Error on unknown single-word ecosystem identifiers in network.allowed#27475
Error on unknown single-word ecosystem identifiers in network.allowed#27475
Conversation
Fixes the issue where misspelled ecosystem identifiers (e.g., 'rustxxxx', 'defaults2') were silently accepted in network.allowed. Now any single-word identifier that doesn't match a known ecosystem name produces a clear validation error with a list of valid ecosystem identifiers. - Modified validateNetworkAllowedDomains() to check unknown ecosystem-like identifiers via getEcosystemDomains() and return a ValidationError - Added comprehensive tests covering known valid identifiers, unknown identifiers that should fail, valid domain names, and mixed lists Agent-Logs-Url: https://github.com/github/gh-aw/sessions/5e7d08f0-85c6-42b9-be70-0a8bfb06f5ed Co-authored-by: dsyme <7204669+dsyme@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/5e7d08f0-85c6-42b9-be70-0a8bfb06f5ed Co-authored-by: dsyme <7204669+dsyme@users.noreply.github.com>
…uction code Agent-Logs-Url: https://github.com/github/gh-aw/sessions/5e7d08f0-85c6-42b9-be70-0a8bfb06f5ed Co-authored-by: dsyme <7204669+dsyme@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/5e7d08f0-85c6-42b9-be70-0a8bfb06f5ed Co-authored-by: dsyme <7204669+dsyme@users.noreply.github.com>
🧪 Test Quality Sentinel ReportTest Quality Score: 93/100✅ Excellent test quality
Test Classification Details
Language SupportTests analyzed:
Verdict
📖 Understanding Test ClassificationsDesign Tests (High Value) verify what the system does:
Implementation Tests (Low Value) verify how the system does it:
Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators. References: §24701807401
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Tightens network.allowed validation so misspelled/unknown ecosystem-like single-word entries no longer silently pass as literal domains, preventing accidental misconfiguration.
Changes:
- Add compile-time validation for single-word ecosystem-identifier-shaped entries in
network.allowed, erroring on unknown identifiers. - Introduce
getValidEcosystemIdentifiers()helper to derive the valid identifier list from embedded ecosystem data + compound ecosystems. - Add tests ensuring all known identifiers pass, unknown single-word identifiers fail, and dotted domains remain valid.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/network_firewall_validation.go | Adds unknown-ecosystem identifier detection, error messaging, and helper to enumerate valid identifiers. |
| pkg/workflow/network_firewall_validation_test.go | Adds unit tests for valid/invalid ecosystem identifiers and ensures dotted domains are unaffected. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comments suppressed due to low confidence (2)
pkg/workflow/network_firewall_validation.go:89
- The error message builds the full list of valid ecosystem identifiers via
getValidEcosystemIdentifiers()for every unknown entry. In collect-all mode with multiple invalid items this repeats allocations/sorting. Consider computing the valid identifier list once before the loop (or memoizing it) and reusing it when formatting these errors.
networkFirewallValidationLog.Printf("Validation error: unknown ecosystem identifier: %s", domain)
wrappedErr := fmt.Errorf("network.allowed[%d]: %w", i, NewValidationError(
"network.allowed",
domain,
fmt.Sprintf("'%s' is not a valid ecosystem identifier", domain),
"Use a valid ecosystem identifier or a domain name containing a dot (e.g., 'example.com').\n\nValid ecosystem identifiers: "+strings.Join(getValidEcosystemIdentifiers(), ", "),
))
pkg/workflow/network_firewall_validation.go:135
getValidEcosystemIdentifiers()appends keys from bothecosystemDomainsandcompoundEcosystemswithout deduping. If a future change introduces the same identifier in both maps, this will return duplicates (and the error message/test subtests will repeat names). Consider using a set (map[string]struct{}) to collect ids before sorting.
func getValidEcosystemIdentifiers() []string {
ids := make([]string, 0, len(ecosystemDomains)+len(compoundEcosystems))
for id := range ecosystemDomains {
ids = append(ids, id)
}
for id := range compoundEcosystems {
ids = append(ids, id)
}
sort.Strings(ids)
return ids
- Files reviewed: 2/2 changed files
- Comments generated: 2
| if isEcosystemIdentifier(domain) { | ||
| networkFirewallValidationLog.Printf("Skipping ecosystem identifier: %s", domain) | ||
| // Validate it's a known ecosystem identifier | ||
| if len(getEcosystemDomains(domain)) > 0 { | ||
| networkFirewallValidationLog.Printf("Skipping known ecosystem identifier: %s", domain) | ||
| continue | ||
| } |
There was a problem hiding this comment.
getEcosystemDomains(domain) is being called here only to check whether an identifier is known. That helper allocates/copies and sorts the full domain list (see pkg/workflow/domains.go:288+), which is unnecessary work during validation. Prefer checking membership directly (e.g., _, ok := ecosystemDomains[domain] or compoundEcosystems[domain]) or introducing a lightweight isKnownEcosystemIdentifier helper that avoids sorting/allocations.
This issue also appears in the following locations of the same file:
- line 83
- line 126
| "network.allowed", | ||
| domain, | ||
| fmt.Sprintf("'%s' is not a valid ecosystem identifier", domain), | ||
| "Use a valid ecosystem identifier or a domain name containing a dot (e.g., 'example.com').\n\nValid ecosystem identifiers: "+strings.Join(getValidEcosystemIdentifiers(), ", "), |
There was a problem hiding this comment.
This change makes unknown single-word entries fail compilation, but the repository docs currently state that invalid shorthands (e.g., npm, pypi, localhost) are "passed through as literal domain names" (.github/aw/network.md:90+). To avoid confusing users, the documentation should be updated to reflect the new compile-time error behavior.
| "Use a valid ecosystem identifier or a domain name containing a dot (e.g., 'example.com').\n\nValid ecosystem identifiers: "+strings.Join(getValidEcosystemIdentifiers(), ", "), | |
| "Unknown single-word entries are rejected unless they match a valid ecosystem identifier. Use a valid ecosystem identifier or specify a domain name containing a dot (for example, 'example.com').\n\nValid ecosystem identifiers: "+strings.Join(getValidEcosystemIdentifiers(), ", "), |
|
@copilot merge main and recompile |
…cosystem-identifiers # Please enter a commit message to explain why this merge is necessary, # especially if it merges an updated upstream into a topic branch. # # Lines starting with '#' will be ignored, and an empty message aborts # the commit. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Merged main and recompiled all 198 workflow files successfully (commit 5ae8ba0). Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
@copilot review all comments |
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/a8e405d8-e362-4db4-b883-8a88af4bc052 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Addressed both review comments in commit 092bbde:
|
Misspelled or unknown ecosystem identifiers in
network.allowed(e.g.,rustxxxx,defaults2) were silently accepted and treated as literal domains instead of erroring. Any single-word entry that looks like an ecosystem identifier but doesn't match a known one now fails compilation.Changes
network_firewall_validation.go): When a single-word entry matches the ecosystem identifier pattern (^[a-z][a-z0-9-]*$), validates it against the known ecosystem map viagetEcosystemDomains(). Unknown identifiers produce aValidationErrorwith the full list of valid options.getValidEcosystemIdentifiers(): New helper that dynamically builds the sorted list of valid identifiers fromecosystemDomains(embedded JSON) andcompoundEcosystems— stays in sync automatically as ecosystems are added.network_firewall_validation_test.go): Covers all valid identifiers (sourced fromgetValidEcosystemIdentifiers()to avoid drift), rejects unknown single-word entries, and confirms dotted domain names are unaffected.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name ntdrain.test GOINSECURE GOMOD GOMODCACHE ntdrain.test 2731�� rtcfg cjNZiRS1g ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE er GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg(http block)/usr/bin/gh gh repo view owner/repo env rtcfg vohS5K4mu ache/go/1.25.8/x64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-test.v=true env rtcfg GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-test.short=true ata/action_pins./usr/bin/git fips140deps/cpu GOMODCACHE ache/go/1.25.8/x^remote\..*\.gh-resolved$(http block)/usr/bin/gh gh repo view owner/repo env 3396295273 GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link rtcf�� ger.test om/goccy/go-yaml@v1.19.2/interna-ifaceassert ortcfg.link GOINSECURE GOMOD GOMODCACHE 9Ym34G_sfJyM6o-I^remote\..*\.gh-resolved$(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --paginate repos/{owner}/{repo}/actions/runs/1/artifacts /usr/bin/infocmp .artifacts[].namgit GO111MODULE ache/go/1.25.8/x--show-toplevel infocmp -1 xterm-color go /usr/bin/git bIELEoe4k om/segmentio/asm/opt/hostedtoolcache/node/24.14.1/x64/bin/npm eutil.test git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv ansitiveImports2774686486/001 rev-parse ache/node/24.14.1/x64/bin/node -json GO111MODULE x_amd64/asm git t-61�� k/gh-aw/gh-aw/.github/workflows/api-consumption-report.md x_amd64/asm ache/node/24.14.1/x64/bin/node -json GO111MODULE x_amd64/compile ache/node/24.14.1/x64/bin/node(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv 3272/001/stability-test.md om/santhosh-tekuri/jsonschema/v6@v6.0.2/kind/kind.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/xTest User env 653871/b235/_pkg_.a DUdE/2oEXO76xEThYfB4YDUdE 1/x64/bin/node GOINSECURE osh-tekuri/jsonsrev-parse GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linutest@example.com(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/git 653871/b037/_pkggit om/goccy/go-yamlrev-parse x_amd64/compile git rev-�� --show-toplevel GPI0DQM_4UTh /usr/bin/git 3917-33679/test-git bR-V/1lTwEKDRhnWrev-parse b899005bdf403681--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/vet 1/x64/bin/npm -aw/git/ref/tagsgit .cfg .cfg 1/x64/bin/npm rev-�� --show-toplevel gh /usr/bin/git r-test3444381000git r-test3444381000rev-parse /usr/bin/git git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ons-test1483852808 go .cfg -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE layTitle git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/xsh /usr/bin/git OnlyCompiledOutpgit g-gh/tcTLxKIFRzecheckout ache/go/1.25.8/x-b git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linu-dwarf=false /usr/bin/git 653871/b082/impogit bdZx/dTcSRunIDvprev-parse e/git-upload-pac--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v9/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv s/data/action_pi-p GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE eEuUNd1jQltd env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json /unsafebytes/uns-test.run=^Test x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git ty-test.md GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/api-consumption-report.md x_amd64/compile /usr/bin/git y-frontmatter.mdgit GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git _.a 0/internal/langurev-parse 64/pkg/tool/linu--show-toplevel /usr/bin/git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ry=1 /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.36.0/internal/internal.go 3157316/b440/_pkg_.a -json GO111MODULE 64/bin/go gh api /repos/actions/github-script/git/ref/tags/v9 s/2/artifacts /usr/bin/infocmp -json GO111MODULE 64/bin/go infocmp(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --git-dir 64/pkg/tool/linu-buildtags /usr/lib/git-core/git-remote-https _.a GO111MODULE 64/pkg/tool/linu--show-toplevel /usr/lib/git-core/git-remote-https(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv ripts/lint_error_messages.go ripts/lint_error_messages_test.go /usr/bin/git -json son/json.go 64/bin/go 3157316/b448/importcfg conf�� runs/20260421-023917-33679/test-2620721662 k/gh-aw/gh-aw/pkg/styles/theme.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet latted/flatted.ggit GO111MODULE 64/bin/go ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv t0 -dwarf=false(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE 64 GOMODCACHE go rtcf�� bIELEoe4k om/segmentio/asm@v1.1.3/cpu/cpui-w eutil.test GOINSECURE GOMOD GOMODCACHE eutil.test(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 1y3cTijPK 64/pkg/tool/linux_amd64/vet GOINSECURE obyte GOMODCACHE 64/pkg/tool/linuTest User env rtcfg 57OuoO-7M ache/go/1.25.8/x64/pkg/tool/linu-lang=go1.25 GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name S1XHWmzm6 ache/go/1.25.8/x64/bin/go GOINSECURE(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD bis 64/pkg/include env 3396295273 rtcfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE h_wasm.o 64/src/math/big/--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu-trimpath(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name sYYP-7R33 ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE sY5xy3c/9ezsDU_VWw7VJguVlRAx env 1868746637 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE s $k => $v) echoconfig GOMODCACHE ache/go/1.25.8/xremote.origin.url(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD bis 64/src/crypto/internal/boring/sig/sig_other.s env 3396295273 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE stat GOINSECURE(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 nLaxVxxol 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env rtcfg op5fLH1pk ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name YGaDW_VvF tat GOINSECURE o8601 GOMODCACHE go env 1266002916/.github/workflows GO111MODULE util.test GOINSECURE GOMOD GOMODCACHE util.test(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE o 64/src/internal/--show-toplevel 64/pkg/tool/linux_amd64/vet env 2408543454/custom/workflows FSSLThW2J ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE r_wasm.o 64/src/math/floo--show-toplevel 64/pkg/tool/linux_amd64/compile env 1266002916/.github/workflows GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD bis 64/pkg/tool/linux_amd64/vet env -json .cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name n.go 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link env 1266002916 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 xCmVfTE68 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 2408543454/custom/workflows qbNVEaFt_ ache/go/1.25.8/x64/pkg/tool/linu-buildmode=exe GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build4273157316/b418/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD bis 64/pkg/tool/linux_amd64/compile env _.a Y_7BzNNuM ache/go/1.25.8/x64/pkg/tool/linu--limit GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/xremote.origin.url(http block)https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md/tmp/go-build4273157316/b403/cli.test /tmp/go-build4273157316/b403/cli.test -test.testlogfile=/tmp/go-build4273157316/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -importcfg /tmp/go-build830653871/b244/importcfg -pack /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.36.0/internal/number/common.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git DefaultBranchFrogit DefaultBranchFrorev-parse ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git RequiresMinIntegls stmain.go ache/go/1.25.8/x/tmp/gh-aw/aw-feature-branch.patch git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv rtcfg R30X4Bcts ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote env rtcfg GO111MODULE .cfg GOINSECURE fips140/sha3 GOMODCACHE t.wasm && \ mv gh-aw.opt.wasm gremote.origin.url(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json sonschema/annotations.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json eyset.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json ii/equal_fold.goowner/repo x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv g_.a Y9sJvruy0 Name,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu--jq env r5IdeVX0U GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ortcfg(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD bis 64/pkg/tool/linux_amd64/vet env 6620036/b001/exe/a.out Ffa_H-Eee ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE vLGKQCFL0zRSc/TAinit GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --repo owner/repo --json name,path,state ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD bis 64/src/math/big/arith_wasm.s env 48/001/test-frontmatter-with-nested-objects.md GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE 653871/b047/ GOMODCACHE ache/go/1.25.8/x^remote\..*\.gh-resolved$(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/test/repo/usr/bin/gh gh api /repos/test/repo --jq .default_branch rtcfg op5fLH1pk ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile env 48/001/test-inlined-imports-enabled-with-body-content.md GO111MODULE x_amd64/compile GOINSECURE lite GOMODCACHE x_amd64/compile(http block)If you need me to access, download, or install something from one of these locations, you can either: