You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Eight or more workflows that perform git history and code change analysis independently define nearly-identical bash tool allowlists containing git log, git diff, git show, and common filesystem navigation commands (find, grep, cat, wc, etc.). Extracting these into a shared component would eliminate ~10-15 lines of repetition per workflow and ensure consistent permissions across all code-analysis agents.
daily-compiler-quality.md (lines ~18-23): specific git commands with wildcards
copilot-cli-deep-research.md: git commands with wildcards
daily-mcp-concurrency-analysis.md: git commands with wildcards
mergefest.md: git analysis commands
Proposed Shared Component
File: .github/workflows/shared/git-bash-tools.md
Configuration:
---
# Git and filesystem navigation tools for code analysis workflows.# Provides bash allowlist for git history access and standard file navigation.tools:
bash:
- "git log:*"
- "git diff:*"
- "git show:*"
- "find:*"
- "grep:*"
- "cat:*"
- "wc:*"
- "head:*"
- "awk:*"
- "sed:*"
- "sort:*"
- "echo:*"
- "ls:*"
---
## Git Navigation ToolsStandard bash tools for analyzing git history and repository source code are available.### Available Commands
- `git log:*`— browse commit history with any flags
- `git diff:*`— compare commits, branches, or files
- `git show:*`— inspect commit details and file contents at a point in time
- `find:*`, `grep:*`, `cat:*`, `head:*` — filesystem navigation and content search
- `wc:*`, `awk:*`, `sed:*`, `sort:*` — text processing and statistics
Usage Example:
# In a workflowimports:
- shared/git-bash-tools.md
Impact
Workflows affected: 8+ workflows
Lines saved: ~10-15 per workflow, ~80-120 total
Maintenance benefit: A single place to audit what git operations are allowed across all code-analysis agents. When adding a new navigation command (e.g. git blame:*), one change propagates everywhere.
Implementation Plan
Create .github/workflows/shared/git-bash-tools.md with the configuration above
Skill Overview
Eight or more workflows that perform git history and code change analysis independently define nearly-identical bash tool allowlists containing
git log,git diff,git show, and common filesystem navigation commands (find,grep,cat,wc, etc.). Extracting these into a shared component would eliminate ~10-15 lines of repetition per workflow and ensure consistent permissions across all code-analysis agents.Current Usage
This pattern appears in the following workflows:
architecture-guardian.md(lines ~21-33): fullgit log:*,git diff:*,git show:*,find:*,wc:*,grep:*,cat:*,head:*,awk:*,sed:*,sort:*breaking-change-checker.md(lines ~21-27):git diff:*,git log:*,git show:*,cat:*,grep:*test-quality-sentinel.md(lines ~23-33):git diff:*,git show:*,git log:*,grep:*,find:*,cat:*,wc:*,awk:*,sed:*design-decision-gate.md(lines ~17-26):git diff:*,git log:*,git show:*,cat:*,grep:*,ls:*,wc:*,find:*daily-compiler-quality.md(lines ~18-23): specific git commands with wildcardscopilot-cli-deep-research.md: git commands with wildcardsdaily-mcp-concurrency-analysis.md: git commands with wildcardsmergefest.md: git analysis commandsProposed Shared Component
File:
.github/workflows/shared/git-bash-tools.mdConfiguration:
Usage Example:
Impact
git blame:*), one change propagates everywhere.Implementation Plan
.github/workflows/shared/git-bash-tools.mdwith the configuration abovearchitecture-guardian.md— replace inline bash allowlist withimports: - shared/git-bash-tools.mdbreaking-change-checker.mdsimilarlytest-quality-sentinel.mdsimilarlydesign-decision-gate.mdsimilarlydaily-compiler-quality.mdsimilarlymake recompileand verify all lock files regenerate cleanlyRelated Analysis
This recommendation comes from the Workflow Skill Extractor analysis run on 2026-04-09.