Allow secrets in step-level env: bindings under strict mode#25747
Closed
Allow secrets in step-level env: bindings under strict mode#25747
Conversation
In strict mode, secrets in step-level env: bindings are now allowed because they are controlled bindings that are automatically masked by GitHub Actions. Secrets in other step fields (run, with, etc.) are still treated as errors. This enables workflows that need to pass tool credentials to CLI tools via environment variables without requiring strict: false. Fixes #24831 Agent-Logs-Url: https://github.com/github/gh-aw/sessions/69aadbf2-ba69-4b70-b1d4-3e0ca143bc92 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix strict mode blocking secrets in step env bindings
Allow secrets in step-level env: bindings under strict mode
Apr 11, 2026
Collaborator
|
@copilot Add integration tests |
Add full compilation integration tests that verify: - Secrets in step-level env: bindings compile successfully in strict mode - Multiple secrets across multiple steps in env: compile - pre-steps and post-steps env secrets compile - GITHUB_TOKEN mixed with user secrets in env: compiles - Secrets in run/with fields are still blocked in strict mode - Mixed env + non-env secrets correctly block on non-env only - Error message suggests env: bindings as alternative - Non-strict mode allows all step secrets with warning Agent-Logs-Url: https://github.com/github/gh-aw/sessions/a0c18b3c-f110-48b2-a4a3-aa1447934a32 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Added integration tests in
|
Contributor
|
Hey This PR looks well-aligned with the project's contribution guidelines and ready for maintainer review. A few quick observations for context:
The PR is still marked as draft — once you're satisfied with the changes, marking it ready for review will help Overall this looks 🟢 aligned and in great shape!
|
This was referenced Apr 11, 2026
Closed
Contributor
There was a problem hiding this comment.
Pull request overview
Updates strict-mode secrets validation for custom steps so that secrets referenced only in step-level env: bindings are permitted (while secrets in run:, with:, etc. remain blocked), aligning strict mode with GitHub Actions’ masked env surface.
Changes:
- Added
classifyStepSecrets()to partition secret references intoenvvs non-envlocations per step. - Updated
validateStepsSectionSecrets()to error only on non-env(“unsafe”) secret references in strict mode, and to suggestenv:bindings in the error message. - Updated/added unit and integration tests to cover env-only allowance and mixed env+unsafe cases.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/strict_mode_steps_validation.go | Implements env-vs-unsafe secret classification and strict-mode enforcement changes. |
| pkg/workflow/strict_mode_steps_validation_test.go | Updates unit tests for env-only allowance and adds direct tests for classifyStepSecrets. |
| pkg/workflow/strict_mode_steps_secrets_integration_test.go | Adds integration coverage for full compilation with env-only secrets allowed and unsafe secrets blocked. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 3/3 changed files
- Comments generated: 2
Comment on lines
+117
to
+129
| func classifyStepSecrets(step any) (unsafeRefs, envRefs []string) { | ||
| stepMap, ok := step.(map[string]any) | ||
| if !ok { | ||
| // Non-map steps: all secrets are considered unsafe. | ||
| return extractSecretsFromStepValue(step), nil | ||
| } | ||
| for key, val := range stepMap { | ||
| refs := extractSecretsFromStepValue(val) | ||
| if key == "env" { | ||
| envRefs = append(envRefs, refs...) | ||
| } else { | ||
| unsafeRefs = append(unsafeRefs, refs...) | ||
| } |
There was a problem hiding this comment.
classifyStepSecrets treats any secrets found under the env key as safe regardless of the env field’s type. This creates a strict-mode bypass for malformed steps like env: "${{ secrets.TOKEN }}" (string/array/etc.), where the secret is not actually a step env binding but would still be allowed.
Consider only classifying secrets as envRefs when env is a mapping type (e.g., map[string]any / map[string]string). If env is not a map, classify its secrets as unsafe (or fail validation earlier). Adding a unit test for the non-map env case would prevent regressions.
| expectedUnsafe: []string{"${{ secrets.LEAKED }}"}, | ||
| expectedEnv: []string{"${{ secrets.SAFE }}"}, | ||
| }, | ||
| { |
There was a problem hiding this comment.
The new strict-mode allowance for env secrets should include a regression test for malformed env values (e.g., env is a string/slice instead of a map). Without this, a workflow could potentially bypass strict mode by placing a secret expression under an invalid env type that is still classified as safe.
Add a TestClassifyStepSecrets case (and/or TestValidateStepsSecrets) asserting that secrets under non-map env are treated as unsafe and still fail strict mode.
Suggested change
| { | |
| { | |
| name: "secret in malformed string env is unsafe", | |
| step: map[string]any{ | |
| "name": "Malformed env step", | |
| "env": "${{ secrets.TOKEN }}", | |
| "run": "echo hi", | |
| }, | |
| expectedUnsafe: []string{"${{ secrets.TOKEN }}"}, | |
| expectedEnv: nil, | |
| }, | |
| { | |
| name: "secret in malformed slice env is unsafe", | |
| step: map[string]any{ | |
| "name": "Malformed env slice step", | |
| "env": []any{ | |
| "${{ secrets.ARRAY_TOKEN }}", | |
| }, | |
| "run": "echo hi", | |
| }, | |
| expectedUnsafe: []string{"${{ secrets.ARRAY_TOKEN }}"}, | |
| expectedEnv: nil, | |
| }, | |
| { |
Contributor
🧪 Test Quality Sentinel ReportTest Quality Score: 80/100✅ Excellent — behavioral contracts well covered
Test Classification Details📋 All 6 test functions (click to expand)
Flagged Tests — Minor Issues
|
…bindings under strict mode Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
|
Commit pushed:
|
Contributor
🏗️ Design Decision Gate — ADR RequiredThis PR makes significant changes to core business logic (554 new lines in AI has analyzed the PR diff and generated a draft ADR to help you get started: 📄 Draft ADR: The draft captures the key design decision: introducing a per-field classification of secret references ( What to do next
Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision. Why ADRs Matter
ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you. 📋 Michael Nygard ADR Format ReferenceAn ADR must contain these four sections to be considered complete:
All ADRs are stored in
Note 🔒 Integrity filter blocked 1 itemThe following item were blocked because they don't meet the GitHub integrity level.
To allow these resources, lower tools:
github:
min-integrity: approved # merged | approved | unapproved | none
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
This PR requires an Architecture Decision Record (ADR) before it can merge. A draft ADR has been generated and committed to your branch at docs/adr/0001-allow-secrets-in-step-env-bindings-under-strict-mode.md. Please review, complete, and link it in the PR body. See the comment above for instructions.
Collaborator
|
@copilot merge main, review comments, fix conflicts |
…de-secrets-issue Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Secrets under non-map env fields (string, slice, etc.) are now classified
as unsafe to prevent strict-mode bypass via malformed YAML like:
env: "${{ secrets.TOKEN }}"
Added regression tests for both classifyStepSecrets and
validateStepsSecrets covering malformed string and slice env values.
Addresses review feedback from copilot-pull-request-reviewer.
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/7d544dbb-98d3-4ad6-9aae-3d5e269e44d9
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in f3c652c:
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Collaborator
|
@copilot merge main and recompile |
…de-secrets-issue # Please enter a commit message to explain why this merge is necessary, # especially if it merges an updated upstream into a topic branch. # # Lines starting with '#' will be ignored, and an empty message aborts # the commit. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Merged main (no conflicts) and recompiled all 187 workflows successfully in 3a9e024. No lock file changes were needed. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Copilot AI
added a commit
that referenced
this pull request
Apr 11, 2026
Strict mode blocks all secrets.* in user-defined steps, but step-level env: bindings are controlled, masked surfaces — functionally equivalent to what the framework's own generated jobs do. The validation now classifies secrets by location within each step: - env: bindings → allowed (masked by Actions, scoped to step) - run:, with:, other fields → still blocked (inline interpolation) Add classifyStepSecrets() helper, update validateStepsSectionSecrets(), improve error message to suggest env: bindings as alternative. Refs: #25747 Agent-Logs-Url: https://github.com/github/gh-aw/sessions/cbccafb7-fb26-495b-85dc-786315599518 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Strict mode blocks all
secrets.*in user-defined steps, but step-levelenv:bindings are controlled, masked surfaces — functionally equivalent to what the framework's own generated jobs do. This forces workflows needing tool credentials (API tokens, OAuth keys) to disable strict mode entirely viastrict: false, losing all other protections.The validation now classifies secrets by location within each step:
env:bindings → allowed (masked by Actions, scoped to step)run:,with:, other fields → still blocked (inline interpolation, potential leak)Changes
classifyStepSecrets()— new helper that partitions a step's secret refs intounsafeRefs(non-env fields) andenvRefs(env bindings)validateStepsSectionSecrets()— now only errors onunsafeRefsin strict mode; env-only secrets pass throughenv:bindings as an alternativeExample
This now compiles under strict mode:
While this is still blocked:
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -trimpath /tmp/go-build218--show-toplevel git rev-�� --show-toplevel /tmp/go-build218962774/b406/constants.test /usr/bin/git -test.paniconexigit -test.v=true /usr/bin/gh git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git go env -json GO111MODULE modules/@npmcli/run-script/lib/node-gyp-bin/node GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -c=4 -nolocalimports -importcfg /tmp/go-build218962774/b411/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go LtLQmmiTOziM env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name ithub/workflows GO111MODULE ache/go/1.25.8/x64/bin/sh GOINSECURE GOMOD GOMODCACHE go env ock.yml GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD ed } } go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel 64/pkg/tool/linutest@example.com /usr/bin/infocmp -obugO3Wj om/segmentio/asmapi ache/go/1.25.8/x/repos/github/gh-aw-actions/git/ref/tags/v0.1.2 infocmp -1 xterm-color ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 3982010/b159/_pknode om/segmentio/enc/opt/hostedtoolcache/node/24.14.1/x64/bin/npm cfg git(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git mpiledOutput3762git rev-parse 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git pload-artifact/gnode rev-parse 64/pkg/tool/linuinstall git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha /v1.0.0(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha GOMODCACHE go om/myorg/repo.git ck '**/*.cjs' '*git GO111MODULE k/_temp/uv-pytho--show-toplevel git init�� GOMODCACHE go /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 3982010/b154/_pkg_.a om/google/jsonschema-go@v0.4.2/jsonschema/annotations.go cfg GOINSECURE ntio/asm/internaremote GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile env 3982010/b143/_pkg_.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE ntio/encoding/jsrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linutest@example.com(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel ache/go/1.25.8/x^remote\..*\.gh-resolved$ /usr/bin/git -json bR-V/1lTwEKDRhnW-c ache/go/1.25.8/xexport GOROOT="/tmp/TestGetNpmBinPathSetup_GorootOrdering1003089226/001/go/1.25.0/x64"; export PATH="$(find "/tmp/TestGetNpmBinPathSetup_GorootOrdering1003089226/001" -maxdepth 4 -type d -name bin 2>/dev/null | tr '\n' ':')$PATH"; [ -n "$GO ROOT" ] && expo rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/include /usr/bin/git 3982010/b037/impgit GO111MODULE e/git-receive-pa--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel go /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel node /usr/bin/git /tmp/TestHashStagit x_amd64/compile /usr/bin/git git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha GOMODCACHE 64/pkg/tool/linux_amd64/compile /bin/sh g_.a GO111MODULE 64/pkg/tool/linu--show-toplevel /bin/sh -c f() { test "$1" = get && echo "******"; }; f get f() { test "$1" = get && echo "******"; }; f get /usr/bin/git mpiledOutput2074git 1y3cTijPK At,event,headBra--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linuremote /usr/bin/git ty-test.md GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linuremote.origin.url /usr/bin/git mpiledOutput2049git dtNyzpRaw At,event,headBra--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 1/x64/bin/node /usr/bin/infocmp mrfP/Z8h6TsDdn-6git go /usr/bin/git infocmp -1 xterm-color 962774/b443/importcfg /usr/bin/git k/gh-aw/gh-aw/pkgit k/gh-aw/gh-aw/pkrev-parse /usr/bin/git git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linurev-parse /usr/bin/git archie.md faultBranchFromLrev-parse 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git /tmp/go-build142git cfg /opt/hostedtoolc--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel git /usr/bin/git /ref/tags/v9 config /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git /actions/secretsgit config /usr/bin/infocmp--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v9/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build1423982010/b253/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/semverutil/semverutil.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env sm-opt -Oz (size optimization)..."; \ BEFORE=$(wc -c < gh-aw.wasm); \ wasm-opt -Oz --enable-bugit GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/asm /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link -json GO111MODULE 64/pkg/tool/linu--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link -o /tmp/go-build218962774/b452/workflow.test -importcfg /usr/bin/git -s -w -buildmode=exe git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git plorer.md config me: String!) { --show-toplevel git rev-�� --show-toplevel infocmp /usr/bin/infocmp 4190604476/.githgit go me: String!) { --show-toplevel infocmp(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel pd/XJ3yBE12j21iuxq3TT-m/ckFlJ1_Qconfig /usr/lib/git-core/git g_.a GO111MODULE 64/pkg/tool/linu--show-toplevel /usr/lib/git-core/git remo�� origin REDACTED /usr/bin/git g_.a xCmVfTE68 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --git-dir infocmp /usr/bin/git LsRemoteWithRealgit LsRemoteWithRealrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp 4190604476/.githgit go(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha . l /usr/bin/git --ignore-path node 64/bin/go git -C /tmp/TestGuardPolicyMinIntegrityOnlyCompiledOutput2044008935/001 config clusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle remote.origin.urgit GO111MODULE 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE $name) { has--show-toplevel git -C /tmp/gh-aw-test-runs/20260411-034709-49738/test-463697477/.github/workflows config /usr/bin/git remote.origin.urgit 3077861552/001' me: String!) { --show-toplevel git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha 3982010/b256/_pkg_.a REzZ/UVSmm-gThuyfG0BeREzZ 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet -o api-consumption-report.md KCNC/8pxJci1-OLrDK7hiKCNC 962774/b418=> -p internal/chacha8rev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/xrepos/{owner}/{repo}/actions/runs/12346/artifacts(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha ithub/workflows PhBz/zFhWbVgzMlk1T9iaPhBz e/git GOINSECURE GOMOD GOMODCACHE e/git -o mplied -trimpath trepo.git -p set -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x1(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha 3982010/b115/importcfg 1tRE/zlLpwqk7lm3kTMme1tRE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile ."; \ BEFORE=$(git GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -o 3982010/b251/importcfg -trimpath(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/docker/build-push-action/git/ref/tags/v7/usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE h GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6/usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq .object.sha -json GO111MODULE oFiles,IgnoredOtherFiles,CFiles,CgoFiles,CXXFiles,MFiles,HFiles,FFiles,SFiles,SwigFiles,SwigCXXFxterm-color GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x-f GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE tions/setup/js/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4/usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq .object.sha -json GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 86_64/node GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE tions/node_modul-f GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/usr/bin/gh gh api /repos/github/gh-aw --jq .visibility -json GO111MODULE tions/setup/js/node_modules/.bin-f GOINSECURE GOMOD GOMODCACHE go 1/x6�� -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --git-dir 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a oding@v0.5.4/jsorev-parse 64/pkg/tool/linu--show-toplevel /usr/bin/git remo�� -v 64/pkg/tool/linux_amd64/compile /usr/bin/git y_with_repos=pubgit YGaDW_VvF 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel infocmp /usr/bin/git xterm-color make /usr/bin/docker git rev-�� --show-toplevel docker /usr/bin/gh 885925528/.githugit :latest /usr/bin/git gh(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha mKXx/M289NJ7fl33W_GzsmKXx(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --bare --initial-branch=master ache/node/24.14.1/x64/bin/node -json GO111MODULE ache/go/1.25.8/x--show-toplevel ache/node/24.14.1/x64/bin/node 4751�� ts.result rev-parse /usr/bin/git ithub/workflows GO111MODULE k/gh-aw/gh-aw/ac--show-toplevel git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha run --auto e/git sions.md -nolocalimports -importcfg e/git -C /tmp/TestGuardPolicyTrustedUsersCompiledOutput3557964937/001 config /usr/bin/infocmp remote.origin.urgit GO111MODULE 64/bin/go infocmp(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmain_branch2019653335/001' git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmain_branch2019653335/001' /usr/bin/git -json rty ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE repository(owne--show-toplevel git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name 5.0/deviceauth.go 64/pkg/tool/linux_amd64/compile GOINSECURE 64 GOMODCACHE 64/pkg/tool/linuTest User env 3621218173 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE go-sdk/oauthex GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 h1Ee82J5b 64/pkg/tool/linux_amd64/cgo GOINSECURE l/format GOMODCACHE 64/pkg/tool/linutest@example.com env t5smDhwOz GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name go /usr/bin/git l GO111MODULE ed } } git -C kflows/prompt-clustering-analysis.lock.yml config /usr/bin/git remote.origin.urgit GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name 0/internal/catmsg/catmsg.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile env g_.a J9_2Hh5RJ ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE r GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 4LOc7tzcC 64/pkg/tool/linux_amd64/compile GOINSECURE tants GOMODCACHE 64/pkg/tool/linux_amd64/compile env e-analyzer.md GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name go er: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabl--get -json GO111MODULE 64/bin/go docker imag�� k/gh-aw/gh-aw/.github/workflows ghcr.io/github/serena-mcp-server:latest me: String!) { repository(owner: $owner, name:-nilfunc l GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile env g_.a ortcfg 64/pkg/tool/linux_amd64/link GOINSECURE g 64/src/reflect/auser.email 64/pkg/tool/linutest@example.com(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 0/message/catalog.go 64/pkg/tool/linux_amd64/compile GOINSECURE cha8_stub.o 64/src/internal//home/REDACTED/work/gh-aw/gh-aw/.github/workflows/agentic-observability-kit.md 64/pkg/tool/linux_amd64/compile env g_.a Bzwz7Kv-X ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE chema/v6/kind GOMODCACHE ache/go/1.25.8/xremote.origin.url(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name -f /usr/bin/gh -f owner=github DiscussionsEnabl--show-toplevel /usr/bin/gh api 2828872641 -f ck -f owner=github -f docker(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name rotocol/go-sdk@v1.5.0/oauthex/auth_meta.go 64/pkg/tool/linux_amd64/compile GOINSECURE(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE _other.o 64/src/crypto/in--show-toplevel 64/pkg/tool/linux_amd64/vet env -json cfg 64/pkg/tool/linux_amd64/compile GOINSECURE th_wasm.o 64/src/math/big/--show-toplevel 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name rev-parse /usr/bin/git ath ../../../.prgit GO111MODULE 64/bin/go git rev-�� 901502626/custom/workflows go er: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabl--get-regexp re GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name rotocol/go-sdk@v1.5.0/mcp/client.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE er GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 NgK5Xenpy 64/pkg/tool/linu-importcfg GOINSECURE l/errors GOMODCACHE 64/pkg/tool/linuTest User env _.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE setup/js/node_morev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name config 64/bin/go remote.origin.urgit GO111MODULE 64/bin/go git -C k/gh-aw/gh-aw/.github/workflows config /usr/bin/git l GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name rotocol/go-sdk@v1.5.0/auth/auth.go 64/pkg/tool/linux_amd64/compile GOINSECURE ty.o 64/src/internal/--git-dir 64/pkg/tool/linux_amd64/compile env 3621218173 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE go-sdk/mcp GOMODCACHE 64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE er abis 64/pkg/tool/linux_amd64/vet env PefC8rlji ortcfg k GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD abis r env 3621218173 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE ache/go/1.25.8/x-nolocalimports GOINSECURE(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name go /usr/bin/gh ath ../../../.prgit GO111MODULE 64/bin/go /usr/bin/gh api 901502626/custom/workflows -f k -f owner=github -f /usr/bin/gh(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path -m -json 64/bin/go npx prettier --w/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile x_amd64/vet 64/bin/go go env -json go 64/bin/go GOINSECURE GOMOD y.s go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linuremote1 env g_.a 5-yTJqrnP /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE age GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/link /usr/bin/git agent-persona-exgit k/gh-aw/gh-aw/pkrev-parse e/git-upload-pac--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-goversion /usr/bin/git /tmp/go-build142git pkg/mod/github.crev-parse 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel go cfg git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url /usr/bin/git graphql -f ache/go/1.25.8/x--show-toplevel git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha til.go o 64/pkg/tool/linux_amd64/compile GOINSECURE go-sdk/internal/rev-parse abis 64/pkg/tool/linux_amd64/compile env 06/001/test-simple-frontmatter.m-p ortcfg ache/go/1.25.8/x64/pkg/tool/linu-lang=go1.25 GOINSECURE til GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-goversion(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha k/gh-aw/gh-aw/.github/workflows go /usr/bin/infocmp -json GO111MODULE 64/bin/go infocmp -1 k/gh-aw/gh-aw/.github/workflows go /usr/bin/git l GO111MODULE ed } } git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json .go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json l/format/format.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env 193183293/001 193183293/002/work x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE(http block)https://api.github.com/repos/githubnext/agentics/git/ref/tags/-/usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha -json GO111MODULE $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ode_modules/.bin/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha g_.a QyquJZDcH /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE go-sdk/internal/rev-parse GOMODCACHE go env 7DvO3RCYu GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ithub/workflows iptables /usr/bin/git l security 64/bin/go git rev-�� edOutput1157528882/001 go 64/pkg/tool/linux_amd64/compile ath ../../../.prgit GO111MODULE ed } } 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE _wasm.o 64/src/runtime/s--show-toplevel 64/pkg/tool/linux_amd64/vet env -json Q8gElMZ6A k GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion re GO111MODULE 64/bin/go git show�� efaultBranchFromLsRemoteWithRealGitbranch_with_hyphen1909269643/001' efaultBranchFromLsRemoteWithRealGitbranch_with_hyphen1909269643/001' /usr/bin/git l GO111MODULE $name) { has--paginate git(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo -nolocalimports -importcfg /tmp/go-build218962774/b415/importcfg -pack /tmp/go-build218962774/b415/_testmain.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env heck '**/*.cjs' '**/*.ts' '**/*.remote.origin.url GO111MODULE me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build218962774/b397/cli.test /tmp/go-build218962774/b397/cli.test -test.testlogfile=/tmp/go-build218962774/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build1423982010/b216/importcfg -pack -o /tmp/go-build281-p -trimpath 64/bin/go -p github.com/githu-o -lang=go1.25 go(http block)/tmp/go-build908670536/b397/cli.test /tmp/go-build908670536/b397/cli.test -test.testlogfile=/tmp/go-build908670536/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE 1; \ fi env ck.yml GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name /tmp/go-build281-p -trimpath 64/bin/go -p main -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE cal/bin/sh GOINSECURE GOMOD GOMODCACHE go env lifier.lock.yml GO111MODULE tnet/tools/sh GOINSECURE GOMOD ode-gyp-bin/sh go(http block)If you need me to access, download, or install something from one of these locations, you can either: