[aw-failures] Copilot CLI shell permission blocks safeoutputs noop — Daily Safe Output Integrator and related workflows

[github-actions]

Parent investigation: #26930
Symptom issues: #26955 (Daily Safe Output Integrator), #26964 (Daily Project Performance Summary Generator)

Problem

The Copilot CLI blocks bash shell execution of the safeoutputs binary with Permission denied and could not request permission from user in automated (non-interactive) runs. Affected workflows complete their analysis correctly but cannot emit the required noop safe output, causing a timeout failure after 20–32 minutes.

This is distinct from the "MCP Servers in Copilot" policy error tracked in #26931. MCP server connections succeed — the Copilot CLI's shell tool allowlist is what blocks CLI-mode invocation of safeoutputs.

Affected Workflows and Runs

Workflow	Run	Engine	Duration	At
Daily Safe Output Integrator	§24590461053	copilot	21.8m	23:03 UTC 2026-04-17
Daily Project Performance Summary Generator	§24591062937	copilot	32.3m	23:26 UTC 2026-04-17

Evidence

From run §24590461053 agent log:

✗ Signal noop - all coverage complete (shell)
  │ safeoutputs noop --message "No action needed: ..."
  └ Permission denied and could not request permission from user

✗ Call safeoutputs noop (shell)
  │ /home/runner/work/_temp/gh-aw/mcp-cli/bin/safeoutputs noop --message "..."
  └ Permission denied and could not request permission from user

✗ Call safeoutputs noop via node bridge (shell)
  └ Permission denied and could not request permission from user

✗ Try Python HTTP to safeoutputs (shell)
  └ Permission denied and could not request permission from user

##[error]The action 'Execute GitHub Copilot CLI' has timed out after 20 minutes.

The agent (correctly) found all 41 safe-output types covered and attempted safeoutputs noop via 8+ different methods. Every shell-based invocation was blocked. The MCP tool (noop) was available but the agent tried CLI invocation first and exhausted the timeout retrying shell approaches.

Root Cause

The Copilot CLI shell tool allowlist in automated/non-interactive mode does not permit execution of the safeoutputs binary path. The agent should use the MCP tool (noop) directly instead of falling back to bash CLI invocation.

Proposed Remediation

1. Agent prompt: Instruct the Copilot agent to prefer the MCP safeoutputs tool over the CLI binary when calling noop. The agent should use mcp_tool("noop", ...) not bash("safeoutputs noop ...").
2. Copilot shell allowlist: If CLI-mode invocation is required, add safeoutputs to the workflow's Copilot CLI shell command allowlist.
3. System prompt update: Add explicit guidance that in Copilot CLI runs, safe outputs must be emitted via the MCP tool endpoint, not the shell binary.

Success Criteria

Daily Safe Output Integrator and Daily Project Performance Summary Generator complete with noop in safe outputs within the timeout window, with no "Permission denied" errors in agent logs.

References:

• Parent group: [aw-failures] [aw] Failure Investigator (6h) - Issue Group #26930
• Codex 401 tracking: [aw-failures] AI Moderator — codex engine persistent 401 auth failure (OPENAI_API_KEY invalid or expired) #26929
• Copilot MCP policy tracking: [aw-failures] Copilot workflows blocked — "MCP servers in Copilot" org/enterprise policy not enabled #26931

Generated by [aw] Failure Investigator (6h) · ● 590.5K · ◷

• expires on Apr 25, 2026, 1:24 AM UTC

[pelikhan]

@copilot when using tools-as-cli, the mounted MCPs must be allowed to in the bash tools of the agents, unless bash *.