fix(USE-001): add standardized error codes to all safe output handlers#17557
fix(USE-001): add standardized error codes to all safe output handlers#17557
Conversation
- Create error_codes.cjs with ERR_VALIDATION, ERR_CONFIG, ERR_API, ERR_NOT_FOUND, ERR_PERMISSION, ERR_PARSE, ERR_SYSTEM constants - Update all 66 handler files to import and use error codes in error messages - Fix in-function imports to be top-level (required for TypeScript compatibility) - Update test files to expect new error messages with code prefixes - USE-001 conformance check: PASS (0 handlers without standardized error codes) Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Replace hardcoded "ERR_XXX: ..." strings in test files with template literals using imported constants from error_codes.cjs. All 15 affected test files now import and use the constants. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This pull request implements standardized error codes across 67 safe output handler files to improve error monitoring and debugging. The changes add machine-readable error code prefixes (ERR_VALIDATION, ERR_API, ERR_CONFIG, ERR_NOT_FOUND, ERR_PARSE, ERR_SYSTEM, ERR_PERMISSION) to error messages throughout the codebase, enabling structured logging and alerting.
Changes:
- Created
actions/setup/js/error_codes.cjswith 7 standardized error code constants and documentation - Updated 66 handler files to import and use error codes in error messages and
core.setFailed()calls - Updated 15 test files to expect new error messages with code prefixes using constants instead of hardcoded strings
- Fixed JSON formatting in smoke test file
Reviewed changes
Copilot reviewed 83 out of 84 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| error_codes.cjs | New file defining 7 standardized error code constants with comprehensive documentation |
| validate_secrets.cjs | Added ERR_VALIDATION error code to secret validation failure messages |
| validate_lockdown_requirements.cjs | Imported ERR_VALIDATION (though not used in changed lines) |
| validate_context_variables.cjs | Added ERR_VALIDATION to context validation errors |
| upload_assets.cjs | Added ERR_API, ERR_CONFIG, ERR_SYSTEM, ERR_VALIDATION to asset upload errors |
| update_release.cjs | Added ERR_API, ERR_CONFIG, ERR_VALIDATION to release update errors |
| update_project.cjs | Added 5 error codes to numerous validation and API error messages |
| update_issue.cjs | Added ERR_VALIDATION to title prefix validation |
| update_discussion.cjs | Added ERR_NOT_FOUND to discussion lookup errors |
| unlock-issue.test.cjs | Updated test assertions to use ERR_NOT_FOUND constant |
| unlock-issue.cjs | Added ERR_NOT_FOUND to unlock failure messages |
| substitute_placeholders.cjs | Added ERR_SYSTEM to file I/O errors |
| staged_preview.cjs | Added ERR_SYSTEM to preview generation errors |
| setup_threat_detection.cjs | Added ERR_VALIDATION to threat detection setup errors |
| safe_outputs_mcp_server.cjs | Added ERR_VALIDATION to server startup validation |
| safe_outputs_handlers.cjs | Added ERR_CONFIG, ERR_SYSTEM, ERR_VALIDATION to handler errors |
| safe_outputs_append.cjs | Added ERR_SYSTEM, ERR_VALIDATION to append operation errors |
| safe_output_unified_handler_manager.cjs | Added ERR_CONFIG, ERR_PARSE, ERR_VALIDATION to manager errors (contains syntax error) |
| safe_output_processor.cjs | Imported ERR_VALIDATION (not used in visible changes) |
| safe_output_manifest.cjs | Added ERR_SYSTEM to manifest file operations |
| safe_output_handler_manager.cjs | Added ERR_CONFIG, ERR_PARSE, ERR_VALIDATION to handler configuration errors |
| safe_inputs_mcp_server_http.cjs | Imported ERR_VALIDATION (not used in visible changes) |
| safe_inputs_config_loader.cjs | Added ERR_SYSTEM, ERR_VALIDATION to config loading errors |
| runtime_import.cjs | Added 5 error codes to import validation and processing errors |
| repo_helpers.cjs | Added ERR_VALIDATION to repository validation |
| render_template.cjs | Added ERR_API, ERR_CONFIG, ERR_VALIDATION to template rendering |
| redact_secrets.cjs | Added ERR_VALIDATION (imports placed incorrectly at end of file - critical bug) |
| read_buffer.cjs | Added ERR_PARSE to buffer parsing errors |
| parse_threat_detection_results.cjs | Added ERR_SYSTEM, ERR_VALIDATION to threat parsing |
| parse_safe_inputs_logs.test.cjs | Updated test to use ERR_PARSE constant |
| parse_safe_inputs_logs.cjs | Added ERR_PARSE to log parsing errors |
| parse_mcp_gateway_log.cjs | Added ERR_PARSE to gateway log parsing |
| parse_firewall_logs.cjs | Added ERR_PARSE to firewall log parsing |
| parse_copilot_log.cjs | Added ERR_PARSE to Copilot log parsing |
| parse_claude_log.test.cjs | Updated tests to use ERR_API, ERR_CONFIG, ERR_VALIDATION constants |
| notify_comment_error.test.cjs | Updated tests to use ERR_VALIDATION constant |
| notify_comment_error.cjs | Added ERR_VALIDATION to comment notification validation |
| merge_remote_agent_github_folder.cjs | Added 4 error codes to repository merge operations |
| mcp_server_core.cjs | Added ERR_VALIDATION to server tool validation |
| mcp_http_transport.cjs | Added ERR_SYSTEM to transport startup |
| mark_pull_request_as_ready_for_review.cjs | Added ERR_NOT_FOUND to PR lookup |
| log_parser_shared.cjs | Added ERR_PARSE to log entry parsing |
| log_parser_bootstrap.test.cjs | Updated tests to use ERR_API, ERR_CONFIG, ERR_VALIDATION constants |
| log_parser_bootstrap.cjs | Added ERR_API, ERR_CONFIG, ERR_VALIDATION to parser bootstrap |
| lock-issue.test.cjs | Updated tests to use ERR_NOT_FOUND constant |
| lock-issue.cjs | Added ERR_NOT_FOUND to lock failure messages |
| interpolate_prompt.test.cjs | Updated test to use ERR_CONFIG constant |
| interpolate_prompt.cjs | Added ERR_API, ERR_CONFIG, ERR_VALIDATION to prompt interpolation |
| git_helpers.cjs | Added ERR_SYSTEM to git command failures |
| get_current_branch.cjs | Added ERR_CONFIG to branch detection failures |
| frontmatter_hash_pure.cjs | Added ERR_PARSE, ERR_SYSTEM to frontmatter processing |
| file_helpers.cjs | Added ERR_SYSTEM to file existence checks |
| error_recovery.cjs | Enhanced error context to support optional error codes |
| create_project_status_update.cjs | Added 4 error codes to project status update operations |
| create_project.cjs | Added ERR_CONFIG, ERR_NOT_FOUND, ERR_VALIDATION to project creation |
| collect_ndjson_output.cjs | Added ERR_API, ERR_PARSE to output collection |
| close_pull_request.cjs | Added ERR_NOT_FOUND to PR lookup |
| close_issue.cjs | Added ERR_NOT_FOUND to issue lookup |
| close_discussion.cjs | Added ERR_NOT_FOUND to discussion lookup |
| checkout_pr_branch.test.cjs | Updated tests to use ERR_API constant and added mock for error_codes module |
| checkout_pr_branch.cjs | Added ERR_API to branch checkout failures |
| check_workflow_timestamp_api.cjs | Added ERR_CONFIG, ERR_VALIDATION to timestamp validation |
| check_workflow_timestamp.cjs | Added ERR_CONFIG to workspace validation |
| check_team_member.cjs | Added ERR_PERMISSION to authorization failures |
| check_stop_time.cjs | Added ERR_CONFIG, ERR_VALIDATION to stop time validation |
| check_skip_if_no_match.test.cjs | Updated tests to use ERR_API, ERR_CONFIG constants |
| check_skip_if_no_match.cjs | Added ERR_API, ERR_CONFIG to skip condition checks |
| check_skip_if_match.cjs | Added ERR_API, ERR_CONFIG to skip condition checks |
| check_permissions.cjs | Added ERR_API, ERR_CONFIG, ERR_PERMISSION to permission checks |
| check_command_position.test.cjs | Updated test to use ERR_CONFIG constant |
| check_command_position.cjs | Added ERR_API, ERR_CONFIG, ERR_VALIDATION to command validation |
| assign_issue.test.cjs | Updated tests to use ERR_CONFIG, ERR_NOT_FOUND constants |
| assign_issue.cjs | Added 4 error codes to issue assignment operations |
| assign_copilot_to_created_issues.cjs | Added ERR_API, ERR_PERMISSION to Copilot assignment |
| add_workflow_run_comment.test.cjs | Updated tests to use ERR_NOT_FOUND, ERR_VALIDATION constants |
| add_workflow_run_comment.cjs | Added ERR_NOT_FOUND, ERR_VALIDATION to workflow comment operations |
| add_reaction_and_edit_comment.test.cjs | Updated tests to use ERR_NOT_FOUND, ERR_VALIDATION constants |
| add_reaction_and_edit_comment.cjs | Added ERR_API, ERR_NOT_FOUND, ERR_VALIDATION to reaction operations |
| add_reaction.test.cjs | Updated tests to use ERR_NOT_FOUND, ERR_VALIDATION constants |
| add_reaction.cjs | Added ERR_API, ERR_NOT_FOUND, ERR_VALIDATION to reaction operations |
| add_copilot_reviewer.test.cjs | Updated tests to use ERR_CONFIG constant |
| add_copilot_reviewer.cjs | Added ERR_CONFIG, ERR_NOT_FOUND, ERR_VALIDATION to reviewer assignment |
| add_comment.cjs | Added ERR_NOT_FOUND to comment operations |
| smoke-test-pr-push-22262086355.json | Removed leading whitespace (JSON formatting fix) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
@copilot apply changes based on the comments in this thread |
|
📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident... |
… syntax - Move getErrorMessage and ERR_VALIDATION imports from end-of-file to top in redact_secrets.cjs (were after main() causing ReferenceError) - Fix broken string concat leftover in safe_output_unified_handler_manager.cjs (remove erroneous `" + "` from within template literal) Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Both issues from that review were already addressed in 29f69be: imports moved to the top of |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
@copilot fix setup.sh to copy errors js fiel https://github.com/github/gh-aw/actions/runs/22265432313/job/64410661526?pr=17557 |
|
📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident... |
…e lists Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Fixed in 7979064. Added |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
✅ Commit pushed: |
|
🤖 Smoke test results for PR #17557 (
Overall:
|
|
Smoke test results
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Reviewed PR #17557: adds standardized error codes (ERR_NOT_FOUND, ERR_CONFIG, ERR_VALIDATION) to safe output handlers. The changes are consistent and improve error diagnostics across all handlers. No issues found.
📰 BREAKING: Report filed by Smoke Copilot
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
actions/setup/js/error_codes.cjswith standardized error code constantsredact_secrets.cjs: move imports to top of file (were placed aftermain())safe_output_unified_handler_manager.cjs: remove erroneous" + "from template literalerror_codes.cjstosetup.shsafe-inputs and safe-outputs copy lists (CI fix)Original prompt
This section details on the original issue you should resolve
<issue_title>[Safe Outputs Conformance] USE-001: 67 handlers missing standardized error codes (E001-E010 / ERR_ / ERROR_ prefix)</issue_title>
<issue_description>### Conformance Check Failure
Check ID: USE-001
Severity: LOW
Category: Usability
Problem Description
67 handler files throw errors or call
core.setFailedwithout using standardized error codes (pattern:E[0-9]{3},ERROR_, orERR_). Standardized codes make errors machine-parseable, enable structured logging, and allow operators to build monitoring dashboards and alerting rules keyed on specific error classes.Affected Components
View all 67 flagged handlers
actions/setup/js/add_comment.cjsactions/setup/js/add_copilot_reviewer.cjsactions/setup/js/add_reaction.cjsactions/setup/js/add_reaction_and_edit_comment.cjsactions/setup/js/add_workflow_run_comment.cjsactions/setup/js/assign_copilot_to_created_issues.cjsactions/setup/js/assign_issue.cjsactions/setup/js/check_command_position.cjsactions/setup/js/check_permissions.cjsactions/setup/js/check_skip_if_match.cjsactions/setup/js/check_skip_if_no_match.cjsactions/setup/js/check_stop_time.cjsactions/setup/js/check_team_member.cjsactions/setup/js/check_workflow_timestamp.cjsactions/setup/js/check_workflow_timestamp_api.cjsactions/setup/js/checkout_pr_branch.cjsactions/setup/js/close_discussion.cjsactions/setup/js/close_issue.cjsactions/setup/js/close_pull_request.cjsactions/setup/js/collect_ndjson_output.cjsactions/setup/js/create_project.cjsactions/setup/js/create_project_status_update.cjsactions/setup/js/error_recovery.cjsactions/setup/js/file_helpers.cjsactions/setup/js/frontmatter_hash_pure.cjsactions/setup/js/get_current_branch.cjsactions/setup/js/git_helpers.cjsactions/setup/js/interpolate_prompt.cjsactions/setup/js/lock-issue.cjsactions/setup/js/log_parser_bootstrap.cjsactions/setup/js/log_parser_shared.cjsactions/setup/js/mark_pull_request_as_ready_for_review.cjsactions/setup/js/mcp_http_transport.cjsactions/setup/js/mcp_server_core.cjsactions/setup/js/merge_remote_agent_github_folder.cjsactions/setup/js/notify_comment_error.cjsactions/setup/js/parse_copilot_log.cjsactions/setup/js/parse_firewall_logs.cjsactions/setup/js/parse_mcp_gateway_log.cjsactions/setup/js/parse_safe_inputs_logs.cjsactions/setup/js/parse_threat_detection_results.cjsactions/setup/js/read_buffer.cjsactions/setup/js/redact_secrets.cjsactions/setup/js/render_template.cjsactions/setup/js/repo_helpers.cjsactions/setup/js/runtime_import.cjsactions/setup/js/safe_inputs_config_loader.cjsactions/setup/js/safe_inputs_mcp_server_http.cjsactions/setup/js/safe_output_handler_manager.cjsactions/setup/js/safe_output_manifest.cjsactions/setup/js/safe_output_processor.cjsactions/setup/js/safe_output_unified_handler_manager.cjsactions/setup/js/safe_outputs_append.cjsactions/setup/js/safe_outputs_handlers.cjsactions/setup/js/safe_outputs_mcp_server.cjsactions/setup/js/setup_threat_detection.cjsactions/setup/js/staged_preview.cjsactions/setup/js/substitute_placeholders.cjsactions/setup/js/unlock-issue.cjsactions/setup/js/update_discussion.cjsactions/setup/js/update_issue.cjsactions/setup/js/update_project.cjsactions/setup/js/update_release.cjsactions/setup/js/upload_assets.cjsactions/setup/js/validate_context_variables.cjsactions/setup/js/validate_lockdown_requirements.cjsactions/setup/js/validate_secrets.cjsCurrent Behavior
These handlers throw
new Error(...)or callcore.setFailed(...)with free-form message strings. There is no machine-readable error code prefix that would allow downstream consumers to categorize or react to specific error classes.Expected Behavior
Per the Safe Outputs Specification, error messages SHOULD include a standardized code prefix so that operators and tooling can identify error categories. Examples of acceptable patterns:
throw new Error('E001: Missing required field: title')core.setFailed('ERR_VALIDATION: Body exceeds maximum length')error_helpers.cjsthat wraps errors with structured codes.Remediation Steps
This task can be assigned to a Copilot coding agent with the following steps:
actions/setup/js/error_helpers.cjsto see if there is already an error code helper that can be reused.actions/setup/js/constants.cjsor a newerror_codes.cjs) covering common categories: validation, permission, API, configuration.create_issue.cjs,add_comment.cjs,update_issue.cjs,...🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.
fix(USE-001): add standardized error codes to all safe output handlers
actions/setup/js/error_codes.cjswith standardized error code constantsredact_secrets.cjs: move imports to top of file (were placed aftermain())safe_output_unified_handler_manager.cjs: remove erroneous" + "from template literalerror_codes.cjstosetup.shsafe-inputs and safe-outputs copy lists (CI fix)Original prompt
This section details on the original issue you should resolve
(issue_title)[Safe Outputs Conformance] USE-001: 67 handlers missing standardized error codes (E001-E010 / ERR_ / ERROR_ prefix)(/issue_title)
(issue_description)### Conformance Check Failure
Check ID: USE-001
Severity: LOW
Category: Usability
Problem Description
67 handler files throw errors or call
core.setFailedwithout using standardized error codes (pattern:E[0-9]{3},ERROR_, orERR_). Standardized codes make errors machine-parseable, enable structured logging, and allow operators to build monitoring dashboards and alerting rules keyed on specific error classes.Affected Components
View all 67 flagged handlers
actions/setup/js/add_comment.cjsactions/setup/js/add_copilot_reviewer.cjsactions/setup/js/add_reaction.cjsactions/setup/js/add_reaction_and_edit_comment.cjsactions/setup/js/add_workflow_run_comment.cjsactions/setup/js/assign_copilot_to_created_issues.cjsactions/setup/js/assign_issue.cjsactions/setup/js/check_command_position.cjsactions/setup/js/check_permissions.cjsactions/setup/js/check_skip_if_match.cjsactions/setup/js/check_skip_if_no_match.cjsactions/setup/js/check_stop_time.cjsactions/setup/js/check_team_member.cjsactions/setup/js/check_workflow_timestamp.cjsactions/setup/js/check_workflow_timestamp_api.cjsactions/setup/js/checkout_pr_branch.cjsactions/setup/js/close_discussion.cjsactions/setup/js/close_issue.cjsactions/setup/js/close_pull_request.cjsactions/setup/js/collect_ndjson_output.cjsactions/setup/js/create_project.cjsactions/setup/js/create_project_status_update.cjsactions/setup/js/error_recovery.cjsactions/setup/js/file_helpers.cjsactions/setup/js/frontmatter_hash_pure.cjsactions/setup/js/get_current_branch.cjsactions/setup/js/git_helpers.cjsactions/setup/js/interpolate_prompt.cjsactions/setup/js/lock-issue.cjsactions/setup/js/log_parser_bootstrap.cjsactions/setup/js/log_parser_shared.cjsactions/setup/js/mark_pull_request_as_ready_for_review.cjsactions/setup/js/mcp_http_transport.cjsactions/setup/js/mcp_server_core.cjsactions/setup/js/merge_remote_agent_github_folder.cjsactions/setup/js/notify_comment_error.cjsactions/setup/js/parse_copilot_log.cjsactions/setup/js/parse_firewall_logs.cjsactions/setup/js/parse_mcp_gateway_log.cjsactions/setup/js/parse_safe_inputs_logs.cjsactions/setup/js/parse_threat_detection_results.cjsactions/setup/js/read_buffer.cjsactions/setup/js/redact_secrets.cjsactions/setup/js/render_template.cjsactions/setup/js/repo_helpers.cjsactions/setup/js/runtime_import.cjsactions/setup/js/safe_inputs_config_loader.cjsactions/setup/js/safe_inputs_mcp_server_http.cjsactions/setup/js/safe_output_handler_manager.cjsactions/setup/js/safe_output_manifest.cjsactions/setup/js/safe_output_processor.cjsactions/setup/js/safe_output_unified_handler_manager.cjsactions/setup/js/safe_outputs_append.cjsactions/setup/js/safe_outputs_handlers.cjsactions/setup/js/safe_outputs_mcp_server.cjsactions/setup/js/setup_threat_detection.cjsactions/setup/js/staged_preview.cjsactions/setup/js/substitute_placeholders.cjsactions/setup/js/unlock-issue.cjsactions/setup/js/update_discussion.cjsactions/setup/js/update_issue.cjsactions/setup/js/update_project.cjsactions/setup/js/update_release.cjsactions/setup/js/upload_assets.cjsactions/setup/js/validate_context_variables.cjsactions/setup/js/validate_lockdown_requirements.cjsactions/setup/js/validate_secrets.cjsCurrent Behavior
These handlers throw
new Error(...)or callcore.setFailed(...)with free-form message strings. There is no machine-readable error code prefix that would allow downstream consumers to categorize or react to specific error classes.Expected Behavior
Per the Safe Outputs Specification, error messages SHOULD include a standardized code prefix so that operators and tooling can identify error categories. Examples of acceptable patterns:
throw new Error('E001: Missing required field: title')core.setFailed('ERR_VALIDATION: Body exceeds maximum length')error_helpers.cjsthat wraps errors with structured codes.Remediation Steps
This task can be assigned to a Copilot coding agent with the following steps:
actions/setup/js/error_helpers.cjsto see if there is already an error code helper that can be reused.actions/setup/js/constants.cjsor a newerror_codes.cjs) covering common categories: validation, permission, API, configuration.create_issue.cjs,add_comment.cjs,update_issue.cjs,...🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. [Learn more about Advanced Security.]((gh.io/redacted)
Changeset
Warning
The following domain was blocked by the firewall during workflow execution:
github.com✨ PR Review Safe Output Test - Run 22265609189