fix: add engine_counts to logs summary using aw_info.json, preventing false-positive Copilot classification by Copilot · Pull Request #26359 · github/gh-aw

Copilot · 2026-04-15T03:52:35Z

Every compiled lock file contains the word copilot in allowed-domains (api.githubcopilot.com) and workflow source paths (e.g. copilot-pr-merged-report.md@<sha>), causing the audit agent to misclassify all workflows as Copilot-engine when it naively scans lock file content.

Changes

pkg/cli/logs_report.go — Adds engine_counts map[string]int to LogsSummary, populated from engine_id in aw_info.json (already read per-run into RunData.Agent). The logs MCP tool JSON output now exposes:
```
{
  "summary": {
    "engine_counts": { "claude": 42, "copilot": 1 }
  }
}
```
Field includes a comment warning against inferring engine type from lock files.
pkg/cli/logs_report_test.go — Adds TestBuildLogsDataEngineCountsFromAwInfo covering correct per-engine accumulation from real aw_info.json fixtures.
.github/workflows/audit-workflows.md — Explicitly directs the audit agent to use summary.engine_counts and runs[].agent for engine classification, with an explicit warning against lock file scanning.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
- Triggering command: `/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) {
  repository(owner: $owner, name: $name) {
  hasDiscussionsEnabled
  }
  } -f owner=github -f name=gh-aw -embedcfg /tmp/go-build2444252789/b123/embedcfg -pack conf�� --local to LogsSummary and update audit workflow

Agent-Logs-Url: REDACTED x_amd64/vet` (http block)

Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/cmd/gh-aw/main.go git conf�� --local user.email x_amd64/vet (http block)

https://api.github.com/orgs/test-owner/actions/secrets

Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel git /usr/bin/git /tmp/shared-actish config /usr/bin/git git /pre�� --show-toplevel git /usr/bin/git = get && echo "pgo = get && echo "ptest /usr/bin/git git (http block)

https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1

Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git -json irent.go 64/pkg/tool/linu--show-toplevel /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git g_.a GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)

https://api.github.com/repos/actions/checkout/git/ref/tags/v3

Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel (http block)

https://api.github.com/repos/actions/checkout/git/ref/tags/v5

Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha _.a b-AbBFuh- ache/go/1.25.8/x64/pkg/tool/linu-nilfunc GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linutest@example.com env e0RDK6BxT GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)

Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git ole.test Tbt35DxwQ rtcfg.link git (http block)

Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linuupstream /usr/bin/git licyBlockedUsersgit s 1/x64/bin/node git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git ithub/workflows/git -buildtags /usr/bin/git git (http block)

https://api.github.com/repos/actions/github-script/git/ref/tags/v8

Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linu-goversion /usr/bin/git DefaultBranchFrogrep DefaultBranchFro^From [0-9a-f]\{40\} ache/go/1.25.8/x/tmp/gh-aw/aw-master.patch git rev-�� --show-toplevel ache/go/1.25.8/x^remote\..*\.gh-resolved$ /usr/bin/git 0637-34989/test-git GO111MODULE ache/go/1.25.8/x--show-toplevel git (http block)

https://api.github.com/repos/actions/github-script/git/ref/tags/v9

Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -goversion go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build1249348902/b222/importcfg -pack env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json sonrpc2/conn.go 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)

Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm (http block)

https://api.github.com/repos/actions/setup-go/git/ref/tags/v4

Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha GOMODCACHE x_amd64/compile /usr/bin/git 82/001 GO111MODULE x_amd64/vet git conf�� user.email test@example.com /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)

https://api.github.com/repos/actions/setup-node/git/ref/tags/v4

Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha remove upstream /usr/bin/git 49491/001 GO111MODULE 64/bin/go git init�� GOMODCACHE go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)

https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4

Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 487962/b435/_pkg_.a -test.v=true 487962/b435=> -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel infocmp -1 DtM2/clH4XbTvIN3wmpMkDtM2 -pack /usr/bin/git /tmp/go-build327git -trimpath 64/bin/go git (http block)

https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7

Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha get --local rgo/bin/bash credential.helpe/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)

Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha get --local ache/uv/0.11.6/x86_64/bash user.name (http block)

Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha get --local 86_64/git user.name (http block)

https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b

Triggering command: `/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --local to LogsSummary and update audit workflow

Agent-Logs-Url: REDACTED x_amd64/vet` (http block)

Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --local credential.username x_amd64/vet (http block)

https://api.github.com/repos/docker/build-push-action/git/ref/tags/v7

Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha rite '**/*.cjs' -f cfg 64/pkg/tool/linu-f (http block)

Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha rite '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json cfg x_amd64/vet (http block)

https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha remove myorg /usr/bin/git rity2458089327/0git GO111MODULE 64/bin/go git rev-�� --show-toplevel go 487962/b451/vet.cfg -json GO111MODULE x_amd64/compile git (http block)

https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha ithub/workflows/approach-validator.md eDvIxLANZ0cGFI5vTWRl/eDvIxLANZ0cGFI5vTWRl ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -goversion go1.25.8 -c=4 ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile rev-�� 487962/b457/_pkg_.a -pack 487962/b457=> -json b/gh-aw/scripts 64/bin/go git (http block)

https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha /tmp/go-build989487962/b415/gitutil.test -importcfg /usr/bin/git -s -w -buildmode=exe git rev-�� ons-test3657150461 -extld=gcc /usr/bin/git l GO111MODULE 64/bin/go git (http block)

https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 4187250338 06SIChxms 64/pkg/tool/linux_amd64/vet GOINSECURE rm GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)

Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 0/internal/tag/tag.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a GO111MODULE x_amd64/compile GOINSECURE age GOMODCACHE x_amd64/compile (http block)

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git 8d51�� --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linuremote /usr/bin/git git (http block)

https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env ithub/workflows KmEF_rn9z 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User (http block)

Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a 6D-KwQuTc /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name itcustom_branch1761047215/002/work /usr/bin/git --show-toplevel Lh/KVdc6Eu-CQtSeremote /usr/bin/git git rev-�� y_with_explicit_repo522226041/001 git tions/node_modules/.bin/node --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)

https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env ithub/workflows o 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)

Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a Zf4ikgLhb /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name LsRemoteWithRealGitcustom_branch1761047215/001' /usr/bin/git --show-toplevel ache/go/1.25.8/xconfig /usr/bin/git git rev-�� y_with_explicit_repo522226041/001 git de_modules/.bin/node --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)

https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build989487962/b444/_testmain.go env 4187250338 hOYFQ3cxW 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)

Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 0/internal/language/common.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linuTest User env g_.a 3GMM57Ps3 ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE gset GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu/tmp/file-tracker-test1325466020/test2.lock.yml (http block)

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git 8d51�� ut1046024116/001 git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)

https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com env g_.a rrG8ct2Bi ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE /bidi GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)

Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 _3ywvdE5S 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 1238797791 InX8DV7o_ ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel ache/go/1.25.8/x/tmp/test-process-682993123.js /usr/bin/git git rev-�� 097/001/stability-test.md git /usr/bin/git --show-toplevel ache/go/1.25.8/xremote /usr/bin/git git (http block)

https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env 4187250338 go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE a20poly1305 GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)

Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile env g_.a sNGC5r73k 64/pkg/tool/linux_amd64/vet GOINSECURE pproxy GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name LsRemoteWithRealGitbranch_with_hyphen3145538530/001' 1/x64/bin/node --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git 8d51�� ut1046024116/001 git /usr/bin/git --show-toplevel ache/go/1.25.8/xinit /usr/bin/git git (http block)

https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ylQP4Z8/vCNYLdc7D8RXanEmFBss env g_.a yVIFwLdjv ache/go/1.25.8/x64/pkg/tool/linux_amd64/cgo GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/cgo (http block)

Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 rotocol/go-sdk@v1.5.0/jsonrpc/jsonrpc.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 1238797791/.github/workflows LamLkoYmy ache/go/1.25.8/x64/pkg/tool/linu-nilfunc GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote (http block)

Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name itbranch_with_hyphen3145538530/002/work 64/bin/node --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git 8d51�� ut1046024116/001 git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)

https://api.github.com/repos/github/gh-aw/actions/workflows

Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 (http block)

Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-test-12345 --limit 6 (http block)

Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-ci-test-67890 --limit 6 (http block)

https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git -U7HTRxJB GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linutest@example.com /usr/bin/git 9348902/b024/_pk/bin/sh om/goccy/go-yaml-c ache/go/1.25.8/xgit-upload-pack 'origin' git (http block)

https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha edOutput2348230747/001 YGaDW_VvF 64/pkg/tool/linux_amd64/vet GOINSECURE o8601 GOMODCACHE 64/pkg/tool/linux_amd64/vet env report.md GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)

https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE x_amd64/cgo GOINSECURE GOMOD GOMODCACHE x_amd64/cgo env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha js/**/*.json' ---test.timeout=10m0s git /usr/bin/git --show-toplevel x_amd64/compile /usr/bin/git git rev-�� --show-toplevel git /usr/bin/wc --show-toplevel 64/pkg/tool/linu/tmp/js-hash-test-779950780/test-hash.js /usr/bin/git wc (http block)

https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json 8 x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha js/**/*.json' ---errorsas node /usr/bin/git /home/REDACTED/wornode x_amd64/compile /opt/hostedtoolc/tmp/TestHashConsistency_GoAndJavaScript2458182574/001/test-complex-frontmatter-with-tools.md git _bra�� --show-toplevel /flatted/flatted.go /usr/bin/basename env.NODE_VERSIONnode 64/pkg/tool/linu/tmp/js-hash-test-3359098679/test-hash.js /usr/bin/git basename (http block)

https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)

Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha js/**/*.json' --ignore-path ../../../.prettierignore git /usr/bin/git --show-toplevel x_amd64/compile /opt/hostedtoolc--get git 4146�� nt >/dev/null 2>&1 /opt/hostedtoolcache/node/24.14.1/x64/bin/node ules/.bin/sh REDACTED.os 64/pkg/tool/linuconfig /usr/bin/git git (http block)

https://api.github.com/repos/githubnext/agentics/git/ref/tags/-

Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha .js' --ignore-path .prettierignore --log-level=e!../../../pkg/workflow/js/**/*.json HEAD x_amd64/vet (http block)

https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999

Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha g_.a i0dFibft1 64/pkg/tool/linux_amd64/vet GOINSECURE on GOMODCACHE 64/pkg/tool/linux_amd64/vet env -obugO3Wj GO111MODULE k GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu/tmp/go-build989487962/b114/vet.cfg (http block)

https://api.github.com/repos/nonexistent/repo/actions/runs/12345

Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a deRMpwyMD ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)

Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --show-toplevel ache/go/1.25.8/xconfig /usr/bin/git git 1/x6�� --show-toplevel git /usr/bin/git son ache/go/1.25.8/xinit /usr/bin/git git (http block)

https://api.github.com/repos/owner/repo/actions/workflows

Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE wasm.s (http block)

Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git --show-toplevel x_amd64/compile /usr/bin/git git /pre�� --show-toplevel (http block)

https://api.github.com/repos/owner/repo/contents/file.md

Triggering command: /tmp/go-build989487962/b397/cli.test /tmp/go-build989487962/b397/cli.test -test.testlogfile=/tmp/go-build989487962/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build1249348902/b192/importcfg -pack -o /tmp/go-build327-p -trimpath 64/bin/go -p main -lang=go1.25 go (http block)

Triggering command: /tmp/go-build2959144779/b397/cli.test /tmp/go-build2959144779/b397/cli.test -test.testlogfile=/tmp/go-build2959144779/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true /tmp/go-build989sh -importcfg /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp --show-toplevel -extld=gcc /usr/bin/git infocmp (http block)

https://api.github.com/repos/test-owner/test-repo/actions/secrets

Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name /tmp/go-build327-p -trimpath 64/bin/go -p github.com/githu-o -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel git /usr/bin/git --show-toplevel x_amd64/compile /usr/bin/git git /pre�� --show-toplevel git /usr/bin/git v1.0.0 x_amd64/compile /usr/bin/git git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled

Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/5912b901-d9a8-4f45-aae8-4e6671fe4594 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

…positive engine classification Agent-Logs-Url: https://github.com/github/gh-aw/sessions/5912b901-d9a8-4f45-aae8-4e6671fe4594 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR improves engine classification in the logs summary by sourcing engine usage from aw_info.json (engine_id) rather than relying on misleading lockfile string matches that can cause false-positive Copilot classification.

Changes:

Add summary.engine_counts to logs JSON output, computed from per-run aw_info.json engine_id.
Add a unit test to verify per-engine accumulation and per-run agent values.
Update audit workflow documentation to explicitly use summary.engine_counts / runs[].agent and avoid lockfile scanning.

Show a summary per file

File	Description
pkg/cli/logs_report.go	Adds `EngineCounts` to `LogsSummary` and accumulates counts from `aw_info.json` `engine_id` in `buildLogsData`.
pkg/cli/logs_report_test.go	Adds a test that builds minimal run dirs with `aw_info.json` and asserts correct `engine_counts` and per-run `agent`.
.mcp.json	Adds an MCP server configuration pointing at `gh aw mcp-server`.
.github/workflows/audit-workflows.md	Documents authoritative engine classification via `aw_info.json`-derived fields and warns against lockfile scanning.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 4/4 changed files
Comments generated: 3

Copilot · 2026-04-15T04:36:39Z

+		{Run: WorkflowRun{DatabaseID: 3, WorkflowName: "wf-copilot", LogsPath: copilotDir}},
+	}
+
+	data := buildLogsData(processedRuns, "/tmp/logs", nil)


Using a hard-coded /tmp/logs makes the test less portable (notably on Windows) and can couple it to a specific filesystem layout. Prefer using t.TempDir() (or deriving a temp output directory via filepath.Join(t.TempDir(), ...)) for the outputDir argument.

Suggested change

data := buildLogsData(processedRuns, "/tmp/logs", nil)

outputDir := t.TempDir()

data := buildLogsData(processedRuns, outputDir, nil)

Copilot · 2026-04-15T04:36:39Z

+		dir := t.TempDir()
+		awInfo := `{"engine_id":"` + engineID + `","engine_name":"Test","workflow_name":"test","created_at":"2024-01-01T00:00:00Z"}`
+		if err := os.WriteFile(filepath.Join(dir, "aw_info.json"), []byte(awInfo), 0600); err != nil {
+			t.Fatalf("Failed to write aw_info.json: %v", err)
+		}


The test constructs JSON via string concatenation, which can produce invalid JSON if engineID contains characters needing escaping (quotes, backslashes, etc.). Consider building an AwInfo (or a small struct with engine_id) and marshaling it with encoding/json to make the fixture generation robust and easier to extend.

Copilot · 2026-04-15T04:36:39Z

+	// This is the authoritative engine classification — do not infer engine type from
+	// lock file contents, which contain "copilot" in allowed-domains and source paths
+	// regardless of which engine the workflow uses.
+	engineCounts := make(map[string]int)


engineCounts is allocated unconditionally even when no runs have aw_info.json/engine_id. This is a minor but easy-to-avoid allocation: declare it as var engineCounts map[string]int and initialize it lazily the first time an agentID is encountered (and keep the existing len(engineCounts) > 0 guard, since len(nil) is 0).

Suggested change

engineCounts := make(map[string]int)

var engineCounts map[string]int

github-actions · 2026-04-15T04:39:26Z

🧪 Test Quality Sentinel Report

Test Quality Score: 60/100

⚠️ Acceptable — with suggestions

Metric	Value
New/modified tests analyzed	1
✅ Design tests (behavioral contracts)	1 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	0 (0%)
Duplicate test clusters	0
Test inflation detected	Yes — 52 test lines / 17 production lines = 3.06:1 (threshold: 2:1)
🚨 Coding-guideline violations	None

Test Classification Details

Test	File	Classification	Issues Detected
`TestBuildLogsDataEngineCountsFromAwInfo`	`pkg/cli/logs_report_test.go:917`	✅ Design	No error/edge cases; setup verbosity triggers inflation flag

Flagged Tests — Requires Review

⚠️ `TestBuildLogsDataEngineCountsFromAwInfo` (`pkg/cli/logs_report_test.go:917`)

Classification: Design test (behavioral contract) — but missing edge case coverage.

Issue 1 — No error/edge cases: The test only exercises the happy path (runs with valid aw_info.json and non-empty engine_id). The production code handles the case where agentID == "" via if agentID != "" { engineCounts[agentID]++ }, but this path is never exercised by a test.

Issue 2 — Test inflation: 52 test lines added for 17 production lines (3.06:1). The setup is substantive (real temp dirs, real file writes), so this is honest verbosity rather than copy-paste bloat — but it mechanically triggers the inflation check.

Suggested improvement: Add a table-driven sub-case for runs where aw_info.json is absent or engine_id is empty, verifying that EngineCounts stays nil (or is omitted) and no panic occurs:

// Example additional case
t.Run("run without aw_info.json is excluded from engine counts", func(t *testing.T) {
    emptyDir := t.TempDir() // no aw_info.json written
    runs := []ProcessedRun{
        {Run: WorkflowRun{DatabaseID: 99, WorkflowName: "wf-unknown", LogsPath: emptyDir}},
    }
    data := buildLogsData(runs, "/tmp/logs", nil)
    if data.Summary.EngineCounts != nil {
        t.Errorf("Expected EngineCounts to be nil when no aw_info.json present, got %v", data.Summary.EngineCounts)
    }
})

Language Support

Tests analyzed:

🐹 Go (*_test.go): 1 test — unit (//go:build !integration)
🟨 JavaScript (*.test.cjs, *.test.js): 0 tests

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%). No coding-guideline violations detected. The single new test directly verifies the behavioral contract of buildLogsData — that engine counts are derived from aw_info.json and not from lock-file string matching. Score is capped at 60 due to missing error/edge-case coverage and the mechanical inflation flag; adding the suggested edge-case sub-test would improve confidence significantly.

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

Assert on observable outputs, return values, or state changes
Cover error paths and boundary conditions
Would catch a behavioral regression if deleted
Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

Assert on internal function calls (mocking internals)
Only test the happy path with typical inputs
Break during legitimate refactoring even when behavior is correct
Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

References:

§24436557339

🧪 Test quality analysis by Test Quality Sentinel · ● 882.6K · ◷

github-actions

✅ Test Quality Sentinel: 60/100. Test quality is acceptable — 0% of new tests are implementation tests (threshold: 30%). The new TestBuildLogsDataEngineCountsFromAwInfo test directly verifies the behavioral contract of the fix. See the comment above for a suggested edge-case addition that would strengthen coverage further.

Initial plan

d79f8c2

Copilot AI assigned Copilot and pelikhan Apr 15, 2026

Copilot started work on behalf of pelikhan April 15, 2026 03:52 View session

Copilot AI linked an issue Apr 15, 2026 that may be closed by this pull request

audit-workflows: agent incorrectly classifies all workflows as Copilot-engine due to false positive string matching #26345

Closed

Copilot AI and others added 2 commits April 15, 2026 04:00

Initial plan: add engine counts to LogsSummary and update audit workflow

e09317b

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/5912b901-d9a8-4f45-aae8-4e6671fe4594 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

fix: add engine_counts to LogsSummary from aw_info.json to fix false …

7d352a5

…positive engine classification Agent-Logs-Url: https://github.com/github/gh-aw/sessions/5912b901-d9a8-4f45-aae8-4e6671fe4594 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI changed the title ~~[WIP] Fix incorrect classification of workflows in audit agent~~ fix: add engine_counts to logs summary using aw_info.json, preventing false-positive Copilot classification Apr 15, 2026

Copilot AI requested a review from pelikhan April 15, 2026 04:18

Copilot finished work on behalf of pelikhan April 15, 2026 04:18

pelikhan marked this pull request as ready for review April 15, 2026 04:33

Copilot AI review requested due to automatic review settings April 15, 2026 04:33

pelikhan merged commit f3831d8 into main Apr 15, 2026
67 checks passed

pelikhan deleted the copilot/fix-audit-workflows-engine-classification branch April 15, 2026 04:34

Copilot started reviewing on behalf of pelikhan April 15, 2026 04:34 View session

Copilot AI reviewed Apr 15, 2026

View reviewed changes

github-actions Bot mentioned this pull request Apr 15, 2026

[aw] No-Op Runs #25214

Closed

github-actions Bot approved these changes Apr 15, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: add engine_counts to logs summary using aw_info.json, preventing false-positive Copilot classification#26359

fix: add engine_counts to logs summary using aw_info.json, preventing false-positive Copilot classification#26359
pelikhan merged 3 commits intomainfrom
copilot/fix-audit-workflows-engine-classification

Copilot AI commented Apr 15, 2026 •

edited

Loading

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI Apr 15, 2026

Uh oh!

Copilot AI Apr 15, 2026

Uh oh!

Copilot AI Apr 15, 2026

Uh oh!

github-actions Bot commented Apr 15, 2026

Uh oh!

github-actions Bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

	data := buildLogsData(processedRuns, "/tmp/logs", nil)
	outputDir := t.TempDir()
	data := buildLogsData(processedRuns, outputDir, nil)

	engineCounts := make(map[string]int)
	var engineCounts map[string]int

Conversation

Copilot AI commented Apr 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Copilot's findings

Uh oh!

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

Uh oh!

github-actions Bot commented Apr 15, 2026

🧪 Test Quality Sentinel Report

Test Quality Score: 60/100

Test Classification Details

Flagged Tests — Requires Review

⚠️ TestBuildLogsDataEngineCountsFromAwInfo (pkg/cli/logs_report_test.go:917)

Language Support

Verdict

Uh oh!

github-actions Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Copilot AI commented Apr 15, 2026 •

edited

Loading

⚠️ `TestBuildLogsDataEngineCountsFromAwInfo` (`pkg/cli/logs_report_test.go:917`)