Skip to content

Fix schema/code inconsistencies: remove engine.firewall dead code, error_patterns, and cleanup-script#23423

Merged
pelikhan merged 2 commits intomainfrom
copilot/fix-schema-code-inconsistencies
Mar 29, 2026
Merged

Fix schema/code inconsistencies: remove engine.firewall dead code, error_patterns, and cleanup-script#23423
pelikhan merged 2 commits intomainfrom
copilot/fix-schema-code-inconsistencies

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 29, 2026
edited
Loading

Three schema/code inconsistencies where fields were defined in schema or extraction code but never consumed in the compilation pipeline — causing silent no-ops or misleading schema validation errors for users.

Changes

Finding 1 (HIGH): engine.firewall — dead extraction code

  • pkg/workflow/engine.go: Removed Firewall *FirewallConfig from EngineConfig and the entire extraction block in ExtractEngineConfig(). The field was written but never read; additionally, firewall is not a valid property in any engine_config.oneOf schema variant (additionalProperties: false), so users hit a schema error before the dead code was reached.

Finding 2 (HIGH): error_patterns — removed from runtime, still in schema

  • pkg/parser/schemas/main_workflow_schema.json: Removed error_patterns from engine_config.oneOf[1].properties.
  • pkg/cli/workflows/example-custom-error-patterns.md: Deleted — the feature has been removed from the runtime (see comments in audit_report.go and logs_report.go).

Finding 3 (MEDIUM): network.firewall.cleanup-script — in schema, never extracted

  • pkg/parser/schemas/main_workflow_schema.json: Removed cleanup-script from the network.firewall object variant.
  • pkg/workflow/firewall.go: Removed CleanupScript string from FirewallConfig — it was only ever written via the now-removed engine.firewall path.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ,short (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ase,codename,allapi (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go k/gh�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go (http block)
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel nly /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel 9100/b441/importrev-parse /usr/bin/git che/go-build/db/git GOPROXY 64/bin/go git rev-�� --show-toplevel u1NbgiD/uvljh3C4Test User /usr/bin/git GOMODCACHE go 64/bin/go /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/uname --show-toplevel 64/pkg/tool/linurev-parse -d uname (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json l /usr/bin/git GOINSECURE GOMOD GOMODCACHE git -C /tmp/gh-aw-add-gitattributes-test2777034965/.github/workflows rev-parse /usr/bin/infocmp GOSUMDB GOWORK 64/bin/go infocmp (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ..feature-branch --stdout /usr/bin/git --git-dir go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 1189599438 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -v go /usr/bin/git lex-frontmatter-git GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git _.a GO111MODULE bin/bash git rev-�� --show-toplevel rtcfg 0/x64/bin/node oPmeCQ1s0 g/repoutil/repourev-parse x_amd64/link git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/TestHashStability_SameInputSameOutput2680047252/001/stabiliOUTPUT go /usr/bin/git -json GO111MODULE 64/bin/go git -C /tmp/gh-aw-test-runs/20260329-105541-46199/test-535453315 rev-parse /usr/bin/git @{u} **/*.cjs 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel resolved$ /usr/bin/git -json GO111MODULE 64/bin/go git remo�� add origin /usr/bin/git prettier --check 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git agentic-observabgit GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ck '**/*.cjs' '*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGOPROXY (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha d57b711a832dfe81GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE lPIPkS6j74YO env 9100/b422/_pkg_.GOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/pars-o GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha g/parser/import_GOINSECURE g/parser/import_GOMOD 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 9100/b424/_pkg_.GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha uts.branch go /usr/bin/git -json GO111MODULE 64/bin/go git init�� GOMODCACHE node /usr/bin/git prettier --check 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel x_amd64/link /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel Fj/loOf-cgjR6MKzrev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/TestCompileErrorFormatting2316819958/001 rev-parse /usr/bin/git with-tools.md GO111MODULE 64/bin/go git chec�� .github/workflows/test.md node /usr/bin/git prettier --check 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel x_amd64/compile /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git pload-artifact/ggit DHeI_5_0K14mZBUjrev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha KalLpCxFj GO111MODULE 646082/b070/_pkg_.a l GOMOD GOMODCACHE go rtcf�� -json tmain.go ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 9100/b394/importrev-parse /usr/bin/git git add initial.txt git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/infocmp--show-toplevel git (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/blog-auditor.md go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� nt/action/git/ref/tags/v999.999.999 siWHJxF12LLI /usr/bin/git npx prettier --cgit GOPROXY 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha runs/20260329-105541-46199/test-0 GO111MODULE 646082/b383/vet.cfg GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/node/24.14.0/x64/bin/node GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linusecurity (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel node /usr/bin/git git merg�� --is-ancestor 78132d2ec3be46c05e1c1a869c823dfc1f65420e /usr/bin/git --show-toplevel go /opt/hostedtoolc--show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha runs/20260329-105541-46199/test-ACCEPT GO111MODULE 646082/b369/vet.cfg l GOMOD GOMODCACHE go env -json GO111MODULE 0/x64/bin/node GOINSECURE GOMOD GOMODCACHE 0/x64/bin/node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git /usr/bin/mkdir e --slice=azure-git node /opt/hostedtoolc--show-toplevel mkdir -p /tmp/gh-aw node /usr/bin/git /home/REDACTED/worgit go /usr/bin/gh git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 git /usr/bin/git --show-toplevel git /home/REDACTED/go//tmp/gh-aw-test-runs/20260329-105815-57033/test-3591517480 git rev-�� --show-toplevel bash 0/x64/bin/node --noprofile git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 git /usr/bin/git --show-toplevel git /usr/bin/sed git rev-�� --show-toplevel sed 0/x64/bin/node 64/pkg/tool/linugit git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 540f5c9d5a0183c72ff78e6997a0dfc23cacf214 /usr/bin/git --show-toplevel git /usr/bin/readlin/tmp/gh-aw-test-runs/20260329-105815-57033/test-3591517480 git rev-�� --show-toplevel readlink 0/x64/bin/node /var/lib/waagentgit git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 git /usr/bin/git --show-toplevel git /opt/hostedtoolc/tmp/gh-aw-test-runs/20260329-105815-57033/test-3591517480 git rev-�� --show-toplevel bash 0/x64/bin/node --noprofile git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 git /usr/bin/git --show-toplevel git /opt/hostedtoolcHEAD git rev-�� --show-toplevel bash 0/x64/bin/node --noprofile git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ef/N6GE9dzJuLpfUe9tz4e_/ThKvzodBlPIPkS6j74YO (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 --stdout /usr/bin/git --show-toplevel git /home/REDACTED/wor.github/workflows/test.md git rev-�� ository }} bash 0/x64/bin/node --noprofile git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 git /usr/bin/git --show-toplevel git /snap/bin/bash git rev-�� --show-toplevel bash 0/x64/bin/node --noprofile git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go k/gh�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git y_with_repos_arrsed GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.0/xs/-\{2,\}/-/g /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env mpiledOutput1813175043/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel go /usr/bin/git runs/20260329-10git GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git /usr/bin/infocmp --show-toplevel git /usr/bin/git infocmp -1 y-frontmatter.md git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha 9100/b374/_pkg_.GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env Cb-0/43VQF9nXv41-test.timeout=10m0s GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 9100/b374/importcfg (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� lex-frontmatter-with-tools.md git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha d -n 10 (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel go /usr/bin/git ithub-script/gitgit GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE _4/Ri_wf6ull7lkVtest@example.com env 196058876/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --show-toplevel git /usr/bin/git git ance�� --show-toplevel git 0/x64/bin/node --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go k/gh�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go ache�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build545646082/b403/cli.test /tmp/go-build545646082/b403/cli.test -test.testlogfile=/tmp/go-build545646082/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE cfg env 12f9de6d07e84c14GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE (http block)
    • Triggering command: /tmp/go-build769078580/b001/cli.test /tmp/go-build769078580/b001/cli.test -test.testlogfile=/tmp/go-build769078580/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s ache�� --show-toplevel nly /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go k/gh�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name nly 64/pkg/tool/linux_amd64/asm /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI linked an issue Mar 29, 2026 that may be closed by this pull request
[plan] Fix schema/code inconsistencies: engine.firewall dead code, error_patterns removal, and network.firewall.cleanup-script #23421
Closed
9 tasks
@pelikhan
fix: remove engine.firewall dead code, error_patterns, and cleanup-sc…
5da3af6 
…ript schema inconsistencies

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/a89b655c-e3dc-4edc-bd00-145baf67eb61

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix schema/code inconsistencies: engine.firewall dead code Fix schema/code inconsistencies: remove engine.firewall dead code, error_patterns, and cleanup-script Mar 29, 2026
Copilot AI requested a review from pelikhan March 29, 2026 11:03
@pelikhan pelikhan marked this pull request as ready for review March 29, 2026 11:10
Copilot AI review requested due to automatic review settings March 29, 2026 11:10
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes several schema/code mismatches by deleting unused/dead configuration fields that were either never consumed at runtime or rejected by schema validation.

Changes:

  • Remove dead engine.firewall extraction and the EngineConfig.Firewall field.
  • Remove error_patterns from the workflow schema and delete the corresponding example workflow doc.
  • Remove network.firewall.cleanup-script from the schema and drop CleanupScript from FirewallConfig.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
pkg/workflow/firewall.go Drops CleanupScript from FirewallConfig to match removed schema field.
pkg/workflow/engine.go Removes dead engine.firewall field/extraction from engine config parsing.
pkg/parser/schemas/main_workflow_schema.json Removes cleanup-script and error_patterns from the schema.
pkg/cli/workflows/example-custom-error-patterns.md Deletes documentation for the removed error_patterns feature.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pkg/workflow/firewall.go
Comment on lines +16 to +21
Enabled bool `yaml:"enabled,omitempty"` // Enable/disable AWF (default: true for copilot when network restrictions present)
Version string `yaml:"version,omitempty"` // AWF version (empty = latest)
Args []string `yaml:"args,omitempty"` // Additional arguments to pass to AWF
LogLevel string `yaml:"log_level,omitempty"` // AWF log level (default: "info")
SSLBump bool `yaml:"ssl_bump,omitempty"` // AWF-only: Enable SSL Bump for HTTPS content inspection (allows URL path filtering)
AllowURLs []string `yaml:"allow_urls,omitempty"` // AWF-only: URL patterns to allow for HTTPS (requires SSLBump), e.g., "https://github.com/githubnext/*"
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The FirewallConfig struct tags use snake_case keys (log_level, ssl_bump, allow_urls) and also include an enabled field, but the schema and extraction logic use kebab-case (log-level, ssl-bump, allow-urls) and the firewall object variant in main_workflow_schema.json does not allow enabled as a property (see schema around pkg/parser/schemas/main_workflow_schema.json:3011-3047). If this struct is ever marshaled back to YAML/JSON (e.g., via FrontmatterConfig.ToMap), it can generate config that fails schema validation and/or drop fields when parsing via JSON unmarshalling. Consider aligning the serialized field names with the schema (kebab-case) and ensuring enabled is represented via the non-object firewall variants (boolean/null/string) rather than emitted inside the object.

Suggested change
Enabled bool `yaml:"enabled,omitempty"` // Enable/disable AWF (default: true for copilot when network restrictions present)
Version string `yaml:"version,omitempty"` // AWF version (empty = latest)
Args []string `yaml:"args,omitempty"` // Additional arguments to pass to AWF
LogLevel string `yaml:"log_level,omitempty"` // AWF log level (default: "info")
SSLBump bool `yaml:"ssl_bump,omitempty"` // AWF-only: Enable SSL Bump for HTTPS content inspection (allows URL path filtering)
AllowURLs []string `yaml:"allow_urls,omitempty"` // AWF-only: URL patterns to allow for HTTPS (requires SSLBump), e.g., "https://github.com/githubnext/*"
Enabled bool `yaml:"-"` // Enable/disable AWF (default: true for copilot when network restrictions present)
Version string `yaml:"version,omitempty"` // AWF version (empty = latest)
Args []string `yaml:"args,omitempty"` // Additional arguments to pass to AWF
LogLevel string `yaml:"log-level,omitempty"` // AWF log level (default: "info")
SSLBump bool `yaml:"ssl-bump,omitempty"` // AWF-only: Enable SSL Bump for HTTPS content inspection (allows URL path filtering)
AllowURLs []string `yaml:"allow-urls,omitempty"` // AWF-only: URL patterns to allow for HTTPS (requires SSLBump), e.g., "https://github.com/githubnext/*"

Copilot uses AI. Check for mistakes.
@pelikhan pelikhan merged commit 0703ca5 into main Mar 29, 2026
173 of 175 checks passed
@pelikhan pelikhan deleted the copilot/fix-schema-code-inconsistencies branch March 29, 2026 11:17
@github-actions github-actions bot mentioned this pull request Mar 29, 2026
Closed
github-actions bot added a commit that referenced this pull request Mar 29, 2026
@github-actions @claude
docs: update for difc-proxy flag, cache integrity, and removed fields
260086e 
- Add `features.difc-proxy` feature flag docs in frontmatter reference
- Update cache-memory reference with integrity-aware caching and git-backed
  integrity branching merge semantics (from PR #23425)
- Remove `error_patterns` engine field from frontmatter-full.md (removed from
  schema in PR #23423)
- Remove `cleanup-script` from network.firewall in autocomplete-data.json
  (removed from schema in PR #23423)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot mentioned this pull request Mar 29, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[plan] Fix schema/code inconsistencies: engine.firewall dead code, error_patterns removal, and network.firewall.cleanup-script

3 participants

@pelikhan