🔍 Duplicate Code Detected: Threat-Detection WorkflowData Setup Across Engine Paths
Analysis of commit 479a220
Assignee : @copilot
Summary
The threat-detection pipeline now repeats the same synthetic WorkflowData setup in three places: the inline detection engine path and both external-detector helper steps. The repeated logic builds a detection-specific workflow context, sets Tools, clones/merges engine config, and inherits APITarget.
Duplication Details
Pattern: Synthetic detection context setup
Severity : Medium
Occurrences : 3
Locations :
pkg/workflow/threat_detection_inline_engine.go (lines 55-129)
pkg/workflow/threat_detection_external.go (lines 199-213)
pkg/workflow/threat_detection_external.go (lines 265-289)
Code Sample :
threatDetectionData := buildThreatDetectionWorkflowData (data , engineID )
threatDetectionData .Tools = map [string ]any {
"bash" : []any {"*" },
}
threatDetectionData .EngineConfig = & EngineConfig {ID : engineID }
if canReuseThreatDetectionEngineConfigForExternalDetector (data , engineID ) {
threatDetectionData .EngineConfig = cloneThreatDetectionEngineConfig (engineID , data .SafeOutputs .ThreatDetection .EngineConfig )
}
threatDetectionData .EngineConfig .Env = mergeThreatDetectionEngineEnv (data , threatDetectionData .EngineConfig .Env )
if threatDetectionData .EngineConfig .APITarget == "" && data .EngineConfig != nil {
threatDetectionData .EngineConfig .APITarget = data .EngineConfig .APITarget
}
Impact Analysis
Maintainability : Changes to threat-detection config inheritance now need to be updated in multiple places.
Bug Risk : It is easy for the inline and external detector paths to diverge on env/APITarget propagation.
Code Bloat : The same setup logic is copied into the external detector install and execution helpers instead of being shared.
Refactoring Recommendations
Extract a shared threat-detection context helper
Centralize detection WorkflowData construction plus config/env/APITarget inheritance.
Suggested location: pkg/workflow/threat_detection_helpers.go
Estimated effort: small
Parameterize external-detector-only additions
Let the helper accept optional mounts/network permissions so the external execution path can layer those on without copying the shared preamble.
Implementation Checklist
Analysis Metadata
Analyzed Files : 6
Detection Method : Serena semantic code analysis
Commit : 479a220
Analysis Date : 2026-07-17T00:00:00Z
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
To allow these domains, add them to the network.allowed list in your workflow frontmatter:
network :
allowed :
- defaults
- " awmgmcpg"
See Network Configuration for more information.
Generated by 🔍 Duplicate Code Detector · 2.18 AIC · ⊞ 26.7K · ◷
🔍 Duplicate Code Detected: Threat-Detection WorkflowData Setup Across Engine Paths
Analysis of commit 479a220
Assignee:
@copilotSummary
The threat-detection pipeline now repeats the same synthetic
WorkflowDatasetup in three places: the inline detection engine path and both external-detector helper steps. The repeated logic builds a detection-specific workflow context, setsTools, clones/merges engine config, and inheritsAPITarget.Duplication Details
Pattern: Synthetic detection context setup
pkg/workflow/threat_detection_inline_engine.go(lines 55-129)pkg/workflow/threat_detection_external.go(lines 199-213)pkg/workflow/threat_detection_external.go(lines 265-289)Impact Analysis
Refactoring Recommendations
Extract a shared threat-detection context helper
pkg/workflow/threat_detection_helpers.goParameterize external-detector-only additions
Implementation Checklist
Analysis Metadata
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.