Skip to content

fix(repo-clone): stop leaking ADO PAT + tolerant Jira-key parser (#566)#565

Open
IBondarenko-iwg wants to merge 5 commits into
andresharpe:mainfrom
IBondarenko-iwg:fix/557-repo-clone-pat-jira-parse
Open

fix(repo-clone): stop leaking ADO PAT + tolerant Jira-key parser (#566)#565
IBondarenko-iwg wants to merge 5 commits into
andresharpe:mainfrom
IBondarenko-iwg:fix/557-repo-clone-pat-jira-parse

Conversation

@IBondarenko-iwg

@IBondarenko-iwg IBondarenko-iwg commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Linked issue

Closes #566
Refs #557

One of several child PRs for the 8-bug epic #557, delivering bugs 6 and 7 (both in the repo-clone tool). Merging Closes its child issue #566; the epic #557 stays open and is closed manually once all child PRs land — hence Refs #557, not Closes.

Summary of changes

content/workflows/start-from-jira/systems/mcp/tools/repo-clone/script.ps1:

Bug 7 (security — PAT leak). The clone URL embedded the raw AZURE_DEVOPS_PAT in its userinfo (https://<PAT>@dev.azure.com/...), leaking it two ways: visible in the git process command line (Win32_Process.CommandLine) and persisted into the cloned repo's .git/config as remote.origin.url. Now authenticates with a host-scoped http.extraHeader injected via the GIT_CONFIG_* environment (git ≥ 2.31): credential-free clone URL, header lives only in a process env var for the single clone and is restored in finally, nothing written to .git/config.

Bug 6 (Jira parse + clone guard). The Jira-key parser only matched a canonical | Jira Key | KEY | row, but agents free-form the metadata table (Primary Jira Keys, Parent Epic, …), so the key stayed null and cloning threw "Run Phase 0 first" — killing the whole code-execution phase. New Get-RepoCloneJiraKey tries the canonical row → label variants → H1 title → any key-shaped token (case-sensitive, so utf-8/sha-1 aren't mistaken for keys). The "already cloned" guard only tested Test-Path, so a leftover empty gitlink dir reported already_cloned with no source; new Test-RepoCloneComplete requires a resolvable HEAD + ≥1 tracked file. An empty leftover is reclaimed; a non-empty incomplete clone returns an incomplete_clone error instead of being force-deleted.

Hardening from self-review (pwsh-review): path-traversal guard on repo/project before the force-delete path, GIT_CONFIG_* save/restore, UTF-8 Basic-auth token.

Known follow-up (out of scope): the NuGet section still sets the ADO PAT in a process env var for a later step — left as-is to avoid breaking restore; tracked for a later PR.

Testing notes

New repo-clone/test.ps1 (12 cases, run by Layer 2 / tests/Test-ToolLocal.ps1):

  • Get-RepoCloneJiraKey: canonical row, Primary Jira Keys, Parent Epic, H1 fallback, null cases, lowercase-key + utf-8-token rejection.
  • Test-RepoCloneComplete: missing path, empty dir, repo with no commit, populated repo.

PARSE OK; PSScriptAnalyzer clean (only pre-existing PSAvoidGlobalVars). Manual PAT check after a clone: git -C <clone> config remote.origin.url shows no PAT, and the PAT never appears in clone process args.

Checklist

@github-actions

Copy link
Copy Markdown
Contributor

This PR is missing a linked issue reference.

Please add one of the following to the PR description:

  • Closes #<issue-number>
  • Fixes #<issue-number>
  • Resolves #<issue-number>

If this is a trivial change that doesn't need an issue, ask a maintainer to add the no-issue label.

@IBondarenko-iwg IBondarenko-iwg changed the title Fix/557 repo clone pat jira parse fix(repo-clone): stop leaking ADO PAT + tolerant Jira-key parser (#566) Jun 30, 2026
@DKuleshov DKuleshov requested a review from Copilot June 30, 2026 13:21

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the repo-clone MCP tool in the start-from-jira workflow by preventing Azure DevOps PAT exposure during git clone, and by making Jira-key extraction more tolerant to real-world jira-context.md formatting drift.

Changes:

  • Add Get-RepoCloneJiraKey to extract Jira keys from multiple table/header patterns (with a case-sensitive fallback).
  • Prevent ADO PAT leakage by using a host-scoped http.extraHeader via GIT_CONFIG_* env vars instead of embedding credentials in the clone URL, with masking and env restore in finally.
  • Add local tests for Jira-key parsing and clone-completeness detection.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
content/workflows/start-from-jira/systems/mcp/tools/repo-clone/script.ps1 Adds Jira-key parsing helper, strengthens “already cloned” detection, and switches ADO auth to header-based configuration to avoid PAT persistence/exposure.
content/workflows/start-from-jira/systems/mcp/tools/repo-clone/test.ps1 Introduces helper-focused tests covering Jira-key parsing variants and the clone completeness guard behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread content/workflows/start-from-jira/systems/mcp/tools/repo-clone/script.ps1 Outdated

@carlospedreira carlospedreira left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving one inline review note on the Git config preservation edge case.

Comment thread content/workflows/start-from-jira/systems/mcp/tools/repo-clone/script.ps1 Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Inbox

Development

Successfully merging this pull request may close these issues.

Repo-clone: ADO PAT leaked in clone URL + Jira-key parser blocks all clones (#557 bugs 6,7)

3 participants