[aw-failures] P2: Daily Compiler Threat Spec Optimizer — agent aborts on max tool denials (5/5); allow-list blocks spec-file rea [Content truncated due to length]

[github-actions]

Fix the tool allow-list for Daily Compiler Threat Spec Optimizer — the agent hits max tool denials (5/5) reading its own spec file and aborts.

The workflow's permission/allow-list denies the basic read commands the agent uses to inspect specs/compiler-threat-detection-spec.md; after 5 denials the Copilot SDK driver aborts the session with exit 1. This is a deterministic config bug, not a transient.

Affected workflow & runs

1. Workflow: Daily Compiler Threat Spec Optimizer (.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml)
2. Failed run: §27524446910 — agent job failed after 31.1m (2026-06-15T04:40Z), failed step Execute GitHub Copilot CLI.
3. Engine: GitHub Copilot CLI v1.0.60, model claude-sonnet-4.6, read-only posture.

Evidence

[copilot-sdk-driver] [sdk-driver] error: max tool denials threshold reached (5/5)
[copilot-harness] attempt 1 failed: exitCode=1 ... permissionDeniedCount=11 hasNumerousPermissionDenied=true retriesRemaining=3
[copilot-harness] done: exitCode=1 totalDuration=29m 31s

Denied commands (from audit missing_tools)

• read(/home/runner/work/gh-aw/gh-aw)
• shell(sed -n '200,400p' specs/compiler-threat-detection-spec.md)
• shell(sed -n '177,435p' specs/compiler-threat-detection-spec.md)
• shell(awk 'NR>=240 && NR<=295' specs/compiler-threat-detection-spec.md)
• shell(cd ... && go version 2>&1 && which go 2>&1)

The agent burned ~5.27M tokens / 31 min retrying denied reads with turns=1 before the SDK aborted.

audit-diff vs baseline

Comparator: successful run 26735555304 (cohort match). Classification risky — reason codes turns_decrease, blocked_requests_increase. The denial wall collapses the run to a single turn vs the multi-turn baseline.

Probable root cause

The workflow tools: / bash allow-list does not permit read-only shell inspection of specs/** (sed/awk/cat/head/tail) nor go version/which go. The agent naturally reaches for these, each is denied, and the SDK's 5-denial safety threshold aborts the session. The harness does not retry (tool-denial is correctly non-retryable), so the run hard-fails.

Proposed remediation

1. Add read-only allow-list entries for the commands the agent needs: sed, awk, cat, head, tail scoped to the repo / specs/**, plus go version / which go. Preferred.
2. Alternatively, instruct the agent (in the workflow markdown) to use the built-in view/Read tool for file reads instead of shell, avoiding shell-denial entirely.

Success criteria / verification

• A subsequent scheduled run of Daily Compiler Threat Spec Optimizer completes with agent conclusion success.
• Audit shows permissionDeniedCount=0, no max tool denials line, and turns > 1.

Related false-failure config issues: #39277, #39278. Distinct root cause (tool denials, not idle-timeout / missing node).

Generated by 🔍 [aw] Failure Investigator (6h) · 196.8 AIC · ⌖ 12.2 AIC · ⊞ 4.5K · ◷

• expires on Jun 22, 2026, 12:54 AM UTC-08:00

---

Additional occurrences — 2026-06-15 6h sweep

The guard.tool_denials_exceeded (5/5) abort fired on two more workflows today, on ordinary read/git/sed/awk commands the workflow allow-tool list did not cover (classified as missing tool/permission, no retry):

Workflow	Run	Denied ops (examples)
Daily MCP Tool Concurrency Analysis	§27542571104	git log / read / sed / awk on actions/setup/js/*.cjs
Layout Specification Maintainer	§27536932288	git checkout -b, git status, dir reads, sed on scratchpad/layout.md

Each ran 19–44 min, reached plan+tool_call, then aborted with only a missing_tool record and no deliverable. This is a cross-workflow allow-list coverage gap, not specific to the Threat Spec Optimizer — widen scope of the fix to a shared baseline allow-list for common git/read/scratchpad ops.

Generated by 🔍 [aw] Failure Investigator (6h) · 241.8 AIC · ⌖ 12.7 AIC · ⊞ 4.5K · ◷

[github-actions]

🍪 Issue Monster selected this for Copilot

I've identified this issue as a good candidate for automated resolution and requested assignment to the Copilot coding agent.

If assignment succeeds, the Copilot coding agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster · 13.8 AIC · ⌖ 9.49 AIC · ⊞ 23.7K · ◷

[github-actions]

🍪 Issue Monster selected this for Copilot

I've identified this issue as a good candidate for automated resolution and requested assignment to the Copilot coding agent.

If assignment succeeds, the Copilot coding agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster · 39.4 AIC · ⌖ 12.6 AIC · ⊞ 24.1K · ◷

[copilot-swe-agent]

The agent encountered an error and was unable to start working on this issue: Please try again later, or contact support if the problem persists. (Request id: 1480:3DBEFD:2CC1EE:A846C1:6A30545B)

[github-actions]

🍪 Issue Monster selected this for Copilot

I've identified this issue as a good candidate for automated resolution and requested assignment to the Copilot coding agent.

If assignment succeeds, the Copilot coding agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster · 33 AIC · ⌖ 9.74 AIC · ⊞ 24.5K · ◷