Add configurable file type restrictions to cache-memory and repo-memory with validation failure reporting

[Copilot]

Complete: Configurable File Type Restrictions with Code Review Fixes ✅

All Review Comments Addressed

Copilot PR Reviewer Feedback (bot comments 2801299441-2801299505):

1. ✅ Normalize allowed extensions: Extensions now converted to lowercase and trimmed
2. ✅ JSON.parse error handling: Added try-catch with clear error messages
3. ✅ Template literal escaping: Fixed $${ to ${ in error messages
4. ✅ Multi-cache extensions: Build union of all extensions when caches differ
5. ✅ Hardcoded repo-memory extensions: Now uses configured extensions from memory config

@pelikhan Request:
6. ✅ Recompile: All 147 workflows recompiled successfully

Changes Summary

JavaScript Validation (validate_memory_files.cjs):

• Normalizes extensions to lowercase: .map(ext => ext.trim().toLowerCase())
• Handles mixed-case config like [".MD", ".Json"] correctly

Error Handling (push_repo_memory.cjs):

• Wrapped JSON.parse(ALLOWED_EXTENSIONS) in try-catch
• Returns clear error: "Failed to parse ALLOWED_EXTENSIONS... Expected JSON array format."
• Falls back to defaults on parse error

Template Fix (cache.go):

• Fixed double-dollar escape: Found $${result...} → Found ${result...}
• Error messages now show actual count instead of literal $3

Multi-Config Support:

• cache.go: Builds union of extensions when caches have different allowed lists
• repo_memory_prompt.go: Both single and multi-memory prompts use configured extensions
• Sorts union for consistent output

Testing

• ✅ All 175 JavaScript test files passing (3852 tests)
• ✅ All Go tests passing
• ✅ 147 workflows recompiled
• ✅ Format and lint passing

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

---

Changeset

• Type: patch
• Description: Add configurable allowed extensions for cache-memory and repo-memory along with validation failure reporting

Generated by Changeset Generator

---

Changeset

• Type: patch
• Description: Add configurable allowed extensions for cache-memory and repo-memory along with validation failure reporting

Generated by Changeset Generator

[pelikhan]

The list of allowed file extensions should be configurable through allowed-extensions: [".txt", ".csv", ".json"] @copilot

[Copilot]

The list of allowed file extensions should be configurable through allowed-extensions: [".txt", ".csv", ".json"] @copilot

Implemented in commit 50c701e. The allowed-extensions field is now configurable for both cache-memory and repo-memory:

tools:
  cache-memory:
    allowed-extensions: [".txt", ".csv", ".json"]
    
  repo-memory:
    allowed-extensions: [".md", ".json", ".toml"]

When not specified, defaults to [".json", ".jsonl", ".txt", ".md", ".csv"]. The configured extensions are:

• Shown in agent prompts dynamically
• Validated before upload (cache-memory) and before push (repo-memory)
• Passed to JavaScript validation via JSON array

[pelikhan]

@copilot use helper to code generate actions/github-script code

[pelikhan]

@copilot refactor this template template in a .md and render it

[pelikhan]

@copilot use helper to generate call to actions/github-script

[github-actions]

🔍 PR Triage Results

Category: feature (security) | Risk: medium | Priority: 57/100

Scores Breakdown

• Impact: 32/50 - Important security feature for memory validation. Affects all workflows using cache-memory/repo-memory (74+ workflows). Good feature but not critical/blocking.
• Urgency: 10/30 - Medium urgency - security improvement but not fixing active vulnerability. PR age: 2.7 hours. CI pending. No security/P0/P1 labels.
• Quality: 15/20 - Good quality - Detailed PR description, comprehensive testing with 20 JS tests, CI pending, all unit tests passing mentioned, comprehensive documentation.

📋 Recommended Action: batch_review

Medium risk, medium priority (57/100), good quality. Not auto-mergeable due to pending CI and medium risk level. Should be reviewed but not urgent. Could be batched with other memory/security features if they exist.

Batch Info: Eligible for batch-memory-security-001 (monitor for similar PRs)

---

Triaged by PR Triage Agent on 2026-02-12T18:26:00Z (Run #21959060330)

AI generated by PR Triage Agent

[pelikhan]

@copilot keep working

[Copilot]

@copilot recompile

Recompiled in commit 5f067ac. All 147 workflows compiled successfully with the code review fixes applied.

[github-actions]

🧪 Smoke Project is now testing project operations...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ Changeset Generator completed successfully!

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

Agent Container Tool Check ✅

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.52.0
jq	✅	1.7
yq	✅	4.52.2
curl	✅	8.5.0
gh	✅	2.86.0
node	✅	20.20.0
python3	✅	3.12.3
go	✅	1.24.13
java	✅	(available)
dotnet	✅	10.0.102

Result: 12/12 tools available ✅ PASS

AI generated by Agent Container Smoke Test

[github-actions]

✅ Smoke Project completed successfully. All project operations validated.

[github-actions]

Smoke Test: Run 21968692105

PRs Tested:

• Remove unused generateMaxWithRequiredFieldsConfig function #15249: Remove unused generateMaxWithRequiredFieldsConfig function
• awf v0.15.0 #15246: awf v0.15.0

Results:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ❌ Serena MCP (not available)
• ✅ Playwright
• ✅ File Writing
• ✅ Bash Tool
• ✅ Discussion Interaction
• ✅ Build gh-aw
• ✅ Workflow Dispatch

Status: PASS (8/9 tests passed)

cc @pelikhan

AI generated by Smoke Copilot

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

PRs: Remove unused generateMaxWithRequiredFieldsConfig function / [WIP] Fix emission of --enable-chroot for awf call
GitHub MCP: ✅
Serena MCP: ✅
Playwright: ✅
File write + cat: ✅
Build gh-aw: ✅
Overall: PASS

AI generated by Smoke Codex

[github-actions]

Smoke Test Results ✅

PR Titles:

• Remove unused generateMaxWithRequiredFieldsConfig function #15249: Remove unused generateMaxWithRequiredFieldsConfig function
• awf v0.15.0 #15246: awf v0.15.0

Test Results:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ✅ Serena MCP (2 symbols found)
• ✅ Make Build
• ✅ Playwright
• ✅ Tavily Web Search (5 results)
• ✅ File Writing
• ✅ Bash Tool
• ✅ Discussion Interaction
• ✅ Agentic Workflows MCP

Overall Status: PASS

AI generated by Smoke Claude

[mohamedbouddi7777-dev]

Ok thanks for example Free website to gt في الجمعة، ١٣ فبراير ٢٠٢٦، ٠٠:٤٨ github-actions[bot] < ***@***.***> كتب:

…

*github-actions[bot]* left a comment (github/gh-aw#15195) <#15195 (comment)> 📰 VERDICT: Smoke Copilot <https://github.com/github/gh-aw/actions/runs/21968692105> has concluded. All systems operational. This is a developing story. 🎤 — Reply to this email directly, view it on GitHub <#15195 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/B2DFN3QVCMPRHFXRK5SGLG34LUGNZAVCNFSM6AAAAACU5E6GLKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTQOJUGAYTEMJSGQ> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>