t1084: Fix auto-update-helper.sh CodeRabbit feedback — input validation, help text, pgrep pattern

[marcusquinn]

Summary

Addresses 3 issues raised by CodeRabbit in PR #1591 review.

Fix 1: Input validation for AIDEVOPS_SKILL_FRESHNESS_HOURS (crash under set -e)

Non-numeric value in AIDEVOPS_SKILL_FRESHNESS_HOURS caused a bash arithmetic error that crashes the script under set -e. Added regex validation before the arithmetic expansion; falls back to DEFAULT_SKILL_FRESHNESS_HOURS with a log_warn entry.

Fix 2: Help text / invocation mismatch

Help text documented 'skill-update-helper.sh --auto-update --quiet' but the actual runtime call was 'skill-update-helper.sh check --auto-update --quiet'. Updated help text to include the check subcommand, matching the real invocation.

Fix 3: pgrep -f pattern too broad

pgrep -f 'setup.sh' could match unrelated projects' setup.sh scripts, causing a false-positive 'update already running' skip. Tightened to pgrep -f '${INSTALL_DIR}/setup.sh' to scope the match to the aidevops install directory.

Testing

bash -n .agents/scripts/auto-update-helper.sh # Syntax OK
shellcheck -x -S warning .agents/scripts/auto-update-helper.sh # Zero violations

Ref #1596

Summary by CodeRabbit

• Bug Fixes

  • Improved update status detection to reduce false positives.
  • Added validation for skill freshness settings with automatic fallback to defaults on invalid input.

• Documentation

  • Updated help text to reflect current skill freshness check command.

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses several critical issues identified during a CodeRabbit review, significantly enhancing the robustness and accuracy of the 'auto-update-helper.sh' script. The changes prevent potential script failures due to invalid user input, correct misleading documentation, and improve the reliability of process detection to avoid erroneous update skips.

Highlights

• Input Validation: Added regex validation for the AIDEVOPS_SKILL_FRESHNESS_HOURS environment variable to ensure it is a positive integer, preventing script crashes under 'set -e' with non-numeric input and falling back to a default value if invalid.
• Help Text Correction: Updated the help text within the script to accurately reflect the invocation of 'skill-update-helper.sh check --auto-update --quiet', matching the actual runtime call.
• pgrep Pattern Refinement: Tightened the 'pgrep -f' pattern used to detect running 'setup.sh' processes by including the full installation path ('${INSTALL_DIR}/setup.sh'), which prevents false positives from unrelated projects.

Changelog

• .agents/scripts/auto-update-helper.sh
  • Validated AIDEVOPS_SKILL_FRESHNESS_HOURS to be a positive integer.
  • Updated pgrep pattern to use the full installation path for setup.sh.
  • Corrected the help text example for skill-update-helper.sh invocation.

Activity

• Addressed three issues raised by CodeRabbit in PR t1081: Daily skill auto-update pipeline — 24h freshness gate in auto-update-helper.sh #1591 review.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Walkthrough

This PR refines the auto-update-helper.sh script with targeted improvements: stricter process name matching using full paths to reduce false positives, numeric validation for the AIDEVOPS_SKILL_FRESHNESS_HOURS environment variable with safe fallback behavior, and synchronization of help documentation with the actual invocation pattern.

Changes

Cohort / File(s)	Summary
Auto-Update Script Robustness .agents/scripts/auto-update-helper.sh	Enhanced is_update_running to match full path of INSTALL_DIR/setup.sh for precise process detection; added validation for AIDEVOPS_SKILL_FRESHNESS_HOURS to ensure positive integer with warning and default fallback; updated help/usage output to reflect correct invocation syntax using check --auto-update --quiet.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related issues

• t1084: Fix auto-update-helper.sh CodeRabbit feedback from PR #1591 #1596: Implements the same targeted fixes to auto-update-helper.sh (process pattern tightening, numeric validation for freshness hours, and help invocation alignment).

Possibly related PRs

• feat: add auto-update polling daemon (t231) #955: Modifies the same auto-update-helper.sh script with comparable focused improvements to process matching and validation logic.

Poem

🔧 Process paths now tightened with precision,
Numbers validated with careful decision,
Help text now speaks what the script truly does—
DevOps automation free of false positives fuzz! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically addresses the three main changes: input validation for AIDEVOPS_SKILL_FRESHNESS_HOURS, help text updates, and the narrowed pgrep pattern — all core improvements from the PR objectives.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/t1084

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 16 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Feb 18 00:30:39 UTC 2026: Code review monitoring started
Wed Feb 18 00:30:40 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 16

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 16
• VULNERABILITIES: 0

Generated on: Wed Feb 18 00:30:42 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Code Review

This pull request effectively addresses three issues identified in a previous review, enhancing the robustness and correctness of auto-update-helper.sh. The changes include tightening a pgrep pattern for more specific matching, adding input validation to prevent crashes from non-numeric input, and correcting the help text to match the actual command invocation. These are all valuable fixes. I have one suggestion to further improve the robustness of the pgrep pattern matching for future-proofing.

[gemini-code-assist]

For improved robustness, it's a good practice to escape the INSTALL_DIR variable to handle any potential regex metacharacters it might contain. While it's unlikely to be an issue with the current hardcoded path, this would prevent pgrep from misinterpreting the pattern if the path were to change to include characters like . or * in a username.

Suggested change

	# Use full path to avoid matching unrelated projects' setup.sh scripts
	if pgrep -f "${INSTALL_DIR}/setup\.sh" >/dev/null 2>&1; then
	# Use full path to avoid matching unrelated projects' setup.sh scripts
	# Escape INSTALL_DIR for safe use in regex
	local escaped_install_dir
	escaped_install_dir=$(sed 's/[][.^*+?(){}|$\\]/\\&/g' <<< "$INSTALL_DIR")
	if pgrep -f "${escaped_install_dir}/setup\.sh" >/dev/null 2>&1; then

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.agents/scripts/auto-update-helper.sh (1)

7-8: ⚠️ Potential issue | 🟡 Minor

Stale header comment — missing check subcommand.

The PR correctly updated the cmd_help text (line 627) and the HOW IT WORKS block, but the top-of-file header comment still shows the old invocation without the check subcommand, out of sync with the actual call at line 296.

📝 Proposed fix

-# Also runs a daily skill freshness check: calls skill-update-helper.sh
-# --auto-update --quiet to pull upstream changes for all imported skills.
+# Also runs a daily skill freshness check: calls skill-update-helper.sh check
+# --auto-update --quiet to pull upstream changes for all imported skills.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/auto-update-helper.sh around lines 7 - 8, Update the
top-of-file header comment to reflect the actual invocation used later: include
the `check` subcommand in the example that calls `skill-update-helper.sh`
(matching the `cmd_help` text and the updated HOW IT WORKS block). Locate the
header comment near the top of the script and change the line that currently
documents the invocation to include `check` (e.g., `skill-update-helper.sh
--auto-update --quiet check`) so it stays consistent with the runtime call
referenced in the script.

🧹 Nitpick comments (1)

.agents/scripts/auto-update-helper.sh (1)

172-173: pgrep precision improvement looks good — optional: escape INSTALL_DIR in ERE context.

The narrowed pattern eliminates false positives from unrelated setup.sh processes. One low-risk edge case: ${INSTALL_DIR} is expanded verbatim into a POSIX ERE, so any regex metacharacters in $HOME (e.g., a . in a username like john.doe) would be treated as "match any character" rather than literals. In practice the path structure makes this a non-issue, but for strict correctness you could pre-escape it:

♻️ Proposed optional hardening

+  local escaped_dir
+  escaped_dir=$(printf '%s' "${INSTALL_DIR}" | sed 's/[.[\*^$]/\\&/g')
-  if pgrep -f "${INSTALL_DIR}/setup\.sh" >/dev/null 2>&1; then
+  if pgrep -f "${escaped_dir}/setup\.sh" >/dev/null 2>&1; then

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/auto-update-helper.sh around lines 172 - 173, The pgrep
pattern uses ${INSTALL_DIR} directly which can introduce unintended ERE
metacharacter matches (e.g., dots in usernames); create an escaped version of
INSTALL_DIR (e.g., escaped_install_dir) by backslash-escaping regex
metacharacters (such as .[]^$*\/(){} etc.) and then use that escaped variable in
the pgrep -f pattern (e.g., pgrep -f "${escaped_install_dir}/setup\.sh");
alternatively, build the check using a fixed-string search approach (escape or
use ps + grep -F) instead of embedding raw INSTALL_DIR into an ERE.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.agents/scripts/auto-update-helper.sh:
- Around line 7-8: Update the top-of-file header comment to reflect the actual
invocation used later: include the `check` subcommand in the example that calls
`skill-update-helper.sh` (matching the `cmd_help` text and the updated HOW IT
WORKS block). Locate the header comment near the top of the script and change
the line that currently documents the invocation to include `check` (e.g.,
`skill-update-helper.sh --auto-update --quiet check`) so it stays consistent
with the runtime call referenced in the script.

---

Nitpick comments:
In @.agents/scripts/auto-update-helper.sh:
- Around line 172-173: The pgrep pattern uses ${INSTALL_DIR} directly which can
introduce unintended ERE metacharacter matches (e.g., dots in usernames); create
an escaped version of INSTALL_DIR (e.g., escaped_install_dir) by
backslash-escaping regex metacharacters (such as .[]^$*\/(){} etc.) and then use
that escaped variable in the pgrep -f pattern (e.g., pgrep -f
"${escaped_install_dir}/setup\.sh"); alternatively, build the check using a
fixed-string search approach (escape or use ps + grep -F) instead of embedding
raw INSTALL_DIR into an ERE.