From 1630b70f890e33718176d19de82e99cddda2640b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 3 Jun 2026 19:50:22 +0000 Subject: [PATCH 1/3] chore: plan copilot token spec update Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/daily-ambient-context-optimizer.lock.yml | 2 +- .github/workflows/deep-report.lock.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/daily-ambient-context-optimizer.lock.yml b/.github/workflows/daily-ambient-context-optimizer.lock.yml index a01615de942..b68f815076a 100644 --- a/.github/workflows/daily-ambient-context-optimizer.lock.yml +++ b/.github/workflows/daily-ambient-context-optimizer.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"d03347fe2b0a6d6902b4f96751e9b621a092c711e8dfb72b1284f763795b369d","body_hash":"5fdf204a238cc84f6f75f2ab43abfb33da61e072c5d679e905b37a588cf99804","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"d03347fe2b0a6d6902b4f96751e9b621a092c711e8dfb72b1284f763795b369d","body_hash":"18c7700688ea94c6b2f14a2a3a5183248e84b658a5a32d9c2b683e9162487d90","strict":true,"agent_id":"copilot"} # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"4a3601121dd01d1626a1e23e37211e3254c1c06c","version":"v6.4.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/setup-python","sha":"a309ff8b426b58ec0e2a45f0f869d46889d02405","version":"v6.2.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"docker/build-push-action","sha":"f9f3042f7e2789586610d6e8b85c8f03e5195baf","version":"v7.2.0"},{"repo":"docker/setup-buildx-action","sha":"d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5","version":"v4.1.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.58"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.58"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.58"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.22"},{"image":"ghcr.io/github/github-mcp-server:v1.1.0"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]} # ___ _ _ # / _ \ | | (_) diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 4859162e9ae..cbfbc570d8e 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"b1378e3a94dc80144c9098262e28b1643aa88cc03737e623786dd73e87d8319f","body_hash":"d9aeb7d1ad73b83d345a7b34a53f3878ebc8fb846420f8e7cf5bb129711c0a4e","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"b1378e3a94dc80144c9098262e28b1643aa88cc03737e623786dd73e87d8319f","body_hash":"998dc32188e283fc86b37ca07bef72bd4c957f0282c50af482395434a8b2cb66","strict":true,"agent_id":"claude"} # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"4a3601121dd01d1626a1e23e37211e3254c1c06c","version":"v6.4.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"docker/build-push-action","sha":"f9f3042f7e2789586610d6e8b85c8f03e5195baf","version":"v7.2.0"},{"repo":"docker/setup-buildx-action","sha":"d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5","version":"v4.1.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.58"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.58"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.58"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.58"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.22"},{"image":"ghcr.io/github/github-mcp-server:v1.1.0"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]} # ___ _ _ # / _ \ | | (_) From 0adc325b5db7735ed086b061de1b25c3265c3f1f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 3 Jun 2026 19:50:53 +0000 Subject: [PATCH 2/3] docs: specify copilot connection token requirement in sdk driver spec Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../copilot-sdk-driver-specification.md | 38 ++++++++++++++++--- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/docs/src/content/docs/reference/copilot-sdk-driver-specification.md b/docs/src/content/docs/reference/copilot-sdk-driver-specification.md index 93916cfe494..3c587f57151 100644 --- a/docs/src/content/docs/reference/copilot-sdk-driver-specification.md +++ b/docs/src/content/docs/reference/copilot-sdk-driver-specification.md @@ -7,7 +7,7 @@ sidebar: # Copilot SDK Driver Specification -**Version**: 1.0.0 +**Version**: 1.0.1 **Status**: Draft Specification **Latest Version**: [copilot-sdk-driver-specification](/gh-aw/reference/copilot-sdk-driver-specification/) **Editor**: GitHub Agentic Workflows Team @@ -16,7 +16,7 @@ sidebar: ## Abstract -This specification defines the normative behavior of a Copilot SDK driver that runs an agent session against a Copilot SDK endpoint and emits session telemetry. The specification is language agnostic and focuses on environment variable contracts, permission-checking policy, and required logging behavior. Non-normative examples use TypeScript. Conforming implementations provide deterministic permission enforcement, auditable diagnostics, and interoperable runtime behavior across host environments. +This specification defines the normative behavior of a Copilot SDK driver that runs an agent session against a Copilot SDK endpoint and emits session telemetry. The specification is language agnostic and focuses on environment variable contracts, permission-checking policy, required logging behavior, and connection-token propagation between the harness-managed sidecar and the driver. Non-normative examples use TypeScript. Conforming implementations provide deterministic permission enforcement, auditable diagnostics, and interoperable runtime behavior across host environments. ## Status of This Document @@ -116,6 +116,15 @@ A conforming implementation MUST execute the following sequence: A complete implementation (Level 3) SHOULD serialize non-ephemeral session events to a JSON Lines stream compatible with downstream timeline rendering. +### 3.4 Harness Connection Token Flow + +When SDK mode is enabled (`COPILOT_SDK_URI` is set), the harness MUST generate a per-run `COPILOT_CONNECTION_TOKEN` and MUST pass the same token value to both: + +1. The harness-managed Copilot sidecar process +2. The SDK driver subprocess environment + +The SDK driver MUST treat `COPILOT_CONNECTION_TOKEN` as a required input and MUST fail fast with non-zero exit when it is missing. + --- ## 4. Configuration and Environment Variables @@ -128,17 +137,28 @@ In standalone mode, the implementation MUST enforce the following contract: | --- | --- | --- | --- | | `GH_AW_PROMPT` | Yes | Path to prompt file | MUST exist and be readable | | `COPILOT_SDK_URI` | Yes | SDK endpoint URI | MUST be non-empty | -| `COPILOT_CONNECTION_TOKEN` | Yes | Shared connection token | MUST be non-empty | +| `COPILOT_CONNECTION_TOKEN` | Yes | Per-run shared token generated by the harness in SDK mode | MUST be non-empty in the driver environment | | `COPILOT_MODEL` | No | Model override | OPTIONAL | | `COPILOT_SDK_SEND_TIMEOUT_MS` | No | Send timeout in milliseconds | Input SHOULD be a positive integer; default `600000`; implementations MUST fall back on invalid values | | `COPILOT_SDK_LOG_LEVEL` | No | SDK client log level | Valid values: `none`, `error`, `warning`, `info`, `debug`, `all`; invalid values MUST fall back to `warning` | | `GITHUB_WORKSPACE` | No | Working directory hint | SHOULD be used when present | -### 4.2 Timeout Environment Variable +### 4.2 Connection Token Requirement + +`COPILOT_CONNECTION_TOKEN` is a harness-generated per-run secret used by the SDK driver to authenticate to the harness-managed sidecar session. + +In SDK mode, a conforming implementation: + +- MUST generate a token value with sufficient entropy for local authentication. +- MUST propagate the same token to sidecar and driver processes for a given run. +- MUST require the token in the driver process environment before creating `RuntimeConnection`. +- MUST NOT log the raw token value. + +### 4.3 Timeout Environment Variable `COPILOT_SDK_SEND_TIMEOUT_MS` controls maximum send wait duration for prompt completion in standalone mode. Implementations MUST treat this value as milliseconds and MUST apply the default value (`600000`) when unset, non-numeric, or non-positive. -### 4.3 TypeScript Example (Non-Normative) +### 4.4 TypeScript Example (Non-Normative) Prerequisite: install [`@github/copilot-sdk`](https://www.npmjs.com/package/@github/copilot-sdk) in the runtime where this example executes. @@ -320,6 +340,7 @@ Implementations MUST provide automated tests for all Level 1 and Level 2 require - **T-CSD-004**: Invalid log level falls back to `warning`. - **T-CSD-005**: Unset `COPILOT_SDK_SEND_TIMEOUT_MS` falls back to default `600000`. - **T-CSD-006**: Non-numeric or non-positive `COPILOT_SDK_SEND_TIMEOUT_MS` falls back to default `600000`. +- **T-CSD-007**: In SDK mode, harness and driver receive the same non-empty `COPILOT_CONNECTION_TOKEN`, and token values are not logged. #### 8.1.2 Permission Tests @@ -345,6 +366,7 @@ Implementations MUST provide automated tests for all Level 1 and Level 2 require | Requirement | Test ID | Level | Status | | --- | --- | --- | --- | | Required standalone variables enforced | T-CSD-001..003 | 1 | Required | +| Connection token generation and propagation | T-CSD-007 | 1 | Required | | Log-level and timeout fallback behavior | T-CSD-004..006 | 1 | Required | | Default permission delegation | T-CSD-101 | 2 | Required | | Allow-all permission behavior | T-CSD-102 | 2 | Required | @@ -406,6 +428,12 @@ A conforming implementation SHOULD: ## 11. Change Log +### Version 1.0.1 (Draft Specification) + +- Added normative connection-token flow requirements based on harness SDK mode behavior. +- Clarified that `COPILOT_CONNECTION_TOKEN` is harness-generated and required in the driver environment. +- Added compliance test coverage for token propagation and non-disclosure in logs. + ### Version 1.0.0 (Draft Specification) - Added initial formal specification for Copilot SDK driver behavior. From 073ef075c6ffe4efdd1a929a19efbc2e31273f50 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 3 Jun 2026 19:52:20 +0000 Subject: [PATCH 3/3] docs: refine and format copilot token requirements in sdk driver spec Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../copilot-sdk-driver-specification.md | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/docs/src/content/docs/reference/copilot-sdk-driver-specification.md b/docs/src/content/docs/reference/copilot-sdk-driver-specification.md index 3c587f57151..640fac76e95 100644 --- a/docs/src/content/docs/reference/copilot-sdk-driver-specification.md +++ b/docs/src/content/docs/reference/copilot-sdk-driver-specification.md @@ -133,15 +133,15 @@ The SDK driver MUST treat `COPILOT_CONNECTION_TOKEN` as a required input and MUS In standalone mode, the implementation MUST enforce the following contract: -| Variable | Required | Description | Default / Validation | -| --- | --- | --- | --- | -| `GH_AW_PROMPT` | Yes | Path to prompt file | MUST exist and be readable | -| `COPILOT_SDK_URI` | Yes | SDK endpoint URI | MUST be non-empty | -| `COPILOT_CONNECTION_TOKEN` | Yes | Per-run shared token generated by the harness in SDK mode | MUST be non-empty in the driver environment | -| `COPILOT_MODEL` | No | Model override | OPTIONAL | -| `COPILOT_SDK_SEND_TIMEOUT_MS` | No | Send timeout in milliseconds | Input SHOULD be a positive integer; default `600000`; implementations MUST fall back on invalid values | -| `COPILOT_SDK_LOG_LEVEL` | No | SDK client log level | Valid values: `none`, `error`, `warning`, `info`, `debug`, `all`; invalid values MUST fall back to `warning` | -| `GITHUB_WORKSPACE` | No | Working directory hint | SHOULD be used when present | +| Variable | Required | Description | Default / Validation | +| ----------------------------- | -------- | --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | +| `GH_AW_PROMPT` | Yes | Path to prompt file | MUST exist and be readable | +| `COPILOT_SDK_URI` | Yes | SDK endpoint URI | MUST be non-empty | +| `COPILOT_CONNECTION_TOKEN` | Yes | Per-run shared token generated by the harness in SDK mode | MUST be non-empty in the driver environment | +| `COPILOT_MODEL` | No | Model override | OPTIONAL | +| `COPILOT_SDK_SEND_TIMEOUT_MS` | No | Send timeout in milliseconds | Input SHOULD be a positive integer; default `600000`; implementations MUST fall back on invalid values | +| `COPILOT_SDK_LOG_LEVEL` | No | SDK client log level | Valid values: `none`, `error`, `warning`, `info`, `debug`, `all`; invalid values MUST fall back to `warning` | +| `GITHUB_WORKSPACE` | No | Working directory hint | SHOULD be used when present | ### 4.2 Connection Token Requirement @@ -363,19 +363,19 @@ Implementations MUST provide automated tests for all Level 1 and Level 2 require ### 8.2 Compliance Checklist -| Requirement | Test ID | Level | Status | -| --- | --- | --- | --- | -| Required standalone variables enforced | T-CSD-001..003 | 1 | Required | -| Connection token generation and propagation | T-CSD-007 | 1 | Required | -| Log-level and timeout fallback behavior | T-CSD-004..006 | 1 | Required | -| Default permission delegation | T-CSD-101 | 2 | Required | -| Allow-all permission behavior | T-CSD-102 | 2 | Required | -| Scoped `read` default-deny and explicit allow | T-CSD-103..104 | 2 | Required | -| Scoped write/url/custom-tool enforcement | T-CSD-105..107 | 2 | Required | -| Scoped MCP/shell enforcement | T-CSD-108..109 | 2 | Required | -| Unknown-kind rejection | T-CSD-110 | 2 | Required | -| Permission denial diagnostics | T-CSD-111, T-CSD-202 | 2 | Required | -| Lifecycle logging coverage | T-CSD-201 | 3 | Recommended | +| Requirement | Test ID | Level | Status | +| --------------------------------------------- | -------------------- | ----- | ----------- | +| Required standalone variables enforced | T-CSD-001..003 | 1 | Required | +| Connection token generation and propagation | T-CSD-007 | 1 | Required | +| Log-level and timeout fallback behavior | T-CSD-004..006 | 1 | Required | +| Default permission delegation | T-CSD-101 | 2 | Required | +| Allow-all permission behavior | T-CSD-102 | 2 | Required | +| Scoped `read` default-deny and explicit allow | T-CSD-103..104 | 2 | Required | +| Scoped write/url/custom-tool enforcement | T-CSD-105..107 | 2 | Required | +| Scoped MCP/shell enforcement | T-CSD-108..109 | 2 | Required | +| Unknown-kind rejection | T-CSD-110 | 2 | Required | +| Permission denial diagnostics | T-CSD-111, T-CSD-202 | 2 | Required | +| Lifecycle logging coverage | T-CSD-201 | 3 | Recommended | --- @@ -392,12 +392,12 @@ Implementations MUST provide automated tests for all Level 1 and Level 2 require ### Appendix B: Error Conditions -| Condition | Required Behavior | -| --- | --- | -| Missing required standalone variable | Log error and exit non-zero | -| Prompt file unreadable | Log error and exit non-zero | -| Permission denied | Reject request and log denial summary | -| Session runtime error | Return failure result and log error summary | +| Condition | Required Behavior | +| ------------------------------------ | ------------------------------------------- | +| Missing required standalone variable | Log error and exit non-zero | +| Prompt file unreadable | Log error and exit non-zero | +| Permission denied | Reject request and log denial summary | +| Session runtime error | Return failure result and log error summary | ### Appendix C: Security Considerations