fix(Security/AnnualReports): repair stale UpdateSources parser (0 → 390 reports)#1387
Open
christauff wants to merge 1 commit into
Open
fix(Security/AnnualReports): repair stale UpdateSources parser (0 → 390 reports)#1387christauff wants to merge 1 commit into
christauff wants to merge 1 commit into
Conversation
The AnnualReports UPDATE workflow parses 0 reports and then crashes on write against the current awesome-annual-security-reports README format, leaving ListSources and FetchReport with no data to read. - Rewrite parseMarkdownReports for the current one-line entry format `- [Vendor](url) - [Name](path) (year) - description`. The old parser expected removed `- Vendor:` / `- URL:` sub-bullets, so it matched 0 entries. Section tracking now also resets on non-Analysis/Survey `##` headers so TOC and Resources links are never mistaken for reports. - Actually rebuild sources.json from the parsed data. main() previously only bumped a timestamp on an (often nonexistent) file and never merged parsed reports. - Create the Data/ directory before writing (writeFileSync raised ENOENT when Data/ was absent). Verified end-to-end against the live upstream README: 0 -> 390 reports parsed and written; ListSources and FetchReport (live fetch) functional. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
Author
|
Heads-up for triage: the failing The change itself was verified end-to-end against the live upstream README from a clean checkout of this branch:
Happy to adjust anything — including adding a seed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The AnnualReports skill (Security pack) is non-functional as shipped: its
UpdateSourcestool parses 0 reports from the upstream data source and then crashes on write, so the companionListSourcesandFetchReporttools have nosources.jsonto read. This PR repairsUpdateSources.ts— verified end-to-end at 0 → 390 reports.What a user hits today
The skill ships no seed
Data/sources.json, soListSources/FetchReportalso ENOENT until an update succeeds — which it never does. Net effect: the skill is dead on install.Root cause — three independent defects
parseMarkdownReportsexpected an old README layout with- Vendor:/- URL:sub-bullets. The upstream source (jacobdjwilson/awesome-annual-security-reports) now uses a single line per report:- [Vendor](vendor-url) - [Report Name](report-path) (year) - descriptionThe old pattern matches nothing → 0 reports.
main()never merged parsed data. It only rewrote an existing file's timestamp (current.metadata.lastUpdated = ...) and never wrote the parsed reports — so even a working parser produced no data.writeFileSync(SOURCES_PATH, ...)raisedENOENTwheneverData/did not exist (i.e. every fresh install).The fix (single file:
UpdateSources.ts)parseMarkdownReportsfor the current one-line entry format. Section tracking now also resets on any non-Analysis/Survey##header, so links in the## ContentsTOC and## Resourcessections can never be mistaken for report entries.main()now rebuildssources.jsonfrom the parsed data (metadata +analysis/surveycategories).mkdirSync(dirname(SOURCES_PATH), { recursive: true })before write.Imports extended with
mkdirSync(fs) anddirname(path). No changes were needed toListSources.tsorFetchReport.ts— they were correct and simply had no data to consume.Before / after
UpdateSourceswriteData/sources.jsonListSourcesFetchReport(live)Testing
Run against the live upstream README, from a clean checkout of this branch:
Notes for reviewers
Packs/Security/src/AnnualReports/Tools/UpdateSources.ts. The identical stale copies underReleases/v2.3–v2.5/are frozen snapshots and are assumed to regenerate fromPacks/src; left untouched.Data/sources.jsonis intentionally not committed — it is generated at runtime from the live upstream source. If you'd prefer to ship a seed file so the skill works before the firstUPDATE, I'm happy to add one.🤖 Generated with Claude Code