Align Gemini AWF proxy auth with gh-aw-firewall (remove unsupported GOOGLE_API_KEY mapping)

[Copilot]

Smoke Gemini failures were reviewed against github/gh-aw-firewall source, and this PR was corrected to match the firewall’s actual Gemini auth behavior.

The previous approach in this PR assumed a key-name mismatch and added GEMINI_API_KEY -> GOOGLE_API_KEY mirroring. After investigation, that assumption was incorrect for AWF: the API proxy sidecar uses GEMINI_API_KEY for Gemini authentication.

Changes Made

• Reverted unsupported compatibility logic in pkg/workflow/gemini_engine.go:
  • Removed mirroring of GEMINI_API_KEY into GOOGLE_API_KEY
  • Removed GOOGLE_API_KEY from Gemini required secret handling
  • Removed GOOGLE_API_KEY from AWF --exclude-env set for Gemini
• Reverted related tests in pkg/workflow/gemini_engine_test.go that asserted GOOGLE_API_KEY behavior.
• Kept a minor comment punctuation cleanup.

Validation

• ✅ Targeted Gemini workflow tests in pkg/workflow pass.
• ✅ Parallel validation completed (Code Review + CodeQL; no remaining actionable findings).
• ⚠️ make agent-finish still reports an existing unrelated timeout in pkg/cli (TestFetchIncludeFromSource_SectionExtraction).

[github-actions]

Hey @Copilot 👋 — great work tracking down this key-name mismatch in the Gemini AWF proxy auth flow! The fix is clean, well-scoped, and the new test coverage for mirroring, explicit override, and --exclude-env is exactly what's needed here.

This PR looks ready for maintainer review. 🟢

Generated by Contribution Check · ● 1.8M · ◷

[pelikhan]

@copilot review this fix by investigating the gh-aw-firewall sources

[Copilot]

@copilot review this fix by investigating the gh-aw-firewall sources

Reviewed against github/gh-aw-firewall source: the API proxy sidecar reads GEMINI_API_KEY for Gemini auth (not GOOGLE_API_KEY), so I reverted the unsupported mapping/exclude behavior in this PR. Fix commit: 0fab7f5 (plus follow-up review nit: 3f05512).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw om/santhosh-tekurev-parse ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 2536-32518/test-git DUdE/2oEXO76xEThrev-parse 5967381/b235=> git (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE ache/go/1.25.8/x-lang=go1.25 GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE y.s (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/infocmp -json GO111MODULE 64/pkg/tool/linu--show-toplevel infocmp -1 xterm-color 64/pkg/tool/linu--auto /usr/bin/git g_.a GOPROXY 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git -C /tmp/gh-aw-test-runs/20260416-062536-32518/test-3455393029/custom/workflows config om/org1/repo1.git remote.origin.urgit GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv util.test 0kiaYELPw ortcfg.link GOINSECURE eader GOMODCACHE fEmuZxTCue0RDK6B^remote\..*\.gh-resolved$ env ortcfg vce9/Iw7fHw9tzQV_56Gjvce9 g_.a GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/git l.go l_test.go 64/pkg/tool/linu--show-toplevel git rev-�� it/ref/tags/v4 64/pkg/tool/linux_amd64/compile sv g_.a RR0X2oXnN x_amd64/link git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel /opt/hostedtoolcache/go/1.25.8/x-importcfg /usr/bin/git licyMinIntegritygit -trimpath Name,createdAt,s--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x-extld=gcc /usr/bin/git -bool l ache/node/24.14.--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linu/tmp/file-tracker-test1214991156/test2.lock.yml /usr/bin/git sRemoteWithRealGgit sRemoteWithRealGcommit ache/go/1.25.8/x-m git rev-�� --show-toplevel ache/go/1.25.8/x3 /usr/bin/git 9/001/inlined-b.git edcfg ache/go/1.25.8/x--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build1165967381/b240/importcfg -pack /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.36.0/language/coverage.go env -json o 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv om/owner/repo.git origin /usr/bin/git rity1721637857/0git GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json @v1.1.3/internalrev-parse 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /github.com/owner/repo.git remote.origin.url /usr/bin/git ay_c796705642/00git GO111MODULE nch,headSha,disp--show-toplevel git rev-�� --show-toplevel x_amd64/link /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv MXPe/V3UXrS-TvBuLWs_1MXPe stmain.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/link -p main -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/link 8815�� 8815877/b450/timeutil.test 8815877/b425/_testmain.go 8815877/b450/importcfg.link ntent.md -c=4 -nolocalimports W0VPsKVyXPZlC/uItd0r7K0_37SYBDlan2/iZ31c6N3UWAhfWKKjjpb/pnOHWmOW0VPsKVyXPZlC (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv GOMODCACHE x_amd64/compile /usr/bin/git repo3562561215/0git GO111MODULE 64/bin/go git init�� GOMODCACHE go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv sistency_GoAndJavaScript3165329754/001/test-frontmatter-with-env-template-expressions.md -trimpath /usr/bin/infocmp -p github.com/githurev-parse -lang=go1.25 infocmp -1 ErrorFormatting1094348688/001 -goversion /usr/bin/git -c=4 -nolocalimports -importcfg git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv sistency_GoAndJavaScript3165329754/001/test-complex-frontmatter-with-tools.md -test.v=true /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� ErrorFormatting1094348688/001 -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name 0/language/coverage.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile env 3784491220 sYAOo28ie ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE util GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 rotocol/go-sdk@v1.5.0/oauthex/auth_meta.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env til.go til_test.go ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE go-sdk/auth GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name 0/internal/tag/tag.go 64/pkg/tool/linux_amd64/compile -prune -type f 64/pkg/tool/linux_amd64/compile env g_.a 5-yTJqrnP x_amd64/compile GOINSECURE age GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GOPROXY 64/pkg/tool/linux_amd64/compile GOSUMDB GOWORK abis 64/pkg/tool/linutest@example.com env g_.a KjIdi_zAe 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GOPROXY 64/pkg/tool/linux_amd64/compile GOSUMDB GOWORK tions/node_modul--show-toplevel 64/pkg/tool/linux_amd64/compile env g_.a uVfRvwDwi /opt/hostedtoolcache/go/1.25.8/x-nilfunc GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 ohNRO1y8b 64/pkg/tool/linux_amd64/compile GOSUMDB GOWORK tions/setup/node--git-dir 64/pkg/tool/linux_amd64/compile env g_.a sNGC5r73k x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name l.go 64/pkg/tool/linux_amd64/compile GOSUMDB GOWORK ache/go/1.25.8/xGOMODCACHE 64/pkg/tool/linux_amd64/compile env 3784491220 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-lang=go1.25 GOINSECURE age/compact GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 5.0/deviceauth.go 64/pkg/tool/linux_amd64/compile GOINSECURE 64 GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE go-sdk/oauthex GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name til.go 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD abis 64/pkg/tool/linu/tmp/go-build3258815877/b450/_testmain.go env 3784491220 bt7zDc9ZF 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE o8601 abis 64/pkg/tool/linuTest User env 1360831587/.github/workflows ortcfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE flow GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name 0/internal/language/compact/compact.go 64/pkg/tool/linux_amd64/compile GOSUMDB essage 64/src/internal/user.name 64/pkg/tool/linuTest User env 3784491220 ke8fejfLv ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 rotocol/go-sdk@v1.5.0/auth/auth.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile env g_.a NG8R67gve 64/pkg/tool/linux_amd64/compile GOINSECURE go-sdk/mcp GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name 4/apic.go 64/pkg/tool/linu-importcfg GOINSECURE GOMOD abis 64/pkg/tool/linutest@example.com 64/s�� 3784491220 k1Ubnk-ff ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 glpNKSOQr 64/pkg/tool/linux_amd64/compile --print-foreign-node tants ache/go/1.25.8/x/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/agent-performance-analyzer.md 64/pkg/tool/linux_amd64/compile env g_.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build3258815877/b414/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE x_amd64/compile GOINSECURE Sc/FW0TcVMjZbPcf-C GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/compile env l.go l_test.go 64/pkg/tool/linux_amd64/compile GOINSECURE nal/poly1305 GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json Ffi6x77fi 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git ortcfg GO111MODULE .cfg git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv g_.a dtNyzpRaw x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile 2588�� ortcfg v4b3viMTA x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile 6808�� -json go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv xec.js (or misc/-s GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile 6808�� -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv g_.a Fs27lbYse 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a S-MkVro-o ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE tants GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE er GOMODCACHE 64/pkg/tool/linux_amd64/vet env PefC8rlji GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build3258815877/b400/cli.test /tmp/go-build3258815877/b400/cli.test -test.testlogfile=/tmp/go-build3258815877/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build1165967381/b224/importcfg -pack env -json GO111MODULE ache/go/1.25.8/x-lang=go1.25 GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE ache/go/1.25.8/x-lang=go1.25 GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)