github · pelikhan · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026
diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml
diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml
diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml
diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml
diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml
diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml
diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml
diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml
diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml
diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml
diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml
diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml
diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml
diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml
diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml
diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml
diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml
diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml
diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml
diff --git a/.github/workflows/weekly-blog-post-writer.lock.yml b/.github/workflows/weekly-blog-post-writer.lock.yml
diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml
diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml
diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml
diff --git a/pkg/workflow/compiler_difc_proxy.go b/pkg/workflow/compiler_difc_proxy.go
@@ -276,5 +276,11 @@ func difcProxyLogPaths(data *WorkflowData) []string {
 	}
 	// proxy-logs/ contains TLS certs and container stderr from the proxy
 	// (mcp-logs/ is already collected as part of standard MCP logging)
-	return []string{"/tmp/gh-aw/proxy-logs/"}
+	// Exclude proxy-tls/ because it contains the TLS private key (server.key) which is
+	// created by the Docker container with root-only permissions, causing artifact upload
+	// to fail with EACCES. The private key is ephemeral and should not be uploaded.
+	return []string{
+		"/tmp/gh-aw/proxy-logs/",
+		"!/tmp/gh-aw/proxy-logs/proxy-tls/",
+	}
 }
diff --git a/pkg/workflow/compiler_difc_proxy_test.go b/pkg/workflow/compiler_difc_proxy_test.go
@@ -362,8 +362,9 @@ func TestDIFCProxyLogPaths(t *testing.T) {
 			CustomSteps: "steps:\n  - name: Fetch\n    env:\n      GH_TOKEN: ${{ github.token }}\n    run: gh issue list",
 		}
 		paths := difcProxyLogPaths(data)
-		require.Len(t, paths, 1, "should return exactly one path")
-		assert.Contains(t, paths[0], "proxy-logs", "path should include proxy-logs directory")
+		require.Len(t, paths, 2, "should return inclusion path and proxy-tls exclusion path")
+		assert.Contains(t, paths[0], "proxy-logs", "first path should include proxy-logs directory")
+		assert.Equal(t, "!/tmp/gh-aw/proxy-logs/proxy-tls/", paths[1], "second path should exclude proxy-tls directory")
 	})
 }
 

diff --git a/pkg/workflow/step_order_validation.go b/pkg/workflow/step_order_validation.go
@@ -178,6 +178,12 @@ func (t *StepOrderTracker) findUnscannablePaths(artifactUploads []StepRecord) []
 // isPathScannedBySecretRedaction checks if a path would be scanned by the secret redaction step
 // or is otherwise safe to upload (known engine-controlled diagnostic paths).
 func isPathScannedBySecretRedaction(path string) bool {
+	// Exclusion patterns (paths starting with !) are not uploaded - they tell the artifact
+	// action to skip matching files. They do not need to be scanned by secret redaction.
+	if strings.HasPrefix(path, "!") {
+		return true
+	}
+
 	// Paths must be under /tmp/gh-aw/ or ${RUNNER_TEMP}/gh-aw/ to be scanned.
 	// Accept both literal paths and environment variable references.
 	// Engines that produce output outside /tmp/gh-aw/ must move their files into /tmp/gh-aw/

diff --git a/pkg/workflow/step_order_validation_test.go b/pkg/workflow/step_order_validation_test.go
@@ -128,6 +128,16 @@ func TestIsPathScannedBySecretRedaction_ScannableFiles(t *testing.T) {
 			path:     "${{ env.GH_AW_SAFE_OUTPUTS }}",
 			expected: true,
 		},
+		{
+			name:     "Exclusion pattern (proxy-tls directory)",
+			path:     "!/tmp/gh-aw/proxy-logs/proxy-tls/",
+			expected: true,
+		},
+		{
+			name:     "Exclusion pattern (file outside /tmp/gh-aw/)",
+			path:     "!/some/other/path/file.key",
+			expected: true,
+		},
 	}
 
 	for _, tt := range tests {