Plan: Fix shell quoting bug in tech-sweep-exec inline comment posting#
Summary#
Refactor tech-sweep-exec SKILL.md to use safe JSON construction (jq -n + gh api --input -) for inline PR comment posting, replacing the current -f body='<text>' pattern that breaks on newlines, quotes, and backticks. Also add a dedicated post-inline-comment.sh tool script with built-in error handling and a regression test.
Files#
| File | Action | Description |
|---|---|---|
.openclaw/workspace/skills/tech-sweep-exec/SKILL.md | modify | Replace inline comment API section with safe jq + --input - pattern; update failure behavior to log-and-continue |
scripts/tools/post-inline-comment.sh | create | Reusable shell script for posting inline PR comments via safe JSON construction (mirrors post-review.sh pattern) |
scripts/tools/test-inline-comment-quoting.sh | create | Regression test exercising comment bodies with newlines, double-quotes, and backticks |
Steps#
- Create
scripts/tools/post-inline-comment.sh— a shell script that accepts--repo,--pr,--commit,--path,--line,--body-file(or stdin), constructs JSON viajq -n --arg, and posts viagh api --input -. On non-2xx response, exit non-zero with logged error. Follow the pattern established byscripts/tools/post-review.sh. - Update
tech-sweep-exec/SKILL.mdinline comment API section (lines 29–43) to instruct the executor to write the comment body to a temp file, then callpost-inline-comment.sh(or equivalently usejq -n+--input -directly). Remove the raw-f body='<text>'pattern entirely. - Update
tech-sweep-exec/SKILL.mdfailure behavior section (lines 82–84) to log-and-continue on inline comment POST failure instead of halting all remaining actions. Top-level review still posts first; if an inline comment fails, log the error and proceed to the next inline comment and subsequent state updates. - Create
scripts/tools/test-inline-comment-quoting.sh— a dry-run regression test that constructs a JSON payload with a body containing newlines, double-quotes, and a backtick, validates JSON is well-formed viajq ., and optionally posts to a real PR if--liveflag is provided.
Verification#
- Run
test-inline-comment-quoting.shand confirm JSON construction succeeds for bodies with all three tricky character types. - Manually trigger a tech-sweep-exec run against a test PR with an inline comment containing newlines + quotes + backticks and confirm the comment posts successfully.
- Confirm that a simulated inline POST failure (e.g., invalid line number) logs the error but does not prevent remaining actions from executing.
Risks#
- Skill instruction change scope:
tech-sweep-execis a Claude skill (prompt-level instructions), not compiled code. Changes to SKILL.md alter agent behavior at next invocation — no deployment needed, but the agent must re-read the skill on its next run. post-inline-comment.shadoption: The new helper script is opt-in for the skill; if the SKILL.md update references it, the script must exist on the runner's filesystem before the next sweep cycle.