Update Jules Triage Prompt and Parsing Logic

[milhy545]

Updated the system prompt for the Jules triage agent as requested. The prompt now emphasizes the "Goat Principle" (Functionality > Aesthetics) and includes instructions for generating a final shell command.

To support the new prompt instructions (which request non-JSON output alongside the JSON array), the triage_issues_with_llm function was updated to use regular expressions (re.search(r'\[.*\]', ...) with re.DOTALL) to extract the JSON payload from the LLM's response, making the agent more robust against mixed-content responses.

Verified syntax and formatting via py_compile and black.

---

PR created automatically by Jules for task 951697047889080792 started by @milhy545

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[github-actions]

🤖 Hi @milhy545, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[gemini-code-assist]

Summary of Changes

Hello @milhy545, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the Jules triage agent by refining its system prompt and improving its ability to parse responses from large language models. The updates aim to make the agent more robust in handling varied LLM outputs and clearer in its instructions, particularly regarding the generation of shell commands and adherence to the "Goat Principle."

Highlights

• Triage Agent Prompt Update: The system prompt for the Jules triage agent has been updated to emphasize the "Goat Principle" (Functionality > Aesthetics) and include explicit instructions for generating a final shell command.
• Robust JSON Parsing: The triage_issues_with_llm function now uses regular expressions (re.search(r'\\[.*\\]', ...) with re.DOTALL) to extract the JSON payload from LLM responses, making the agent more resilient to mixed-content outputs.

Changelog

• src/mycoder/triage_agent.py
  • Imported the re module to enable regular expression operations.
  • Modified the system prompt to clarify that command injection warnings apply specifically to "generated shell commands."
  • Updated the output specification in the prompt to instruct writing the JSON array "to the output file."
  • Added a new section to the prompt, "Final Command Construction," providing instructions for generating a shell command to write JSON to an environment variable.
  • Refactored the JSON parsing logic to first attempt extraction using a regular expression (re.search(r'\\[.*\\]', content, re.DOTALL)) to find JSON arrays within potentially mixed LLM responses.
  • Maintained the previous markdown stripping logic as a fallback if the regex extraction is unsuccessful.

Activity

• The pull request was automatically created by Jules for a specific task.
• Syntax and formatting were verified using py_compile and black.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the system prompt for the Jules triage agent and improves the JSON parsing logic to handle mixed-content responses from the LLM, aiming to have the LLM generate a shell command in addition to JSON output. However, the new prompt instructions introduce a significant security risk by asking the LLM to generate shell commands using untrusted data. Furthermore, the current regex-based parsing logic is fragile due to its greedy pattern (.*), which can lead to JSONDecodeError and is susceptible to denial-of-service attacks via crafted input. It's recommended to remove shell command generation from the prompt and implement a more robust JSON extraction method.

[gemini-code-assist]

The updated system prompt instructs the LLM to generate a shell command that includes triaged issue data. This is a dangerous pattern because the issue data (e.g., explanations) is untrusted and can be crafted by an attacker to perform command injection. The prompt's instruction to 'Ensure the JSON string is single-quoted' is insufficient to prevent injection, as an attacker can include a single quote in the input to close the string and append malicious commands (e.g., '; rm -rf /; '). While the current script attempts to strip this command using a regex, the inclusion of this instruction in the prompt is a significant security risk, especially if the prompt is reused in contexts where the output is executed or if the parsing logic fails.

[gemini-code-assist]

The current parsing logic uses a greedy regular expression r"[.*]" which can lead to JSONDecodeError and is susceptible to denial-of-service attacks. If the LLM's response contains brackets outside the intended JSON array, this regex will incorrectly capture extra text, causing json.loads() to fail. An attacker could exploit this by crafting input with brackets to disrupt the triage agent's parsing. A more robust, non-greedy approach is recommended to accurately extract the JSON array.

    # Use a non-greedy match to find the first JSON-like array structure
    json_match = re.search(r"[\s*\{.*?\}\s*]", content, re.DOTALL)

[gemini-code-assist]

This re import becomes unused if the suggested refactoring of the JSON parsing logic is adopted, as that suggestion replaces the regular expression with a more robust bracket-balancing algorithm. To keep the codebase clean, please consider removing this import along with that change.