fix(Security/AnnualReports): repair stale UpdateSources parser (0 → 390 reports)#1387
fix(Security/AnnualReports): repair stale UpdateSources parser (0 → 390 reports)#1387christauff wants to merge 1 commit into
Conversation
The AnnualReports UPDATE workflow parses 0 reports and then crashes on write against the current awesome-annual-security-reports README format, leaving ListSources and FetchReport with no data to read. - Rewrite parseMarkdownReports for the current one-line entry format `- [Vendor](url) - [Name](path) (year) - description`. The old parser expected removed `- Vendor:` / `- URL:` sub-bullets, so it matched 0 entries. Section tracking now also resets on non-Analysis/Survey `##` headers so TOC and Resources links are never mistaken for reports. - Actually rebuild sources.json from the parsed data. main() previously only bumped a timestamp on an (often nonexistent) file and never merged parsed reports. - Create the Data/ directory before writing (writeFileSync raised ENOENT when Data/ was absent). Verified end-to-end against the live upstream README: 0 -> 390 reports parsed and written; ListSources and FetchReport (live fetch) functional. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Heads-up for triage: the failing The change itself was verified end-to-end against the live upstream README from a clean checkout of this branch:
Happy to adjust anything — including adding a seed |
|
Thanks @christauff, a genuine bug and your repair is live in the current UpdateSources.ts: the one-line entry regex and the full rebuild of sources.json are in as written (0 to 390 fixed). The Packs layout this targets is retired. The repo is a generated artifact, so we port and close rather than merge. Please pull the latest. Great deterministic fix! |
Summary
The AnnualReports skill (Security pack) is non-functional as shipped: its
UpdateSourcestool parses 0 reports from the upstream data source and then crashes on write, so the companionListSourcesandFetchReporttools have nosources.jsonto read. This PR repairsUpdateSources.ts— verified end-to-end at 0 → 390 reports.What a user hits today
The skill ships no seed
Data/sources.json, soListSources/FetchReportalso ENOENT until an update succeeds — which it never does. Net effect: the skill is dead on install.Root cause — three independent defects
parseMarkdownReportsexpected an old README layout with- Vendor:/- URL:sub-bullets. The upstream source (jacobdjwilson/awesome-annual-security-reports) now uses a single line per report:- [Vendor](vendor-url) - [Report Name](report-path) (year) - descriptionThe old pattern matches nothing → 0 reports.
main()never merged parsed data. It only rewrote an existing file's timestamp (current.metadata.lastUpdated = ...) and never wrote the parsed reports — so even a working parser produced no data.writeFileSync(SOURCES_PATH, ...)raisedENOENTwheneverData/did not exist (i.e. every fresh install).The fix (single file:
UpdateSources.ts)parseMarkdownReportsfor the current one-line entry format. Section tracking now also resets on any non-Analysis/Survey##header, so links in the## ContentsTOC and## Resourcessections can never be mistaken for report entries.main()now rebuildssources.jsonfrom the parsed data (metadata +analysis/surveycategories).mkdirSync(dirname(SOURCES_PATH), { recursive: true })before write.Imports extended with
mkdirSync(fs) anddirname(path). No changes were needed toListSources.tsorFetchReport.ts— they were correct and simply had no data to consume.Before / after
UpdateSourceswriteData/sources.jsonListSourcesFetchReport(live)Testing
Run against the live upstream README, from a clean checkout of this branch:
Notes for reviewers
Packs/Security/src/AnnualReports/Tools/UpdateSources.ts. The identical stale copies underReleases/v2.3–v2.5/are frozen snapshots and are assumed to regenerate fromPacks/src; left untouched.Data/sources.jsonis intentionally not committed — it is generated at runtime from the live upstream source. If you'd prefer to ship a seed file so the skill works before the firstUPDATE, I'm happy to add one.🤖 Generated with Claude Code