternsSafe passes
Check TestErrorPatternsNoInfiniteLoopPotential passes
Run JavaScript tests: cd pkg/workflow/js && npm test
Verify pattern matches intended error messages
Verify pattern doesn't match informational text

References

Go regex syntax: https://pkg.go.dev/regexp/syntax
JavaScript regex: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions
Test files:
- pkg/workflow/engine_error_patterns_infinite_loop_test.go
- pkg/workflow/js/validate_errors.test.cjs
- pkg/workflow/error_pattern_tuning_test.go

المزيد من هذا المستودع

نفس المستودع

agentic-workflow-designer

github/gh-aw

Conversational skill that interviews users to design new agentic workflows

2026-06-194.7k

agentic-workflows

github/gh-aw

Route gh-aw workflow design/create/debug/upgrade requests to the right prompts.

2026-06-134.7k

optimize-agentic-workflow

github/gh-aw

Analyze and reduce token consumption in agentic workflows — guardrail-specific entry points, measurement, and optimization techniques.

2026-06-134.7k

http-mcp-headers

github/gh-aw

Implement secret-safe HTTP headers for MCP transport in gh-aw.

2026-06-124.7k

checkout-credential-review

github/gh-aw

Review code that performs git or gh operations against repository checkouts in gh-aw, checking that the right credentials are available at the right time and that sparseness, shallowness and credential-free factors are properly considered.

2026-06-094.7k

copilot-review

github/gh-aw

Teach Copilot how to plan, address, and respond to pull request review feedback.

2026-06-094.7k

name	error-pattern-safety
description	Apply safe error-pattern matching rules for agentic engines.

Error Pattern Safety Guidelines

Use these regex safety rules in agentic engines to prevent JavaScript infinite loops.

The Problem

With the JavaScript global flag (/pattern/g), zero-width matches can cause infinite loops because:

JavaScript's regex.exec() with the g flag uses lastIndex to track position
When a pattern matches zero-width, lastIndex doesn't advance
The same position is matched repeatedly, causing an infinite loop

Dangerous Pattern Examples

❌ NEVER USE THESE PATTERNS:

// Pure .* - matches everything including empty string at end
/.*/g

// Single character with * - matches zero or more (including zero)
/a*/g

// Patterns that can match empty string
/(x|y)*/g

Safe Pattern Examples

✅ ALWAYS USE PATTERNS LIKE THESE:

// Required prefix before .*
/error.*/gi
/error.*permission.*denied/gi

// Specific structure with required content
/\[(\d{4}-\d{2}-\d{2})\]\s+(ERROR):\s+(.+)/g

// Required characters throughout
/access denied.*user.*not authorized/gi

Pattern Safety Rules

Always require at least one character match
- Use .+ instead of .* when you need "something"
- Ensure pattern has required prefix/suffix
Never use bare .* as the entire pattern
- Always combine with required text: error.*
- Never just .* or .*?

Test patterns against empty string

const regex = /your-pattern/g;
if (regex.test("")) {
  throw new Error("Pattern matches empty string - DANGEROUS!");
}

Use specific anchors when possible
- Start: ^error.*
- End: .*error$
- Word boundaries: \berror\b

Validation Tests

All error patterns must pass these tests:

Go Tests (pkg/workflow/engine_error_patterns_infinite_loop_test.go)

// Test that pattern doesn't match empty string
func TestPatternSafety(t *testing.T) {
    pattern := "your-pattern"
    regex := regexp.MustCompile(pattern)
    
    if regex.MatchString("") {
        t.Error("Pattern matches empty string!")
    }
}

JavaScript Tests (pkg/workflow/js/validate_errors.test.cjs)

test("should not match empty string", () => {
  const regex = new RegExp("your-pattern", "g");
  expect(regex.test("")).toBe(false);
});

Safety Mechanisms in validate_errors.cjs

The validate_errors.cjs script has built-in protections:

Zero-width detection: Checks if regex.lastIndex stops advancing
Iteration warning: Warns at 1000 iterations
Hard limit: Stops at 10,000 iterations to prevent hang

// Safety check in validate_errors.cjs
if (regex.lastIndex === lastIndex) {
  core.error(`Infinite loop detected! Pattern: ${pattern.pattern}`);
  break;
}

Adding New Error Patterns

When adding new error patterns to engines:

Write the pattern with required content

{
    Pattern:      `(?i)error.*permission.*denied`,
    LevelGroup:   0,
    MessageGroup: 0,
    Description:  "Permission denied error",
}

Test against empty string
- Run: make test-unit
- Checks: TestAllEnginePatternsSafe
Test with actual log samples
- Ensure it matches real errors
- Ensure it doesn't match informational text
Document the pattern
- Add clear description
- Note what it's designed to catch

Pattern Conversion: Go to JavaScript

Patterns are converted from Go to JavaScript:

// Go pattern (case-insensitive flag)
Pattern: `(?i)error.*permission.*denied`

// Converted to JavaScript
new RegExp("error.*permission.*denied", "gi")

The (?i) prefix is removed because JavaScript uses the i flag instead.

Examples from Current Codebase

✅ Safe Patterns

// Requires "error" prefix
Pattern: `(?i)error.*permission.*denied`

// Requires specific timestamp format
Pattern: `(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z)\s+\[(ERROR)\]\s+(.+)`

// Requires "access denied" prefix
Pattern: `(?i)access denied.*user.*not authorized`

How to Fix Unsafe Patterns

If you find a pattern that matches empty string:

Before (unsafe):

Pattern: `.*error.*`  // Can match empty at start/end

After (safe):

Pattern: `error.*`     // Requires "error" at start
// OR
Pattern: `.*error.+`   // Requires "error" and at least one char after
// OR
Pattern: `\berror\b.*` // Requires word "error"

Testing Checklist

Before committing pattern changes:

Run make test-unit
Check TestAllEnginePatternsSafe passes
Check TestErrorPatternsNoInfiniteLoopPotential passes
Run JavaScript tests: cd pkg/workflow/js && npm test
Verify pattern matches intended error messages
Verify pattern doesn't match informational text

References

Go regex syntax: https://pkg.go.dev/regexp/syntax
JavaScript regex: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions
Test files:
- pkg/workflow/engine_error_patterns_infinite_loop_test.go
- pkg/workflow/js/validate_errors.test.cjs
- pkg/workflow/error_pattern_tuning_test.go