Move threat detection into a separate detection job

[Copilot]

Detection steps were inlined in the agent job, making them impossible to disable independently and tightly coupling detection to the agent's execution environment.

Changes

New detection job

• Added buildDetectionJob() that creates a dedicated job running after agent (needs: agent, if: always() && needs.agent.result != 'skipped')
• Downloads the agent artifact to access output files (prompt, agent_output.json, patches)
• Uploads results as artifact named detection
• Exposes detection_success and detection_conclusion as job outputs
• Detection is always on by default for any safe-outputs workflow; the only way to disable it is to set threat-detection: false explicitly
• The detection job installs the engine (AWF binary, Node.js, engine CLI) before execution, since it runs on a fresh runner separate from the agent job
• The detection job runs on ubuntu-latest by default (overridable via threat-detection.runs-on)
• The detection job pre-pulls AWF firewall containers (squid, agent, api-proxy) before running detection — no other MCP images are needed
• The detection conclusion step exits with a non-zero code when threats are found, making the detection job itself fail so downstream jobs can gate on needs.detection.result == 'success'

Agent job cleanup

• Removed inline detection steps from compiler_yaml_main_job.go
• Removed detection_success / detection_conclusion outputs from agent job

Downstream dependency updates

All jobs that previously checked needs.agent.outputs.detection_success now depend on detection and check needs.detection.result == 'success' (job result, not output variable):

• safe_outputs — added detection to needs, updated if condition to needs.detection.result == 'success'
• safe-jobs — added detection to needs when threat detection enabled
• update_cache_memory — depends on detection; condition is always() && needs.detection.result == 'success'
• push_repo_memory — depends on detection when enabled; condition is always() && needs.detection.result == 'success'
• unlock — added detection to needs
• conclusion — depends on all workflow jobs via a new ensureConclusionIsLastJob() final pass, guaranteeing it is always the last job to run; reads detection_conclusion from needs.detection.outputs.detection_conclusion

Default-on detection

Removed the HasSafeOutputsEnabled guard from the auto-default mechanism in extractSafeOutputsConfig. Detection is now auto-enabled for any configured safe-outputs workflow, not just those with specific outputs enabled. Set threat-detection: false to opt out.

Conclusion is always last

Added ensureConclusionIsLastJob() — a final pass at the end of buildJobs() that iterates all jobs in the job manager and adds any not yet listed (except conclusion itself and pre_activation) to conclusion's needs. This catches custom user-defined jobs (e.g. post-issue, super_linter, check_ci_status) that were previously not included, ensuring the conclusion job truly runs last in every workflow.

Resulting job DAG (when threat detection enabled)

activation → agent → detection → safe_outputs
                               → conclusion (depends on all other jobs)
                               → unlock
                               → push_repo_memory
                               → update_cache_memory

---

📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.

---

---

✨ PR Review Safe Output Test - Run 23519518981

💥 [THE END] — Illustrated by Smoke Claude · ◷

---

Changeset

• Type: patch
• Description: Move threat detection into a dedicated detection job for safe-outputs workflows and make threat detection default to enabled unless threat-detection: false is set explicitly.

Generated by Changeset Generator for issue #22782 · ◷

---

---

✨ PR Review Safe Output Test - Run 23520167835

💥 [THE END] — Illustrated by Smoke Claude · ◷

[pelikhan]

@copilot detection artifact name is detection.

[Copilot]

@copilot detection artifact name is detection.

Fixed in 5089d05 — reverted DetectionArtifactName back to "detection".

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/access_log.go /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/actionlint.go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /tmp/go-build134977840/b368/_pkg_.a -trimpath 977840/b335/vet.cfg -p github.com/stretrev-parse -lang=go1.17 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build134977840/b208/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -c=4 -nolocalimports -importcfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha k/gh-aw/gh-aw/.github/workflows cfg 64/pkg/tool/linux_amd64/vet remote.origin.urgit (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha HEAD (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git rev-�� --show-toplevel -tests /usr/bin/git k/gh-aw/gh-aw/.ggit committer.name me: String!) { --show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git ithub/workflows config x_amd64/vet git rev-�� --show-toplevel x_amd64/vet 0/x64/bin/node graphql -f x_amd64/vet git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse 977840/b154/vet.cfg (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel git /usr/bin/git ithub/workflows rev-parse x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git xterm-color (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha xterm-color (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet remote.origin.urgit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha xterm-color (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha pkg/mod/github.com/stretchr/testify@v1.11.1/assert/assertion_com-errorsas pkg/mod/github.com/stretchr/testify@v1.11.1/assert/assertion_for-ifaceassert /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet remote.origin.urgit (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha _.a (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha k/gh-aw/gh-aw/.github/workflows cfg 64/pkg/tool/linux_amd64/vet remote.origin.urgit (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows cfg 64/pkg/tool/linux_amd64/vet remote.origin.urgit (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha ithub/workflows pull.rebase /usr/local/bin/git (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ithub/workflows pull.rebase /usr/bin/git l (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot detection is always on unless threat-detection is false.

[pelikhan]

@copilot fix CI / Integration: Workflow Infra (pull_request)Failing after 41s

[Copilot]

@copilot detection is always on unless threat-detection is false.

Fixed in 82d9207. Removed the HasSafeOutputsEnabled guard from the default threat-detection mechanism in extractSafeOutputsConfig — detection now applies to any safe-outputs workflow regardless of which specific outputs are configured. threat-detection: false remains the only way to disable it.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/features_import_test.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/importable_tools_test.go (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw YlO6lt1Fm9Pt (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json ache/go/1.25.0/x64/pkg/tool/linu-f /opt/hostedtoolcache/go/1.25.0/x64/bin/sh ithub/workflows (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha .js' --ignore-path .prettierignore --log-level=error 64/pkg/tool/linux_amd64/vet ules/.bin/node --local .cfg 64/pkg/tool/linu--show-toplevel git tion�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config son ignore .cfg DiscussionsEnabl--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha ath ../../../.pr**/*.json -tests /usr/bin/cp l (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha "prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' ---s /opt/hostedtoolcconfig /usr/bin/git rror /tmp/go-build172rev-parse r: $owner, name:--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/xconfig /usr/bin/git ithub/workflows -buildtags r: $owner, name:--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel docker /usr/bin/git k/gh-aw/gh-aw/.ggit semgrep/semgrep:rev-parse me: String!) { --show-toplevel git rev-�� --show-toplevel git 0/x64/bin/node ithub/workflows rev-parse /usr/bin/git git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha te '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettieriggit rev-parse /usr/bin/git se 8389659/b180/vetrev-parse ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/xrev-parse /home/node_modules/.bin/node ithub/workflows (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel git /usr/bin/git /home/REDACTED/worgit rev-parse ode_modules/.bin--show-toplevel git rev-�� --show-toplevel infocmp /usr/bin/git on' --ignore-patgit (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows on rkflow/js/**/*.json remote.origin.urgit erignore ithub/workflows/--show-toplevel git -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config /home/REDACTED/work/_temp/ghcca-node/node/bin/sh ./../.prettieriggit ithub/workflows/rev-parse me: String!) { --show-toplevel sh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha te '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettieriggit config /usr/bin/infocmp remote.origin.urgit 8389659/b175/vetrev-parse $name) { has--show-toplevel infocmp -1 xterm-color ache/go/1.25.0/xconfig /home/REDACTED/work/gh-aw/node_modules/.bin/node ithub/workflows /home/REDACTED/worrev-parse $name) { has--show-toplevel node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha te '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettieriggit --jq /opt/hostedtoolcache/uv/0.11.1/x86_64/bash se 8389659/b172/vetrev-parse ache/go/1.25.0/x--show-toplevel bash --no�� --noprofile ache/go/1.25.0/x-f /opt/hostedtoolcache/node/24.14.0/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/n--show-toplevel ithub/workflows 8389659/b321/vetrev-parse /opt/hostedtoolc--show-toplevel node (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config on rkflow/js/**/*.jgit 8389659/b173/vetrev-parse erignore git -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config /home/REDACTED/work/gh-aw/gh-aw/actions/node_modules/.bin/node remote.origin.urgit (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config on rkflow/js/**/*.jgit k/gh-aw/gh-aw/pkrev-parse erignore infocmp -1 xterm-color ache/go/1.25.0/xconfig /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/node ithub/workflows (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha ithub/workflows x_amd64/vet /bin/sh get --local r: $owner, name:--show-toplevel /bin/sh -c */*.ts' '**/*.json' --ignore-path ../../../.pret.prettierignore 64/pkg/tool/linu-f ndor/bin/sh --local .cfg r: $owner, name:--show-toplevel git (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --abbrev-ref .cfg r: $owner, name: $name) { hasDiscussionsEnabled } } (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility get --local 64/pkg/tool/linux_amd64/cgo user.name (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility se 8389659/b172/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha --verify .cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha ithub/workflows rev-parse er: String!, $name: String!) { repository(owne--ignore-path get --local ed } } git cat-�� */*.ts' '**/*.json' --ignore-path ../../../.prettierignore a44a858cf26e58c7131412cc75b9f683eeb72bdd:go.mod /usr/bin/git --local .cfg x_amd64/link git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows -f /usr/bin/git -f owner=github -f git for-�� */*.ts' '**/*.json' --ignore-path ../../../.prettierignore %(refname) ode --merged a44a858cf26e58c7rev-parse DiscussionsEnabl--show-toplevel /usr/bin/gh (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha ignore-path ../../../.prettierignore -buildtags 951036/b001/_pkg-f -errorsas -ifaceassert -nilfunc /tmp/go-build1728389659/b001/worconfig -tes�� ithub/workflows -test.timeout=10m0s /home/REDACTED/work/_temp/uv-python-dir/bash l (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha _test.go (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ignore-path ../../../.prettierignore -buildtags me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } l -ifaceassert -nilfunc git rev-�� ithub/workflows -tests /home/REDACTED/.local/bin/bash (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Copilot wasn't able to review this pull request because it exceeds the maximum number of lines (20,000). Try reducing the number of changed lines and requesting a review from Copilot again.

[pelikhan]

@copilot fix https://github.com/github/gh-aw/actions/runs/23518803079/job/68457316775

[Copilot]

@copilot fix CI / Integration: Workflow Infra (pull_request)Failing after 41s

Fixed in 50cd9d1. The TestCacheMemoryWithThreatDetection integration test was still checking for the old condition needs.agent.outputs.detection_success == 'true' and - agent dependency. Updated to needs.detection.outputs.detection_success == 'true' and - detection to match the separate detection job. Also cleaned up stale comments in compiler_jobs.go and known_needs_expressions_test.go.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -bool -buildtags /tmp/go-build2839656002/b001/workflow.test -errorsas -ifaceassert -nilfunc /tmp/go-build2839656002/b001/workflow.test -tes�� -test.paniconexit0 -test.timeout=10m0s /home/REDACTED/.dotnet/tools/bash -test.run=TestCagit (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --local user.email cfg (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -bool -buildtags (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -bool -buildtags /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /usr/local/.ghcup/bin/bash -errorsas -ifaceassert -nilfunc bash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha TRNb/B3Pp5cAFTVZO0nc-TRNb -buildtags /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc 575374/b374/importcfg -uns�� k/gh-aw/gh-aw/pkg/workflow/features_import_test.go k/gh-aw/gh-aw/pkg/workflow/importable_tools_test.go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build874575374/b081/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build874575374/b077/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build874575374/b101/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -bool -buildtags /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /opt/hostedtoolcache/node/24.14.0/x64/bin/bash -errorsas -ifaceassert -nilfunc bash (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha etection-job-structure^{commit} --local cfg user.name (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha get --local ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet user.email (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha get cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet user.name (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/action_resolver_test.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/action_sha_checker.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/action_sha_checker_integration_test.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/action_sha_checker_test.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/action_sha_validation_test.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/activation_checkout_test.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/activation_github_token_test.go (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

@copilot use ubuntu-latest image runner in detection

Fixed in 76b2ce1. The detection job now uses ubuntu-latest as its default runner instead of inheriting the safe-outputs runner. The threat-detection.runs-on override still works if a custom runner is needed.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw flow (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw oGkbmtSzufFE1cfG-1 (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility get .cfg 64/pkg/tool/linux_amd64/vet http.https://git/usr/bin/gh (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha ath ../../../.pr**/*.json (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha ucture^{commit} (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[pelikhan]

@copilot add step that pulls containers for awf (no others needed)

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[Copilot]

@copilot add step that pulls containers for awf (no others needed)

Fixed in d0717a1. Added buildPullAWFContainersStep which pre-pulls only the 3 AWF firewall containers (squid, agent, api-proxy) before the detection guard step. The step is generated by reusing collectDockerImages with a minimal WorkflowData that has SandboxTypeAWF and no MCP tools, so only AWF images are collected.

Example generated step:

- name: Download container images
  run: bash ${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.25.0 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.0 ghcr.io/github/gh-aw-firewall/squid:0.25.0

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw w8/oRZ7gTuFxgACo/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/pre�� (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw go integration_test"prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore x_amd64/vet er _test.go oken_test.go 64/pkg/tool/linux_amd64/cgo committer.name (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json --global x_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --local cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha get --local x_amd64/vet http.https://gitsh (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha etection-job-structure^{commit} --local x_amd64/vet credential.userngit (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	4.52.4
curl	✅	8.5.0
gh	✅	2.87.3
node	✅	20.20.1
python3	✅	3.12.3
go	✅	1.24.13
java	✅	10.0.102
dotnet	✅	10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test · ◷

[github-actions]

🔬 Smoke test §23522535542 — @Copilot / assignees: @pelikhan @Copilot

Test
GitHub MCP	✅
mcpscripts-gh	✅
Serena MCP	❌
Playwright	✅
Web Fetch	✅
File Write + Bash	✅
Discussion Comment	✅
Build	✅
Discussion Create	✅
Haiku Dispatch	✅
PR Review	✅

Overall: ⚠️ PARTIAL PASS (11/12) — Serena MCP not available

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions]

Smoke test review ✅ — PR moves threat detection to a dedicated job, creating a cleaner workflow DAG. Output interface is properly cleaned up.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

✅ The removal of detection_conclusion and detection_success outputs from the agent job is a clean design choice — these outputs now live in the dedicated detection job where they belong.

[github-actions]

🔀 Moving threat detection into its own detection job creates a cleaner agent → detection → safe_outputs/conclusion DAG, improving isolation and auditability.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke test run 23522535570: PASS

Merged PRs:

• Add CODEOWNERS to protected files set #22821 Add CODEOWNERS to protected files set
• fix: use floating point for PRU computation in extractPremiumRequestCount #22820 fix: use floating point for PRU computation in extractPremiumRequestCount

Results: GitHub MCP ✅ | Serena ✅ | Playwright ✅ | Web-fetch ✅ | File+cat ✅ | Build ✅

🔮 The oracle has spoken through Smoke Codex · ◷