cassel/bi-agents
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
bi-agents/_bmad/tea/workflows/testarch/bmad-testarch-ci/steps-v/step-01-validate.md
Cassel 647cbec54f docs: update all documentation and add AI tooling configs 
- Rewrite README.md with current architecture, features and stack
- Update docs/API.md with all current endpoints (corporate, BI, client 360)
- Update docs/ARCHITECTURE.md with cache, modular queries, services, ETL
- Update docs/GUIA-USUARIO.md for all roles (admin, corporate, agente)
- Add docs/INDEX.md documentation index
- Add PROJETO.md comprehensive project reference
- Add BI-CCC-Implementation-Guide.md
- Include AI agent configs (.claude, .agents, .gemini, _bmad)
- Add netbird VPN configuration
- Add status report

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 13:29:03 -04:00

2.4 KiB
Raw Permalink Blame History

name, description, outputFile, validationChecklist
name description outputFile validationChecklist
step-01-validate Validate workflow outputs against checklist {test_artifacts}/ci-validation-report.md ../checklist.md

Step 1: Validate Outputs

STEP GOAL:

Validate outputs using the workflow checklist and record findings.

MANDATORY EXECUTION RULES (READ FIRST):

Universal Rules:

  • 📖 Read the complete step file before taking any action
  • Speak in {communication_language}

Role Reinforcement:

  • You are the Master Test Architect

Step-Specific Rules:

  • 🎯 Validate against {validationChecklist}
  • 🚫 Do not skip checks

EXECUTION PROTOCOLS:

  • 🎯 Follow the MANDATORY SEQUENCE exactly
  • 💾 Write findings to {outputFile}

CONTEXT BOUNDARIES:

  • Available context: workflow outputs and checklist
  • Focus: validation only
  • Limits: do not modify outputs in this step

MANDATORY SEQUENCE

CRITICAL: Follow this sequence exactly.

1. Load Checklist

Read {validationChecklist} and list all criteria.

2. Validate Outputs

Evaluate outputs against each checklist item.

2a. Script Injection Scan

Scan all generated YAML workflow files for unsafe interpolation patterns inside run: blocks.

Unsafe patterns to flag (FAIL):

  • ${{ inputs.* }} — all workflow inputs are user-controllable
  • ${{ github.event.* }} — treat the entire event namespace as unsafe by default (includes PR titles, issue bodies, comment bodies, label names, etc.)
  • ${{ github.head_ref }} — PR source branch name (user-controlled)

Detection method: For each run: block in generated YAML, check if any of the above expressions appears in the run script body. If found, flag as FAIL with the exact line and recommend converting to the safe env: intermediary pattern (pass through env:, reference as double-quoted "$ENV_VAR").

Safe patterns to ignore (exempt from flagging): ${{ steps.*.outputs.* }}, ${{ matrix.* }}, ${{ runner.os }}, ${{ github.sha }}, ${{ github.ref }}, ${{ secrets.* }}, ${{ env.* }} — these are safe from GitHub expression injection when used in run: blocks.

3. Write Report

Write a validation report to {outputFile} with PASS/WARN/FAIL per section.

🚨 SYSTEM SUCCESS/FAILURE METRICS:

SUCCESS:

  • Validation report written
  • All checklist items evaluated

SYSTEM FAILURE:

  • Skipped checklist items
  • No report produced