Merge detection job into action job

[pelikhan]

Consolidate the detection job into the action job to streamline the workflow and improve efficiency. This change simplifies the process by integrating detection steps directly into the action job, eliminating the need for a separate detection job.

---

---

✨ PR Review Safe Output Test - Run 22349857400

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Smoke test results (Codex)
PRs: fix: add copilot-requests to GitHub Actions workflow JSON schema
PRs: fix: update wasm golden files for Copilot CLI v0.0.415
GitHub MCP ✅ | Serena MCP ✅ | Playwright ✅
Web fetch ✅ | File write ✅ | Bash cat ✅
Build (make build) ✅
Overall: PASS

🔮 The oracle has spoken through Smoke Codex

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Smoke test results
PRs: #18067 fix: add copilot-requests to GitHub Actions workflow JSON schema; #17754 parser: stabilize strict unknown-property ordering
GitHub MCP ✅
Serena activate ✅; Serena find_symbol ❌ (MCP EOF)
Playwright ✅; Web-fetch ✅
File write ✅; Bash cat ✅
Build ✅
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Commit pushed: d7ffa89

Generated by Changeset Generator

[pelikhan]

@copilot do a code review of the change to ensure quality. Review the pull request description for the goal: running the detection in the action job.

[Copilot]

@pelikhan I've opened a new pull request, #18081, to work on those changes. Once the pull request is ready, I'll request review from you.

[pelikhan]

@copilot make sure to clear the MCP configuration file before the detection job.

[Copilot]

@pelikhan I've opened a new pull request, #18085, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[github-actions]

Hey @pelikhan 👋 — thanks for the work on consolidating the detection job inline with the action job! The approach is clear, the change is coherent across all 177 lock files and the backing Go compiler/threat-detection code, and a changeset entry was included. A few things to flag before this can be merged:

• Process: direct PR — CONTRIBUTING.md is explicit: "Traditional Pull Requests Are Not Enabled" and "You cannot create pull requests directly." The expected workflow is: open an issue with a detailed agentic plan → maintainer assigns it to GitHub Copilot Agent → agent creates the PR. This PR was created directly on branch merged_detection_job, bypassing that flow. If you are a maintainer making an intentional exception, that context would be helpful to call out in the PR body.
• Removed test file — pkg/workflow/detection_permissions_test.go was deleted (118 lines of coverage removed). The commit message doesn't explain why those tests are no longer needed. A brief note confirming the permissions scenarios are now covered by the updated tests (e.g., safe_jobs_threat_detection_test.go, threat_detection_test.go) would help reviewers validate nothing was silently dropped.
• PR description is thin — the body explains what was done but not why this is better (latency? permissions simplification? job count?). Adding a line or two about the motivation strengthens the review context.

If you'd like to bring this into compliance with the agentic workflow, here's a prompt you can assign to your coding agent:

Review PR #18079 in github/gh-aw (branch: merged_detection_job).

The PR merges the threat detection job into the main action job across all .lock.yml compiled workflows and updates the Go compiler in pkg/workflow/.

Do the following:
1. Verify that the deletion of detection_permissions_test.go is justified — confirm the permission-checking scenarios it covered are now exercised by the remaining test files (detection_success_test.go, safe_jobs_threat_detection_test.go, threat_detection_test.go, threat_detection_isolation_test.go). If any scenarios are missing, add them back.
2. Update the PR description to include: (a) the motivation for inlining detection (e.g., fewer jobs, simpler permissions model, latency), and (b) a note on the test deletion rationale.
3. Run `make agent-finish` to confirm build, tests, lint, and recompile all pass with the changes.

Generated by Contribution Check

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

Smoke test results:
PRs: [docs] Update glossary - daily scan; Clear MCP config before inline threat detection
GitHub MCP: ✅
Serena MCP (activate+find_symbol>=3): ❌
Playwright: ✅
Web Fetch: ✅
File Write: ✅
Bash Cat: ✅
Build: ✅
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex

[github-actions]

🤖 Smoke test §22349857389 | @pelikhan

Test
GitHub MCP	✅
Safe Inputs GH CLI	✅
Serena MCP	❌
Playwright	✅
Web Fetch	✅
File Write + Bash	✅
Discussion Interaction	✅
Build	✅
Discussion Creation	✅
Workflow Dispatch	✅
PR Review	✅

Overall: ⚠️ PARTIAL PASS (11/12 - Serena MCP unavailable)

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🤖 Smoke test agent review: PR merges the detection job into the action job, removing the copilot-requests permission schema entry. Changes look clean across the lock files. No issues found.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

✅ Good changeset description - clear and concise about what was merged and removed.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Commit pushed: a9d8f1e

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Smoke Test Results — Run §22349857400

Core Tests #1–10: ✅✅✅✅✅✅✅✅✅✅
PR Review Tests #11–17: ✅✅✅⚠️✅✅⚠️

Overall: PARTIAL (14 ✅, 2 ⚠️ skipped — no review threads, no test PR to close)

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude