diff --git a/pkg/cli/workflows/example-custom-error-patterns.md b/pkg/cli/workflows/example-custom-error-patterns.md deleted file mode 100644 index 205435b1ca1..00000000000 --- a/pkg/cli/workflows/example-custom-error-patterns.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -on: - issues: - types: [opened] -rate-limit: - max: 5 - window: 60 -permissions: - contents: read - issues: read - pull-requests: read -engine: - id: copilot - error_patterns: - - pattern: 'CUSTOM_ERROR:\s+(.+)' - level_group: 0 - message_group: 1 - description: "Custom project-specific error format" - - pattern: '\[BUILD_FAILED\]\s+(.+)' - level_group: 0 - message_group: 1 - description: "Build failure indicator" ---- - -# Example: Custom Error Patterns - -This workflow demonstrates how to define custom error patterns on any agentic engine. -Custom error patterns help detect project-specific error formats in agent logs. - -## Features - -- Works with any engine (Copilot, Claude, Codex, Custom) -- Can be imported from shared workflows -- Merged with engine's built-in error patterns -- Useful for project-specific error filtering diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json index 043a3afd475..80d4996f193 100644 --- a/pkg/parser/schemas/main_workflow_schema.json +++ b/pkg/parser/schemas/main_workflow_schema.json @@ -3042,10 +3042,6 @@ "description": "HTTPS URL pattern with optional wildcards (e.g., 'https://github.com/githubnext/*')" }, "examples": [["https://github.com/githubnext/*", "https://api.github.com/repos/*"]] - }, - "cleanup-script": { - "type": "string", - "description": "Path to cleanup script run after AWF shuts down (default: ./scripts/ci/cleanup.sh)" } }, "additionalProperties": false @@ -9163,40 +9159,6 @@ "type": "string" } }, - "error_patterns": { - "type": "array", - "description": "Custom error patterns for validating agent logs", - "items": { - "type": "object", - "description": "Error pattern definition", - "properties": { - "id": { - "type": "string", - "description": "Unique identifier for this error pattern" - }, - "pattern": { - "type": "string", - "description": "Ecma script regular expression pattern to match log lines" - }, - "level_group": { - "type": "integer", - "minimum": 0, - "description": "Capture group index (1-based) that contains the error level. Use 0 to infer from pattern content." - }, - "message_group": { - "type": "integer", - "minimum": 0, - "description": "Capture group index (1-based) that contains the error message. Use 0 to use the entire match." - }, - "description": { - "type": "string", - "description": "Human-readable description of what this pattern matches" - } - }, - "required": ["pattern"], - "additionalProperties": false - } - }, "config": { "type": "string", "description": "Additional TOML configuration text that will be appended to the generated config.toml in the action (codex engine only)" diff --git a/pkg/workflow/engine.go b/pkg/workflow/engine.go index 76955165d6e..2473dd47dbc 100644 --- a/pkg/workflow/engine.go +++ b/pkg/workflow/engine.go @@ -24,9 +24,8 @@ type EngineConfig struct { Env map[string]string Config string Args []string - Firewall *FirewallConfig // AWF firewall configuration - Agent string // Agent identifier for copilot --agent flag (copilot engine only) - APITarget string // Custom API endpoint hostname (e.g., "api.acme.ghe.com" or "api.enterprise.githubcopilot.com") + Agent string // Agent identifier for copilot --agent flag (copilot engine only) + APITarget string // Custom API endpoint hostname (e.g., "api.acme.ghe.com" or "api.enterprise.githubcopilot.com") // Inline definition fields (populated when engine.runtime is specified in frontmatter) IsInlineDefinition bool // true when the engine is defined inline via engine.runtime + optional engine.provider @@ -277,44 +276,6 @@ func (c *Compiler) ExtractEngineConfig(frontmatter map[string]any) (string, *Eng } } - // Extract optional 'firewall' field (object format) - if firewall, hasFirewall := engineObj["firewall"]; hasFirewall { - if firewallObj, ok := firewall.(map[string]any); ok { - firewallConfig := &FirewallConfig{} - - // Extract enabled field (defaults to true for copilot) - if enabled, hasEnabled := firewallObj["enabled"]; hasEnabled { - if enabledBool, ok := enabled.(bool); ok { - firewallConfig.Enabled = enabledBool - } - } - - // Extract version field (empty = latest) - if version, hasVersion := firewallObj["version"]; hasVersion { - if versionStr, ok := version.(string); ok { - firewallConfig.Version = versionStr - } - } - - // Extract log-level field (default: "debug") - if logLevel, hasLogLevel := firewallObj["log-level"]; hasLogLevel { - if logLevelStr, ok := logLevel.(string); ok { - firewallConfig.LogLevel = logLevelStr - } - } - - // Extract cleanup-script field (default: "./scripts/ci/cleanup.sh") - if cleanupScript, hasCleanupScript := firewallObj["cleanup-script"]; hasCleanupScript { - if cleanupScriptStr, ok := cleanupScript.(string); ok { - firewallConfig.CleanupScript = cleanupScriptStr - } - } - - config.Firewall = firewallConfig - engineLog.Print("Extracted firewall configuration") - } - } - // Extract optional 'api-target' field (custom API endpoint for any engine) if apiTarget, hasAPITarget := engineObj["api-target"]; hasAPITarget { if apiTargetStr, ok := apiTarget.(string); ok && apiTargetStr != "" { diff --git a/pkg/workflow/firewall.go b/pkg/workflow/firewall.go index 04ac608ff61..a04060a36d5 100644 --- a/pkg/workflow/firewall.go +++ b/pkg/workflow/firewall.go @@ -13,13 +13,12 @@ var firewallLog = logger.New("workflow:firewall") // FirewallConfig represents AWF (gh-aw-firewall) configuration for network egress control. // These settings are specific to the AWF sandbox and do not apply to Sandbox Runtime (SRT). type FirewallConfig struct { - Enabled bool `yaml:"enabled,omitempty"` // Enable/disable AWF (default: true for copilot when network restrictions present) - Version string `yaml:"version,omitempty"` // AWF version (empty = latest) - Args []string `yaml:"args,omitempty"` // Additional arguments to pass to AWF - LogLevel string `yaml:"log_level,omitempty"` // AWF log level (default: "info") - CleanupScript string `yaml:"cleanup_script,omitempty"` // Cleanup script path (default: "./scripts/ci/cleanup.sh") - SSLBump bool `yaml:"ssl_bump,omitempty"` // AWF-only: Enable SSL Bump for HTTPS content inspection (allows URL path filtering) - AllowURLs []string `yaml:"allow_urls,omitempty"` // AWF-only: URL patterns to allow for HTTPS (requires SSLBump), e.g., "https://github.com/githubnext/*" + Enabled bool `yaml:"enabled,omitempty"` // Enable/disable AWF (default: true for copilot when network restrictions present) + Version string `yaml:"version,omitempty"` // AWF version (empty = latest) + Args []string `yaml:"args,omitempty"` // Additional arguments to pass to AWF + LogLevel string `yaml:"log_level,omitempty"` // AWF log level (default: "info") + SSLBump bool `yaml:"ssl_bump,omitempty"` // AWF-only: Enable SSL Bump for HTTPS content inspection (allows URL path filtering) + AllowURLs []string `yaml:"allow_urls,omitempty"` // AWF-only: URL patterns to allow for HTTPS (requires SSLBump), e.g., "https://github.com/githubnext/*" } // isFirewallDisabledBySandboxAgent checks if the firewall is disabled via sandbox.agent: false