Add `features.copilot-requests` feature flag for GitHub Actions token auth by Copilot · Pull Request #18028 · github/gh-aw

Copilot · 2026-02-24T02:18:02Z

Add copilot-requests feature flag to smoke-copilot.md
Fix threat_detection.go to propagate feature flags to detection job
Recompile smoke-copilot.lock.yml
Merge main (resolved conflict in copilot_engine_installation.go)
Recompile after merge
Fix tools.go: early return for permissions: {} no longer bypasses copilot-requests: write injection when feature is enabled
Fix threat_detection.go: inject copilot-requests: write into detection job permissions when feature is enabled
Fix copilot_engine_execution.go: add S2STOKENS: true to execution env when copilot-requests feature is enabled, allowing the Copilot CLI to accept GitHub App installation tokens (ghs_*) such as ${{ github.token }}

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Changeset

Type: patch
Description: Added the features.copilot-requests feature flag so GitHub Actions token authentication and threat detection jobs honor the Copilot requests flow.

Generated by Changeset Generator for issue #18028

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

github.com

✨ PR Review Safe Output Test - Run 22334678781

💥 [THE END] — Illustrated by Smoke Claude

Add `features.copilot-requests` feature flag for GitHub Actions token auth

Add copilot-requests feature flag to smoke-copilot.md
Fix threat_detection.go to propagate feature flags to detection job
Recompile smoke-copilot.lock.yml
Merge main (resolved conflict in copilot_engine_installation.go)
Recompile after merge
Fix tools.go: early return for permissions: {} no longer bypasses copilot-requests: write injection when feature is enabled
Fix threat_detection.go: inject copilot-requests: write into detection job permissions when feature is enabled
Fix copilot_engine_execution.go: add S2STOKENS: true to execution env when copilot-requests feature is enabled, allowing the Copilot CLI to accept GitHub App installation tokens (ghs_*) such as $\{\{ github.token }}

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips]((gh.io/redacted) in the docs.

Changeset

Type: patch
Description: Added the features.copilot-requests feature flag so GitHub Actions token authentication and threat detection jobs honor the Copilot requests flow.

Generated by Changeset Generator for issue #18028

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

github.com

✨ PR Review Safe Output Test - Run 22334678781

💥 [THE END] — Illustrated by Smoke Claude

Changeset

Type: patch
Description: Documented the features.copilot-requests feature flag so GitHub Actions token authentication, threat detection permissions, and the Copilot CLI execution environment honor the Copilot requests flow (injecting copilot-requests: write permissions and enabling S2STOKENS=true).

Generated by Changeset Generator for issue #18028

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

github.com

✨ PR Review Safe Output Test - Run 22337202812

💥 [THE END] — Illustrated by Smoke Claude

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

When features.copilot-requests: true is set: - Skip the secret validation step (no COPILOT_GITHUB_TOKEN required) - Add copilot-requests: write to workflow permissions - Use ${{ github.token }} as the COPILOT_GITHUB_TOKEN value Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

…-one

pelikhan · 2026-02-24T02:19:30Z

@copilot enable feature on smoke-copilot

- Add features.copilot-requests: true to smoke-copilot.md - Pass data.Features to threatDetectionData in threat_detection.go so the feature flag applies to the detection job as well - Recompile smoke-copilot.lock.yml Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot · 2026-02-24T02:33:42Z

@copilot enable feature on smoke-copilot

Done in 14473f0. Added features: copilot-requests: true to smoke-copilot.md and recompiled the lock file. Also fixed threat_detection.go to propagate the workflow's feature flags to the detection job, so copilot-requests now applies consistently — both the agent and detection jobs use ${{ github.token }} with no validate-secret step.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ../../../**/*.jsorigin 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha SameOutput2818323254/001/stability-test.md (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 2748-35980/test-978097360/.github/workflows GO111MODULE fg GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha vaScript879337036/001/test-complex-frontmatter-with-tools.md GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /home/REDACTED/.dotnet/tools/sh GOINSECURE GOMOD GOMODCACHE sh (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha 54565/b001/_pkg_.a GO111MODULE 54565/b001=> GOINSECURE GOMOD GOMODCACHE go env runs/20260224-022748-35980/test-3680279979/.github/workflows GO111MODULE /home/REDACTED/work/gh-aw/gh-aw/actions/node_modules/.bin/node GOINSECURE GOMOD GOMODCACHE node (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha GOMODCACHE om/owner/repo.git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env */*.ts' '**/*.json' --ignore-path ../../../.prettierignore GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha t0 -importcfg (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel -tests /usr/bin/git -json GO111MODULE _modules/.bin/sh--show-toplevel git init�� GOMODCACHE PIlg48W/J-s6rDiVremote.origin.url /opt/hostedtoolcache/node/24.13.0/x64/bin/node ub/workflows GO111MODULE 64/bin/go /opt/hostedtoolcache/node/24.13.0/x64/bin/node (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v8
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha prettier --write 64/bin/go --ignore-path .prettierignore 64/bin/go sh -c "prettier" --wri**/*.ts node 64/bin/go --check **/*.cjs 64/bin/go go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha prettier --write 64/bin/go !../../../pkg/wosh --ignore-path ../../../.pretti"prettier" --check 'scripts/**/*.js' --ignore-path .prettierignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha "prettier" --wriGOSUMDB 5749052/b407/impGOWORK 64/bin/go k/gh-aw/gh-aw/pksh k/gh-aw/gh-aw/pk-c /sh go env h ../../../.prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x-test.short=true GOINSECURE GOMOD GOMODCACHE go env runs/20260224-022748-35980/test-3573355670/.github/workflows GO111MODULE /usr/bin/sh l GOMOD GOMODCACHE sh (http block)
https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha vaScript879337036/001/test-compl-errorsas GO111MODULE /opt/hostedtoolcache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go env runs/20260224-022748-35980/test-3573355670/.github/workflows GO111MODULE /usr/local/bin/sh l GOMOD GOMODCACHE sh (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
- Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 go e/git -json GO111MODULE fg e/git rev-�� --show-toplevel go x_amd64/vet ck 'scripts/**/*git GO111MODULE ache/go/1.25.0/xuser.email x_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
- Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go tlog�� -json GO111MODULE ache/go/1.25.0/x-nolocalimports GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 go /usr/bin/docker -json GO111MODULE fg docker pull�� test/race-image:@{u} go x_amd64/vet -json GO111MODULE 0/x64/bin/node x_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
- Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 go /usr/bin/git 2748-35980/test-git GO111MODULE fg git rev-�� --show-toplevel go x_amd64/vet -json GO111MODULE ache/go/1.25.0/x--show-toplevel x_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
- Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 go /usr/bin/git -json GO111MODULE fg git rev-�� --show-toplevel go /usr/bin/git ck 'scripts/**/*git GO111MODULE 54565/b001/gh-aw--git-dir git (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
- Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env hub/workflows GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 go /usr/bin/git 49092887/.githubgit GO111MODULE fg git rev-�� --show-toplevel go /usr/bin/git agent-performancgit GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
- Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env hub/workflows GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 go /usr/bin/git 49092887/.githubgit GO111MODULE ache/node/24.13./tmp/gh-aw-test-runs/20260224-022912-39904/test-976341987 git rev-�� --show-toplevel go /usr/bin/git ck 'scripts/**/*git GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
- Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 go e/git /ref/tags/v8 GO111MODULE fg e/git rev-�� --show-toplevel go /usr/bin/git ck 'scripts/**/*git GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
https://api.github.com/repos/github/gh-aw/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path scripts/**/*.js --ignore-path 64/bin/go tierignore GOPROXY 64/bin/go node /hom�� --write ../../../**/*.jsGOWORK 64/bin/go --ignore-path ../../../.pretti+x 64/bin/go go (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE s9ZXZGY/X4XoDkfiiEtxJ64HjgrP env -json GO111MODULE n-dir/node GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 1526983510/.github/workflows GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/nonexistent/repo/actions/runs/12345
- Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE de_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion 2748-35980/test-git GO111MODULE k/_temp/uv-pytho--show-toplevel git rev-�� 40\} ster.patch /opt/hostedtoolcache/node/24.13.0/x64/bin/node -json GO111MODULE ache/go/1.25.0/x--show-toplevel ue && echo "chain-continued" (http block)
https://api.github.com/repos/owner/repo/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go .prettierignore GOPROXY ild/node_modules"prettier" --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pret.prettierignore node /hom�� --write ../../../**/*.jsGOWORK 64/bin/go --ignore-path ../../../.prettibuild 64/bin/go go (http block)
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go .prettierignore GOPROXY (http block)
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git -json GO111MODULE x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
https://api.github.com/repos/owner/repo/contents/file.md
- Triggering command: /tmp/go-build43654565/b381/cli.test /tmp/go-build43654565/b381/cli.test -test.testlogfile=/tmp/go-build43654565/b381/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true **/*.json --ignore-path ../../../.prettinpx prettier --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json sh -c "prettier" --wriGOSUMDB node 64/bin/go --check **/*.cjs run-script/lib/n"prettier" --check 'scripts/**/*.js' --ignore-path .prettierignore go (http block)
- Triggering command: /tmp/go-build3134705894/b381/cli.test /tmp/go-build3134705894/b381/cli.test -test.testlogfile=/tmp/go-build3134705894/b381/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true th .prettierignogit GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 0/x64/bin/node git (http block)
https://api.github.com/repos/test-owner/test-repo/actions/secrets
- Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name "prettier" --wriGOINSECURE sh 64/bin/go tierignore GOPROXY 64/bin/go node /hom�� --write ../../../**/*.jsGOWORK 64/bin/go --ignore-path ../../../.pretti-c (http block)
- Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name xterm-color go /usr/bin/git -json GO111MODULE x_amd64/link git rev-�� --show-toplevel x_amd64/link /usr/bin/git ty-test.md GO111MODULE 0/x64/bin/npx git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

pelikhan · 2026-02-24T02:36:20Z

@copilot merge main and recompile

Copilot

Pull request overview

This PR adds a copilot-requests feature flag that allows workflows to authenticate the Copilot CLI using the built-in GitHub Actions token (${{ github.token }}) instead of requiring a stored COPILOT_GITHUB_TOKEN secret. When enabled, the feature automatically injects copilot-requests: write permission, skips secret validation, and switches the token source.

Changes:

Adds copilot-requests feature flag infrastructure and permission scope
Modifies Copilot engine installation and execution to conditionally use GitHub Actions token
Propagates feature flags to threat detection job for consistency
Enables the feature in the smoke-copilot workflow as a test

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pkg/constants/constants.go	Defines the `CopilotRequestsFeatureFlag` constant
pkg/workflow/permissions.go	Adds `PermissionCopilotRequests` scope and converter support
pkg/workflow/tools.go	Injects `copilot-requests: write` permission when feature is enabled
pkg/workflow/copilot_engine_installation.go	Skips secret validation step when feature is enabled
pkg/workflow/copilot_engine_execution.go	Switches token source to `${{ github.token }}` when feature is enabled
pkg/workflow/threat_detection.go	Propagates feature flags to detection job data
.github/workflows/smoke-copilot.md	Enables `copilot-requests: true` in the smoke test
.github/workflows/smoke-copilot.lock.yml	Generated lock file with applied feature flag changes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pkg/workflow/tools.go

pkg/workflow/threat_detection.go

…-one Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot · 2026-02-24T02:44:54Z

@copilot merge main and recompile

Done in 2fb0818. Merged main and resolved the conflict in copilot_engine_installation.go (preserving the copilot-requests skip logic while adding the new getEngineEnvOverrides parameter). All workflows recompiled successfully.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/access_log.go /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/actionlint.go (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw _value"]."\n"; (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/11bd71901bbe5b1630ceea73d27597364c9af683
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/11bd71901bbe5b1630ceea73d27597364c9af683 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/11bd71901bbe5b1630ceea73d27597364c9af683 --jq .object.sha ithub/workflows (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/11bd71901bbe5b1630ceea73d27597364c9af683 --jq .object.sha ithub/workflows --jq 64/bin/bash (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --noprofile (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha ithub/workflows (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v7
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v7 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v7 --jq .object.sha ithub/workflows lot-requests-feature-another-one k/_temp/ghcca-node/node/bin/bash (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v7 --jq .object.sha ithub/workflows user.email 687136/b062=> (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/4dc6199c7b1a012772edbd06daecab0f50c9053c
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/4dc6199c7b1a012772edbd06daecab0f50c9053c --jq .object.sha /run/systemd/system ]; then /usr/lib/php/sessionclean; fi (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/4dc6199c7b1a012772edbd06daecab0f50c9053c --jq .object.sha ithub/workflows lot-requests-feature-another-one cal/bin/bash (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/4dc6199c7b1a012772edbd06daecab0f50c9053c --jq .object.sha extensions.objectformat (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha k/gh-aw/gh-aw/.g-f (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha k/gh-aw/gh-aw/.github/workflows -lname me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } l touch -c bash --no�� ithub/workflows (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v6 --jq .object.sha pkg/workflow/action_resolver_test.go pkg/workflow/action_sha_checker.go pkg/workflow/action_sha_checker_integration_test.go pkg/workflow/action_sha_checker_test.go pkg/workflow/action_sha_validation_test.go pkg/workflow/activation_checkout_test.go pkg/workflow/activation_outputs_always_declared_test.go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v6 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v6 --jq .object.sha allation.go ame t (http block)
https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha developer-actionremote.origin.url (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha ithub/workflows (http block)
https://api.github.com/repos/anchore/sbom-action/git/ref/tags/v0
- Triggering command: /usr/bin/gh gh api /repos/anchore/sbom-action/git/ref/tags/v0 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/anchore/sbom-action/git/ref/tags/v0 --jq .object.sha ithub/workflows (http block)
- Triggering command: /usr/bin/gh gh api /repos/anchore/sbom-action/git/ref/tags/v0 --jq .object.sha k/gh-aw/gh-aw/.github/workflows (http block)
https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --noprofile (http block)
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ithub/workflows config (http block)
https://api.github.com/repos/docker/build-push-action/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v6 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v6 --jq .object.sha ithub/workflows lot-requests-feaowner=github rgo/bin/bash (http block)
- Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v6 --jq .object.sha k/gh-aw/gh-aw/.github/workflows conntrack $name) { hasDiscussionsEnabled } } INVALID,NEW -j DROP gh api ithub/workflows --jq /usr/bin/git (http block)
https://api.github.com/repos/docker/login-action/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq .object.sha ithub/workflows lot-requests-feature-another-one (http block)
- Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq .object.sha k/gh-aw/gh-aw/.gremote.origin.url (http block)
https://api.github.com/repos/docker/metadata-action/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v5 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v5 --jq .object.sha ithub/workflows (http block)
- Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v5 --jq .object.sha k/gh-aw/gh-aw/.github/workflows (http block)
https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v3 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v3 --jq .object.sha lot-requests-feature-another-one^{commit} (http block)
- Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v3 --jq .object.sha ithub/workflows owner indmnt 0 -j ed } } gh api 3 --jq /usr/bin/gh (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha --noprofile (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha ithub/workflows config (http block)
https://api.github.com/repos/githubnext/agentics/git/ref/tags/
- Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --noprofile (http block)
- Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha ithub/workflows (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

…-one

github-actions · 2026-02-24T02:58:48Z

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

github-actions · 2026-02-24T02:58:52Z

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

github-actions · 2026-02-24T02:58:52Z

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

github-actions · 2026-02-24T03:23:43Z

PRs: Add agent-focused links to the docs footer; 🔧 Fix GH_AW_CI_TRIGGER_TOKEN emit scope and update docs
GitHub MCP: ✅
Serena MCP: ✅
Playwright: ✅
Web fetch: ✅
File write+cat: ✅
Build: ✅
Overall: PASS

🔮 The oracle has spoken through Smoke Codex

…-one

github-actions · 2026-02-24T03:26:27Z

💥 WHOOSH! The Claude smoke test agent blazes through like a COMET! 🌟

KAPOW! All systems NOMINAL! Claude was here on run §22335110628!

ZAP! BOOM! WHAM! 🤖✨ The AI agents are watching your every commit, hero!

AI generated by Smoke Claude

💥 [THE END] — Illustrated by Smoke Claude

github-actions

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

pelikhan · 2026-02-24T03:50:55Z

@copilot investigate why the call to copilot in the detection job failed with an authentication issue. Check the permissions and what token was configured on copilot.

https://github.com/github/gh-aw/actions/runs/22335110644/job/64626143529

Copilot · 2026-02-24T04:05:54Z

@copilot investigate why the call to copilot in the detection job failed with an authentication issue. Check the permissions and what token was configured on copilot.

https://gith...

Investigation findings:

Permissions — Correct. The detection job has copilot-requests: write in its permissions block (added in 80e2356).

Token configured — COPILOT_GITHUB_TOKEN: ${{ github.token }} is set, showing as *** (masked/non-empty) in the step env log.

Root cause — The Copilot CLI v0.0.414, when run directly on the host, fails immediately with:

Copilot can be authenticated with GitHub using an OAuth Token or a Fine-Grained Personal Access Token

The ${{ github.token }} is a GitHub App installation token (ghs_*), not an OAuth token (gho_*) or fine-grained PAT. v0.0.414 validates the token format locally and rejects it before making any network call (failure in ~1.2s).

Why the agent job succeeds — The agent job runs copilot via sudo -E awf --image-tag 0.20.2 -- /bin/bash -c '/usr/local/bin/copilot ...'. The AWF container (0.20.2) has its own /usr/local/bin/copilot binary that is not the host-installed 0.0.414. That container binary is presumably a newer version that accepts GitHub App tokens with copilot-requests: write. The host install (install_copilot_cli.sh 0.0.414) is unused for the actual agent execution.

Fix needed — The detection job runs copilot directly on the host (no AWF), so it needs either:

A newer Copilot CLI version that supports GitHub App installation tokens — what version introduced this support?
Or an alternative auth setup (e.g., writing a ~/.copilot/hosts.yml config before execution)

pelikhan · 2026-02-24T04:16:16Z

@copilot the detection job must add env var to agentic run

S2STOKENS: true

…uests feature is enabled Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot · 2026-02-24T04:28:52Z

@copilot the detection job must add env var to agentic run

S2STOKENS: true

Done in 98e1899. Added S2STOKENS: true to the Copilot CLI execution step's env when the copilot-requests feature is enabled. This tells the Copilot CLI to accept GitHub App installation tokens (ghs_* format), fixing the auth failure in the detection job. The env var is set in both the agent and detection jobs (they share the same GetExecutionSteps code path in copilot_engine_execution.go).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw /tmp/go-build3792295829/b001/importcfg -pack /tmp/go-build3792295829/b001/_testmain.go (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw util (http block)
https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha SameOutput1352419822/001/stability-test.md GO111MODULE 2080051/b373/vet.cfg GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE e/git GOINSECURE GOMOD GOMODCACHE e/git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel e/git /usr/bin/git test.txt om/owner/repo.girev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse -d git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha run --auto 0/x64/bin/node --detach git /opt/hostedtoolc--show-toplevel git arne�� --show-toplevel /opt/hostedtoolc--package-lock-only 0/x64/bin/node /tmp/go-build361git -importcfg 0/x64/bin/node git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/11bd71901bbe5b1630ceea73d27597364c9af683
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/11bd71901bbe5b1630ceea73d27597364c9af683 --jq .object.sha (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 9822/001/stability-test.md GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 2080051/b372/_pkgit GO111MODULE 2080051/b372=> git rev-�� --show-toplevel go /usr/bin/git OQ-9/YmmGl9BAhBUgit GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/go/1.25.0/x64/bin/node --show-toplevel gh 0/x64/bin/node node (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env runs/20260224-042322-29995/test-3295968359/.github/workflows GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env runs/20260224-042322-29995/test-1317341783/.github/workflows GO111MODULE 2080051/b291/vet.cfg GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha -b feature-branch /usr/bin/git k/gh-aw/gh-aw/pkgit k/gh-aw/gh-aw/pkrev-parse 64/bin/go git init�� 64/bin/go /opt/hostedtoolcconfig /usr/bin/git /tmp/go-build753git -trimpath 64/bin/go git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -bool -buildtags clusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle -errorsas -ifaceassert -nilfunc git -C /tmp/gh-aw-test-runs/20260224-042322-29995/test-3295968359/.github/workflows config /usr/bin/git remote.origin.urgit GO111MODULE 64/bin/go git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel /opt/hostedtoolc-extld=gcc /usr/bin/git st.md st.lock.yml 64/bin/go git rev-�� --show-toplevel go /usr/bin/git b/workflows GO111MODULE 64/bin/go /usr/bin/git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v7
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v7 --jq .object.sha -c=4 -nolocalimports -importcfg /tmp/go-build3792295829/b355/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/features_import_test.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/importable_tools_test.go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v7 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v7 --jq .object.sha json ]; then \ remote.origin.url (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v8
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha g/testutil/tempdGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 841503/b410/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 841503/b353/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE o fix."; \ exitGO111MODULE env 8nwy/4_CmS2nW1QgGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 841503/b353/impo-buildtags (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 841503/b391/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/fileenv GOMODCACHE go env SAxS/3_r8lQvpEbdGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 841503/b391/impo-test.v=true (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/4dc6199c7b1a012772edbd06daecab0f50c9053c
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/4dc6199c7b1a012772edbd06daecab0f50c9053c --jq .object.sha (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x-test.short=true GOINSECURE GOMOD GOMODCACHE go env runs/20260224-042322-29995/test-3295968359/.github/workflows GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go l GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git bran�� --show-current git 0/x64/bin/node --show-toplevel git 0/x64/bin/node git (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v6 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v6 --jq .object.sha ire/doc.go ire/forward_requirements.go $name) { hasDiscussionsEnabled } } (http block)
https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/pkg/tool/linu-nilfunc GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linu-tests env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/bash --show-toplevel 2080051/b434/scrrev-parse /usr/bin/git bash /tmp�� (http block)
https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha 0 -j ACCEPT (http block)
https://api.github.com/repos/anchore/sbom-action/git/ref/tags/v0
- Triggering command: /usr/bin/gh gh api /repos/anchore/sbom-action/git/ref/tags/v0 --jq .object.sha (http block)
https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
https://api.github.com/repos/docker/build-push-action/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v6 --jq .object.sha (http block)
https://api.github.com/repos/docker/login-action/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq .object.sha (http block)
https://api.github.com/repos/docker/metadata-action/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v5 --jq .object.sha (http block)
https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v3 --jq .object.sha (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
- Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 ipts.test /usr/bin/git /tmp/go-build155git -importcfg /usr/bin/git git rev-�� --show-toplevel git es --show-toplevel -extld=gcc /usr/bin/git git (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
- Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go estl�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git /tmp/go-build155git t /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git tRuxqCKga2PUGqaJgit -goversion /opt/hostedtoolc--show-toplevel git (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
- Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go estl�� tmatter-with-arrays.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 ps /usr/bin/git t rtcfg (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
- Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 /tmp/go-build1552080051/b396/fileutil.test /usr/bin/git -test.paniconexigit -test.v=true /usr/bin/git git rev-�� 2625-33944/test-726530501/.github/workflows git es path.sh' '/usr/bgit rev-parse /usr/bin/git git (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
- Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 gh 0/x64/bin/node /repos/test-ownegit (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
- Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 infocmp /usr/bin/git xterm-color go /usr/bin/git git rev-�� --show-toplevel git ptables path.sh' ':/usr/git (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
- Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git runs/20260224-04git -buildtags /usr/bin/git git rev-�� 2625-33944/test-726530501/.github/workflows git /usr/bin/git path.sh' ':::/usgit config /usr/bin/git /systemd-executor (http block)
https://api.github.com/repos/github/gh-aw/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -v go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --git-dir git /usr/bin/git 767/001/stabilitnode go nch,headSha,displayTitle git 1/ --show-toplevel git ache/node/24.13.0/x64/bin/npm --show-toplevel go 64/bin/go ache/node/24.13.0/x64/bin/npm (http block)
https://api.github.com/repos/githubnext/agentics/git/ref/tags/
- Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)
https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 4141144897/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha uest|push_to_pull_request_branch)" --json /usr/bin/git -json GO111MODULE 64/bin/go git 0/x6�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.0/xjs/fuzz_mentions_harness.cjs /usr/bin/git git rev-�� --show-toplevel git bin/node --show-toplevel JDk5qHbNt3y-M/N3js/fuzz_sanitize_label_harness.cjs 64/pkg/tool/linux_amd64/asm git (http block)
https://api.github.com/repos/nonexistent/repo/actions/runs/12345
- Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion s/test.md rev-parse /usr/bin/git git rev-�� --show-toplevel git ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --show-toplevel go /usr/bin/git ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/owner/repo/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git -json GO111MODULE At,event,headBra--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
https://api.github.com/repos/owner/repo/contents/file.md
- Triggering command: /tmp/go-build1552080051/b381/cli.test /tmp/go-build1552080051/b381/cli.test -test.testlogfile=/tmp/go-build1552080051/b381/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 841503/b390/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /tmp/go-build3615477070/b357/cli.test /tmp/go-build3615477070/b357/cli.test -test.paniconexit0 -test.timeout=10m0s -test.count=1 /tmp�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/bot-detection.md go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
https://api.github.com/repos/test-owner/test-repo/actions/secrets
- Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
- Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name view 12345 /usr/bin/git nonexistent/repogit --json status,conclusio--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

github-actions · 2026-02-24T04:54:40Z

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

github-actions · 2026-02-24T04:54:41Z

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

github-actions · 2026-02-24T04:54:48Z

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

github-actions · 2026-02-24T04:59:41Z

Smoke Test Results for PR #18028 by `@pelikhan`

Test	Status
GitHub MCP	✅
Safe Inputs GH CLI	✅
Serena MCP	❌
Playwright	✅
Web Fetch	✅
File Writing	✅
Bash Tool	✅
Build gh-aw	✅
PR Review	✅

Overall: ⚠️ PARTIAL PASS (Serena MCP tools unavailable)

📰 BREAKING: Report filed by Smoke Copilot

github-actions

Smoke test review of PR #18028. Changes look good: adds copilot-requests: write permission and removes the now-unnecessary secret validation step, simplifying the workflow.

📰 BREAKING: Report filed by Smoke Copilot

.github/workflows/smoke-copilot.lock.yml

github-actions · 2026-02-24T04:59:48Z

.changeset/patch-add-copilot-requests-feature.md

+"gh-aw": patch
+---
+
+Added the `features.copilot-requests` feature flag so GitHub Actions token authentication and threat detection jobs honor the new Copilot requests flow.


Good changeset entry! The description clearly explains what the copilot-requests feature flag does.

github-actions · 2026-02-24T05:00:03Z

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

github-actions · 2026-02-24T05:00:07Z

Commit pushed: 9185866

Generated by Changeset Generator

github-actions · 2026-02-24T05:00:13Z

Smoke test results:
PRs: Bump Claude Code to 2.1.51 and Copilot CLI to 0.0.415; Strengthen noop documentation and add explicit noop instructions to all workflow prompts
GitHub MCP (2 merged PRs) ✅
Serena MCP (activate + find_symbol >=3) ✅
Playwright title contains GitHub ✅
Web-fetch contains GitHub ✅
File write+cat ✅
Build make build ✅
Overall status: PASS

🔮 The oracle has spoken through Smoke Codex

github-actions

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

Copilot AI and others added 3 commits February 24, 2026 01:24

Initial plan

7e95a08

chore: initial plan for copilot-requests feature

828bb97

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI assigned Copilot and pelikhan Feb 24, 2026

Merge branch 'main' into copilot/add-copilot-requests-feature-another…

30784ed

…-one

Copilot started work on behalf of pelikhan February 24, 2026 02:19 View session

Copilot finished work on behalf of pelikhan February 24, 2026 02:34

pelikhan added the smoke label Feb 24, 2026

pelikhan marked this pull request as ready for review February 24, 2026 02:35

Copilot AI review requested due to automatic review settings February 24, 2026 02:35

Copilot started work on behalf of pelikhan February 24, 2026 02:36 View session

Copilot started reviewing on behalf of pelikhan February 24, 2026 02:36 View session

Copilot AI reviewed Feb 24, 2026

View reviewed changes

pkg/workflow/tools.go Show resolved Hide resolved

pkg/workflow/threat_detection.go Show resolved Hide resolved

Merge branch 'main' into copilot/add-copilot-requests-feature-another…

2fb0818

…-one Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot stopped work on behalf of pelikhan due to an error February 24, 2026 02:45
The "Recompile workflows" custom setup step from your .github/workflows/copilot-setup-steps.yml file failed.

pelikhan added smoke and removed smoke labels Feb 24, 2026

Merge branch 'main' into copilot/add-copilot-requests-feature-another…

841d644

…-one

pelikhan added smoke and removed smoke labels Feb 24, 2026

Add changeset [skip-ci]

abc6e86

github-actions bot removed the smoke label Feb 24, 2026

Merge branch 'main' into copilot/add-copilot-requests-feature-another…

f0b6b7a

…-one

github-actions bot reviewed Feb 24, 2026

View reviewed changes

Copilot started work on behalf of pelikhan February 24, 2026 03:51 View session

Copilot stopped work on behalf of pelikhan due to an error February 24, 2026 04:06
The "Recompile workflows" custom setup step from your .github/workflows/copilot-setup-steps.yml file failed.

Copilot started work on behalf of pelikhan February 24, 2026 04:16 View session

fix: add S2STOKENS=true env var to Copilot execution when copilot-req…

98e1899

…uests feature is enabled Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot stopped work on behalf of pelikhan due to an error February 24, 2026 04:29
The "Recompile workflows" custom setup step from your .github/workflows/copilot-setup-steps.yml file failed.

pelikhan added the smoke label Feb 24, 2026

github-actions bot mentioned this pull request Feb 24, 2026

Smoke Test: Copilot - 22337202801 #18059

Closed

github-actions bot added smoke-copilot and removed smoke labels Feb 24, 2026

github-actions bot reviewed Feb 24, 2026

View reviewed changes

Add changeset [skip-ci]

9185866

pelikhan merged commit 8624e99 into main Feb 24, 2026

pelikhan deleted the copilot/add-copilot-requests-feature-another-one branch February 24, 2026 05:01

github-actions bot reviewed Feb 24, 2026

View reviewed changes

Conversation

Copilot AI commented Feb 24, 2026 • edited by github-actions bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changeset

Add features.copilot-requests feature flag for GitHub Actions token auth

Changeset

Changeset

Uh oh!

pelikhan commented Feb 24, 2026

Uh oh!

Copilot AI commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

pelikhan commented Feb 24, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Copilot AI commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

github-actions bot commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 24, 2026

Uh oh!

github-actions bot commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 24, 2026

Uh oh!

github-actions bot commented Feb 24, 2026

Uh oh!

github-actions bot left a comment

Choose a reason for hiding this comment

Uh oh!

pelikhan commented Feb 24, 2026

Uh oh!

Copilot AI commented Feb 24, 2026

Uh oh!

pelikhan commented Feb 24, 2026

Uh oh!

Copilot AI commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

github-actions bot commented Feb 24, 2026

Uh oh!

github-actions bot commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 24, 2026

Smoke Test Results for PR #18028 by @pelikhan

Uh oh!

github-actions bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

github-actions bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Feb 24, 2026

Uh oh!

github-actions bot commented Feb 24, 2026

Uh oh!

github-actions bot commented Feb 24, 2026

Uh oh!

github-actions bot left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Copilot AI commented Feb 24, 2026 •

edited by github-actions bot

Loading

Add `features.copilot-requests` feature flag for GitHub Actions token auth

Copilot AI commented Feb 24, 2026 •

edited

Loading

Copilot AI commented Feb 24, 2026 •

edited

Loading

github-actions bot commented Feb 24, 2026 •

edited

Loading

github-actions bot commented Feb 24, 2026 •

edited

Loading

Copilot AI commented Feb 24, 2026 •

edited

Loading

github-actions bot commented Feb 24, 2026 •

edited

Loading

github-actions bot commented Feb 24, 2026 •

edited

Loading

Smoke Test Results for PR #18028 by `@pelikhan`