Apply DIFC integrity filtering to the main agent job (post-activation only) by Copilot · Pull Request #22794 · github/gh-aw

Copilot · 2026-03-25T00:22:09Z

Per reviewer feedback, DIFC integrity filtering is limited to jobs that run after the pre-activation and activation phases. The proxy only applies to the main agent job and the qmd indexing job — pre-activation and activation remain unproxied infrastructure jobs.

Changes

compiler_activation_job.go: No proxy injection (reverted). Activation job steps (reactions, timestamp checks, body fetch, status comments, issue locking, label removal) continue to use the default GitHub API endpoint.
compiler_difc_proxy.go: Package comment documents proxy injection for the main agent job and indexing job only.
compiler_difc_proxy_test.go: Tests cover proxy injection for the main agent job and indexing job.

How it works

The existing proxy startup script exports GITHUB_API_URL, GITHUB_GRAPHQL_URL, NODE_EXTRA_CA_CERTS, and GH_HOST via $GITHUB_ENV — all subsequent Octokit calls in github-script steps within the agent job are intercepted automatically.

Coverage

Job	Proxy coverage
`pre_activation`	❌ not proxied (infrastructure job)
`activation`	❌ not proxied (infrastructure job)
Main agent job	✅ existing coverage
`indexing` (qmd)	✅ existing coverage

[!WARNING]

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

Inject DIFC proxy start/stop into buildActivationJob so that all actions/github-script calls (add_reaction, check_workflow_timestamp, compute_text, add_workflow_run_comment, lock-issue, remove_trigger_label, etc.) are routed through integrity filtering when min-integrity is set. The proxy startup script already sets GITHUB_API_URL, GITHUB_GRAPHQL_URL, NODE_EXTRA_CA_CERTS, and GH_HOST via $GITHUB_ENV, so no per-step base-url injection is needed — all subsequent Octokit calls are intercepted automatically. Condition used: hasDIFCGuardsConfigured (same as indexing job), since the activation job always makes GitHub API calls via github-script regardless of custom steps. Also updates the package comment in compiler_difc_proxy.go and adds TestDIFCProxyInjectedInActivationJob tests. Recompiled all 177 workflow lock files. Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/dbd57cd2-a5f2-480b-aa12-24198fde2259

…fails Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/dbd57cd2-a5f2-480b-aa12-24198fde2259

pelikhan · 2026-03-25T01:06:30Z

@lpcox are you wrapping the user injected steps?

lpcox · 2026-03-25T03:06:57Z

@pelikhan it should be but I will double check.

lpcox · 2026-03-25T03:09:11Z

@copilot make sure that you are proxying compiler-added steps and user defined steps (from the front matter). is there a way to also proxy imported steps? can imported steps access GH_TOKEN?

…ler checks) Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/14d51822-1e33-42dd-a755-9a3c7a18e90a

Copilot · 2026-03-25T03:44:07Z

@copilot make sure that you are proxying compiler-added steps and user defined steps (from the front matter). is there a way to also proxy imported steps? can imported steps access GH_TOKEN?

Done in ac14b09.

Compiler-added steps: All steps in the activation job (reactions, timestamp check, compute_text, status comments, lock, label removal) are wrapped — proxy starts right after setup, stops before artifact upload.

User-defined steps from frontmatter:

on.steps / jobs.pre-activation custom steps: now also wrapped. The proxy is injected into the pre-activation job (start after setup, stop after all steps including on.steps). All membership checks, rate-limit, skip-if queries, command position checks, and user on.steps run through the proxy when min-integrity is set.
steps: (main job): already wrapped by the existing pre-agent proxy.

Imported steps (RepositoryImports): these are checked out and used in the main agent job, which already has proxy coverage from the pre-existing DIFC implementation.

Can imported steps access GH_TOKEN?: Yes — both the pre-activation and main jobs have GITHUB_TOKEN available. The proxy intercepts Octokit calls via GITHUB_API_URL / GITHUB_GRAPHQL_URL set in $GITHUB_ENV by the startup script, so all subsequent actions/github-script calls in those jobs are routed through integrity filtering automatically.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git *.json' '!../../git GO111MODULE cal/bin/node git (http block)
https://api.github.com/orgs/test-owner/actions/secrets
- Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name "prettier" --cheGOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/xGO111MODULE -o h ../../../.prettierignore -trimpath 64/bin/go -d github.com/githu/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.25 go (http block)
https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel go /usr/bin/git json' --ignore-pgit GO111MODULE 64/bin/go git rev-�� --git-dir go /usr/bin/gh b/workflows GO111MODULE 64/bin/go gh (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha "prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' ---errorsas go 0/x64/bin/node rror GO111MODULE run-script/lib/n--show-toplevel 0/x64/bin/node -o ons-test3342656162 -trimpath /usr/bin/git l github.com/githurev-parse -lang=go1.25 git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE tions/setup/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go env *.json' '!../../../pkg/workflow/js/**/*.json' ---errorsas GO111MODULE k/_temp/ghcca-node/node/bin/bash GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git ../pkg/workflow/git GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ode git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git 3932-30179/test-git GO111MODULE nfig/composer/ve--show-toplevel git rev-�� --show-toplevel go 0/x64/bin/node audit-workflows.git GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/go-build1999536239/b447/_pkg_.a -trimpath /usr/bin/git -p main -lang=go1.25 git -C /tmp/gh-aw-test-runs/20260325-033932-30179/test-3409121192 status /usr/bin/git .github/workflowgit -c=4 -nolocalimports git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha uts.version -importcfg /usr/bin/git -s -w -buildmode=exe git chec�� .github/workflows/test.md -extld=gcc /usr/bin/git -json GO111MODULE odules/npm/node_--show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git e0Ym01Ca4 GO111MODULE k/gh-aw/gh-aw/no--show-toplevel git (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v8
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha prettier --check de **/*.ts **/*.json --ignore-path /bin/sh -c GOPATH=$(go env --ignore-path node 64/bin/go tierignore --write 64/bin/go go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ath ../../../.pr**/*.json --ignore-path 64/bin/go tierignore ache/go/1.25.0/x-c 64/bin/go go env re --log-level=error GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ath ../../../.pr**/*.json scripts/**/*.js 64/bin/go .prettierignore --write 64/bin/go go er -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/bot-detection.md -test.v=true /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git rev-�� --git-dir siWHJxF12LLI /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/go-build1999536239/b447/timeutil.test -importcfg /usr/bin/git -s -w -buildmode=exe git chec�� .github/workflows/test.md -extld=gcc /usr/bin/git -json GO111MODULE es/.bin/node git (http block)
https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GOPROXY /home/REDACTED/.npm/_npx/b388654678d519d9/node_modules/.bin/prettier GOSUMDB GOWORK 64/bin/go prettier --wr�� runs/20260325-033932-30179/test-1887717827/.github/workflows --ignore-path /home/node_modules/.bin/node l GO111MODULE 64/bin/go node (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha prettier --write /bin/sh **/*.ts **/*.json --ignore-path /bin/sh -c k/gh-aw/gh-aw ache/go/1.25.0/xGO111MODULE 9536239/b434/vet.cfg tierignore GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 3932-30179/test-3409121192 --write 0/x64/bin/node **/*.ts **/*.json --ignore-path node t-ha�� ithub/workflows/agent-persona-explorer.md scripts/**/*.js /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile .prettierignore --log-level=errorev-parse 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
- Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
- Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 0/x6�� -json GO111MODULE h GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
- Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 0/x6�� -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
- Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE h GOINSECURE GOMOD GOMODCACHE go estl�� '**/*.ts' '**/*.json' --ignore-premote.origin.url GO111MODULE de/node/bin/sh GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
- Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
- Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
- Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE ef/N6GE9dzJuLpfUe9tz4e_/ThKvzodBlPIPkS6j74YO (http block)
https://api.github.com/repos/github/gh-aw/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path k/gh-aw/gh-aw/scGOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/xGO111MODULE -o h ../../../.prettierignore -trimpath 64/bin/go -d github.com/githu/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.25 go (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 github.com/githu-atomic -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE go env -json GO111MODULE tions/node_modules/.bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha /\1/p GO111MODULE At,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE go env y_with_repos_array_c1614436499/001 GO111MODULE ules/.bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---p GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha nore --log-level=error 2>&1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json GO111MODULE /node GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE _modules/.bin/sh-lang=go1.25 GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha )$/\1/p GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithout_min-integrity1814204060/001 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
https://api.github.com/repos/nonexistent/repo/actions/runs/12345
- Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go 0/x6�� 4077260802/.github/workflows GO111MODULE 86_64/node GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/owner/repo/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc--ignore-path -o h ../../../.pret--log-level=error -trimpath 64/bin/go -p github.com/githu/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.25 go (http block)
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo modules/@npmcli/run-script/lib/node-gyp-bin/sh GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcscripts/**/*.js -o h ../../../.pret.prettierignore -trimpath 64/bin/go -p github.com/githu/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.25 go (http block)
https://api.github.com/repos/owner/repo/contents/file.md
- Triggering command: /tmp/go-build1999536239/b402/cli.test /tmp/go-build1999536239/b402/cli.test -test.testlogfile=/tmp/go-build1999536239/b402/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOSUMDB GOWORK 64/bin/go sh -c ath ../../../.pr**/*.json sh 64/bin/go tierignore ache/go/1.25.0/x-c 64/bin/go go (http block)
https://api.github.com/repos/test-owner/test-repo/actions/secrets
- Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name prettier --check 64/bin/go **/*.ts **/*.json --ignore-path git stat�� --porcelain node 64/bin/go -d --write 64/bin/go go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

pelikhan · 2026-03-25T03:46:26Z

Are you going to break these steps?

pelikhan · 2026-03-25T03:47:17Z

I'd like to discuss this one... preactivation/activation is infrastructure

lpcox · 2026-03-25T03:57:41Z

@pelikhan happy to chat. we can limit to post-preactivation/activation

github-actions · 2026-03-26T09:26:41Z

Hey @Copilot 👋 — great work extending DIFC proxy coverage to the activation and pre-activation jobs! Closing a real security gap where pre-agentic github-script and gh CLI calls were bypassing the integrity proxy is a solid, well-scoped contribution.

The PR is well-structured, the description is thorough, and the test suite (TestDIFCProxyInjectedInActivationJob + TestDIFCProxyInjectedInPreActivationJob with 8 sub-tests) covers the right scenarios. The recompiled .lock.yml files are consistent with the Go compiler changes.

This looks ready for maintainer review! 🟢

Generated by Contribution Check · ◷

lpcox · 2026-03-26T16:29:08Z

@copilot limit integrity filtering to jobs after preactivation/activation

…er reviewer request Agent-Logs-Url: https://github.com/github/gh-aw/sessions/3f005084-69aa-4fe2-be12-f5979c050b8c Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

Copilot · 2026-03-26T16:39:50Z

@copilot limit integrity filtering to jobs after preactivation/activation

Done in 3c16f0b. Reverted DIFC proxy injection from both the activation and pre_activation jobs. Integrity filtering now only applies to jobs that run after them (main agent job and indexing/qmd job), which is the pre-existing behavior. Lock files recompiled across all 178 workflows.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw util (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ,short (http block)
https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha kysWS_1Th .cfg 64/pkg/tool/linux_amd64/vet credential.helpebash (http block)
https://api.github.com/repos/github/gh-aw
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility copilot/apply-difc-integrity-filtering^{commit} (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha get .cfg 64/pkg/tool/linux_amd64/vet credential.usern/bin/sh (http block)
https://api.github.com/repos/githubnext/agentics/git/ref/tags/
- Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha get .cfg .cfg commit.gpgsign (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

* Initial plan * Fix sparse-checkout missing actions/setup in dev mode for activation job Agent-Logs-Url: https://github.com/github/gh-aw/sessions/1b83f1ef-faf6-451f-84b2-ffbd0b92867c Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

lpcox · 2026-03-26T17:05:04Z

@pelikhan PR now limits integrity filtering to jobs after preactivation/activation

pelikhan · 2026-03-28T01:34:45Z

@lpcox might be worth recreating it. We can do a map of the jobs and specify where the filtering should apply.

Copilot

Pull request overview

Limits DIFC integrity filtering/proxy behavior to post-activation workloads (main agent + qmd indexing), and updates generated workflows/tests accordingly.

Changes:

Updates DIFC proxy artifact log path selection and corresponding unit test expectations.
Refactors activation-job sparse-checkout extra paths handling for dev mode.
Regenerates multiple locked workflow YAMLs to match the updated artifact path list.

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
pkg/workflow/compiler_difc_proxy.go	Adjusts DIFC proxy artifact log paths returned for unified artifact upload.
pkg/workflow/compiler_difc_proxy_test.go	Updates tests for DIFC proxy artifact log path behavior.
pkg/workflow/compiler_activation_job.go	Refactors dev-mode sparse-checkout extra paths handling and logging.
.github/workflows/workflow-generator.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/weekly-safe-outputs-spec-review.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/weekly-issue-summary.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/weekly-blog-post-writer.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/stale-repo-identifier.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/smoke-agent-scoped-approved.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/smoke-agent-public-none.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/smoke-agent-public-approved.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/smoke-agent-all-none.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/smoke-agent-all-merged.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/scout.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/refiner.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/q.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/pr-triage-agent.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/plan.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/org-health-report.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/issue-triage-agent.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/issue-monster.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/issue-arborist.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/grumpy-reviewer.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/discussion-task-miner.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/daily-issues-report.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).
.github/workflows/contribution-check.lock.yml	Updates locked workflow artifact upload paths (proxy log path list changed).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot · 2026-03-28T17:24:00Z

pkg/workflow/compiler_difc_proxy.go

-		"/tmp/gh-aw/proxy-logs/",
-		"!/tmp/gh-aw/proxy-logs/proxy-tls/",
-	}
+	return []string{"/tmp/gh-aw/proxy-logs/"}


difcProxyLogPaths now uploads the entire /tmp/gh-aw/proxy-logs/ directory, which includes proxy-tls/ created by start_difc_proxy.sh (--tls-dir "$PROXY_LOG_DIR/proxy-tls"). This directory is expected to contain TLS material and previously had an explicit exclusion; removing the exclusion risks (1) leaking TLS private key material into build artifacts and/or (2) breaking actions/upload-artifact if the container wrote root-owned/unreadable files. Prefer restoring the !/tmp/gh-aw/proxy-logs/proxy-tls/ exclusion (or explicitly copy/chmod only safe, readable files into a separate upload directory).

See below for a potential fix:

// proxy-logs/ contains TLS certs and container stderr from the proxy. // Exclude proxy-tls/ to avoid uploading TLS material (mcp-logs/ is already // collected as part of standard MCP logging). return []string{ "/tmp/gh-aw/proxy-logs/", "!/tmp/gh-aw/proxy-logs/proxy-tls/", }

Copilot · 2026-03-28T17:24:00Z

pkg/workflow/compiler_difc_proxy_test.go

+		require.Len(t, paths, 1, "should return exactly one path")
+		assert.Contains(t, paths[0], "proxy-logs", "path should include proxy-logs directory")


This test was updated to expect only one proxy log path, but the artifact upload should continue to exclude proxy-tls/ (TLS-dir) for safety and to avoid potential permission issues during upload. Update the expectation to cover the exclusion pattern if the implementation re-adds it.

Suggested change

require.Len(t, paths, 1, "should return exactly one path")

assert.Contains(t, paths[0], "proxy-logs", "path should include proxy-logs directory")

require.GreaterOrEqual(t, len(paths), 1, "should return at least one path")

assert.Contains(t, paths[0], "proxy-logs", "path should include proxy-logs directory")

if len(paths) > 1 {

foundTLSExclusion := false

for _, p := range paths[1:] {

if strings.Contains(p, "proxy-tls") {

foundTLSExclusion = true

break

}

}

assert.True(t, foundTLSExclusion, "expected additional path to reference proxy-tls directory (e.g., for exclusion)")

}

Copilot · 2026-03-28T17:24:00Z

.github/workflows/workflow-generator.lock.yml

            /tmp/gh-aw/sandbox/agent/logs/
            /tmp/gh-aw/redacted-urls.log
            /tmp/gh-aw/mcp-logs/
            /tmp/gh-aw/proxy-logs/


The unified artifact upload paths no longer exclude !/tmp/gh-aw/proxy-logs/proxy-tls/. Since proxy-logs/ includes the proxy TLS directory created by the DIFC proxy startup script, this risks uploading TLS key material and/or causing artifact upload failures if those files are root-owned/unreadable. Consider restoring the exclusion (and regenerating the lock files) or ensuring the proxy TLS directory is removed/sanitized before upload.

Suggested change

/tmp/gh-aw/proxy-logs/

/tmp/gh-aw/proxy-logs/

!/tmp/gh-aw/proxy-logs/proxy-tls/

The proxy-logs/ directory includes proxy-tls/ which contains TLS private key material generated by the DIFC proxy. Uploading this directory risks leaking TLS key material into build artifacts and may cause upload failures if files are root-owned/unreadable. and update the test to verify both the include and exclusion paths. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Initial plan

670013c

Copilot AI assigned Copilot and lpcox Mar 25, 2026

Copilot started work on behalf of lpcox March 25, 2026 00:22 View session

Copilot AI linked an issue Mar 25, 2026 that may be closed by this pull request

Apply DIFC integrity filtering to pre-agentic gh CLI and actions/github-script steps #22792

Closed

This was referenced Mar 25, 2026

Smoke Test: Copilot - 23519034581 #22798

Closed

Smoke Test: Claude - 23519034602 #22799

Closed

Copilot AI and others added 2 commits March 25, 2026 00:54

Add warning log when DIFC guard configured but proxy step generation …

a682950

…fails Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/dbd57cd2-a5f2-480b-aa12-24198fde2259

Copilot AI changed the title ~~[WIP] Apply DIFC integrity filtering to pre-agentic gh CLI and actions/github-script steps~~ Apply DIFC integrity filtering to pre-agentic activation job steps Mar 25, 2026

Copilot AI requested a review from lpcox March 25, 2026 00:59

Copilot finished work on behalf of lpcox March 25, 2026 00:59

github-actions bot mentioned this pull request Mar 25, 2026

Smoke Test: Claude - 23519518981 #22803

Closed

Copilot started work on behalf of pelikhan March 25, 2026 01:06 View session

Copilot AI requested a review from pelikhan March 25, 2026 01:13

Copilot finished work on behalf of pelikhan March 25, 2026 01:13

This comment has been minimized.

Sign in to view

github-actions bot added the lgtm label Mar 25, 2026

Copilot started work on behalf of lpcox March 25, 2026 03:09 View session

Extend DIFC proxy injection to pre-activation job (on.steps and compi…

ac14b09

…ler checks) Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/14d51822-1e33-42dd-a755-9a3c7a18e90a

Copilot AI changed the title ~~Apply DIFC integrity filtering to pre-agentic activation job steps~~ Apply DIFC integrity filtering to pre-agentic activation and pre-activation job steps Mar 25, 2026

Copilot finished work on behalf of lpcox March 25, 2026 03:45

github-actions bot mentioned this pull request Mar 25, 2026

[PR Triage Report] PR Triage Report - 2026-03-25 #22838

Closed

This was referenced Mar 25, 2026

[PR Triage Report] PR Triage Report - 2026-03-25 #22888

Closed

[aw] No-Op Runs #21483

Open

Merge branch 'main' into copilot/apply-difc-integrity-filtering

00cb316

github-actions bot mentioned this pull request Mar 26, 2026

Smoke Test: Copilot - 23581364043 #23072

Closed

github-actions bot mentioned this pull request Mar 26, 2026

[Contribution Check Report] Contribution Check Report — 2026-03-26 #23012

Closed

Copilot started work on behalf of lpcox March 26, 2026 16:29 View session

Revert DIFC proxy injection from activation and pre-activation jobs p…

3c16f0b

…er reviewer request Agent-Logs-Url: https://github.com/github/gh-aw/sessions/3f005084-69aa-4fe2-be12-f5979c050b8c Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

Copilot AI changed the title ~~Apply DIFC integrity filtering to pre-agentic activation and pre-activation job steps~~ Apply DIFC integrity filtering to the main agent job (post-activation only) Mar 26, 2026

Copilot finished work on behalf of lpcox March 26, 2026 16:40

github-actions bot mentioned this pull request Mar 28, 2026

[Contribution Check Report] Contribution Check — 2026-03-28 #23299

Closed

github-actions bot mentioned this pull request Mar 28, 2026

[PR Triage Report] PR Triage Report - 2026-03-28 #23319

Closed

lpcox marked this pull request as ready for review March 28, 2026 17:20

Copilot AI review requested due to automatic review settings March 28, 2026 17:20

Copilot started reviewing on behalf of lpcox March 28, 2026 17:21 View session

Copilot AI reviewed Mar 28, 2026

View reviewed changes

lpcox merged commit 8f8f67b into main Mar 28, 2026
55 checks passed

lpcox deleted the copilot/apply-difc-integrity-filtering branch March 28, 2026 17:39

		require.Len(t, paths, 1, "should return exactly one path")
		assert.Contains(t, paths[0], "proxy-logs", "path should include proxy-logs directory")

-		require.Len(t, paths, 1, "should return exactly one path")
-		assert.Contains(t, paths[0], "proxy-logs", "path should include proxy-logs directory")
+		require.GreaterOrEqual(t, len(paths), 1, "should return at least one path")
+		assert.Contains(t, paths[0], "proxy-logs", "path should include proxy-logs directory")
+		if len(paths) > 1 {
+			foundTLSExclusion := false
+			for _, p := range paths[1:] {
+				if strings.Contains(p, "proxy-tls") {
+					foundTLSExclusion = true
+					break
+				}
+			}
+			assert.True(t, foundTLSExclusion, "expected additional path to reference proxy-tls directory (e.g., for exclusion)")
+		}

	/tmp/gh-aw/proxy-logs/
	/tmp/gh-aw/proxy-logs/
	!/tmp/gh-aw/proxy-logs/proxy-tls/

Conversation

Copilot AI commented Mar 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes

How it works

Coverage

Uh oh!

pelikhan commented Mar 25, 2026

Uh oh!

This comment has been minimized.

lpcox commented Mar 25, 2026

Uh oh!

lpcox commented Mar 25, 2026

Uh oh!

Copilot AI commented Mar 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

pelikhan commented Mar 25, 2026

Uh oh!

pelikhan commented Mar 25, 2026

Uh oh!

lpcox commented Mar 25, 2026

Uh oh!

github-actions bot commented Mar 26, 2026

Uh oh!

lpcox commented Mar 26, 2026

Uh oh!

Copilot AI commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

lpcox commented Mar 26, 2026

Uh oh!

pelikhan commented Mar 28, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI Mar 28, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Mar 28, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Mar 28, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Copilot AI commented Mar 25, 2026 •

edited

Loading

Copilot AI commented Mar 25, 2026 •

edited

Loading

Copilot AI commented Mar 26, 2026 •

edited

Loading