Add per-handler staged mode to all safe output types#22284
Merged
Conversation
- Go: Add AddIfTrue("staged", c.Staged) to all handler config builders so per-handler staged flag is included in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG JSON
- JS: Update all handlers to check config.staged === true in addition to global GH_AW_SAFE_OUTPUTS_STAGED env var
- JS: Add staged support to dispatch_workflow.cjs, call_workflow.cjs, and create_code_scanning_alert.cjs (which had no staged support)
- JS: Update pr_review_buffer.cjs with setStaged() method; update submit_pr_review.cjs and create_pr_review_comment.cjs to propagate config.staged to the shared buffer
- Tests: Extend TestHandlerConfigStagedMode with more handler type cases
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/e17356ca-3bc9-4cd4-8dfb-ef5205b19942
Copilot
AI
changed the title
[WIP] Add staged field support for individual safe outputs
Add per-handler staged mode to all safe output types
Mar 22, 2026
pelikhan
reviewed
Mar 22, 2026
actions/setup/js/add_comment.cjs
Outdated
|
|
||
| // Check if we're in staged mode | ||
| const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true"; | ||
| const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true" || config.staged === true; |
Contributor
There was a problem hiding this comment.
@copilot create helper function so that the wiring is consistent across all safe outputs.
Contributor
Author
There was a problem hiding this comment.
Added isStagedMode(config) helper to safe_output_helpers.cjs (commit 0b5569f). It checks both the global GH_AW_SAFE_OUTPUTS_STAGED env var and the per-handler config.staged flag, and all handlers now use it instead of the inline expression.
…ss all handlers Add isStagedMode(config) to safe_output_helpers.cjs that checks both the global GH_AW_SAFE_OUTPUTS_STAGED env var and the per-handler config.staged flag. Update all handler .cjs files to use isStagedMode(config) instead of the inline expression, ensuring consistent staged mode wiring across all safe outputs. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/0e2805dc-8d49-4cb8-a325-25a29028a8a5
Contributor
Author
|
Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Contributor
There was a problem hiding this comment.
Pull request overview
Wires the per-handler staged: true flag through the Go compiler’s safe output handler config serialization and updates JavaScript safe output handlers to respect per-handler staged mode (in addition to the global GH_AW_SAFE_OUTPUTS_STAGED).
Changes:
- Go: emit
"staged": trueintoGH_AW_SAFE_OUTPUTS_HANDLER_CONFIGfor all safe output handler config builders. - JS: standardize staged-mode detection via a new
isStagedMode(config)helper and update handlers to use it. - JS: add new staged preview behavior to handlers that previously had no staged handling (e.g., workflow dispatch/call, code scanning alert creation) and extend compiler tests.
Reviewed changes
Copilot reviewed 38 out of 38 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/compiler_safe_outputs_config.go | Adds staged to serialized handler configs across the registry so per-handler staged mode is transmitted to runtime. |
| pkg/workflow/compiler_safe_outputs_config_test.go | Extends tests to ensure staged: true is present in handler config JSON for additional handlers. |
| actions/setup/js/safe_output_helpers.cjs | Adds isStagedMode(config) helper and exports it for consistent staged detection. |
| actions/setup/js/safe_output_handler_manager.cjs | Uses centralized staged detection for the manager’s global staged-mode behavior (e.g., manifest emission). |
| actions/setup/js/update_handler_factory.cjs | Updates shared update handler factory to use isStagedMode(config) (covers update_issue / update_pull_request / update_discussion). |
| actions/setup/js/update_release.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/update_project.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/add_comment.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/add_labels.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/add_reviewer.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/assign_milestone.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/assign_to_user.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/unassign_from_user.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/remove_labels.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/link_sub_issue.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/close_issue.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/close_discussion.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/close_pull_request.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/close_entity_helpers.cjs | Switches staged detection to isStagedMode(handlerConfig) for helper-driven close operations. |
| actions/setup/js/create_issue.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/create_discussion.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/create_pull_request.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/push_to_pull_request_branch.cjs | Replaces inline staged check with isStagedMode(config). |
| actions/setup/js/mark_pull_request_as_ready_for_review.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/hide_comment.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/set_issue_type.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/reply_to_pr_review_comment.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/resolve_pr_review_thread.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/pr_review_buffer.cjs | Adds buffer-level staged state and ensures submit uses staged detection via isStagedMode. |
| actions/setup/js/create_pr_review_comment.cjs | Propagates per-handler config.staged into the shared PR review buffer. |
| actions/setup/js/submit_pr_review.cjs | Propagates per-handler config.staged into the shared PR review buffer. |
| actions/setup/js/noop.cjs | Switches staged detection to isStagedMode() for consistency. |
| actions/setup/js/dispatch_workflow.cjs | Adds staged preview support and uses isStagedMode(config) to avoid real dispatches when staged. |
| actions/setup/js/call_workflow.cjs | Adds staged preview support and uses isStagedMode(config) to avoid setting outputs when staged. |
| actions/setup/js/create_code_scanning_alert.cjs | Adds staged preview support and uses isStagedMode(config) to avoid writing SARIF when staged. |
| actions/setup/js/autofix_code_scanning_alert.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/create_project.cjs | Switches staged detection to isStagedMode(config). |
| actions/setup/js/create_project_status_update.cjs | Switches staged detection to isStagedMode(config). |
Comments suppressed due to low confidence (1)
actions/setup/js/call_workflow.cjs:105
- Staged-mode behavior was added here, but there doesn’t appear to be test coverage asserting that
config.staged === true(and/or the global env var) triggers the preview path and skips setting step outputs. Consider adding a unit test that verifies the staged branch returns{ staged: true }and does not callcore.setOutput.
// Serialise inputs as a JSON payload string so they can be forwarded
// through a single `payload` input to the called workflow.
/** @type {Record<string, unknown>} */
const inputs = message.inputs && typeof message.inputs === "object" ? message.inputs : {};
const payloadJson = JSON.stringify(inputs);
// If in staged mode, preview the workflow call without executing it
if (isStaged) {
logStagedPreviewInfo(`Would call workflow: ${workflowName} with payload: ${payloadJson}`);
return {
success: true,
staged: true,
workflow_name: workflowName,
payload: payloadJson,
};
}
// Set the step outputs that the conditional `uses:` jobs check
core.setOutput("call_workflow_name", workflowName);
core.setOutput("call_workflow_payload", payloadJson);
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+396
to
+406
| /** | ||
| * Returns true when the current execution is in staged mode. | ||
| * Staged mode is active when either the global GH_AW_SAFE_OUTPUTS_STAGED | ||
| * environment variable is "true" or when the per-handler config has staged: true. | ||
| * Use this helper in all handlers to ensure consistent staged mode detection. | ||
| * @param {Object} [config] - Handler configuration object (may have staged: true) | ||
| * @returns {boolean} | ||
| */ | ||
| function isStagedMode(config) { | ||
| return process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true" || (config != null && config.staged === true); | ||
| } |
There was a problem hiding this comment.
The JSDoc says “Use this helper in all handlers to ensure consistent staged mode detection,” but there are still modules in this directory that check process.env.GH_AW_SAFE_OUTPUTS_STAGED directly (e.g. standalone steps). To avoid misleading guidance, either update the wording to clarify the intended scope (handler-manager-driven handlers) or migrate the remaining staged checks to use isStagedMode() where applicable.
Comment on lines
200
to
+212
| const workflowFile = `${workflowName}${extension}`; | ||
| core.info(`Dispatching workflow: ${workflowFile}`); | ||
|
|
||
| // If in staged mode, preview the dispatch without executing it | ||
| if (isStaged) { | ||
| logStagedPreviewInfo(`Would dispatch workflow: ${workflowFile} in ${resolvedRepoSlug} with ref: ${ref}`); | ||
| return { | ||
| success: true, | ||
| staged: true, | ||
| workflow_name: workflowName, | ||
| inputs: inputs, | ||
| }; | ||
| } |
There was a problem hiding this comment.
Staged-mode behavior was added here, but there doesn’t appear to be test coverage asserting that config.staged === true (and/or the global env var) triggers the preview path and avoids dispatching. Adding a unit test for the staged branch would help prevent regressions (e.g., ensure it returns { staged: true } and does not call the GitHub API).
Comment on lines
+241
to
+250
| // If in staged mode, preview the finding without writing the SARIF file | ||
| if (isStaged) { | ||
| logStagedPreviewInfo(`Would create code scanning alert: ${finding.severity} in ${finding.file}:${finding.line} - ${finding.message}`); | ||
| return { | ||
| success: true, | ||
| staged: true, | ||
| finding: finding, | ||
| findingsCount: validFindings.length, | ||
| }; | ||
| } |
There was a problem hiding this comment.
The staged-mode branch is new, but the existing test suite for this handler doesn’t include assertions for staged mode. Adding a test that sets config.staged = true (and/or GH_AW_SAFE_OUTPUTS_STAGED=true) and verifies no SARIF file is written while returning { staged: true } would help lock in the intended behavior.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Each safe output type has a
stagedfield inBaseSafeOutputConfigand the JSON schema, but onlypush_to_pull_request_branchandclose_pull_requestactually wired it through — the rest silently ignored the per-handler flag and only respected the globalGH_AW_SAFE_OUTPUTS_STAGEDenv var.Changes
Go —
compiler_safe_outputs_config.goAddIfTrue("staged", c.Staged)to all 37 handler config builders inhandlerRegistry, so each handler's per-instancestaged: trueis serialized intoGH_AW_SAFE_OUTPUTS_HANDLER_CONFIGJSONJavaScript — handler
.cjsfilesconfig.staged === true(per-handler config passed from the handler manager)update_handler_factory.cjscoversupdate_issue,update_pull_request,update_discussiondispatch_workflow.cjs,call_workflow.cjs, andcreate_code_scanning_alert.cjs— these had no staged handling at allpr_review_buffer.cjs: addedsetStaged(bool)method;submitReview()now checks both the global env var and the buffer's staged state.submit_pr_review.cjsandcreate_pr_review_comment.cjspropagateconfig.stagedto the shared buffer viabuffer.setStaged(true)Example — staging only a subset of safe outputs
Tests
TestHandlerConfigStagedModewith cases forcreate_issue,add_comment,create_pull_request,update_issue,update_pull_request,update_discussion,add_labels,dispatch_workflow,call_workflowWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://v-api-github-com.miaizhe.xyz/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE x_amd64/link git rev-�� --show-toplevel x_amd64/link /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw test@example.comrev-parse 64/bin/sh git conf�� user.name Test User /usr/bin/git .js' --ignore-pagit GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw node /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel sh /usr/bin/git git(http block)https://v-api-github-com.miaizhe.xyz/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE env 1353237/b430/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name GOSUMDB GOWORK /usr/bin/git /tmp/shared-actigo config /usr/bin/git git rev-�� --show-toplevel git /usr/bin/sed user.name Test User /usr/bin/git sed(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -aw/git/ref/tagsGOSUMDB GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE git rev-�� h ../../../.pret.prettierignore GOPROXY 64/bin/go GOSUMDB GOWORK /usr/bin/infocmp--show-toplevel git(http block)https://v-api-github-com.miaizhe.xyz/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --git-dir sh /usr/bin/git "prettier" --chegit node 64/bin/go git init�� 64/bin/go go /opt/hostedtoolcache/node/24.14.0/x64/bin/node -json GO111MODULE 64/bin/go /opt/hostedtoolcache/node/24.14.0/x64/bin/node(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel /usr/bin/git /usr/bin/git -v go /usr/bin/git git(http block)https://v-api-github-com.miaizhe.xyz/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ithub/workflows/blog-auditor.md GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build1838634584/b408/_pkg_.a -trimpath /usr/bin/git -p github.com/githurev-parse -lang=go1.25 git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha "prettier" --check 'scripts/**/*.js' --ignore-path .prettierignore go /usr/bin/git itattributes-tesgit GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� -instructions-test-34879854/.github/workflows go /usr/bin/git l GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel infocmp er: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabl--show-toplevel xterm-color git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /opt/hostedtoolc--show-toplevel git(http block)https://v-api-github-com.miaizhe.xyz/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE .test GOINSECURE GOMOD GOMODCACHE .test(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE At,event,headBra--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git 3255-29711/test-git GO111MODULE .cfg git rev-�� --show-toplevel go /usr/bin/git /v3.0.0 GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)https://v-api-github-com.miaizhe.xyz/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -test.paniconexit0 -test.v=true /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git -C /tmp/gh-aw-test-runs/20260322-163255-29711/test-3391400415 status /opt/hostedtoolcache/node/24.14.0/x64/bin/node .github/workflowgit **/*.cjs 64/bin/go node(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha rhysd/actionlint:latest go /usr/bin/git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git 1/main.md GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git 107927408/.githugit GO111MODULE .cfg git(http block)https://v-api-github-com.miaizhe.xyz/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 1353237/b414/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/loggenv GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha e=false GO111MODULE 64/bin/go GOINSECURE %H %ct %D ccd63997df06ff99-json VNgnGPLEQds7 env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 1353237/b402/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE bagabas/go-udiffenv GOMODCACHE go env -tzP/zN1m-49v1YaGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 1353237/b402/impTest User(http block)https://v-api-github-com.miaizhe.xyz/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha GOMODCACHE go /usr/lib/git-core/git -json GO111MODULE 64/bin/go /usr/lib/git-core/git main�� -aw/git/ref/tags/v1.0.0 --auto /usr/bin/git --detach **/*.cjs 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)https://v-api-github-com.miaizhe.xyz/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript1898838027/001/test-frontmatter-with-nesremote.origin.urgit go /usr/bin/git -json GO111MODULE 64/bin/go git add .github/workflows/test.md node /usr/bin/git --check **/*.cjs 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel GOPROXY 64/bin/go git rev-�� k/gh-aw/gh-aw/pkg/cli git /usr/bin/infocmp runs/20260322-16git config 64/bin/go infocmp(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel . Run 'make depsrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)https://v-api-github-com.miaizhe.xyz/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 8634584/b430/_pkg_.a GO111MODULE 8634584/b430=> GOINSECURE GOMOD GOMODCACHE go env runs/20260322-163255-29711/test-3783353840/.github/workflows GO111MODULE /bin/sh l GOMOD GOMODCACHE /bin/sh(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha rt GO111MODULE /home/REDACTED/work/gh-aw/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE sh -c "prettier" --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore GOPROXY /usr/local/bin/iptables GOSUMDB GOWORK ache/go/1.25.0/x--show-toplevel iptables(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha install --package-lock-only /usr/bin/git /tmp/gh-aw-test-git config /usr/bin/git git rev-�� --show-toplevel git /usr/bin/sed --show-toplevel go /opt/hostedtoolc--show-toplevel sed(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha KalLpCxFj GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go ortc�� k/gh-aw/gh-aw stmain.go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE /home/REDACTED/.cargo/bin/sh GOINSECURE GOMOD GOMODCACHE sh -c "prettier" --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pret.prettierignore GOPROXY 0/x64/bin/node iles use Prettiegit GOWORK 64/bin/go 0/x64/bin/node(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel e/git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/ls --show-toplevel l /usr/bin/git ls(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env k/gh-aw/gh-aw/.github/workflows GO111MODULE /usr/bin/git GOINSECURE GOMOD GOMODCACHE git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha install --package-lock-only /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git /usr/bin/tr go /usr/bin/git git(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 GOWORK 64/bin/go --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git ache/go/1.25.0/x64/bin/go --show-toplevel go /usr/bin/git go(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE es GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE bash GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 git 64/bin/go --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git 64/pkg/tool/linux_amd64/vet --show-toplevel go /usr/bin/git 64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env tformat GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GOWORK 64/bin/go --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git 64/bin/go --show-toplevel go /usr/bin/git go(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env e=false GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE %H %ct %D ccd63997df06ff99--show-toplevel go(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go estl�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 GOWORK 64/bin/go --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git 64/bin/go --show-toplevel 64/pkg/tool/linuenv /usr/bin/git go(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE k/_temp/uv-python-dir/bash GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE HC/wPHmRHH07drGotDxh6_4/9rUbv3kNVNgnGPLEQds7(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 GOWORK 64/bin/go --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git 64/bin/go --show-toplevel go /usr/bin/git go(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE iptables GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ash GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 GOWORK 64/bin/go --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git ache/go/1.25.0/x64/bin/go --show-toplevel go /usr/bin/git go(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE ptables GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 0/x64/bin/node GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 GOWORK 64/bin/go --show-toplevel 62TvCQswySHDXD2Krev-parse /usr/bin/git git rev-�� --show-toplevel git 64/bin/go --show-toplevel go /usr/bin/git go(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 0/x64/bin/node GOINSECURE GOMOD GOMODCACHE go t-ha�� orts2962866230/001/main.md GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path ternal/tools/actGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE env 1353237/b374/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE /bin/sh -c if ! cd actions/GOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_only_defaults_repo1924739085/001 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -bool -buildtags /opt/hostedtoolcache/go/1.25.0/xGOMODCACHE -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/xGO111MODULE -ato�� -bool -buildtags 64/bin/go -errorsas -ifaceassert -nilfunc go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linuorigin /usr/bin/git -json GO111MODULE /usr/bin/sh git(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha GOSUMDB GOWORK /usr/bin/git --detach go /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcGOWORK 64/bin/go vars.MY_VAR go /usr/bin/git git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git 64/bin/go -m Branch commit 64/bin/go go ode_�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE git(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE npx pret�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_repos=public_1404027468/001 node(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE OTteJv6S613S /opt�� prettier --check 64/bin/go **/*.ts **/*.json --ignore-path golangci-lint(http block)https://v-api-github-com.miaizhe.xyz/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c-p GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go node(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --stat 2104467adfcc600bGOMOD /usr/bin/git --git-dir go /usr/bin/git git rev-�� --show-toplevel git 64/bin/go --show-toplevel go /usr/bin/git git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha t t sh GOSUMDB GOWORK 64/bin/go go env ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE git(http block)https://v-api-github-com.miaizhe.xyz/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_with_explicit_repo3104077357/001 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE infocmp -1 h ../../../.prettierignore GOPROXY 64/bin/go GOSUMDB GOWORK /usr/bin/bash git(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel go /usr/bin/git Onlymin-integritgit GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linuorigin /usr/bin/git -json GO111MODULE /home/REDACTED/wor--show-toplevel git(http block)https://v-api-github-com.miaizhe.xyz/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --show-toplevel go /usr/bin/git go env GOPATH git ache/go/1.25.0/x64/bin/go --show-toplevel go /usr/bin/git go(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /home/REDACTED/work/gh-aw/gh-aw/actions/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE sh(http block)https://v-api-github-com.miaizhe.xyz/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git --show-toplevel node /usr/bin/git git rev-�� --show-toplevel git /usr/bin/basenamGOMODCACHE --ignore-path go /usr/bin/git basename(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git user.name Test User /usr/bin/git git rev-�� --show-toplevel git /usr/bin/bash user.name Test User /usr/bin/git bash(http block)https://v-api-github-com.miaizhe.xyz/repos/owner/repo/contents/file.md/tmp/go-build1838634584/b400/cli.test /tmp/go-build1838634584/b400/cli.test -test.testlogfile=/tmp/go-build1838634584/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env e=false GO111MODULE 64/bin/go GOINSECURE %H %ct %D GOMODCACHE go(http block)/tmp/go-build2576044019/b400/cli.test /tmp/go-build2576044019/b400/cli.test -test.testlogfile=/tmp/go-build2576044019/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true --get remote.origin.urenv ache/go/1.25.0/x-json git rev-�� --show-toplevel ache/go/1.25.0/xGOMOD /usr/bin/git test.txt 1353237/b426/imp-V=full /usr/bin/git git(http block)/tmp/go-build196097771/b376/cli.test /tmp/go-build196097771/b376/cli.test -test.testlogfile=/tmp/go-build196097771/b376/testlog.txt -test.paniconexit0 -test.short=true -test.parallel=4 -test.timeout=5m0s -test.run=^Test /opt/hostedtoolcGOMODCACHE GOINSECURE GOMOD GOMODCACHE go env ath ../../../.pr**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE git(http block)https://v-api-github-com.miaizhe.xyz/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 1353237/b424/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK /usr/bin/git GOMODCACHE sh /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git add origin /usr/bin/git git(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/xGO111MODULE -ato�� h ../../../.prettierignore -buildtags 64/bin/go -errorsas -ifaceassert -nilfunc git(http block)If you need me to access, download, or install something from one of these locations, you can either:
⌨️ Start Copilot coding agent tasks without leaving your editor — available in VS Code, Visual Studio, JetBrains IDEs and Eclipse.