feat: Add issue duplication agent using cache memory

[Copilot]

• Create issue duplication detector workflow with cache memory
• Add MCP pagination import for GitHub tools
• Improve duplicate detection criteria and pagination guidance
• Add bash tool with all commands allowed (bash: ["*"])

Original prompt

Add an issue duplication agent that leverage cache memory and comments on duplicated issues

Custom agent used: create-agentic-workflow
Design agentic workflows using GitHub Agentic Workflows (gh-aw) extension with interactive guidance on triggers, tools, and security best practices.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	77.19%	77.19%	➡️ +0.00%
Statements	77.27%	77.27%	➡️ +0.00%
Functions	77.17%	77.17%	➡️ +0.00%
Branches	69.76%	69.76%	➡️ +0.00%

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• chore: remove smoke-codex workflow due to missing key #291: chore: remove smoke-codex workflow due to missing key
• ci: add agentic documentation preview workflow with Playwright #246: ci: add agentic documentation preview workflow with Playwright

Tests:

• ✅ GitHub MCP (retrieved PRs)
• ✅ Playwright (page title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ File writing (created /tmp/gh-aw/agent/smoke-test-claude-21092351052.txt)
• ✅ Bash tool (verified file contents)

Status: PASS

AI generated by Smoke Claude

[Mossaka]

@copilot allow allbash tools

[Copilot]

Added bash: ["*"] to allow all bash commands in commit 95967a9.

[github-actions]

⚠️ Security Review: Critical Finding

I've identified a significant security concern in this PR that weakens the firewall's security posture.

Issue: Unrestricted Bash Command Execution

File: .github/workflows/issue-duplication-detector.md (lines 17-18)

bash:
  - "*"

This configuration grants the AI agent unrestricted bash command execution within the firewall container. The bash: ["*"] setting compiles to --allow-all-tools in the GitHub Copilot CLI invocation (line 770 of the compiled .lock.yml), permitting execution of ANY bash command without restrictions.

Security Impact

1. Bypasses command restrictions: While the firewall controls network egress, unrestricted bash access allows:

   • Arbitrary command execution that could probe for vulnerabilities
   • Potential iptables manipulation (if NET_ADMIN capability is accessible)
   • Access to sensitive files within the container
   • Creation of reverse shells or exfiltration mechanisms

2. Expands attack surface: Unrestricted bash commands significantly expand the attack surface beyond network operations to include file system manipulation, process spawning, and potential container escape attempts.

3. Contradicts security model: The AWF's security model is based on restricting agent capabilities. Using bash: ["*"] defeats this purpose and creates a large trust boundary.

Comparison with Repository Patterns

Other workflows in this repository use restricted bash command allowlists:

bash:
  - cat
  - ls
  - grep
  - find

This PR deviates from the established security pattern.

Recommended Mitigation

Option 1 (Recommended): Restrict bash commands to only what's needed:

bash:
  - cat
  - ls
  - grep
  - find
  - jq

Option 2: Remove bash tool entirely if not required - the agent has GitHub MCP tools for issue operations.

Option 3: If unrestricted bash is genuinely necessary, document the security justification and add compensating controls.

Suggested Action

Please update the bash tool configuration to use a restricted allowlist before merging this PR.

AI generated by Security Guard