From b86226e4b500968c0339a62ef690ef183a6c9f7c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 22 Jun 2026 14:47:20 +0000
Subject: [PATCH 1/4] Initial plan
From dee614c46e4b6c424b5c89ae85bc05471d8d9097 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 22 Jun 2026 15:08:42 +0000
Subject: [PATCH 2/4] Handle missing detection result in external conclude step
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
pkg/workflow/threat_detection.go | 18 +++++++++++++++++-
.../threat_detection_isolation_test.go | 9 +++++++++
2 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/pkg/workflow/threat_detection.go b/pkg/workflow/threat_detection.go
index ae871094cf1..41e8ce4a964 100644
--- a/pkg/workflow/threat_detection.go
+++ b/pkg/workflow/threat_detection.go
@@ -1279,7 +1279,23 @@ func (c *Compiler) buildExternalDetectorConcludeStep(data *WorkflowData) []strin
" DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}\n",
coeEnvLine,
" run: |\n",
- fmt.Sprintf(" threat-detect conclude --result-file %s\n", shellEscapeArg(constants.ThreatDetectionResultPath)),
+ fmt.Sprintf(" result_file=%s\n", shellEscapeArg(constants.ThreatDetectionResultPath)),
+ " continue_on_error=\"${GH_AW_DETECTION_CONTINUE_ON_ERROR:-true}\"\n",
+ " continue_on_error=\"$(echo \"$continue_on_error\" | tr '[:upper:]' '[:lower:]')\"\n",
+ " if [ \"$RUN_DETECTION\" = \"true\" ] && [ ! -f \"$result_file\" ]; then\n",
+ " if [ \"$continue_on_error\" = \"true\" ]; then\n",
+ " echo \"::warning::Detection result file not found at: $result_file (execution outcome: ${DETECTION_AGENTIC_EXECUTION_OUTCOME:-unknown}); continuing because GH_AW_DETECTION_CONTINUE_ON_ERROR=true\"\n",
+ " echo \"conclusion=unknown\" >> \"$GITHUB_OUTPUT\"\n",
+ " echo \"success=false\" >> \"$GITHUB_OUTPUT\"\n",
+ " echo \"reason=agent_failure\" >> \"$GITHUB_OUTPUT\"\n",
+ " echo \"GH_AW_DETECTION_CONCLUSION=unknown\" >> \"$GITHUB_ENV\"\n",
+ " echo \"GH_AW_DETECTION_REASON=agent_failure\" >> \"$GITHUB_ENV\"\n",
+ " exit 0\n",
+ " fi\n",
+ " echo \"ERR_SYSTEM: ❌ Detection result file not found at: $result_file\"\n",
+ " exit 1\n",
+ " fi\n",
+ " threat-detect conclude --result-file \"$result_file\"\n",
}...)
return steps
diff --git a/pkg/workflow/threat_detection_isolation_test.go b/pkg/workflow/threat_detection_isolation_test.go
index f73f73444c2..3cfe3083576 100644
--- a/pkg/workflow/threat_detection_isolation_test.go
+++ b/pkg/workflow/threat_detection_isolation_test.go
@@ -138,6 +138,15 @@ Test workflow`
if !strings.Contains(detectionSection, "threat-detect conclude") {
t.Error("External detector path must emit 'threat-detect conclude' as the conclude step")
}
+ if !strings.Contains(detectionSection, "conclusion=unknown") {
+ t.Error("External detector path must degrade to conclusion=unknown when result file is missing in continue-on-error mode")
+ }
+ if !strings.Contains(detectionSection, "GH_AW_DETECTION_CONCLUSION=unknown") {
+ t.Error("External detector path must export GH_AW_DETECTION_CONCLUSION=unknown for missing result fallback")
+ }
+ if !strings.Contains(detectionSection, "continuing because GH_AW_DETECTION_CONTINUE_ON_ERROR=true") {
+ t.Error("External detector path must warn and continue when result file is missing and continue-on-error is enabled")
+ }
// The install step must reference the pinned version
if !strings.Contains(detectionSection, "install_awf_binary.sh") {
From 5434a35aadb46926db16409f3ff30c5aaaf5f3d8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 22 Jun 2026 17:28:10 +0000
Subject: [PATCH 3/4] Refactor detection conclude to setup script and add tests
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
actions/setup/sh/conclude_threat_detection.sh | 24 ++++
pkg/workflow/threat_detection.go | 18 +--
.../threat_detection_conclude_script_test.go | 107 ++++++++++++++++++
.../threat_detection_isolation_test.go | 14 +--
4 files changed, 136 insertions(+), 27 deletions(-)
create mode 100755 actions/setup/sh/conclude_threat_detection.sh
create mode 100644 pkg/workflow/threat_detection_conclude_script_test.go
diff --git a/actions/setup/sh/conclude_threat_detection.sh b/actions/setup/sh/conclude_threat_detection.sh
new file mode 100755
index 00000000000..3bde4889770
--- /dev/null
+++ b/actions/setup/sh/conclude_threat_detection.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set +o histexpand
+
+set -euo pipefail
+
+RESULT_FILE="${1:-/tmp/gh-aw/threat-detection/detection_result.json}"
+continue_on_error="${GH_AW_DETECTION_CONTINUE_ON_ERROR:-true}"
+continue_on_error="$(echo "${continue_on_error}" | tr '[:upper:]' '[:lower:]')"
+
+if [ "${RUN_DETECTION:-false}" = "true" ] && [ ! -f "${RESULT_FILE}" ]; then
+ if [ "${continue_on_error}" = "true" ]; then
+ echo "::warning::Detection result file not found at: ${RESULT_FILE} (execution outcome: ${DETECTION_AGENTIC_EXECUTION_OUTCOME:-unknown}); continuing because GH_AW_DETECTION_CONTINUE_ON_ERROR=true"
+ echo "conclusion=warning" >> "${GITHUB_OUTPUT}"
+ echo "success=false" >> "${GITHUB_OUTPUT}"
+ echo "reason=agent_failure" >> "${GITHUB_OUTPUT}"
+ echo "GH_AW_DETECTION_CONCLUSION=warning" >> "${GITHUB_ENV}"
+ echo "GH_AW_DETECTION_REASON=agent_failure" >> "${GITHUB_ENV}"
+ exit 0
+ fi
+ echo "ERR_SYSTEM: ❌ Detection result file not found at: ${RESULT_FILE}"
+ exit 1
+fi
+
+threat-detect conclude --result-file "${RESULT_FILE}"
diff --git a/pkg/workflow/threat_detection.go b/pkg/workflow/threat_detection.go
index 41e8ce4a964..8142f75551d 100644
--- a/pkg/workflow/threat_detection.go
+++ b/pkg/workflow/threat_detection.go
@@ -1279,23 +1279,7 @@ func (c *Compiler) buildExternalDetectorConcludeStep(data *WorkflowData) []strin
" DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}\n",
coeEnvLine,
" run: |\n",
- fmt.Sprintf(" result_file=%s\n", shellEscapeArg(constants.ThreatDetectionResultPath)),
- " continue_on_error=\"${GH_AW_DETECTION_CONTINUE_ON_ERROR:-true}\"\n",
- " continue_on_error=\"$(echo \"$continue_on_error\" | tr '[:upper:]' '[:lower:]')\"\n",
- " if [ \"$RUN_DETECTION\" = \"true\" ] && [ ! -f \"$result_file\" ]; then\n",
- " if [ \"$continue_on_error\" = \"true\" ]; then\n",
- " echo \"::warning::Detection result file not found at: $result_file (execution outcome: ${DETECTION_AGENTIC_EXECUTION_OUTCOME:-unknown}); continuing because GH_AW_DETECTION_CONTINUE_ON_ERROR=true\"\n",
- " echo \"conclusion=unknown\" >> \"$GITHUB_OUTPUT\"\n",
- " echo \"success=false\" >> \"$GITHUB_OUTPUT\"\n",
- " echo \"reason=agent_failure\" >> \"$GITHUB_OUTPUT\"\n",
- " echo \"GH_AW_DETECTION_CONCLUSION=unknown\" >> \"$GITHUB_ENV\"\n",
- " echo \"GH_AW_DETECTION_REASON=agent_failure\" >> \"$GITHUB_ENV\"\n",
- " exit 0\n",
- " fi\n",
- " echo \"ERR_SYSTEM: ❌ Detection result file not found at: $result_file\"\n",
- " exit 1\n",
- " fi\n",
- " threat-detect conclude --result-file \"$result_file\"\n",
+ fmt.Sprintf(" bash \"${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh\" %s\n", shellEscapeArg(constants.ThreatDetectionResultPath)),
}...)
return steps
diff --git a/pkg/workflow/threat_detection_conclude_script_test.go b/pkg/workflow/threat_detection_conclude_script_test.go
new file mode 100644
index 00000000000..0ed7127bf29
--- /dev/null
+++ b/pkg/workflow/threat_detection_conclude_script_test.go
@@ -0,0 +1,107 @@
+package workflow
+
+import (
+ "os"
+ "os/exec"
+ "path/filepath"
+ "strings"
+ "testing"
+)
+
+func TestConcludeThreatDetectionScript_MissingResultContinueOnError(t *testing.T) {
+ scriptPath := filepath.Join("..", "..", "actions", "setup", "sh", "conclude_threat_detection.sh")
+ outputFile := filepath.Join(t.TempDir(), "github_output.txt")
+ envFile := filepath.Join(t.TempDir(), "github_env.txt")
+ missingResult := filepath.Join(t.TempDir(), "missing_detection_result.json")
+
+ cmd := exec.Command("bash", scriptPath, missingResult)
+ cmd.Env = append(os.Environ(),
+ "RUN_DETECTION=true",
+ "DETECTION_AGENTIC_EXECUTION_OUTCOME=failure",
+ "GH_AW_DETECTION_CONTINUE_ON_ERROR=TRUE",
+ "GITHUB_OUTPUT="+outputFile,
+ "GITHUB_ENV="+envFile,
+ )
+
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ t.Fatalf("script should continue on missing result when continue-on-error is true: %v\nOutput: %s", err, out)
+ }
+
+ outputData, err := os.ReadFile(outputFile)
+ if err != nil {
+ t.Fatalf("failed to read GITHUB_OUTPUT: %v", err)
+ }
+ outputText := string(outputData)
+ if !strings.Contains(outputText, "conclusion=warning") {
+ t.Fatalf("expected warning conclusion in GITHUB_OUTPUT, got: %s", outputText)
+ }
+ if !strings.Contains(outputText, "success=false") {
+ t.Fatalf("expected success=false in GITHUB_OUTPUT, got: %s", outputText)
+ }
+ if !strings.Contains(outputText, "reason=agent_failure") {
+ t.Fatalf("expected reason=agent_failure in GITHUB_OUTPUT, got: %s", outputText)
+ }
+
+ envData, err := os.ReadFile(envFile)
+ if err != nil {
+ t.Fatalf("failed to read GITHUB_ENV: %v", err)
+ }
+ envText := string(envData)
+ if !strings.Contains(envText, "GH_AW_DETECTION_CONCLUSION=warning") {
+ t.Fatalf("expected warning conclusion in GITHUB_ENV, got: %s", envText)
+ }
+ if !strings.Contains(envText, "GH_AW_DETECTION_REASON=agent_failure") {
+ t.Fatalf("expected agent_failure reason in GITHUB_ENV, got: %s", envText)
+ }
+ if !strings.Contains(string(out), "continuing because GH_AW_DETECTION_CONTINUE_ON_ERROR=true") {
+ t.Fatalf("expected warning message about continue-on-error, got: %s", out)
+ }
+}
+
+func TestConcludeThreatDetectionScript_InvokesThreatDetectConclude(t *testing.T) {
+ tmpDir := t.TempDir()
+ scriptPath := filepath.Join("..", "..", "actions", "setup", "sh", "conclude_threat_detection.sh")
+ resultFile := filepath.Join(tmpDir, "detection_result.json")
+ outputFile := filepath.Join(tmpDir, "github_output.txt")
+ envFile := filepath.Join(tmpDir, "github_env.txt")
+ callLog := filepath.Join(tmpDir, "call.log")
+ binDir := filepath.Join(tmpDir, "bin")
+
+ if err := os.WriteFile(resultFile, []byte(`{"conclusion":"success"}`), 0644); err != nil {
+ t.Fatalf("failed to write result file: %v", err)
+ }
+ if err := os.MkdirAll(binDir, 0755); err != nil {
+ t.Fatalf("failed to create bin dir: %v", err)
+ }
+
+ stubPath := filepath.Join(binDir, "threat-detect")
+ stub := "#!/usr/bin/env bash\n" +
+ "echo \"$*\" >> \"$CALL_LOG\"\n" +
+ "echo \"conclusion=success\" >> \"$GITHUB_OUTPUT\"\n"
+ if err := os.WriteFile(stubPath, []byte(stub), 0755); err != nil {
+ t.Fatalf("failed to write threat-detect stub: %v", err)
+ }
+
+ cmd := exec.Command("bash", scriptPath, resultFile)
+ cmd.Env = append(os.Environ(),
+ "RUN_DETECTION=true",
+ "GITHUB_OUTPUT="+outputFile,
+ "GITHUB_ENV="+envFile,
+ "CALL_LOG="+callLog,
+ "PATH="+binDir+":"+os.Getenv("PATH"),
+ )
+
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ t.Fatalf("script failed: %v\nOutput: %s", err, out)
+ }
+
+ callData, err := os.ReadFile(callLog)
+ if err != nil {
+ t.Fatalf("failed to read call log: %v", err)
+ }
+ if !strings.Contains(string(callData), "conclude --result-file "+resultFile) {
+ t.Fatalf("expected threat-detect conclude invocation, got: %s", callData)
+ }
+}
diff --git a/pkg/workflow/threat_detection_isolation_test.go b/pkg/workflow/threat_detection_isolation_test.go
index 3cfe3083576..9baafde783b 100644
--- a/pkg/workflow/threat_detection_isolation_test.go
+++ b/pkg/workflow/threat_detection_isolation_test.go
@@ -135,17 +135,11 @@ Test workflow`
if strings.Contains(detectionSection, "parse_threat_detection_results.cjs") {
t.Error("External detector path must NOT emit parse_threat_detection_results.cjs")
}
- if !strings.Contains(detectionSection, "threat-detect conclude") {
- t.Error("External detector path must emit 'threat-detect conclude' as the conclude step")
+ if !strings.Contains(detectionSection, "conclude_threat_detection.sh") {
+ t.Error("External detector path must invoke conclude_threat_detection.sh for the conclude step")
}
- if !strings.Contains(detectionSection, "conclusion=unknown") {
- t.Error("External detector path must degrade to conclusion=unknown when result file is missing in continue-on-error mode")
- }
- if !strings.Contains(detectionSection, "GH_AW_DETECTION_CONCLUSION=unknown") {
- t.Error("External detector path must export GH_AW_DETECTION_CONCLUSION=unknown for missing result fallback")
- }
- if !strings.Contains(detectionSection, "continuing because GH_AW_DETECTION_CONTINUE_ON_ERROR=true") {
- t.Error("External detector path must warn and continue when result file is missing and continue-on-error is enabled")
+ if !strings.Contains(detectionSection, "GH_AW_DETECTION_CONTINUE_ON_ERROR") {
+ t.Error("External detector path must pass GH_AW_DETECTION_CONTINUE_ON_ERROR to conclude_threat_detection.sh")
}
// The install step must reference the pinned version
From 8b4732c617b7a6d7813741bf983a73afd1a73dd8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 22 Jun 2026 18:02:48 +0000
Subject: [PATCH 4/4] chore: start PR finisher pass
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
.github/workflows/ab-testing-advisor.lock.yml | 26 ++++++------
.../agent-performance-analyzer.lock.yml | 26 ++++++------
.../workflows/agent-persona-explorer.lock.yml | 26 ++++++------
.../workflows/api-consumption-report.lock.yml | 2 +-
.github/workflows/approach-validator.lock.yml | 2 +-
.github/workflows/archie.lock.yml | 26 ++++++------
.../workflows/architecture-guardian.lock.yml | 26 ++++++------
.github/workflows/artifacts-summary.lock.yml | 26 ++++++------
.github/workflows/audit-workflows.lock.yml | 2 +-
.github/workflows/auto-triage-issues.lock.yml | 26 ++++++------
.github/workflows/avenger.lock.yml | 2 +-
.../aw-failure-investigator.lock.yml | 2 +-
.github/workflows/blog-auditor.lock.yml | 2 +-
.github/workflows/brave.lock.yml | 26 ++++++------
.../breaking-change-checker.lock.yml | 26 ++++++------
.github/workflows/changeset.lock.yml | 38 ++++++++---------
.../workflows/chaos-pr-bundle-fuzzer.lock.yml | 30 ++++++-------
.github/workflows/ci-coach.lock.yml | 30 ++++++-------
.github/workflows/ci-doctor.lock.yml | 2 +-
.../claude-code-user-docs-review.lock.yml | 2 +-
.../cli-consistency-checker.lock.yml | 26 ++++++------
.../workflows/cli-version-checker.lock.yml | 2 +-
.github/workflows/cloclo.lock.yml | 2 +-
.../workflows/code-scanning-fixer.lock.yml | 2 +-
.../commit-changes-analyzer.lock.yml | 26 ++++++------
.../constraint-solving-potd.lock.yml | 26 ++++++------
.github/workflows/contribution-check.lock.yml | 26 ++++++------
.../workflows/copilot-agent-analysis.lock.yml | 2 +-
.../copilot-cli-deep-research.lock.yml | 26 ++++++------
.github/workflows/copilot-opt.lock.yml | 26 ++++++------
.../copilot-pr-merged-report.lock.yml | 22 +++++-----
.../copilot-pr-nlp-analysis.lock.yml | 26 ++++++------
.../copilot-pr-prompt-analysis.lock.yml | 26 ++++++------
.../copilot-session-insights.lock.yml | 2 +-
.github/workflows/craft.lock.yml | 30 ++++++-------
...aily-agent-of-the-day-blog-writer.lock.yml | 30 ++++++-------
.../daily-agentrx-trace-optimizer.lock.yml | 2 +-
.../daily-ambient-context-optimizer.lock.yml | 26 ++++++------
.../daily-architecture-diagram.lock.yml | 30 ++++++-------
.../daily-assign-issue-to-user.lock.yml | 26 ++++++------
...strostylelite-markdown-spellcheck.lock.yml | 2 +-
...daily-aw-cross-repo-compile-check.lock.yml | 2 +-
...daily-awf-spec-compiler-surfacing.lock.yml | 26 ++++++------
.../workflows/daily-byok-ollama-test.lock.yml | 26 ++++++------
.../daily-cache-strategy-analyzer.lock.yml | 34 +++++++--------
.../daily-caveman-optimizer.lock.yml | 2 +-
.github/workflows/daily-choice-test.lock.yml | 2 +-
.../workflows/daily-cli-performance.lock.yml | 42 +++++++++----------
.../workflows/daily-cli-tools-tester.lock.yml | 26 ++++++------
.github/workflows/daily-code-metrics.lock.yml | 2 +-
.../daily-community-attribution.lock.yml | 30 ++++++-------
.../workflows/daily-compiler-quality.lock.yml | 26 ++++++------
...ly-compiler-threat-spec-optimizer.lock.yml | 2 +-
.../daily-credit-limit-test.lock.yml | 26 ++++++------
.github/workflows/daily-doc-healer.lock.yml | 2 +-
.github/workflows/daily-doc-updater.lock.yml | 30 ++++++-------
.../daily-experiment-report.lock.yml | 26 ++++++------
.github/workflows/daily-fact.lock.yml | 34 +++++++--------
.github/workflows/daily-file-diet.lock.yml | 26 ++++++------
.../daily-formal-spec-verifier.lock.yml | 26 ++++++------
.../workflows/daily-function-namer.lock.yml | 26 ++++++------
.../workflows/daily-geo-optimizer.lock.yml | 26 ++++++------
.github/workflows/daily-hippo-learn.lock.yml | 38 ++++++++---------
.../workflows/daily-issues-report.lock.yml | 26 ++++++------
.../daily-max-ai-credits-test.lock.yml | 26 ++++++------
.../daily-mcp-concurrency-analysis.lock.yml | 26 ++++++------
.../workflows/daily-model-inventory.lock.yml | 26 ++++++------
.../daily-multi-device-docs-tester.lock.yml | 26 ++++++------
.github/workflows/daily-news.lock.yml | 26 ++++++------
.../daily-observability-report.lock.yml | 2 +-
.../daily-performance-summary.lock.yml | 2 +-
.../daily-reliability-review.lock.yml | 2 +-
.../daily-rendering-scripts-verifier.lock.yml | 2 +-
.../workflows/daily-repo-chronicle.lock.yml | 26 ++++++------
.../daily-testify-uber-super-expert.lock.yml | 26 ++++++------
.github/workflows/docs-noob-tester.lock.yml | 26 ++++++------
.../github-remote-mcp-auth-test.lock.yml | 26 ++++++------
.../workflows/smoke-agent-all-merged.lock.yml | 2 +-
.../workflows/smoke-agent-all-none.lock.yml | 2 +-
.../smoke-agent-public-approved.lock.yml | 2 +-
.../smoke-agent-public-none.lock.yml | 2 +-
.../smoke-agent-scoped-approved.lock.yml | 2 +-
.github/workflows/smoke-antigravity.lock.yml | 26 ++++++------
.../workflows/smoke-call-workflow.lock.yml | 34 +++++++--------
.github/workflows/smoke-claude.lock.yml | 2 +-
.github/workflows/smoke-codex.lock.yml | 38 ++++++++---------
.../smoke-copilot-aoai-apikey.lock.yml | 2 +-
.../smoke-copilot-aoai-entra.lock.yml | 2 +-
.github/workflows/smoke-copilot-arm.lock.yml | 2 +-
.github/workflows/smoke-copilot-sdk.lock.yml | 26 ++++++------
.github/workflows/smoke-copilot.lock.yml | 2 +-
.../smoke-create-cross-repo-pr.lock.yml | 30 ++++++-------
.github/workflows/smoke-crush.lock.yml | 26 ++++++------
.github/workflows/smoke-gemini.lock.yml | 26 ++++++------
.github/workflows/smoke-multi-pr.lock.yml | 30 ++++++-------
.github/workflows/smoke-opencode.lock.yml | 26 ++++++------
.../workflows/smoke-otel-backends.lock.yml | 26 ++++++------
.github/workflows/smoke-pi.lock.yml | 26 ++++++------
.github/workflows/smoke-project.lock.yml | 30 ++++++-------
.../workflows/smoke-service-ports.lock.yml | 26 ++++++------
.github/workflows/smoke-temporary-id.lock.yml | 26 ++++++------
.github/workflows/smoke-test-tools.lock.yml | 26 ++++++------
.../smoke-update-cross-repo-pr.lock.yml | 30 ++++++-------
.../smoke-workflow-call-with-inputs.lock.yml | 30 ++++++-------
.../workflows/smoke-workflow-call.lock.yml | 26 ++++++------
.../test-create-pr-error-handling.lock.yml | 2 +-
.github/workflows/test-dispatcher.lock.yml | 26 ++++++------
.../test-project-url-default.lock.yml | 26 ++++++------
.../workflows/test-quality-sentinel.lock.yml | 26 ++++++------
109 files changed, 1045 insertions(+), 1045 deletions(-)
diff --git a/.github/workflows/ab-testing-advisor.lock.yml b/.github/workflows/ab-testing-advisor.lock.yml
index 71acab20d2d..5483bfc69ab 100644
--- a/.github/workflows/ab-testing-advisor.lock.yml
+++ b/.github/workflows/ab-testing-advisor.lock.yml
@@ -257,21 +257,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_e4e19df15458c5a5_EOF'
+ cat << 'GH_AW_PROMPT_e4429c65f62e8690_EOF'
- GH_AW_PROMPT_e4e19df15458c5a5_EOF
+ GH_AW_PROMPT_e4429c65f62e8690_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_e4e19df15458c5a5_EOF'
+ cat << 'GH_AW_PROMPT_e4429c65f62e8690_EOF'
Tools: create_issue(max:2), missing_tool, missing_data, noop
- GH_AW_PROMPT_e4e19df15458c5a5_EOF
+ GH_AW_PROMPT_e4429c65f62e8690_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_e4e19df15458c5a5_EOF'
+ cat << 'GH_AW_PROMPT_e4429c65f62e8690_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -300,14 +300,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_e4e19df15458c5a5_EOF
+ GH_AW_PROMPT_e4429c65f62e8690_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_e4e19df15458c5a5_EOF'
+ cat << 'GH_AW_PROMPT_e4429c65f62e8690_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/ab-testing-advisor.md}}
- GH_AW_PROMPT_e4e19df15458c5a5_EOF
+ GH_AW_PROMPT_e4429c65f62e8690_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -553,9 +553,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_0e214dbd3e7711e6_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_5176f80c1901e037_EOF'
{"create_issue":{"close_older_issues":true,"close_older_key":"ab-testing-advisor","expires":336,"group":true,"labels":["automation","experiments","ai-generated"],"max":2,"title_prefix":"[ab-advisor] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_0e214dbd3e7711e6_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_5176f80c1901e037_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -722,7 +722,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -767,7 +767,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1500,7 +1500,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml
index e01f88a0272..f6134a7ca7f 100644
--- a/.github/workflows/agent-performance-analyzer.lock.yml
+++ b/.github/workflows/agent-performance-analyzer.lock.yml
@@ -292,21 +292,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_2422f086ac2c6052_EOF'
+ cat << 'GH_AW_PROMPT_af76823a4b601e69_EOF'
- GH_AW_PROMPT_2422f086ac2c6052_EOF
+ GH_AW_PROMPT_af76823a4b601e69_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_2422f086ac2c6052_EOF'
+ cat << 'GH_AW_PROMPT_af76823a4b601e69_EOF'
Tools: add_comment(max:10), create_issue(max:5), create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_2422f086ac2c6052_EOF
+ GH_AW_PROMPT_af76823a4b601e69_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_2422f086ac2c6052_EOF'
+ cat << 'GH_AW_PROMPT_af76823a4b601e69_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -335,16 +335,16 @@ jobs:
{{/if}}
- GH_AW_PROMPT_2422f086ac2c6052_EOF
+ GH_AW_PROMPT_af76823a4b601e69_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_2422f086ac2c6052_EOF'
+ cat << 'GH_AW_PROMPT_af76823a4b601e69_EOF'
**IMPORTANT**: When analyzing agentic workflows, use the `agentic-workflows` tool to read workflow files.
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/agent-performance-analyzer.md}}
- GH_AW_PROMPT_2422f086ac2c6052_EOF
+ GH_AW_PROMPT_af76823a4b601e69_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -655,9 +655,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_c6fef4815356071e_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_35fa2b50b67d28c9_EOF'
{"add_comment":{"max":10},"create_discussion":{"expires":24,"fallback_to_issue":true,"max":1},"create_issue":{"expires":48,"group":true,"labels":["cookie"],"max":5},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":10240}]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_c6fef4815356071e_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_35fa2b50b67d28c9_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -876,7 +876,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_4c27ef9d304151ee_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_7292df9048689c98_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"agenticworkflows": {
@@ -941,7 +941,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_4c27ef9d304151ee_EOF
+ GH_AW_MCP_CONFIG_7292df9048689c98_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1722,7 +1722,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml
index 419f7e47505..7cabbb61dc8 100644
--- a/.github/workflows/agent-persona-explorer.lock.yml
+++ b/.github/workflows/agent-persona-explorer.lock.yml
@@ -298,21 +298,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_e07e72685630940d_EOF'
+ cat << 'GH_AW_PROMPT_9265ef54e4708bcd_EOF'
- GH_AW_PROMPT_e07e72685630940d_EOF
+ GH_AW_PROMPT_9265ef54e4708bcd_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_e07e72685630940d_EOF'
+ cat << 'GH_AW_PROMPT_9265ef54e4708bcd_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_e07e72685630940d_EOF
+ GH_AW_PROMPT_9265ef54e4708bcd_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_e07e72685630940d_EOF'
+ cat << 'GH_AW_PROMPT_9265ef54e4708bcd_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -341,14 +341,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_e07e72685630940d_EOF
+ GH_AW_PROMPT_9265ef54e4708bcd_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_e07e72685630940d_EOF'
+ cat << 'GH_AW_PROMPT_9265ef54e4708bcd_EOF'
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/agent-persona-explorer.md}}
- GH_AW_PROMPT_e07e72685630940d_EOF
+ GH_AW_PROMPT_9265ef54e4708bcd_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -656,9 +656,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8379d24676de3d98_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_2c5fc2f7e2b31ad4_EOF'
{"create_issue":{"close_older_issues":true,"labels":["agent-research"],"max":1,"title_prefix":"Agent Persona Exploration - "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_8379d24676de3d98_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_2c5fc2f7e2b31ad4_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -825,7 +825,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_c6943b0e725b5f53_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_f194a3d22c6f07b2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"agenticworkflows": {
@@ -888,7 +888,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_c6943b0e725b5f53_EOF
+ GH_AW_MCP_CONFIG_f194a3d22c6f07b2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1624,7 +1624,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/api-consumption-report.lock.yml b/.github/workflows/api-consumption-report.lock.yml
index 32bd107d526..229e5baaadf 100644
--- a/.github/workflows/api-consumption-report.lock.yml
+++ b/.github/workflows/api-consumption-report.lock.yml
@@ -1985,7 +1985,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/approach-validator.lock.yml b/.github/workflows/approach-validator.lock.yml
index 2d9d7270c62..aa6aa5095d3 100644
--- a/.github/workflows/approach-validator.lock.yml
+++ b/.github/workflows/approach-validator.lock.yml
@@ -1701,7 +1701,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml
index 07d74817a39..b919a3c1017 100644
--- a/.github/workflows/archie.lock.yml
+++ b/.github/workflows/archie.lock.yml
@@ -300,20 +300,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_e9d1bb4806ec1388_EOF'
+ cat << 'GH_AW_PROMPT_623b44e18004806c_EOF'
- GH_AW_PROMPT_e9d1bb4806ec1388_EOF
+ GH_AW_PROMPT_623b44e18004806c_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_e9d1bb4806ec1388_EOF'
+ cat << 'GH_AW_PROMPT_623b44e18004806c_EOF'
Tools: add_comment, missing_tool, missing_data, noop
- GH_AW_PROMPT_e9d1bb4806ec1388_EOF
+ GH_AW_PROMPT_623b44e18004806c_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_e9d1bb4806ec1388_EOF'
+ cat << 'GH_AW_PROMPT_623b44e18004806c_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -342,12 +342,12 @@ jobs:
{{/if}}
- GH_AW_PROMPT_e9d1bb4806ec1388_EOF
+ GH_AW_PROMPT_623b44e18004806c_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_e9d1bb4806ec1388_EOF'
+ cat << 'GH_AW_PROMPT_623b44e18004806c_EOF'
{{#runtime-import .github/workflows/shared/mcp/serena-go.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
@@ -356,7 +356,7 @@ jobs:
Serena is enabled for **["go"]** in `__GH_AW_GITHUB_WORKSPACE__`. Start by calling `activate_project` with that workspace path, then prefer Serena semantic tools for symbol lookup, references, docs, diagnostics, and structured edits.
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/archie.md}}
- GH_AW_PROMPT_e9d1bb4806ec1388_EOF
+ GH_AW_PROMPT_623b44e18004806c_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -589,9 +589,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_375b1128cbd884ba_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_049c1935bf1a6a33_EOF'
{"add_comment":{"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_375b1128cbd884ba_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_049c1935bf1a6a33_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -744,7 +744,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_e038212cc49aba08_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -819,7 +819,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_e038212cc49aba08_EOF
+ GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1591,7 +1591,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/architecture-guardian.lock.yml b/.github/workflows/architecture-guardian.lock.yml
index 5cee02d7cc2..87fd201ac4f 100644
--- a/.github/workflows/architecture-guardian.lock.yml
+++ b/.github/workflows/architecture-guardian.lock.yml
@@ -295,20 +295,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_2b754e3460a9bdc2_EOF'
+ cat << 'GH_AW_PROMPT_0718742a80608184_EOF'
- GH_AW_PROMPT_2b754e3460a9bdc2_EOF
+ GH_AW_PROMPT_0718742a80608184_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_2b754e3460a9bdc2_EOF'
+ cat << 'GH_AW_PROMPT_0718742a80608184_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_2b754e3460a9bdc2_EOF
+ GH_AW_PROMPT_0718742a80608184_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_2b754e3460a9bdc2_EOF'
+ cat << 'GH_AW_PROMPT_0718742a80608184_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -337,16 +337,16 @@ jobs:
{{/if}}
- GH_AW_PROMPT_2b754e3460a9bdc2_EOF
+ GH_AW_PROMPT_0718742a80608184_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_2b754e3460a9bdc2_EOF'
+ cat << 'GH_AW_PROMPT_0718742a80608184_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/activation-app.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/architecture-guardian.md}}
- GH_AW_PROMPT_2b754e3460a9bdc2_EOF
+ GH_AW_PROMPT_0718742a80608184_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -584,9 +584,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_abde978c40008351_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_c1c5256a5d7e7db7_EOF'
{"create_issue":{"assignees":["copilot"],"expires":48,"labels":["architecture","automated-analysis","cookie"],"max":1,"title_prefix":"[architecture-guardian] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_abde978c40008351_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_c1c5256a5d7e7db7_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -757,7 +757,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -819,7 +819,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1589,7 +1589,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml
index 220cc488c5e..8f28212e521 100644
--- a/.github/workflows/artifacts-summary.lock.yml
+++ b/.github/workflows/artifacts-summary.lock.yml
@@ -251,20 +251,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_8af66f942fb0e101_EOF'
+ cat << 'GH_AW_PROMPT_dc4eaf8bfb37b392_EOF'
- GH_AW_PROMPT_8af66f942fb0e101_EOF
+ GH_AW_PROMPT_dc4eaf8bfb37b392_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_8af66f942fb0e101_EOF'
+ cat << 'GH_AW_PROMPT_dc4eaf8bfb37b392_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_8af66f942fb0e101_EOF
+ GH_AW_PROMPT_dc4eaf8bfb37b392_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_8af66f942fb0e101_EOF'
+ cat << 'GH_AW_PROMPT_dc4eaf8bfb37b392_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -293,16 +293,16 @@ jobs:
{{/if}}
- GH_AW_PROMPT_8af66f942fb0e101_EOF
+ GH_AW_PROMPT_dc4eaf8bfb37b392_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_8af66f942fb0e101_EOF'
+ cat << 'GH_AW_PROMPT_dc4eaf8bfb37b392_EOF'
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/safe-output-app.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/artifacts-summary.md}}
- GH_AW_PROMPT_8af66f942fb0e101_EOF
+ GH_AW_PROMPT_dc4eaf8bfb37b392_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -524,9 +524,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b5b0915c84b5b943_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b68c6a429d327483_EOF'
{"create_discussion":{"category":"artifacts","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_b5b0915c84b5b943_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_b68c6a429d327483_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -684,7 +684,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -730,7 +730,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1485,7 +1485,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml
index f5e70b8bfed..3bc75435790 100644
--- a/.github/workflows/audit-workflows.lock.yml
+++ b/.github/workflows/audit-workflows.lock.yml
@@ -1786,7 +1786,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_repo_memory:
needs:
diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml
index 2a69b0401bd..952f8ac208d 100644
--- a/.github/workflows/auto-triage-issues.lock.yml
+++ b/.github/workflows/auto-triage-issues.lock.yml
@@ -273,20 +273,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_fe28a19bc524ad58_EOF'
+ cat << 'GH_AW_PROMPT_ade46d9f1556725b_EOF'
- GH_AW_PROMPT_fe28a19bc524ad58_EOF
+ GH_AW_PROMPT_ade46d9f1556725b_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_fe28a19bc524ad58_EOF'
+ cat << 'GH_AW_PROMPT_ade46d9f1556725b_EOF'
Tools: create_discussion, add_labels(max:10), missing_tool, missing_data, noop
- GH_AW_PROMPT_fe28a19bc524ad58_EOF
+ GH_AW_PROMPT_ade46d9f1556725b_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_fe28a19bc524ad58_EOF'
+ cat << 'GH_AW_PROMPT_ade46d9f1556725b_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -315,16 +315,16 @@ jobs:
{{/if}}
- GH_AW_PROMPT_fe28a19bc524ad58_EOF
+ GH_AW_PROMPT_ade46d9f1556725b_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_fe28a19bc524ad58_EOF'
+ cat << 'GH_AW_PROMPT_ade46d9f1556725b_EOF'
{{#runtime-import .github/workflows/shared/github-guard-policy.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/auto-triage-issues.md}}
- GH_AW_PROMPT_fe28a19bc524ad58_EOF
+ GH_AW_PROMPT_ade46d9f1556725b_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -565,9 +565,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_673dfcb2459023be_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b802e386e3a021cd_EOF'
{"add_labels":{"max":10},"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[Auto-Triage] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_673dfcb2459023be_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_b802e386e3a021cd_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -744,7 +744,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -789,7 +789,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1501,7 +1501,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/avenger.lock.yml b/.github/workflows/avenger.lock.yml
index a0d24f631d0..b6e50fab203 100644
--- a/.github/workflows/avenger.lock.yml
+++ b/.github/workflows/avenger.lock.yml
@@ -1670,7 +1670,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/aw-failure-investigator.lock.yml b/.github/workflows/aw-failure-investigator.lock.yml
index 673f624c4a2..b88fd9827dd 100644
--- a/.github/workflows/aw-failure-investigator.lock.yml
+++ b/.github/workflows/aw-failure-investigator.lock.yml
@@ -1774,7 +1774,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml
index 32c9563eab8..a9fa7d73490 100644
--- a/.github/workflows/blog-auditor.lock.yml
+++ b/.github/workflows/blog-auditor.lock.yml
@@ -1654,7 +1654,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml
index c1ca0c13a17..cec25a88059 100644
--- a/.github/workflows/brave.lock.yml
+++ b/.github/workflows/brave.lock.yml
@@ -299,20 +299,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_5b61c3fb0d5b8f18_EOF'
+ cat << 'GH_AW_PROMPT_87f1e12046ac1e28_EOF'
- GH_AW_PROMPT_5b61c3fb0d5b8f18_EOF
+ GH_AW_PROMPT_87f1e12046ac1e28_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_5b61c3fb0d5b8f18_EOF'
+ cat << 'GH_AW_PROMPT_87f1e12046ac1e28_EOF'
Tools: add_comment, missing_tool, missing_data, noop
- GH_AW_PROMPT_5b61c3fb0d5b8f18_EOF
+ GH_AW_PROMPT_87f1e12046ac1e28_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_5b61c3fb0d5b8f18_EOF'
+ cat << 'GH_AW_PROMPT_87f1e12046ac1e28_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -341,18 +341,18 @@ jobs:
{{/if}}
- GH_AW_PROMPT_5b61c3fb0d5b8f18_EOF
+ GH_AW_PROMPT_87f1e12046ac1e28_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_5b61c3fb0d5b8f18_EOF'
+ cat << 'GH_AW_PROMPT_87f1e12046ac1e28_EOF'
{{#runtime-import .github/workflows/shared/mcp/brave.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/brave.md}}
- GH_AW_PROMPT_5b61c3fb0d5b8f18_EOF
+ GH_AW_PROMPT_87f1e12046ac1e28_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -585,9 +585,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_375b1128cbd884ba_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_049c1935bf1a6a33_EOF'
{"add_comment":{"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_375b1128cbd884ba_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_049c1935bf1a6a33_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -744,7 +744,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_89175a6220abecbc_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_f61436769eb40349_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"brave-search": {
@@ -823,7 +823,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_89175a6220abecbc_EOF
+ GH_AW_MCP_CONFIG_f61436769eb40349_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1587,7 +1587,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml
index 1679e18fff5..0a0a32c2995 100644
--- a/.github/workflows/breaking-change-checker.lock.yml
+++ b/.github/workflows/breaking-change-checker.lock.yml
@@ -258,20 +258,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_d9db46c198a99599_EOF'
+ cat << 'GH_AW_PROMPT_1d206ac7b8d577f4_EOF'
- GH_AW_PROMPT_d9db46c198a99599_EOF
+ GH_AW_PROMPT_1d206ac7b8d577f4_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_d9db46c198a99599_EOF'
+ cat << 'GH_AW_PROMPT_1d206ac7b8d577f4_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_d9db46c198a99599_EOF
+ GH_AW_PROMPT_1d206ac7b8d577f4_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_d9db46c198a99599_EOF'
+ cat << 'GH_AW_PROMPT_1d206ac7b8d577f4_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -300,15 +300,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_d9db46c198a99599_EOF
+ GH_AW_PROMPT_1d206ac7b8d577f4_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_d9db46c198a99599_EOF'
+ cat << 'GH_AW_PROMPT_1d206ac7b8d577f4_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/activation-app.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/breaking-change-checker.md}}
- GH_AW_PROMPT_d9db46c198a99599_EOF
+ GH_AW_PROMPT_1d206ac7b8d577f4_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -534,9 +534,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_eb8737ded6d2634f_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8fcbca199339b787_EOF'
{"create_issue":{"assignees":["copilot"],"expires":48,"labels":["breaking-change","automated-analysis","cookie"],"max":1,"title_prefix":"[breaking-change] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_eb8737ded6d2634f_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_8fcbca199339b787_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -704,7 +704,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -750,7 +750,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1531,7 +1531,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml
index 3a1e0cc1fa0..f57e43a8fae 100644
--- a/.github/workflows/changeset.lock.yml
+++ b/.github/workflows/changeset.lock.yml
@@ -305,23 +305,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_8d15866f390415d9_EOF'
+ cat << 'GH_AW_PROMPT_687d88ade0bb04ab_EOF'
- GH_AW_PROMPT_8d15866f390415d9_EOF
+ GH_AW_PROMPT_687d88ade0bb04ab_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_8d15866f390415d9_EOF'
+ cat << 'GH_AW_PROMPT_687d88ade0bb04ab_EOF'
Tools: update_pull_request, push_to_pull_request_branch, missing_tool, missing_data, noop
- GH_AW_PROMPT_8d15866f390415d9_EOF
+ GH_AW_PROMPT_687d88ade0bb04ab_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
- cat << 'GH_AW_PROMPT_8d15866f390415d9_EOF'
+ cat << 'GH_AW_PROMPT_687d88ade0bb04ab_EOF'
- GH_AW_PROMPT_8d15866f390415d9_EOF
+ GH_AW_PROMPT_687d88ade0bb04ab_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_8d15866f390415d9_EOF'
+ cat << 'GH_AW_PROMPT_687d88ade0bb04ab_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -350,15 +350,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_8d15866f390415d9_EOF
+ GH_AW_PROMPT_687d88ade0bb04ab_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_8d15866f390415d9_EOF'
+ cat << 'GH_AW_PROMPT_687d88ade0bb04ab_EOF'
{{#runtime-import .github/workflows/shared/changeset-format.md}}
{{#runtime-import .github/skills/jqschema/SKILL.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/changeset.md}}
- GH_AW_PROMPT_8d15866f390415d9_EOF
+ GH_AW_PROMPT_687d88ade0bb04ab_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -589,9 +589,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_cb353f1bc5473079_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_50c6d2e0a8a3147f_EOF'
{"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_to_pull_request_branch":{"allowed_files":[".changeset/**"],"commit_title_suffix":" [skip-ci]","if_no_changes":"warn","max_patch_size":4096,"patch_format":"bundle","protect_top_level_dot_folders":true,"protected_dot_folder_excludes":[".changeset/"],"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"blocked"},"report_incomplete":{},"update_pull_request":{"allow_body":true,"allow_title":false,"default_operation":"append","max":1,"update_branch":false}}
- GH_AW_SAFE_OUTPUTS_CONFIG_cb353f1bc5473079_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_50c6d2e0a8a3147f_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -780,7 +780,7 @@ jobs:
DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0')
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
- cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_e4ec9dd5bb65b2bd_EOF
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_6d3b6d1377b18c9a_EOF
[history]
persistence = "none"
@@ -808,11 +808,11 @@ jobs:
[mcp_servers.safeoutputs."guard-policies".write-sink]
accept = ["*"]
- GH_AW_MCP_CONFIG_e4ec9dd5bb65b2bd_EOF
+ GH_AW_MCP_CONFIG_6d3b6d1377b18c9a_EOF
# Generate JSON config for MCP gateway
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_d39699d1b063f094_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_127079b3ae1cd520_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -872,11 +872,11 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_d39699d1b063f094_EOF
+ GH_AW_MCP_CONFIG_127079b3ae1cd520_EOF
# Sync converter output to writable CODEX_HOME for Codex
mkdir -p /tmp/gh-aw/mcp-config
- cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_929fca99db4cd5ec_EOF
+ cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_47d4538748fe3213_EOF
model_provider = "openai-proxy"
@@ -888,7 +888,7 @@ jobs:
[shell_environment_policy]
inherit = "core"
include_only = ["^CODEX_API_KEY$", "^GH_AW_ASSETS_ALLOWED_EXTS$", "^GH_AW_ASSETS_BRANCH$", "^GH_AW_ASSETS_MAX_SIZE_KB$", "^GH_AW_SAFE_OUTPUTS$", "^GITHUB_PERSONAL_ACCESS_TOKEN$", "^GITHUB_REPOSITORY$", "^GITHUB_SERVER_URL$", "^HOME$", "^OPENAI_API_KEY$", "^PATH$"]
- GH_AW_CODEX_SHELL_POLICY_929fca99db4cd5ec_EOF
+ GH_AW_CODEX_SHELL_POLICY_47d4538748fe3213_EOF
awk '
BEGIN { skip_openai_proxy = 0 }
/^[[:space:]]*model_provider[[:space:]]*=/ { next }
@@ -1608,7 +1608,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/chaos-pr-bundle-fuzzer.lock.yml b/.github/workflows/chaos-pr-bundle-fuzzer.lock.yml
index 14dd24667b8..80fe63d69ee 100644
--- a/.github/workflows/chaos-pr-bundle-fuzzer.lock.yml
+++ b/.github/workflows/chaos-pr-bundle-fuzzer.lock.yml
@@ -257,24 +257,24 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_cfbedf771b568967_EOF'
+ cat << 'GH_AW_PROMPT_1c8e52d002a133b3_EOF'
- GH_AW_PROMPT_cfbedf771b568967_EOF
+ GH_AW_PROMPT_1c8e52d002a133b3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_cfbedf771b568967_EOF'
+ cat << 'GH_AW_PROMPT_1c8e52d002a133b3_EOF'
Tools: create_pull_request(max:5), missing_tool, missing_data, noop
- GH_AW_PROMPT_cfbedf771b568967_EOF
+ GH_AW_PROMPT_1c8e52d002a133b3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_cfbedf771b568967_EOF'
+ cat << 'GH_AW_PROMPT_1c8e52d002a133b3_EOF'
- GH_AW_PROMPT_cfbedf771b568967_EOF
+ GH_AW_PROMPT_1c8e52d002a133b3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_cfbedf771b568967_EOF'
+ cat << 'GH_AW_PROMPT_1c8e52d002a133b3_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -303,14 +303,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_cfbedf771b568967_EOF
+ GH_AW_PROMPT_1c8e52d002a133b3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_cfbedf771b568967_EOF'
+ cat << 'GH_AW_PROMPT_1c8e52d002a133b3_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/chaos-pr-bundle-fuzzer.md}}
- GH_AW_PROMPT_cfbedf771b568967_EOF
+ GH_AW_PROMPT_1c8e52d002a133b3_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -552,9 +552,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_037094becd77c8ef_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_db67ecba950d1e42_EOF'
{"create_pull_request":{"allowed_files":["tmp/chaos/**","scratchpad/chaos/**","tests/chaos/**"],"close_older_pull_requests":true,"draft":true,"excluded_files":[".github/workflows/**"],"expires":4,"if_no_changes":"ignore","labels":["test-in-progress"],"max":5,"max_patch_files":100,"max_patch_size":4096,"preserve_branch_name":true,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","PI.md","AGENTS.md"],"protected_files_policy":"blocked","recreate_ref":true,"title_prefix":"[chaos-test] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_037094becd77c8ef_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_db67ecba950d1e42_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -725,7 +725,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -770,7 +770,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1502,7 +1502,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml
index 870d3f1d255..7b7b71a4d84 100644
--- a/.github/workflows/ci-coach.lock.yml
+++ b/.github/workflows/ci-coach.lock.yml
@@ -293,24 +293,24 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_d9822b0a3534b6b7_EOF'
+ cat << 'GH_AW_PROMPT_f2420421fedccfc9_EOF'
- GH_AW_PROMPT_d9822b0a3534b6b7_EOF
+ GH_AW_PROMPT_f2420421fedccfc9_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_d9822b0a3534b6b7_EOF'
+ cat << 'GH_AW_PROMPT_f2420421fedccfc9_EOF'
Tools: create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_d9822b0a3534b6b7_EOF
+ GH_AW_PROMPT_f2420421fedccfc9_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_d9822b0a3534b6b7_EOF'
+ cat << 'GH_AW_PROMPT_f2420421fedccfc9_EOF'
- GH_AW_PROMPT_d9822b0a3534b6b7_EOF
+ GH_AW_PROMPT_f2420421fedccfc9_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_d9822b0a3534b6b7_EOF'
+ cat << 'GH_AW_PROMPT_f2420421fedccfc9_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -339,9 +339,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_d9822b0a3534b6b7_EOF
+ GH_AW_PROMPT_f2420421fedccfc9_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_d9822b0a3534b6b7_EOF'
+ cat << 'GH_AW_PROMPT_f2420421fedccfc9_EOF'
{{#runtime-import .github/workflows/shared/ci-data-analysis.md}}
{{#runtime-import .github/workflows/shared/ci-optimization-strategies.md}}
@@ -350,7 +350,7 @@ jobs:
{{#runtime-import .github/skills/jqschema/SKILL.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/ci-coach.md}}
- GH_AW_PROMPT_d9822b0a3534b6b7_EOF
+ GH_AW_PROMPT_f2420421fedccfc9_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -629,9 +629,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_e75d4ec0a32c1d0e_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_9df9f766edf4dc2c_EOF'
{"create_pull_request":{"expires":48,"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"fallback-to-issue","title_prefix":"[ci-coach] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_e75d4ec0a32c1d0e_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_9df9f766edf4dc2c_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -803,7 +803,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -849,7 +849,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1636,7 +1636,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml
index b79ed019ae9..b5b44d3fcf4 100644
--- a/.github/workflows/ci-doctor.lock.yml
+++ b/.github/workflows/ci-doctor.lock.yml
@@ -1814,7 +1814,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml
index 49a51101de2..b9a343d9964 100644
--- a/.github/workflows/claude-code-user-docs-review.lock.yml
+++ b/.github/workflows/claude-code-user-docs-review.lock.yml
@@ -1620,7 +1620,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml
index 29fcea7409d..9555d3dd2a1 100644
--- a/.github/workflows/cli-consistency-checker.lock.yml
+++ b/.github/workflows/cli-consistency-checker.lock.yml
@@ -248,20 +248,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_cfe4589391dd913c_EOF'
+ cat << 'GH_AW_PROMPT_d4e938165d1ccc7e_EOF'
- GH_AW_PROMPT_cfe4589391dd913c_EOF
+ GH_AW_PROMPT_d4e938165d1ccc7e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_cfe4589391dd913c_EOF'
+ cat << 'GH_AW_PROMPT_d4e938165d1ccc7e_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_cfe4589391dd913c_EOF
+ GH_AW_PROMPT_d4e938165d1ccc7e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_cfe4589391dd913c_EOF'
+ cat << 'GH_AW_PROMPT_d4e938165d1ccc7e_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -290,14 +290,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_cfe4589391dd913c_EOF
+ GH_AW_PROMPT_d4e938165d1ccc7e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_cfe4589391dd913c_EOF'
+ cat << 'GH_AW_PROMPT_d4e938165d1ccc7e_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/cli-consistency-checker.md}}
- GH_AW_PROMPT_cfe4589391dd913c_EOF
+ GH_AW_PROMPT_d4e938165d1ccc7e_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -525,9 +525,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8c945ff583e8b1a4_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_5eca5816279a06dc_EOF'
{"create_issue":{"expires":48,"labels":["automation","cli","documentation","cookie"],"max":1,"title_prefix":"[cli-consistency] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_8c945ff583e8b1a4_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_5eca5816279a06dc_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -697,7 +697,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -759,7 +759,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1498,7 +1498,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml
index c8ddf24518c..82e60e9c864 100644
--- a/.github/workflows/cli-version-checker.lock.yml
+++ b/.github/workflows/cli-version-checker.lock.yml
@@ -1606,7 +1606,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml
index 98bf7304624..cb1fc58607b 100644
--- a/.github/workflows/cloclo.lock.yml
+++ b/.github/workflows/cloclo.lock.yml
@@ -1917,7 +1917,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml
index ce6871955da..9dd856b3827 100644
--- a/.github/workflows/code-scanning-fixer.lock.yml
+++ b/.github/workflows/code-scanning-fixer.lock.yml
@@ -1580,7 +1580,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml
index 6f7c4999526..4de300a83c3 100644
--- a/.github/workflows/commit-changes-analyzer.lock.yml
+++ b/.github/workflows/commit-changes-analyzer.lock.yml
@@ -260,20 +260,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_798c62880ca56300_EOF'
+ cat << 'GH_AW_PROMPT_47bb988fd11e184c_EOF'
- GH_AW_PROMPT_798c62880ca56300_EOF
+ GH_AW_PROMPT_47bb988fd11e184c_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_798c62880ca56300_EOF'
+ cat << 'GH_AW_PROMPT_47bb988fd11e184c_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_798c62880ca56300_EOF
+ GH_AW_PROMPT_47bb988fd11e184c_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_798c62880ca56300_EOF'
+ cat << 'GH_AW_PROMPT_47bb988fd11e184c_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -302,15 +302,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_798c62880ca56300_EOF
+ GH_AW_PROMPT_47bb988fd11e184c_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_798c62880ca56300_EOF'
+ cat << 'GH_AW_PROMPT_47bb988fd11e184c_EOF'
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/commit-changes-analyzer.md}}
- GH_AW_PROMPT_798c62880ca56300_EOF
+ GH_AW_PROMPT_47bb988fd11e184c_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -530,9 +530,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_986ab24877b88c89_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_d7fe1a5a3b3a8a30_EOF'
{"create_discussion":{"category":"dev","expires":24,"fallback_to_issue":true,"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_986ab24877b88c89_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_d7fe1a5a3b3a8a30_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -689,7 +689,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -734,7 +734,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1444,7 +1444,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml
index 9781bafd059..3e7426ec875 100644
--- a/.github/workflows/constraint-solving-potd.lock.yml
+++ b/.github/workflows/constraint-solving-potd.lock.yml
@@ -254,21 +254,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_7f02c8ac18cf3857_EOF'
+ cat << 'GH_AW_PROMPT_4aecec5e467cdb80_EOF'
- GH_AW_PROMPT_7f02c8ac18cf3857_EOF
+ GH_AW_PROMPT_4aecec5e467cdb80_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_7f02c8ac18cf3857_EOF'
+ cat << 'GH_AW_PROMPT_4aecec5e467cdb80_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_7f02c8ac18cf3857_EOF
+ GH_AW_PROMPT_4aecec5e467cdb80_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_7f02c8ac18cf3857_EOF'
+ cat << 'GH_AW_PROMPT_4aecec5e467cdb80_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -297,13 +297,13 @@ jobs:
{{/if}}
- GH_AW_PROMPT_7f02c8ac18cf3857_EOF
+ GH_AW_PROMPT_4aecec5e467cdb80_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_7f02c8ac18cf3857_EOF'
+ cat << 'GH_AW_PROMPT_4aecec5e467cdb80_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/constraint-solving-potd.md}}
- GH_AW_PROMPT_7f02c8ac18cf3857_EOF
+ GH_AW_PROMPT_4aecec5e467cdb80_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -524,9 +524,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_4a4fd8a3232fecbd_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b6bc71ac1b410240_EOF'
{"create_discussion":{"category":"announcements","close_older_discussions":true,"expires":168,"fallback_to_issue":true,"labels":["constraint-solving","problem-of-the-day"],"max":1,"title_prefix":"🧩 Constraint Solving POTD:"},"create_report_incomplete_issue":{},"max_bot_mentions":1,"mentions":{"enabled":false},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_4a4fd8a3232fecbd_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_b6bc71ac1b410240_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -690,7 +690,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -752,7 +752,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1511,7 +1511,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml
index 31eb6bc9ebe..e6bc4c49821 100644
--- a/.github/workflows/contribution-check.lock.yml
+++ b/.github/workflows/contribution-check.lock.yml
@@ -260,20 +260,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_511cc5fc9c50e3e1_EOF'
+ cat << 'GH_AW_PROMPT_0e4299ad284ceb0e_EOF'
- GH_AW_PROMPT_511cc5fc9c50e3e1_EOF
+ GH_AW_PROMPT_0e4299ad284ceb0e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_511cc5fc9c50e3e1_EOF'
+ cat << 'GH_AW_PROMPT_0e4299ad284ceb0e_EOF'
Tools: add_comment(max:10), create_issue, add_labels(max:4), missing_tool, missing_data, noop
- GH_AW_PROMPT_511cc5fc9c50e3e1_EOF
+ GH_AW_PROMPT_0e4299ad284ceb0e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_511cc5fc9c50e3e1_EOF'
+ cat << 'GH_AW_PROMPT_0e4299ad284ceb0e_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -302,13 +302,13 @@ jobs:
{{/if}}
- GH_AW_PROMPT_511cc5fc9c50e3e1_EOF
+ GH_AW_PROMPT_0e4299ad284ceb0e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_511cc5fc9c50e3e1_EOF'
+ cat << 'GH_AW_PROMPT_0e4299ad284ceb0e_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/contribution-check.md}}
- GH_AW_PROMPT_511cc5fc9c50e3e1_EOF
+ GH_AW_PROMPT_0e4299ad284ceb0e_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -611,9 +611,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_50f60d7940afd91a_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_a92d2cee96d2798c_EOF'
{"add_comment":{"hide_older_comments":true,"max":10,"target":"*","target-repo":"${{ vars.TARGET_REPOSITORY }}"},"add_labels":{"allowed":["spam","needs-work","outdated","lgtm"],"max":4,"target":"*","target-repo":"${{ vars.TARGET_REPOSITORY }}"},"create_issue":{"close_older_issues":true,"expires":24,"group_by_day":true,"labels":["contribution-report"],"max":1,"title_prefix":"[Contribution Check Report]"},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_50f60d7940afd91a_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_a92d2cee96d2798c_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -824,7 +824,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -870,7 +870,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1620,7 +1620,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml
index a24ac78a970..08624c44fef 100644
--- a/.github/workflows/copilot-agent-analysis.lock.yml
+++ b/.github/workflows/copilot-agent-analysis.lock.yml
@@ -1701,7 +1701,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml
index c732ac6b021..de88afee7f5 100644
--- a/.github/workflows/copilot-cli-deep-research.lock.yml
+++ b/.github/workflows/copilot-cli-deep-research.lock.yml
@@ -251,21 +251,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_28643ace6a87f2d4_EOF'
+ cat << 'GH_AW_PROMPT_3ea66b2ddcc1a922_EOF'
- GH_AW_PROMPT_28643ace6a87f2d4_EOF
+ GH_AW_PROMPT_3ea66b2ddcc1a922_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_28643ace6a87f2d4_EOF'
+ cat << 'GH_AW_PROMPT_3ea66b2ddcc1a922_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_28643ace6a87f2d4_EOF
+ GH_AW_PROMPT_3ea66b2ddcc1a922_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_28643ace6a87f2d4_EOF'
+ cat << 'GH_AW_PROMPT_3ea66b2ddcc1a922_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -294,15 +294,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_28643ace6a87f2d4_EOF
+ GH_AW_PROMPT_3ea66b2ddcc1a922_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_28643ace6a87f2d4_EOF'
+ cat << 'GH_AW_PROMPT_3ea66b2ddcc1a922_EOF'
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/copilot-cli-deep-research.md}}
- GH_AW_PROMPT_28643ace6a87f2d4_EOF
+ GH_AW_PROMPT_3ea66b2ddcc1a922_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -551,9 +551,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_0d99804bab0377ed_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_37159f883e3213b1_EOF'
{"create_discussion":{"category":"research","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[copilot-cli-research] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":204800,"max_patch_size":10240}]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_0d99804bab0377ed_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_37159f883e3213b1_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -711,7 +711,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -757,7 +757,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1532,7 +1532,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_repo_memory:
needs:
diff --git a/.github/workflows/copilot-opt.lock.yml b/.github/workflows/copilot-opt.lock.yml
index 44083d46d02..32287fc8ed3 100644
--- a/.github/workflows/copilot-opt.lock.yml
+++ b/.github/workflows/copilot-opt.lock.yml
@@ -260,21 +260,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_50db99a91de955fb_EOF'
+ cat << 'GH_AW_PROMPT_8323799dad0cf3e0_EOF'
- GH_AW_PROMPT_50db99a91de955fb_EOF
+ GH_AW_PROMPT_8323799dad0cf3e0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_50db99a91de955fb_EOF'
+ cat << 'GH_AW_PROMPT_8323799dad0cf3e0_EOF'
Tools: create_issue(max:3), missing_tool, missing_data, noop
- GH_AW_PROMPT_50db99a91de955fb_EOF
+ GH_AW_PROMPT_8323799dad0cf3e0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_50db99a91de955fb_EOF'
+ cat << 'GH_AW_PROMPT_8323799dad0cf3e0_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -303,9 +303,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_50db99a91de955fb_EOF
+ GH_AW_PROMPT_8323799dad0cf3e0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_50db99a91de955fb_EOF'
+ cat << 'GH_AW_PROMPT_8323799dad0cf3e0_EOF'
{{#runtime-import .github/skills/jqschema/SKILL.md}}
{{#runtime-import .github/workflows/shared/copilot-session-data-fetch.md}}
@@ -314,7 +314,7 @@ jobs:
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/copilot-opt.md}}
- GH_AW_PROMPT_50db99a91de955fb_EOF
+ GH_AW_PROMPT_8323799dad0cf3e0_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -577,9 +577,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_30c5fc77dd311637_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_38fd4b1abe1a705c_EOF'
{"create_issue":{"close_older_issues":true,"labels":["copilot-opt","optimization","cookie"],"max":3,"title_prefix":"[copilot-opt] "},"create_report_incomplete_issue":{},"mentions":{"enabled":false},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_30c5fc77dd311637_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_38fd4b1abe1a705c_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -750,7 +750,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -796,7 +796,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1598,7 +1598,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml
index 96a63206387..48c917bac50 100644
--- a/.github/workflows/copilot-pr-merged-report.lock.yml
+++ b/.github/workflows/copilot-pr-merged-report.lock.yml
@@ -247,21 +247,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_4ce0b77b68483a55_EOF'
+ cat << 'GH_AW_PROMPT_380a9420830ddf34_EOF'
- GH_AW_PROMPT_4ce0b77b68483a55_EOF
+ GH_AW_PROMPT_380a9420830ddf34_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_4ce0b77b68483a55_EOF'
+ cat << 'GH_AW_PROMPT_380a9420830ddf34_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_4ce0b77b68483a55_EOF
+ GH_AW_PROMPT_380a9420830ddf34_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_4ce0b77b68483a55_EOF'
+ cat << 'GH_AW_PROMPT_380a9420830ddf34_EOF'
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/gh.md}}
@@ -271,7 +271,7 @@ jobs:
{{#runtime-import .github/workflows/shared/copilot-pr-data-fetch.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/copilot-pr-merged-report.md}}
- GH_AW_PROMPT_4ce0b77b68483a55_EOF
+ GH_AW_PROMPT_380a9420830ddf34_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -507,9 +507,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_7e5fbfb0b1dcf68b_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_1a3efbc3313903f2_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[copilot-pr-merged-report] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_7e5fbfb0b1dcf68b_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_1a3efbc3313903f2_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -667,7 +667,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_f14ff886ce7f5499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_cce0bafd51422996_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -706,7 +706,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_f14ff886ce7f5499_EOF
+ GH_AW_MCP_CONFIG_cce0bafd51422996_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1469,7 +1469,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml
index 5a24445d423..734432c1134 100644
--- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml
+++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml
@@ -259,24 +259,24 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_4befe4bb4921dc5d_EOF'
+ cat << 'GH_AW_PROMPT_3eedca19303c1282_EOF'
- GH_AW_PROMPT_4befe4bb4921dc5d_EOF
+ GH_AW_PROMPT_3eedca19303c1282_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_4befe4bb4921dc5d_EOF'
+ cat << 'GH_AW_PROMPT_3eedca19303c1282_EOF'
Tools: create_discussion, upload_asset(max:5), missing_tool, missing_data, noop
upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
- GH_AW_PROMPT_4befe4bb4921dc5d_EOF
+ GH_AW_PROMPT_3eedca19303c1282_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_4befe4bb4921dc5d_EOF'
+ cat << 'GH_AW_PROMPT_3eedca19303c1282_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -305,9 +305,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_4befe4bb4921dc5d_EOF
+ GH_AW_PROMPT_3eedca19303c1282_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_4befe4bb4921dc5d_EOF'
+ cat << 'GH_AW_PROMPT_3eedca19303c1282_EOF'
{{#runtime-import .github/workflows/shared/copilot-pr-analysis-base.md}}
{{#runtime-import .github/workflows/shared/python-dataviz.md}}
@@ -318,7 +318,7 @@ jobs:
{{#runtime-import .github/workflows/shared/copilot-pr-data-fetch.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/copilot-pr-nlp-analysis.md}}
- GH_AW_PROMPT_4befe4bb4921dc5d_EOF
+ GH_AW_PROMPT_3eedca19303c1282_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -626,9 +626,9 @@ jobs:
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/assets"
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_1702422a16fe9044_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_7dfe86573c5fc941_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[nlp-analysis] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":10240}]},"report_incomplete":{},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg",".svg"],"branch":"assets/${GITHUB_WORKFLOW}","max":5,"max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_1702422a16fe9044_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_7dfe86573c5fc941_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -802,7 +802,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -864,7 +864,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1661,7 +1661,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_repo_memory:
needs:
diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml
index 66ea6d17f2a..3a1f1f4ad4e 100644
--- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml
+++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml
@@ -256,22 +256,22 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_281765c82d9c9932_EOF'
+ cat << 'GH_AW_PROMPT_87405866dd40e3cc_EOF'
- GH_AW_PROMPT_281765c82d9c9932_EOF
+ GH_AW_PROMPT_87405866dd40e3cc_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_281765c82d9c9932_EOF'
+ cat << 'GH_AW_PROMPT_87405866dd40e3cc_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_281765c82d9c9932_EOF
+ GH_AW_PROMPT_87405866dd40e3cc_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_281765c82d9c9932_EOF'
+ cat << 'GH_AW_PROMPT_87405866dd40e3cc_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -300,9 +300,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_281765c82d9c9932_EOF
+ GH_AW_PROMPT_87405866dd40e3cc_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_281765c82d9c9932_EOF'
+ cat << 'GH_AW_PROMPT_87405866dd40e3cc_EOF'
{{#runtime-import .github/workflows/shared/copilot-pr-analysis-base.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
@@ -311,7 +311,7 @@ jobs:
{{#runtime-import .github/workflows/shared/copilot-pr-data-fetch.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/copilot-pr-prompt-analysis.md}}
- GH_AW_PROMPT_281765c82d9c9932_EOF
+ GH_AW_PROMPT_87405866dd40e3cc_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -591,9 +591,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_146973339bbd03a6_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_9780310912de88a5_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[prompt-analysis] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":10240}]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_146973339bbd03a6_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_9780310912de88a5_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -754,7 +754,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -816,7 +816,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1600,7 +1600,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_repo_memory:
needs:
diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml
index 2f9171beb05..d0572b62043 100644
--- a/.github/workflows/copilot-session-insights.lock.yml
+++ b/.github/workflows/copilot-session-insights.lock.yml
@@ -1714,7 +1714,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_repo_memory:
needs:
diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml
index 148edbd0906..3b6c5dc19c8 100644
--- a/.github/workflows/craft.lock.yml
+++ b/.github/workflows/craft.lock.yml
@@ -297,23 +297,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_23b622ca4f5d9db4_EOF'
+ cat << 'GH_AW_PROMPT_f3a3fc2f32569f33_EOF'
- GH_AW_PROMPT_23b622ca4f5d9db4_EOF
+ GH_AW_PROMPT_f3a3fc2f32569f33_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_23b622ca4f5d9db4_EOF'
+ cat << 'GH_AW_PROMPT_f3a3fc2f32569f33_EOF'
Tools: add_comment, push_to_pull_request_branch, missing_tool, missing_data, noop
- GH_AW_PROMPT_23b622ca4f5d9db4_EOF
+ GH_AW_PROMPT_f3a3fc2f32569f33_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
- cat << 'GH_AW_PROMPT_23b622ca4f5d9db4_EOF'
+ cat << 'GH_AW_PROMPT_f3a3fc2f32569f33_EOF'
- GH_AW_PROMPT_23b622ca4f5d9db4_EOF
+ GH_AW_PROMPT_f3a3fc2f32569f33_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_23b622ca4f5d9db4_EOF'
+ cat << 'GH_AW_PROMPT_f3a3fc2f32569f33_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -342,7 +342,7 @@ jobs:
{{/if}}
- GH_AW_PROMPT_23b622ca4f5d9db4_EOF
+ GH_AW_PROMPT_f3a3fc2f32569f33_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
@@ -350,12 +350,12 @@ jobs:
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_push_to_pr_branch_guidance.md"
fi
- cat << 'GH_AW_PROMPT_23b622ca4f5d9db4_EOF'
+ cat << 'GH_AW_PROMPT_f3a3fc2f32569f33_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/craft.md}}
- GH_AW_PROMPT_23b622ca4f5d9db4_EOF
+ GH_AW_PROMPT_f3a3fc2f32569f33_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -592,9 +592,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_32d2f4d48646691c_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_f22d12bdf8bebff4_EOF'
{"add_comment":{"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_to_pull_request_branch":{"if_no_changes":"warn","max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_32d2f4d48646691c_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_f22d12bdf8bebff4_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -766,7 +766,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -812,7 +812,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1590,7 +1590,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml b/.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml
index 52a9d633c71..03399aa49a7 100644
--- a/.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml
+++ b/.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml
@@ -266,26 +266,26 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_862be43aaeedb37e_EOF'
+ cat << 'GH_AW_PROMPT_4623740807105d95_EOF'
- GH_AW_PROMPT_862be43aaeedb37e_EOF
+ GH_AW_PROMPT_4623740807105d95_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_862be43aaeedb37e_EOF'
+ cat << 'GH_AW_PROMPT_4623740807105d95_EOF'
Tools: create_pull_request, upload_asset(max:3), missing_tool, missing_data, noop
- GH_AW_PROMPT_862be43aaeedb37e_EOF
+ GH_AW_PROMPT_4623740807105d95_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_862be43aaeedb37e_EOF'
+ cat << 'GH_AW_PROMPT_4623740807105d95_EOF'
upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
- GH_AW_PROMPT_862be43aaeedb37e_EOF
+ GH_AW_PROMPT_4623740807105d95_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_862be43aaeedb37e_EOF'
+ cat << 'GH_AW_PROMPT_4623740807105d95_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -314,15 +314,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_862be43aaeedb37e_EOF
+ GH_AW_PROMPT_4623740807105d95_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_862be43aaeedb37e_EOF'
+ cat << 'GH_AW_PROMPT_4623740807105d95_EOF'
{{#runtime-import .github/workflows/shared/github-guard-policy.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-agent-of-the-day-blog-writer.md}}
- GH_AW_PROMPT_862be43aaeedb37e_EOF
+ GH_AW_PROMPT_4623740807105d95_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -632,9 +632,9 @@ jobs:
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/assets"
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_da639e526f02aa6c_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_f528af5ea45a4a83_EOF'
{"create_pull_request":{"allowed_files":["docs/src/content/docs/**"],"draft":false,"expires":168,"labels":["blog"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","reviewers":["copilot"],"title_prefix":"[blog] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":10240}]},"report_incomplete":{},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg",".svg"],"branch":"assets/${GITHUB_WORKFLOW}","max":3,"max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_da639e526f02aa6c_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_f528af5ea45a4a83_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -819,7 +819,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_3e846bbfc2bb0378_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_bc1e8afd57ffb1f8_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"agenticworkflows": {
@@ -884,7 +884,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_3e846bbfc2bb0378_EOF
+ GH_AW_MCP_CONFIG_bc1e8afd57ffb1f8_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1710,7 +1710,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/daily-agentrx-trace-optimizer.lock.yml b/.github/workflows/daily-agentrx-trace-optimizer.lock.yml
index f35f001382f..cca32b2a189 100644
--- a/.github/workflows/daily-agentrx-trace-optimizer.lock.yml
+++ b/.github/workflows/daily-agentrx-trace-optimizer.lock.yml
@@ -1723,7 +1723,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-ambient-context-optimizer.lock.yml b/.github/workflows/daily-ambient-context-optimizer.lock.yml
index d2981b4d227..a33ef4bb79c 100644
--- a/.github/workflows/daily-ambient-context-optimizer.lock.yml
+++ b/.github/workflows/daily-ambient-context-optimizer.lock.yml
@@ -260,20 +260,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_3dd4443cd406a122_EOF'
+ cat << 'GH_AW_PROMPT_0a16226707a95764_EOF'
- GH_AW_PROMPT_3dd4443cd406a122_EOF
+ GH_AW_PROMPT_0a16226707a95764_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_3dd4443cd406a122_EOF'
+ cat << 'GH_AW_PROMPT_0a16226707a95764_EOF'
Tools: create_issue(max:3), missing_tool, missing_data, noop
- GH_AW_PROMPT_3dd4443cd406a122_EOF
+ GH_AW_PROMPT_0a16226707a95764_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_3dd4443cd406a122_EOF'
+ cat << 'GH_AW_PROMPT_0a16226707a95764_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -302,13 +302,13 @@ jobs:
{{/if}}
- GH_AW_PROMPT_3dd4443cd406a122_EOF
+ GH_AW_PROMPT_0a16226707a95764_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_3dd4443cd406a122_EOF'
+ cat << 'GH_AW_PROMPT_0a16226707a95764_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/daily-ambient-context-optimizer.md}}
- GH_AW_PROMPT_3dd4443cd406a122_EOF
+ GH_AW_PROMPT_0a16226707a95764_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -598,9 +598,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b1a139b3c689444d_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8f0c53491324ad40_EOF'
{"create_issue":{"close_older_issues":true,"expires":168,"labels":["automation","report","workflow-optimization","analysis"],"max":3,"title_prefix":"[ambient-context] "},"create_report_incomplete_issue":{},"mentions":{"enabled":false},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_b1a139b3c689444d_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_8f0c53491324ad40_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -771,7 +771,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_4c27ef9d304151ee_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_7292df9048689c98_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"agenticworkflows": {
@@ -836,7 +836,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_4c27ef9d304151ee_EOF
+ GH_AW_MCP_CONFIG_7292df9048689c98_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1589,7 +1589,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml
index f066cc6929d..ef5f9a37c54 100644
--- a/.github/workflows/daily-architecture-diagram.lock.yml
+++ b/.github/workflows/daily-architecture-diagram.lock.yml
@@ -289,24 +289,24 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_dfe64f799acf88d7_EOF'
+ cat << 'GH_AW_PROMPT_e3a5b33243a25a76_EOF'
- GH_AW_PROMPT_dfe64f799acf88d7_EOF
+ GH_AW_PROMPT_e3a5b33243a25a76_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_dfe64f799acf88d7_EOF'
+ cat << 'GH_AW_PROMPT_e3a5b33243a25a76_EOF'
Tools: create_issue, create_discussion, create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_dfe64f799acf88d7_EOF
+ GH_AW_PROMPT_e3a5b33243a25a76_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_dfe64f799acf88d7_EOF'
+ cat << 'GH_AW_PROMPT_e3a5b33243a25a76_EOF'
- GH_AW_PROMPT_dfe64f799acf88d7_EOF
+ GH_AW_PROMPT_e3a5b33243a25a76_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_dfe64f799acf88d7_EOF'
+ cat << 'GH_AW_PROMPT_e3a5b33243a25a76_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -335,14 +335,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_dfe64f799acf88d7_EOF
+ GH_AW_PROMPT_e3a5b33243a25a76_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_dfe64f799acf88d7_EOF'
+ cat << 'GH_AW_PROMPT_e3a5b33243a25a76_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/daily-architecture-diagram.md}}
- GH_AW_PROMPT_dfe64f799acf88d7_EOF
+ GH_AW_PROMPT_e3a5b33243a25a76_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -591,9 +591,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_186c43f98af52dea_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_3a7cd9156cfaadd1_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[architecture-diagram] "},"create_issue":{"close_older_issues":true,"expires":168,"labels":["architecture","diagram"],"max":1,"title_prefix":"🏗️ Architecture Diagram:"},"create_pull_request":{"expires":168,"labels":["architecture","diagram","documentation"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[architecture] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_186c43f98af52dea_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_3a7cd9156cfaadd1_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -834,7 +834,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -896,7 +896,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1670,7 +1670,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml
index c7131482f4e..0374b173f4c 100644
--- a/.github/workflows/daily-assign-issue-to-user.lock.yml
+++ b/.github/workflows/daily-assign-issue-to-user.lock.yml
@@ -248,20 +248,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_b513bb7ca2c3d79c_EOF'
+ cat << 'GH_AW_PROMPT_609e17cde05c4aff_EOF'
- GH_AW_PROMPT_b513bb7ca2c3d79c_EOF
+ GH_AW_PROMPT_609e17cde05c4aff_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_b513bb7ca2c3d79c_EOF'
+ cat << 'GH_AW_PROMPT_609e17cde05c4aff_EOF'
Tools: add_comment, assign_to_user, missing_tool, missing_data, noop
- GH_AW_PROMPT_b513bb7ca2c3d79c_EOF
+ GH_AW_PROMPT_609e17cde05c4aff_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_b513bb7ca2c3d79c_EOF'
+ cat << 'GH_AW_PROMPT_609e17cde05c4aff_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -290,14 +290,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_b513bb7ca2c3d79c_EOF
+ GH_AW_PROMPT_609e17cde05c4aff_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_b513bb7ca2c3d79c_EOF'
+ cat << 'GH_AW_PROMPT_609e17cde05c4aff_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-assign-issue-to-user.md}}
- GH_AW_PROMPT_b513bb7ca2c3d79c_EOF
+ GH_AW_PROMPT_609e17cde05c4aff_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -519,9 +519,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_549cc6b0ad722c84_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_158938f36535f055_EOF'
{"add_comment":{"max":1,"target":"*"},"assign_to_user":{"max":1,"target":"*"},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_549cc6b0ad722c84_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_158938f36535f055_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -696,7 +696,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -742,7 +742,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1495,7 +1495,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml b/.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml
index 22cd52ca18b..1a64f4a180c 100644
--- a/.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml
+++ b/.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml
@@ -1617,7 +1617,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-aw-cross-repo-compile-check.lock.yml b/.github/workflows/daily-aw-cross-repo-compile-check.lock.yml
index 894802a1a7b..8cf994c1672 100644
--- a/.github/workflows/daily-aw-cross-repo-compile-check.lock.yml
+++ b/.github/workflows/daily-aw-cross-repo-compile-check.lock.yml
@@ -1608,7 +1608,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-awf-spec-compiler-surfacing.lock.yml b/.github/workflows/daily-awf-spec-compiler-surfacing.lock.yml
index e12e1471113..22ccdff29d5 100644
--- a/.github/workflows/daily-awf-spec-compiler-surfacing.lock.yml
+++ b/.github/workflows/daily-awf-spec-compiler-surfacing.lock.yml
@@ -258,21 +258,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_b217a96e1d307084_EOF'
+ cat << 'GH_AW_PROMPT_1f5e11bb79869d63_EOF'
- GH_AW_PROMPT_b217a96e1d307084_EOF
+ GH_AW_PROMPT_1f5e11bb79869d63_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_b217a96e1d307084_EOF'
+ cat << 'GH_AW_PROMPT_1f5e11bb79869d63_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_b217a96e1d307084_EOF
+ GH_AW_PROMPT_1f5e11bb79869d63_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_b217a96e1d307084_EOF'
+ cat << 'GH_AW_PROMPT_1f5e11bb79869d63_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -301,14 +301,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_b217a96e1d307084_EOF
+ GH_AW_PROMPT_1f5e11bb79869d63_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_b217a96e1d307084_EOF'
+ cat << 'GH_AW_PROMPT_1f5e11bb79869d63_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-awf-spec-compiler-surfacing.md}}
- GH_AW_PROMPT_b217a96e1d307084_EOF
+ GH_AW_PROMPT_1f5e11bb79869d63_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -548,9 +548,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_e436c3dccb346fd0_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_93a27a3f8cbce836_EOF'
{"create_issue":{"close_older_issues":true,"expires":168,"labels":["automation","awf","compiler","specifications"],"max":1,"title_prefix":"[awf-feature-surfacing] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":65536,"max_patch_size":10240}]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_e436c3dccb346fd0_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_93a27a3f8cbce836_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -717,7 +717,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -762,7 +762,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1494,7 +1494,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_repo_memory:
needs:
diff --git a/.github/workflows/daily-byok-ollama-test.lock.yml b/.github/workflows/daily-byok-ollama-test.lock.yml
index 9c271419ec9..6d7ad0245f9 100644
--- a/.github/workflows/daily-byok-ollama-test.lock.yml
+++ b/.github/workflows/daily-byok-ollama-test.lock.yml
@@ -232,20 +232,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_84dccfc8508bdb90_EOF'
+ cat << 'GH_AW_PROMPT_091a48b177f67b28_EOF'
- GH_AW_PROMPT_84dccfc8508bdb90_EOF
+ GH_AW_PROMPT_091a48b177f67b28_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_84dccfc8508bdb90_EOF'
+ cat << 'GH_AW_PROMPT_091a48b177f67b28_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_84dccfc8508bdb90_EOF
+ GH_AW_PROMPT_091a48b177f67b28_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_84dccfc8508bdb90_EOF'
+ cat << 'GH_AW_PROMPT_091a48b177f67b28_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -274,13 +274,13 @@ jobs:
{{/if}}
- GH_AW_PROMPT_84dccfc8508bdb90_EOF
+ GH_AW_PROMPT_091a48b177f67b28_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_84dccfc8508bdb90_EOF'
+ cat << 'GH_AW_PROMPT_091a48b177f67b28_EOF'
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-byok-ollama-test.md}}
- GH_AW_PROMPT_84dccfc8508bdb90_EOF
+ GH_AW_PROMPT_091a48b177f67b28_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -522,9 +522,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_ed342075acd21654_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_255cb20eb58bc26e_EOF'
{"create_issue":{"close_older_issues":true,"close_older_key":"daily-byok-ollama-test","expires":24,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_ed342075acd21654_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_255cb20eb58bc26e_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -694,7 +694,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_2ed48797ea52df3f_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_c70c556baaebe8bb_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -751,7 +751,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_2ed48797ea52df3f_EOF
+ GH_AW_MCP_CONFIG_c70c556baaebe8bb_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1474,7 +1474,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-cache-strategy-analyzer.lock.yml b/.github/workflows/daily-cache-strategy-analyzer.lock.yml
index a0fd358f598..491af9188fa 100644
--- a/.github/workflows/daily-cache-strategy-analyzer.lock.yml
+++ b/.github/workflows/daily-cache-strategy-analyzer.lock.yml
@@ -303,21 +303,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_ab0dae479b833fc8_EOF'
+ cat << 'GH_AW_PROMPT_5e4048335e803dce_EOF'
- GH_AW_PROMPT_ab0dae479b833fc8_EOF
+ GH_AW_PROMPT_5e4048335e803dce_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_ab0dae479b833fc8_EOF'
+ cat << 'GH_AW_PROMPT_5e4048335e803dce_EOF'
Tools: create_issue(max:5), create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_ab0dae479b833fc8_EOF
+ GH_AW_PROMPT_5e4048335e803dce_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_ab0dae479b833fc8_EOF'
+ cat << 'GH_AW_PROMPT_5e4048335e803dce_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -346,9 +346,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_ab0dae479b833fc8_EOF
+ GH_AW_PROMPT_5e4048335e803dce_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_ab0dae479b833fc8_EOF'
+ cat << 'GH_AW_PROMPT_5e4048335e803dce_EOF'
**IMPORTANT**: When analyzing agentic workflows, use the `agentic-workflows` tool to read workflow files.
{{#runtime-import .github/workflows/shared/reporting.md}}
@@ -356,7 +356,7 @@ jobs:
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-cache-strategy-analyzer.md}}
- GH_AW_PROMPT_ab0dae479b833fc8_EOF
+ GH_AW_PROMPT_5e4048335e803dce_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -674,9 +674,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b6af89ac5881cb07_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_f115cecef70aeab1_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[cache-strategy] "},"create_issue":{"expires":168,"group":true,"labels":["automation","improvement"],"max":5,"title_prefix":"[cache-strategy] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_b6af89ac5881cb07_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_f115cecef70aeab1_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -871,7 +871,7 @@ jobs:
DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0')
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
- cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_67577b14f8445200_EOF
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_3857891c818453d4_EOF
[history]
persistence = "none"
@@ -901,11 +901,11 @@ jobs:
[mcp_servers.safeoutputs."guard-policies".write-sink]
accept = ["*"]
- GH_AW_MCP_CONFIG_67577b14f8445200_EOF
+ GH_AW_MCP_CONFIG_3857891c818453d4_EOF
# Generate JSON config for MCP gateway
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_c6943b0e725b5f53_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_f194a3d22c6f07b2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"agenticworkflows": {
@@ -968,11 +968,11 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_c6943b0e725b5f53_EOF
+ GH_AW_MCP_CONFIG_f194a3d22c6f07b2_EOF
# Sync converter output to writable CODEX_HOME for Codex
mkdir -p /tmp/gh-aw/mcp-config
- cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_1b411577ffd687e9_EOF
+ cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_c096be1fb1ba2c43_EOF
model_provider = "openai-proxy"
@@ -984,7 +984,7 @@ jobs:
[shell_environment_policy]
inherit = "core"
include_only = ["^CODEX_API_KEY$", "^GH_AW_ASSETS_ALLOWED_EXTS$", "^GH_AW_ASSETS_BRANCH$", "^GH_AW_ASSETS_MAX_SIZE_KB$", "^GH_AW_SAFE_OUTPUTS$", "^GITHUB_REPOSITORY$", "^GITHUB_SERVER_URL$", "^GITHUB_TOKEN$", "^HOME$", "^OPENAI_API_KEY$", "^PATH$"]
- GH_AW_CODEX_SHELL_POLICY_1b411577ffd687e9_EOF
+ GH_AW_CODEX_SHELL_POLICY_c096be1fb1ba2c43_EOF
awk '
BEGIN { skip_openai_proxy = 0 }
/^[[:space:]]*model_provider[[:space:]]*=/ { next }
@@ -1752,7 +1752,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-caveman-optimizer.lock.yml b/.github/workflows/daily-caveman-optimizer.lock.yml
index 4557b7bd165..762a5519f9c 100644
--- a/.github/workflows/daily-caveman-optimizer.lock.yml
+++ b/.github/workflows/daily-caveman-optimizer.lock.yml
@@ -1658,7 +1658,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml
index 08c906268f5..8a23d6d1436 100644
--- a/.github/workflows/daily-choice-test.lock.yml
+++ b/.github/workflows/daily-choice-test.lock.yml
@@ -1542,7 +1542,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml
index 9f2924737f3..ac91f16e459 100644
--- a/.github/workflows/daily-cli-performance.lock.yml
+++ b/.github/workflows/daily-cli-performance.lock.yml
@@ -284,21 +284,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_8813618104d1e7fd_EOF'
+ cat << 'GH_AW_PROMPT_a48953d0deb9ea2a_EOF'
- GH_AW_PROMPT_8813618104d1e7fd_EOF
+ GH_AW_PROMPT_a48953d0deb9ea2a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_8813618104d1e7fd_EOF'
+ cat << 'GH_AW_PROMPT_a48953d0deb9ea2a_EOF'
Tools: add_comment(max:5), create_issue(max:3), create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_8813618104d1e7fd_EOF
+ GH_AW_PROMPT_a48953d0deb9ea2a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_8813618104d1e7fd_EOF'
+ cat << 'GH_AW_PROMPT_a48953d0deb9ea2a_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -327,16 +327,16 @@ jobs:
{{/if}}
- GH_AW_PROMPT_8813618104d1e7fd_EOF
+ GH_AW_PROMPT_a48953d0deb9ea2a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_8813618104d1e7fd_EOF'
+ cat << 'GH_AW_PROMPT_a48953d0deb9ea2a_EOF'
{{#runtime-import .github/workflows/shared/go-make.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-cli-performance.md}}
- GH_AW_PROMPT_8813618104d1e7fd_EOF
+ GH_AW_PROMPT_a48953d0deb9ea2a_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -587,9 +587,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_d8c9a9a0779992f5_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_005903c74aa99c48_EOF'
{"add_comment":{"max":5},"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[daily-cli-performance] "},"create_issue":{"expires":48,"group":true,"labels":["performance","automation","cookie"],"max":3,"title_prefix":"[performance] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":131072,"max_patch_size":10240}]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_d8c9a9a0779992f5_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_005903c74aa99c48_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -774,7 +774,7 @@ jobs:
- name: Write MCP Scripts Config
run: |
mkdir -p "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs"
- cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json" << 'GH_AW_MCP_SCRIPTS_TOOLS_469f1a852a85f36b_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json" << 'GH_AW_MCP_SCRIPTS_TOOLS_bab178232d2c40e3_EOF'
{
"serverName": "mcpscripts",
"version": "1.0.0",
@@ -818,8 +818,8 @@ jobs:
}
]
}
- GH_AW_MCP_SCRIPTS_TOOLS_469f1a852a85f36b_EOF
- cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs" << 'GH_AW_MCP_SCRIPTS_SERVER_5818b5ebd87c75d8_EOF'
+ GH_AW_MCP_SCRIPTS_TOOLS_bab178232d2c40e3_EOF
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs" << 'GH_AW_MCP_SCRIPTS_SERVER_e0a10bf70e571677_EOF'
const path = require("path");
const { startHttpServer } = require("./mcp_scripts_mcp_server_http.cjs");
const configPath = path.join(__dirname, "tools.json");
@@ -833,12 +833,12 @@ jobs:
console.error("Failed to start mcp-scripts HTTP server:", error);
process.exit(1);
});
- GH_AW_MCP_SCRIPTS_SERVER_5818b5ebd87c75d8_EOF
+ GH_AW_MCP_SCRIPTS_SERVER_e0a10bf70e571677_EOF
chmod +x "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs"
- name: Write MCP Scripts Tool Files
run: |
- cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/go.sh" << 'GH_AW_MCP_SCRIPTS_SH_GO_0c369cdb9541bbbc_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/go.sh" << 'GH_AW_MCP_SCRIPTS_SH_GO_7b45399736bf1900_EOF'
#!/bin/bash
# Auto-generated mcp-script tool: go
# Execute any Go command. This tool is accessible as 'mcpscripts-go'. Provide the full command after 'go' (e.g., args: 'test ./...'). The tool will run: go . Use single quotes ' for complex args to avoid shell interpretation issues.
@@ -850,9 +850,9 @@ jobs:
go $INPUT_ARGS
- GH_AW_MCP_SCRIPTS_SH_GO_0c369cdb9541bbbc_EOF
+ GH_AW_MCP_SCRIPTS_SH_GO_7b45399736bf1900_EOF
chmod +x "${RUNNER_TEMP}/gh-aw/mcp-scripts/go.sh"
- cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/make.sh" << 'GH_AW_MCP_SCRIPTS_SH_MAKE_2f7cc0abd4078475_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/make.sh" << 'GH_AW_MCP_SCRIPTS_SH_MAKE_7e3f3e7ed66106db_EOF'
#!/bin/bash
# Auto-generated mcp-script tool: make
# Execute any Make target. This tool is accessible as 'mcpscripts-make'. Provide the target name(s) (e.g., args: 'build'). The tool will run: make . Use single quotes ' for complex args to avoid shell interpretation issues.
@@ -864,7 +864,7 @@ jobs:
make $INPUT_ARGS
- GH_AW_MCP_SCRIPTS_SH_MAKE_2f7cc0abd4078475_EOF
+ GH_AW_MCP_SCRIPTS_SH_MAKE_7e3f3e7ed66106db_EOF
chmod +x "${RUNNER_TEMP}/gh-aw/mcp-scripts/make.sh"
- name: Generate MCP Scripts Server Config
@@ -938,7 +938,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_cdec53df44627bcd_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_c702096acf3e6706_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"mcpscripts": {
@@ -998,7 +998,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_cdec53df44627bcd_EOF
+ GH_AW_MCP_CONFIG_c702096acf3e6706_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1789,7 +1789,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml
index 4080009c261..4966c9a884a 100644
--- a/.github/workflows/daily-cli-tools-tester.lock.yml
+++ b/.github/workflows/daily-cli-tools-tester.lock.yml
@@ -261,20 +261,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_1affd240e02a3d82_EOF'
+ cat << 'GH_AW_PROMPT_b59e119b4752f547_EOF'
- GH_AW_PROMPT_1affd240e02a3d82_EOF
+ GH_AW_PROMPT_b59e119b4752f547_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_1affd240e02a3d82_EOF'
+ cat << 'GH_AW_PROMPT_b59e119b4752f547_EOF'
Tools: create_issue, create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_1affd240e02a3d82_EOF
+ GH_AW_PROMPT_b59e119b4752f547_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_1affd240e02a3d82_EOF'
+ cat << 'GH_AW_PROMPT_b59e119b4752f547_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -303,14 +303,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_1affd240e02a3d82_EOF
+ GH_AW_PROMPT_b59e119b4752f547_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_1affd240e02a3d82_EOF'
+ cat << 'GH_AW_PROMPT_b59e119b4752f547_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/daily-cli-tools-tester.md}}
- GH_AW_PROMPT_1affd240e02a3d82_EOF
+ GH_AW_PROMPT_b59e119b4752f547_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -594,9 +594,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_f1ee550a9a0fe5f9_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_47278c8dd51bc4af_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[cli-tools-test] "},"create_issue":{"expires":168,"labels":["testing","automation","cli-tools"],"max":1,"title_prefix":"[cli-tools-test] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_f1ee550a9a0fe5f9_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_47278c8dd51bc4af_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -795,7 +795,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_e39ef0e5c25dae7b_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_439bd56e98e9d691_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"agenticworkflows": {
@@ -876,7 +876,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_e39ef0e5c25dae7b_EOF
+ GH_AW_MCP_CONFIG_439bd56e98e9d691_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1611,7 +1611,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml
index 6779f99428c..86cd61ba284 100644
--- a/.github/workflows/daily-code-metrics.lock.yml
+++ b/.github/workflows/daily-code-metrics.lock.yml
@@ -1743,7 +1743,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-community-attribution.lock.yml b/.github/workflows/daily-community-attribution.lock.yml
index 8cc63d50b45..5e6096dddee 100644
--- a/.github/workflows/daily-community-attribution.lock.yml
+++ b/.github/workflows/daily-community-attribution.lock.yml
@@ -296,24 +296,24 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_30ced3cb4e233b7c_EOF'
+ cat << 'GH_AW_PROMPT_b808648e958075a0_EOF'
- GH_AW_PROMPT_30ced3cb4e233b7c_EOF
+ GH_AW_PROMPT_b808648e958075a0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_30ced3cb4e233b7c_EOF'
+ cat << 'GH_AW_PROMPT_b808648e958075a0_EOF'
Tools: create_issue, create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_30ced3cb4e233b7c_EOF
+ GH_AW_PROMPT_b808648e958075a0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_30ced3cb4e233b7c_EOF'
+ cat << 'GH_AW_PROMPT_b808648e958075a0_EOF'
- GH_AW_PROMPT_30ced3cb4e233b7c_EOF
+ GH_AW_PROMPT_b808648e958075a0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_30ced3cb4e233b7c_EOF'
+ cat << 'GH_AW_PROMPT_b808648e958075a0_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -342,15 +342,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_30ced3cb4e233b7c_EOF
+ GH_AW_PROMPT_b808648e958075a0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_30ced3cb4e233b7c_EOF'
+ cat << 'GH_AW_PROMPT_b808648e958075a0_EOF'
{{#runtime-import .github/workflows/shared/community-attribution.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/issue-dedup.md}}
{{#runtime-import .github/workflows/daily-community-attribution.md}}
- GH_AW_PROMPT_30ced3cb4e233b7c_EOF
+ GH_AW_PROMPT_b808648e958075a0_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -612,9 +612,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_284fe9e5a1019f65_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_2a2b60a4745244b9_EOF'
{"create_issue":{"close_older_issues":true,"expires":168,"group_by_day":true,"labels":["community","automation"],"max":1,"title_prefix":"[community-attribution] "},"create_pull_request":{"draft":true,"expires":24,"labels":["community","automation"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[community] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":102400}]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_284fe9e5a1019f65_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_2a2b60a4745244b9_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -824,7 +824,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -870,7 +870,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1679,7 +1679,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml
index e9801b25532..3ac1b2abf80 100644
--- a/.github/workflows/daily-compiler-quality.lock.yml
+++ b/.github/workflows/daily-compiler-quality.lock.yml
@@ -293,21 +293,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_ae3c96677dd2b5bb_EOF'
+ cat << 'GH_AW_PROMPT_aba2755163d177d0_EOF'
- GH_AW_PROMPT_ae3c96677dd2b5bb_EOF
+ GH_AW_PROMPT_aba2755163d177d0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_ae3c96677dd2b5bb_EOF'
+ cat << 'GH_AW_PROMPT_aba2755163d177d0_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_ae3c96677dd2b5bb_EOF
+ GH_AW_PROMPT_aba2755163d177d0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_ae3c96677dd2b5bb_EOF'
+ cat << 'GH_AW_PROMPT_aba2755163d177d0_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -336,9 +336,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_ae3c96677dd2b5bb_EOF
+ GH_AW_PROMPT_aba2755163d177d0_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_ae3c96677dd2b5bb_EOF'
+ cat << 'GH_AW_PROMPT_aba2755163d177d0_EOF'
{{#runtime-import .github/workflows/shared/go-source-analysis.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
@@ -349,7 +349,7 @@ jobs:
Serena is enabled for **["go"]** in `__GH_AW_GITHUB_WORKSPACE__`. Start by calling `activate_project` with that workspace path, then prefer Serena semantic tools for symbol lookup, references, docs, diagnostics, and structured edits.
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-compiler-quality.md}}
- GH_AW_PROMPT_ae3c96677dd2b5bb_EOF
+ GH_AW_PROMPT_aba2755163d177d0_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -601,9 +601,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_ce519c6d59920a67_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_4ec57b7c5750ccd8_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"min_body_length":200,"title_prefix":"[daily-compiler-quality] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_ce519c6d59920a67_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_4ec57b7c5750ccd8_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -761,7 +761,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_e038212cc49aba08_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -836,7 +836,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_e038212cc49aba08_EOF
+ GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1660,7 +1660,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml b/.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml
index 0f43bf699e3..0e9e47b95f2 100644
--- a/.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml
+++ b/.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml
@@ -1576,7 +1576,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-credit-limit-test.lock.yml b/.github/workflows/daily-credit-limit-test.lock.yml
index 89105a82b75..dae11b748a9 100644
--- a/.github/workflows/daily-credit-limit-test.lock.yml
+++ b/.github/workflows/daily-credit-limit-test.lock.yml
@@ -237,20 +237,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_f901934ad3505199_EOF'
+ cat << 'GH_AW_PROMPT_72bd39af46d4ccd1_EOF'
- GH_AW_PROMPT_f901934ad3505199_EOF
+ GH_AW_PROMPT_72bd39af46d4ccd1_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_f901934ad3505199_EOF'
+ cat << 'GH_AW_PROMPT_72bd39af46d4ccd1_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_f901934ad3505199_EOF
+ GH_AW_PROMPT_72bd39af46d4ccd1_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_f901934ad3505199_EOF'
+ cat << 'GH_AW_PROMPT_72bd39af46d4ccd1_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -279,12 +279,12 @@ jobs:
{{/if}}
- GH_AW_PROMPT_f901934ad3505199_EOF
+ GH_AW_PROMPT_72bd39af46d4ccd1_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_f901934ad3505199_EOF'
+ cat << 'GH_AW_PROMPT_72bd39af46d4ccd1_EOF'
{{#runtime-import .github/workflows/daily-credit-limit-test.md}}
- GH_AW_PROMPT_f901934ad3505199_EOF
+ GH_AW_PROMPT_72bd39af46d4ccd1_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -500,9 +500,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_12e6c1096ed455a0_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_1243120d6d6959b3_EOF'
{"create_issue":{"close_older_issues":true,"close_older_key":"daily-credit-limit-test","expires":24,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_12e6c1096ed455a0_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_1243120d6d6959b3_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -672,7 +672,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_2ed48797ea52df3f_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_c70c556baaebe8bb_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -729,7 +729,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_2ed48797ea52df3f_EOF
+ GH_AW_MCP_CONFIG_c70c556baaebe8bb_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1453,7 +1453,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml
index fcff3183317..26a14f2432a 100644
--- a/.github/workflows/daily-doc-healer.lock.yml
+++ b/.github/workflows/daily-doc-healer.lock.yml
@@ -1764,7 +1764,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml
index 5cdd7dedd94..6930fd47145 100644
--- a/.github/workflows/daily-doc-updater.lock.yml
+++ b/.github/workflows/daily-doc-updater.lock.yml
@@ -295,24 +295,24 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_a04dbf5c666fbcfa_EOF'
+ cat << 'GH_AW_PROMPT_cb5755ecc3ef13cd_EOF'
- GH_AW_PROMPT_a04dbf5c666fbcfa_EOF
+ GH_AW_PROMPT_cb5755ecc3ef13cd_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_a04dbf5c666fbcfa_EOF'
+ cat << 'GH_AW_PROMPT_cb5755ecc3ef13cd_EOF'
Tools: create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_a04dbf5c666fbcfa_EOF
+ GH_AW_PROMPT_cb5755ecc3ef13cd_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_a04dbf5c666fbcfa_EOF'
+ cat << 'GH_AW_PROMPT_cb5755ecc3ef13cd_EOF'
- GH_AW_PROMPT_a04dbf5c666fbcfa_EOF
+ GH_AW_PROMPT_cb5755ecc3ef13cd_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_a04dbf5c666fbcfa_EOF'
+ cat << 'GH_AW_PROMPT_cb5755ecc3ef13cd_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -341,15 +341,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_a04dbf5c666fbcfa_EOF
+ GH_AW_PROMPT_cb5755ecc3ef13cd_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_a04dbf5c666fbcfa_EOF'
+ cat << 'GH_AW_PROMPT_cb5755ecc3ef13cd_EOF'
{{#runtime-import .github/workflows/shared/github-guard-policy.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-doc-updater.md}}
- GH_AW_PROMPT_a04dbf5c666fbcfa_EOF
+ GH_AW_PROMPT_cb5755ecc3ef13cd_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -593,9 +593,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_29c67ab0123d93dd_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_095fce7ddc2ae743_EOF'
{"create_pull_request":{"auto_merge":true,"draft":false,"expires":24,"labels":["documentation","automation"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","PI.md","AGENTS.md"],"protected_files_policy":"fallback-to-issue","reviewers":["copilot"],"title_prefix":"[docs] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_29c67ab0123d93dd_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_095fce7ddc2ae743_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -766,7 +766,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -811,7 +811,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1557,7 +1557,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-experiment-report.lock.yml b/.github/workflows/daily-experiment-report.lock.yml
index 5f785980e7b..0836cfe39c6 100644
--- a/.github/workflows/daily-experiment-report.lock.yml
+++ b/.github/workflows/daily-experiment-report.lock.yml
@@ -254,23 +254,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_1d3e2237ad9f9dad_EOF'
+ cat << 'GH_AW_PROMPT_bd65a478f2a4216d_EOF'
- GH_AW_PROMPT_1d3e2237ad9f9dad_EOF
+ GH_AW_PROMPT_bd65a478f2a4216d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_1d3e2237ad9f9dad_EOF'
+ cat << 'GH_AW_PROMPT_bd65a478f2a4216d_EOF'
Tools: add_comment(max:10), create_discussion, add_labels(max:10), upload_asset(max:10), missing_tool, missing_data, noop
upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
- GH_AW_PROMPT_1d3e2237ad9f9dad_EOF
+ GH_AW_PROMPT_bd65a478f2a4216d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_1d3e2237ad9f9dad_EOF'
+ cat << 'GH_AW_PROMPT_bd65a478f2a4216d_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -299,15 +299,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_1d3e2237ad9f9dad_EOF
+ GH_AW_PROMPT_bd65a478f2a4216d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_1d3e2237ad9f9dad_EOF'
+ cat << 'GH_AW_PROMPT_bd65a478f2a4216d_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/trending-charts-simple.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/daily-experiment-report.md}}
- GH_AW_PROMPT_1d3e2237ad9f9dad_EOF
+ GH_AW_PROMPT_bd65a478f2a4216d_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -582,9 +582,9 @@ jobs:
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/assets"
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_ea34d22e572d01af_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_797b754970457f1e_EOF'
{"add_comment":{"max":10},"add_labels":{"max":10},"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[experiments] "},"create_report_incomplete_issue":{},"max_bot_mentions":1,"mentions":{"enabled":false},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg",".svg"],"branch":"assets/${GITHUB_WORKFLOW}","max":10,"max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_ea34d22e572d01af_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_797b754970457f1e_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -804,7 +804,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_9bf1d210d407ffb0_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_0d6bd934854678c9_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -866,7 +866,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_9bf1d210d407ffb0_EOF
+ GH_AW_MCP_CONFIG_0d6bd934854678c9_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1645,7 +1645,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml
index 005831ba112..fd1778fb978 100644
--- a/.github/workflows/daily-fact.lock.yml
+++ b/.github/workflows/daily-fact.lock.yml
@@ -301,21 +301,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_58ce1aa3d3b6eeac_EOF'
+ cat << 'GH_AW_PROMPT_4b38b30de5af622b_EOF'
- GH_AW_PROMPT_58ce1aa3d3b6eeac_EOF
+ GH_AW_PROMPT_4b38b30de5af622b_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_58ce1aa3d3b6eeac_EOF'
+ cat << 'GH_AW_PROMPT_4b38b30de5af622b_EOF'
Tools: add_comment, missing_tool, missing_data, noop
- GH_AW_PROMPT_58ce1aa3d3b6eeac_EOF
+ GH_AW_PROMPT_4b38b30de5af622b_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_58ce1aa3d3b6eeac_EOF'
+ cat << 'GH_AW_PROMPT_4b38b30de5af622b_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -344,9 +344,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_58ce1aa3d3b6eeac_EOF
+ GH_AW_PROMPT_4b38b30de5af622b_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_58ce1aa3d3b6eeac_EOF'
+ cat << 'GH_AW_PROMPT_4b38b30de5af622b_EOF'
@@ -449,7 +449,7 @@ jobs:
{{#runtime-import shared/noop-reminder.md}}
- GH_AW_PROMPT_58ce1aa3d3b6eeac_EOF
+ GH_AW_PROMPT_4b38b30de5af622b_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -718,9 +718,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_46dfeb84b15fd4ae_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_3fafdd59e475ac82_EOF'
{"add_comment":{"max":1,"target":"4750"},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_46dfeb84b15fd4ae_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_3fafdd59e475ac82_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -872,7 +872,7 @@ jobs:
DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0')
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
- cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_b8243ad53e8669d4_EOF
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_5b21aab0f7e243ea_EOF
[history]
persistence = "none"
@@ -900,11 +900,11 @@ jobs:
[mcp_servers.safeoutputs."guard-policies".write-sink]
accept = ["*"]
- GH_AW_MCP_CONFIG_b8243ad53e8669d4_EOF
+ GH_AW_MCP_CONFIG_5b21aab0f7e243ea_EOF
# Generate JSON config for MCP gateway
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_160ac705eb0f6ff9_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_f89a417861d65cce_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"mempalace": {
@@ -981,11 +981,11 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_160ac705eb0f6ff9_EOF
+ GH_AW_MCP_CONFIG_f89a417861d65cce_EOF
# Sync converter output to writable CODEX_HOME for Codex
mkdir -p /tmp/gh-aw/mcp-config
- cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_843b5f425ba46e83_EOF
+ cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_d8326fb8068eb0d4_EOF
model_provider = "openai-proxy"
@@ -997,7 +997,7 @@ jobs:
[shell_environment_policy]
inherit = "core"
include_only = ["^CODEX_API_KEY$", "^GH_AW_ASSETS_ALLOWED_EXTS$", "^GH_AW_ASSETS_BRANCH$", "^GH_AW_ASSETS_MAX_SIZE_KB$", "^GH_AW_SAFE_OUTPUTS$", "^GITHUB_REPOSITORY$", "^GITHUB_SERVER_URL$", "^HOME$", "^OPENAI_API_KEY$", "^PATH$"]
- GH_AW_CODEX_SHELL_POLICY_843b5f425ba46e83_EOF
+ GH_AW_CODEX_SHELL_POLICY_d8326fb8068eb0d4_EOF
awk '
BEGIN { skip_openai_proxy = 0 }
/^[[:space:]]*model_provider[[:space:]]*=/ { next }
@@ -1764,7 +1764,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml
index 78bd01eac36..d1ddccb57c4 100644
--- a/.github/workflows/daily-file-diet.lock.yml
+++ b/.github/workflows/daily-file-diet.lock.yml
@@ -262,20 +262,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_e5ac9a27400e003b_EOF'
+ cat << 'GH_AW_PROMPT_54f5f93c7f46699a_EOF'
- GH_AW_PROMPT_e5ac9a27400e003b_EOF
+ GH_AW_PROMPT_54f5f93c7f46699a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_e5ac9a27400e003b_EOF'
+ cat << 'GH_AW_PROMPT_54f5f93c7f46699a_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_e5ac9a27400e003b_EOF
+ GH_AW_PROMPT_54f5f93c7f46699a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_e5ac9a27400e003b_EOF'
+ cat << 'GH_AW_PROMPT_54f5f93c7f46699a_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -304,9 +304,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_e5ac9a27400e003b_EOF
+ GH_AW_PROMPT_54f5f93c7f46699a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_e5ac9a27400e003b_EOF'
+ cat << 'GH_AW_PROMPT_54f5f93c7f46699a_EOF'
{{#runtime-import .github/workflows/shared/go-source-analysis.md}}
{{#runtime-import .github/workflows/shared/safe-output-app.md}}
@@ -319,7 +319,7 @@ jobs:
Serena is enabled for **["go"]** in `__GH_AW_GITHUB_WORKSPACE__`. Start by calling `activate_project` with that workspace path, then prefer Serena semantic tools for symbol lookup, references, docs, diagnostics, and structured edits.
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-file-diet.md}}
- GH_AW_PROMPT_e5ac9a27400e003b_EOF
+ GH_AW_PROMPT_54f5f93c7f46699a_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -543,9 +543,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_478518fa6b7cedb3_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_e26cfb140a289f90_EOF'
{"create_issue":{"expires":48,"labels":["refactoring","code-health","automated-analysis","cookie"],"max":1,"title_prefix":"[file-diet] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_478518fa6b7cedb3_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_e26cfb140a289f90_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -713,7 +713,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_e038212cc49aba08_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -788,7 +788,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_e038212cc49aba08_EOF
+ GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1571,7 +1571,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/daily-formal-spec-verifier.lock.yml b/.github/workflows/daily-formal-spec-verifier.lock.yml
index e74b1a170a3..22810e28e74 100644
--- a/.github/workflows/daily-formal-spec-verifier.lock.yml
+++ b/.github/workflows/daily-formal-spec-verifier.lock.yml
@@ -255,22 +255,22 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_3b11ec1dfe7963c8_EOF'
+ cat << 'GH_AW_PROMPT_3ee8ad2d98d2ce52_EOF'
- GH_AW_PROMPT_3b11ec1dfe7963c8_EOF
+ GH_AW_PROMPT_3ee8ad2d98d2ce52_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_3b11ec1dfe7963c8_EOF'
+ cat << 'GH_AW_PROMPT_3ee8ad2d98d2ce52_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_3b11ec1dfe7963c8_EOF
+ GH_AW_PROMPT_3ee8ad2d98d2ce52_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_3b11ec1dfe7963c8_EOF'
+ cat << 'GH_AW_PROMPT_3ee8ad2d98d2ce52_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -299,16 +299,16 @@ jobs:
{{/if}}
- GH_AW_PROMPT_3b11ec1dfe7963c8_EOF
+ GH_AW_PROMPT_3ee8ad2d98d2ce52_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_3b11ec1dfe7963c8_EOF'
+ cat << 'GH_AW_PROMPT_3ee8ad2d98d2ce52_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/activation-app.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-formal-spec-verifier.md}}
- GH_AW_PROMPT_3b11ec1dfe7963c8_EOF
+ GH_AW_PROMPT_3ee8ad2d98d2ce52_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -581,9 +581,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_85b303066ae18973_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_a73f0d132c5e5aeb_EOF'
{"create_issue":{"assignees":["copilot"],"expires":168,"labels":["automation","formal-verification","testing","specifications"],"max":1,"title_prefix":"[formal-spec] "},"create_report_incomplete_issue":{},"max_bot_mentions":1,"mentions":{"enabled":false},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":65536,"max_patch_size":10240}]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_85b303066ae18973_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_a73f0d132c5e5aeb_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -754,7 +754,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -800,7 +800,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1624,7 +1624,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_repo_memory:
needs:
diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml
index 8b3498d208e..31216a68048 100644
--- a/.github/workflows/daily-function-namer.lock.yml
+++ b/.github/workflows/daily-function-namer.lock.yml
@@ -263,21 +263,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_2ff0f3fca457b7b0_EOF'
+ cat << 'GH_AW_PROMPT_91c52166b60c4a11_EOF'
- GH_AW_PROMPT_2ff0f3fca457b7b0_EOF
+ GH_AW_PROMPT_91c52166b60c4a11_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_2ff0f3fca457b7b0_EOF'
+ cat << 'GH_AW_PROMPT_91c52166b60c4a11_EOF'
Tools: create_issue, create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_2ff0f3fca457b7b0_EOF
+ GH_AW_PROMPT_91c52166b60c4a11_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_2ff0f3fca457b7b0_EOF'
+ cat << 'GH_AW_PROMPT_91c52166b60c4a11_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -306,9 +306,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_2ff0f3fca457b7b0_EOF
+ GH_AW_PROMPT_91c52166b60c4a11_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_2ff0f3fca457b7b0_EOF'
+ cat << 'GH_AW_PROMPT_91c52166b60c4a11_EOF'
{{#runtime-import .github/workflows/shared/mcp/serena-go.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
@@ -317,7 +317,7 @@ jobs:
Serena is enabled for **["go"]** in `__GH_AW_GITHUB_WORKSPACE__`. Start by calling `activate_project` with that workspace path, then prefer Serena semantic tools for symbol lookup, references, docs, diagnostics, and structured edits.
{{#runtime-import .github/workflows/daily-function-namer.md}}
- GH_AW_PROMPT_2ff0f3fca457b7b0_EOF
+ GH_AW_PROMPT_91c52166b60c4a11_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -562,9 +562,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8a8fa24e4891e2b7_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_73e3613e1ac93adc_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[function-namer] "},"create_issue":{"close_older_issues":true,"expires":168,"labels":["refactoring","code-quality","automated-analysis","cookie"],"max":1,"title_prefix":"[function-namer] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_8a8fa24e4891e2b7_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_73e3613e1ac93adc_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -759,7 +759,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_77337373ac920130_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1a07a17ae491fc76_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -830,7 +830,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_77337373ac920130_EOF
+ GH_AW_MCP_CONFIG_1a07a17ae491fc76_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1567,7 +1567,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-geo-optimizer.lock.yml b/.github/workflows/daily-geo-optimizer.lock.yml
index f44e2cc8c93..7d4114b0ccb 100644
--- a/.github/workflows/daily-geo-optimizer.lock.yml
+++ b/.github/workflows/daily-geo-optimizer.lock.yml
@@ -254,20 +254,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_0ac9c0dc07191c94_EOF'
+ cat << 'GH_AW_PROMPT_f59502997453c6e7_EOF'
- GH_AW_PROMPT_0ac9c0dc07191c94_EOF
+ GH_AW_PROMPT_f59502997453c6e7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_0ac9c0dc07191c94_EOF'
+ cat << 'GH_AW_PROMPT_f59502997453c6e7_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_0ac9c0dc07191c94_EOF
+ GH_AW_PROMPT_f59502997453c6e7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_0ac9c0dc07191c94_EOF'
+ cat << 'GH_AW_PROMPT_f59502997453c6e7_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -296,15 +296,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_0ac9c0dc07191c94_EOF
+ GH_AW_PROMPT_f59502997453c6e7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_0ac9c0dc07191c94_EOF'
+ cat << 'GH_AW_PROMPT_f59502997453c6e7_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-geo-optimizer.md}}
- GH_AW_PROMPT_0ac9c0dc07191c94_EOF
+ GH_AW_PROMPT_f59502997453c6e7_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -540,9 +540,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_d41db2492edb2792_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_be3dab0ac0f4a695_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[geo-optimizer] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_d41db2492edb2792_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_be3dab0ac0f4a695_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -700,7 +700,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -746,7 +746,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1527,7 +1527,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
geo_audit:
needs: activation
diff --git a/.github/workflows/daily-hippo-learn.lock.yml b/.github/workflows/daily-hippo-learn.lock.yml
index 5de92ba3b39..45d17edef84 100644
--- a/.github/workflows/daily-hippo-learn.lock.yml
+++ b/.github/workflows/daily-hippo-learn.lock.yml
@@ -252,21 +252,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_f9197b2bcb4dc826_EOF'
+ cat << 'GH_AW_PROMPT_fda463f56dd5e1aa_EOF'
- GH_AW_PROMPT_f9197b2bcb4dc826_EOF
+ GH_AW_PROMPT_fda463f56dd5e1aa_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_f9197b2bcb4dc826_EOF'
+ cat << 'GH_AW_PROMPT_fda463f56dd5e1aa_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_f9197b2bcb4dc826_EOF
+ GH_AW_PROMPT_fda463f56dd5e1aa_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_f9197b2bcb4dc826_EOF'
+ cat << 'GH_AW_PROMPT_fda463f56dd5e1aa_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -295,15 +295,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_f9197b2bcb4dc826_EOF
+ GH_AW_PROMPT_fda463f56dd5e1aa_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_f9197b2bcb4dc826_EOF'
+ cat << 'GH_AW_PROMPT_fda463f56dd5e1aa_EOF'
{{#runtime-import .github/workflows/shared/hippo-memory.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/daily-hippo-learn.md}}
- GH_AW_PROMPT_f9197b2bcb4dc826_EOF
+ GH_AW_PROMPT_fda463f56dd5e1aa_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -560,9 +560,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_530317e4e1ab717c_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_c01d3d75780502e2_EOF'
{"create_discussion":{"category":"announcements","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"🦛 "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_530317e4e1ab717c_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_c01d3d75780502e2_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -686,7 +686,7 @@ jobs:
- name: Write MCP Scripts Config
run: |
mkdir -p "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs"
- cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json" << 'GH_AW_MCP_SCRIPTS_TOOLS_4889e6be9281302c_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json" << 'GH_AW_MCP_SCRIPTS_TOOLS_fc4e82710f873b80_EOF'
{
"serverName": "mcpscripts",
"version": "1.0.0",
@@ -712,8 +712,8 @@ jobs:
}
]
}
- GH_AW_MCP_SCRIPTS_TOOLS_4889e6be9281302c_EOF
- cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs" << 'GH_AW_MCP_SCRIPTS_SERVER_5818b5ebd87c75d8_EOF'
+ GH_AW_MCP_SCRIPTS_TOOLS_fc4e82710f873b80_EOF
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs" << 'GH_AW_MCP_SCRIPTS_SERVER_e0a10bf70e571677_EOF'
const path = require("path");
const { startHttpServer } = require("./mcp_scripts_mcp_server_http.cjs");
const configPath = path.join(__dirname, "tools.json");
@@ -727,12 +727,12 @@ jobs:
console.error("Failed to start mcp-scripts HTTP server:", error);
process.exit(1);
});
- GH_AW_MCP_SCRIPTS_SERVER_5818b5ebd87c75d8_EOF
+ GH_AW_MCP_SCRIPTS_SERVER_e0a10bf70e571677_EOF
chmod +x "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs"
- name: Write MCP Scripts Tool Files
run: |
- cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/hippo.sh" << 'GH_AW_MCP_SCRIPTS_SH_HIPPO_dc7ef224a6ce1896_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/hippo.sh" << 'GH_AW_MCP_SCRIPTS_SH_HIPPO_7760bc8e35f18b70_EOF'
#!/bin/bash
# Auto-generated mcp-script tool: hippo
# Execute any hippo-memory CLI command. Accessible as 'mcpscripts-hippo'. Provide arguments after 'hippo'. Examples: args 'learn --git' to extract lessons from git commits, 'sleep' for full consolidation, 'recall "api errors" --budget 2000' to retrieve relevant memories.
@@ -744,7 +744,7 @@ jobs:
hippo $INPUT_ARGS
- GH_AW_MCP_SCRIPTS_SH_HIPPO_dc7ef224a6ce1896_EOF
+ GH_AW_MCP_SCRIPTS_SH_HIPPO_7760bc8e35f18b70_EOF
chmod +x "${RUNNER_TEMP}/gh-aw/mcp-scripts/hippo.sh"
- name: Generate MCP Scripts Server Config
@@ -817,7 +817,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GH_AW_MCP_SCRIPTS_PORT -e GH_AW_MCP_SCRIPTS_API_KEY -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_e59d92019bc773f1_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_c990023b9e228369_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"mcpscripts": {
@@ -876,7 +876,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_e59d92019bc773f1_EOF
+ GH_AW_MCP_CONFIG_c990023b9e228369_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1622,7 +1622,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml
index b01a708103f..38654924d56 100644
--- a/.github/workflows/daily-issues-report.lock.yml
+++ b/.github/workflows/daily-issues-report.lock.yml
@@ -303,23 +303,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_1e6f7985f3cf8201_EOF'
+ cat << 'GH_AW_PROMPT_3878fdeb5e3a1a6a_EOF'
- GH_AW_PROMPT_1e6f7985f3cf8201_EOF
+ GH_AW_PROMPT_3878fdeb5e3a1a6a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_1e6f7985f3cf8201_EOF'
+ cat << 'GH_AW_PROMPT_3878fdeb5e3a1a6a_EOF'
Tools: create_discussion, upload_asset(max:5), missing_tool, missing_data, noop
upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
- GH_AW_PROMPT_1e6f7985f3cf8201_EOF
+ GH_AW_PROMPT_3878fdeb5e3a1a6a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_1e6f7985f3cf8201_EOF'
+ cat << 'GH_AW_PROMPT_3878fdeb5e3a1a6a_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -348,9 +348,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_1e6f7985f3cf8201_EOF
+ GH_AW_PROMPT_3878fdeb5e3a1a6a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_1e6f7985f3cf8201_EOF'
+ cat << 'GH_AW_PROMPT_3878fdeb5e3a1a6a_EOF'
{{#runtime-import .github/workflows/shared/github-guard-policy.md}}
{{#runtime-import .github/skills/jqschema/SKILL.md}}
@@ -363,7 +363,7 @@ jobs:
{{#runtime-import .github/shared/editorial.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-issues-report.md}}
- GH_AW_PROMPT_1e6f7985f3cf8201_EOF
+ GH_AW_PROMPT_3878fdeb5e3a1a6a_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -789,9 +789,9 @@ jobs:
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/assets"
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_048304b008757363_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b9f65d6d5d8ba367_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[daily issues] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg",".svg"],"branch":"assets/${GITHUB_WORKFLOW}","max":5,"max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_048304b008757363_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_b9f65d6d5d8ba367_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -962,7 +962,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -1008,7 +1008,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1811,7 +1811,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-max-ai-credits-test.lock.yml b/.github/workflows/daily-max-ai-credits-test.lock.yml
index f76cde183e9..81ef57ebf82 100644
--- a/.github/workflows/daily-max-ai-credits-test.lock.yml
+++ b/.github/workflows/daily-max-ai-credits-test.lock.yml
@@ -178,20 +178,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_2872f1d8904aa2b4_EOF'
+ cat << 'GH_AW_PROMPT_823d987221e37f8e_EOF'
- GH_AW_PROMPT_2872f1d8904aa2b4_EOF
+ GH_AW_PROMPT_823d987221e37f8e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_2872f1d8904aa2b4_EOF'
+ cat << 'GH_AW_PROMPT_823d987221e37f8e_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_2872f1d8904aa2b4_EOF
+ GH_AW_PROMPT_823d987221e37f8e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_2872f1d8904aa2b4_EOF'
+ cat << 'GH_AW_PROMPT_823d987221e37f8e_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -220,12 +220,12 @@ jobs:
{{/if}}
- GH_AW_PROMPT_2872f1d8904aa2b4_EOF
+ GH_AW_PROMPT_823d987221e37f8e_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_2872f1d8904aa2b4_EOF'
+ cat << 'GH_AW_PROMPT_823d987221e37f8e_EOF'
{{#runtime-import .github/workflows/daily-max-ai-credits-test.md}}
- GH_AW_PROMPT_2872f1d8904aa2b4_EOF
+ GH_AW_PROMPT_823d987221e37f8e_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -441,9 +441,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_7ed570227fcafe45_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_be70b275c8ccf8a8_EOF'
{"create_issue":{"close_older_issues":true,"close_older_key":"daily-max-ai-credits-test","expires":24,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_7ed570227fcafe45_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_be70b275c8ccf8a8_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -613,7 +613,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_2ed48797ea52df3f_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_c70c556baaebe8bb_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -670,7 +670,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_2ed48797ea52df3f_EOF
+ GH_AW_MCP_CONFIG_c70c556baaebe8bb_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1351,7 +1351,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
index bd9da25692d..17f3db47ad8 100644
--- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
+++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
@@ -256,21 +256,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_2a210bbe72ee5094_EOF'
+ cat << 'GH_AW_PROMPT_8f4b0152a4102653_EOF'
- GH_AW_PROMPT_2a210bbe72ee5094_EOF
+ GH_AW_PROMPT_8f4b0152a4102653_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_2a210bbe72ee5094_EOF'
+ cat << 'GH_AW_PROMPT_8f4b0152a4102653_EOF'
Tools: create_issue(max:5), create_discussion, create_agent_session(max:3), missing_tool, missing_data, noop
- GH_AW_PROMPT_2a210bbe72ee5094_EOF
+ GH_AW_PROMPT_8f4b0152a4102653_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_2a210bbe72ee5094_EOF'
+ cat << 'GH_AW_PROMPT_8f4b0152a4102653_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -299,9 +299,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_2a210bbe72ee5094_EOF
+ GH_AW_PROMPT_8f4b0152a4102653_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_2a210bbe72ee5094_EOF'
+ cat << 'GH_AW_PROMPT_8f4b0152a4102653_EOF'
{{#runtime-import .github/workflows/shared/safe-output-app.md}}
## Serena Code Analysis
@@ -310,7 +310,7 @@ jobs:
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/daily-mcp-concurrency-analysis.md}}
- GH_AW_PROMPT_2a210bbe72ee5094_EOF
+ GH_AW_PROMPT_8f4b0152a4102653_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -558,9 +558,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_33597c1ba030a0d1_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_9072efe910708a86_EOF'
{"create_agent_session":{"max":3},"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[mcp-concurrency] "},"create_issue":{"expires":168,"labels":["bug","concurrency","thread-safety","automated-analysis","cookie"],"max":5,"title_prefix":"[concurrency] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_33597c1ba030a0d1_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_9072efe910708a86_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -772,7 +772,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_e038212cc49aba08_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -847,7 +847,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_e038212cc49aba08_EOF
+ GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1658,7 +1658,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-model-inventory.lock.yml b/.github/workflows/daily-model-inventory.lock.yml
index dd97c889a73..50aa576a6e3 100644
--- a/.github/workflows/daily-model-inventory.lock.yml
+++ b/.github/workflows/daily-model-inventory.lock.yml
@@ -258,21 +258,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_f5bdc1591961f22f_EOF'
+ cat << 'GH_AW_PROMPT_81391abda2f614e2_EOF'
- GH_AW_PROMPT_f5bdc1591961f22f_EOF
+ GH_AW_PROMPT_81391abda2f614e2_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/playwright_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_f5bdc1591961f22f_EOF'
+ cat << 'GH_AW_PROMPT_81391abda2f614e2_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_f5bdc1591961f22f_EOF
+ GH_AW_PROMPT_81391abda2f614e2_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_f5bdc1591961f22f_EOF'
+ cat << 'GH_AW_PROMPT_81391abda2f614e2_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -301,14 +301,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_f5bdc1591961f22f_EOF
+ GH_AW_PROMPT_81391abda2f614e2_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_f5bdc1591961f22f_EOF'
+ cat << 'GH_AW_PROMPT_81391abda2f614e2_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-model-inventory.md}}
- GH_AW_PROMPT_f5bdc1591961f22f_EOF
+ GH_AW_PROMPT_81391abda2f614e2_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -565,9 +565,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_49c7e8c70bc21ddf_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_e15989a3b45b31a6_EOF'
{"create_issue":{"close_older_issues":true,"expires":168,"labels":["automation","models"],"max":1,"title_prefix":"[model-inventory] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_49c7e8c70bc21ddf_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_e15989a3b45b31a6_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -738,7 +738,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -800,7 +800,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1842,7 +1842,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml
index 4f1b7f0afd0..1118c2e7481 100644
--- a/.github/workflows/daily-multi-device-docs-tester.lock.yml
+++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml
@@ -265,21 +265,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_da2032ee43a9cd36_EOF'
+ cat << 'GH_AW_PROMPT_79ce937bd27a64ff_EOF'
- GH_AW_PROMPT_da2032ee43a9cd36_EOF
+ GH_AW_PROMPT_79ce937bd27a64ff_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/playwright_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_da2032ee43a9cd36_EOF'
+ cat << 'GH_AW_PROMPT_79ce937bd27a64ff_EOF'
Tools: create_issue, create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_da2032ee43a9cd36_EOF
+ GH_AW_PROMPT_79ce937bd27a64ff_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_da2032ee43a9cd36_EOF'
+ cat << 'GH_AW_PROMPT_79ce937bd27a64ff_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -308,14 +308,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_da2032ee43a9cd36_EOF
+ GH_AW_PROMPT_79ce937bd27a64ff_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_da2032ee43a9cd36_EOF'
+ cat << 'GH_AW_PROMPT_79ce937bd27a64ff_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/daily-multi-device-docs-tester.md}}
- GH_AW_PROMPT_da2032ee43a9cd36_EOF
+ GH_AW_PROMPT_79ce937bd27a64ff_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -572,9 +572,9 @@ jobs:
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/upload-artifacts"
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_2a166ca47956a3ad_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_3b3f1a9eb2d40a49_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[multi-device-docs] "},"create_issue":{"expires":48,"labels":["cookie"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"upload_artifact":{"default-if-no-files":"ignore","max-size-bytes":104857600,"max-uploads":3,"retention-days":30,"skip-archive":true}}
- GH_AW_SAFE_OUTPUTS_CONFIG_2a166ca47956a3ad_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_3b3f1a9eb2d40a49_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -769,7 +769,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -814,7 +814,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1538,7 +1538,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml
index 24692a542d6..15bb9cece8c 100644
--- a/.github/workflows/daily-news.lock.yml
+++ b/.github/workflows/daily-news.lock.yml
@@ -300,24 +300,24 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_c14873f0c7ee4919_EOF'
+ cat << 'GH_AW_PROMPT_8354a22407166a78_EOF'
- GH_AW_PROMPT_c14873f0c7ee4919_EOF
+ GH_AW_PROMPT_8354a22407166a78_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_c14873f0c7ee4919_EOF'
+ cat << 'GH_AW_PROMPT_8354a22407166a78_EOF'
Tools: create_discussion, upload_asset(max:5), missing_tool, missing_data, noop
upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
- GH_AW_PROMPT_c14873f0c7ee4919_EOF
+ GH_AW_PROMPT_8354a22407166a78_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_c14873f0c7ee4919_EOF'
+ cat << 'GH_AW_PROMPT_8354a22407166a78_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -346,9 +346,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_c14873f0c7ee4919_EOF
+ GH_AW_PROMPT_8354a22407166a78_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_c14873f0c7ee4919_EOF'
+ cat << 'GH_AW_PROMPT_8354a22407166a78_EOF'
{{#runtime-import .github/workflows/shared/mcp/headroom.md}}
{{#runtime-import .github/workflows/shared/mcp/tavily.md}}
@@ -360,7 +360,7 @@ jobs:
{{#runtime-import .github/shared/editorial.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-news.md}}
- GH_AW_PROMPT_c14873f0c7ee4919_EOF
+ GH_AW_PROMPT_8354a22407166a78_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -727,9 +727,9 @@ jobs:
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/upload-artifacts"
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/assets"
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_c4797408a9b89dec_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_a008ad830eb0f73d_EOF'
{"create_discussion":{"category":"daily-news","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":10240}]},"report_incomplete":{},"upload_artifact":{"max-size-bytes":104857600,"max-uploads":3,"retention-days":30,"skip-archive":true},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg",".svg"],"branch":"assets/${GITHUB_WORKFLOW}","max":5,"max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_c4797408a9b89dec_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_a008ad830eb0f73d_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -900,7 +900,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -e TAVILY_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_f700b0e07eee1d06_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_b489bef9e2c61b49_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"headroom": {
@@ -986,7 +986,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_f700b0e07eee1d06_EOF
+ GH_AW_MCP_CONFIG_b489bef9e2c61b49_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1772,7 +1772,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
push_experiments_state:
needs: activation
diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml
index 5ae60650a98..61246be1fbb 100644
--- a/.github/workflows/daily-observability-report.lock.yml
+++ b/.github/workflows/daily-observability-report.lock.yml
@@ -1615,7 +1615,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml
index 4c8f9aa7b5a..fb3a814cc3e 100644
--- a/.github/workflows/daily-performance-summary.lock.yml
+++ b/.github/workflows/daily-performance-summary.lock.yml
@@ -2114,7 +2114,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-reliability-review.lock.yml b/.github/workflows/daily-reliability-review.lock.yml
index d183c423cb3..907d7e078b1 100644
--- a/.github/workflows/daily-reliability-review.lock.yml
+++ b/.github/workflows/daily-reliability-review.lock.yml
@@ -1626,7 +1626,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml
index bf7b906d14e..e8712c7e784 100644
--- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml
+++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml
@@ -1786,7 +1786,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml
index 84090cae944..9dc914cbf83 100644
--- a/.github/workflows/daily-repo-chronicle.lock.yml
+++ b/.github/workflows/daily-repo-chronicle.lock.yml
@@ -255,23 +255,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_8f3c23991b8bdc60_EOF'
+ cat << 'GH_AW_PROMPT_d9a70238dc8437b3_EOF'
- GH_AW_PROMPT_8f3c23991b8bdc60_EOF
+ GH_AW_PROMPT_d9a70238dc8437b3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_8f3c23991b8bdc60_EOF'
+ cat << 'GH_AW_PROMPT_d9a70238dc8437b3_EOF'
Tools: create_discussion, upload_asset(max:3), missing_tool, missing_data, noop
upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
- GH_AW_PROMPT_8f3c23991b8bdc60_EOF
+ GH_AW_PROMPT_d9a70238dc8437b3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_8f3c23991b8bdc60_EOF'
+ cat << 'GH_AW_PROMPT_d9a70238dc8437b3_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -300,9 +300,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_8f3c23991b8bdc60_EOF
+ GH_AW_PROMPT_d9a70238dc8437b3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_8f3c23991b8bdc60_EOF'
+ cat << 'GH_AW_PROMPT_d9a70238dc8437b3_EOF'
{{#runtime-import .github/workflows/shared/trends.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
@@ -310,7 +310,7 @@ jobs:
{{#runtime-import .github/workflows/shared/python-dataviz.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-repo-chronicle.md}}
- GH_AW_PROMPT_8f3c23991b8bdc60_EOF
+ GH_AW_PROMPT_d9a70238dc8437b3_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -580,9 +580,9 @@ jobs:
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/assets"
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_d9018b31780ce04d_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_88740b7f54c06b6c_EOF'
{"create_discussion":{"category":"announcements","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"📰 "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg",".svg"],"branch":"assets/${GITHUB_WORKFLOW}","max":3,"max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_d9018b31780ce04d_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_88740b7f54c06b6c_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -753,7 +753,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -799,7 +799,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1594,7 +1594,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml
index 13694afa730..227c9db3e88 100644
--- a/.github/workflows/daily-testify-uber-super-expert.lock.yml
+++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml
@@ -263,21 +263,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_6ca4f81e357701d1_EOF'
+ cat << 'GH_AW_PROMPT_55b2136eb012d0c3_EOF'
- GH_AW_PROMPT_6ca4f81e357701d1_EOF
+ GH_AW_PROMPT_55b2136eb012d0c3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_6ca4f81e357701d1_EOF'
+ cat << 'GH_AW_PROMPT_55b2136eb012d0c3_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_6ca4f81e357701d1_EOF
+ GH_AW_PROMPT_55b2136eb012d0c3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_6ca4f81e357701d1_EOF'
+ cat << 'GH_AW_PROMPT_55b2136eb012d0c3_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -306,9 +306,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_6ca4f81e357701d1_EOF
+ GH_AW_PROMPT_55b2136eb012d0c3_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_6ca4f81e357701d1_EOF'
+ cat << 'GH_AW_PROMPT_55b2136eb012d0c3_EOF'
{{#runtime-import .github/workflows/shared/go-source-analysis.md}}
{{#runtime-import .github/workflows/shared/safe-output-app.md}}
@@ -321,7 +321,7 @@ jobs:
Serena is enabled for **["go"]** in `__GH_AW_GITHUB_WORKSPACE__`. Start by calling `activate_project` with that workspace path, then prefer Serena semantic tools for symbol lookup, references, docs, diagnostics, and structured edits.
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/daily-testify-uber-super-expert.md}}
- GH_AW_PROMPT_6ca4f81e357701d1_EOF
+ GH_AW_PROMPT_55b2136eb012d0c3_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -569,9 +569,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8bf2df27d7481d13_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_4d1f4d035e30a487_EOF'
{"create_issue":{"expires":48,"labels":["testing","code-quality","automated-analysis","cookie"],"max":1,"title_prefix":"[testify-expert] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":51200,"max_patch_size":10240}]},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_8bf2df27d7481d13_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_4d1f4d035e30a487_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -739,7 +739,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_e038212cc49aba08_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -814,7 +814,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_e038212cc49aba08_EOF
+ GH_AW_MCP_CONFIG_81258bd6aadd79ea_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1625,7 +1625,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml
index b7c51157910..b0b30aec075 100644
--- a/.github/workflows/docs-noob-tester.lock.yml
+++ b/.github/workflows/docs-noob-tester.lock.yml
@@ -254,23 +254,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_91bcaaaf7efdf6a4_EOF'
+ cat << 'GH_AW_PROMPT_4c23cb6a38b62095_EOF'
- GH_AW_PROMPT_91bcaaaf7efdf6a4_EOF
+ GH_AW_PROMPT_4c23cb6a38b62095_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/playwright_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_91bcaaaf7efdf6a4_EOF'
+ cat << 'GH_AW_PROMPT_4c23cb6a38b62095_EOF'
Tools: create_discussion, upload_asset(max:10), missing_tool, missing_data, noop
upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
- GH_AW_PROMPT_91bcaaaf7efdf6a4_EOF
+ GH_AW_PROMPT_4c23cb6a38b62095_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_91bcaaaf7efdf6a4_EOF'
+ cat << 'GH_AW_PROMPT_4c23cb6a38b62095_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -299,9 +299,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_91bcaaaf7efdf6a4_EOF
+ GH_AW_PROMPT_4c23cb6a38b62095_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_91bcaaaf7efdf6a4_EOF'
+ cat << 'GH_AW_PROMPT_4c23cb6a38b62095_EOF'
{{#runtime-import .github/workflows/shared/docs-server-lifecycle.md}}
{{#runtime-import .github/workflows/shared/keep-it-short.md}}
@@ -309,7 +309,7 @@ jobs:
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/docs-noob-tester.md}}
- GH_AW_PROMPT_91bcaaaf7efdf6a4_EOF
+ GH_AW_PROMPT_4c23cb6a38b62095_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -560,9 +560,9 @@ jobs:
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/assets"
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_018cf9478f5da242_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_46f9002ce820cde9_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[docs-noob-tester] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg",".svg"],"branch":"assets/${GITHUB_WORKFLOW}","max":10,"max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_018cf9478f5da242_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_46f9002ce820cde9_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -736,7 +736,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -798,7 +798,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1554,7 +1554,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml
index 3a8776d628b..cbb5a0c21bd 100644
--- a/.github/workflows/github-remote-mcp-auth-test.lock.yml
+++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml
@@ -258,20 +258,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_d415574d5aa32b44_EOF'
+ cat << 'GH_AW_PROMPT_6294c8db404abe0a_EOF'
- GH_AW_PROMPT_d415574d5aa32b44_EOF
+ GH_AW_PROMPT_6294c8db404abe0a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_d415574d5aa32b44_EOF'
+ cat << 'GH_AW_PROMPT_6294c8db404abe0a_EOF'
Tools: create_discussion, missing_tool, missing_data, noop
- GH_AW_PROMPT_d415574d5aa32b44_EOF
+ GH_AW_PROMPT_6294c8db404abe0a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_d415574d5aa32b44_EOF'
+ cat << 'GH_AW_PROMPT_6294c8db404abe0a_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -300,15 +300,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_d415574d5aa32b44_EOF
+ GH_AW_PROMPT_6294c8db404abe0a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_d415574d5aa32b44_EOF'
+ cat << 'GH_AW_PROMPT_6294c8db404abe0a_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/github-remote-mcp-auth-test.md}}
- GH_AW_PROMPT_d415574d5aa32b44_EOF
+ GH_AW_PROMPT_6294c8db404abe0a_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -532,9 +532,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_f49567b74760eec5_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_5e531cc32b2efdc0_EOF'
{"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[auth-test] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_f49567b74760eec5_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_5e531cc32b2efdc0_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -696,7 +696,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_8905bc3930404b6b_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_b46a4eac2d64d7dc_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -766,7 +766,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_8905bc3930404b6b_EOF
+ GH_AW_MCP_CONFIG_b46a4eac2d64d7dc_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1503,7 +1503,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml
index 19a268c80e5..4917086d501 100644
--- a/.github/workflows/smoke-agent-all-merged.lock.yml
+++ b/.github/workflows/smoke-agent-all-merged.lock.yml
@@ -1614,7 +1614,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml
index 484b6e76ee3..2dff5129a47 100644
--- a/.github/workflows/smoke-agent-all-none.lock.yml
+++ b/.github/workflows/smoke-agent-all-none.lock.yml
@@ -1614,7 +1614,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml
index b7f93da95f4..2cebdd38b61 100644
--- a/.github/workflows/smoke-agent-public-approved.lock.yml
+++ b/.github/workflows/smoke-agent-public-approved.lock.yml
@@ -1648,7 +1648,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml
index 52f4401dc05..673c09ebffd 100644
--- a/.github/workflows/smoke-agent-public-none.lock.yml
+++ b/.github/workflows/smoke-agent-public-none.lock.yml
@@ -1614,7 +1614,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml
index 207f27d63be..d2dddc12119 100644
--- a/.github/workflows/smoke-agent-scoped-approved.lock.yml
+++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml
@@ -1621,7 +1621,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-antigravity.lock.yml b/.github/workflows/smoke-antigravity.lock.yml
index 7933cca990a..cfb877101bf 100644
--- a/.github/workflows/smoke-antigravity.lock.yml
+++ b/.github/workflows/smoke-antigravity.lock.yml
@@ -348,21 +348,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_354354e1fe11886e_EOF'
+ cat << 'GH_AW_PROMPT_2d8c2817504948cf_EOF'
- GH_AW_PROMPT_354354e1fe11886e_EOF
+ GH_AW_PROMPT_2d8c2817504948cf_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_354354e1fe11886e_EOF'
+ cat << 'GH_AW_PROMPT_2d8c2817504948cf_EOF'
Tools: add_comment(max:2), create_issue, add_labels, missing_tool, missing_data, noop
- GH_AW_PROMPT_354354e1fe11886e_EOF
+ GH_AW_PROMPT_2d8c2817504948cf_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_354354e1fe11886e_EOF'
+ cat << 'GH_AW_PROMPT_2d8c2817504948cf_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -391,12 +391,12 @@ jobs:
{{/if}}
- GH_AW_PROMPT_354354e1fe11886e_EOF
+ GH_AW_PROMPT_2d8c2817504948cf_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_354354e1fe11886e_EOF'
+ cat << 'GH_AW_PROMPT_2d8c2817504948cf_EOF'
{{#runtime-import .github/workflows/shared/gh.md}}
{{#runtime-import .github/workflows/shared/reporting-otlp.md}}
@@ -404,7 +404,7 @@ jobs:
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-antigravity.md}}
- GH_AW_PROMPT_354354e1fe11886e_EOF
+ GH_AW_PROMPT_2d8c2817504948cf_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -652,9 +652,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_db23ca6d45fd037b_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_fe2c3f1c0bd9fc8f_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"add_labels":{"allowed":["smoke-antigravity"]},"create_issue":{"close_older_issues":true,"close_older_key":"smoke-antigravity","expires":2,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_db23ca6d45fd037b_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_fe2c3f1c0bd9fc8f_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -863,7 +863,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -908,7 +908,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1666,7 +1666,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml
index 1cfaef61c48..6707e86ead8 100644
--- a/.github/workflows/smoke-call-workflow.lock.yml
+++ b/.github/workflows/smoke-call-workflow.lock.yml
@@ -311,20 +311,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_f9286209d2d0acf8_EOF'
+ cat << 'GH_AW_PROMPT_1e9aa6197bd0deb7_EOF'
- GH_AW_PROMPT_f9286209d2d0acf8_EOF
+ GH_AW_PROMPT_1e9aa6197bd0deb7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_f9286209d2d0acf8_EOF'
+ cat << 'GH_AW_PROMPT_1e9aa6197bd0deb7_EOF'
Tools: call_workflow, missing_tool, missing_data, noop
- GH_AW_PROMPT_f9286209d2d0acf8_EOF
+ GH_AW_PROMPT_1e9aa6197bd0deb7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_f9286209d2d0acf8_EOF'
+ cat << 'GH_AW_PROMPT_1e9aa6197bd0deb7_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -353,16 +353,16 @@ jobs:
{{/if}}
- GH_AW_PROMPT_f9286209d2d0acf8_EOF
+ GH_AW_PROMPT_1e9aa6197bd0deb7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_f9286209d2d0acf8_EOF'
+ cat << 'GH_AW_PROMPT_1e9aa6197bd0deb7_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/smoke-call-workflow.md}}
- GH_AW_PROMPT_f9286209d2d0acf8_EOF
+ GH_AW_PROMPT_1e9aa6197bd0deb7_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -586,9 +586,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_61dd02c72f53ba9d_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_3427c87d65c57f80_EOF'
{"call_workflow":{"max":1,"workflow_files":{"smoke-workflow-call":"./.github/workflows/smoke-workflow-call.lock.yml"},"workflows":["smoke-workflow-call"]},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_61dd02c72f53ba9d_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_3427c87d65c57f80_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -745,7 +745,7 @@ jobs:
DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0')
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
- cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_a5fa731b9ce6679a_EOF
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_326bc1d844630eac_EOF
[history]
persistence = "none"
@@ -773,11 +773,11 @@ jobs:
[mcp_servers.safeoutputs."guard-policies".write-sink]
accept = ["*"]
- GH_AW_MCP_CONFIG_a5fa731b9ce6679a_EOF
+ GH_AW_MCP_CONFIG_326bc1d844630eac_EOF
# Generate JSON config for MCP gateway
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_d39699d1b063f094_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_127079b3ae1cd520_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -837,11 +837,11 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_d39699d1b063f094_EOF
+ GH_AW_MCP_CONFIG_127079b3ae1cd520_EOF
# Sync converter output to writable CODEX_HOME for Codex
mkdir -p /tmp/gh-aw/mcp-config
- cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_929fca99db4cd5ec_EOF
+ cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_47d4538748fe3213_EOF
model_provider = "openai-proxy"
@@ -853,7 +853,7 @@ jobs:
[shell_environment_policy]
inherit = "core"
include_only = ["^CODEX_API_KEY$", "^GH_AW_ASSETS_ALLOWED_EXTS$", "^GH_AW_ASSETS_BRANCH$", "^GH_AW_ASSETS_MAX_SIZE_KB$", "^GH_AW_SAFE_OUTPUTS$", "^GITHUB_PERSONAL_ACCESS_TOKEN$", "^GITHUB_REPOSITORY$", "^GITHUB_SERVER_URL$", "^HOME$", "^OPENAI_API_KEY$", "^PATH$"]
- GH_AW_CODEX_SHELL_POLICY_929fca99db4cd5ec_EOF
+ GH_AW_CODEX_SHELL_POLICY_47d4538748fe3213_EOF
awk '
BEGIN { skip_openai_proxy = 0 }
/^[[:space:]]*model_provider[[:space:]]*=/ { next }
@@ -1612,7 +1612,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml
index 374585333d2..165f00f0592 100644
--- a/.github/workflows/smoke-claude.lock.yml
+++ b/.github/workflows/smoke-claude.lock.yml
@@ -2455,7 +2455,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml
index 750f3501562..d45bfb00ab9 100644
--- a/.github/workflows/smoke-codex.lock.yml
+++ b/.github/workflows/smoke-codex.lock.yml
@@ -323,25 +323,25 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_370ba7656cfd048e_EOF'
+ cat << 'GH_AW_PROMPT_5315c6df59ccee24_EOF'
- GH_AW_PROMPT_370ba7656cfd048e_EOF
+ GH_AW_PROMPT_5315c6df59ccee24_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/playwright_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_370ba7656cfd048e_EOF'
+ cat << 'GH_AW_PROMPT_5315c6df59ccee24_EOF'
Tools: add_comment(max:2), create_issue, add_labels, remove_labels, unassign_from_user, hide_comment(max:5), set_issue_field, missing_tool, missing_data, noop, add_smoked_label
- GH_AW_PROMPT_370ba7656cfd048e_EOF
+ GH_AW_PROMPT_5315c6df59ccee24_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_comment_memory.md"
- cat << 'GH_AW_PROMPT_370ba7656cfd048e_EOF'
+ cat << 'GH_AW_PROMPT_5315c6df59ccee24_EOF'
- GH_AW_PROMPT_370ba7656cfd048e_EOF
+ GH_AW_PROMPT_5315c6df59ccee24_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_370ba7656cfd048e_EOF'
+ cat << 'GH_AW_PROMPT_5315c6df59ccee24_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -383,12 +383,12 @@ jobs:
stop immediately and report the limitation rather than spending turns trying to work around it.
- GH_AW_PROMPT_370ba7656cfd048e_EOF
+ GH_AW_PROMPT_5315c6df59ccee24_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_370ba7656cfd048e_EOF'
+ cat << 'GH_AW_PROMPT_5315c6df59ccee24_EOF'
{{#runtime-import .github/workflows/shared/gh.md}}
{{#runtime-import .github/workflows/shared/reporting-otlp.md}}
@@ -401,7 +401,7 @@ jobs:
Serena is enabled for **["go"]** in `__GH_AW_GITHUB_WORKSPACE__`. Start by calling `activate_project` with that workspace path, then prefer Serena semantic tools for symbol lookup, references, docs, diagnostics, and structured edits.
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-codex.md}}
- GH_AW_PROMPT_370ba7656cfd048e_EOF
+ GH_AW_PROMPT_5315c6df59ccee24_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -686,9 +686,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_65a8c075d253af1f_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_d80c5784e24841f3_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"add_labels":{"allowed":["smoke-codex"]},"add_smoked_label":true,"comment_memory":{"max":1,"memory_id":"default"},"create_issue":{"close_older_issues":true,"close_older_key":"smoke-codex","expires":2,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"hide_comment":{"max":5},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"remove_labels":{"allowed":["smoke"]},"report_incomplete":{},"set_issue_field":{"allowed_fields":["*"],"max":1},"unassign_from_user":{"allowed":["githubactionagent"],"max":1}}
- GH_AW_SAFE_OUTPUTS_CONFIG_65a8c075d253af1f_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_d80c5784e24841f3_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -1043,7 +1043,7 @@ jobs:
DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0')
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
- cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_3d6ff0ef172f3ee3_EOF
+ cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_e1c0287b7ca0447a_EOF
[history]
persistence = "none"
@@ -1078,11 +1078,11 @@ jobs:
[mcp_servers.serena."guard-policies".write-sink]
accept = ["*"]
- GH_AW_MCP_CONFIG_3d6ff0ef172f3ee3_EOF
+ GH_AW_MCP_CONFIG_e1c0287b7ca0447a_EOF
# Generate JSON config for MCP gateway
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_5d9dfcc4cd7406b9_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_eec889b1c22482e6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -1153,11 +1153,11 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_5d9dfcc4cd7406b9_EOF
+ GH_AW_MCP_CONFIG_eec889b1c22482e6_EOF
# Sync converter output to writable CODEX_HOME for Codex
mkdir -p /tmp/gh-aw/mcp-config
- cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_843b5f425ba46e83_EOF
+ cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_d8326fb8068eb0d4_EOF
model_provider = "openai-proxy"
@@ -1169,7 +1169,7 @@ jobs:
[shell_environment_policy]
inherit = "core"
include_only = ["^CODEX_API_KEY$", "^GH_AW_ASSETS_ALLOWED_EXTS$", "^GH_AW_ASSETS_BRANCH$", "^GH_AW_ASSETS_MAX_SIZE_KB$", "^GH_AW_SAFE_OUTPUTS$", "^GITHUB_REPOSITORY$", "^GITHUB_SERVER_URL$", "^HOME$", "^OPENAI_API_KEY$", "^PATH$"]
- GH_AW_CODEX_SHELL_POLICY_843b5f425ba46e83_EOF
+ GH_AW_CODEX_SHELL_POLICY_d8326fb8068eb0d4_EOF
awk '
BEGIN { skip_openai_proxy = 0 }
/^[[:space:]]*model_provider[[:space:]]*=/ { next }
@@ -1979,7 +1979,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-copilot-aoai-apikey.lock.yml b/.github/workflows/smoke-copilot-aoai-apikey.lock.yml
index a03e85905ca..7e3c5724b9a 100644
--- a/.github/workflows/smoke-copilot-aoai-apikey.lock.yml
+++ b/.github/workflows/smoke-copilot-aoai-apikey.lock.yml
@@ -2633,7 +2633,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-copilot-aoai-entra.lock.yml b/.github/workflows/smoke-copilot-aoai-entra.lock.yml
index 5303e078a28..87c50e73ccd 100644
--- a/.github/workflows/smoke-copilot-aoai-entra.lock.yml
+++ b/.github/workflows/smoke-copilot-aoai-entra.lock.yml
@@ -2639,7 +2639,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml
index 3b898831ca8..0cad9d7c710 100644
--- a/.github/workflows/smoke-copilot-arm.lock.yml
+++ b/.github/workflows/smoke-copilot-arm.lock.yml
@@ -2486,7 +2486,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-copilot-sdk.lock.yml b/.github/workflows/smoke-copilot-sdk.lock.yml
index a9b16a2af4f..b8897e44637 100644
--- a/.github/workflows/smoke-copilot-sdk.lock.yml
+++ b/.github/workflows/smoke-copilot-sdk.lock.yml
@@ -302,20 +302,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_fe74274cd87feed3_EOF'
+ cat << 'GH_AW_PROMPT_228410af7e901e88_EOF'
- GH_AW_PROMPT_fe74274cd87feed3_EOF
+ GH_AW_PROMPT_228410af7e901e88_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_fe74274cd87feed3_EOF'
+ cat << 'GH_AW_PROMPT_228410af7e901e88_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_fe74274cd87feed3_EOF
+ GH_AW_PROMPT_228410af7e901e88_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_fe74274cd87feed3_EOF'
+ cat << 'GH_AW_PROMPT_228410af7e901e88_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -344,15 +344,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_fe74274cd87feed3_EOF
+ GH_AW_PROMPT_228410af7e901e88_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_fe74274cd87feed3_EOF'
+ cat << 'GH_AW_PROMPT_228410af7e901e88_EOF'
{{#runtime-import .github/workflows/smoke-copilot-sdk.md}}
- GH_AW_PROMPT_fe74274cd87feed3_EOF
+ GH_AW_PROMPT_228410af7e901e88_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -577,9 +577,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_482e3001c8329d97_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_1f77e75ffdd5cb4d_EOF'
{"create_issue":{"close_older_issues":true,"close_older_key":"smoke-copilot-sdk","expires":2,"group":true,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_482e3001c8329d97_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_1f77e75ffdd5cb4d_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -749,7 +749,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_2ed48797ea52df3f_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_c70c556baaebe8bb_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -806,7 +806,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_2ed48797ea52df3f_EOF
+ GH_AW_MCP_CONFIG_c70c556baaebe8bb_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1554,7 +1554,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml
index 6c1a93c6cf0..57eb7b3112c 100644
--- a/.github/workflows/smoke-copilot.lock.yml
+++ b/.github/workflows/smoke-copilot.lock.yml
@@ -2636,7 +2636,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml
index 41a0ed97681..536f2bd1bf2 100644
--- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml
+++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml
@@ -304,23 +304,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_a65d2c5788adf62f_EOF'
+ cat << 'GH_AW_PROMPT_6e6e42239f1dbf7d_EOF'
- GH_AW_PROMPT_a65d2c5788adf62f_EOF
+ GH_AW_PROMPT_6e6e42239f1dbf7d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_a65d2c5788adf62f_EOF'
+ cat << 'GH_AW_PROMPT_6e6e42239f1dbf7d_EOF'
Tools: add_comment(max:2), create_issue, create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_a65d2c5788adf62f_EOF
+ GH_AW_PROMPT_6e6e42239f1dbf7d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_a65d2c5788adf62f_EOF'
+ cat << 'GH_AW_PROMPT_6e6e42239f1dbf7d_EOF'
- GH_AW_PROMPT_a65d2c5788adf62f_EOF
+ GH_AW_PROMPT_6e6e42239f1dbf7d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_a65d2c5788adf62f_EOF'
+ cat << 'GH_AW_PROMPT_6e6e42239f1dbf7d_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -362,16 +362,16 @@ jobs:
stop immediately and report the limitation rather than spending turns trying to work around it.
- GH_AW_PROMPT_a65d2c5788adf62f_EOF
+ GH_AW_PROMPT_6e6e42239f1dbf7d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_a65d2c5788adf62f_EOF'
+ cat << 'GH_AW_PROMPT_6e6e42239f1dbf7d_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/smoke-create-cross-repo-pr.md}}
- GH_AW_PROMPT_a65d2c5788adf62f_EOF
+ GH_AW_PROMPT_6e6e42239f1dbf7d_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -619,9 +619,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_e4ebdce2dc5cf57e_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_1818ed76c9e95114_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"create_issue":{"close_older_issues":true,"expires":2,"labels":["automation","testing"],"max":1},"create_pull_request":{"draft":true,"expires":24,"fallback_as_issue":false,"github-token":"${GH_AW_SECRET_GH_AW_SIDE_REPO_PAT}","if_no_changes":"error","labels":["smoke-test"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","target-repo":"github/gh-aw-side-repo","title_prefix":"[smoke] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_e4ebdce2dc5cf57e_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_1818ed76c9e95114_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -856,7 +856,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -918,7 +918,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1689,7 +1689,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-crush.lock.yml b/.github/workflows/smoke-crush.lock.yml
index 635789217b1..2f29eba7e02 100644
--- a/.github/workflows/smoke-crush.lock.yml
+++ b/.github/workflows/smoke-crush.lock.yml
@@ -310,20 +310,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_34c8daaea30bcc23_EOF'
+ cat << 'GH_AW_PROMPT_7136928fa05f6ebe_EOF'
- GH_AW_PROMPT_34c8daaea30bcc23_EOF
+ GH_AW_PROMPT_7136928fa05f6ebe_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_34c8daaea30bcc23_EOF'
+ cat << 'GH_AW_PROMPT_7136928fa05f6ebe_EOF'
Tools: add_comment(max:2), create_issue, add_labels, missing_tool, missing_data, noop
- GH_AW_PROMPT_34c8daaea30bcc23_EOF
+ GH_AW_PROMPT_7136928fa05f6ebe_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_34c8daaea30bcc23_EOF'
+ cat << 'GH_AW_PROMPT_7136928fa05f6ebe_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -352,19 +352,19 @@ jobs:
{{/if}}
- GH_AW_PROMPT_34c8daaea30bcc23_EOF
+ GH_AW_PROMPT_7136928fa05f6ebe_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_34c8daaea30bcc23_EOF'
+ cat << 'GH_AW_PROMPT_7136928fa05f6ebe_EOF'
{{#runtime-import .github/workflows/shared/gh.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-crush.md}}
- GH_AW_PROMPT_34c8daaea30bcc23_EOF
+ GH_AW_PROMPT_7136928fa05f6ebe_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -590,9 +590,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_7836d6e2885c0050_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_0d267a9995038d27_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"add_labels":{"allowed":["smoke-crush"]},"create_issue":{"close_older_issues":true,"expires":2,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_7836d6e2885c0050_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_0d267a9995038d27_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -804,7 +804,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_d39699d1b063f094_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_127079b3ae1cd520_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -864,7 +864,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_d39699d1b063f094_EOF
+ GH_AW_MCP_CONFIG_127079b3ae1cd520_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1560,7 +1560,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml
index 64caa2cb84e..0e1b3e23797 100644
--- a/.github/workflows/smoke-gemini.lock.yml
+++ b/.github/workflows/smoke-gemini.lock.yml
@@ -349,21 +349,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_4bff0360ea1c1fdd_EOF'
+ cat << 'GH_AW_PROMPT_13366d92a8d2cf24_EOF'
- GH_AW_PROMPT_4bff0360ea1c1fdd_EOF
+ GH_AW_PROMPT_13366d92a8d2cf24_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_4bff0360ea1c1fdd_EOF'
+ cat << 'GH_AW_PROMPT_13366d92a8d2cf24_EOF'
Tools: add_comment(max:2), create_issue, add_labels, missing_tool, missing_data, noop
- GH_AW_PROMPT_4bff0360ea1c1fdd_EOF
+ GH_AW_PROMPT_13366d92a8d2cf24_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_4bff0360ea1c1fdd_EOF'
+ cat << 'GH_AW_PROMPT_13366d92a8d2cf24_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -392,12 +392,12 @@ jobs:
{{/if}}
- GH_AW_PROMPT_4bff0360ea1c1fdd_EOF
+ GH_AW_PROMPT_13366d92a8d2cf24_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_4bff0360ea1c1fdd_EOF'
+ cat << 'GH_AW_PROMPT_13366d92a8d2cf24_EOF'
{{#runtime-import .github/workflows/shared/gh.md}}
{{#runtime-import .github/workflows/shared/reporting-otlp.md}}
@@ -405,7 +405,7 @@ jobs:
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-gemini.md}}
- GH_AW_PROMPT_4bff0360ea1c1fdd_EOF
+ GH_AW_PROMPT_13366d92a8d2cf24_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -656,9 +656,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b7a72f6843550ce4_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_7c525b0f2e6670e9_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"add_labels":{"allowed":["smoke-gemini"]},"create_issue":{"close_older_issues":true,"close_older_key":"smoke-gemini","expires":2,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_b7a72f6843550ce4_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_7c525b0f2e6670e9_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -867,7 +867,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -912,7 +912,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1672,7 +1672,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml
index 6734ffd2921..8c31ae12b1e 100644
--- a/.github/workflows/smoke-multi-pr.lock.yml
+++ b/.github/workflows/smoke-multi-pr.lock.yml
@@ -309,23 +309,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_9206afef35f3da03_EOF'
+ cat << 'GH_AW_PROMPT_80845df11aa1a675_EOF'
- GH_AW_PROMPT_9206afef35f3da03_EOF
+ GH_AW_PROMPT_80845df11aa1a675_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_9206afef35f3da03_EOF'
+ cat << 'GH_AW_PROMPT_80845df11aa1a675_EOF'
Tools: add_comment, create_pull_request(max:2), missing_tool, missing_data, noop
- GH_AW_PROMPT_9206afef35f3da03_EOF
+ GH_AW_PROMPT_80845df11aa1a675_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_9206afef35f3da03_EOF'
+ cat << 'GH_AW_PROMPT_80845df11aa1a675_EOF'
- GH_AW_PROMPT_9206afef35f3da03_EOF
+ GH_AW_PROMPT_80845df11aa1a675_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_9206afef35f3da03_EOF'
+ cat << 'GH_AW_PROMPT_80845df11aa1a675_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -354,17 +354,17 @@ jobs:
{{/if}}
- GH_AW_PROMPT_9206afef35f3da03_EOF
+ GH_AW_PROMPT_80845df11aa1a675_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_9206afef35f3da03_EOF'
+ cat << 'GH_AW_PROMPT_80845df11aa1a675_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-multi-pr.md}}
- GH_AW_PROMPT_9206afef35f3da03_EOF
+ GH_AW_PROMPT_80845df11aa1a675_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -586,9 +586,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_9973d5c4429af48c_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_cf02acdd3c26e1ca_EOF'
{"add_comment":{"hide_older_comments":true,"max":1},"create_pull_request":{"expires":2,"if_no_changes":"warn","labels":["ai-generated"],"max":2,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[smoke-multi-pr] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_9973d5c4429af48c_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_cf02acdd3c26e1ca_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -786,7 +786,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -848,7 +848,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1633,7 +1633,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-opencode.lock.yml b/.github/workflows/smoke-opencode.lock.yml
index 451b486963a..e6680b8ccb6 100644
--- a/.github/workflows/smoke-opencode.lock.yml
+++ b/.github/workflows/smoke-opencode.lock.yml
@@ -312,20 +312,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_f6617ddd70fb7101_EOF'
+ cat << 'GH_AW_PROMPT_2a98ed4f634b97b9_EOF'
- GH_AW_PROMPT_f6617ddd70fb7101_EOF
+ GH_AW_PROMPT_2a98ed4f634b97b9_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_f6617ddd70fb7101_EOF'
+ cat << 'GH_AW_PROMPT_2a98ed4f634b97b9_EOF'
Tools: add_comment(max:2), create_issue, add_labels, missing_tool, missing_data, noop
- GH_AW_PROMPT_f6617ddd70fb7101_EOF
+ GH_AW_PROMPT_2a98ed4f634b97b9_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_f6617ddd70fb7101_EOF'
+ cat << 'GH_AW_PROMPT_2a98ed4f634b97b9_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -354,12 +354,12 @@ jobs:
{{/if}}
- GH_AW_PROMPT_f6617ddd70fb7101_EOF
+ GH_AW_PROMPT_2a98ed4f634b97b9_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_f6617ddd70fb7101_EOF'
+ cat << 'GH_AW_PROMPT_2a98ed4f634b97b9_EOF'
{{#runtime-import .github/workflows/shared/gh.md}}
{{#runtime-import .github/workflows/shared/reporting-otlp.md}}
@@ -367,7 +367,7 @@ jobs:
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-opencode.md}}
- GH_AW_PROMPT_f6617ddd70fb7101_EOF
+ GH_AW_PROMPT_2a98ed4f634b97b9_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -594,9 +594,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_4eaf09afe17c985f_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_95a6122e5be4a441_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"add_labels":{"allowed":["smoke-opencode"]},"create_issue":{"close_older_issues":true,"close_older_key":"smoke-opencode","expires":2,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_4eaf09afe17c985f_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_95a6122e5be4a441_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -808,7 +808,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_d39699d1b063f094_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_127079b3ae1cd520_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -868,7 +868,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_d39699d1b063f094_EOF
+ GH_AW_MCP_CONFIG_127079b3ae1cd520_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1563,7 +1563,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-otel-backends.lock.yml b/.github/workflows/smoke-otel-backends.lock.yml
index bcfd13ab9f5..c2da01d5d9d 100644
--- a/.github/workflows/smoke-otel-backends.lock.yml
+++ b/.github/workflows/smoke-otel-backends.lock.yml
@@ -336,20 +336,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_fe0cff616aa2658e_EOF'
+ cat << 'GH_AW_PROMPT_f20b29eaba2a2cc7_EOF'
- GH_AW_PROMPT_fe0cff616aa2658e_EOF
+ GH_AW_PROMPT_f20b29eaba2a2cc7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_fe0cff616aa2658e_EOF'
+ cat << 'GH_AW_PROMPT_f20b29eaba2a2cc7_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_fe0cff616aa2658e_EOF
+ GH_AW_PROMPT_f20b29eaba2a2cc7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_fe0cff616aa2658e_EOF'
+ cat << 'GH_AW_PROMPT_f20b29eaba2a2cc7_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -378,12 +378,12 @@ jobs:
{{/if}}
- GH_AW_PROMPT_fe0cff616aa2658e_EOF
+ GH_AW_PROMPT_f20b29eaba2a2cc7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_fe0cff616aa2658e_EOF'
+ cat << 'GH_AW_PROMPT_f20b29eaba2a2cc7_EOF'
{{#runtime-import .github/workflows/shared/mcp/datadog.md}}
{{#runtime-import .github/workflows/shared/mcp/grafana.md}}
@@ -393,7 +393,7 @@ jobs:
{{#runtime-import .github/workflows/shared/grafana.md}}
{{#runtime-import .github/workflows/shared/datadog.md}}
{{#runtime-import .github/workflows/smoke-otel-backends.md}}
- GH_AW_PROMPT_fe0cff616aa2658e_EOF
+ GH_AW_PROMPT_f20b29eaba2a2cc7_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -625,9 +625,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_9ddfadab0a851780_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_0ddba8c3e9635a64_EOF'
{"create_issue":{"close_older_issues":true,"close_older_key":"smoke-otel-backends","expires":2,"labels":["automation","testing","observability"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_9ddfadab0a851780_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_0ddba8c3e9635a64_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -804,7 +804,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_964755345220100a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_4e9e5904ecccd2ae_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"datadog": {
@@ -947,7 +947,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_964755345220100a_EOF
+ GH_AW_MCP_CONFIG_4e9e5904ecccd2ae_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1727,7 +1727,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-pi.lock.yml b/.github/workflows/smoke-pi.lock.yml
index 461445e41ed..515ea856fd3 100644
--- a/.github/workflows/smoke-pi.lock.yml
+++ b/.github/workflows/smoke-pi.lock.yml
@@ -314,21 +314,21 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_ff367b116ec16fee_EOF'
+ cat << 'GH_AW_PROMPT_5b5a2f16e53ecd6a_EOF'
- GH_AW_PROMPT_ff367b116ec16fee_EOF
+ GH_AW_PROMPT_5b5a2f16e53ecd6a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_ff367b116ec16fee_EOF'
+ cat << 'GH_AW_PROMPT_5b5a2f16e53ecd6a_EOF'
Tools: add_comment(max:2), create_issue, add_labels, missing_tool, missing_data, noop
- GH_AW_PROMPT_ff367b116ec16fee_EOF
+ GH_AW_PROMPT_5b5a2f16e53ecd6a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_ff367b116ec16fee_EOF'
+ cat << 'GH_AW_PROMPT_5b5a2f16e53ecd6a_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -357,19 +357,19 @@ jobs:
{{/if}}
- GH_AW_PROMPT_ff367b116ec16fee_EOF
+ GH_AW_PROMPT_5b5a2f16e53ecd6a_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_ff367b116ec16fee_EOF'
+ cat << 'GH_AW_PROMPT_5b5a2f16e53ecd6a_EOF'
{{#runtime-import .github/workflows/shared/gh.md}}
{{#runtime-import .github/workflows/shared/reporting-otlp.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/smoke-pi.md}}
- GH_AW_PROMPT_ff367b116ec16fee_EOF
+ GH_AW_PROMPT_5b5a2f16e53ecd6a_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -624,9 +624,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_9b624d3581ddba6d_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_984554a83e43c589_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"add_labels":{"allowed":["smoke-pi"]},"create_issue":{"close_older_issues":true,"close_older_key":"smoke-pi","expires":2,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_9b624d3581ddba6d_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_984554a83e43c589_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -836,7 +836,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.27'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_317d62f563f888f6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -881,7 +881,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_317d62f563f888f6_EOF
+ GH_AW_MCP_CONFIG_5a62c05d6d2f1358_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1634,7 +1634,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml
index 311a3bc19e5..fa632519107 100644
--- a/.github/workflows/smoke-project.lock.yml
+++ b/.github/workflows/smoke-project.lock.yml
@@ -347,23 +347,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_d51744f2cfdabe27_EOF'
+ cat << 'GH_AW_PROMPT_a0507a40057c6822_EOF'
- GH_AW_PROMPT_d51744f2cfdabe27_EOF
+ GH_AW_PROMPT_a0507a40057c6822_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_d51744f2cfdabe27_EOF'
+ cat << 'GH_AW_PROMPT_a0507a40057c6822_EOF'
Tools: add_comment(max:2), create_issue, create_pull_request, add_labels, remove_labels, update_project(max:20), create_project_status_update, missing_tool, missing_data, noop
- GH_AW_PROMPT_d51744f2cfdabe27_EOF
+ GH_AW_PROMPT_a0507a40057c6822_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_d51744f2cfdabe27_EOF'
+ cat << 'GH_AW_PROMPT_a0507a40057c6822_EOF'
- GH_AW_PROMPT_d51744f2cfdabe27_EOF
+ GH_AW_PROMPT_a0507a40057c6822_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_d51744f2cfdabe27_EOF'
+ cat << 'GH_AW_PROMPT_a0507a40057c6822_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -392,17 +392,17 @@ jobs:
{{/if}}
- GH_AW_PROMPT_d51744f2cfdabe27_EOF
+ GH_AW_PROMPT_a0507a40057c6822_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_d51744f2cfdabe27_EOF'
+ cat << 'GH_AW_PROMPT_a0507a40057c6822_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-project.md}}
- GH_AW_PROMPT_d51744f2cfdabe27_EOF
+ GH_AW_PROMPT_a0507a40057c6822_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -630,9 +630,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_cfa787d65b4c610d_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_7b10df5a79670f7d_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"add_labels":{"allowed":["smoke-project"]},"create_issue":{"close_older_issues":true,"expires":2,"group":true,"labels":["ai-generated","automation","testing"],"max":1},"create_project_status_update":{"github-token":"${GH_AW_SECRET_GH_AW_PROJECT_GITHUB_TOKEN}","max":1,"project":"https://github.com/orgs/github/projects/24068"},"create_pull_request":{"expires":2,"if_no_changes":"warn","labels":["ai-generated"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[smoke-project] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"remove_labels":{"allowed":["smoke-project"]},"report_incomplete":{},"update_project":{"github-token":"${GH_AW_SECRET_GH_AW_PROJECT_GITHUB_TOKEN}","max":20,"project":"https://github.com/orgs/github/projects/24068","views":[{"name":"Smoke Test Board","layout":"board","filter":"is:open"}]}}
- GH_AW_SAFE_OUTPUTS_CONFIG_cfa787d65b4c610d_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_7b10df5a79670f7d_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -991,7 +991,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -1053,7 +1053,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1821,7 +1821,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-service-ports.lock.yml b/.github/workflows/smoke-service-ports.lock.yml
index d8a654d1567..de10d4fe4e8 100644
--- a/.github/workflows/smoke-service-ports.lock.yml
+++ b/.github/workflows/smoke-service-ports.lock.yml
@@ -301,20 +301,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_97051c4311ad7332_EOF'
+ cat << 'GH_AW_PROMPT_8676aedd5232efa7_EOF'
- GH_AW_PROMPT_97051c4311ad7332_EOF
+ GH_AW_PROMPT_8676aedd5232efa7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_97051c4311ad7332_EOF'
+ cat << 'GH_AW_PROMPT_8676aedd5232efa7_EOF'
Tools: add_comment(max:2), missing_tool, missing_data, noop
- GH_AW_PROMPT_97051c4311ad7332_EOF
+ GH_AW_PROMPT_8676aedd5232efa7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_97051c4311ad7332_EOF'
+ cat << 'GH_AW_PROMPT_8676aedd5232efa7_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -343,16 +343,16 @@ jobs:
{{/if}}
- GH_AW_PROMPT_97051c4311ad7332_EOF
+ GH_AW_PROMPT_8676aedd5232efa7_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_97051c4311ad7332_EOF'
+ cat << 'GH_AW_PROMPT_8676aedd5232efa7_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/smoke-service-ports.md}}
- GH_AW_PROMPT_97051c4311ad7332_EOF
+ GH_AW_PROMPT_8676aedd5232efa7_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -580,9 +580,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_fa7eae974840a053_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_84ab1bf6f77385c4_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_fa7eae974840a053_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_84ab1bf6f77385c4_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -737,7 +737,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -799,7 +799,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1557,7 +1557,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml
index da6311475cd..084570dd046 100644
--- a/.github/workflows/smoke-temporary-id.lock.yml
+++ b/.github/workflows/smoke-temporary-id.lock.yml
@@ -345,20 +345,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_1209c6df7944b207_EOF'
+ cat << 'GH_AW_PROMPT_42902931571bc859_EOF'
- GH_AW_PROMPT_1209c6df7944b207_EOF
+ GH_AW_PROMPT_42902931571bc859_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_1209c6df7944b207_EOF'
+ cat << 'GH_AW_PROMPT_42902931571bc859_EOF'
Tools: add_comment(max:2), create_issue(max:5), link_sub_issue(max:3), missing_tool, missing_data, noop
- GH_AW_PROMPT_1209c6df7944b207_EOF
+ GH_AW_PROMPT_42902931571bc859_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_1209c6df7944b207_EOF'
+ cat << 'GH_AW_PROMPT_42902931571bc859_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -387,17 +387,17 @@ jobs:
{{/if}}
- GH_AW_PROMPT_1209c6df7944b207_EOF
+ GH_AW_PROMPT_42902931571bc859_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_1209c6df7944b207_EOF'
+ cat << 'GH_AW_PROMPT_42902931571bc859_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-temporary-id.md}}
- GH_AW_PROMPT_1209c6df7944b207_EOF
+ GH_AW_PROMPT_42902931571bc859_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -622,9 +622,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_77d2bfab59fdf5a7_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_578f8bf3075d3ca4_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"create_issue":{"close_older_issues":true,"expires":2,"group":true,"labels":["ai-generated","automation","testing"],"max":5,"title_prefix":"[smoke-temporary-id] "},"create_report_incomplete_issue":{},"link_sub_issue":{"max":3},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_77d2bfab59fdf5a7_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_578f8bf3075d3ca4_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -837,7 +837,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -899,7 +899,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1664,7 +1664,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml
index 4c1ae59cce7..6b98e49388d 100644
--- a/.github/workflows/smoke-test-tools.lock.yml
+++ b/.github/workflows/smoke-test-tools.lock.yml
@@ -313,20 +313,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_b2e3fb5c2a5be738_EOF'
+ cat << 'GH_AW_PROMPT_697463475cfdd779_EOF'
- GH_AW_PROMPT_b2e3fb5c2a5be738_EOF
+ GH_AW_PROMPT_697463475cfdd779_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_b2e3fb5c2a5be738_EOF'
+ cat << 'GH_AW_PROMPT_697463475cfdd779_EOF'
Tools: add_comment(max:2), missing_tool, missing_data, noop
- GH_AW_PROMPT_b2e3fb5c2a5be738_EOF
+ GH_AW_PROMPT_697463475cfdd779_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_b2e3fb5c2a5be738_EOF'
+ cat << 'GH_AW_PROMPT_697463475cfdd779_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -355,17 +355,17 @@ jobs:
{{/if}}
- GH_AW_PROMPT_b2e3fb5c2a5be738_EOF
+ GH_AW_PROMPT_697463475cfdd779_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_b2e3fb5c2a5be738_EOF'
+ cat << 'GH_AW_PROMPT_697463475cfdd779_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-test-tools.md}}
- GH_AW_PROMPT_b2e3fb5c2a5be738_EOF
+ GH_AW_PROMPT_697463475cfdd779_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -612,9 +612,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_fa7eae974840a053_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_84ab1bf6f77385c4_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_fa7eae974840a053_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_84ab1bf6f77385c4_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -769,7 +769,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -831,7 +831,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1589,7 +1589,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml
index 1281468b18c..c30191a61b7 100644
--- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml
+++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml
@@ -304,24 +304,24 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_53cfb9ec20ba1056_EOF'
+ cat << 'GH_AW_PROMPT_52010c97baa700b8_EOF'
- GH_AW_PROMPT_53cfb9ec20ba1056_EOF
+ GH_AW_PROMPT_52010c97baa700b8_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_53cfb9ec20ba1056_EOF'
+ cat << 'GH_AW_PROMPT_52010c97baa700b8_EOF'
Tools: add_comment(max:2), create_issue, push_to_pull_request_branch, missing_tool, missing_data, noop
- GH_AW_PROMPT_53cfb9ec20ba1056_EOF
+ GH_AW_PROMPT_52010c97baa700b8_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
- cat << 'GH_AW_PROMPT_53cfb9ec20ba1056_EOF'
+ cat << 'GH_AW_PROMPT_52010c97baa700b8_EOF'
- GH_AW_PROMPT_53cfb9ec20ba1056_EOF
+ GH_AW_PROMPT_52010c97baa700b8_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_53cfb9ec20ba1056_EOF'
+ cat << 'GH_AW_PROMPT_52010c97baa700b8_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -363,7 +363,7 @@ jobs:
stop immediately and report the limitation rather than spending turns trying to work around it.
- GH_AW_PROMPT_53cfb9ec20ba1056_EOF
+ GH_AW_PROMPT_52010c97baa700b8_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
@@ -371,11 +371,11 @@ jobs:
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_push_to_pr_branch_guidance.md"
fi
- cat << 'GH_AW_PROMPT_53cfb9ec20ba1056_EOF'
+ cat << 'GH_AW_PROMPT_52010c97baa700b8_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/smoke-update-cross-repo-pr.md}}
- GH_AW_PROMPT_53cfb9ec20ba1056_EOF
+ GH_AW_PROMPT_52010c97baa700b8_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -654,9 +654,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_b46b2a3368a74929_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_d1d7b065ffd02987_EOF'
{"add_comment":{"hide_older_comments":true,"max":2},"create_issue":{"close_older_issues":true,"expires":2,"labels":["automation","testing"],"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_to_pull_request_branch":{"github-token":"${GH_AW_SECRET_GH_AW_SIDE_REPO_PAT}","if_no_changes":"error","max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"target":"1","target-repo":"github/gh-aw-side-repo"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_b46b2a3368a74929_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_d1d7b065ffd02987_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -868,7 +868,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -930,7 +930,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1723,7 +1723,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: >
diff --git a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml
index 66fd4c391c0..a32b5df7d21 100644
--- a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml
+++ b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml
@@ -331,23 +331,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_6c9240ce81a74961_EOF'
+ cat << 'GH_AW_PROMPT_40ab435d1282f626_EOF'
- GH_AW_PROMPT_6c9240ce81a74961_EOF
+ GH_AW_PROMPT_40ab435d1282f626_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_6c9240ce81a74961_EOF'
+ cat << 'GH_AW_PROMPT_40ab435d1282f626_EOF'
Tools: create_issue, missing_tool, missing_data, noop
- GH_AW_PROMPT_6c9240ce81a74961_EOF
+ GH_AW_PROMPT_40ab435d1282f626_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_auto_create_issue.md"
- cat << 'GH_AW_PROMPT_6c9240ce81a74961_EOF'
+ cat << 'GH_AW_PROMPT_40ab435d1282f626_EOF'
- GH_AW_PROMPT_6c9240ce81a74961_EOF
+ GH_AW_PROMPT_40ab435d1282f626_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_6c9240ce81a74961_EOF'
+ cat << 'GH_AW_PROMPT_40ab435d1282f626_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -376,13 +376,13 @@ jobs:
{{/if}}
- GH_AW_PROMPT_6c9240ce81a74961_EOF
+ GH_AW_PROMPT_40ab435d1282f626_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_6c9240ce81a74961_EOF'
+ cat << 'GH_AW_PROMPT_40ab435d1282f626_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/smoke-workflow-call-with-inputs.md}}
- GH_AW_PROMPT_6c9240ce81a74961_EOF
+ GH_AW_PROMPT_40ab435d1282f626_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -605,9 +605,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_0320b07af8528b6b_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_86af460004b0a6f0_EOF'
{"create_issue":{"labels":["smoke-workflow-call-with-inputs"],"max":1,"title_prefix":"[smoke-workflow-call-with-inputs]"},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_0320b07af8528b6b_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_86af460004b0a6f0_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -778,7 +778,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -840,7 +840,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1593,7 +1593,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/smoke-workflow-call.lock.yml b/.github/workflows/smoke-workflow-call.lock.yml
index 1a85119bf22..06e12974235 100644
--- a/.github/workflows/smoke-workflow-call.lock.yml
+++ b/.github/workflows/smoke-workflow-call.lock.yml
@@ -334,20 +334,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_dbe3090c0133b3a7_EOF'
+ cat << 'GH_AW_PROMPT_d0ac0e9a864d6436_EOF'
- GH_AW_PROMPT_dbe3090c0133b3a7_EOF
+ GH_AW_PROMPT_d0ac0e9a864d6436_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_dbe3090c0133b3a7_EOF'
+ cat << 'GH_AW_PROMPT_d0ac0e9a864d6436_EOF'
Tools: add_comment, missing_tool, missing_data, noop
- GH_AW_PROMPT_dbe3090c0133b3a7_EOF
+ GH_AW_PROMPT_d0ac0e9a864d6436_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_dbe3090c0133b3a7_EOF'
+ cat << 'GH_AW_PROMPT_d0ac0e9a864d6436_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -376,14 +376,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_dbe3090c0133b3a7_EOF
+ GH_AW_PROMPT_d0ac0e9a864d6436_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_dbe3090c0133b3a7_EOF'
+ cat << 'GH_AW_PROMPT_d0ac0e9a864d6436_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/smoke-workflow-call.md}}
- GH_AW_PROMPT_dbe3090c0133b3a7_EOF
+ GH_AW_PROMPT_d0ac0e9a864d6436_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -605,9 +605,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_ed22ddb806335f16_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_5f0fc79d5296e107_EOF'
{"add_comment":{"hide_older_comments":true,"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_ed22ddb806335f16_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_5f0fc79d5296e107_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -762,7 +762,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -824,7 +824,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1583,7 +1583,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
runs-on: ubuntu-slim
diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml
index 717b7dbe3d9..a5ef597301b 100644
--- a/.github/workflows/test-create-pr-error-handling.lock.yml
+++ b/.github/workflows/test-create-pr-error-handling.lock.yml
@@ -1604,7 +1604,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml
index f6015ec6e12..82d04b39859 100644
--- a/.github/workflows/test-dispatcher.lock.yml
+++ b/.github/workflows/test-dispatcher.lock.yml
@@ -251,20 +251,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_589f0f9945564868_EOF'
+ cat << 'GH_AW_PROMPT_d654c235ffbd4157_EOF'
- GH_AW_PROMPT_589f0f9945564868_EOF
+ GH_AW_PROMPT_d654c235ffbd4157_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_589f0f9945564868_EOF'
+ cat << 'GH_AW_PROMPT_d654c235ffbd4157_EOF'
Tools: dispatch_workflow, missing_tool, missing_data, noop
- GH_AW_PROMPT_589f0f9945564868_EOF
+ GH_AW_PROMPT_d654c235ffbd4157_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_589f0f9945564868_EOF'
+ cat << 'GH_AW_PROMPT_d654c235ffbd4157_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -293,14 +293,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_589f0f9945564868_EOF
+ GH_AW_PROMPT_d654c235ffbd4157_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_589f0f9945564868_EOF'
+ cat << 'GH_AW_PROMPT_d654c235ffbd4157_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/test-dispatcher.md}}
- GH_AW_PROMPT_589f0f9945564868_EOF
+ GH_AW_PROMPT_d654c235ffbd4157_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -515,9 +515,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_03cb91b960b61ec8_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_c3c37646c1200c03_EOF'
{"create_report_incomplete_issue":{},"dispatch_workflow":{"aw_context_workflows":["test-workflow"],"max":1,"workflow_files":{"test-workflow":".lock.yml"},"workflows":["test-workflow"]},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_03cb91b960b61ec8_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_c3c37646c1200c03_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -689,7 +689,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -751,7 +751,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1484,7 +1484,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml
index 7e50f0d94b5..154b9c40ff5 100644
--- a/.github/workflows/test-project-url-default.lock.yml
+++ b/.github/workflows/test-project-url-default.lock.yml
@@ -252,20 +252,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_fea56f61f794ceed_EOF'
+ cat << 'GH_AW_PROMPT_0c2806f05d76db6f_EOF'
- GH_AW_PROMPT_fea56f61f794ceed_EOF
+ GH_AW_PROMPT_0c2806f05d76db6f_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_fea56f61f794ceed_EOF'
+ cat << 'GH_AW_PROMPT_0c2806f05d76db6f_EOF'
Tools: update_project(max:5), create_project_status_update, missing_tool, missing_data, noop
- GH_AW_PROMPT_fea56f61f794ceed_EOF
+ GH_AW_PROMPT_0c2806f05d76db6f_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_fea56f61f794ceed_EOF'
+ cat << 'GH_AW_PROMPT_0c2806f05d76db6f_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -294,14 +294,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_fea56f61f794ceed_EOF
+ GH_AW_PROMPT_0c2806f05d76db6f_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_fea56f61f794ceed_EOF'
+ cat << 'GH_AW_PROMPT_0c2806f05d76db6f_EOF'
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/shared/noop-reminder.md}}
{{#runtime-import .github/workflows/test-project-url-default.md}}
- GH_AW_PROMPT_fea56f61f794ceed_EOF
+ GH_AW_PROMPT_0c2806f05d76db6f_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -515,9 +515,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_fb6b52c0dfe5c9d7_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_382c0b3c61dd55d3_EOF'
{"create_project_status_update":{"max":1,"project":"https://github.com/orgs/\u003cORG\u003e/projects/\u003cNUMBER\u003e"},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"update_project":{"max":5,"project":"https://github.com/orgs/\u003cORG\u003e/projects/\u003cNUMBER\u003e"}}
- GH_AW_SAFE_OUTPUTS_CONFIG_fb6b52c0dfe5c9d7_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_382c0b3c61dd55d3_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -734,7 +734,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_6d044e770f62221a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -796,7 +796,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_6d044e770f62221a_EOF
+ GH_AW_MCP_CONFIG_1fbd4b8aa1d452d2_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1530,7 +1530,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
safe_outputs:
needs:
diff --git a/.github/workflows/test-quality-sentinel.lock.yml b/.github/workflows/test-quality-sentinel.lock.yml
index f53ca5e9d6d..06e337f6128 100644
--- a/.github/workflows/test-quality-sentinel.lock.yml
+++ b/.github/workflows/test-quality-sentinel.lock.yml
@@ -303,20 +303,20 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_89cde7e8e5fa3573_EOF'
+ cat << 'GH_AW_PROMPT_876bf5b2862d7918_EOF'
- GH_AW_PROMPT_89cde7e8e5fa3573_EOF
+ GH_AW_PROMPT_876bf5b2862d7918_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_89cde7e8e5fa3573_EOF'
+ cat << 'GH_AW_PROMPT_876bf5b2862d7918_EOF'
Tools: add_comment, submit_pull_request_review, missing_tool, missing_data, noop
- GH_AW_PROMPT_89cde7e8e5fa3573_EOF
+ GH_AW_PROMPT_876bf5b2862d7918_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_89cde7e8e5fa3573_EOF'
+ cat << 'GH_AW_PROMPT_876bf5b2862d7918_EOF'
The following GitHub context information is available for this workflow:
{{#if github.actor}}
@@ -345,17 +345,17 @@ jobs:
{{/if}}
- GH_AW_PROMPT_89cde7e8e5fa3573_EOF
+ GH_AW_PROMPT_876bf5b2862d7918_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then
cat "${RUNNER_TEMP}/gh-aw/prompts/pr_context_prompt.md"
fi
- cat << 'GH_AW_PROMPT_89cde7e8e5fa3573_EOF'
+ cat << 'GH_AW_PROMPT_876bf5b2862d7918_EOF'
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/otlp.md}}
{{#runtime-import .github/workflows/test-quality-sentinel.md}}
- GH_AW_PROMPT_89cde7e8e5fa3573_EOF
+ GH_AW_PROMPT_876bf5b2862d7918_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -595,9 +595,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_52f396868d116d70_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_a606785ca7ba9ac5_EOF'
{"add_comment":{"hide_older_comments":true,"max":1},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"submit_pull_request_review":{"max":1}}
- GH_AW_SAFE_OUTPUTS_CONFIG_52f396868d116d70_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_a606785ca7ba9ac5_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -776,7 +776,7 @@ jobs:
mkdir -p "$HOME/.copilot"
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_faea8415d1e91499_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -822,7 +822,7 @@ jobs:
}
}
}
- GH_AW_MCP_CONFIG_faea8415d1e91499_EOF
+ GH_AW_MCP_CONFIG_17560cf429a33dd5_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -1620,7 +1620,7 @@ jobs:
DETECTION_AGENTIC_EXECUTION_OUTCOME: ${{ steps.detection_agentic_execution.outcome }}
GH_AW_DETECTION_CONTINUE_ON_ERROR: "true"
run: |
- threat-detect conclude --result-file /tmp/gh-aw/threat-detection/detection_result.json
+ bash "${RUNNER_TEMP}/gh-aw/actions/conclude_threat_detection.sh" /tmp/gh-aw/threat-detection/detection_result.json
pre_activation:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id