[copilot-opt] Enforce MCP-only GitHub reads by removing direct gh API paths#27358
Merged
[copilot-opt] Enforce MCP-only GitHub reads by removing direct gh API paths#27358
gh API paths#27358Conversation
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/b3f82ac8-e539-4cb1-97c1-8206c80ba823 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Enforce MCP-only GitHub API access for Copilot agents
[copilot-opt] Enforce MCP-only GitHub reads by removing direct Apr 20, 2026
gh API paths
pelikhan
approved these changes
Apr 20, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Tightens Copilot optimization workflow guidance and tool allowlists to prevent direct GitHub CLI API reads (gh api / gh pr list), aiming to route GitHub reads through MCP github tools to avoid firewall-blocked api.github.com access.
Changes:
- Removed
gh ...patterns from shared workflow bash tool allowlists used by Copilot analysis workflows. - Added explicit “MCP-only GitHub reads” guidance to
copilot-optprompt andAGENTS.md. - Recompiled lock workflows to reflect updated shared imports / allowlists.
Show a summary per file
| File | Description |
|---|---|
AGENTS.md |
Adds policy guidance disallowing direct gh API reads in agent prompts; minor formatting tweak. |
.github/workflows/shared/copilot-session-data-fetch.md |
Removes gh api / gh agent-task from bash allowlist. |
.github/workflows/shared/copilot-pr-data-fetch.md |
Removes gh pr list / gh api from bash allowlist. |
.github/workflows/copilot-opt.md |
Adds a hard requirement to avoid direct gh API reads and use MCP github tools instead. |
.github/workflows/copilot-opt.lock.yml |
Recompiled output: removes agent allowlist entries for shell(gh ...) and updates generated identifiers. |
.github/workflows/copilot-session-insights.lock.yml |
Recompiled output: updates generated identifiers. |
.github/workflows/prompt-clustering-analysis.lock.yml |
Recompiled output: updates generated identifiers. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 7/7 changed files
- Comments generated: 4
Comment on lines
15
to
21
| tools: | ||
| cache-memory: | ||
| key: copilot-session-data | ||
| bash: | ||
| - "gh api *" | ||
| - "gh agent-task *" | ||
| - "jq *" | ||
| - "/tmp/gh-aw/jqschema.sh" | ||
| - "mkdir *" |
Comment on lines
1
to
8
| --- | ||
| tools: | ||
| cache-memory: | ||
| key: copilot-pr-data | ||
| bash: | ||
| - "gh pr list *" | ||
| - "gh api *" | ||
| - "jq *" | ||
| - "/tmp/gh-aw/jqschema.sh" | ||
| - "mkdir *" |
Comment on lines
68
to
71
| ## Hard Requirements | ||
|
|
||
| 0. **Never use direct GitHub CLI API reads** (`gh api`, `gh repo view`, `gh pr list`) in analysis steps. Use MCP `github` tools for GitHub reads. | ||
| 1. Process **all available sessions** in the last 14 days (deterministic; no sampling unless data is too large to load in one pass). |
Comment on lines
739
to
743
| # --allow-tool shell(date) | ||
| # --allow-tool shell(echo) | ||
| # --allow-tool shell(find *) | ||
| # --allow-tool shell(gh agent-task *) | ||
| # --allow-tool shell(gh api *) | ||
| # --allow-tool shell(gh pr list *) | ||
| # --allow-tool shell(git:*) | ||
| # --allow-tool shell(grep) |
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Copilot optimization workflows were allowing direct GitHub CLI API usage (
gh api/gh pr list), which can bypass MCP and hit firewall-blockedapi.github.compaths, degrading analysis quality. This change tightens workflow/tool configuration so GitHub reads are routed through MCPgithubtools only.Workflow guardrail: remove direct
ghAPI shell permissionsgh api *gh pr list *gh agent-task *.github/workflows/shared/copilot-session-data-fetch.md.github/workflows/shared/copilot-pr-data-fetch.mdPrompt/policy clarity: explicit MCP-only instruction
copilot-optworkflow prompt to forbid direct CLI GitHub reads.gh api/gh repo view/gh pr listin agent prompts for GitHub reads; require MCPgithubtools instead..github/workflows/copilot-opt.mdAGENTS.mdCompiled output alignment
shell(gh ...)entries inherited from shared imports..github/workflows/copilot-opt.lock.yml.github/workflows/copilot-session-insights.lock.yml.github/workflows/prompt-clustering-analysis.lock.ymlWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name aw.test GOINSECURE e/jsonschema-go/rev-parse GOMODCACHE aw.test 0486�� se 8625623/b019/vet.cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh repo view owner/repo env 1393055/b218/_pkg_.a .cfg .cfg GOINSECURE g/x/text/unicodeconfig GOMODCACHE ache/go/1.25.8/xTest User(http block)/usr/bin/gh gh repo view owner/repo env 1897328528 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE g/x/text/unicoderev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuorigin 1393�� 4695/001/stability-test.md YknE/_O2drKQQrICaTWjRYknE .cfg - GOWORK 64/bin/go ache/go/1.25.8/x64/pkg/tool/linuorigin(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json gset/set.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go lk-memory gh-aw.wasm -o gh-aw.opt.wasm && \ mv gh-aw.opt.wasm gh-aw.wasm; \ AFTER=$(wc -c < g GOMOD GOMODCACHE go env 79d3de8051cb52ea-d GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv download 12346 /usr/bin/infocmp test-logs/run-12git GO111MODULE 64/pkg/tool/linu--show-toplevel infocmp -1 xterm-color 64/pkg/tool/linux_amd64/vet /usr/bin/git 1897328528 ahb4/lZep-2Miwczinstall 64/pkg/tool/linu--package-lock-only git(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE ode git rev-�� --show-toplevel go /usr/bin/git 3935949918/.gith/opt/hostedtoolcache/node/24.14.1/x64/bin/npm GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.github/workflows/approach-validator.md rev-parse /usr/bin/git -json GO111MODULE x_amd64/vet git init�� GOMODCACHE x_amd64/vet /usr/bin/git with-tools.md GO111MODULE x_amd64/vet git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv ons-test3151294635 go ow-without-reaction.lock.yml ays.md GO111MODULE /node git -C /tmp/compile-all-instructions-test-945044671/.github/workflows remote /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json GO111MODULE 64/bin/go /opt/hostedtoolcache/node/24.14.1/x64/bin/node(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv se 8625623/b108/vet.cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p weak -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -o /tmp/go-build2471393055/b191/_pkg_.a -trimpath 8625623/b416/envutil.test -p crypto/x509/pkixrev-parse -lang=go1.25 8625623/b416/envutil.test(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url /usr/bin/git 43/001/test-frongit 8625623/b095/vetrev-parse .cfg git rev-�� --show-toplevel ache/go/1.25.8/x^remote\..*\.gh-resolved$ /usr/bin/git 1393055/b174/impgit -trimpath ache/go/1.25.8/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile 86_64/node /tmp/go-build404git -trimpath ache/node/24.14.--show-toplevel git 1/x6�� --show-toplevel /usr/lib/git-core/git /usr/bin/git bility_SameInputgit --revs /usr/bin/git git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /tmp/gh-aw-test-runs/20260420-141109-57868/test-.artifacts[].name config .test remote.origin.urgit -nolocalimports -importcfg .test lope�� /repos/actions/github-script/git/ref/tags/v9 --jq om/other/repo.git -json GO111MODULE 64/bin/go node(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv UpdateDiscussionFieldEnforcement3302139577/001 -buildtags ache/node/24.14.1/x64/bin/node -errorsas -ifaceassert -nilfunc ache/node/24.14.1/x64/bin/node s-53�� b.actor }}, Repo: ${{ github.repository }} my-default e/git -json GO111MODULE 64/bin/go e/git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuupstream /usr/bin/git Onlymin-integritgit 8625623/b253/vetrev-parse ache/go/1.25.8/xHEAD git rev-�� tags/v3 ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet sv approach-validatgit -trimpath /opt/hostedtoolc--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel resolved$ /usr/bin/git OKEN }} GO111MODULE .cfg git rev-�� --show-toplevel go /usr/bin/git ExpressionCompilgit GO111MODULE ache/go/1.25.8/x--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v9/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/vet GOINSECURE xcontext GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile byte�� bytealg/indexbyt-p GO111MODULE x_amd64/vet GOINSECURE GOMOD sm_wasm.s x_amd64/vet(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel /home/REDACTED/work/gh-aw/gh-aw/scripts/lint_error_messages_test.go /usr/bin/git Elygkb-do .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/infocmp -json om/google/jsonscrev-parse 64/pkg/tool/linu--show-toplevel infocmp(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json a x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE tions/setup/node--show-toplevel git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/vet /usr/bin/git ortcfg .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel xf9qL--/YcBrNqCW-test.v=true /usr/bin/git ty-test.md GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git 33/001/test-emptgit GO111MODULE tions/setup/js/n--show-toplevel git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv v1.0.0 -q ache/node/24.14.1/x64/bin/node go1.25.8 -c=4 -nolocalimports git t-27�� k/gh-aw/gh-aw/.github/workflows/agent-performance-analyzer.md remote ache/node/24.14.1/x64/bin/node -json 1.5.0/internal/jrev-parse x_amd64/compile ache/node/24.14.1/x64/bin/node(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv runs/20260420-142154-85360/test-2192946788 -trimpath /usr/bin/git -p main -lang=go1.25 git rev-�� --show-toplevel -goversion /usr/bin/git -c=4 -nolocalimports -importcfg git(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv 390a9dd0..HEAD st/suppress-warnings.cjs $name) { hasDiscussionsEnabled } } node --conditions run-script/lib/ngit config user.name 'Test User' st/dist/workers/forks.js show�� --verify 390a9dd0..HEAD in/git -m patch /git 8XwrPPr/piulHdHMconfig(http block)/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv ple.com" --quiet tions/setup/js/node_modules/.bin/git token-test.txt /usr/lib/git-coradd ode-gyp-bin/node. git show�� 390a9dd0..HEAD 9fc60ac071d7ea29390a9dd0 1/x64/bin/node -m patch odules/npm/node_graphql 1/x64/bin/node(http block)/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv /home/REDACTED/work/gh-aw/gh-aw/.gremote.origin.url config $name) { hasDiscussionsEnabled } } remote.origin.uriptables --quiet DiscussionsEnabl-t git -C ithub/workflows config r.lock.yml remote.origin.urgit git DiscussionsEnabl/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/vet /usr/bin/git y-frontmatter.mdgit GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linuremote /usr/lib/git-core/git itcustom_branch1git itcustom_branch1rev-parse 64/pkg/tool/linu--show-toplevel /usr/lib/git-core/git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE ode git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv sistency_InlinedImports3422643344/001/inlined-a.md x_amd64/compile /usr/bin/git -json ase64.go x_amd64/compile git 8625�� runs/20260420-141109-57868/test-647767217 8625623/b449/_testmain.go /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json GO111MODULE x_amd64/compile node(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv runs/20260420-142154-85360/test-1579167052/.github/workflows log /usr/lib/git-core/git-receive-pack --format=%H:%ct GO111MODULE 64/bin/go git-receive-pack /tmp�� GOMODCACHE go /usr/bin/git -json GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv sistency_KeyOrdering539234141/001/test1.md x_amd64/asm /usr/bin/gh -json GO111MODULE x_amd64/asm gh api /repos/actions/github-script/git/ref/tags/v9 --jq /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json GO111MODULE x_amd64/compile node(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv GOOS=js GOARCH=wasm go build -ldflags="-w -s" -o gh-aw.wasm ./cmd/gh-aw-wasm l /usr/lib/git-core/git -json GO111MODULE 64/bin/go /usr/lib/git-core/git main�� run --auto /usr/bin/git --detach GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name om/modelcontextprotocol/go-sdk@v1.5.0/internal/x-ifaceassert 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2299430624/.github/workflows 3zY_/HcUWNrRjpCKdAR9m3zY_ x_amd64/compile GOINSECURE contextprotocol/remote GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE ntio/encoding/isrev-parse ache/go/1.25.8/x--git-dir 64/pkg/tool/linux_amd64/vet env 1393055/b244/_pkg_.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-buildmode=exe GOINSECURE t/internal/numbeinit GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-extld=gcc(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name sh sv npx prettier --wgit git 64/bin/go go test�� runs/20260420-142154-85360/test-2776303994 -parallel=4 flows/test-expires.lock.yml -run=^Test ./... -short git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE fips140 GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1393055/b218/_pkg_.a .cfg .cfg GOINSECURE g/x/text/unicodeconfig GOMODCACHE ache/go/1.25.8/xTest User(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env ternal/tools/actions-build/main.go GO111MODULE eutil.test GOINSECURE l GOMODCACHE eutil.test(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GOPROXY /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -o runs/20260420-142154-85360/test-2192946788 -trimpath /opt/hostedtoolcache/node/24.14.1/x64/bin/node l main -lang=go1.25 node(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1393055/b207/_pkg_.a GO111MODULE .cfg GOINSECURE g/x/crypto/chachinit 1393055/b092/symabis ache/go/1.25.8/x64/pkg/tool/linux_amd64/link(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/hmac GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1897328528 ahb4/lZep-2MiwczJtV1iahb4 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuremote.origin.url(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GOPROXY /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile l GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/xTest User -o runs/20260420-142154-85360/test-2192946788 -trimpath /usr/bin/git -p main -lang=go1.25 git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name om/modelcontextprotocol/go-sdk@v1.5.0/jsonrpc/js-ifaceassert 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE Vgol9MA/jtMHmSR1PwQ4sKWnT8ry env 2299430624/.github/workflows taK6/ikh7gQ1RReQdq87ptaK6 64/pkg/tool/linux_amd64/vet GOINSECURE a95/uritemplate/config GOMODCACHE 64/pkg/tool/linuTest User(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140cache GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1429003124/custom/workflows bmPh/U3cD-KndS88JWpi-bmPh ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE t/message GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name sh /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet npx prettier --wgit git 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� k/gh-aw/gh-aw/.github/workflows -buildtags /usr/lib/git-core/git -errorsas -ifaceassert -nilfunc /usr/lib/git-core/git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name om/yosida95/urit-c=4 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env 2299430624 oYmy/n_pwg_VDfKQLamLkoYmy 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/nistec/frev-parse ache/go/1.25.8/x--show-toplevel 64/pkg/tool/linux_amd64/vet env 1393055/b246/_pkg_.a mW0N/BDDpIqgj5QBgNtEbmW0N ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE t/message/catalorev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name sh ache/node/24.14.1/x64/bin/node npx prettier --wgit git 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm t-33�� k/gh-aw/gh-aw/.github/workflows/archie.md go /bin/sh -json GO111MODULE 64/bin/go /bin/sh(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name dE5S/nPvk3w7LQzW_3ywvdE5S 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env til.go til_test.go ger.test GOINSECURE t/internal/tag GOMODCACHE ger.test(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE 1393055/b012/equrev-parse ache/go/1.25.8/x--show-toplevel 64/pkg/tool/linux_amd64/vet env 1393055/b247/_pkg_.a cYAj/2RoSUfAH8dMcuiX4cYAj ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE t/internal GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-buildtags(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name sh(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name rg/x/text@v0.36.0/internal/tag/tag.go 64/pkg/tool/linux_amd64/vet GOINSECURE hlite 1393055/b013/symgithub.event.inputs.branch 64/pkg/tool/linux_amd64/vet env 1393055/b241/_pkg_.a _zAe/m6K4S-499xrKjIdi_zAe 64/pkg/tool/linux_amd64/compile GOINSECURE t/internal/langurev-parse GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 .cfg 64/pkg/tool/linu-importcfg GOINSECURE fips140hash GOMODCACHE 64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/pkg/typeutil/convert_test.go env 1429003124/custom/workflows _cnJ/4Be12s2Y-OeyZeOx_cnJ ck GOINSECURE t/feature/pluralrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu/tmp/file-tracker-test754713525/test2.lock.yml(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name sh ache/node/24.14.1/x64/bin/node npx prettier --wgit k/_temp/copilot-rev-parse 64/bin/go gcc t-19�� k/gh-aw/gh-aw/.github/workflows/archie.md c /usr/lib/git-core/git - GO111MODULE CgoFiles,CXXFile--show-toplevel /usr/lib/git-core/git(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build4048625623/b422/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/gitutil/gitutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/gitutil/gitutil_test.go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env ithub/workflows GO111MODULE x_amd64/compile GOINSECURE fips140/hkdf 1393055/b078/sym--show-toplevel x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md/tmp/go-build4048625623/b403/cli.test /tmp/go-build4048625623/b403/cli.test -test.testlogfile=/tmp/go-build4048625623/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/tmp/go-build1587125537/b403/cli.test /tmp/go-build1587125537/b403/cli.test -test.testlogfile=/tmp/go-build1587125537/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git math pkg/mod/github.crev-parse ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git CompiledOutput14ls -trimpath tartedAt,updated/tmp/gh-aw/aw-feature-branch.patch git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE k/gh-aw/gh-aw/ac--show-toplevel git rev-�� 538197/001 go /usr/bin/git ck '**/*.cjs' '*ls GO111MODULE .cfg git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv fq9m/dOvw0liy9-ZbDdQ2fq9m .cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet 1393�� /tmp/go-build2471393055/b037/_pkg_.a pkg/mod/github.com/goccy/go-yaml@v1.19.2/ast/ast-c=4 ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p internal/synctesrev-parse -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv ./cmd/gh-aw GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go _bra�� -json GO111MODULE es/.bin/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet 3119�� -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env g_.a GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env Gitmain_branch2103119434/001' Gitmain_branch2103119434/001' x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env lGitmain_branch2103119434/001' lGitmain_branch2103119434/001' x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 090359942/001 090359942/002/work 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv 2379221424/001 .cfg ache/go/1.25.8/x64/pkg/tool/linu-lang=go1.25 GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-dwarf=false(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json a x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2379221424/001 .cfg k GOINSECURE b/gh-aw/tmp GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linurev-parse(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion -json GO111MODULE 64/bin/go git clon�� /tmp/TestParseDefaultBranchFromLsRemoteWithRealGitcustom_branch3remote.origin.url(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo -nolocalimports -importcfg /tmp/go-build4048625623/b419/importcfg -pack /tmp/go-build4048625623/b419/_testmain.go env -json age/compact/comp-ifaceassert x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh workflow list --repo owner/repo --json name,path,state 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile conf�� 43/001/test-inlined-imports-enabled-with-body-content.md b24G/6nfC8zN5c6kASggpb24G .cfg GOSUMDB GOWORK 64/bin/go ache/go/1.25.8/x--json(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json ag.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env bc7f2f482b156bc9-d GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/test/repo/usr/bin/gh gh api /repos/test/repo --jq .default_branch 1393055/b244/_pkg_.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-buildmode=exe GOINSECURE t/internal/numbeinit GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-extld=gcc(http block)/usr/bin/gh gh api /repos/test/repo --jq .default_branch --show-current go /usr/bin/git json' --ignore-pgit GO111MODULE 64/bin/go git conf�� --get remote.origin.url /usr/bin/git 90293/001 GO111MODULE x_amd64/vet git(http block)invalid.example.invalid/usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git git conf�� user.name lure tions/setup/js/node_modules/.bin/git -M main /usr/sbin/git git init�� --bare --initial-branch=main k/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/git '/tmp/bare-incregit '/tmp/bare-increadd cal/bin/git git(dns block)If you need me to access, download, or install something from one of these locations, you can either: