Add excluded-files field to create-pull-request and push-to-pull-request-branch

[Copilot]

Adds an excluded-files glob array to both create-pull-request and push-to-pull-request-branch safe-output configs. Files matching these patterns are excluded from the patch entirely at generation time using git's native :(exclude)<pattern> magic pathspec — they will not appear in the resulting commit and are not subject to allowed-files or protected-files checks.

Example:

safe-outputs:
  create-pull-request:
    excluded-files:
      - "dist/**"
      - "auto-generated/**"
    allowed-files:
      - "src/**"

With this config, changes to dist/bundle.js are excluded from the patch at generation time — they won't appear in the commit, won't trigger an allowed-files violation, and won't hit a protected-files block.

Changes

• generate_git_patch.cjs: New excludedFiles option; each pattern becomes a :(exclude)<pattern> magic pathspec appended to every git format-patch --stdout call across all three patch-generation strategies. Files are excluded by git before the patch is written.
• safe_outputs_handlers.cjs: Forwards excluded_files from handler config to generateGitPatch() as patchOptions.excludedFiles for both create_pull_request and push_to_pull_request_branch.
• manifest_file_helpers.cjs: checkFileProtection() simplified — no excluded_files handling needed since excluded files never reach protection checks; checkExcludedFiles() retained as a utility.
• types/handler-factory.d.ts: Added excluded_files?: string[] to HandlerConfig with description referencing :(exclude) pathspec behavior.
• create_pull_request.go / push_to_pull_request_branch.go: Added ExcludedFiles []string (yaml:"excluded-files,omitempty"); push-to-pull-request-branch parser extended to read the field.
• compiler_safe_outputs_config.go: Passes excluded_files into the JS handler config for both actions.
• main_workflow_schema.json: excluded-files array property added to both action schemas; description explains the :(exclude)<pattern> git pathspec mechanism.
• cloclo.md: Added excluded-files: [".github/workflows/*.lock.yml"] to the create-pull-request config so lock files are excluded from PRs created by the cloclo workflow.
• Tests: End-to-end tests in generate_git_patch.test.cjs using a real git repo verify that :(exclude) pathspecs correctly exclude files at generation time; handler tests and manifest_file_helpers.test.cjs updated to reflect the generation-time filtering model.

Original prompt

Add "ignored-files" field to create-pull-request and push-to-pull-request-branch to provide a list of file globs to ignore when creating the patch.

• applied before allowed-files

• array of globs, same format as allowed-files

• update spec, JSON schema, add tests

• reuse helpers to implement

• make sure it is in config.json and tools.json

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[pelikhan]

@copilot add ignored-files .github/workflows/*.lock.yml to the cloclo agentic workflow

[Copilot]

Pull request overview

Adds an ignored-files config option to the create-pull-request and push-to-pull-request-branch safe outputs so certain file globs can be excluded from file-protection evaluation.

Changes:

• Introduces ignored-files in Go safe-output configs and passes it into the JS handler config as ignored_files.
• Adds JS support (checkIgnoredFiles) and updates checkFileProtection to apply ignores before allowlist/protected-file checks.
• Extends JSON schema and adds/updates unit + handler-level tests for ignore behavior.

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pkg/workflow/push_to_pull_request_branch.go	Adds IgnoredFiles to config and parses ignored-files.
pkg/workflow/create_pull_request.go	Adds IgnoredFiles to config struct.
pkg/workflow/compiler_safe_outputs_config.go	Plumbs ignored_files into handler config for both actions.
pkg/parser/schemas/main_workflow_schema.json	Documents and schemas the new ignored-files property.
actions/setup/js/types/handler-factory.d.ts	Adds ignored_files?: string[] to handler config typing/docs.
actions/setup/js/manifest_file_helpers.cjs	Implements checkIgnoredFiles and applies ignore filtering in checkFileProtection.
actions/setup/js/manifest_file_helpers.test.cjs	Adds unit coverage for ignored-files logic + ordering.
actions/setup/js/create_pull_request.test.cjs	Adds integration-style tests for ignored-files behavior.
actions/setup/js/push_to_pull_request_branch.test.cjs	Adds integration-style tests for ignored-files behavior.

Comments suppressed due to low confidence (1)

pkg/parser/schemas/main_workflow_schema.json:6425

• Same as above: ignored-files is documented as being excluded "from the effective patch", but the handlers still apply the full patch file. Please either implement actual patch filtering or adjust this description to reflect that only protection checks are affected.

                "ignored-files": {
                  "type": "array",
                  "items": {
                    "type": "string"
                  },
                  "description": "List of glob patterns for files to ignore when creating the patch. Applied before allowed-files and protected-files checks — matching files are excluded from all protection checks and from the effective patch. Supports * (any characters except /) and ** (any characters including /)."

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

@copilot add ignored-files .github/workflows/*.lock.yml to the cloclo agentic workflow

Done in 529fb6f — added ignored-files: [".github/workflows/*.lock.yml"] to the create-pull-request section of cloclo.md and recompiled the lock file.

[pelikhan]

@copilot the ignored-files should NOT be included in the patch. The behavior is similar to .git-ignore they will be not included in the final patch.

[Copilot]

@copilot the ignored-files should NOT be included in the patch. The behavior is similar to .git-ignore they will be not included in the final patch.

Done in 3118bc5. ignored-files now uses git format-patch's native :(exclude)<pattern> pathspec magic — patterns are passed directly to git at generation time so matching files are never included in the patch. No post-processing of the patch file.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw "$k=".$v["local/home/REDACTED/.npm/_npx/b388654678d519d9/node_modules/.bin/prettier (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ig-scT4V65Tr (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -unreachable=false /tmp/go-build2666597793/b229/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -t security r: $owner, name:--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha k/gh-aw/gh-aw/.github/workflows .cfg 64/pkg/tool/linux_amd64/vet bose (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha user.name Test User /usr/bin/infocmp ithub/workflows (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git graphql -f ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git 4445-15050/test-git 6597793/b083/vetrev-parse ceutil.test git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha k/gh-aw/gh-aw/ac-unreachable=false 6597793/b424/_testmain.go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel l ache/node/24.14.0/x64/bin/node ithub/workflows origin k/_temp/uv-pytho--show-toplevel ache/node/24.14.0/x64/bin/node 5348�� /tmp/TestHashConsistency_GoAndJavaScript2266954657/001/test-frontmatter-with-arrays.md sh /usr/bin/git ithub/workflows (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linu--json /usr/bin/git /home/REDACTED/worgit rev-parse 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git sole.test (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha *.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -c=4 -nolocalimports -importcfg /tmp/go-build2666597793/b391/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/constants/constants.go /home/REDACTED/work/gh-aw/gh-aw/pkg/constants/constants_test.go -w ithub/workflows security repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } OUTPUT -d 168.63.129.16 node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha g_.a (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build2666597793/b060/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet ../pkg/workflow/git --local 64/bin/node /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2666597793/b164/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --abbrev-ref .cjs r: $owner, name:--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu^remote\..*\.gh-resolved$ (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha h ../../../.pret.prettierignore iewer.cjs de hub.com/.extrahebash .cjs s st.cjs d_ed�� d_edit_comment.test.cjs s st.cjs n_comment.cjs n_comment.test.c-C lpers.cjs lpers.test.cjs (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha erate_git_patch.--ignore-path c043f171 64/bin/node --reporter=verbosh GO111MODULE 64/bin/go /bin/sh tion�� git init -b main sh ash npx prettier --cgit GOPROXY 64/bin/go preconv (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -bool -buildtags 6597793/b305/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� runs/20260314-144445-15050/test-1359128056/.github/workflows -buildtags /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet l -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu^remote\..*\.gh-resolved$ (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 6597793/b404/_pkg_.a -trimpath 6597793/b404=> -p b/gh-aw/pkg/loggrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� Gmd5/Q79soNnba1-7OfK-Gmd5 -buildtags 0/x64/bin/node -errorsas -ifaceassert -nilfunc ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 format:pkg-json 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 nternal/testdeps/deps.go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path *.json' '!../../../pkg/workflow/js/**/*.json' ---buildmode=exe (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha h ../../../.prettierignore (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha "vitest" run generate_git_patch.test.cjs --reporter=verbose c043f171 (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha y-test.md (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows origin ache/uv/0.10.10/x86_64/node (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -v origin bin/node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha ithub/workflows origin repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -v origin me: String!) { repository(owner: $owner, name:-f (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -v origin me: String!) { repository(owner: $owner, name:-f (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha porter=verbose uest.cjs (http block)
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json ch.test.cjs odules/npm/node_../../../.prettierignore -json GO111MODULE 64/bin/go git form�� js/**/*.json' --ignore-path ../../../.prettierignore 23cbc6d4 ules/.bin/git * **/*.cjs 64/bin/go bash (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha y-test.md ../../../**/*.json 64/pkg/tool/linux_amd64/vet l ../../../.prettirev-parse de/node/bin/git 64/pkg/tool/linux_amd64/vet ache�� 1952326299/.github/workflows .cfg x_amd64/compile --stats (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion !../../../pkg/wogit --ignore-path ../../../.pretti--git-dir x_amd64/compile --no�� g_.a (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo son ignore (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } ignore (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build2666597793/b383/cli.test /tmp/go-build2666597793/b383/cli.test -test.testlogfile=/tmp/go-build2666597793/b383/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true son (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name *.json' '!../../../pkg/workflow/-f (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot

• rename "ignored-files" to "excluded-files" to reflect git terminology
• update docs and JSON description to reflect how excluded and the pathspec git syntax

[Copilot]

@copilot

• rename "ignored-files" to "excluded-files" to reflect git terminology
• update docs and JSON description to reflect how excluded and the pathspec git syntax

Done in 61b3746. Renamed ignored-files → excluded-files everywhere (YAML keys, Go structs, JS config keys, function names, tests). The schema description now explicitly references the :(exclude)<pattern> magic pathspec syntax that git uses to strip files from the patch at generation time.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw .cjs (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw N6jI3H5/_QagepCk-C (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha submodules | head -n 10 (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha h ../../../.prettierignore (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot fix tests

https://github.com/github/gh-aw/actions/runs/23090701851

[Copilot]

@copilot fix tests

https://github.com/github/gh-aw/actions/runs/23090701851

Fixed in c1210f8. The CI failures were caused by two new commits that landed on main after the last merge:

1. d66f7fce added GITHUB_HOST to the GitHub MCP server env vars — wasm golden files and the TestCodexEngineRenderMCPConfig test expectations needed updating.
2. 9fef1a70 improved run command error output — pulled in via merge.

Merged main and updated both the golden files and the test expectations.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel node /usr/bin/git ache/go/1.25.0/xgit 68avhbJKm inux.go git (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git . /opt/hostedtoolcrev-parse 0/x64/bin/node git (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /tmp/go-build2662416774/b272/_pkg_.a -trimpath /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -p github.com/charmrev-parse -lang=go1.24 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2662416774/b037/vet.cfg 2416774/b350/vet.cfg -goversion go1.25.0 -c=4 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --noprofile -tests /usr/bin/head --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git head -100�� ache/go/1.25.0/x--noprofile git /home/REDACTED/.dotnet/tools/bash --show-toplevel ache/go/1.25.0/xrev-parse /usr/bin/gh bash (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ache/go/1.25.0/x64/src/net .cfg 64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o 64/pkg/tool/linux_amd64/vet -o 2416774/b308/_pkg_.a -trimpath ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -p vendor/golang.orrev-parse -lang=go1.25 ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha x_amd64/vet git cal/bin/bash --show-toplevel x_amd64/vet /usr/bin/git node js/f�� x_amd64/vet git k/_temp/uv-python-dir/bash --show-toplevel x_amd64/vet /usr/bin/git bash (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -unreachable=false /tmp/go-build2114651568/b215/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha se 4651568/b215/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha se 4651568/b225/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 4651568/b202/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 4651568/b224/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 4651568/b178/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha se 4651568/b220/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha se 2416774/b174/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -o /tmp/go-build2662416774/b296/_pkg_.a -trimpath /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -p github.com/goccyrev-parse -lang=go1.21 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --noprofile git /home/REDACTED/.local/bin/bash --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git bash --no�� --noprofile git /usr/local/bin/bash --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git bash (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha se 4651568/b218/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha se 2416774/b183/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -o /tmp/go-build2662416774/b305/_pkg_.a -trimpath /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -p encoding/gob -lang=go1.25 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --noprofile git /home/REDACTED/work/_temp/uv-python-dir/bash --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git bash --no�� --noprofile git /home/REDACTED/.dotnet/tools/bash --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git bash (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha g_.a 2416774/b223/ 64/pkg/tool/linux_amd64/vet --gdwarf-5 g -o 64/pkg/tool/linux_amd64/vet 2416�� -I .cfg 64/pkg/tool/linux_amd64/vet . --gdwarf2 --64 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git nfig/composer/vendor/bin/bash --show-toplevel x_amd64/asm /usr/bin/git node js/f�� x_amd64/vet git 64/bin/bash --show-toplevel x_amd64/vet /usr/bin/git node (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha g_.a -I 64/pkg/tool/linux_amd64/vet --gdwarf-5 c/httpretty/interev-parse -o 64/pkg/tool/linux_amd64/vet -w -Wno-error .cfg 64/pkg/tool/linux_amd64/vet -c -I /tmp/go-build266--show-toplevel 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git ache/node/24.14.0/x64/bin/bash --show-toplevel x_amd64/compile /usr/bin/git node js/f�� x_amd64/vet git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel x_amd64/vet 0/x64/bin/npm node (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha g_.a ame 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha g_.a 662416774/b223//_cgo_.o 64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 2416774/b223/ 64/pkg/tool/linux_amd64/vet -w x86-64.so.2 .cfg 64/pkg/tool/linux_amd64/vet -c -I ut-786837742.c 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git bin/bash --show-toplevel x_amd64/compile /usr/bin/git node js/f�� x_amd64/vet git ash --show-toplevel x_amd64/vet /usr/bin/git node (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha 64/src/runtime/cgo git 64/pkg/tool/linux_amd64/compile /ref/tags/v8 bracelet/huh/int-atomic /usr/bin/git 64/pkg/tool/linu-buildtags js/f�� g_.a git 64/bin/as --show-toplevel x_amd64/vet /usr/bin/git 2416774/b125/_x0-buildtags (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/sed ile-name 64/pkg/tool/linusmoke-copilot.md 2416774/b280/vet.cfg sed s/^-�� x_amd64/compile /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet x_amd64/link -unreachable=falgcc /tmp/go-build266-### /opt/hostedtoolc-x x_amd64/link (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha 64/src/runtime/cgo git x_amd64/compile --show-toplevel x_amd64/vet /usr/bin/git x_amd64/compile js/f�� g_.a git de/node/bin/as --show-toplevel tants /usr/bin/git 2416774/b125/_x0-buildtags (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel 2416774/b001/workflow.test /usr/bin/git -unreachable=falbash /tmp/go-build266--norc 0s git show�� ogs']: if job['job_name'] == 'build-wasm': content = job['logs_content'] idxbash --quiet x_amd64/vet -unreachable=fal/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /tmp/go-build266@/tmp/args938165690 DiscussionsEnabled } } x_amd64/vet (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot fix tests in https://github.com/github/gh-aw/actions/runs/23091226345/job/67081360737

[Copilot]

@copilot fix tests in https://github.com/github/gh-aw/actions/runs/23091226345/job/67081360737

Fixed in f333f70. The TypeScript error was a variable shadowing bug: in the strategy-3 patch generation block, a local const excludeArgs (array of --not ref args for rev-list) was shadowing the outer excludeArgs() function, making the call on line 383 a type error. Renamed the local variable to remoteExcludeArgs so the outer function is called correctly when generating the patch.