feat(#704): surface agent errors in workflow logs

[fullsend-ai-coder]

When an agent run fails, the root cause error is buried in the transcript JSONL artifact. Operators must download and manually search the artifact to diagnose failures.

This adds two improvements:

1. In-process error surfacing (run.go): After transcript extraction,
   parse the JSONL for result events with is_error=true and emit
   ::error:: annotations to stderr. These appear in the GitHub
   Actions job summary, making failures diagnosable without
   downloading artifacts.

2. Standalone extraction script (extract-transcript-error.sh): A
   shell script that extracts errors from transcript files or
   directories. Usable by post-scripts, the triage agent (after
   downloading artifacts via gh run download), and operators
   debugging failed runs.

The transcript parser is intentionally lightweight: it scans only for result-type lines (fast string contains check) and parses the last one. Error messages are truncated to 2000 chars and sanitized to prevent GHA command injection.

New files:

• internal/cli/transcript.go: JSONL parsing and error emission
• internal/cli/transcript_test.go: 15 unit tests
• internal/scaffold/.../extract-transcript-error.sh: standalone tool

Modified:

• internal/cli/run.go: call extractTranscriptErrors after iteration
  loop when agent exits non-zero

---

Closes #704

Post-script verification

• Branch is not main/master (agent/704-surface-transcript-errors)
• Secret scan passed (gitleaks — a97ff3b4fbc3f8942a369347ee2f47240737314f..HEAD)
• Pre-commit hooks passed (authoritative run on runner)
• Tests ran inside sandbox

[github-actions]

fullsend review is working on this — view logs

[github-actions]

Site preview

Preview: https://c7b29a71-site.fullsend-ai.workers.dev

Commit: 1a4e16688b0bc62a3b42978eae2e5ba415645351

[fullsend-ai-review]

Review: #764

Head SHA: 1a4e166
Timestamp: 2026-05-08T00:00:00Z
Outcome: approve

Summary

This PR adds well-structured transcript error surfacing for agent failures, directly addressing issue #704. The Go implementation (transcript.go) is clean, with a fast isResultLine pre-filter, proper JSON parsing, UTF-8-safe truncation, and GHA command injection prevention via the existing sanitizeOutput helper. The standalone shell script mirrors the Go logic faithfully with appropriate sanitization. The integration point in run.go is minimal and correctly scoped to non-zero exit codes on the last iteration. Test coverage is thorough with 15 unit tests covering happy path, edge cases (empty files, missing files, spaced JSON), multi-result semantics, truncation, and GHA annotation output. No critical or high findings.

Findings

Medium

None.

Low

• [Correctness] internal/cli/transcript.go:86-105 — scanner.Err() is never checked after the scan loop. If a JSONL line exceeds maxTranscriptLineSize (1 MB), bufio.Scanner stops scanning entirely and sets scanner.Err() to bufio.ErrTooLong. Any result event after the oversized line would be missed. This is a best-effort diagnostic feature and the 1 MB limit is generous, so the practical risk is very low, but checking scanner.Err() and logging a warning would improve debuggability.
  Remediation: After the scan loop, check if err := scanner.Err(); err != nil and optionally log a warning.

• [Correctness] internal/scaffold/fullsend-repo/scripts/extract-transcript-error.sh:88 — The ${basename} variable in the ::error title=... annotation is not sanitized for GHA command injection (unlike safe_msg). A transcript filename containing :: could inject GHA workflow commands. Practical risk is negligible since transcript filenames are system-generated, but for defense-in-depth it would be worth applying the same sanitization.
  Remediation: Apply ${basename//::/ :} before using it in the annotation.

Info

• [Style] internal/cli/run.go:592 — The step label 9e-bis is a creative numbering scheme. Consider using 9e for the new step and shifting the output scan to 9f (which was already done), or just numbering sequentially without the -bis suffix for clarity.

• [Intent alignment] The PR addresses improvement 1 from issue Agent errors buried in transcript artifacts, not surfaced in workflow logs #704 (surfacing errors in workflow logs). Improvement 2 (letting agents read workflow artifacts) is not addressed, which is appropriate — the issue describes them as separate improvements with different priorities.

Footer

Outcome: approve
This review applies to SHA 1a4e16688b0bc62a3b42978eae2e5ba415645351. Any push to the PR head clears this review and requires a new evaluation.

Previous run

Review: #764

Head SHA: b8e7569
Timestamp: 2026-05-08T00:00:00Z
Outcome: approve

Summary

Clean, well-scoped change that adds transcript error surfacing to GitHub Actions workflow logs. The Go implementation is solid — proper use of sanitizeOutput for GHA command injection prevention, efficient JSONL scanning with a fast-path string check, sensible truncation, and thorough test coverage (15 tests covering error/success/empty/missing/multi-result cases). The integration point in run.go is correct: it targets the last iteration directory using the 1-indexed runCount, only fires on non-zero exit, and is positioned before the output scan step. Three non-blocking observations below.

Findings

Medium

• [content security] internal/scaffold/fullsend-repo/scripts/extract-transcript-error.sh:82 — The shell script sanitizes :: to prevent GHA command injection but does not strip URL-encoded newlines (%0A, %0D) that GitHub Actions also interprets as line breaks in workflow commands. An attacker-controlled transcript error message containing %0A::warning::spoofed would inject additional annotations. The Go code handles this correctly via sanitizeOutput (which strips %0A/%0D), but the shell script is inconsistent. Consider adding: safe_msg="${safe_msg//%0A/ }" and similar for %0a, %0D, %0d.
  Remediation: Add %0A/%0D (case-insensitive) replacement to the shell script's sanitization, matching the Go sanitizeOutput behavior.

Low

• [correctness] internal/cli/transcript.go:126 — truncateError truncates by byte length (len(msg)) rather than rune count. If the 2000-byte boundary falls mid-way through a multi-byte UTF-8 character, the resulting string will contain an incomplete rune. This is unlikely to cause problems in practice (the message is printed to stderr and GHA annotations), but utf8.RuneCountInString would be more correct.

Info

• [style/conventions] internal/cli/transcript_test.go:149 — Test function name has a typo: TestExtractTranscriptErrors_MultiplFiles is missing the 'e' in 'Multiple'. Consider renaming to TestExtractTranscriptErrors_MultipleFiles.

Footer

Outcome: approve
This review applies to SHA b8e756993211deff48899f4d5cf8ccf1ef3ff50e. Any push to the PR head clears this review and requires a new evaluation.

[ralphbean]

Well-scoped, useful feature that directly addresses #704. The Go implementation is solid overall — clean separation of concerns, good test coverage, and correct integration point in run.go. Five findings below, the most important being unsanitized values interpolated into GHA workflow commands (filename and subtype) and inconsistent sanitization in the shell script.

[ralphbean]

[critical] s.Source (derived from the JSONL filename via filepath.Base) is interpolated directly into the ::error:: workflow command without sanitization. Only msg goes through sanitizeOutput. A crafted filename containing %0A or :: sequences could inject additional GHA commands.

The fallback on line 142 has the same issue with s.Subtype.

Fix:

fmt.Fprintf(w, "::error title=Agent Error (%s)::%s\n", sanitizeOutput(s.Source), msg)

And for the fallback:

msg = fmt.Sprintf("agent terminated with error (subtype: %s)", sanitizeOutput(s.Subtype))

[ralphbean]

[important] The sanitization here only strips :: but does not handle %0A/%0D (URL-encoded newlines) that GitHub Actions also interprets as line breaks in workflow commands. The Go sanitizeOutput function handles these correctly. An attacker-controlled transcript message containing %0A::warning::spoofed would inject additional annotations.

Fix — add after the existing :: replacement:

safe_msg="${safe_msg//%0A/ }"
safe_msg="${safe_msg//%0a/ }"
safe_msg="${safe_msg//%0D/ }"
safe_msg="${safe_msg//%0d/ }"

[ralphbean]

[moderate] truncateError uses byte length (len(msg)) and byte slicing (msg[:maxTranscriptErrorLength]). If the 2000-byte boundary falls in the middle of a multi-byte UTF-8 character (emoji, CJK, etc.), the result contains an incomplete rune.

Fix — walk back to a valid rune boundary, e.g.:

truncated := msg[:maxTranscriptErrorLength]
for len(truncated) > 0 && !utf8.Valid([]byte(truncated)) {
    truncated = truncated[:len(truncated)-1]
}
return truncated + "… (truncated)"

[ralphbean]

[minor] isResultLine converts []byte to string via strings.Contains(string(line), ...), which allocates a new string (up to 1 MB per line, twice). Since this is meant to be a cheap pre-filter to avoid json.Unmarshal, use bytes.Contains instead to avoid the allocation:

func isResultLine(line []byte) bool {
    return bytes.Contains(line, []byte(`"type":"result"`)) ||
        bytes.Contains(line, []byte(`"type": "result"`))
}

[ralphbean]

[nit] Typo: TestExtractTranscriptErrors_MultiplFiles → TestExtractTranscriptErrors_MultipleFiles (missing 'e' in 'Multiple').

[ralphbean]

/fix those inline comments, please

[github-actions]

fullsend fix is working on this — view logs

[fullsend-ai-coder]

🔧 Fix agent — iteration 1 (human-triggered)

Addressed all 5 inline review findings from ralphbean: sanitized Source/Subtype in GHA commands (critical), added %0A/%0D sanitization to shell script (important), fixed UTF-8 truncation (moderate), switched to bytes.Contains (minor), fixed test name typo (nit). All 14 transcript tests pass.

Fixed (5):

1. unsanitized s.Source and s.Subtype in GHA workflow commands (internal/cli/transcript.go): Wrapped s.Source and s.Subtype with sanitizeOutput() in emitTranscriptErrors to prevent GHA command injection via crafted filenames or subtypes containing %0A or :: sequences.
2. shell script missing %0A/%0D sanitization (internal/scaffold/fullsend-repo/scripts/extract-transcript-error.sh): Added %0A/%0a/%0D/%0d replacement to safe_msg in the GHA annotation block, matching the Go sanitizeOutput behavior.
3. truncateError splits multi-byte UTF-8 characters (internal/cli/transcript.go): Added utf8.Valid walk-back loop so truncation never splits a multi-byte rune. Added unicode/utf8 import.
4. isResultLine allocates via string conversion (internal/cli/transcript.go): Replaced strings.Contains(string(line), ...) with bytes.Contains(line, []byte(...)) to avoid unnecessary heap allocations on lines up to 1 MB. Added bytes import.
5. typo in test name MultiplFiles (internal/cli/transcript_test.go): Renamed TestExtractTranscriptErrors_MultiplFiles to TestExtractTranscriptErrors_MultipleFiles.

Tests: passed

_{Updated by fullsend fix agent}

[github-actions]

fullsend review is working on this — view logs