What happens
When a safe-output message body contains a malformed temporary ID reference (e.g., #aw_kb — too short, or #aw_toolongname123 — too long), the reference passes through as literal text in the created issue. No warning or error is produced.
This happens because body text and direct field values follow different validation paths:
- Direct field values (e.g.,
parent_issue_number in link_sub_issue) go through resolveIssueNumber(), which detects malformed refs with a startsWith("aw_") check and returns an error message.
- Body text (e.g., issue body in
create_issue) goes through replaceTemporaryIdReferences(), which uses a regex that only matches valid temp IDs (3-8 alphanumeric chars after aw_). Malformed refs don't match the regex and are left untouched — no validation, no warning.
What should happen
Malformed temp ID references in body text should be detected and flagged. At minimum, a warning should be emitted when a string matches #aw_ prefix but fails the full temp ID validation, so operators can identify broken references in created issues.
Where in the code
All references are to main at 2d91393f3.
Detection regex (only matches valid format):
temporary_id.cjs:30 — TEMPORARY_ID_PATTERN = /#(aw_[A-Za-z0-9]{3,8})/gi — only captures references with exactly 3-8 alphanumeric chars after aw_
Body text replacement (no malformed detection):
temporary_id.cjs:82-96 — replaceTemporaryIdReferences() uses TEMPORARY_ID_PATTERN; anything that doesn't match the regex is invisible to this functioncreate_issue.cjs:402 — calls replaceTemporaryIdReferences() on message body
Extraction (same gap):
temporary_id.cjs:440-448 — extractTemporaryIdReferences() for text fields uses the same regex, so malformed refs are never extracted or tracked
Direct field validation (has the detection logic):
temporary_id.cjs:281-286 — resolveIssueNumber() detects startsWith("aw_") values that fail isTemporaryId() and returns {resolved: null, wasTemporaryId: false, errorMessage: "Invalid temporary ID format..."}temporary_id.cjs:58-63 — isTemporaryId() validates against /^aw_[A-Za-z0-9]{3,8}$/i
The gap: The malformed-detection logic in resolveIssueNumber() is never called for body text processing.
Evidence
Source-level verification (2026-03-01):
- Confirmed
replaceTemporaryIdReferences() at :82-96 only processes regex matches — malformed refs pass through as literal text
- Confirmed
extractTemporaryIdReferences() at :440-448 uses the same regex — malformed refs are never extracted
- Confirmed
resolveIssueNumber() at :281-286 has detection logic for malformed refs but is only called for direct field values
- Confirmed test at
temporary_id.test.cjs:120-125 verifies malformed refs like #aw_ab are left unchanged — the current behavior is tested as intentional, but no warning is produced
- No tests exist for detecting or flagging malformed refs in body text
Proposed fix
Add a validation pass in replaceTemporaryIdReferences() that detects strings matching #aw_ prefix but failing the full TEMPORARY_ID_PATTERN regex, and emits a core.warning() for each malformed reference found.
Impact
Frequency: Low — requires the agent to produce a malformed temp ID reference in a message body. More likely when the agent generates references from context rather than from the temp ID map directly.
Cost: Low — malformed refs are cosmetic (literal text in issue bodies), not data loss. But they silently defeat the purpose of temp ID cross-references and can be confusing when auditing created issues.
What happens
When a safe-output message body contains a malformed temporary ID reference (e.g.,
#aw_kb— too short, or#aw_toolongname123— too long), the reference passes through as literal text in the created issue. No warning or error is produced.This happens because body text and direct field values follow different validation paths:
parent_issue_numberinlink_sub_issue) go throughresolveIssueNumber(), which detects malformed refs with astartsWith("aw_")check and returns an error message.create_issue) goes throughreplaceTemporaryIdReferences(), which uses a regex that only matches valid temp IDs (3-8 alphanumeric chars afteraw_). Malformed refs don't match the regex and are left untouched — no validation, no warning.What should happen
Malformed temp ID references in body text should be detected and flagged. At minimum, a warning should be emitted when a string matches
#aw_prefix but fails the full temp ID validation, so operators can identify broken references in created issues.Where in the code
All references are to
mainat2d91393f3.Detection regex (only matches valid format):
temporary_id.cjs:30—TEMPORARY_ID_PATTERN = /#(aw_[A-Za-z0-9]{3,8})/gi— only captures references with exactly 3-8 alphanumeric chars afteraw_Body text replacement (no malformed detection):
temporary_id.cjs:82-96—replaceTemporaryIdReferences()usesTEMPORARY_ID_PATTERN; anything that doesn't match the regex is invisible to this functioncreate_issue.cjs:402— callsreplaceTemporaryIdReferences()on message bodyExtraction (same gap):
temporary_id.cjs:440-448—extractTemporaryIdReferences()for text fields uses the same regex, so malformed refs are never extracted or trackedDirect field validation (has the detection logic):
temporary_id.cjs:281-286—resolveIssueNumber()detectsstartsWith("aw_")values that failisTemporaryId()and returns{resolved: null, wasTemporaryId: false, errorMessage: "Invalid temporary ID format..."}temporary_id.cjs:58-63—isTemporaryId()validates against/^aw_[A-Za-z0-9]{3,8}$/iThe gap: The malformed-detection logic in
resolveIssueNumber()is never called for body text processing.Evidence
Source-level verification (2026-03-01):
replaceTemporaryIdReferences()at:82-96only processes regex matches — malformed refs pass through as literal textextractTemporaryIdReferences()at:440-448uses the same regex — malformed refs are never extractedresolveIssueNumber()at:281-286has detection logic for malformed refs but is only called for direct field valuestemporary_id.test.cjs:120-125verifies malformed refs like#aw_abare left unchanged — the current behavior is tested as intentional, but no warning is producedProposed fix
Add a validation pass in
replaceTemporaryIdReferences()that detects strings matching#aw_prefix but failing the fullTEMPORARY_ID_PATTERNregex, and emits acore.warning()for each malformed reference found.Impact
Frequency: Low — requires the agent to produce a malformed temp ID reference in a message body. More likely when the agent generates references from context rather than from the temp ID map directly.
Cost: Low — malformed refs are cosmetic (literal text in issue bodies), not data loss. But they silently defeat the purpose of temp ID cross-references and can be confusing when auditing created issues.