Refactor threat detection parsing step to separate .cjs file

[Copilot]

The "Parse threat detection results" step was inline JavaScript embedded in Go code. This refactors it to follow the established pattern used by setup_threat_detection.cjs and other modules.

Changes

• Created actions/setup/js/parse_threat_detection_results.cjs

  • Moved parsing logic from buildResultsParsingScript() Go function
  • Added JSDoc documentation and TypeScript references
  • Uses error_helpers.cjs for consistent error handling

• Updated pkg/workflow/threat_detection.go

  • Added buildResultsParsingScriptRequire() to generate require-based script
  • Removed deprecated inline JavaScript functions
  • Updated buildParsingStep() to use new function

• Updated tests

  • Modified assertions to check for require pattern instead of inline code
  • All 126 workflow lock files recompiled with new implementation

Example

Before (inline JavaScript in Go):

func (c *Compiler) buildResultsParsingScript() string {
    return `const fs = require('fs');
    let verdict = { prompt_injection: false, ...};
    // 40+ lines of inline JavaScript
    `
}

After (require pattern):

func (c *Compiler) buildResultsParsingScriptRequire() string {
    return `const { setupGlobals } = require('/tmp/gh-aw/actions/setup_globals.cjs');
    setupGlobals(core, github, context, exec, io);
    const { main } = require('/tmp/gh-aw/actions/parse_threat_detection_results.cjs');
    await main();`
}

Compiled workflow step:

- name: Parse threat detection results
  id: parse_results
  uses: actions/github-script@ed597411
  with:
    script: |
      const { setupGlobals } = require('/tmp/gh-aw/actions/setup_globals.cjs');
      setupGlobals(core, github, context, exec, io);
      const { main } = require('/tmp/gh-aw/actions/parse_threat_detection_results.cjs');
      await main();

Original prompt

Refactor step "Parse threat detection results" into a javascript .cjs file in actions/setup/js and use require to invoke similarly to other files.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

• Recent merged PRs: Add --dir flag to fix command #8693 "Add --dir flag to fix command"; Reduce setup.sh log verbosity by moving file copy messages to debug level #8692 "Reduce setup.sh log verbosity by moving file copy messages to debug level"
• OpenAI curl blocked: ✅
• GitHub MCP last-2 merged PRs: ✅
• File write/read (/tmp/gh-aw/agent/smoke-test-codex-firewall-20668959278.txt): ✅
• example.com curl blocked: ✅
• Network: SANDBOXED
• Overall: PASS

AI generated by Smoke Codex Firewall

[github-actions]

Copilot Engine Smoke Test Results

Last 2 Merged PRs:

• Add --dir flag to fix command #8693: Add --dir flag to fix command
• Reduce setup.sh log verbosity by moving file copy messages to debug level #8692: Reduce setup.sh log verbosity

Test Results:

• ✅ GitHub MCP (default toolsets)
• ✅ File writing
• ✅ Bash tools
• ✅ GitHub MCP toolset restrictions (get_me correctly unavailable)
• ✅ Cache memory

Overall Status: PASS

@pelikhan @Copilot

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results

• ❌ Playwright MCP: Tool not available
• ✅ Cache Memory: File created successfully at /tmp/gh-aw/cache-memory/smoke-test-20668959282.txt
• ❌ Safe Input gh: Tool not available

Overall Status: FAIL (2/3 tests failed - required tools missing)

AI generated by Smoke Copilot Playwright

[github-actions]

Smoke Test Results: Copilot Engine (No Firewall)

Test Status: ⚠️ Partial Pass

Results:

• ✅ Test file creation: Successfully created /tmp/gh-aw/agent/smoke-test-copilot-20668959292.txt
• ✅ Playwright navigation: Successfully navigated to https://github.com and verified page title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
• ❌ GitHub MCP access: 401 authentication errors (Bad credentials)
• ❌ Last 2 merged PRs: Unable to retrieve due to authentication issues
• ❌ List 3 issues: Unable to retrieve due to authentication issues

Issue Identified: The GitHub MCP server is not properly authenticated. All GitHub API calls return 401 Unauthorized errors.

Note: The Playwright tool and file system operations worked correctly, but GitHub API access requires authentication configuration.

AI generated by Smoke Copilot No Firewall

[github-actions]

Smoke Test Results (Claude)

Recent PRs:

• Add --dir flag to fix command #8693: Add --dir flag to fix command
• Reduce setup.sh log verbosity by moving file copy messages to debug level #8692: Reduce setup.sh log verbosity by moving file copy messages to debug level

Test Results:

• ✅ GitHub MCP: Fetched 2 merged PRs
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-claude-20668959288.txt
• ✅ Bash Tool: Verified file contents successfully
• ✅ Playwright MCP: Navigated to github.com, title contains "GitHub"
• ✅ Cache Memory: Created and verified /tmp/gh-aw/cache-memory/smoke-test-20668959288.txt
• ❌ Safe Input gh Tool: Tool not available in current environment

Overall Status: PASS (5/6 tests passed)

AI generated by Smoke Claude

[github-actions]

PRs: Add --dir flag to fix command; Reduce setup.sh log verbosity by moving file copy messages to debug level
GitHub MCP: ✅
File write: ✅ (/tmp/gh-aw/agent/smoke-test-codex-20668959280.txt)
Playwright title: ✅ (contains "GitHub")
Cache memory: ✅ (/tmp/gh-aw/cache-memory/smoke-test-20668959280.txt)
safeinputs-gh issues list: ❌ (command not found)
Overall: FAIL

AI generated by Smoke Codex