Conversation
…list (#23852) Agent-Logs-Url: https://github.com/github/gh-aw/sessions/167d8675-6164-429c-961a-5edbb229e8cd Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the “Daily MCP Tool Concurrency Analysis” workflow to allow additional shell commands needed by the agent (JSON parsing and git-history inspection) and regenerates the compiled/locked workflow.
Changes:
- Add
jq -r '.[].name' ...to the bash allowlist for extracting tool names fromsafe_outputs_tools.json. - Add
git logcommands to the bash allowlist to support “recently modified tools” prioritization. - Recompile/regenerate
.github/workflows/daily-mcp-concurrency-analysis.lock.ymlto reflect the updated allowlist.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/daily-mcp-concurrency-analysis.md |
Expands the allowed bash commands (jq + git log) used by the concurrency analysis agent. |
.github/workflows/daily-mcp-concurrency-analysis.lock.yml |
Regenerated lock/compiled workflow reflecting the updated allowlist and prompt hashes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| edit: | ||
| bash: | ||
| - "cat pkg/workflow/js/safe_outputs_tools.json" | ||
| - "jq -r '.[].name' pkg/workflow/js/safe_outputs_tools.json" |
There was a problem hiding this comment.
The workflow instructions later recommend running cat pkg/workflow/js/safe_outputs_tools.json | jq -r '.[].name' | sort, but the bash allowlist here only permits cat ..., jq -r '.[].name' pkg/..., and sort as separate commands (a piped command likely won’t match the allowlist). Consider updating the instructions to use the allowlisted standalone jq ... file | sort (or explicitly allow the piped form) so the agent doesn’t get blocked following the documented steps.
| - "jq -r '.[].name' pkg/workflow/js/safe_outputs_tools.json" | |
| - "jq -r '.[].name' pkg/workflow/js/safe_outputs_tools.json" | |
| - "cat pkg/workflow/js/safe_outputs_tools.json | jq -r '.[].name' | sort" |
| - "git log -1 --format='%ai' -- actions/setup/js/*.cjs" | ||
| - "git log -3 --format='%ai %s' -- actions/setup/js/*.cjs" |
There was a problem hiding this comment.
The allowlisted git log commands use single quotes and a glob (actions/setup/js/*.cjs), but the instructions later in this workflow show per-tool invocations like git log -1 --format="%ai" -- actions/setup/js/<tool_name>.cjs. If the agent follows the documented command shape (double quotes / specific file), it may still be denied by the sandbox allowlist. Align the documented command(s) with the allowlist, or broaden the allowlist to cover the per-file form that Step 3 describes.
| - "git log -1 --format='%ai' -- actions/setup/js/*.cjs" | |
| - "git log -3 --format='%ai %s' -- actions/setup/js/*.cjs" | |
| - "git log -1 --format=\"%ai\" -- actions/setup/js/<tool_name>.cjs" | |
| - "git log -3 --format=\"%ai %s\" -- actions/setup/js/<tool_name>.cjs" |
| - "grep -r 'module.exports' actions/setup/js --include='*.cjs'" | ||
| - "head -n * actions/setup/js/*.cjs" | ||
| - "git log -1 --format='%ai' -- actions/setup/js/*.cjs" | ||
| - "git log -3 --format='%ai %s' -- actions/setup/js/*.cjs" |
There was a problem hiding this comment.
git log -3 --format='%ai %s' ... exposes commit subjects to the agent prompt. If commit messages can contain sensitive/internal info, consider limiting this to timestamps only (e.g., omit %s) unless the subject is strictly needed for the selection logic.
| - "git log -3 --format='%ai %s' -- actions/setup/js/*.cjs" | |
| - "git log -3 --format='%ai' -- actions/setup/js/*.cjs" |
jq -r '.[].name' pkg/workflow/js/safe_outputs_tools.jsonto bash allowlistgit log -1 --format='%ai' -- actions/setup/js/*.cjsto bash allowlistgit log -3 --format='%ai %s' -- actions/setup/js/*.cjsto bash allowlist.lock.yml