fix(tools): add curl and wget as stem commands to fix shell permission denial#24923
Merged
fix(tools): add curl and wget as stem commands to fix shell permission denial#24923
Conversation
…denial The Copilot CLI treats curl and wget as stem commands, meaning shell(curl) only matches a bare "curl" with no arguments. Users writing bash: ["curl"] expect all curl invocations to be allowed, but curl -s ... or curl --max-time 30 ... were being denied with "Permission denied and could not request permission from user". Adding curl and wget to CopilotStemCommands causes them to compile to shell(curl:*) instead of shell(curl), which matches any curl/wget invocation with any arguments or flags. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/42a556e2-9a03-4772-b248-cdbd41c04a4a Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix agent denial of network access via curl to allowed domains
fix(tools): add curl and wget as stem commands to fix shell permission denial
Apr 6, 2026
pelikhan
approved these changes
Apr 6, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates Copilot CLI tool permission compilation so workflows that specify bash: ["curl"] or bash: ["wget"] allow real invocations with arguments (e.g., curl -s ...) by treating curl/wget as stem commands and compiling them to shell(curl:*) / shell(wget:*).
Changes:
- Add
curlandwgetto theCopilotStemCommandslist so they receive the:*wildcard when specified without args. - Update Copilot engine tool-argument tests to reflect the new
curl/wgetwildcard behavior and adjust the non-stem test case accordingly.
Show a summary per file
| File | Description |
|---|---|
pkg/constants/engine_constants.go |
Expands stem-command set to include curl/wget, enabling shell(<cmd>:*) compilation. |
pkg/workflow/copilot_engine_test.go |
Aligns expectations with the new wildcarded permissions for curl/wget. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
shell(curl)in Copilot CLI is an exact match — it only permits a barecurlwith no arguments. Any realcurlinvocation (curl -s ...,curl --max-time 30 ...) was denied with "Permission denied and could not request permission from user" even when the domain was explicitly in--allow-domains.wgethas the same behavior.Changes
pkg/constants/engine_constants.go: AddcurlandwgettoCopilotStemCommandsbash: ["curl"]now compiles to--allow-tool shell(curl:*)instead of--allow-tool shell(curl)wgetpkg/workflow/copilot_engine_test.go: Update expectations forcurl/wget, replacecurlwithlsin the non-stem test caseBefore / After
Workflows already using
"curl*"explicitly (prefix-wildcard form) are unaffected.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ripts/lint_error-unsafeptr=false ripts/lint_error-unreachable=false tions/setup/js/n/tmp/go-build909627768/b188/vet.cfg d/gh�� d/gh-aw/short_description_test.go d/gh-aw/main_entry_test.go d/gh-aw/main.go d/gh-aw/capitali/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet d/gh-aw/format_l-unsafeptr=false d/gh-aw/version_-unreachable=false d/gh-aw/help_fla/tmp/go-build909627768/b366/vet.cfg(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ripts/lint_error-unsafeptr=false ripts/lint_error-unreachable=false tions/setup/js/n/tmp/go-build909627768/b239/vet.cfg d/gh�� d/gh-aw/short_description_test.g/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/agent-persona-exgit d/gh-aw/main_entry_test.go d/gh-aw/main.go d/gh-aw/capitali/usr/lib/systemd/systemd-executor d/gh-aw/format_l--deserialize d/gh-aw/version_70 d/gh-aw/help_fla--log-level(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name h ../../../.prettierignore 627768/b068/vet.cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel /opt/hostedtoolc-dwarf=false /usr/bin/git ithub/workflows /tmp/go-build909rev-parse de_modules/.bin/--show-toplevel git rev-�� --show-toplevel git /opt/hostedtoolcache/node/24.14.1/x64/bin/node */*.ts' '**/*.jsgit description_enharev-parse de/node/bin/sh /opt/hostedtoolcache/node/24.14.1/x64/bin/node(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ErrorFormatting2625073234/001 -trimpath 4341852/b430/vet.cfg -p main -lang=go1.25 git init�� 3Dmt7a3Xlpb5U1z-RIHD/3Dmt7a3Xlpb5U1z-RIHD s/test.md /opt/hostedtoolcache/node/24.14.1/x64/bin/node go1.25.8 -c=4 -nolocalimports node(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha g_.a config k/_temp/ghcca-node/node/bin/sh remote.origin.urgh tants x_amd64/vet Lh/KVdc6Eu-CQtSe12345 -C 5889/001/stabilitest-logs/run-12345 config k/node_modules/.bin/node remote.origin.urgit credential.usernrev-parse $name) { has--show-toplevel ortcfg(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git k/gh-aw/gh-aw/.ggit config(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 4341852/b424/_pkgit **/*.ts 4341852/b424=> git rev-�� --show-toplevel 4341852/b454/importcfg /usr/bin/infocmp licyMinIntegritygit --write /opt/hostedtoolc--show-toplevel infocmp(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -b feature-branch /usr/bin/git th .prettierignogit -buildtags odules/npm/node_--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcremote.origin.url /usr/bin/git ithub/workflows -buildtags x_amd64/vet git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --oneline epo}/actions/runs/1/artifacts /usr/bin/git e :latest /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x-buildtags /usr/bin/git ithub/workflows -buildtags /home/REDACTED/.co--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git ithub/workflows x_amd64/vet e/git git rev-�� --show-toplevel e/git /usr/bin/git athSetup_GorootOgit **/*.cjs /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha flow.test /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/task_and_reaction_permissions_test.go/tmp/go-build2904341852/b402/importcfg rtcfg.link(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha w/js/**/*.json' --ignore-path 627768/b207/vet.../../../.prettierignore ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha w/js/**/*.json' --ignore-path 627768/b225/vet.../../../.prettierignore repository(owner: $owner, name:-f(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha user.name resolved$ /usr/bin/git th .prettierignogit -buildtags node git init�� -nilfunc UpQRbjo/bPQIwKXGo3KgZaglTou9 /usr/bin/git ithub/workflows -buildtags x_amd64/compile git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-current /opt/hostedtoolc-extld=gcc /usr/bin/git th .prettierignogit -buildtags _modules/.bin/no--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolc--json /usr/bin/git -bool erena-mcp-serverrev-parse x_amd64/link git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 999 64/pkg/tool/linux_amd64/vet .cfg ignore-path ../.git om/stretchr/testrev-parse r: $owner, name:--show-toplevel /bin/sh t-61�� sistency_GoAndJavaScript1263084887/001/test-frontmatter-with-arrays.md git-receive-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmain_branch1675927833/001' 1/x64/bin/node se 627768/b009/vet.rev-parse cfg 1/x64/bin/node(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha(http block)https://api.github.com/repos/github/gh-aw/usr/bin/gh gh api /repos/github/gh-aw --jq .visibility k/gh-aw/gh-aw/cmd/gh-aw/short_description_test.go k/gh-aw/gh-aw/cmd/gh-aw/main_entry_test.go x_amd64/vet k/gh-aw/gh-aw/cmgit k/gh-aw/gh-aw/cm-C k/gh-aw/gh-aw/cm/home/REDACTED/work/gh-aw/gh-aw/.github/workflows x_amd64/vet k/gh�� k/gh-aw/gh-aw/cmd/gh-aw-wasm/main.go k/gh-aw/gh-aw/pkg/agentdrain/types.go r: $owner, name: $name) { hasDiscussionsEnabled } }(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha run --auto /usr/bin/git --detach -buildtags ode_modules/.bin--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git ithub/workflows -buildtags x_amd64/vet git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha k/gh-aw/gh-aw -trimpath /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -p github.com/githurev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build2904341852/b424/_pkg_.a -trimpath /usr/bin/git -p github.com/githurev-parse -lang=go1.25 git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha k/gh-aw/gh-aw/.github/workflows 64/pkg/tool/linu-f ache/node/24.14.1/x64/bin/node ignore-path ../.git /home/REDACTED/worrev-parse cfg /bin/sh t-14�� sistency_GoAndJavaScript1263084887/001/test-inlined-imports-enabled-with-body-content.md git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmaster_branch2357034443/001' /usr/bin/git se 7b50e0bcbc4f8ddcrev-parse repository(owne--show-toplevel git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name erena-mcp-server:latest /usr/bin/git l ternal/tools/genrev-parse ternal/tools/act--show-toplevel git tion�� thub/workflows rev-parse stants.test ignore d/gh-aw/main_entrev-parse 64/bin/bash stants.test(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 config /usr/bin/git l ternal/tools/genrev-parse ternal/tools/act--show-toplevel git -C 3548366792 config ache/go/1.25.8/x64/bin/node remote.origin.urgit ripts/bundle-wasrev-parse de/node/bin/bash--git-dir infocmp(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name config /usr/bin/docker remote.origin.urgit(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 -f bin/node l owner=github DiscussionsEnabl--git-dir /usr/bin/gh tion�� tants.go ne_constants.go 64/pkg/tool/linux_amd64/link ignore owner=github -f 64/pkg/tool/linux_amd64/link(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name -f /usr/bin/gh l owner=github -f /usr/bin/gh api *.json' '!../../../pkg/workflow/js/**/*.json' ---p -f 64/pkg/tool/linux_amd64/vet l owner=github -f 64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name rev-parse 1/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node l ternal/tools/genrev-parse DiscussionsEnabl--show-toplevel git tion�� thub/workflows config util.test ignore d/gh-aw/main_entrev-parse $name) { has--show-toplevel util.test(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 -f er: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabluser.name -f owner=github -f git -C 3548366792 erena-mcp-server:latest ache/uv/0.11.3/x86_64/node ripts/apply-astrnode ace-editor.md agent-performanc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/archie.md git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name rev-parse bin/node l ternal/tools/genconfig ternal/tools/actuser.email git tion�� k/gh-aw/gh-aw/.github/workflows config 64/pkg/tool/linux_amd64/vet ignore d/gh-aw/main_entinit $name) { hasDiscussionsEnabluser.email 64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 config /usr/bin/infocmp l ternal/tools/genrev-parse(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name config ode remote.origin.urgit ternal/tools/genrev-parse ternal/tools/act--git-dir /usr/bin/gh tion�� graphql -f .test ignore owner=github -f .test(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 rev-parse /usr/bin/gh(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name -f(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path h ../../../.pret.prettierignore 627768/b111/vet.--log-level=error cfg(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel infocmp /usr/bin/git edOutput26753704git git 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a -f x_amd64/compile git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha edOutput2502305920/001 config 64/pkg/tool/linux_amd64/vet remote.origin.urgit --global /usr/local/.ghcuuser.name 64/pkg/tool/linuTest User api graphql -f cal/bin/node -f owner=github -f /usr/bin/gh(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows conntrack 627768/b159/vet.-nilfunc INVALID,NEW -j DROP /opt/hostedtoolc-tests -ato�� ithub/workflows -buildtags(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha git status --por-errorsas s.sh ode_modules/.bin-nilfunc(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha ithub/workflows origin ode_modules/.bin-buildmode=exe st.go alidation.go st.go /opt/hostedtoolc--jq -uns�� on' --ignore-path ../../../.prettierignore /tmp/go-build909627768/b059/vet.cfg(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha ithub/workflows origin /opt/hostedtoolc-test.short=true st.go alidation.go st.go /opt/hostedtoolc-buildtags -uns�� on' --ignore-pat-errorsas /tmp/go-build909-ifaceassert 627768/b353/vet.-nilfunc(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --porcelain --ignore-submodu-w me: String!) { -buildmode=exe st.go alidation.go st.go ache/go/1.25.8/x--format=%(objectname) -uns�� on' --ignore-path ../../../.prettierignore /tmp/go-build909627768/b004/vet.cfg 627768/b348/vet.cfg(http block)https://api.github.com/repos/githubnext/agentics/git/ref/tags/-/usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha d/gh-aw-wasm/mai-errorsas ace-editor.md $name) { hasDiscussionsEnabled } } agent-persona-exgit agentic-observab-C ai-moderator.md x_amd64/vet arti�� audit-workflows.md auto-triage-issues.md x_amd64/vet bot-detection.mdgit brave.md breaking-change-/home/REDACTED/work/gh-aw/gh-aw/.github/workflows x_amd64/vet(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha *.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git 64/pkg/tool/linux_amd64/compile get --global 1/x64/bin/bash 64/pkg/tool/linux_amd64/compile -C g_.a rev-parse ache/go/1.25.8/x64/bin/node get --local x_amd64/vet git(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo -importcfg /tmp/go-build2904341852/b413/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/gitutil/gitutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/gitutil/gitutil_test.go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo cfg(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build2904341852/b396/cli.test /tmp/go-build2904341852/b396/cli.test -test.testlogfile=/tmp/go-build2904341852/b396/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name h ../../../.prettierignore 627768/b059/vet.cfg cfg(http block)If you need me to access, download, or install something from one of these locations, you can either: