fix: preserve read-all permissions when copilot-requests feature is enabled#23574
Merged
fix: preserve read-all permissions when copilot-requests feature is enabled#23574
Conversation
…lot-requests: write to detection job Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6e7dfe3a-fede-4319-a220-8b1416a8561b Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix lock file generator permissions for agent and detection jobs
fix: preserve read-all permissions when copilot-requests feature is enabled
Mar 30, 2026
pelikhan
approved these changes
Mar 30, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes a permissions regression where enabling features: copilot-requests: true could drop permissions: read-all scopes for the agent job and leave the threat-detection (detection) job without required copilot-requests: write.
Changes:
- Update
Permissions.Set()to expand shorthand (read-all/write-all/none) into an explicit permissions map before applying overrides. - Add
copilot-requests: writeto the detection job when the copilot-requests feature is enabled. - Add regression + end-to-end compilation tests for the
read-all+copilot-requestsinteraction, and refresh generated workflow lockfiles accordingly.
Reviewed changes
Copilot reviewed 44 out of 44 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/permissions_operations.go | Fix shorthand-to-map conversion in Permissions.Set() so shorthand-implied scopes aren’t lost when adding copilot-requests. |
| pkg/workflow/threat_detection.go | Ensure detection job gets copilot-requests: write when the feature is enabled (and contents: read in dev/script when needed). |
| pkg/workflow/permissions_operations_test.go | Add regression coverage for Set() when starting from shorthand permissions. |
| pkg/workflow/compiler_permissions_test.go | Add compilation-level tests validating agent + detection job permissions with read-all + copilot-requests. |
| .github/workflows/smoke-update-cross-repo-pr.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/smoke-create-cross-repo-pr.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/firewall-escape.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/draft-pr-cleanup.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/docs-noob-tester.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/discussion-task-miner.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/dictation-prompt.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/dev.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/dev-hawk.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/delight.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/dead-code-remover.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-workflow-updater.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-testify-uber-super-expert.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-syntax-error-quality.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-secrets-analysis.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-safe-output-integrator.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-repo-chronicle.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-news.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-mcp-concurrency-analysis.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-file-diet.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-copilot-token-report.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-compiler-quality.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-cli-performance.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-assign-issue-to-user.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/daily-architecture-diagram.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/craft.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/copilot-pr-prompt-analysis.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/copilot-pr-nlp-analysis.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/copilot-pr-merged-report.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/copilot-cli-deep-research.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/code-scanning-fixer.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/cli-consistency-checker.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/claude-code-user-docs-review.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/ci-coach.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/breaking-change-checker.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/brave.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/auto-triage-issues.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/artifacts-summary.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/archie.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
| .github/workflows/agent-performance-analyzer.lock.yml | Regenerated lockfile to include copilot-requests: write on detection job permissions. |
Comments suppressed due to low confidence (1)
pkg/workflow/compiler_permissions_test.go:409
detectionSection := content[detectionIdx:]includes everything from the detection job to end-of-file, sostrings.Contains(detectionSection, ...)could match permissions in later jobs and still pass even if the detection job is missing them. Consider slicing only the detection job block (e.g., until the next job header at the same indentation) before checking forcopilot-requests: write.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+88
to
+96
| var shorthandLevel PermissionLevel | ||
| switch shorthand { | ||
| case "read-all": | ||
| shorthandLevel = PermissionRead | ||
| case "write-all": | ||
| shorthandLevel = PermissionWrite | ||
| case "none": | ||
| shorthandLevel = PermissionNone | ||
| } |
There was a problem hiding this comment.
In the shorthand->map conversion, expanding shorthand == "none" to an explicit entry for every scope will cause RenderToYAML to emit a very large permissions block full of : none values. Since any explicit permissions: map already implies all unspecified scopes are none, consider not expanding the none shorthand (only expand read-all/write-all) to keep generated YAML small and stable.
Comment on lines
+97
to
+104
| for _, s := range GetAllPermissionScopes() { | ||
| if _, exists := p.permissions[s]; !exists { | ||
| // id-token does not support the read level | ||
| if s == PermissionIdToken && shorthandLevel == PermissionRead { | ||
| continue | ||
| } | ||
| p.permissions[s] = shorthandLevel | ||
| } |
There was a problem hiding this comment.
When expanding read-all into an explicit map, this loop will include discussions: read. RenderToYAML explicitly avoids adding discussions when expanding all: read (to prevent issues on GitHub Enterprise instances without Discussions). Since enabling copilot-requests forces read-all to become explicit, consider applying the same skip rule here (unless discussions was explicitly set) to avoid introducing a GHES-only failure mode.
Comment on lines
+93
to
+96
| // TestPermissionsSetPreservesShorthandPermissions verifies that calling Set() on a Permissions | ||
| // with a shorthand value (read-all, write-all, none) preserves the shorthand-implied permissions | ||
| // instead of discarding them. This is the regression test for the bug where adding | ||
| // copilot-requests: write to a read-all workflow dropped all other read permissions. |
There was a problem hiding this comment.
This test docstring says it covers shorthands "read-all, write-all, none", but the table only includes read-all and write-all cases. Either add a NewPermissionsNone() case (e.g., ensure Set() doesn’t introduce a bunch of explicit : none entries) or update the comment to match what’s actually covered.
Comment on lines
+350
to
+363
| // The agent job must include copilot-requests: write (added by the feature). | ||
| if !strings.Contains(content, "copilot-requests: write") { | ||
| t.Error("Agent job should contain 'copilot-requests: write'") | ||
| } | ||
| // The agent job must also include the read-all-derived permissions. | ||
| if !strings.Contains(content, "contents: read") { | ||
| t.Error("Agent job should contain 'contents: read' (preserved from read-all)") | ||
| } | ||
| if !strings.Contains(content, "issues: read") { | ||
| t.Error("Agent job should contain 'issues: read' (preserved from read-all)") | ||
| } | ||
| if !strings.Contains(content, "pull-requests: read") { | ||
| t.Error("Agent job should contain 'pull-requests: read' (preserved from read-all)") | ||
| } |
There was a problem hiding this comment.
The assertions in this subtest search the entire compiled lock file for permission strings, so the test could pass even if the permissions ended up on a different job (e.g., detection) and not the agent job. Consider extracting just the agent: job block (similar to the detection subtest) before asserting on copilot-requests, contents, issues, etc., to make the test specifically validate agent job permissions.
This issue also appears on line 401 of the same file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When
permissions: read-allis combined withfeatures: copilot-requests: true, the agent job ends up with onlycopilot-requests: write(all read-all scopes dropped), and the detection job gets no permissions block at all — causing checkout failures, GraphQL API errors, and Copilot CLI auth failures.Root causes
Permissions.Set()discards shorthand on conversion (permissions_operations.go): When converting a shorthand (read-all,write-all,none) to an explicit map, the old code cleared the shorthand without expanding it first. Only the newly-set scope survived.Detection job ignores the copilot-requests feature (
threat_detection.go):buildDetectionJob()only addedcontents: readin dev/script mode and was otherwise empty — never addingcopilot-requests: writeeven when the feature requires it.Changes
permissions_operations.go: FixSet()to expand shorthand to explicit scopes before clearing it, soread-all+Set(copilot-requests, write)yields all read scopes pluscopilot-requests: write.threat_detection.go: Addcopilot-requests: writeto the detection job permissions whenfeatures: copilot-requests: trueis configured.permissions_operations_test.go: Regression tests forSet()on shorthand — verifies preserved scopes after mutation.compiler_permissions_test.go: End-to-end compilation tests for theread-all+copilot-requestsfeature interaction on both agent and detection jobs.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw /tmp/go-build389rev-parse 7a093a60184296d5--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linu^remote\..*\.gh-resolved$ /usr/bin/git -unreachable=falgit /tmp/go-build389rev-parse k/gh-aw/node_mod--show-toplevel git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw sh /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD erignore ache/go/1.25.0/xGO111MODULE env 98957/b399/_pkg_GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name get --global x_amd64/vet http.https://gitnode(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet /opt/hostedtoolcache/node/24.14.0/x64/bin/node on' --ignore-patgit main ache/go/1.25.0/x--show-toplevel node /tmp�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/audit-workflows.md ache/go/1.25.0/x64/pkg/tool/linu../../../**/*.json /usr/bin/gh ./../pkg/workflogit(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ortcfg /usr/bin/git git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --write l ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --ignore-path ../../../.prettirev-parse x_amd64/vet ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha run --auto /usr/bin/git --detach ache/go/1.25.0/xrev-parse /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git -bool -buildtags /usr/bin/git git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 264263802 /tmp/go-build3892575680/b022/vet-test.run=^Test n-dir/bash(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git se 2575680/b080/vetrev-parse bin/node git rev-�� --show-toplevel ache/go/1.25.0/xorigin /usr/bin/git --noprofile(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel sh /usr/bin/git rite '../../../*git -tests /usr/sbin/iptabl--show-toplevel git rev-�� --show-toplevel iptables /usr/bin/git -t security x_amd64/link git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha ue.number 64/pkg/tool/linu-trimpath /usr/bin/git --local .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel vdN3eqAa1K0H /usr/bin/git json' --ignore-pgit core.hooksPath ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linu-buildtags /usr/bin/git --local .cfg 64/pkg/tool/linu--show-toplevel git -C /tmp/gh-aw-test-runs/20260330-183624-13919/test-4019827613 rev-parse /usr/bin/git @{u} origin ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x/tmp/go-build3050551994/b445/_testmain.go /usr/bin/git 3624-13919/test-git -buildtags .cfg git rev-�� --show-toplevel git /usr/bin/git ai-moderator.md on 64/pkg/tool/linu--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -p test.go x_amd64/vet(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha h ../../../.prettierignore --local 64/pkg/tool/linux_amd64/vet credential.usernnode(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha get --local 64/pkg/tool/linux_amd64/vet user.email(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript1234280339/001/test-inlined-imports-enabled-with-env-temgit 64/pkg/tool/linu-buildtags /usr/bin/git --local .cfg 64/pkg/tool/linu--show-toplevel git chec�� .github/workflows/test.md 64/pkg/tool/linuconfig /usr/bin/git json' --ignore-pgit core.hooksPath node git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha ts.result config /usr/bin/git remote.origin.urgit .cfg 64/pkg/tool/linu--show-toplevel git -C /tmp/gh-aw-test-runs/20260330-183624-13919/test-4019827613 rev-parse /usr/bin/git @{u} core.hooksPath ules/.bin/pretti--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git gh(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha runs/20260330-183624-13919/test-1421658150/.github/workflows(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --get remote.origin.urrev-parse(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node(http block)https://api.github.com/repos/github/gh-aw/usr/bin/gh gh api /repos/github/gh-aw --jq .visibility -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� run lint:cjs 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha /tmp/file-tracker-test4220068289/test1.md /tmp/file-tracker-test4220068289/test2.lock.yml /usr/bin/git --local .cfg 64/pkg/tool/linu--show-toplevel git -C v1.0.0 status /usr/bin/git .github/workflowgit core.hooksPath 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha 3624-13919/test-4019827613 **/*.cjs 0/x64/bin/node **/*.json --ignore-path ../../../.pretti--show-toplevel sh t-ha�� ithub/workflows/archie.md x_amd64/compile /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile rror(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git /usr/bin/git user.name Test User /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git add origin /usr/bin/gh git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 3624-13919/test-4019827613 **/*.cjs /home/REDACTED/node_modules/.bin/sh l --ignore-path ../../../.pretti--show-toplevel sh 0551�� "prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' ---p 0551994/b416/_testmain.go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link rror(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel -goversion /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /home/REDACTED/worrev-parse /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 2575680/b189/vet.cfg n-dir/sh(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 2575680/b175/vet.cfg x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 2575680/b188/vet.cfg ache/go/1.25.0/x64/pkg/tool/linu-lang=go1.25 |filterJobLevelPgit(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 2575680/b190/vet.cfg ache/go/1.25.0/x64/pkg/tool/linu-lang=go1.25(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 2575680/b187/vet.cfg 0/x64/lib/node_modules/npm/node_-buildmode=exe(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 2575680/b191/vet.cfg 86_64/sh(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --get-regexp --global /prettier(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git KLsVMPmgh(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel node /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha y-test.md(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 0551994/b431/_pkgit --write 0551994/b431=> git rev-�� --show-toplevel /bin/sh /usr/bin/git kf3Z/lIlByH_DtWQgit(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha re --log-level=error .cfg 64/pkg/tool/linux_amd64/vet gpg.program(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha get .cfg 64/pkg/tool/linux_amd64/vet gpg.program(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha get .cfg 64/pkg/tool/linux_amd64/vet commit.gpgsign(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha get .cfg 64/pkg/tool/linux_amd64/vet gpg.program(http block)https://api.github.com/repos/githubnext/agentics/git/ref/tags//usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha IQ3w/zgdXqqXc4r8GOINSECURE GO111MODULE $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE 98957/b399/imporGOPROXY /hom�� che/go-build/02/GOSUMDB **/*.cjs 64/bin/go **/*.json _value"]."\n"; ../../../.pretti/home/REDACTED/work/gh-aw/gh-aw/.github/workflows go(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha '**/*.ts' '**/*.@{u} 2575680/b239/vet.cfg n-dir/sh(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 0551994/b435/_pkgit --write 0551994/b435=> git rev-�� --show-toplevel node /usr/bin/git F9kB/ZdR4Ml1pY-Rgit format:pkg-json /home/REDACTED/.lo--show-toplevel git(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/vet(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo de(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build3050551994/b404/cli.test /tmp/go-build3050551994/b404/cli.test -test.testlogfile=/tmp/go-build3050551994/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name get --global x_amd64/vet http.https://gitnode(http block)If you need me to access, download, or install something from one of these locations, you can either: