[plan] Hoist function-body regexp.MustCompile calls to package-level vars across pkg/cli and pkg/workflow #20029
Description
Objective
Move all function-body regexp.MustCompile calls on constant patterns to package-level var declarations across 8 files in pkg/cli/ and pkg/workflow/ to eliminate avoidable per-call allocation overhead.
Context
Reported in discussion #19993 (Sergo audit: scanner-buffer-revisit-plus-regexp-compilation-audit, 2026-03-07).
At least 8 functions compile regex patterns on every invocation. The worst offenders are extractToolName (4 regexes × N log lines) and hasAgentLogPatterns (5 regexes per detection attempt).
Files to Modify
| File | Location | Count | Function |
|---|---|---|---|
pkg/cli/copilot_agent_logs.go |
lines ~100–104 | 4 | extractToolName() |
pkg/cli/copilot_agent.go |
lines ~102–106 | 5 | hasAgentLogPatterns() |
pkg/workflow/concurrency_validation.go |
line ~128 | 1 | validateExpressionSyntax() |
pkg/workflow/concurrency_validation.go |
line ~303 | 1 | function body |
pkg/workflow/lock_schema.go |
lines ~50, ~64 | 2 | ExtractMetadataFromLockFile() |
pkg/workflow/action_sha_checker.go |
line ~53 | 1 | ExtractActionsFromLockFile() |
pkg/workflow/redact_secrets.go |
line ~31 | 1 | CollectSecretReferences() |
pkg/workflow/secrets_validation.go |
line ~32 | 1 | validateSecretReferences() |
Do NOT change: template_injection_validation.go lines ~174, ~179 — those patterns use dynamic string interpolation and cannot be pre-compiled.
Approach
For each file listed above:
- Identify each
regexp.MustCompile(...)call inside a function body where the pattern is a compile-time constant string. - Declare a descriptively named package-level
varwith the compiled regex. - Replace the inline call with a reference to the package-level var.
Example for copilot_agent_logs.go:
// Before (inside extractToolName):
patterns := []*regexp.Regexp{
regexp.MustCompile(`(?i)tool[:\s]+([a-zA-Z0-9_-]+)`),
regexp.MustCompile(`(?i)calling[:\s]+([a-zA-Z0-9_-]+)`),
regexp.MustCompile(`(?i)executing[:\s]+([a-zA-Z0-9_-]+)`),
regexp.MustCompile(`(?i)using[:\s]+tool[:\s]+([a-zA-Z0-9_-]+)`),
}
// After (package-level):
var toolNamePatterns = []*regexp.Regexp{
regexp.MustCompile(`(?i)tool[:\s]+([a-zA-Z0-9_-]+)`),
regexp.MustCompile(`(?i)calling[:\s]+([a-zA-Z0-9_-]+)`),
regexp.MustCompile(`(?i)executing[:\s]+([a-zA-Z0-9_-]+)`),
regexp.MustCompile(`(?i)using[:\s]+tool[:\s]+([a-zA-Z0-9_-]+)`),
}
// Inside extractToolName: patterns := toolNamePatternsAfter all changes, run make agent-finish to validate.
Acceptance Criteria
- No
regexp.MustCompile/regexp.Compilecalls remain inside function bodies for constant patterns across the 8 listed files - Dynamic pattern sites in
template_injection_validation.goare left unchanged - All existing tests pass (
make test-unit) -
make agent-finishpasses with no errors
Generated by Plan Command for issue #discussion #19993 · ◷
- expires on Mar 10, 2026, 5:59 AM UTC