feat: add --stdin flag to logs and audit commands

[Copilot]

Summary

Adds a --stdin flag to both gh aw logs and gh aw audit commands that reads workflow run IDs or URLs from stdin (one per line), bypassing the GitHub API run-discovery step.

Usage

# logs: provide run IDs from stdin
echo -e "1234567890\n9876543210" | gh aw logs --stdin

# logs: from a file
cat run-ids.txt | gh aw logs --stdin

# logs: with filtering flags still work
cat run-ids.txt | gh aw logs --stdin --engine claude --json

# audit: provide run IDs from stdin
echo "1234567890" | gh aw audit --stdin

# audit: multiple runs (diff mode)
echo -e "1234567890\n9876543210" | gh aw audit --stdin

# GHES or cross-repo runs by plain ID (requires --repo)
echo "1234567890" | gh aw logs --stdin --repo github.example.com/owner/repo

Stdin format:

• One run ID or URL per line
• Blank lines and lines starting with # are ignored
• Accepts the same formats as positional args: numeric IDs, GitHub Actions run URLs, job URLs, GHES URLs

Changes

• pkg/cli/stdin.go — New readRunIDsFromStdin() helper that reads and trims lines from any io.Reader
• pkg/cli/stdin_test.go — Unit tests covering all edge cases (blank lines, comments, URLs, trimming)
• pkg/cli/logs_orchestrator.go — Extracted renderLogsOutput() shared helper from DownloadWorkflowLogs; added DownloadWorkflowLogsFromStdin() that fetches metadata per run ID and processes them through the same filter/render pipeline; --repo now supports [HOST/]owner/repo format with the parsed host plumbed through to metadata fetch and artifact download
• pkg/cli/logs_run_processor.go — downloadRunArtifactsConcurrent now parses [HOST/]owner/repo from the global --repo override and, when no override is set, derives per-run owner/repo/host from run.URL so stdin inputs from different repositories or GHES instances download artifacts correctly
• pkg/cli/logs_command.go — Added --stdin flag; when set, reads from stdin and calls DownloadWorkflowLogsFromStdin; positional workflow-name arg is disallowed when --stdin is used
• pkg/cli/audit.go — Added --stdin flag; changed cobra.MinimumNArgs(1) to cobra.ArbitraryArgs with custom validation that accepts either positional args or --stdin (but not both)
• pkg/cli/logs_command_test.go — Tests for --stdin flag registration and positional-arg conflict validation
• pkg/cli/audit_test.go — Tests for --stdin flag registration, positional-arg conflict, and no-args error

Notes

• --stdin and positional arguments are mutually exclusive on both commands
• For logs --stdin, date/count/workflow-name filtering flags are ignored (the provided run list is used directly); content filters (--engine, --firewall, --safe-output, etc.) still apply
• For numeric-only run IDs without embedded owner/repo context, --repo [HOST/]owner/repo is required; omitting it returns a clear error message
• Full run URLs (e.g. https://github.com/owner/repo/actions/runs/…) carry their own repo context and do not require --repo; mixed inputs from different repos are supported

[Copilot]

Pull request overview

Adds --stdin support to gh aw logs and gh aw audit, allowing workflow run IDs/URLs to be streamed via stdin to bypass API run discovery.

Changes:

• Added readRunIDsFromStdin(io.Reader) helper + unit tests for trimming/blank/comment handling.
• Added --stdin flag handling to logs and audit commands with mutual-exclusion validation vs positional args.
• Refactored logs rendering into a shared renderLogsOutput helper and introduced DownloadWorkflowLogsFromStdin orchestration.

Show a summary per file

File	Description
pkg/cli/stdin.go	New stdin reader helper for run IDs/URLs.
pkg/cli/stdin_test.go	Unit tests for stdin parsing edge cases.
pkg/cli/logs_orchestrator.go	Extracts output rendering helper; adds stdin-based logs download path.
pkg/cli/logs_command.go	Adds --stdin flag and routes to stdin-based logs orchestration.
pkg/cli/audit.go	Adds --stdin flag and updates argument validation to allow stdin-fed inputs.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

pkg/cli/logs_command.go:153

• In the --stdin path, the --after cache-cleanup flag is never read/applied (it is only passed to DownloadWorkflowLogs in the non-stdin path). As a result, gh aw logs --stdin --after ... silently ignores cleanup. Consider either (a) reading --after here and performing the same cleanup logic as DownloadWorkflowLogs, (b) adding an after parameter to DownloadWorkflowLogsFromStdin, or (c) erroring/warning when --after is set alongside --stdin.

				return DownloadWorkflowLogsFromStdin(cmd.Context(), runURLs, outputDir, engine, repoOverride, verbose, toolGraph, noStaged, firewallOnly, noFirewall, parse, jsonOutput, timeout, summaryFile, safeOutputType, filteredIntegrity, train, format, artifacts)

• Files reviewed: 5/5 changed files
• Comments generated: 5

[Copilot]

When stdin provides a numeric run ID (no embedded owner/repo) and --repo is not set, ownerOverride/repoNameOverride remain empty and this path falls back to fetchWorkflowRunMetadata with no repo context. That typically fails with a generic "Could not resolve" error from gh api. It would be more user-friendly to detect this case (owner=="" and override empty) and return an explicit error telling the user to pass --repo owner/repo (or provide full run URLs).

Suggested change

	}
	}
	if owner == "" {
	return fmt.Errorf("run %q does not include repository information; pass --repo owner/repo or provide full run URLs", rawURL)
	}

[Copilot]

Artifact downloads here are driven only by the single repoOverride string passed into downloadRunArtifactsConcurrent, but stdin inputs can include full run URLs (and GHES hosts) that may not match the current repo or --repo. Because downloadRunArtifactsConcurrent ultimately calls gh run download without per-run -R/--hostname, runs from other repos/hosts will fail to download even though metadata parsing succeeded. Consider extending the download pipeline to carry owner/repo/host per run (or explicitly reject mixed/implicit repo contexts and require --repo when stdin inputs aren't for the current repo).

[Copilot]

The new --stdin execution path adds non-trivial argument validation (mutual exclusion with positional args) and stdin parsing behavior, but there are no command-level tests asserting these behaviors. Since this repo already has CLI flag/command tests (e.g., pkg/cli/logs_command_test.go), consider adding coverage to verify: logs --stdin rejects positional args, reads multiple lines (ignoring blanks/comments), and wires through to the stdin download path.

This issue also appears on line 153 of the same file.

[Copilot]

The --stdin branch adds new validation and stdin ingestion for audit (mutual exclusion with positional args, empty-stdin handling), but there are no unit tests covering these CLI behaviors. Since the repo already tests many command surfaces, consider adding tests that verify: audit --stdin rejects positional args, errors when neither args nor stdin are provided, and correctly uses stdin lines as args for both single-run and diff modes.

[Copilot]

repoOverride parsing here only supports owner/repo, but the --repo flag advertises [HOST/]owner/repo (see pkg/cli/flags.go:26). This means values like github.example.com/owner/repo will be mis-parsed and can lead to incorrect API/CLI calls. Consider parsing 2 or 3 path segments (host optional) and updating the validation error message accordingly; also plumb the parsed host through to the metadata/artifact download steps.

[github-actions]

Commit pushed: 6df9323

🏗️ ADR gate enforced by Design Decision Gate 🏗️

[github-actions]

🏗️ Design Decision Gate — ADR Required

This PR makes significant changes to core business logic (488 new lines in pkg/) but does not have a linked Architecture Decision Record (ADR).

AI has analyzed the PR diff and generated a draft ADR to help you get started:

📄 Draft ADR: docs/adr/29170-stdin-input-mode-for-logs-and-audit-commands.md

What to do next

1. Review the draft ADR committed to your branch — it was generated from the PR diff
2. Complete the missing sections — add context the AI couldn't infer, refine the decision rationale, and list real alternatives you considered
3. Commit the finalized ADR to docs/adr/ on your branch
4. Reference the ADR in this PR body by adding a line such as:

   ADR: ADR-29170: Stdin Input Mode for Logs and Audit Commands

Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision.

Why ADRs Matter

"AI made me procrastinate on key design decisions. Because refactoring was cheap, I could always say 'I'll deal with this later.' Deferring decisions corroded my ability to think clearly."

ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you.

---

📋 Michael Nygard ADR Format Reference

An ADR must contain these four sections to be considered complete:

• Context — What is the problem? What forces are at play?
• Decision — What did you decide? Why?
• Alternatives Considered — What else could have been done?
• Consequences — What are the trade-offs (positive and negative)?

All ADRs are stored in docs/adr/ as Markdown files numbered by PR number (e.g., 0042-use-postgresql.md for PR #42).

🔒 This PR cannot merge until an ADR is linked in the PR body.

🏗️ ADR gate enforced by Design Decision Gate 🏗️ · ● 131K · ◷

[github-actions]

🧪 Test Quality Sentinel Report

Test Quality Score: 80/100

✅ Excellent test quality

Metric	Value
New/modified tests analyzed	1 (table-driven, 9 sub-cases)
✅ Design tests (behavioral contracts)	1 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	1 (100%)
Duplicate test clusters	0
Test inflation detected	⚠️ Yes — stdin_test.go added 74 lines vs stdin.go 26 lines (ratio ≈ 2.85:1, threshold 2:1)
🚨 Coding-guideline violations	None

---

Test Classification Details

Test	File	Classification	Issues Detected
TestReadRunIDsFromStdin	pkg/cli/stdin_test.go:13	✅ Design	9 table-driven sub-cases; covers empty input, blank lines, comments, whitespace trimming, URLs, and no-trailing-newline edge cases. Minor: no test for the scanner.Err() error path.

---

Flagged Tests — Requires Review

No tests failed the quality threshold. One observation is noted below.

i️ Missing error-path coverage — TestReadRunIDsFromStdin

Classification: Design test (passes)
Observation: The production code in stdin.go has one explicit error path — scanner.Err() wrapping an I/O error. None of the 9 table-driven rows exercise this path. It is difficult to trigger a bufio.Scanner error with a strings.Reader, but a custom io.Reader that returns an error could cover it.
Impact if deleted? Low — the happy-path and edge-case rows already enforce the core behavioral contract.
Suggested improvement: Add one table row using an io.Reader that returns an io.ErrUnexpectedEOF mid-read to verify the function propagates the error and returns nil, err.

---

Language Support

Tests analyzed:

• 🟨 JavaScript (*.test.cjs, *.test.js): 0 tests

---

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%). The single new test file (stdin_test.go) exercises the readRunIDsFromStdin behavioral contract well with 9 table-driven sub-cases. A minor test-inflation flag was raised (74 vs 26 lines, ratio ≈ 2.85:1), which is expected for a well-covered utility function. No coding-guideline violations detected.

---

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

References:

• §25131761615

🧪 Test quality analysis by Test Quality Sentinel · ● 417.4K · ◷

[github-actions]

✅ Test Quality Sentinel: 80/100. Test quality is acceptable — 0% of new tests are implementation tests (threshold: 30%).

[pelikhan]

@copilot review all comments

[Copilot]

@copilot review all comments

All five reviewer comments addressed in commit aa68af6:

1. Explicit error for missing repo context — plain numeric IDs without --repo now return a clear error: "run %q does not include repository information; pass --repo owner/repo or provide full run URLs" instead of silently delegating to gh api which would fail with a cryptic "Could not resolve" message.

2. Per-run owner/repo/host in artifact downloads — downloadRunArtifactsConcurrent now derives per-run context from run.URL when the global --repo override is absent. This allows stdin inputs from different repos (or GHES hosts) to download artifacts from the correct repository.

3. [HOST/]owner/repo parsing — Both DownloadWorkflowLogsFromStdin and downloadRunArtifactsConcurrent now correctly parse the 3-segment HOST/owner/repo format (in addition to the 2-segment owner/repo). The parsed host is plumbed through to both metadata fetch and artifact download steps.

4. Tests for logs --stdin — Added TestLogsCommandStdinFlag (flag registration) and TestLogsCommandStdinRejectsPositionalArgs (mutual-exclusion error) to logs_command_test.go.

5. Tests for audit --stdin — Added TestAuditCommandStdinFlag, TestAuditCommandStdinRejectsPositionalArgs, and TestAuditCommandRequiresArgsOrStdin to audit_test.go.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name /usr/bin/git GOINSECURE GOMOD GOMODCACHE git rev-�� runs/20260429-210136-24830/test-1845643970 GOPROXY kflows/test-no-expires.lock.yml GOSUMDB GOWORK 64/bin/go /usr/lib/git-core/git (http block)
  • Triggering command: /usr/bin/gh gh repo view owner/repo -c git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealremote.origin.url git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitcustom_branch2977418965/001' /opt/hostedtoolcache/node/24.14.1/x64/bin/node prettier --check 64/bin/go node /tmp�� s/test.md go /usr/bin/git -json GOCACHE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh repo view owner/repo -c git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitbranch_with_hyphen3644755743/git l /usr/bin/git prettier --check 64/bin/go git -C /tmp/TestGuardPolicyMinIntegrityOnlyrepos_only_without_min-integrity3287474584/0remote.origin.urgit remote /usr/bin/git --porcelain go 64/bin/go git (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name che/go-build/c9/GOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK run-script/lib/n-json /opt/hostedtoolcGO111MODULE -o /tmp/go-build396GOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 1/x64/bin/node git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git conf�� --get remote.origin.url /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 2649411437/custom/workflows GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE .cfg git rev-�� --show-toplevel go /usr/bin/infocmp 0136-24830/test-git GO111MODULE ache/go/1.25.8/x--show-toplevel infocmp (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel /usr/lib/git-core/git /usr/bin/git --all-progress-igit --revs /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp --show-toplevel sh /usr/bin/git infocmp (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ring2703481829/001/test2.md GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv 964261008/001 GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env licyBlockedUsersCommaSeparatedCompiledOutput1250681021/001 GO111MODULE /usr/bin/git GOINSECURE GOMOD GOMODCACHE git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv xterm-color GOPROXY /usr/bin/gh GOSUMDB GOWORK 64/bin/go gh api ErrorFormatting2964261008/001 --jq /usr/bin/git l GOPROXY 64/bin/go git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.8/x--oneline git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --cGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� prettier --check 64/bin/go **/*.ts **/*.json --ignore-path git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE 7553279/b387/impGO111MODULE -c k/gh-aw/gh-aw/cmGOINSECURE k/gh-aw/gh-aw/cmGOMOD 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcGO111MODULE (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ons-test773929251 -tests ow-without-reaction.lock.yml 2317635586/001' 2317635586/001' 64/bin/go git rev-�� --show-toplevel l /usr/bin/gh -json GO111MODULE 64/bin/go gh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE ache/node/24.14.1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv sistency_GoAndJavaScript743686527/001/test-frontmatter-with-nested-objects.md GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 0136-24830/test-2499697388 GO111MODULE /usr/bin/git GOINSECURE GOMOD GOMODCACHE git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --show-toplevel GOPROXY /usr/bin/infocmp GOSUMDB GOWORK 64/bin/go infocmp -1 xterm-color 7553279/b414/impGO111MODULE /usr/bin/git che/go-build/b4/git GOPROXY 64/bin/go git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --bare l /usr/bin/git npx prettier --cgit GOPROXY 64/bin/go git rev-�� --show-toplevel node /usr/bin/git ed-objects.md scripts/**/*.js 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git 7/001/test-frontgit GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv /tmp/TestParseDefaultBranchFromLsRemoteWithRealGitbranch_with_hyphen3644755743/001 l /usr/bin/git prettier --check 64/bin/go git -C /tmp/TestGuardPolicyMinIntegrityOnlyrepos_only_without_min-integrity3287474584/001 config /usr/bin/git remote.origin.urgit -e 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv --symref origin /usr/bin/git prettier --check 64/bin/go git -C runs/20260429-210136-24830/test-.artifacts[].name remote /usr/bin/git -json GOMOD 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-22 GOMOD GOMODCACHE go env add-source-path-3568639961/.gith--detach GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-03-30 GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-01-29 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go t-ha�� ithub/workflows/ai-moderator.md GO111MODULE ache/node/24.14.1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 7146801/b001/vet.cfg GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env runs/20260429-210136-24830/test-source-field-variant-2892851528/.github/workflows GO111MODULE 1/x64/bin/node l GOMOD GOMODCACHE 1/x64/bin/node (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE Name,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE 1/x64/bin/node (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env /v1.2.3 GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE 1/x64/bin/node (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE e/git GOINSECURE GOMOD GOMODCACHE e/git env 3 GO111MODULE 7146801/b390/vet.cfg GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env /v2.0.0 GO111MODULE sv GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE 1/x64/bin/node (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 7146801/b287/vet.cfg s GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go t-ha�� ithub/workflows/api-consumption-report.md GO111MODULE ache/node/24.14.1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE e/git m0s GOMOD (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path che/go-build/41/GOINSECURE (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
  • Triggering command: /tmp/go-build1317146801/b404/cli.test /tmp/go-build1317146801/b404/cli.test -test.testlogfile=/tmp/go-build1317146801/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --cGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE tnet/tools/bash /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/sh st-698781449/.gidu GO111MODULE 1/x64/bin/node sh (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv d GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go 3176�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go 0479�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv 01 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcGO111MODULE -o /tmp/go-build396GOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state bject.type] | @tsv -json GO111MODULE 64/bin/go git init�� GOMODCACHE sh /usr/bin/git "prettier" --chegit GOPROXY 64/bin/go git (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name "prettier" --cheGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcGO111MODULE -o /tmp/go-build396GOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
• https://api.github.com/repos/test/repo
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch xterm-color go /usr/bin/git -json GO111MODULE 64/bin/go git remo�� GOMODCACHE go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)