feat: mount MCP servers as local CLIs after gateway starts

[Copilot]

Reconstructs the feature from #24503. Adds opt-in mounting of MCP servers as standalone CLI tools on PATH via tools.mount-as-clis: true (default false). When enabled, user-facing MCP servers are exposed as shell commands and excluded from the agent's final MCP config, forcing the agent to use CLI wrappers exclusively. The github MCP server is excluded from CLI mounting as it is handled differently and remains available as a normal MCP tool. The safeoutputs and mcpscripts servers are always included in CLI mounting when enabled — they are not treated as internal infrastructure.

How it works

The gateway starts containers for all configured servers (so they're reachable), then filtering happens in two stages:

1. Gateway config: includes all servers — needed to populate ${RUNNER_TEMP}/gh-aw/mcp-cli/manifest.json
2. Agent config: CLI-mounted servers excluded via GH_AW_MCP_CLI_SERVERS env var in each convert_gateway_config_*.cjs script

After the gateway starts, mount_mcp_as_cli.cjs reads the manifest, queries each server's tools/list via the full MCP session protocol (initialize → notifications/initialized → tools/list), and generates locked-down CLI wrappers under ${RUNNER_TEMP}/gh-aw/mcp-cli/bin/.

tools:
  playwright:
  mount-as-clis: true

# Agent uses these instead of MCP protocol:
playwright browser_navigate --url https://example.com
safeoutputs add_comment --body "Analysis complete"
mcpscripts mcpscripts-gh --args "pr list --repo owner/repo --limit 5"

Note: The github MCP server is not CLI-mounted — it is handled differently and remains available as a normal MCP tool even when mount-as-clis: true is set.

Changes

New files

• pkg/workflow/mcp_cli_mount.go — getMCPCLIServerNames(), generateMCPCLIMountStep(), buildMCPCLIPromptSection()
• actions/setup/js/mount_mcp_as_cli.cjs — manifest reader, MCP handshake, CLI wrapper generator; scripts placed at ${RUNNER_TEMP}/gh-aw/mcp-cli/bin/ (inside AWF sandbox mount), directory locked chmod 555, API key baked in at generation time (not available in sandbox env)
• actions/setup/md/mcp_cli_tools_prompt.md — <mcp-clis> prompt section template
• actions/setup/js/convert_gateway_config_copilot.cjs — JavaScript gateway config converter for Copilot (filters CLI servers, adds tools:["*"], rewrites URLs)
• actions/setup/js/convert_gateway_config_claude.cjs — JavaScript gateway config converter for Claude (filters CLI servers, sets type:"http", rewrites URLs)
• actions/setup/js/convert_gateway_config_codex.cjs — JavaScript gateway config converter for Codex (filters CLI servers, resolves host.docker.internal to 172.30.0.1, generates TOML)
• actions/setup/js/convert_gateway_config_gemini.cjs — JavaScript gateway config converter for Gemini (filters CLI servers, removes type field for transport auto-detection, rewrites URLs, adds context.includeDirectories)
• actions/setup/js/start_mcp_gateway.cjs — JavaScript gateway startup script (reads MCP config from stdin, launches Docker container, health check polling, engine-specific converter dispatch, CLI manifest creation, GitHub Actions outputs)

Go pipeline integration

• ToolsConfig.MountAsCLIs field + parser + schema + validation
• compiler_yaml_main_job.go calls generateMCPCLIMountStep() after gateway setup
• mcp_setup_generator.go exports GH_AW_MCP_CLI_SERVERS JSON array to $GITHUB_ENV
• unified_prompt_step.go injects CLI tools prompt section (8a, after safe outputs)
• mcp_rendering.go documents why CLI servers stay in gateway config
• mcp_renderer.go invokes node start_mcp_gateway.cjs (converted from bash start_mcp_gateway.sh)
• getMCPCLIServerNames() always includes safeoutputs and mcpscripts when they are enabled (HasSafeOutputsEnabled/IsMCPScriptsEnabled)

Gateway scripts (bash → JavaScript)

• start_mcp_gateway.cjs — full JavaScript port of the gateway startup script using child_process.spawn for Docker container management, Node.js http module for health checks, and child_process.execSync for converter/checker dispatch. Maintains all security controls (umask, symlink attack prevention, 0o600 file permissions)
• convert_gateway_config_{copilot,claude,codex,gemini}.cjs — all four engine converters are JavaScript for CLI server filtering, URL rewriting, and engine-specific config generation
• validate_prompt_placeholders.sh — strips backtick code spans before checking for unreplaced __GH_AW_*__ placeholders

Config storage hardening (/tmp → RUNNER_TEMP)

• MCP config (mcp-config/) and CLI manifest (mcp-cli/) moved from /tmp/gh-aw/ to ${RUNNER_TEMP}/gh-aw/ to prevent tampering — /tmp is world-writable, RUNNER_TEMP is per-runner and not world-accessible
• Updated across all JavaScript scripts (start_mcp_gateway.cjs, converter scripts, mount_mcp_as_cli.cjs, redact_secrets.cjs) and Go engine code (claude_engine.go, codex_engine.go, codex_mcp.go, claude_mcp.go, gemini_mcp.go, mcp_setup_generator.go, threat_detection.go, step_order_validation.go)
• MCP logs remain under /tmp/gh-aw/mcp-logs/ since the Docker gateway container writes there via -v /tmp:/tmp:rw

Security hardening (shell injection, input validation)

• shellEscapeDoubleQuoted() in mount_mcp_as_cli.cjs — escapes $ `` \ " ! and strips \r\n for all values embedded in generated CLI wrapper bash scripts (server name, URL, tools file path, API key), preventing shell injection and line injection attacks
• isValidServerName() in mount_mcp_as_cli.cjs — validates server names against [a-zA-Z0-9_-] with 64-char max length, preventing path traversal and shell metacharacter injection via malicious server names; servers failing validation are skipped with a warning
• URL validation — manifest server entries validated with new URL() before processing
• Port validation — gatewayPort verified to be strictly numeric before interpolation into execSync shell commands in start_mcp_gateway.cjs
• API key passing — check_mcp_servers.sh call uses $MCP_GATEWAY_API_KEY env var reference instead of direct JS string interpolation to avoid shell metacharacter risks
• Server name validation in manifest — start_mcp_gateway.cjs filters invalid server names when generating the CLI manifest

Observability improvements

• All 5 new JavaScript scripts use core.* logging via shim.cjs (core.info, core.error, core.warning) instead of console.*, ensuring consistent GitHub Actions annotation output
• All 4 converter scripts log CLI-mounted server filter list and include/filter counts
• start_mcp_gateway.cjs logs startup banner (engine, port, domain, runner temp), server names in CLI manifest; top-level error handler preserves stack traces via core.error(err.stack) before core.setFailed()
• mount_mcp_as_cli.cjs logs manifest server count after internal filtering, skipped servers with validation error reasons

Server exclusions

• The github MCP server is excluded from CLI mounting in both Go (internalMCPServerNames) and JavaScript (INTERNAL_SERVERS) — it is handled differently and remains a normal MCP tool
• safeoutputs and mcpscripts are not excluded — they are always CLI-mounted when enabled, with usage examples in the prompt template

Smoke test

• smoke-copilot.md enables mount-as-clis: true and updates test instructions to use CLI syntax for playwright/serena/safeoutputs/mcpscripts while keeping github as a normal MCP tool

[pelikhan]

@copilot ignore the github MCP server, it is handled differently.

[Copilot]

@copilot ignore the github MCP server, it is handled differently.

Excluded the github MCP server from CLI mounting in commit 4951367. Added it to the exclusion lists in both Go (internalMCPServerNames) and JavaScript (INTERNAL_SERVERS), updated the prompt template to remove github examples, and restored the smoke test to use github as a normal MCP tool.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/cmd/gh-aw/main.go (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw muPkofL/NgJlZta4-C (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha .js' --ignore-path .prettierigno-errorsas (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha .js' --ignore-path .prettierigno-errorsas erena-mcp-server:latest x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha k/gh-aw/gh-aw config 1/x64/bin/node remote.origin.urgit (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha .js' --ignore-path .prettierigno-errorsas (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha .js' --ignore-path .prettierigno-errorsas show x_amd64/vet (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha to pkg/workflow/data/action_pins.json..." (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha ithub/workflows commit.gpgsign /home/REDACTED/.local/bin/bash (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
• https://api.github.com/repos/docker/build-push-action/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot enable flag for smoke-copilot

[pelikhan]

@copilot always enabled for safeoutputs, mcpscripts. Update the built prompt generator to reflect this change too.

[Copilot]

@copilot enable flag for smoke-copilot

The mount-as-clis: true flag is already enabled in smoke-copilot.md (line 47 in the tools section) since commit afeaeed. The compiled lock file includes the "Mount MCP servers as CLIs" step, GH_AW_MCP_CLI_SERVERS env var, and CLI prompt section for agenticworkflows, playwright, and serena (with github excluded per the previous feedback).

[Copilot]

@copilot always enabled for safeoutputs, mcpscripts. Update the built prompt generator to reflect this change too.

Done in fb83906. Removed safeoutputs and mcpscripts from the exclusion lists in both Go (internalMCPServerNames) and JavaScript (INTERNAL_SERVERS). Added explicit logic in getMCPCLIServerNames() to always include them when enabled. Updated the prompt template with safeoutputs/mcpscripts usage examples and the smoke-copilot test instructions to list them as CLI-mounted servers.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw **/*.cjs 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -json GO111MODULE /usr/local/bin/bash GOINSECURE GOMOD -d bash --no�� --noprofile GOPROXY (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha " GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� prettier --check 64/bin/go --ignore-path .prettierignore 64/bin/go go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -test.timeout=10m0s -test.count=1 /usr/bin/git GOSUMDB GOWORK 64/bin/go git rev-�� --show-toplevel go /usr/bin/git MFpD/H8VUAZrsjt5git GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel node /usr/bin/git run lint:cjs 64/bin/go git rev-�� --show-toplevel sh /usr/bin/git "prettier" --chegit node 64/bin/go git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/cgo GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/cgo (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha d -n 10 (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha d -n 10 --global rgo/bin/git http.https://gitgh (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
• https://api.github.com/repos/docker/build-push-action/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha --get-regexp --global t (http block)
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha ver\|cli_server _config_copilot.sh r: $owner, name: $name) { hasDiscussionsEnabled } } (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha 476627/b001/workflow.test GO111MODULE 476627/b001/importcfg.link GOINSECURE GOMOD GOMODCACHE iTe2m1FqJ9AqD/E7yW-V-7DMzId52nbD6_/zJRkgRAW4PV_t4DqOxSf/EhrgUD1iTe2m1FqJ9AqD env ry=1 GO111MODULE che/go-build/14/14900198eb5740c9d1377a056c579ed3b8c3e7641e6841d95fa187196c139bf3-d GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel npx /usr/bin/git --check **/*.cjs 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha 1089883/b423/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env hkp_/BdvgLBe8Jb1GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 1089883/b423/impGOPROXY (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha 1089883/b428/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env BdUk/qiAXtumHukIGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 1089883/b428/impGOPROXY (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

⚠️ Smoke Gemini failed. Gemini encountered unexpected challenges...

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[Copilot]

@copilot store config under RUNNER_TEMP to prevent tampering

Done in b9c7d1e. Moved mcp-config/ and mcp-cli/ from /tmp/gh-aw/ to ${RUNNER_TEMP}/gh-aw/ in start_mcp_gateway.cjs, converter scripts (claude, codex), mount_mcp_as_cli.cjs, and redact_secrets.cjs. Updated Go engine code (claude_engine.go, codex_engine.go, codex_mcp.go, claude_mcp.go, gemini_mcp.go), mcp_setup_generator.go, threat_detection.go, and step_order_validation.go to use ${RUNNER_TEMP} in shell contexts and ${{ runner.temp }} in YAML env blocks. Logs remain under /tmp/gh-aw/mcp-logs/ since the Docker gateway container writes there via -v /tmp:/tmp:rw.

@copilot convert start_mcp_gateway.sh to JavaScript

Converted to start_mcp_gateway.cjs in e8bc926. Updated mcp_renderer.go to invoke node instead of bash, updated test expectations, and recompiled all 187 lock files. The JavaScript version uses child_process.spawn for the Docker container, Node.js http module for health checks, and maintains all the same security controls (umask, symlink attack prevention, file permissions). In a follow-up commit (b9c7d1e), also moved config storage from /tmp/gh-aw/ to ${RUNNER_TEMP}/gh-aw/ per the tampering prevention request.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw acts.go _wrapping_test.go x_amd64/vet test�� *.json' '!../../../pkg/workflow/js/**/*.json' ---buildmode=exe job.go 64/pkg/tool/linux_amd64/vet --property=Memorbash --property=CPUQu--norc --property=Memor--noprofile 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ine_helpers_shar--norc ine_helpers_test--noprofile x_amd64/vet --no�� --noprofile 155d42badded37ea8 64/pkg/tool/linux_amd64/vet nore (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� prettier --check 64/bin/go **/*.ts **/*.json --ignore-path /bin/sh (http block)
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel git /usr/bin/git --show-toplevel git k/_temp/ghcca-node/node/bin/bash--show-toplevel git rev-�� --show-toplevel node /usr/bin/gh 1/x64/bin/node git p/bin/bash gh (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha user.name Test User /usr/bin/gh -json GO111MODULE x_amd64/link gh run list --json /usr/bin/infocmp --workflow nonexistent-workrev-parse --limit infocmp (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -bool -buildtags /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha 64/pkg/tool/linu--show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git node js/f�� 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha sistency_InlinedImports1462240087/001/inlined-b.md go 3855251/b440/_pkg_.a 1527335164/001' 1527335164/001' 64/bin/go git rev-�� --show-toplevel l /usr/bin/git che/go-build/9d/git GOPROXY 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ache/go/1.25.8/x64/src/net -trimpath .cfg -I /tmp/go-build395rev-parse -I ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� --show-toplevel git ache/node/24.14.1/x64/bin/node --show-toplevel x_amd64/compile /usr/bin/git git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 27/001/test-complex-frontmatter-with-tools.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -test.paniconexit0 -test.v=true /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git 2203739110/001 GO111MODULE ache/go/1.25.8/x--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git ring44837047/001git GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel go /usr/bin/git runs/20260413-15git GO111MODULE (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.8/x64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel 01.o /usr/bin/git ache/go/1.25.8/xcut git 1/x64/bin/as git rev-�� --show-toplevel 5573980/b125/_x0-buildtags /usr/bin/git 64/src/os/user -trimpath x_amd64/compile git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/x-f1 /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git 63d9f43ac67db669git ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha npx prettier --cGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go node /hom�� --check scripts/**/*.js 64/bin/go .prettierignore 64/pkg/tool/linurev-list 64/bin/go go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha prettier --check 64/bin/go **/*.ts **/*.json --ignore-path go env -json GOMOD 64/bin/go tierignore /opt/hostedtoolcconfig 64/bin/go go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha remove origin /usr/bin/git ub/workflows GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/go-build3955573980/b349/_pkg_.a -trimpath 5573980/b260/vet.cfg -p golang.org/x/texrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3955573980/b083/vet.cfg 5573980/b365/vet.cfg -goversion go1.25.8 -c=4 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --show-toplevel x_amd64/vet /usr/bin/git node js/f�� 64/pkg/tool/linu--show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git node (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha add origin /usr/bin/git ub/workflows GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/go-build3955573980/b351/_pkg_.a -trimpath 5573980/b252/vet.cfg -p golang.org/x/texrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3955573980/b114/vet.cfg 5573980/b364/vet.cfg -goversion go1.25.8 -c=4 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --show-toplevel x_amd64/vet /usr/bin/git node js/f�� 64/pkg/tool/linu--show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git node (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha /tmp/go-build1003855251/b385/_pkg_.a -trimpath ache/node/24.14.1/x64/bin/node -p github.com/githurev-parse -lang=go1.25 /usr/lib/git-core/git t-15�� sistency_GoAndJavaScript2868694227/001/test-inlined-imports-enabled-with-body-content.md -q /usr/bin/git -c=4 -nolocalimports -importcfg git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 5573980/b234/_pkg_.a .cfg 64/pkg/tool/linux_amd64/vet U2ypJd8DV g/x/net/idna -fno-stack-prote--show-toplevel 64/pkg/tool/linux_amd64/vet 5573�� ache/go/1.25.8/x64/src/net .cfg 64/pkg/tool/linux_amd64/vet QVGK/vBsXC30UDCSgit --64 -o 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git 1/x64/bin/node --show-toplevel x_amd64/compile /usr/bin/git git rev-�� --show-toplevel git 1/x64/bin/node --show-toplevel 5573980/b125/_x0rev-parse /usr/bin/git git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha --verify copilot/reconstruct-feature-24503 x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha .js' --ignore-path .prettierigno-errorsas ine_helpers_shared.go x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha .js' --ignore-path .prettierigno-errorsas (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ify@v1.11.1/require/doc.go ify@v1.11.1/require/forward_requirements.go 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --noprofile (http block)
• https://api.github.com/repos/docker/build-push-action/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha se 5856260/b015/vetowner=github de/node/bin/bash-f (http block)
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha se 5856260/b019/vet.cfg r: $owner, name: $name) { hasDiscussionsEnabled } } (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha HEAD .github/workflows/test.md /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha se 5573980/b360/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p github.com/modelrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --show-toplevel x_amd64/vet /usr/bin/git node js/f�� 64/pkg/tool/linu--show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git node (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -aw/git/ref/tags/v2.0.0 -trimpath ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -p main -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile 7370�� gzm_ch0jL-jejRpAbz-i/gzm_ch0jL-jejRpAbz-i -dwarf=false /usr/bin/git go1.25.8 -c=4 -nolocalimports git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -I .cfg 64/pkg/tool/linux_amd64/vet x_r2/W3pFgiFZ7pGgit --gdwarf2 --64 64/pkg/tool/linux_amd64/vet om/s�� ache/go/1.25.8/x64/src/net .cfg 64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git 1/x64/bin/node --show-toplevel /x86_64-linux-gnrev-parse /usr/bin/git git arne�� --show-toplevel git 1/x64/bin/node --show-toplevel 5573980/b010/sysrev-parse /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha g/typeutil/convert.go g/typeutil/convert_test.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -p b/gh-aw/pkg/strirev-parse -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile push�� 3855251/b449/_pkg_.a my-default ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet go1.25.8 -c=4 -nolocalimports ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -I .cfg 64/pkg/tool/linux_amd64/vet gFFH/3a5Z8FpZ2oTgit --gdwarf2 --64 64/pkg/tool/linux_amd64/vet abis�� om/segmentio/asm@v1.1.3/keyset/keyset_amd64.s .cfg 64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git 1/x64/bin/node --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git arne�� --show-toplevel git 1/x64/bin/node --show-toplevel u/13/cc1 /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 2724793144/.github/workflows GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name git 1/x64/bin/node --show-toplevel git /usr/bin/git git arne�� 19673855/001 git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name git 1/x64/bin/node ref/tags/v1.2.3 /opt/hostedtoolcconfig /usr/bin/git git arne�� --show-toplevel git 1/x64/bin/node --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE util.test GOINSECURE GOMOD GOMODCACHE util.test (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name git 1/x64/bin/node --show-toplevel node /usr/bin/git git arne�� 01/main.md git 1/x64/bin/node --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 4186736155 GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env " GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name git 1/x64/bin/node --show-toplevel ue && echo "chaiconfig /usr/bin/git git arne�� 19673855/001 git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 4186736155 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name git 1/x64/bin/node --show-toplevel git /usr/bin/git git arne�� --show-toplevel git 64/bin/bash --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 4186736155 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name git 1/x64/bin/node --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git arne�� edOutput1855152010/001 git 1/x64/bin/bash --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name --jq 1/x64/bin/node --show-toplevel node /usr/bin/git git arne�� edOutput1855152010/001 git de/node/bin/bash --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build1003855251/b411/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go /opt�� prettier --check 64/bin/go **/*.ts **/*.json --ignore-path golangci-lint (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 .prettierignore 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE HD/45mdmEzBnpu2Sremote2 env edOutput647363870/001 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel go /usr/bin/git " GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.8/xgit-upload-pack 'origin' git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel -tests /usr/bin/git 64/src/runtime/rgit git x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git ache/go/1.25.8/x/bin/sh _cgo_.o 64/pkg/tool/linugit-upload-pack 'origin' git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/x-c /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha edOutput647363870/001 GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env ntdrain.test GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu--json (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha 64/src/runtime/c/tmp/go-build3955573980/b229/_x001.o git u/13/cc1 --show-toplevel 5573980/b010/ /usr/bin/git u/13/cc1 rev-�� ache/go/1.25.8/x-errorsas git as ref/tags/v0.1.2 3855251/b414/imp-atomic /usr/bin/git 5573980/b125/_x0-buildtags (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git se 5573980/b019/vetjs/fuzz_mentions_harness.cjs .cfg git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git /opt/hostedtoolcnode -I ache/go/1.25.8/x64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha "prettier" --che-test.timeout=10m0s node 64/bin/go tierignore scripts/**/*.js 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha /repos/actions/g./pkg/cli/ --jq /usr/bin/git 1/x64/bin/node git /home/REDACTED/.co-v git rev-�� 4749075/001 4749075/002/work /usr/bin/git --noprofile git /usr/local/.ghcu/tmp/compile-instructions-test-4257395066/.github/workflows git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha --check scripts/**/*.js 64/bin/go -d scripts/**/*.js 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha GOPATH=$(go env -test.timeout=10m0s sh 64/bin/go tierignore /opt/hostedtoolc-1 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GOMOD 64/bin/go -d /opt/hostedtoolcremote 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --check scripts/**/*.js 64/bin/go .prettierignore format:pkg-json 64/bin/go go env Gitmain_branch522112116/001' Gitmain_branch522112116/001' 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel ache/go/1.25.8/x-ifaceassert /usr/bin/git 1/x64/bin/node git /usr/bin/tail git rev-�� lGitmain_branch1124749075/001' lGitmain_branch1124749075/001' /usr/bin/git 64/pkg/tool/linugit git /home/REDACTED/wor--show-toplevel git (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha --noprofile Z6jRXmgJ6 64/pkg/tool/linu-importcfg (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha edOutput647363870/001 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha 64/src/runtime/c-m git 64/pkg/tool/linu--hash-style=gnu --show-toplevel 5573980/b010/ /usr/bin/git 64/pkg/tool/linu/tmp/go-build3955573980/b173/vet.cfg rev-�� g_.a o_.o o_main.o 01.o 02.o 03.o d64.o (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git se 5573980/b023/vetjs/fuzz_mentions_harness.cjs ache/go/1.25.8/x64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git /opt/hostedtoolcnode -I ache/go/1.25.8/x64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/scripts/lint_error_messages_test.go env til.go til_test.go ger.test GOINSECURE GOMOD GOMODCACHE ger.test (http block)
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --show-toplevel git /usr/bin/git git js --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� prettier --check 64/bin/go **/*.ts **/*.json --ignore-path go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo -nolocalimports -importcfg /tmp/go-build1003855251/b415/importcfg -pack /tmp/go-build1003855251/b415/_testmain.go /opt�� prettier --check 64/bin/go **/*.ts **/*.json --ignore-path go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git --show-toplevel git ash git rev-�� --show-toplevel node /usr/bin/git 1/x64/bin/node git ache/go/1.25.8/x-x git (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build1003855251/b397/cli.test /tmp/go-build1003855251/b397/cli.test -test.testlogfile=/tmp/go-build1003855251/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
  • Triggering command: /tmp/go-build999931798/b001/cli.test /tmp/go-build999931798/b001/cli.test -test.paniconexit0 -test.count=1 -test.timeout=1m0s rev-�� --show-toplevel flow.test /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git ache/node/24.14.1/x64/bin/bash git (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� prettier --check 64/bin/go **/*.ts **/*.json --ignore-path node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name d git /usr/bin/git --show-toplevel git bin/bash git rev-�� --show-toplevel node /usr/bin/git 1/x64/bin/node git sh git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot do a deep review of the changes in this PR

• focus on actions security, shell injection, robustness
• improve logging to increase debug ability, observability

[Copilot]

@copilot do a deep review of the changes in this PR

• focus on actions security, shell injection, robustness
• improve logging to increase debug ability, observability

Done in e7501b3 and 1b18ebd. Security hardening and observability improvements:

Shell injection prevention:

• Added shellEscapeDoubleQuoted() — escapes $, `, \, ", ! and strips \r\n for all values embedded in generated CLI wrapper scripts (server name, URL, tools file path, API key)
• Added isValidServerName() — only allows [a-zA-Z0-9_-] with 64-char limit, prevents path traversal and shell metacharacter injection via malicious server names
• Added URL validation (new URL()) for manifest server entries
• Validated gatewayPort is numeric before interpolation into execSync shell commands
• Changed check_mcp_servers.sh call to pass API key via $MCP_GATEWAY_API_KEY env var reference instead of direct JS string interpolation

Server name validation in both mount_mcp_as_cli.cjs (skips invalid servers with warning) and start_mcp_gateway.cjs (filters invalid names from CLI manifest).

Logging improvements:

• All 4 converter scripts now log CLI-mounted server filter list and include/filter counts
• start_mcp_gateway.cjs logs startup banner with engine, port, domain, runner temp
• start_mcp_gateway.cjs logs server names in CLI manifest
• mount_mcp_as_cli.cjs logs manifest server count, skipped servers, and validation errors

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE x_amd64/vet git (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw , add input valirev-parse /prettier git rev-�� --show-toplevel git /usr/bin/git /setup/js/convergit git ode_modules/.bin--show-toplevel git (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git rev-�� --show-toplevel -tests (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha "prettier" --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pret.prettierignore git /home/REDACTED/.cargo/bin/sh --show-toplevel /opt/hostedtoolcrev-parse /usr/lib/git-cor--show-toplevel sh -c npx prettier --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path /usr/lib/git-corHEAD (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha */*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path git rgo/bin/git --show-toplevel go /usr/bin/git bash --no�� 19fc61706e523f2a3dd645ff:actions/setup/js/mount_mcp_as_cli.cjs git k/gh-aw/gh-aw/actions/node_modules/.bin/sh nore ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -test.count=1 -test.timeout=2m0s /usr/bin/git /tmp/go-build822git -trimpath 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json .cfg 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE x_amd64/vet git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel x_amd64/compile /usr/bin/git ath ../../../.prcut git /prepare-commit-../../../.pretti--show-toplevel git rev-�� --show-toplevel /prepare-commit-msg /usr/bin/git re --log-level=egit git /node git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -unreachable=false /tmp/go-build2119783569/b229/vet.cfg 9783569/b320/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2119783569/b194/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -json GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -unreachable=false /tmp/go-build2119783569/b062/vet.cfg 9783569/b316/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2119783569/b215/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -json GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -unreachable=false /tmp/go-build2119783569/b042/vet.cfg 9783569/b251/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2119783569/b219/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet rojJ/BsCEpKCTlnOgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build2119783569/b036/vet.cfg 9783569/b317/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2119783569/b209/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet vSGJ/PvwcTyzDq5jgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha b9c7d1e7f696efc419fc61706e523f2a3dd645ff:actions/setup/js/convert_gateway_config_gemini.cjs on rkflow/js/**/*.json /../../.prettiergit erignore /usr/bin/git sh -c npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json git /home/REDACTED/work/gh-aw/gh-aw/node_modules/.bin/node --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git node (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build2119783569/b050/vet.cfg 9783569/b355/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2119783569/b208/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -json mgJ6/e9tg3TYwOySrev-parse 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha b9c7d1e7f696efc419fc61706e523f2a3dd645ff:actions/setup/js/convert_gateway_config_copilot.cjs on rkflow/js/**/*.json /../../.prettiergit erignore /usr/bin/git sh -c npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json git /home/REDACTED/.npm/_npx/b388654678d519d9/node_modules/.bin/prettier --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git prettier (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git ules/.bin/node --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git node tion�� celain --ignore-submodules | head -n 10 git tions/setup/node_modules/.bin/sh --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git node (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha -bool -buildtags 9783569/b327/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha b9c7d1e7f696efc419fc61706e523f2a3dd645ff:actions/setup/js/convert_gateway_configcapi-prod-claudegit on rkflow/js/**/*.json /../../.prettiergit erignore /usr/bin/git sh -c npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json git /home/REDACTED/.local/bin/sh --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git sh (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha 64/pkg/tool/linu--show-toplevel git rs_test.go fault_test.go 64/pkg/tool/linurev-parse .go _test.go 1/x6�� all_test.go elpers.go k/_temp/ghcca-node/node/bin/git ecution.go acts.go _wrapping_test.g--show-toplevel rs_test.go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 64/pkg/tool/linu--show-toplevel git 86_64/node --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git node 1/x6�� 64/pkg/tool/linu--show-toplevel git de/node/bin/sh --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git node (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git mcp_as_cli.cjs git /sh git rev-�� --show-toplevel git /usr/bin/git h ../../../.pret/bin/sh git 1/x64/bin/node git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha /tmp/go-build822-errorsas -trimpath 64/bin/go -p github.com/githu-unsafeptr=false -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha ignore-path ../../../.prettierignore git 1/x64/bin/node --show-toplevel go /usr/bin/git git ance�� --show-toplevel git modules/@npmcli/run-script/lib/node-gyp-bin/node --show-toplevel go /usr/bin/git git (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ../../../.pretti-errorsas sh 64/bin/go "prettier" --wri/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ignore-path ../../../.prettierignore git 1/x64/bin/node --show-toplevel go /usr/bin/git git ance�� --show-toplevel git 1/x64/bin/node --show-toplevel go /usr/bin/git git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot always use actions core.* for logging. In node processes, require the shim.cjs to install those types.

[Copilot]

@copilot always use actions core.* for logging. In node processes, require the shim.cjs to install those types.

Done in e997fe0 and a30140e. Added require("./shim.cjs") to all 5 new JS scripts (start_mcp_gateway.cjs, convert_gateway_config_{copilot,claude,codex,gemini}.cjs) and replaced ~215 console.log/error/warn calls with core.info/error/warning. Top-level error handler in start_mcp_gateway.cjs uses core.setFailed() with stack trace preservation.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE x_amd64/vet git (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -bool -buildtags /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3422880085/b273/vet.cfg (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json .cfg sh GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -test.count=1 -test.timeout=2m0s /usr/bin/git che/go-build/9d/git **/*.cjs 64/bin/go git rev-�� --show-toplevel /opt/hostedtoolc/tmp/go-build3422880085/b092/vet.cfg /usr/bin/git /tmp/go-build176git -trimpath 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 64/bin/bash git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3422880085/b050/vet.cfg 2880085/b355/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3422880085/b079/vet.cfg 2880085/b348/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -t security /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet OUTPUT -d 168.63.129.16 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3422880085/b048/vet.cfg 2880085/b350/vet.cfg ACCEPT GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3422880085/b117/vet.cfg 2880085/b363/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha se 2880085/b358/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3422880085/b106/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 1/x64/bin/bash GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3422880085/b036/vet.cfg 2880085/b251/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel -tests /usr/bin/git /tmp/go-build176git -trimpath 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha "prettier" --che- sh 64/bin/go "prettier" --wri/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha "prettier" --che-p sh 64/bin/go "prettier" --wri/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

Hey @Copilot 👋 — great work on the MCP-as-CLIs reconstruction! This is a well-structured, security-conscious feature that addresses the original design from #24503 with meaningful improvements (gateway script → JavaScript conversion, /tmp → RUNNER_TEMP hardening, shell-injection mitigations). It looks ready for maintainer review.

Contribution Guidelines Check

Check	Result
On-topic	✅ yes — core MCP infrastructure
Follows process	✅ yes — Copilot agent PR, assigned to core team member (@pelikhan), references prior issue #24503
Focused	✅ yes — new CLI-mounting feature + supporting infrastructure; lock file regenerations are an automated side effect
New dependencies	✅ no
Has tests	✅ yes — pkg/workflow/*_test.go, golden test data, validate_prompt_placeholders_test.sh
Has description	✅ yes — thorough body covering architecture, security decisions, and changed files
Diff size	3745 lines (2948 additions / 797 deletions) across 233 files

Verdict: 🟢 Aligned · Quality: lgtm

Two housekeeping items before merge:

• Draft status — the PR is still marked as draft; remember to mark it ready for review when the work is complete.
• Merge conflicts — mergeable_state is currently dirty; a rebase or merge from main will be needed before this can land.

Generated by Contribution Check · ● 2.6M · ◷

[pelikhan]

@copilot ensure that this feature is NOT enabled by default.

• enable it in smoke-copilot
• merge main and recompile

[Copilot]

@copilot ensure that this feature is NOT enabled by default.

• enable it in smoke-copilot...

Verified and done in de8393b. The feature defaults to false (Go zero value for MountAsCLIs bool), only smoke-copilot.md has mount-as-clis: true enabled. Merged main and recompiled all 187 lock files. Updated golden files and integrity test expectations for the MCPG v0.2.19 version bump from main.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.36.0/internal/internal.go /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.36.0/internal/match.go conf�� (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.36.0/message/catalog/catalog.go /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.36.0/message/catalog/dict.go conf�� race user.email ml (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/go/pkg/mod/github.com/charmbracelet/x/term@v0.2.2/term.go /home/REDACTED/go/pkg/mod/github.com/charmbracelet/x/term@v0.2.2/term_unix.go conf�� --local user.email ml (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name rite '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json .cfg 64/pkg/tool/linux_amd64/vet l (http block)
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel git ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --show-toplevel infocmp /usr/bin/git ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet api /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git --show-toplevel 64/pkg/tool/linu-c /usr/bin/git git (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha ache/uv/0.11.6/x86_64/git x_amd64/vet /opt/hostedtoolcache/node/24.14.1/x64/bin/node -unreachable=falgit /tmp/go-build261rev-parse 1421259/b263/vet--show-toplevel /opt/hostedtoolcache/node/24.14.1/x64/bin/node /tmp�� Secret: ${{ secrets.TOKEN }} /opt/hostedtoolcrev-parse /usr/bin/infocmp LsRemoteWithRealgit LsRemoteWithRealrev-parse /opt/hostedtoolc--show-toplevel infocmp (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel tr /usr/bin/git : git /usr/bin/git git rev-�� --show-toplevel =main /usr/bin/git --show-toplevel /opt/hostedtoolcremote /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /usr/bin/git git /opt/hostedtoolcache/node/24.14.1/x64/bin/node test.txt git /usr/bin/git node js/f�� /usr/bin/git git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha /tmp/gh-aw-test-runs/20260413-174221-19839/test-3124537636/.gith@{u} config /usr/bin/git remote.origin.urgit .cfg 64/pkg/tool/linu--show-toplevel git -C /tmp/gh-aw-test-runs/20260413-174221-19839/test-1231664429/.github/workflows l ache/node/24.14.1/x64/bin/node om/davecgh/go-spgit .cfg ache/go/1.25.8/x--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git /usr/bin/git k/gh-aw/gh-aw/.ggit git /usr/bin/infocmp--show-toplevel git rev-�� --show-toplevel infocmp ache/node/24.14.1/x64/bin/node xterm-color git om/testorg/testr--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 95/001/test-complex-frontmatter-with-tools.md -tests /usr/bin/git pkg/mod/golang.oinfocmp pkg/mod/golang.o-1 ock.yml git rev-�� 7832/001/stability-test.md /opt/hostedtoolc-buildtags /usr/bin/git json' --ignore-pgit -trimpath kflows/daily-fun--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -test.paniconexit0 -test.v=true /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git 1751879859/001 git /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel x_amd64/vet (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel 0L/467uKFEeVSI7sGq3AHdw/kvhYxVqDremote.origin.url /usr/bin/git 95/001/test-froncut (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha runs/20260413-174738-26743/test-571991631/.github/workflows Test User /usr/lib/git-core/git-upload-pack --show-toplevel git /usr/bin/git git-upload-pack /tmp�� 4738-26743/test-3537994267 git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git e/git git rev-�� --show-toplevel e/git /usr/bin/git No expressions hgit git /usr/bin/git git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha k/gh-aw/gh-aw/.github/workflows -f x_amd64/vet l owner=github -f x_amd64/vet tion�� k/gh-aw/gh-aw /usr/lib/git-cor-f 64/pkg/tool/linux_amd64/vet ignore --stdin r: $owner, name:--show-toplevel 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha k/gh-aw/gh-aw/.github/workflows bash x_amd64/vet l (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha */*.json' '!../../../pkg/workflo-errorsas rev-parse bash --noprofile (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.g-errorsas config x_amd64/vet remote.origin.urgit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha remove origin /usr/bin/git se 1421259/b189/vetrev-parse x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git workflows git x_amd64/compile git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� ut2786833974/001 git /usr/bin/git --show-toplevel /tmp/go-build332rev-parse /usr/bin/infocmp--show-toplevel git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha k/gh-aw/gh-aw bash x_amd64/vet --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha add origin /opt/hostedtoolcache/node/24.14.1/x64/bin/node ub/workflows 1421259/b184/vetrev-parse ache/go/1.25.8/x--show-toplevel node /tmp�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/agent-persona-explorer.md ache/go/1.25.8/x64/pkg/tool/linu-importcfg /opt/hostedtoolcache/node/24.14.1/x64/bin/node --write ../../../**/*.jsrev-parse /opt/hostedtoolc--show-toplevel node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha tags/v3 git /usr/bin/git --show-toplevel node /usr/bin/git git rev-�� y_only_defaults_repo2150906702/001 git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha /tmp/go-build3325238045/b393/agentdrain.test -importcfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -s -w -buildmode=exe ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet main�� run --auto /usr/bin/git --detach config 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel /opt/hostedtoolcache/node/24.14.1/x64/bin/node /usr/bin/git github.repositorgit /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git 1/x64/bin/node 73 git /bin/sh git arne�� --show-toplevel /bin/sh 1/x64/bin/node ithub-script/gitgit git-upload-pack rev-parse (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha /tmp/go-build4222172451/b315/symabis -c=4 -nolocalimports -importcfg /tmp/go-build4222172451/b315/importcfg -pack -asmhdr conf�� /php.ini credential.helper .lock.yml (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -c=4 -nolocalimports -importcfg /tmp/go-build4222172451/b328/importcfg -pack /home/REDACTED/go/pkg/mod/github.com/santhosh-tekuri/jsonschema/v6@v6.0.2/kind/kind.go git conf�� --local user.name audit.lock.yml (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -c=4 -nolocalimports -importcfg /tmp/go-build4222172451/b126/importcfg -pack /home/REDACTED/go/pkg/mod/charm.land/bubbles/v2@v2.1.0/help/help.go git conf�� --local user.name audit.lock.yml (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --local committer.name rics.lock.yml (http block)
• https://api.github.com/repos/docker/build-push-action/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha --noprofile -cmin $name) { hasDiscussionsEnabled } } -delete (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha /tmp/gh-aw-test-runs/20260413-174221-19839/test-1980531338 rev-parse /usr/bin/git @{u} 1421259/b218/vetrev-parse ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git ub/workflows ../../../**/*.jsrev-parse /opt/hostedtoolc--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel ache/node/24.14.1/x64/bin/npm /usr/bin/git nly git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --get remote.origin.urrev-parse /usr/bin/git node js/f�� /home/REDACTED/.co--show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node --show-toplevel bash /usr/bin/git node (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -bool stmain.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -errorsas -ifaceassert -nilfunc ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile 2576�� --pack_header=2,3 -q /usr/bin/gh rite '**/*.cjs' git .cfg 64/pkg/tool/linu--show-toplevel gh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha run --auto /usr/bin/git --detach /opt/hostedtoolcrev-parse /usr/bin/docker git rev-�� --show-toplevel docker /usr/bin/git it/ref/tags/v7 /opt/hostedtoolcrev-parse /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git 1/x64/bin/node --show-toplevel git /usr/bin/git infocmp arne�� xterm-color git 1/x64/bin/node --show-toplevel git /opt/hostedtoolc--show-toplevel git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows/agent-performance-analyzer.md g/typeutil/convert_test.go ache/node/24.14.1/x64/bin/node -p main -lang=go1.25 git-receive-pack t-12�� bility_SameInputSameOutput1978277832/001/stability-test.md -dwarf=false /usr/bin/git go1.25.8 -c=4 -nolocalimports git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha initial.txt gh /usr/bin/git list --json (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git 1/x64/bin/node --show-toplevel git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name /tmp/go-build2611421259/b187/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet 2172451/b268/_pkgit -- me: String!) { --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-buildtags -ato�� 3178328211 -buildtags 64/pkg/tool/linux_amd64/compile -errorsas -ifaceassert -nilfunc 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 /tmp/go-build2611421259/b215/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet h ../../../.pretgit s/contribution-crev-parse repository(owne--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-test.v=true -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name gh /usr/bin/git /repos/actions/ggit --jq /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name /tmp/go-build2611421259/b170/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet ath ../../../.prgit -- 2172451/b339=> /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-buildtags -ato�� ithub/workflows l_test.go /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 /tmp/go-build2611421259/b167/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet ath ../../../.prgit -- me: String!) { user.name /opt/hostedtoolcTest User -ato�� tags/v4 -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name infocmp /usr/bin/git xterm-color git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel node /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name -buildtags /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x^remote\..*\.gh-resolved$ -ato�� ithub/workflows -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 /tmp/go-build2611421259/b179/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet ath ../../../.prgit -- egrity-analysis.../../../.prettierignore /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-trimpath -ato�� -bool -buildtags 64/pkg/tool/linux_amd64/compile -errorsas -ifaceassert -nilfunc 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name git 1/x64/bin/node --show-toplevel (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name /tmp/go-build2611421259/b190/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet 2172451/b107/_pkgit -- 2172451/b107=> /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-trimpath -ato�� 3178328211 go /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 /tmp/go-build2611421259/b209/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet h ../../../.pretgit s/contribution-crev-parse s.lock.yml /opt/hostedtoolcache/go/1.25.8/x-buildtags -ato�� 2889719013/.github/workflows -buildtags k -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name infocmp /usr/bin/git xterm-color git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name /tmp/go-build2611421259/b192/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet it/ref/tags/v7 -- repository(owne--log-level=error /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-buildtags -ato�� 3178328211 -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 /tmp/go-build2611421259/b212/vet.cfg 86_64/bash h ../../../.pretgit s/contribution-crev-parse r.lock.yml /opt/hostedtoolcache/go/1.25.8/x-trimpath -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name /tmp/go-build261-nolocalimports /opt/hostedtoolc-importcfg ithub/workflows -- 2172451/b172=> /opt/hostedtoolctest@example.com -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 /tmp/go-build2611421259/b211/vet.cfg 64/bin/bash h ../../../.pretgit s/contribution-cinit 2172451/b344=> /opt/hostedtoolcache/go/1.25.8/x--jq -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name git 1/x64/bin/node --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git -has�� SameOutput134123503/001/stability-test.md git 1/x64/bin/node --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name /tmp/go-build2611421259/b193/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet 2172451/b329/_pkgit -- 2172451/b329=> /opt/hostedtoolcTest User -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 /tmp/go-build2611421259/b214/vet.cfg n-dir/bash h ../../../.pretgit s/contribution-crev-parse me: String!) { --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-test.v=true -ato�� 2889719013 -buildtags x_amd64/link -errorsas -ifaceassert -nilfunc x_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build3325238045/b414/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/gitutil/gitutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/gitutil/gitutil_test.go api te 'scripts/**/*.js' --ignore-path .prettierigno-errorsas .cfg 64/pkg/tool/linux_amd64/vet -f owner=github -f 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 -- r.lock.yml ache/go/1.25.8/x-tests (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 -- s.lock.yml HD/45mdmEzBnpu2SUpQRbjo/tIUsuDTB--jq -ato�� rity3757646469/001 -buildtags 64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.8/x-importcfg /usr/bin/git -bool -buildtags /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel -tests /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� runs/20260413-174738-26743/test-259287340/.github/workflows git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel owner /usr/bin/git 0 -j ACCEPT git rev-�� --show-toplevel /opt/hostedtoolcache/node/24.14.1/x64/bin/node /usr/bin/git inputs.branch git /usr/bin/infocmpgit-upload-pack 'origin' git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha edOutput3628508468/001 -buildtags 64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc 64/pkg/tool/linux_amd64/vet rev-�� --show-toplevel -tests /usr/bin/git js/**/*.json' --/opt/hostedtoolcache/node/24.14.1/x64/bin/node -- er: String!, $naSecret: ${{ secrets.TOKEN }} git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git sistency_GoAndJagit -buildtags 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git sistency_Inlinedgit -tests /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha /usr/bin/git resolved$ /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha te '../../../**/-errorsas piler_yaml_main_-ifaceassert ache/go/1.25.8/x-nilfunc --theirs -- lock.yml ache/go/1.25.8/x/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitbranch_with_hyphen1488453748/002/work -c echo "��� Go code formatted" git .cfg v2.13.0/pkg/api/git v2.13.0/pkg/api/init .lock.yml ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 5238045/b383/imprev-parse 64/bin/node git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolc-C /usr/bin/git git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha om/stretchr/test-p om/stretchr/testmain ache/go/1.25.8/x-lang=go1.25 --theirs -- n-dir/git ache/go/1.25.8/x-dwarf=false (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha /home/REDACTED/wor-p on ache/go/1.25.8/x-lang=go1.25 /../../.prettierinfocmp erignore ntifier.lock.ymlxterm-color ache/go/1.25.8/x-goversion (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha graphql on ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /../../.prettier/usr/bin/git erignore -f ache/go/1.25.8/x^remote\..*\.gh-resolved$ (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha /repos/actions/u-p on ache/go/1.25.8/x-lang=go1.25 /../../.prettiergit erignore r: $owner, name:--symref ache/go/1.25.8/xorigin (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcinit /usr/bin/git git (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha --noprofile (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha rity3757646469/001 -buildtags 64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc 64/pkg/tool/linux_amd64/vet rev-�� --show-toplevel -tests /usr/bin/git js/**/*.json' --git :latest /opt/hostedtoolc--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel /usr/lib/git-core/git /usr/bin/git for-each-ref (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha user.email test@example.com /usr/bin/git --show-toplevel git nch,headSha,displayTitle git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion h ../../../.pretgit -- dering-scripts-v--show-toplevel 64/pkg/tool/linux_amd64/vet -ato�� til.go til_test.go /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git e/git --show-toplevel git /usr/bin/git e/git (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/pkg/tool/linux_amd64/vet --noprofile (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/pkg/tool/linux_amd64/vet --noprofile -cmin $name) { has--show-toplevel 64/pkg/tool/linux_amd64/vet -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows .cfg 64/pkg/tool/linux_amd64/vet r -- r: $owner, name:user.name 64/pkg/tool/linuTest User (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel e/git /usr/bin/git git (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build3325238045/b397/cli.test /tmp/go-build3325238045/b397/cli.test -test.testlogfile=/tmp/go-build3325238045/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true ignore owner=github DiscussionsEnabl--show-toplevel 64/pkg/tool/linux_amd64/vet -C rite '**/*.cjs' '**/*.ts' '**/*.json' --ignore-p-errorsas .cfg 64/pkg/tool/linux_amd64/vet l (http block)
  • Triggering command: /tmp/go-build661514730/b370/cli.test /tmp/go-build661514730/b370/cli.test -test.paniconexit0 -test.count=1 -test.timeout=2m0s rev-�� --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name rite '**/*.cjs' '**/*.ts' '**/*.json' --ignore-p-errorsas .cfg 64/pkg/tool/linux_amd64/vet l (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel git es --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/x--git-dir=/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmain_branch140667572HEAD /usr/bin/git git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot merge main and recompile

[Copilot]

Pull request overview

Adds an opt-in feature to mount eligible MCP servers as local CLI wrappers after the gateway starts, shifting agent access from MCP protocol tools to shell commands and hardening where configs/manifests are stored.

Changes:

• Introduces tools.mount-as-clis (default false) and wiring to generate a post-gateway “mount as CLIs” step plus a new prompt section.
• Moves MCP config/manifest storage from /tmp/gh-aw to ${RUNNER_TEMP}/gh-aw (with corresponding engine/script updates) and switches gateway startup to start_mcp_gateway.cjs.
• Updates placeholder validation and regenerates workflow lockfiles/goldens to reflect the new behavior and paths.

Show a summary per file

File	Description
pkg/workflow/mcp_cli_mount.go	Determines which MCP servers are mounted as CLIs and emits the mount step + prompt section.
pkg/workflow/mcp_setup_generator.go	Exports GH_AW_MCP_CLI_SERVERS for downstream converter filtering and updates MCP config dir to ${RUNNER_TEMP}.
pkg/workflow/unified_prompt_step.go	Injects the new <mcp-clis> prompt section when CLI mounting is enabled.
actions/setup/js/mount_mcp_as_cli.cjs	Implements manifest reading, MCP handshake/tool discovery, and wrapper generation under ${RUNNER_TEMP}/gh-aw/mcp-cli/bin.
actions/setup/sh/convert_gateway_config_gemini.sh	Filters out CLI-mounted servers from the agent-facing config (Gemini path).
actions/setup/sh/validate_prompt_placeholders.sh	Adjusts placeholder validation to ignore placeholder names inside inline backticks.
pkg/parser/schemas/main_workflow_schema.json	Adds schema for tools.mount-as-clis.
pkg/workflow/* (engine + rendering files)	Updates gateway invocation to start_mcp_gateway.cjs and path usage to ${RUNNER_TEMP} / ${{ runner.temp }} where appropriate.
pkg/workflow/testdata/**.golden	Updates golden outputs for new gateway invocation and ${RUNNER_TEMP} paths.
.github/workflows/*.lock.yml	Large-scale recompilation of locked workflows to reflect updated setup/gateway steps and paths.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 229/233 changed files
• Comments generated: 4

[Copilot]

Schema description for tools.mount-as-clis still says CLI-mounted servers are removed during convert_gateway_config_*.sh processing, but this PR migrates converters to convert_gateway_config_*.cjs. Updating this text will avoid confusing users about which scripts implement the filtering logic.

[Copilot]

getMCPCLIServerNames() can include arbitrary custom server names (from data.Tools / ParsedTools.Custom) without validating them against the same constraints used by mount_mcp_as_cli.cjs (e.g., /^[a-zA-Z0-9_-]{1,64}$/). If a name is invalid, the JS mounting step will skip it, but GH_AW_MCP_CLI_SERVERS will still cause converter scripts to filter it out of the agent MCP config—leaving the agent with neither an MCP tool nor a CLI wrapper. Consider validating/sanitizing names here (or only excluding from agent config when the mount step will actually create a wrapper), and log/skip invalid entries consistently with the JS script.

[Copilot]

GH_AW_MCP_CLI_SERVERS is written into a bash export and into $GITHUB_ENV using raw JSON string concatenation. If any server name contains shell-significant characters (quotes/newlines), this can break the step or become an injection vector. Either ensure getMCPCLIServerNames() only returns a strictly validated character set (and reject/escape anything else), or write the env var in a way that is robust to arbitrary JSON (e.g., printf with proper escaping / heredoc).

[Copilot]

The jq filter select(.key | IN($cliServers[]) | not) can drop all entries when cliServers is an empty array, because $cliServers[] produces no values and the predicate yields no output for select(...). This would result in an empty .mcpServers even when no CLI servers are configured. Use an emptiness-safe membership check instead (e.g., select(($cliServers | index(.key)) == null) or similar).