Skip to content

fix: use yaml.safe_dump for virtual package apm.yml generation#707

Open
edenfunf wants to merge 2 commits intomicrosoft:mainfrom
edenfunf:fix/yaml-colon-in-virtual-package-description
Open

fix: use yaml.safe_dump for virtual package apm.yml generation#707
edenfunf wants to merge 2 commits intomicrosoft:mainfrom
edenfunf:fix/yaml-colon-in-virtual-package-description

Conversation

@edenfunf
Copy link
Copy Markdown
Contributor

@edenfunf edenfunf commented Apr 14, 2026

Problem

When a virtual file or collection dependency (e.g. a single .agent.md) has a : in its description field, apm install fails with:

Invalid YAML format in .../apm.yml: mapping values are not allowed here
  in "...apm.yml", line 3, column 72

Root cause: download_virtual_file_package and download_collection_package in github_downloader.py generated apm.yml by string interpolation (f"""name: {name}\ndescription: {description}\n"""). Any : in a value produces syntactically invalid YAML.

Concrete example from the issue — swe-subagent frontmatter:

description: 'Senior software engineer subagent for implementation tasks: feature development, debugging, refactoring, and testing.'

After stripping the surrounding quotes and dropping into the f-string, the : after "tasks" is parsed as a YAML mapping separator, causing the error.

Fix

Replace both f-string blocks with yaml_to_str() (backed by yaml.safe_dump), which correctly quotes strings that contain :, #, [, or other YAML special characters.

# Before
apm_yml_content = f"""name: {package_name}
version: 1.0.0
description: {description}
author: {dep_ref.repo_url.split('/')[0]}
"""

# After
apm_yml_data = {
    "name": package_name,
    "version": "1.0.0",
    "description": description,
    "author": dep_ref.repo_url.split('/')[0],
}
apm_yml_content = yaml_to_str(apm_yml_data)

yaml_to_str already exists in apm_cli/utils/yaml_io.py and is the established helper for this purpose throughout the codebase.

Tests

Three new unit tests in TestVirtualFilePackageYamlGeneration:

Test What it checks
test_yaml_with_colon_in_description Reproduces the exact swe-subagent failure from #703
test_yaml_with_colon_in_name Colon in the package name field
test_yaml_without_special_characters_still_valid Ordinary descriptions still work (regression guard)

Checklist

  • Bug reproduced locally before fix
  • Fix verified: yaml.safe_load on generated apm.yml succeeds after change
  • Both affected code paths fixed (download_virtual_file_package and download_collection_package)
  • New tests added and passing
  • Existing test suite passes (79 pass, 1 pre-existing unrelated failure)

Closes #703

@edenfunf
fix: use yaml.safe_dump for virtual package apm.yml generation
2e269b8 
When a virtual file or collection package has a `:` in its description,
name, or tag values, the f-string interpolation produced invalid YAML
(e.g. `description: tasks: feature development` triggers a mapping-values
error on load).

Replace both f-string blocks in `download_virtual_file_package` and
`download_collection_package` with `yaml_to_str()` (backed by
`yaml.safe_dump`), which correctly quotes strings containing special
YAML characters.

Fixes microsoft#703
@danielmeppiel danielmeppiel requested a review from Copilot April 14, 2026 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danielmeppiel danielmeppiel Awaiting requested review from danielmeppiel danielmeppiel is a code owner

@sergio-sisternes-epam sergio-sisternes-epam Awaiting requested review from sergio-sisternes-epam sergio-sisternes-epam is a code owner

Copilot code review Copilot Awaiting requested review from Copilot

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG]

2 participants

@edenfunf @danielmeppiel