fix: "Did you mean?" suggestions for nested enum violations (e.g., permission level typos)

[Copilot]

• Explore codebase to understand current error message system
• Test current error messages for engine typos, permission scope typos, permission level typos
• Fix extractYAMLValueAtPath to support nested paths (e.g., /permissions/contents)
• Fix regex bug in extractTopLevelYAMLValue/extractNestedYAMLValue (prevented cross-line matching)
• Add extractEnumConstraintPath to find actual sub-path in oneOf error messages
• Deduplicate FindClosestMatches results to prevent duplicate suggestions
• Update tests to cover new nested path support and enum constraint path extraction
• Anchor extractTopLevelYAMLValue to column 0 (removes ^\s*) so indented keys with the same name don't satisfy top-level path lookups
• Track direct-child indent in extractNestedYAMLValue to avoid returning grandchild values when a direct child exists at a shallower level
• Add end-to-end generateSchemaBasedSuggestions test for nested oneOf enum violation (path=/permissions, typo contents: raed → "Did you mean 'read'?")
• Run build/fmt/lint/tests - all pass

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Pull request overview

Improves "Did you mean?" suggestions for enum constraint violations when the schema error is reported at a container path (notably oneOf-driven nested enums like permissions.contents), by extracting the correct nested path and correctly reading the user’s YAML value for fuzzy matching.

Changes:

• Extract the actual enum-constraint JSON path from oneOf error messages (extractEnumConstraintPath) before looking up the user-entered value.
• Fix YAML value extraction to avoid cross-line regex matching and add 2-segment nested path support (/parent/child).
• Deduplicate closest-match results to avoid repeated suggestions and add unit tests for the new helpers.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
pkg/parser/schema_suggestions.go	Adds nested-path extraction for enum errors, improves YAML scalar parsing (including 2-level nesting), and deduplicates enum suggestions.
pkg/parser/schema_suggestions_test.go	Extends YAML path extraction tests and adds coverage for extracting nested enum constraint paths from oneOf messages.

Comments suppressed due to low confidence (1)

pkg/parser/schema_suggestions.go:556

• extractNestedYAMLValue recompiles 3 regular expressions (regexp.MustCompile) for every line in the parent block. This is avoidable overhead and makes the loop harder to follow; consider compiling the child regexes once before iterating (or doing a lightweight colon-split parse for the current line) and reusing them.

		// Try to match child key with its value (single-quoted, double-quoted, unquoted).
		childPrefix := `^\s+` + escapedChild + `[ \t]*:[ \t]*`
		reSingle := regexp.MustCompile(childPrefix + `'([^'\n]+)'`)
		if match := reSingle.FindStringSubmatch(line); len(match) >= 2 {
			return strings.TrimSpace(match[1])
		}
		reDouble := regexp.MustCompile(childPrefix + `"([^"\n]+)"`)
		if match := reDouble.FindStringSubmatch(line); len(match) >= 2 {

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

extractTopLevelYAMLValue is intended to read a top-level scalar, but the regexes are anchored with ^\s*, so they will also match nested/indented occurrences of the same key (e.g. parent:\n engine: copilot would satisfy path /engine). Consider anchoring to the start of line with no indentation (or otherwise explicitly restricting to indent=0) so top-level lookups can’t accidentally read nested keys now that nested path support exists.

See below for a potential fix:

	reSingle := regexp.MustCompile(`(?m)^` + escapedField + `[ \t]*:[ \t]*'([^'\n]+)'`)
	if match := reSingle.FindStringSubmatch(yamlContent); len(match) >= 2 {
		return strings.TrimSpace(match[1])
	}
	// Try double-quoted value: field: "value"
	reDouble := regexp.MustCompile(`(?m)^` + escapedField + `[ \t]*:[ \t]*"([^"\n]+)"`)
	if match := reDouble.FindStringSubmatch(yamlContent); len(match) >= 2 {
		return strings.TrimSpace(match[1])
	}
	// Try unquoted value: field: value
	reUnquoted := regexp.MustCompile(`(?m)^` + escapedField + `[ \t]*:[ \t]*([^'"\n#][^\n#]*?)(?:[ \t]*#.*)?$`)

[Copilot]

extractNestedYAMLValue will match the child key at any indentation level deeper than the parent because the child regex uses ^\s+... and there’s no check that the key is a direct child of parentKey. This can return the wrong value when the same key appears in a deeper nested mapping within the parent block (grandchild) before the direct child. Consider deriving the direct-child indentation level (e.g., the minimum indent > parentIndent) and only matching keys at that indentation.

This issue also appears on line 549 of the same file.

[Copilot]

The PR’s main behavior change is improving enum "Did you mean?" for nested oneOf errors, but the tests currently only cover extractEnumConstraintPath and extractYAMLValueAtPath separately. Add an end-to-end test for generateSchemaBasedSuggestions where jsonPath is the container (e.g. /permissions), the error message contains a nested enum line (e.g. - at '/permissions/contents': value must be one of ...), and frontmatter has a typo (contents: raed), asserting that the returned suggestion includes Did you mean 'read'?.

[pelikhan]

@copilot review comments

[Copilot]

@copilot review comments

Addressed all three review points in commit 1afc55f:

1. extractTopLevelYAMLValue indentation anchor — Changed ^\s* to ^ (column-0 anchor) so indented keys with the same name never satisfy a top-level path lookup.

2. extractNestedYAMLValue direct-child only — Added a childIndent tracker set from the first non-blank line inside the parent block. Subsequent lines at a deeper indent are skipped, preventing grandchild keys from being returned.

3. End-to-end generateSchemaBasedSuggestions test — Added a test case with jsonPath="/permissions", a oneOf error message embedding - at '/permissions/contents': value must be one of 'read', 'write', 'none', and frontmatter contents: raed, asserting the result contains "Did you mean 'read'?".