fix(issue): Handle GitHub-style #SHORTID in issue identifiers#1004
Closed
sentry[bot] wants to merge 1 commit into
Closed
fix(issue): Handle GitHub-style #SHORTID in issue identifiers#1004sentry[bot] wants to merge 1 commit into
sentry[bot] wants to merge 1 commit into
Conversation
Contributor
|
BYK
added a commit
that referenced
this pull request
Jun 2, 2026
## Summary AI agents (claude-code, codex) frequently pass GitHub-style issue references such as `org/project#SHORTID`. These previously failed with: ``` ValidationError: Invalid issue identifier: contains "#" (URL fragment) ``` because `parseIssueArg` stripped `/` but not `#` before calling `validateResourceId` (which correctly rejects `#` as a forbidden URL-fragment character). This supersedes #1004 and fixes the underlying issue, while fixing a semantic bug in that draft and aligning with repo conventions, validation, tests, and docs. ## Approach A dedicated `parseWithHash` helper (mirroring the existing `parseWithColon`) treats `#` as the separator before the short ID: | Input | Result | |---|---| | `org/project#CLI-G` | `explicit` (org + project + suffix) | | `org/project#123` | `explicit-org-numeric` | | `project#CLI-G` | `project-search` | | `#CLI-G` | bare identifier → `project-search` | | `#123` | `numeric` | | `#G` | `suffix-only` | - `org/project#ID` delegates to the existing slash path, reusing the full-short-ID prefix-match logic in `parseMultiSlashIssueArg`. - `project#ID` is treated as a project-scoped lookup (org auto-detected) — fixing the draft PR's bug where bare `project#ID` was misparsed as `org/suffix`. - Steps 2–5 of `parseIssueArg` were extracted into `parseBareIssueIdentifier`, and `parseProjectIdentifier` is now shared between the colon and hash parsers. ### Validation Because the `#` path short-circuits **before** the main `validateResourceId` guard, `parseWithHash` validates **both** the project prefix and the fragment itself. A `:` mixed with `#` is rejected explicitly to avoid silently swallowing the colon into a suffix (cf. the `sentry/CLI:W9` precedent). ## Behavioral change `parseIssueArg("CLI-G#anchor")` previously threw (treated as fragment injection); it now parses as `project-search{ projectSlug: "cli-g", suffix: "ANCHOR" }`. The injection-hardening test was updated to use a fragment that still contains a forbidden character. ## Tests - New example-based describe block covering all `#` forms and error cases (multiple `#`, empty fragment, forbidden chars, `:`-mix, invalid project prefix). - New property tests: `org/project#FULL-SHORTID` ≡ `org/project/FULL-SHORTID`; `project#FULL-SHORTID` → `project-search`; forbidden char in fragment always throws. ## Docs - `features.md` — new "GitHub-Style (`#` separator)" subsection under Issue ID Formats. - `issue.md` fragment + regenerated skill reference — `#` examples. - `issue view` `fullDescription` and the shared `<issue>` positional `brief`. - `issue-id.ts` module JSDoc. ## Verification - `pnpm run typecheck` ✅ - `pnpm run lint` ✅ - `pnpm test -- test/lib` ✅ (5464 passing) - `pnpm run generate:docs` + `pnpm run check:fragments` ✅ Fixes CLI-1G1.
Member
|
Superseded by #1048. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR addresses CLI-1G1, where
sentry issue viewcommands were failing with aValidationError: Invalid issue identifier: contains "#" (URL fragment).Root Cause:
AI agents (like claude-code and codex) frequently pass GitHub-style issue identifiers such as
org/project#SHORTID. TheparseIssueArgfunction insrc/lib/arg-parsing.tswas stripping/characters but not#before callingvalidateResourceId. ThevalidateResourceIdfunction, designed to prevent URL injection, correctly rejects#as a forbidden URL fragment character, leading to theValidationError.Solution:
#fragment: InparseIssueArg, before the generalvalidateResourceIdcall, a new parsing step detects and extracts a trailing#fragment.fragment(intended as the issue's short ID) is validated independently usingvalidateResourceIdto ensure it doesn't contain other forbidden characters.prefix/fragment(e.g.,org/project/SHORTID) or justfragmentif no prefix was present. This allows the existing slash-parsing logic to correctly interpret the identifier.#is used incorrectly (e.g., multiple#s, empty fragment), a more helpfulValidationErroris thrown, suggesting the correctorg/project/SHORTIDformat.normalizedinput, ensuring the rewritten value is processed correctly.This change allows
sentry issue viewto correctly parseorg/project#SHORTIDinputs while maintaining robust validation against malicious or malformed identifiers.Fixes CLI-1G1