Menu
Apply safe error-pattern matching rules for agentic engines.
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Basé sur la classification professionnelle SOC
Conversational skill that interviews users to design new agentic workflows
Route gh-aw workflow design/create/debug/upgrade requests to the right prompts.
Analyze and reduce token consumption in agentic workflows — guardrail-specific entry points, measurement, and optimization techniques.
Implement secret-safe HTTP headers for MCP transport in gh-aw.
Review code that performs git or gh operations against repository checkouts in gh-aw, checking that the right credentials are available at the right time and that sparseness, shallowness and credential-free factors are properly considered.
Teach Copilot how to plan, address, and respond to pull request review feedback.
| name | error-pattern-safety |
| description | Apply safe error-pattern matching rules for agentic engines. |
Use these regex safety rules in agentic engines to prevent JavaScript infinite loops.
With the JavaScript global flag (/pattern/g), zero-width matches can cause infinite loops because:
regex.exec() with the g flag uses lastIndex to track positionlastIndex doesn't advance❌ NEVER USE THESE PATTERNS:
// Pure .* - matches everything including empty string at end
/.*/g
// Single character with * - matches zero or more (including zero)
/a*/g
// Patterns that can match empty string
/(x|y)*/g
✅ ALWAYS USE PATTERNS LIKE THESE:
// Required prefix before .*
/error.*/gi
/error.*permission.*denied/gi
// Specific structure with required content
/\[(\d{4}-\d{2}-\d{2})\]\s+(ERROR):\s+(.+)/g
// Required characters throughout
/access denied.*user.*not authorized/gi
Always require at least one character match
.+ instead of .* when you need "something"Never use bare .* as the entire pattern
error.*.* or .*?Test patterns against empty string
const regex = /your-pattern/g;
if (regex.test("")) {
throw new Error("Pattern matches empty string - DANGEROUS!");
}
Use specific anchors when possible
^error.*.*error$\berror\bAll error patterns must pass these tests:
// Test that pattern doesn't match empty string
func TestPatternSafety(t *testing.T) {
pattern := "your-pattern"
regex := regexp.MustCompile(pattern)
if regex.MatchString("") {
t.Error("Pattern matches empty string!")
}
}
test("should not match empty string", () => {
const regex = new RegExp("your-pattern", "g");
expect(regex.test("")).toBe(false);
});
The validate_errors.cjs script has built-in protections:
regex.lastIndex stops advancing// Safety check in validate_errors.cjs
if (regex.lastIndex === lastIndex) {
core.error(`Infinite loop detected! Pattern: ${pattern.pattern}`);
break;
}
When adding new error patterns to engines:
Write the pattern with required content
{
Pattern: `(?i)error.*permission.*denied`,
LevelGroup: 0,
MessageGroup: 0,
Description: "Permission denied error",
}
Test against empty string
make test-unitTestAllEnginePatternsSafeTest with actual log samples
Document the pattern
Patterns are converted from Go to JavaScript:
// Go pattern (case-insensitive flag)
Pattern: `(?i)error.*permission.*denied`
// Converted to JavaScript
new RegExp("error.*permission.*denied", "gi")
The (?i) prefix is removed because JavaScript uses the i flag instead.
// Requires "error" prefix
Pattern: `(?i)error.*permission.*denied`
// Requires specific timestamp format
Pattern: `(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z)\s+\[(ERROR)\]\s+(.+)`
// Requires "access denied" prefix
Pattern: `(?i)access denied.*user.*not authorized`
If you find a pattern that matches empty string:
Before (unsafe):
Pattern: `.*error.*` // Can match empty at start/end
After (safe):
Pattern: `error.*` // Requires "error" at start
// OR
Pattern: `.*error.+` // Requires "error" and at least one char after
// OR
Pattern: `\berror\b.*` // Requires word "error"
Before committing pattern changes:
make test-unitTestAllEnginePatternsSafe passesTestErrorPatternsNoInfiniteLoopPotential passescd pkg/workflow/js && npm testpkg/workflow/engine_error_patterns_infinite_loop_test.gopkg/workflow/js/validate_errors.test.cjspkg/workflow/error_pattern_tuning_test.go