feat: add support for `/stdlib todo` slash command by anandkaranubc · Pull Request #12014 · stdlib-js/stdlib

anandkaranubc · 2026-05-09T18:07:04Z

Resolves stdlib-js/metr-issue-tracker#185

Description

What is the purpose of this pull request?

This pull request:

adds support for /stdlib todo slash command

Related Issues

Does this pull request have any related issues?

This pull request has the following related issues:

[RFC]: add support for a stdlib-bot todo command metr-issue-tracker#185

Questions

Any questions for reviewers of this pull request?

No.

Other

Any other information relevant to this pull request? This may include screenshots, references, and/or implementation notes.

No.

Checklist

Please ensure the following tasks are completed before submitting this pull request.

Read, understood, and followed the contributing guidelines.

AI Assistance

When authoring the changes proposed in this PR, did you use any kind of AI assistance?

Yes
No

If you answered "yes" above, how did you use AI assistance?

Code generation (e.g., when writing an implementation or fixing a bug)
Test/benchmark generation
Documentation (including examples)
Research and understanding

Disclosure

If you answered "yes" to using AI assistance, please provide a short disclosure indicating how you used AI assistance. This helps reviewers determine how much scrutiny to apply when reviewing your contribution. Example disclosures: "This PR was written primarily by Claude Code." or "I consulted ChatGPT to understand the codebase, but the proposed changes were fully authored manually by myself.".

Used Cursor+VS Code code-generation tools to help assist with the feature.

@stdlib-js/reviewers

--- type: pre_commit_static_analysis_report description: Results of running static analysis checks when committing changes. report: - task: lint_filenames status: passed - task: lint_editorconfig status: passed - task: lint_markdown status: na - task: lint_package_json status: na - task: lint_repl_help status: na - task: lint_javascript_src status: na - task: lint_javascript_cli status: na - task: lint_javascript_examples status: na - task: lint_javascript_tests status: na - task: lint_javascript_benchmarks status: na - task: lint_python status: na - task: lint_r status: na - task: lint_c_src status: na - task: lint_c_examples status: na - task: lint_c_benchmarks status: na - task: lint_c_tests_fixtures status: na - task: lint_shell status: na - task: lint_typescript_declarations status: passed - task: lint_typescript_tests status: na - task: lint_license_headers status: passed ---

--- type: pre_commit_static_analysis_report description: Results of running static analysis checks when committing changes. report: - task: lint_filenames status: passed - task: lint_editorconfig status: passed - task: lint_markdown status: na - task: lint_package_json status: na - task: lint_repl_help status: na - task: lint_javascript_src status: na - task: lint_javascript_cli status: na - task: lint_javascript_examples status: na - task: lint_javascript_tests status: na - task: lint_javascript_benchmarks status: na - task: lint_python status: na - task: lint_r status: na - task: lint_c_src status: na - task: lint_c_examples status: na - task: lint_c_benchmarks status: na - task: lint_c_tests_fixtures status: na - task: lint_shell status: passed - task: lint_typescript_declarations status: passed - task: lint_typescript_tests status: na - task: lint_license_headers status: passed ---

--- type: pre_commit_static_analysis_report description: Results of running static analysis checks when committing changes. report: - task: lint_filenames status: passed - task: lint_editorconfig status: passed - task: lint_markdown status: na - task: lint_package_json status: na - task: lint_repl_help status: na - task: lint_javascript_src status: na - task: lint_javascript_cli status: na - task: lint_javascript_examples status: na - task: lint_javascript_tests status: na - task: lint_javascript_benchmarks status: na - task: lint_python status: na - task: lint_r status: na - task: lint_c_src status: na - task: lint_c_examples status: na - task: lint_c_benchmarks status: na - task: lint_c_tests_fixtures status: na - task: lint_shell status: na - task: lint_typescript_declarations status: passed - task: lint_typescript_tests status: na - task: lint_license_headers status: passed ---

--- type: pre_commit_static_analysis_report description: Results of running static analysis checks when committing changes. report: - task: lint_filenames status: passed - task: lint_editorconfig status: passed - task: lint_markdown status: na - task: lint_package_json status: na - task: lint_repl_help status: na - task: lint_javascript_src status: na - task: lint_javascript_cli status: na - task: lint_javascript_examples status: na - task: lint_javascript_tests status: na - task: lint_javascript_benchmarks status: na - task: lint_python status: na - task: lint_r status: na - task: lint_c_src status: na - task: lint_c_examples status: na - task: lint_c_benchmarks status: na - task: lint_c_tests_fixtures status: na - task: lint_shell status: passed - task: lint_typescript_declarations status: passed - task: lint_typescript_tests status: na - task: lint_license_headers status: passed ---

…al fields --- type: pre_commit_static_analysis_report description: Results of running static analysis checks when committing changes. report: - task: lint_filenames status: passed - task: lint_editorconfig status: passed - task: lint_markdown status: na - task: lint_package_json status: na - task: lint_repl_help status: na - task: lint_javascript_src status: na - task: lint_javascript_cli status: na - task: lint_javascript_examples status: na - task: lint_javascript_tests status: na - task: lint_javascript_benchmarks status: na - task: lint_python status: na - task: lint_r status: na - task: lint_c_src status: na - task: lint_c_examples status: na - task: lint_c_benchmarks status: na - task: lint_c_tests_fixtures status: na - task: lint_shell status: passed - task: lint_typescript_declarations status: passed - task: lint_typescript_tests status: na - task: lint_license_headers status: passed ---

--- type: pre_commit_static_analysis_report description: Results of running static analysis checks when committing changes. report: - task: lint_filenames status: passed - task: lint_editorconfig status: passed - task: lint_markdown status: na - task: lint_package_json status: na - task: lint_repl_help status: na - task: lint_javascript_src status: na - task: lint_javascript_cli status: na - task: lint_javascript_examples status: na - task: lint_javascript_tests status: na - task: lint_javascript_benchmarks status: na - task: lint_python status: na - task: lint_r status: na - task: lint_c_src status: na - task: lint_c_examples status: na - task: lint_c_benchmarks status: na - task: lint_c_tests_fixtures status: na - task: lint_shell status: passed - task: lint_typescript_declarations status: passed - task: lint_typescript_tests status: na - task: lint_license_headers status: passed ---

--- type: pre_commit_static_analysis_report description: Results of running static analysis checks when committing changes. report: - task: lint_filenames status: passed - task: lint_editorconfig status: passed - task: lint_markdown status: na - task: lint_package_json status: na - task: lint_repl_help status: na - task: lint_javascript_src status: na - task: lint_javascript_cli status: na - task: lint_javascript_examples status: na - task: lint_javascript_tests status: na - task: lint_javascript_benchmarks status: na - task: lint_python status: na - task: lint_r status: na - task: lint_c_src status: na - task: lint_c_examples status: na - task: lint_c_benchmarks status: na - task: lint_c_tests_fixtures status: na - task: lint_shell status: na - task: lint_typescript_declarations status: passed - task: lint_typescript_tests status: na - task: lint_license_headers status: passed ---

kgryte · 2026-05-16T00:54:17Z

+#
+# @license Apache-2.0
+#
+# Copyright (c) 2024 The Stdlib Authors.


Suggested change

# Copyright (c) 2024 The Stdlib Authors.

# Copyright (c) 2026 The Stdlib Authors.

kgryte · 2026-05-16T00:55:26Z

+	local tmp_dir
+	local tmp_comment
+	local tmp_attrs
+	local tmp_content
+	local quote
+	local attrs
+	local stdlib_target
+	local labels_raw
+	local labels_json
+	local content
+	local first_line
+	local title
+	local body_raw
+	local body
+	local target_owner
+	local target_repo
+	local membership_status
+	local provenance
+	local issue_body
+	local issue_payload
+	local issue_response
+	local issue_url
+	local requested_label
+	local dropped_labels
+	local dropped_list
+	local label


Ideally, this would be ordered according to variable length.

kgryte · 2026-05-16T00:57:17Z

+	if [ ! -f "${tmp_attrs}" ]; then
+		post_source_comment "${quote}
+
+@${COMMENTER}, failed to parse the ${bt}/stdlib todo${bt} command. Expected a fenced code block with attributes, e.g.,


Suggested change

@${COMMENTER}, failed to parse the ${bt}/stdlib todo${bt} command. Expected a fenced code block with attributes, e.g.,

@${COMMENTER}, failed to parse the ${bt}/stdlib todo${bt} command. Expected a fenced code block with attributes; e.g.,

kgryte · 2026-05-16T00:59:30Z

+		labels_json='[]'
+	fi
+
+	# Parse the issue title from the '[TODO]: ...' line:


We shouldn't require that the subject line always be a TODO. I should also be able to do [BUG]: or [RFC]: or some other issue.

kgryte · 2026-05-16T01:01:34Z

+	fi
+
+	# Verify the commenter is a member of the target organization:
+	membership_status=$(curl -s -o /dev/null -w "%{http_code}" \


This cannot happen this late in the validation. It needs to happen before we even get to this script. Why? Otherwise, malicious actors could use command injection and steal secrets. This script is likely to be operating within a privileged context.

It is likely worth also keep this validation in this script. But it still needs to be moved to before any parsing logic happens.

kgryte · 2026-05-16T01:03:36Z

+      # Create a new todo issue:
+      - name: 'Create a new todo issue'
+        env:
+          GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN || secrets.STDLIB_BOT_PAT_REPO_WRITE }}


This second token is not among the list of secrets listed as accessible to the workflow. Is that or its inclusion here intentional?

kgryte

Left a few more comments.

anandkaranubc added 2 commits May 9, 2026 11:02

Merge branch 'develop' into stdlib-todo-bot

7bf24b8

anandkaranubc requested a review from a team May 9, 2026 18:07

stdlib-bot added the Needs Review A pull request which needs code review. label May 9, 2026

anandkaranubc added Feature Issue or pull request for adding a new feature. METR Pull request associated with the METR project. labels May 9, 2026

anandkaranubc commented May 9, 2026

View reviewed changes

Comment thread .github/workflows/slash_commands.yml Outdated

anandkaranubc commented May 9, 2026

View reviewed changes

Comment thread .github/workflows/slash_commands.yml Outdated

Comment thread .github/workflows/slash_commands.yml Outdated

Comment thread .github/workflows/slash_commands.yml Outdated

Comment thread .github/workflows/slash_commands.yml Outdated

anandkaranubc requested a review from kgryte May 9, 2026 18:19

anandkaranubc changed the title ~~feat: add support for /stdlib todo slash command~~ build: add support for /stdlib todo slash command May 9, 2026

anandkaranubc added the CI Issue or pull request specific to continuous integration environments. label May 9, 2026

anandkaranubc changed the title ~~build: add support for /stdlib todo slash command~~ feat: add support for /stdlib todo slash command May 9, 2026

kgryte reviewed May 12, 2026

View reviewed changes

Comment thread .github/workflows/slash_commands.yml Outdated

kgryte reviewed May 12, 2026

View reviewed changes

Comment thread .github/workflows/slash_commands.yml Outdated

anandkaranubc added 2 commits May 13, 2026 20:53

Merge branch 'develop' into stdlib-todo-bot

d62e280

kgryte added Needs Changes Pull request which needs changes before being merged. and removed Needs Review A pull request which needs code review. labels May 14, 2026

anandkaranubc added 8 commits May 14, 2026 20:33

Merge branch 'develop' into stdlib-todo-bot

b3b6379

kgryte reviewed May 16, 2026

View reviewed changes

kgryte requested changes May 16, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: add support for `/stdlib todo` slash command#12014

feat: add support for `/stdlib todo` slash command#12014
anandkaranubc wants to merge 12 commits into
stdlib-js:developfrom
anandkaranubc:stdlib-todo-bot

anandkaranubc commented May 9, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kgryte May 16, 2026

Uh oh!

kgryte May 16, 2026

Uh oh!

kgryte May 16, 2026

Uh oh!

kgryte May 16, 2026

Uh oh!

kgryte May 16, 2026

Uh oh!

kgryte May 16, 2026

Uh oh!

kgryte May 16, 2026

Uh oh!

kgryte left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

	# Copyright (c) 2024 The Stdlib Authors.
	# Copyright (c) 2026 The Stdlib Authors.

	@${COMMENTER}, failed to parse the ${bt}/stdlib todo${bt} command. Expected a fenced code block with attributes, e.g.,
	@${COMMENTER}, failed to parse the ${bt}/stdlib todo${bt} command. Expected a fenced code block with attributes; e.g.,

Uh oh!

Conversation

anandkaranubc commented May 9, 2026

Description

Related Issues

Questions

Other

Checklist

AI Assistance

Disclosure

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kgryte May 16, 2026

Choose a reason for hiding this comment

Uh oh!

kgryte May 16, 2026

Choose a reason for hiding this comment

Uh oh!

kgryte May 16, 2026

Choose a reason for hiding this comment

Uh oh!

kgryte May 16, 2026

Choose a reason for hiding this comment

Uh oh!

kgryte May 16, 2026

Choose a reason for hiding this comment

Uh oh!

kgryte May 16, 2026

Choose a reason for hiding this comment

Uh oh!

kgryte May 16, 2026

Choose a reason for hiding this comment

Uh oh!

kgryte left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants