Skip to content

Comments

SEC-005: Add cross-repository allowlist validation to flagged handlers#17771

Merged
pelikhan merged 4 commits intomainfrom
copilot/fix-cross-repo-allowlist
Feb 22, 2026
Merged

SEC-005: Add cross-repository allowlist validation to flagged handlers#17771
pelikhan merged 4 commits intomainfrom
copilot/fix-cross-repo-allowlist

Conversation

Copy link
Contributor

Copilot AI commented Feb 22, 2026

Three handlers failed the SEC-005 conformance check for cross-repository operations lacking allowlist validation. Two required real fixes; one was a regex false positive.

Changes

repo_helpers.cjs — new shared utility

  • Exports validateTargetRepo(repo, defaultRepo, allowedRepos) as the canonical named function for cross-repo validation, enabling per-file conformance checks to pass and providing a reusable entry point.

collect_ndjson_output.cjs — real security fix

  • The pre-scan loop resolves issue authors for @mention allowlisting. User-supplied preview.repo could override targetOwner/targetRepo before any allowlist check, allowing the handler to query GitHub API for arbitrary repos.
  • Now parses allowedRepos from safeOutputsConfig and calls validateTargetRepo before making any API call. Falls back to the triggering repo on failure.
// Before: user-supplied repo used directly
if (typeof preview.repo === "string" && preview.repo.includes("/")) {
  const parts = preview.repo.split("/");
  targetOwner = parts[0];
  targetRepo = parts[1];  // ← no validation
}

// After: trim first, then validate against allowlist
const candidateRepo = preview.repo.trim();
if (candidateRepo.includes("/")) {
  const repoValidation = validateTargetRepo(candidateRepo, defaultTargetRepo, allowedRepos);
  if (repoValidation.valid) { /* use it */ }
  else { core.info(`[MENTIONS] Skipping cross-repo lookup: ${repoValidation.error}`); }
}

assign_agent_helpers.cjs — documentation

  • pullRequestRepoId (used as targetRepositoryId) is already validated by its only meaningful caller (assign_to_agent.cjs) via validateRepo before the Node ID is resolved. Added a security comment documenting this caller contract to make the requirement explicit.

submit_pr_review.cjs — false positive

  • The SEC-005 regex matched a log string ("Set review context from target: ${repo}#..."). This handler exclusively targets the triggering repository. Added a comment documenting the N/A status.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw scripts/**/*.js 64/bin/go echo inte�� 64/bin/go go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha ry=1 /tmp/go-build640733343/b125/vet.cfg 733343/b387/_pkg_.a ripts/lint_errorgit ripts/lint_errorrev-parse 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build640733343/b202/vet.cfg 733343/b422/testutil.test 4474278/b412/_pkgit GO111MODULE 64/bin/go 733343/b422/testutil.test (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOINSECURE a3e91bdcf233b55arev-parse GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet -uns�� runs/20260222-191752-30943/test-go1.25.0 cfg 733343/b338/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/x/tmp/go-build640733343/b431/_testmain.go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linutest@example.com -uns�� runs/20260222-191752-30943/test-4097172866/.github/workflows /tmp/go-build640733343/b056/vet.cfg 733343/b336/vet.cfg l GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linuremote.origin.url (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha /github.com/owner/repo.git go /usr/bin/git -json GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE x_amd64/vet git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha t0 -buildtags (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE x_amd64/vet git rev-�� --show-toplevel 8afRszc/J-5ptimqremote.origin.url /usr/bin/infocmp -json GO111MODULE x_amd64/vet infocmp (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha npx prettier --cGOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh -c "prettier" --check 'scripts/**/*GOINSECURE sh 64/bin/go "prettier" --wri/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet grep 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha k/gh-aw/gh-aw/pkg/stringutil/ansGOINSECURE k/gh-aw/gh-aw/pkg/stringutil/ideGOMOD 64/bin/go **/*.json --ignore-path ../../../.pretti-unreachable=false /opt/hostedtoolc/tmp/go-build640733343/b265/vet.cfg -o /tmp/go-build3764474278/b406/_pkGOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --check **/*.cjs 64/bin/go **/*.json --ignore-path run-script/lib/n-bool go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /ref/tags/v8 GO111MODULE /opt/hostedtoolcache/go/1.25.0/x-test.short=true GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� 1752-30943/test-3566464338 /tmp/go-build640733343/b042/vet.cfg 733343/b342/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha 22 GO111MODULE Name,createdAt,startedAt,updated-buildmode=exe GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x-extld=gcc -uns�� runs/20260222-191752-30943/test-2551296134/.github/workflows /tmp/go-build640733343/b044/vet.cfg 733343/b337/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet stlo�� -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linu-buildmode=exe GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build640733343/b113/vet.cfg stlo�� -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 7KRlb0f/T36gUPQZorigin (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json cfg x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path prettier --check 64/bin/go **/*.ts **/*.json --ignore-path /bin/sh -c echo "��� JavaSc-errorsas /bin/sh 64/bin/go -d grep 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 format:cjs 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2325746449/.github/workflows cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json rty 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go **/*.ts **/*.json --ignore-path go env -json GOMOD 64/bin/go tierignore pkg/workflow/dep-atomic 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go **/*.ts **/*.json --ignore-path go env -json GOCACHE 64/bin/go tierignore grep 64/bin/go go (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build640733343/b381/cli.test /tmp/go-build640733343/b381/cli.test -test.testlogfile=/tmp/go-build640733343/b381/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE 4474278/b414/imp/tmp/go-build640733343/b117/vet.cfg /hom�� k/gh-aw/gh-aw/pkg/workflow/featuGOINSECURE k/gh-aw/gh-aw/pkg/workflow/imporGOMOD 64/bin/go **/*.json --ignore-path ../../../.pretti-bool /opt/hostedtoolc-buildtags (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name tions-lock.json pkg/workflow/data/action_pins.json; \ echo "��� Action pins synced successfully/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --check 64/bin/go **/*.ts **/*.json --ignore-path node /hom�� --check scripts/**/*.js 64/bin/go .prettierignore ../../../pkg/wor-atomic 64/bin/go go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>[Safe Outputs Conformance] SEC-005: Cross-repository targeting handlers lack allowlist validation</issue_title>
<issue_description>### Conformance Check Failure

Check ID: SEC-005
Severity: HIGH
Category: Security

Problem Description

Three handlers were flagged by the SEC-005 cross-repository validation check as supporting target-repo parameters without the required allowlist validation. Cross-repository operations must verify the target repository against an approved allowlist to prevent unauthorized write operations to arbitrary repositories.

Of the three flagged files, at least one (assign_agent_helpers.cjs) performs genuine cross-repository GitHub API operations (PR creation in a different repository via targetRepositoryId) without any allowlist check. The other two require review to determine if the match is a genuine cross-repo operation or an artifact of the check's regex.

Affected Components

  • actions/setup/js/assign_agent_helpers.cjs — Uses targetRepositoryId / targetRepoId for cross-repo PR creation via GraphQL (lines ~249, 292–293, 333, 362)
  • actions/setup/js/collect_ndjson_output.cjs — Parses targetRepo from a split operation (lines ~231–241); may accept user-supplied repository name
  • actions/setup/js/submit_pr_review.cjs — Flagged by regex match; review needed to determine if genuine cross-repo concern

Current Behavior

In assign_agent_helpers.cjs, cross-repo PR creation accepts a pullRequestRepoId parameter that is passed directly to the GitHub GraphQL API as targetRepositoryId without verifying it against any list of allowed repositories.

In collect_ndjson_output.cjs, targetRepo is initialized from context.repo.repo but can be overridden via a split operation (parts[1]), potentially allowing user-influenced cross-repo targeting.

Expected Behavior

Per the Safe Outputs specification, handlers that support cross-repository targeting MUST validate the target repository against an approved allowlist before making any API calls. The allowlist check should occur before any GitHub API interaction.

Remediation Steps

This task can be assigned to a Copilot coding agent with the following steps:

  1. Review each flagged file to confirm whether cross-repository targeting is genuinely occurring or is a regex false positive.
  2. For assign_agent_helpers.cjs: Add allowlist validation before using pullRequestRepoId as targetRepositoryId. The allowlist should be sourced from the workflow configuration (e.g., allowed-repos config field) and checked before the GraphQL mutation is executed.
  3. For collect_ndjson_output.cjs: Determine if parts[1] (the user-influenced targetRepo) is an untrusted input. If so, validate it against an allowlist of permitted repositories before use.
  4. For submit_pr_review.cjs: Review the flagged line and confirm if it's a genuine cross-repo operation. If it is, apply the same allowlist pattern; if not, document why it is safe.
  5. Add or reference a shared validateTargetRepo(repo, allowedRepos) utility function that can be reused across all cross-repo handlers.

Verification

After remediation, verify the fix by running:

bash scripts/check-safe-outputs-conformance.sh

SEC-005 should pass without errors for all three handlers.

References

  • Safe Outputs Specification: docs/src/content/docs/reference/safe-outputs-specification.md
  • Conformance Checker: scripts/check-safe-outputs-conformance.sh (lines 152–175)
  • Run ID: §22281286232
  • Date: 2026-02-22

Generated by Daily Safe Outputs Conformance Checker

  • expires on Feb 23, 2026, 5:01 PM UTC

Comments on the Issue (you are @copilot in this section)


✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.


Changeset

  • Type: patch
  • Description: Add SEC-005 compliant cross-repository allowlist validation by documenting the shared helper and ensuring the mention prescan uses it before cross-repo lookups.

Generated by Changeset Generator for issue #17771

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • github.com


✨ PR Review Safe Output Test - Run 22284305292

💥 [THE END] — Illustrated by Smoke Claude

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix allowlist validation for cross-repository handlers SEC-005: Add cross-repository allowlist validation to flagged handlers Feb 22, 2026
@pelikhan pelikhan marked this pull request as ready for review February 22, 2026 20:02
Copilot AI review requested due to automatic review settings February 22, 2026 20:02
@pelikhan pelikhan added the smoke label Feb 22, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 22, 2026

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions
Copy link
Contributor

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions
Copy link
Contributor

github-actions bot commented Feb 22, 2026

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

Smoke test complete. Overall: PARTIAL. 15/17 tests passed, 1 failed (Serena find_symbol EOF), 1 skipped (close PR). Issue created, PR comment added, discussion comment added.

@github-actions
Copy link
Contributor

✅ Commit pushed: a607770

Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses SEC-005 conformance failures by adding cross-repository allowlist validation to three flagged handlers. The changes include a new shared validation utility, a security fix for mention pre-scanning, and documentation clarifying when cross-repo validation is not applicable.

Changes:

  • Added validateTargetRepo wrapper function to provide a canonical named export for SEC-005 conformance checking
  • Fixed security vulnerability in collect_ndjson_output.cjs where user-supplied preview.repo could trigger GitHub API calls to arbitrary repositories during mention allowlist pre-scanning
  • Added security documentation to assign_agent_helpers.cjs clarifying the caller validation contract for cross-repository PR creation
  • Documented that submit_pr_review.cjs operates exclusively on the triggering repository (regex false positive)

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

File Description
actions/setup/js/repo_helpers.cjs Adds validateTargetRepo as a named export wrapping validateRepo to enable per-file SEC-005 conformance verification
actions/setup/js/collect_ndjson_output.cjs Adds allowlist validation before GitHub API calls in the mention pre-scan loop to prevent unauthorized cross-repo queries
actions/setup/js/assign_agent_helpers.cjs Documents that pullRequestRepoId parameter must be validated by callers before invoking this function
actions/setup/js/submit_pr_review.cjs Clarifies that this handler only operates on the triggering repository and cross-repo validation is not applicable

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link
Contributor

Smoke test results
PRs: [code-simplifier] parser: add doc comment and assertion message to normalizeAdditionalPropertyList; refactor(workflow): Priority 1 semantic clustering — shared mount validation, copilot function relocation
GitHub MCP ✅
Serena MCP ✅
Playwright ✅
File write/cat ✅
Build ✅
Overall: PASS

🔮 The oracle has spoken through Smoke Codex

@github-actions
Copy link
Contributor

🤖 Smoke test results for @pelikhan, @Copilot:

Test Result
GitHub MCP
Safe Inputs GH CLI
Serena MCP ❌ (tools unavailable)
Playwright
File Write + Bash
Discussion Query
Build gh-aw
Discussion Creation
Haiku Dispatch
PR Review

Overall: ⚠️ PARTIAL PASS (10/11)§22284305271

📰 BREAKING: Report filed by Smoke Copilot

Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SEC-005 cross-repo allowlist validation looks solid. The validateTargetRepo call in collect_ndjson_output.cjs correctly gates cross-repo mention lookups before any API interaction, and the new named function in repo_helpers.cjs makes compliance auditing straightforward. Minor: the validateTargetRepo wrapper is thin — worth a clarifying comment or consolidation, but not a blocker.

📰 BREAKING: Report filed by Smoke Copilot

getDefaultTargetRepo,
isRepoAllowed,
validateRepo,
validateTargetRepo,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The validateTargetRepo wrapper delegates directly to validateRepo. Consider documenting what differentiates the two functions semantically, or consolidating callers to use validateRepo directly to reduce indirection. That said, having a named function makes SEC-005 compliance auditing easier as noted in the JSDoc comment.

@github-actions
Copy link
Contributor

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions
Copy link
Contributor

✅ Commit pushed: 73b541c

@github-actions
Copy link
Contributor

Smoke Test Results — Run §22284305292

Core tests:

  • 1 GitHub MCP ✅ | 2 SafeInputs GH CLI ✅ | 3 Serena activate ✅ / find_symbol ❌
  • 4 Make Build ✅ | 5 Playwright ✅ | 6 Tavily ✅
  • 7 File Write ✅ | 8 Bash verify ✅ | 9 Discussion ✅ | 10 Agentic Workflows ✅

PR review tests (#17771):

  • 11 Update PR ✅ | 12 Review comments ✅ | 13 Submit review ✅
  • 14 Resolve thread ✅ | 15 Add reviewer ✅ | 16 Push branch ✅ | 17 Close PR ⚠️ skipped

Overall: PARTIAL — Serena find_symbol EOF (3 attempts), Test 17 skipped

💥 [THE END] — Illustrated by Smoke Claude

Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

@pelikhan pelikhan merged commit 815fff9 into main Feb 22, 2026
@pelikhan pelikhan deleted the copilot/fix-cross-repo-allowlist branch February 22, 2026 20:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Safe Outputs Conformance] SEC-005: Cross-repository targeting handlers lack allowlist validation

2 participants