Add comprehensive GitHub Copilot instructions for homebridge-switchbot development#1262
Merged
donavanbecker merged 3 commits intolatestfrom Aug 21, 2025
Merged
Add comprehensive GitHub Copilot instructions for homebridge-switchbot development#1262donavanbecker merged 3 commits intolatestfrom
donavanbecker merged 3 commits intolatestfrom
Conversation
Co-authored-by: donavanbecker <9875439+donavanbecker@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| i; | ||
|
|
||
| for (i = 0; i < rows.length; i += 1) { | ||
| rows[i].data = loadRowData(rows[i]); |
Check failure
Code scanning / CodeQL
DOM text reinterpreted as HTML High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
To fix the problem, we should ensure that any data read from the DOM via getAttribute('data-value') is properly escaped or sanitized before it is ever used in a context where it could be interpreted as HTML. In this code, the main risk is if the value is later inserted into the DOM using innerHTML or similar. The best way to fix this is to sanitize the value as soon as it is read, or to ensure that any code that writes it to the DOM uses safe methods (such as textContent instead of innerHTML). Since we only have access to the code in coverage/sorter.js, and the value is read in loadRowData, we should escape or sanitize val immediately after reading it from the attribute. For numbers, this is not necessary, but for strings, we should escape HTML meta-characters (<, >, &, ", '). We can add a simple HTML escape function in this file and use it when assigning string values to the data object.
Required changes:
- Add an
escapeHtmlfunction to the file. - In
loadRowData, useescapeHtmlonvalif the column type isstring. - No new imports are needed; the escape function can be implemented inline.
Suggested changeset
1
coverage/sorter.js
| @@ -75,6 +75,17 @@ | ||
| } | ||
| // attaches a data attribute to every tr element with an object | ||
| // of data values keyed by column name | ||
| // Escapes HTML meta-characters in a string | ||
| function escapeHtml(str) { | ||
| if (typeof str !== 'string') return str; | ||
| return str | ||
| .replace(/&/g, '&') | ||
| .replace(/</g, '<') | ||
| .replace(/>/g, '>') | ||
| .replace(/"/g, '"') | ||
| .replace(/'/g, '''); | ||
| } | ||
|
|
||
| function loadRowData(tableRow) { | ||
| var tableCols = tableRow.querySelectorAll('td'), | ||
| colNode, | ||
| @@ -88,6 +99,8 @@ | ||
| val = colNode.getAttribute('data-value'); | ||
| if (col.type === 'number') { | ||
| val = Number(val); | ||
| } else { | ||
| val = escapeHtml(val); | ||
| } | ||
| data[col.key] = val; | ||
| } |
Copilot is powered by AI and may make mistakes. Always verify output.
…t development Co-authored-by: donavanbecker <9875439+donavanbecker@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] ✨ Set up Copilot instructions
Add comprehensive GitHub Copilot instructions for homebridge-switchbot development
Aug 21, 2025
github-actions
bot
added
dependencies
donavanbecker
approved these changes
Aug 21, 2025
donavanbecker
added a commit
that referenced
this pull request
Sep 18, 2025
…t development (#1262) This PR creates comprehensive GitHub Copilot instructions to help developers work effectively with the homebridge-switchbot codebase. The instructions provide detailed guidance on building, testing, and developing this TypeScript Homebridge platform plugin for SwitchBot smart home devices. **Complete Development Workflow Documentation:** - Bootstrap and build process with exact commands and timing expectations - Dependency installation with required `--legacy-peer-deps` flag due to TypeDoc conflicts - TypeScript compilation and plugin UI building (~7 seconds) - Test execution with Vitest (~2 seconds) - Documentation generation with TypeDoc (~7 seconds) **Validation Scenarios:** - Manual plugin validation to ensure proper Homebridge registration - Plugin loading verification with Node.js - TypeScript compilation validation - Documentation generation without warnings - Complete workflow timing (~16 seconds total) **Codebase Navigation Guide:** - Detailed project structure with 38 TypeScript files across device and IR device modules - Key development areas for common tasks (adding devices, configuration changes) - File relationships and dependencies - Base classes and extension patterns for device implementations **Known Issues and Workarounds:** - Documented dependency conflicts requiring `--legacy-peer-deps` - ESLint configuration issues with import/extensions rule - Build artifact management with updated .gitignore **Timing and Performance Guidelines:** - All commands tested with realistic timing expectations - "NEVER CANCEL" warnings for builds with appropriate timeout recommendations - Complete validation workflow benchmarked at under 20 seconds All commands and scenarios in the instructions have been thoroughly tested and validated to ensure they work correctly in a fresh development environment. The instructions follow the imperative tone requirement and provide exhaustive coverage of the development workflow. The file is located at `.github/copilot-instructions.md` and provides over 7,000 characters of comprehensive guidance for GitHub Copilot to work effectively with this codebase. Fixes #1261. <!-- START COPILOT CODING AGENT TIPS --> --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs. --------- ✨ Add label-based version increment to automated beta branch creation (#1275) This PR enhances the Copilot instructions with automated beta branch creation functionality that uses GitHub labels to determine the appropriate version increment type, ensuring all future pull requests follow the project's development workflow with intelligent version management. The system now uses GitHub issue/PR labels to determine version increment types: - **`patch`** label - Bug fixes, documentation updates, minor improvements (4.3.1 → 4.3.2) - **`minor`** label - New features, device support additions, non-breaking enhancements (4.3.1 → 4.4.0) - **`major`** label - Breaking changes, API modifications, major architectural updates (4.3.1 → 5.0.0) The updated instructions include a comprehensive 4-step process: 1. **Primary Target**: Look for existing beta branches (e.g., `beta-4.3.2`, `beta-4.4.0`) 2. **Automated Creation**: If no beta branches exist, automatically create one based on detected labels 3. **Fallback Target**: Only use the `latest` branch if beta branch creation fails 4. **Complete Toolchain**: Provide all necessary detection and creation commands Added robust label detection and priority handling: - **Label priority**: When multiple increment labels exist, uses highest priority (major > minor > patch) - **Fallback behavior**: Defaults to patch increment when no relevant labels are found - **GitHub API integration**: Uses `github-mcp-server-get_issue` and `github-mcp-server-get_pull_request` for label detection Complete git workflow with label-based version calculation: ```bash if [[ labels contains "major" ]]; then NEXT_VERSION=$(node -p "const v=require('./package.json').version.split('.'); v[0]=parseInt(v[0])+1; v[1]='0'; v[2]='0'; v.join('.')") elif [[ labels contains "minor" ]]; then NEXT_VERSION=$(node -p "const v=require('./package.json').version.split('.'); v[1]=parseInt(v[1])+1; v[2]='0'; v.join('.')") else # Default to patch increment (includes when "patch" label found or no labels) NEXT_VERSION=$(node -p "const v=require('./package.json').version.split('.'); v[2]=parseInt(v[2])+1; v.join('.')") fi BETA_BRANCH="beta-${NEXT_VERSION}" git fetch origin git checkout -b "${BETA_BRANCH}" origin/latest git push origin "${BETA_BRANCH}" ``` - **Explicit version control**: Project maintainers can specify version increment type through labels before assigning issues - **Conservative defaults**: Falls back to patch increment when no labels are present, ensuring safe version management - **Priority handling**: Automatically resolves conflicts when multiple increment labels exist - **Automated workflow**: Eliminates manual beta branch creation while maintaining proper release management practices - **Clear guidance**: Provides project maintainers with explicit instructions on label usage This ensures the development workflow always uses beta branches for testing changes before they reach the main development line, with intelligent version management based on the scope and impact of changes as indicated by GitHub labels. Fixes #1274. <!-- START COPILOT CODING AGENT TIPS --> --- 💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click [here](https://survey3.medallia.com/?EAHeSx-AP01bZqG0Ld9QLQ) to start the survey. --------- ✨ Enhanced Copilot instructions for beta branch targeting and label-based versioning (#1277) Update Workflow Co-Authored-By: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-Authored-By: donavanbecker <9875439+donavanbecker@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR creates comprehensive GitHub Copilot instructions to help developers work effectively with the homebridge-switchbot codebase. The instructions provide detailed guidance on building, testing, and developing this TypeScript Homebridge platform plugin for SwitchBot smart home devices.
Key Features Added
Complete Development Workflow Documentation:
--legacy-peer-depsflag due to TypeDoc conflictsValidation Scenarios:
Codebase Navigation Guide:
Known Issues and Workarounds:
--legacy-peer-depsTiming and Performance Guidelines:
Validation
All commands and scenarios in the instructions have been thoroughly tested and validated to ensure they work correctly in a fresh development environment. The instructions follow the imperative tone requirement and provide exhaustive coverage of the development workflow.
The file is located at
.github/copilot-instructions.mdand provides over 7,000 characters of comprehensive guidance for GitHub Copilot to work effectively with this codebase.Fixes #1261.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.