Skip to content

Commit d577a85

Browse files
committed
fix: make skill length-split fence-aware for vally reference extraction
The over-length split treated any line starting with "## " as a section boundary, including lines inside fenced code blocks (some skills have "## " inside sample-output blocks). Cutting there left SKILL.md with an odd number of code fences, so vally treated everything after the last fence as fenced and ignored the reference links in that region, reporting them as orphan files. The split now only breaks at "## " headers outside code fences. Verified locally with @microsoft/vally runLint: 33/33 skills pass.
1 parent 9728dec commit d577a85

3 files changed

Lines changed: 42 additions & 31 deletions

File tree

.github/skills/auditing-cloud-cluster-security/SKILL.md

Lines changed: 0 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -426,35 +426,6 @@ Severity is calibrated for production by default. Non-production environments do
426426

427427
**Annotations:** `*(downgraded from FAIL — development cluster)*` or `*(PCI DSS compliance — cannot downgrade)*`
428428

429-
## Report Format
430-
431-
Save each audit report to `reports/security-audit-<cluster-name>-<YYYY-MM-DD>-<sequence>.md` (gitignored, local-only). The `reports/` directory is not committed to version control — it serves as a local log for historical comparison and remediation tracking.
432-
433-
Generate a markdown report with the following structure:
434-
435-
```
436-
# Security Audit Report — <Cluster Name>
437-
438-
**Date:** YYYY-MM-DD
439-
**Cluster ID:** <cluster-id>
440-
**Plan:** Standard | Advanced | Self-hosted
441-
**CockroachDB Version:** vXX.X.X
442-
**Regions:** us-east-1, us-west-2
443-
**Deployment:** CockroachDB Cloud | Self-hosted
444-
**Environment:** production | staging | development | sandbox
445-
**Compliance:** SOC 2, PCI DSS | (none specified)
446-
**Data Sensitivity:** PII/PHI | financial | internal | public
447-
448-
## Summary
449-
450-
| Status | Count |
451-
|--------|-------|
452-
| PASS | X |
453-
| WARN | X |
454-
| FAIL | X |
455-
| INFO | X |
456-
| N/A | X |
457-
458429
## Additional details
459430

460431
Further sections for this skill are in [references/additional-details.md](references/additional-details.md).

.github/skills/auditing-cloud-cluster-security/references/additional-details.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,34 @@
11
# Additional details
22

3+
## Report Format
4+
5+
Save each audit report to `reports/security-audit-<cluster-name>-<YYYY-MM-DD>-<sequence>.md` (gitignored, local-only). The `reports/` directory is not committed to version control — it serves as a local log for historical comparison and remediation tracking.
6+
7+
Generate a markdown report with the following structure:
8+
9+
```
10+
# Security Audit Report — <Cluster Name>
11+
12+
**Date:** YYYY-MM-DD
13+
**Cluster ID:** <cluster-id>
14+
**Plan:** Standard | Advanced | Self-hosted
15+
**CockroachDB Version:** vXX.X.X
16+
**Regions:** us-east-1, us-west-2
17+
**Deployment:** CockroachDB Cloud | Self-hosted
18+
**Environment:** production | staging | development | sandbox
19+
**Compliance:** SOC 2, PCI DSS | (none specified)
20+
**Data Sensitivity:** PII/PHI | financial | internal | public
21+
22+
## Summary
23+
24+
| Status | Count |
25+
|--------|-------|
26+
| PASS | X |
27+
| WARN | X |
28+
| FAIL | X |
29+
| INFO | X |
30+
| N/A | X |
31+
332
## Findings
433
534
### Network Security

scripts/transform-skills-for-copilot.py

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,8 +91,19 @@ def split_for_length(skill_dir, text):
9191
if len(lines) <= MAX_LINES:
9292
return text
9393

94-
# Indices of level-2 section headers.
95-
headers = [i for i, ln in enumerate(lines) if ln.startswith("## ")]
94+
# Indices of level-2 section headers that are NOT inside a code fence.
95+
# (Skill bodies contain fenced examples whose lines may start with "## ";
96+
# splitting there would cut a code block in half and unbalance the fences,
97+
# which breaks reference extraction in downstream linters.)
98+
headers = []
99+
in_fence = False
100+
for i, ln in enumerate(lines):
101+
stripped = ln.lstrip()
102+
if stripped.startswith("```") or stripped.startswith("~~~"):
103+
in_fence = not in_fence
104+
continue
105+
if not in_fence and ln.startswith("## "):
106+
headers.append(i)
96107
if not headers:
97108
return text # nothing safe to move
98109

0 commit comments

Comments
 (0)