Add protected-files support to runtimes and enforce protected file protection in safe outputs by Copilot · Pull Request #19958 · github/gh-aw

Copilot · 2026-03-07T13:53:52Z

Original prompt

Update the runtime manager definitions to support a list of "manifest-files" (string[]) per runtime. These files are manifests for package systems.
The match is per file name, no path.
Example is node package.json.

The create-pull-request, push-to-pull-request-branch safe outputs should refuse manifest files modifications by default. The behavior can be changed by setting "allow-manifest-files: true" field.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

- Add ManifestFiles []string to Runtime struct in runtime_definitions.go - Populate manifest files for all known runtimes (bun, deno, dotnet, elixir, go, haskell, java, node, python, ruby, uv) - Add getAllManifestFiles() helper to compute deduplicated union of all manifest files - Add AllowManifestFiles *bool field to CreatePullRequestsConfig and PushToPullRequestBranchConfig - Pass manifest_files list and allow_manifest_files to handler configs in compiler - Add allow-manifest-files to JSON schema for create-pull-request and push-to-pull-request-branch - Create manifest_file_helpers.cjs with extractFilenamesFromPatch and checkForManifestFiles helpers - Add manifest file checks to create_pull_request.cjs and push_to_pull_request_branch.cjs - Add comprehensive tests for manifest_file_helpers Co-authored-by: pelikhan <[email protected]>

pelikhan · 2026-03-07T14:34:17Z

@copilot add documentation , use technical-doc-writer agent

…to-pull-request-branch Add allow-manifest-files boolean option documentation to both safe output types. The default (false) refuses patches that modify package manifest files as a supply chain attack mitigation. Setting true opts in to allowing manifest modifications. Co-authored-by: Copilot <[email protected]>

Copilot · 2026-03-07T14:40:45Z

@copilot add documentation , use technical-doc-writer agent

Added documentation in docs/src/content/docs/reference/safe-outputs.md (commit f5fefef). Both create-pull-request and push-to-pull-request-branch sections now include:

allow-manifest-files: true in the YAML example blocks
A Manifest File Protection subsection explaining the default-deny behavior, supply chain security rationale, filename-only matching, and a representative list of protected files, with a [!CAUTION] admonition for opting in.

pelikhan · 2026-03-07T14:48:13Z

@copilot when a PR is refused because a forbidden manifest file, the error should be surfaced in the agent failure issue/comment in the conclusion job.

…agent failure issue When a PR is refused due to manifest file protection, the agent failure issue/comment now shows a dedicated '🛡️ Manifest File Protection Triggered' section with the blocked files, PR link, and a YAML remediation snippet instead of the generic 'Code Push Failed' banner. Also exports buildCodePushFailureContext for testability and adds unit tests covering manifest-only, generic, and mixed failure scenarios. Co-authored-by: pelikhan <[email protected]>

Copilot · 2026-03-07T14:59:07Z

@copilot when a PR is refused because a forbidden manifest file, the error should be surfaced in the agent failure issue/comment in the conclusion job.

Done in dbcc31e. When a manifest file protection check blocks a PR, the agent failure issue/comment now shows a dedicated 🛡️ Manifest File Protection Triggered section (separate from the generic "Code Push Failed" section) that includes:

the blocked operation(s) and specific file(s) found
a link to the target PR (if available)
a YAML remediation snippet showing exactly where to add allow-manifest-files: true

buildCodePushFailureContext is now exported and covered by 7 unit tests including manifest-only, generic, and mixed failure scenarios.

Copilot

Pull request overview

Adds per-runtime manifest file definitions and enforces a new “manifest file protection” policy in safe outputs so patches modifying dependency/package manifests are refused by default (with an explicit opt-out).

Changes:

Extend runtime definitions with ManifestFiles and add getAllManifestFiles() to provide the union list.
Enforce manifest-file modification blocking in create-pull-request and push-to-pull-request-branch handlers, gated by allow-manifest-files.
Update schema/docs and regenerate workflow lock configs to include compiler-injected manifest_files in handler configs.

Reviewed changes

Copilot reviewed 51 out of 51 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pkg/workflow/runtime_definitions.go	Adds per-runtime `ManifestFiles` and union helper used for compiler injection.
pkg/workflow/create_pull_request.go	Adds `allow-manifest-files` config field for create PR safe output.
pkg/workflow/push_to_pull_request_branch.go	Adds `allow-manifest-files` config field for push-to-PR-branch safe output.
pkg/workflow/compiler_safe_outputs_config.go	Injects `manifest_files` union list and `allow_manifest_files` into handler configs.
pkg/parser/schemas/main_workflow_schema.json	Adds `allow-manifest-files` to safe outputs JSON schema for both handlers.
docs/src/content/docs/reference/safe-outputs.md	Documents manifest protection behavior and `allow-manifest-files` override.
actions/setup/js/manifest_file_helpers.cjs	New helper to extract filenames from patch headers and detect manifest file touches.
actions/setup/js/manifest_file_helpers.test.cjs	Unit tests for manifest-file patch parsing and detection.
actions/setup/js/create_pull_request.cjs	Blocks PR creation when patch modifies manifest files unless explicitly allowed.
actions/setup/js/push_to_pull_request_branch.cjs	Blocks PR-branch pushes when patch modifies manifest files unless explicitly allowed.
actions/setup/js/handle_agent_failure.cjs	Adds dedicated “Manifest File Protection Triggered” failure section; exports context builder.
actions/setup/js/handle_agent_failure.test.cjs	Unit tests for manifest-only vs generic vs mixed code-push failure rendering.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/weekly-editors-health-check.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/unbloat-docs.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/ubuntu-image-analyzer.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/tidy.lock.yml	Regenerated compiled handler config to include injected `manifest_files` (create + push).
.github/workflows/test-create-pr-error-handling.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/technical-doc-writer.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/smoke-update-cross-repo-pr.lock.yml	Regenerated compiled handler config to include injected `manifest_files` (push).
.github/workflows/smoke-project.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/smoke-multi-pr.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/smoke-create-cross-repo-pr.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/smoke-claude.lock.yml	Regenerated compiled handler config to include injected `manifest_files` (push).
.github/workflows/slide-deck-maintainer.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/refiner.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/q.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/poem-bot.lock.yml	Regenerated compiled handler config to include injected `manifest_files` (create + push).
.github/workflows/mergefest.lock.yml	Regenerated compiled handler config to include injected `manifest_files` (push).
.github/workflows/layout-spec-maintainer.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/jsweep.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/instructions-janitor.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/hourly-ci-cleaner.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/go-logger.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/glossary-maintainer.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/github-mcp-tools-report.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/functional-pragmatist.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/dictation-prompt.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/developer-docs-consolidator.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/dead-code-remover.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/daily-workflow-updater.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/daily-rendering-scripts-verifier.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/daily-doc-updater.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/daily-doc-healer.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/daily-architecture-diagram.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/craft.lock.yml	Regenerated compiled handler config to include injected `manifest_files` (push).
.github/workflows/code-simplifier.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/code-scanning-fixer.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/cloclo.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/ci-coach.lock.yml	Regenerated compiled handler config to include injected `manifest_files`.
.github/workflows/changeset.lock.yml	Regenerated compiled handler config to include injected `manifest_files` (push).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

actions/setup/js/manifest_file_helpers.cjs

Copilot · 2026-03-07T15:09:29Z

actions/setup/js/handle_agent_failure.cjs

+    context += "\n**Blocked Operations:**\n";
+    for (const { type, error } of manifestErrors) {
+      context += `- \`${type}\`: ${error}\n`;
    }
+    context += "\nTo allow manifest file modifications, add `allow-manifest-files: true` to the safe output configuration:\n";
+    context += "```yaml\nsafe-outputs:\n  create-pull-request:\n    allow-manifest-files: true\n```\n";
+  }


The manifest-protection remediation snippet is hard-coded to safe-outputs.create-pull-request, even when the blocked operation is push_to_pull_request_branch (or multiple operations are blocked). Generate the YAML snippet based on the blocked safe-output type(s) so the suggested config matches what actually failed (e.g., push-to-pull-request-branch: when that handler is blocked, or include both when mixed).

@copilot fix this

The dynamic YAML snippet was already fixed in a prior commit. In 2859700 the snippet now shows manifest-files: fallback-to-issue (per the updated guidance) and the accompanying text directs users to human review rather than opting out entirely.

pelikhan · 2026-03-07T15:11:16Z

@copilot review comments

pkg/parser/schemas/main_workflow_schema.json

…ion snippet 1. extractFilenamesFromPatch now captures both a/ and b/ sides of diff headers so renames/copies are detected (e.g., renaming package.json away still triggers manifest protection). dev/null sentinels are ignored. 2. The YAML remediation snippet in buildCodePushFailureContext is now generated dynamically from the actual blocked safe-output type(s) rather than always showing create-pull-request. push_to_pull_request_branch errors now show push-to-pull-request-branch: in the snippet; mixed errors show both keys. Adds 4 new tests for rename/dev-null handling in manifest_file_helpers, and 2 new tests for push-type and mixed-type YAML snippets in handle_agent_failure. Co-authored-by: pelikhan <[email protected]>

Copilot · 2026-03-07T15:18:28Z

@copilot review comments

Both review comments addressed in 5d1469e:

extractFilenamesFromPatch (rename/copy detection) — the regex now captures both a/<path> and b/<path> sides of every diff --git header, so a rename like a/package.json b/package.json.bak flags package.json. The dev/null sentinel is skipped. Added 4 tests: rename header, new-file (dev/null on a/ side), deleted-file (dev/null on b/ side), and a checkForManifestFiles rename integration test.
Dynamic YAML remediation snippet — the snippet is now built from the actual blocked type(s). A push_to_pull_request_branch failure shows push-to-pull-request-branch:, a create_pull_request failure shows create-pull-request:, and when both are blocked both keys appear. Added 2 new tests covering the push-type case and the mixed-type case.

Co-authored-by: pelikhan <[email protected]>

Copilot · 2026-03-07T18:38:06Z

@copilot review docs and code updates are consistent. Update docs.

Fixed in d69e90c. Two inconsistencies between docs and code:

handle_agent_failure.cjs described the protection as covering "package manifest files" — updated to "protected files (package manifests, agent instruction files, or repository security configuration)" to match what the protection actually covers.
Both fallback templates (manifest_protection_create_pr_fallback.md and manifest_protection_push_to_pr_fallback.md) ended with a suggestion to use manifest-files: false — which is not a valid value. Replaced with the correct manifest-files: fallback-to-issue guidance consistent with the blocked/allowed/fallback-to-issue enum documented in safe-outputs-pull-requests.md.

pelikhan · 2026-03-07T18:43:35Z

@copilot rename field to "protected-files" to reflect the set of files

Rename the user-facing `manifest-files` frontmatter field to `protected-files` to better reflect the broader set of files it protects (package manifests, agent instruction files, and repository security configuration under .github/ and .agents/). - Go struct yaml tags: manifest-files → protected-files - JSON schema property names: manifest-files → protected-files - Internal config JSON keys: manifest_files → protected_files, manifest_files_policy → protected_files_policy - JS handlers: updated config key reads and error messages - MD fallback templates: updated header and guidance text - Docs: updated all manifest-files: examples to protected-files: - Tests: updated output assertions - Recompiled 166 lock files with new key names Co-authored-by: pelikhan <[email protected]>

Copilot · 2026-03-07T19:00:23Z

@copilot rename field to "protected-files" to reflect the set of files

Done in 3629fc2. The field is now protected-files throughout:

User-facing frontmatter: protected-files (was manifest-files)
Internal config JSON keys: protected_files, protected_files_policy (were manifest_files, manifest_files_policy)
Error messages, YAML remediation snippets, and fallback templates all updated
166 lock files recompiled with the new key names

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -- ings.cjs forks.js rev-�� --show-toplevel git /home/REDACTED/.dotnet/tools/git --local --get e/git git (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --stdout ache/node/24.14.--write git rev-�� ath ../../../.pr**/*.json ache/node/24.14.--ignore-path /usr/bin/git )" git k/_temp/ghcca-no"prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --stdout /usr/bin/git git rev-�� ath ../../../.pr**/*.json git ode_modules/.bin../../../.prettierignore --show-toplevel git de 0/x64/bin/node (http block)
https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --objects --stdin /home/REDACTED/go/bin/git --exclude-hiddengit --all --quiet git rev-�� --count b3652352ad44ac58d56089fc4bfc7d2059198af0..full-mode-branch /usr/bin/git user.name hub.example.com//home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/safe_outputs_mcp_server.cjs es/.bin/git git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha user.name Test User git -m Initial commit ode_modules/vite--show-toplevel ode_modules/vitest/dist/workers/forks.js bran�� -M main 0/x64/bin/node s [email protected] de/node/bin/git 0/x64/bin/node (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq 0/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/git -M main t git comm�� -m Auth cleanup base commit ndor/bin/git main..emoji-suffgit ader es/.bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel git es/.bin/git -u nup-success..autrev-parse bin/git /opt/hostedtoolcache/node/24.14.0/x64/bin/node serv�� node --conditions 0/x64/bin/node --experimental-igit --require /home/REDACTED/wor--show-toplevel 0/x64/bin/node (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha f/tags/v4 git /usr/bin/git ode-branch (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha d56089fc4bfc7d2059198af0..full-mode-branch full-mode-branch /opt/hostedtoolcache/go/1.25.0/x64/bin/git --show-toplevel git s/origin/auth-cl--show-toplevel git add full2.txt git ndor/bin/git user.name cess .extraheader git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha full1.txt git /home/REDACTED/.local/bin/git mental-jLWij7' mental-jLWij7' es/.bin/git git comm�� -m Second commit in full mode test /home/REDACTED/.local/bin/git user.email [email protected] ache/go/1.25.0/x--show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha HEAD e/git /home/REDACTED/work/_temp/uv-python-dir/git -m Initial commit run-script/lib/nxterm-color git show�� --verify --quiet /usr/bin/git user.email [email protected] nfig/composer/ve--show-toplevel git (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v8
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha manifestFiles\|ManifestFiles (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build767533856/b398/importcfg -pack /tmp/go-build767533856/b398/_testmain.go (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha full1.txt git tions/node_modules/.bin/git --local http.https://gitrev-parse modules/@npmcli/--show-toplevel git comm�� -m Second commit in full mode test /home/REDACTED/node_modules/.bin/git user.name Test User in/git git (http block)
https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha d56089fc4bfc7d2059198af0..full-mode-branch full-mode-branch /snap/bin/git --local http.https://gitrev-parse de/node/bin/git git add full2.txt git /snap/bin/git user.name cess ode_modules/.bin--show-toplevel git (http block)
https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha ental-taoh41 Auth cleanup failure test commit node --local --unset-all /home/REDACTED/wor--verify git afe_�� --local --get anch user.email [email protected] yaWZpY2F0aW9u git (http block)
https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha h ../../../.prettierignore git 0/x64/bin/node --show-toplevel git it 0/x64/bin/node rev-�� w/js/**/*.json' --ignore-path l de_modules/.bin/go ve git tions/setup/js/n--version tions/setup/js/node_modules/vitest/dist/workers/forks.js (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
- Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 cfg 64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
- Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
- Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
- Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
- Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 cfg 64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
- Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 cfg 64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
- Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 cfg 64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 (http block)
https://api.github.com/repos/github/gh-aw/contents/.github%2Fworkflows%2Faudit-workflows.md
- Triggering command: /opt/hostedtoolcache/node/24.14.0/x64/bin/node /opt/hostedtoolcache/node/24.14.0/x64/bin/node --conditions node --conditions development --experimental-import-meta-resolve --require /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/suppress-warnings.cjs /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/dist/workers/forks.js [email protected] ck git conf�� user.name Test User in/git -u origin k/_temp/uv-python-dir/git /usr/lib/git-core/git (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha h ../../../.prettierignore --conditions 0/x64/bin/node --experimental-inode --require /home/REDACTED/wor--write 0/x64/bin/node rev-�� w/js/**/*.json' --ignore-path l /usr/bin/git ve git tions/setup/js/n-c tions/setup/js/node_modules/vitest/dist/workers/forks.js (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha suffix.txt git KYVVjbDE3UlBOOQ== 64/pkg/tool/linugit git ache/uv/0.10.9/x-u git chec�� -b ix git -m Initial commit /opt/hostedtoolcrun git (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha (http block)
https://api.github.com/repos/githubnext/agentics/git/ref/tags/
- Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha onfig.json git 0/x64/bin/node --show-toplevel git cal/bin/git 0/x64/bin/node /pre�� --show-toplevel git /usr/bin/git ve git ode_modules/vite/home/REDACTED/work/gh-aw/gh-aw/.github/workflows ode_modules/viteconfig (http block)
https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -M main t main git _modules/.bin/gi. git form�� main..emoji-suffix ader es/.bin/git --abort git run-script/lib/n/tmp/bare-incremental-jLWij7 git (http block)
https://api.github.com/repos/nonexistent/repo/actions/runs/12345
- Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion (http block)
https://api.github.com/repos/owner/repo/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 86_64/sh (http block)
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo -nolocalimports -importcfg /tmp/go-build767533856/b392/importcfg -pack /tmp/go-build767533856/b392/_testmain.go (http block)
https://api.github.com/repos/owner/repo/contents/file.md
- Triggering command: /tmp/go-build767533856/b383/cli.test /tmp/go-build767533856/b383/cli.test -test.testlogfile=/tmp/go-build767533856/b383/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true hub.com/.extrahe/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/test-owner/test-repo/actions/secrets
- Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

pelikhan · 2026-03-07T19:12:25Z

@copilot review docs for correct protected files terminology

… terminology throughout Co-authored-by: pelikhan <[email protected]>

Copilot · 2026-03-07T19:25:12Z

@copilot review docs for correct protected files terminology

Fixed in 59a00de. Updated all "Manifest File Protection" terminology to "Protected File Protection" across docs and code:

safe-outputs-pull-requests.md: heading ## Protected File Protection, description, anchor links, and inline comments updated
threat-detection.md: section heading, body text, table, and code comments updated
safe-outputs.md: both link texts and inline YAML comments updated
push_to_pull_request_branch.cjs: issue title now [gh-aw] Protected File Protection: … and code comment updated
create_pull_request.cjs: code comments updated
handle_agent_failure.cjs: code comments updated
handle_agent_failure.test.cjs: test description names updated (backward-compat test data strings left intact)

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/repos/github/gh-aw/contents/.github%2Fworkflows%2Faudit-workflows.md
- Triggering command: /opt/hostedtoolcache/node/24.14.0/x64/bin/node /opt/hostedtoolcache/node/24.14.0/x64/bin/node --conditions node --conditions development --experimental-import-meta-resolve --require /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/suppress-warnings.cjs /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/dist/workers/forks.js [email protected] tions/node_modulHEAD git serv�� --local --get es/.bin/git --bare the new one -branch git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

pelikhan · 2026-03-07T19:31:20Z

@copilot rename "Protected File Protection" to "Protected Files"

Co-authored-by: pelikhan <[email protected]>

Copilot · 2026-03-07T19:43:18Z

@copilot rename "Protected File Protection" to "Protected Files"

Done in da56627. All occurrences of "Protected File Protection" renamed to "Protected Files":

Section headings: ## Protected File Protection → ## Protected Files (in safe-outputs-pull-requests.md and threat-detection.md)
Link text and anchors updated to #protected-files
Blockquote headings in fallback templates: 🛡️ **Protected File Protection Triggered** → 🛡️ **Protected Files**
handle_agent_failure.cjs user-facing string updated
Issue title in push_to_pull_request_branch.cjs: [gh-aw] Protected Files: …
All test assertions in handle_agent_failure.test.cjs updated (all 11 tests pass)

pelikhan · 2026-03-07T19:48:52Z

@copilot fix docs https://github.com/github/gh-aw/actions/runs/22805910251/job/66154993671

…e-pull-request Co-authored-by: pelikhan <[email protected]>

Copilot · 2026-03-07T19:56:09Z

@copilot fix docs https://github.com/github/gh-aw/actions/runs/22805910251/job/66154993671

Fixed in 1b95060. The create-pull-request stub in safe-outputs.md was missing its closing ``` after the protected-files example line, which caused the ### Close Pull Request heading to fall inside the unclosed code block — making its anchor unreachable and breaking the link validator.

Initial plan

63f0a59

Copilot AI assigned Copilot and pelikhan Mar 7, 2026

Copilot started work on behalf of pelikhan March 7, 2026 13:53 View session

Copilot AI changed the title ~~[WIP] Update runtime manager definitions for manifest files~~ Add manifest-files support to runtimes and enforce manifest file protection in safe outputs Mar 7, 2026

Copilot finished work on behalf of pelikhan March 7, 2026 14:22

Copilot started work on behalf of pelikhan March 7, 2026 14:34 View session

Copilot finished work on behalf of pelikhan March 7, 2026 14:41

Copilot started work on behalf of pelikhan March 7, 2026 14:48 View session

Copilot finished work on behalf of pelikhan March 7, 2026 14:59

pelikhan marked this pull request as ready for review March 7, 2026 15:04

Copilot AI review requested due to automatic review settings March 7, 2026 15:04

Copilot started reviewing on behalf of pelikhan March 7, 2026 15:05 View session

Copilot AI reviewed Mar 7, 2026

View reviewed changes

Copilot started work on behalf of pelikhan March 7, 2026 15:11 View session

pelikhan requested review from dsyme and lpcox March 7, 2026 15:11

dsyme reviewed Mar 7, 2026

View reviewed changes

pkg/parser/schemas/main_workflow_schema.json Outdated Show resolved Hide resolved

Copilot finished work on behalf of pelikhan March 7, 2026 15:19

Copilot started work on behalf of dsyme March 7, 2026 15:19 View session

Copilot started work on behalf of pelikhan March 7, 2026 18:32 View session

fix: update docs and templates to be consistent with code

d69e90c

Co-authored-by: pelikhan <[email protected]>

Copilot finished work on behalf of pelikhan March 7, 2026 18:38

Copilot started work on behalf of pelikhan March 7, 2026 18:43 View session

Copilot AI changed the title ~~Add manifest-files support to runtimes and enforce manifest file protection in safe outputs~~ Add protected-files support to runtimes and enforce protected file protection in safe outputs Mar 7, 2026

Copilot finished work on behalf of pelikhan March 7, 2026 19:01

Copilot started work on behalf of dsyme March 7, 2026 19:01 View session

Copilot finished work on behalf of dsyme March 7, 2026 19:05

Copilot started work on behalf of pelikhan March 7, 2026 19:12 View session

docs: update "Manifest File Protection" → "Protected File Protection"…

59a00de

… terminology throughout Co-authored-by: pelikhan <[email protected]>

Copilot finished work on behalf of pelikhan March 7, 2026 19:25

Copilot started work on behalf of pelikhan March 7, 2026 19:31 View session

docs: rename "Protected File Protection" → "Protected Files" throughout

da56627

Co-authored-by: pelikhan <[email protected]>

Copilot finished work on behalf of pelikhan March 7, 2026 19:43

Copilot started work on behalf of pelikhan March 7, 2026 19:49 View session

fix: add missing closing code fence in safe-outputs.md stub for creat…

1b95060

…e-pull-request Co-authored-by: pelikhan <[email protected]>

Copilot finished work on behalf of pelikhan March 7, 2026 19:56

pelikhan merged commit f87a535 into main Mar 7, 2026
80 checks passed

pelikhan deleted the copilot/update-runtime-manager-definitions-again branch March 7, 2026 20:05

github-actions bot mentioned this pull request Mar 7, 2026

Smoke Test: Copilot - 22807560248 #19991

Closed

Conversation

Copilot AI commented Mar 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

pelikhan commented Mar 7, 2026

Uh oh!

Copilot AI commented Mar 7, 2026

Uh oh!

pelikhan commented Mar 7, 2026

Uh oh!

Copilot AI commented Mar 7, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

Uh oh!

dsyme Mar 7, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

Uh oh!

pelikhan commented Mar 7, 2026

Uh oh!

Uh oh!

Copilot AI commented Mar 7, 2026

Uh oh!

Copilot AI commented Mar 7, 2026

Uh oh!

pelikhan commented Mar 7, 2026

Uh oh!

Copilot AI commented Mar 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

pelikhan commented Mar 7, 2026

Uh oh!

Copilot AI commented Mar 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

pelikhan commented Mar 7, 2026

Uh oh!

Copilot AI commented Mar 7, 2026

Uh oh!

pelikhan commented Mar 7, 2026

Uh oh!

Copilot AI commented Mar 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Copilot AI commented Mar 7, 2026 •

edited

Loading

Copilot AI commented Mar 7, 2026 •

edited

Loading

Copilot AI commented Mar 7, 2026 •

edited

Loading