Conversation
…ard policy for public repos Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/4a330415-2cad-4704-bb17-c3306c19ae6d
Copilot
AI
changed the title
[WIP] Fix GitHub App auth and public repo min-integrity protection
fix: remove GitHub App auth exemption from automatic public-repo min-integrity guard policy
Mar 20, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Removes the GitHub App authentication exemption so public repositories still receive automatic min-integrity: approved guard policy protection when tools.github.app is configured.
Changes:
- Always generate the
determine-automatic-lockdownstep when GitHub guard policy isn’t explicitly configured (even with GitHub App auth). - Wire
GITHUB_MCP_GUARD_MIN_INTEGRITY/GITHUB_MCP_GUARD_REPOSenv vars consistently regardless of token type, and update tests/docs accordingly. - Updates a checked-in lock workflow file (
smoke-codex.lock.yml) with regenerated output.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/compiler_github_mcp_steps.go | Stops skipping the automatic guard policy detection step when GitHub App auth is configured. |
| pkg/workflow/mcp_environment.go | Ensures guard-policy env vars are set whenever the autodetect step is expected to exist (independent of token type). |
| pkg/workflow/github_mcp_app_token_test.go | Updates test expectations to require autodetect step + guard env vars even with GitHub App config. |
| docs/src/content/docs/reference/lockdown-mode.md | Removes documentation stating GitHub App auth disables the automatic guard policy. |
| actions/setup/js/determine_automatic_lockdown.cjs | Removes stale comment about the GitHub App exemption. |
| .github/workflows/smoke-codex.lock.yml | Regenerated workflow output; includes changes to safe-outputs action tool schema and invocation. |
Comments suppressed due to low confidence (2)
.github/workflows/smoke-codex.lock.yml:463
- The generated safe-outputs action tool schema for
add_smoked_labelhas degraded to a genericpayloadstring withadditionalProperties: true. This likely indicates the compiler couldn't resolve the action'saction.ymlinputs, but committing this will remove input validation and no longer exposes the expectedlabelsparameter to the agent. Regenerate this lock file with action inputs successfully resolved (so the schema includes the action’s real inputs, e.g.,labels), or otherwise ensure action input metadata is available at compile time (cache/vendor it) so the schema remains deterministic.
This issue also appears on line 1560 of the same file.
{
"description": "Add the 'smoked' label to the current pull request (can only be called once)",
"inputSchema": {
"additionalProperties": true,
"properties": {
"payload": {
"description": "JSON-encoded payload to pass to the action",
"type": "string"
}
},
"type": "object"
},
"name": "add_smoked_label"
}
.github/workflows/smoke-codex.lock.yml:1564
- This safe-outputs injected step now passes a single
payloadinput toactions-ecosystem/action-add-labels@v1. That action expects concrete inputs likelabels(and optionallynumber), so this step will be a no-op or fail due to missing required inputs. The lock file should pass the resolved action inputs (e.g.,labels: ${{ fromJSON(...).labels }}), which requires the compiler to successfully parse the action’saction.ymlduring compilation.
uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
payload: ${{ steps.process_safe_outputs.outputs.action_add_smoked_label_payload }}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GitHub App auth was exempting public repos from automatic
min-integrity: approvedprotection. Repo scoping (what App auth provides) and author-integrity filtering (whatmin-integrityprovides) are orthogonal — a repo-scoped App token still exposes workflows to untrusted same-repo content unless a guard policy filters it.Changes
compiler_github_mcp_steps.go: Remove thehasGitHubApp()early-return that skipped generating thedetermine-automatic-lockdownstep for App-authenticated workflowsmcp_environment.go: Remove&& !appConfiguredsoGITHUB_MCP_GUARD_MIN_INTEGRITY/GITHUB_MCP_GUARD_REPOSenv vars are wired consistently regardless of token typegithub_mcp_app_token_test.go: RenameTestGitHubMCPAppTokenNoLockdownDetectionStep→TestGitHubMCPAppTokenWithLockdownDetectionStep; flip assertions to verify thedetermine-automatic-lockdownstep is generated when a GitHub App is configuredlockdown-mode.md: Remove the bullet stating automatic guard policy does not apply whentools.github.appis configureddetermine_automatic_lockdown.cjs: Drop stale comment advertising the App exemptionWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE x_amd64/compile git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ndor/bin/sh go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ache/go/1.25.0/x"prettier" --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pret.prettierignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 4198430/b429/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/testenv GOMODCACHE go(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --write **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti-json sh -c "prettier" --wriGOINSECURE git 64/bin/go rror go /usr/bin/git go(http block)https://api.github.com/repos/actions-ecosystem/action-add-labels/contents/action.yaml/usr/bin/gh gh api /repos/actions-ecosystem/action-add-labels/contents/action.yaml?ref=18f1af5e3544586314bbe15c0273249c770b2daf --jq .content -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions-ecosystem/action-add-labels/contents/action.yml/usr/bin/gh gh api /repos/actions-ecosystem/action-add-labels/contents/action.yml?ref=18f1af5e3544586314bbe15c0273249c770b2daf --jq .content -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /tmp/gh-aw-test-runs/20260320-135550-28609/test-1797836491 rev-parse /usr/bin/git @{u} /bin/sh 64/bin/go git conf�� user.name Test User /opt/hostedtoolcache/node/24.14.0/x64/bin/node(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json 1237954/b409/_testmain.go ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile 317 /tmp/go-build1631237954/b409/constants.test -importcfg /usr/bin/git -s -w -buildmode=exe git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE sole.test GOINSECURE GOMOD GOMODCACHE sole.test(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -lang=go1.25 go /usr/bin/git -json GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel Fj/loOf-cgjR6MKz0XVD7GS/mRL0tEU7Test User /usr/bin/git 5550-28609/test-git GO111MODULE .cfg git rev-�� --show-toplevel .github/aw/actions-lock.json does not exist yet"-trimpath /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/pkg/repoutil/repoutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/repoutil/repoutil_test.go /usr/lib/git-core/git -json GO111MODULE 64/bin/go /usr/lib/git-core/git main�� run --auto /usr/bin/git --detach **/*.cjs nch,headSha,disp--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/go-build1631237954/b436/_pkg_.a l /usr/bin/git -p main -lang=go1.25 git rev-�� --git-dir -dwarf=false /usr/bin/git go1.25.0 -c=4 -nolocalimports git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git Onlymin-integritgit GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 4198430/b417/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha e=false GO111MODULE 64/bin/go GOINSECURE %H %ct %D GOMODCACHE VNgnGPLEQds7 env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 4198430/b355/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/workenv GOMODCACHE go env xvUx/AZGIY55jMdCGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 4198430/b355/impGOPROXY(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha test/race-image:v1.0.0 -extld=gcc /usr/bin/git 7aYE/qpsFyi8YyTwgit GO111MODULE 64/bin/go git init�� GOMODCACHE 4198430/b372/importcfg /usr/bin/git k/gh-aw/gh-aw/cmgit **/*.cjs 64/bin/go git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --get remote.origin.url /usr/bin/git go1.25.0 -c=4 -nolocalimports git init�� -pack /tmp/go-build1631237954/b426/_testmain.go /usr/bin/git k/gh-aw/gh-aw/pkgit k/gh-aw/gh-aw/pkrev-parse 64/bin/go git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha on' --ignore-patremote.origin.url GO111MODULE $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha on' --ignore-path ../../../.pret.prettierignore GO111MODULE $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha FQyf51sKN GO111MODULE ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile ortc�� 1237954/b426/_pkg_.a stmain.go 1237954/b426=> GOINSECURE GOMOD GOMODCACHE cp(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/usr/bin/gh gh api /repos/github/gh-aw --jq .visibility -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go ode_�� -json GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env k/gh-aw/gh-aw GO111MODULE ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env k/gh-aw/gh-aw/.github/workflows GO111MODULE ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 90/gdZ0bl6J8Up9qtest@example.com(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE x_amd64/cgo GOINSECURE GOMOD GOMODCACHE x_amd64/cgo env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go estl�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ; \ fi(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE /bin/sh -c cd actions/setup- GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_only_defaults_repo3294690020/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go prettier(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go node(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go node(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/githubnext/agentics/git/ref/tags//usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_with_explicit_repo716195402/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE env 4198430/b391/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/cmd/gh-adescribe GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go **/*.json --ignore-path ../../../.pretti-json sh -c "prettier" --wriGOINSECURE git 64/bin/go rror go /usr/bin/git go(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build1631237954/b400/cli.test /tmp/go-build1631237954/b400/cli.test -test.testlogfile=/tmp/go-build1631237954/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json 05767c5fb1d40fa6GOMOD 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/tmp/go-build2030727501/b400/cli.test /tmp/go-build2030727501/b400/cli.test -test.testlogfile=/tmp/go-build2030727501/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true --show-toplevel ache/go/1.25.0/xenv /usr/bin/git sh -c npx prettier --wGOINSECURE git 64/bin/go --show-toplevel go /usr/bin/git go(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 4198430/b427/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/stylenv GOMODCACHE go(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --write **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti-json sh -c "prettier" --wriGOINSECURE git 64/bin/go rror go /usr/bin/git go(http block)If you need me to access, download, or install something from one of these locations, you can either:
📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.