feat: scan firewall audit.jsonl for auth rejections and alert in failure issues (#scan-firewall-auth)

[Copilot]

Summary

When an agentic workflow fails, the failure issue/comment now includes a 🔑 Credential Authentication Failed alert when the firewall audit log (audit.jsonl) contains HTTP 401/403 responses from AI provider API endpoints.

This helps maintainers quickly identify missing, expired, or invalid API credentials as the root cause of workflow failures.

Changes

New: getEngineAPIHosts() in notify_comment.go

The workflow compiler now emits a GH_AW_ENGINE_API_HOSTS environment variable containing the comma-separated list of the engine's primary AI inference API hostnames (e.g. all four *.githubcopilot.com variants for Copilot, api.anthropic.com for Claude, api.openai.com for Codex, generativelanguage.googleapis.com for Gemini). An explicit engine.api-target override takes precedence over the defaults.

New: parseFirewallAuthErrors(auditJsonlPath)

Parses the firewall audit.jsonl JSONL log for authentication rejection entries using a three-pass approach for performance on large files:

1. File-level pre-scan (regex on full content): bails early when no 401/403 pattern exists anywhere in the file
2. Per-line regex pre-filter: skips lines that can't contain a 401/403 status without paying the JSON.parse cost
3. Full JSON parse: only for lines that pass both pre-filters

Providers are resolved dynamically from GH_AW_ENGINE_API_HOSTS / GH_AW_ENGINE_ID (set by the compiler). Falls back to a hardcoded list of known public provider API hosts when the env var is absent:

• GitHub Copilot (COPILOT_GITHUB_TOKEN) — *.githubcopilot.com
• OpenAI Codex (CODEX_API_KEY / OPENAI_API_KEY) — api.openai.com
• Anthropic Claude (ANTHROPIC_API_KEY) — api.anthropic.com
• Google Gemini (GEMINI_API_KEY) — generativelanguage.googleapis.com

New: buildRegisteredProviderEntries()

Reads GH_AW_ENGINE_API_HOSTS and GH_AW_ENGINE_ID to build the detection list dynamically, mapping engine IDs to human-readable labels and credential names. Falls back to hardcoded patterns when the env var is not set.

New: buildCredentialAuthErrorContext([auditJsonlPathOverride])

Builds the formatted alert string for inclusion in the failure issue/comment. Derives the audit.jsonl path from GH_AW_AGENT_OUTPUT. Renders the credential_auth_error.md template directly (no inline fallback).

New: actions/setup/md/credential_auth_error.md

Prompt template for the credentials alert, rendered with a {providers} list of affected providers.

Updated: agent_failure_issue.md / agent_failure_comment.md

Added {credential_auth_error_context} placeholder, placed immediately after {secret_verification_context}.

Tests

129 unit tests (19 new) covering:

• All four provider detections via hardcoded fallback (401 and 403)
• Provider detection via GH_AW_ENGINE_API_HOSTS env var (known and custom engines)
• Deduplication of same-provider entries
• Multi-provider detection
• Three-pass scan optimization (file-level and per-line pre-filters)
• Non-JSON line skipping
• Path derivation from GH_AW_AGENT_OUTPUT
• Empty / missing file handling

[pelikhan]

@copilot pass list of registered agentic engine as env var to determine providers (if they have a port, they are a provider)

[Copilot]

Done in commit 3af8d05.

Added getEngineAPIHosts() in notify_comment.go that emits GH_AW_ENGINE_API_HOSTS (comma-separated API hostnames) for each engine type — e.g. for Copilot it emits all four *.githubcopilot.com inference endpoints; Claude → api.anthropic.com; Codex → api.openai.com; Gemini → generativelanguage.googleapis.com. Custom engine.api-target overrides the defaults.

In JS, buildRegisteredProviderEntries() reads GH_AW_ENGINE_API_HOSTS + GH_AW_ENGINE_ID to build the detection list dynamically (falls back to hardcoded patterns when the env var is absent).

[pelikhan]

@copilot run regex again

[Copilot]

Done in commit 3af8d05. Added a per-line regex check (/"status"\s*:\s*40[13]/.test(trimmed)) before JSON.parse, so lines that can't possibly contain a 401/403 status are skipped without incurring the parse cost. This is now the third pass in the three-pass strategy: file-level scan → per-line scan → full JSON parse.

[pelikhan]

@copilot template should always be available, remove fallback

[Copilot]

Done in commit 3af8d05. Removed the try/catch fallback — buildCredentialAuthErrorContext now calls renderTemplateFromFile directly without the inline fallback message.

[github-actions]

🧪 Test Quality Sentinel Report

Test Quality Score: 82/100

✅ Excellent test quality

Metric	Value
New/modified tests analyzed	16
✅ Design tests (behavioral contracts)	16 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	9 (56%)
Duplicate test clusters	1
Test inflation detected	No (ratio 1.55:1)
🚨 Coding-guideline violations	None

---

Test Classification Details

View All 16 Test Classifications

Test	File	Classification	Notes
returns empty array when file does not exist	handle_agent_failure.test.cjs	✅ Design	Edge case — missing file
returns empty array when file is empty	handle_agent_failure.test.cjs	✅ Design	Edge case — empty file
returns empty array when no 401/403 entries	handle_agent_failure.test.cjs	✅ Design	Edge case — no auth failures
detects Copilot 401 auth rejection	handle_agent_failure.test.cjs	✅ Design	Asserts provider + credential name
detects OpenAI 401 auth rejection	handle_agent_failure.test.cjs	✅ Design	Asserts provider + credential name
detects Anthropic 403 auth rejection	handle_agent_failure.test.cjs	✅ Design	Asserts provider + credential name
detects Gemini 403 auth rejection	handle_agent_failure.test.cjs	✅ Design	Asserts provider + credential name
deduplicates multiple auth errors for the same provider	handle_agent_failure.test.cjs	✅ Design	Edge case — dedup invariant
reports multiple different providers	handle_agent_failure.test.cjs	✅ Design	Verifies multi-provider output
skips non-JSON lines without throwing	handle_agent_failure.test.cjs	✅ Design	Edge case — malformed input robustness
selective pre-scan: skips full parse when no 4xx entries in large file	handle_agent_failure.test.cjs	✅ Design	Edge case — still asserts on observable output
returns empty string when audit.jsonl does not exist	handle_agent_failure.test.cjs	✅ Design	Edge case — missing file
returns empty string when no auth errors in audit.jsonl	handle_agent_failure.test.cjs	✅ Design	Edge case — no-op path
returns credential alert when auth rejection found	handle_agent_failure.test.cjs	✅ Design	Verifies output content
includes all affected providers in the output	handle_agent_failure.test.cjs	✅ Design	Verifies multi-provider output
derives audit.jsonl path from GH_AW_AGENT_OUTPUT when no override provided	handle_agent_failure.test.cjs	✅ Design	Behavioral contract for env var path resolution

---

Minor Observation — Similar Provider Detection Tests

The four provider-detection tests (Copilot, OpenAI, Anthropic, Gemini) share an identical structure: write one JSONL entry, parse, assert length=1, assert provider name, assert credential name. This is a single duplicate cluster (−5 pts).

Suggestion: These could be collapsed into a single table-driven test:

it.each([
  { host: api.enterprise.githubcopilot.com:443, status: 401, provider: Copilot, credKey: COPILOT_GITHUB_TOKEN },
  { host: api.openai.com:443,                   status: 401, provider: OpenAI,  credKey: OPENAI_API_KEY },
  { host: api.anthropic.com:443,                status: 403, provider: Anthropic, credKey: ANTHROPIC_API_KEY },
  { host: generativelanguage.googleapis.com:443, status: 403, provider: Gemini, credKey: GEMINI_API_KEY },
])("$provider auth rejection", ({ host, status, provider, credKey }) => { ... });

This makes it trivial to add future providers and removes the duplication penalty.

---

Language Support

Tests analyzed:

• 🐹 Go (*_test.go): 0 tests (no Go test files changed)
• 🟨 JavaScript (*.test.cjs): 16 tests (vitest) — handle_agent_failure.test.cjs

---

Scoring Breakdown

Component	Score	Detail
Behavioral coverage (40 pts)	40/40	16/16 tests are design tests
Error/edge case coverage (30 pts)	17/30	9/16 tests cover error or edge-case paths
Low duplication (20 pts)	15/20	1 duplicate cluster (4 similar provider tests)
Proportional growth (10 pts)	10/10	Test/prod ratio 1.55:1 (under 2:1 threshold)
Total	82/100

---

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%). Mocking is limited to global.core (GitHub Actions runtime) — a legitimate external I/O mock. All tests assert on observable return values. No coding-guideline violations detected.

---

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

References:

• §25047920494

🧪 Test quality analysis by Test Quality Sentinel · ● 610.9K · ◷

[github-actions]

✅ Test Quality Sentinel: 82/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). All 16 new tests verify observable behavioral contracts with real filesystem I/O. No coding-guideline violations detected.

[Copilot]

Pull request overview

Adds a credentials-focused alert to agentic workflow failure issues/comments by scanning the firewall audit.jsonl for HTTP 401/403 responses to known AI provider endpoints, helping maintainers quickly identify invalid/missing API credentials.

Changes:

• Added parseFirewallAuthErrors + buildCredentialAuthErrorContext and wired {credential_auth_error_context} into failure issue/comment templates.
• Introduced a new prompt template (credential_auth_error.md) and added unit tests covering provider detection and path derivation.
• Updated multiple workflow lockfiles (permissions and MCP CLI mounting/allowlist changes).

Show a summary per file

File	Description
actions/setup/md/credential_auth_error.md	New markdown template for the credential authentication alert.
actions/setup/md/agent_failure_issue.md	Inserts {credential_auth_error_context} into the failure issue template.
actions/setup/md/agent_failure_comment.md	Inserts {credential_auth_error_context} into the failure comment template.
actions/setup/js/handle_agent_failure.cjs	Implements firewall auth rejection parsing and alert context generation; injects into failure template context.
actions/setup/js/handle_agent_failure.test.cjs	Adds unit tests for auth rejection parsing and alert context rendering/path derivation.
.github/workflows/unbloat-docs.lock.yml	Updates compiled workflow (permissions + prompt assembly changes + MCP CLI mounting).
.github/workflows/tidy.lock.yml	Updates compiled workflow (permissions + prompt assembly changes + MCP CLI mounting).
.github/workflows/plan.lock.yml	Adds pull-requests: write permission to activation job.
.github/workflows/pdf-summary.lock.yml	Adds pull-requests: write permission to activation job.
.github/workflows/mergefest.lock.yml	Adds pull-requests: write permission to activation job.
.github/workflows/brave.lock.yml	Adds pull-requests: write permission to activation job.
.github/workflows/ace-editor.lock.yml	Adds pull-requests: write permission to activation job.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 12/12 changed files
• Comments generated: 6

[Copilot]

This workflow sets pull-requests: write, but it only triggers when github.event.issue.pull_request == null and the GitHub MCP server is configured read-only (GITHUB_READ_ONLY: "1"). Please remove pull-requests: write (or downgrade to pull-requests: read if required) to keep least-privilege.

Suggested change

pull-requests: write

[Copilot]

This workflow adds pull-requests: write, but the workflow’s interactions appear limited to PR context/commenting (issues endpoint) and the GitHub MCP server is configured read-only (GITHUB_READ_ONLY: "1"). Please downgrade to pull-requests: read (or remove entirely if not needed) to follow least-privilege.

Suggested change

	pull-requests: write
	pull-requests: read

[Copilot]

This PR includes workflow behavioral changes (e.g., mounting MCP servers as CLIs and expanding allowed tool patterns) in addition to the firewall auth alert work described in the PR metadata. Please either update the PR description to cover these workflow changes or split them into a separate PR so reviewers can assess them independently.

[Copilot]

parseFirewallAuthErrors iterates with content.split("\n"), which duplicates the entire audit file in memory as an array of lines. For large audit.jsonl files this can be a significant memory hit; consider streaming line-by-line (e.g., readline over a read stream) and optionally early-exiting once all known providers have been found.

[Copilot]

This workflow sets pull-requests: write, but the workflow only runs for issue comments on non-PR issues / discussions and the GitHub MCP server is configured as read-only (GITHUB_READ_ONLY: "1"). Please drop the permission entirely (or reduce to pull-requests: read if something truly needs PR read access) to keep least-privilege.

Suggested change

pull-requests: write

[Copilot]

This workflow sets pull-requests: write, but it is triggered only for issues / issue comments on non-PR issues (and workflow_dispatch), and the GitHub MCP server is configured read-only (GITHUB_READ_ONLY: "1"). Please remove pull-requests: write (or downgrade to pull-requests: read if required).

Suggested change

pull-requests: write

[github-actions]

🛠️ Agentic Maintenance updated this pull request branch.

View workflow run

[pelikhan]

@copilot review all comments

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --global cal/bin/git git rev-�� --show-toplevel git /usr/bin/git get --local cal/bin/bash git (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -tags /usr/bin/git git chec�� w/js/**/*.json' --ignore-path feature-branch /usr/bin/git --show-toplevel (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv -test.paniconexit0 -test.timeout=10m0s /usr/bin/git -test.run=TestCogit (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --noprofile (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --abbrev-ref HEAD 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git --noprofile (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv get --global 86_64/bash http.https://gitgit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv get --local tnet/tools/bash pull.rebase (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --local core.hooksPath 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv --noprofile 53 /home/REDACTED/go/bin/bash ACCEPT (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv --show-toplevel (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --noprofile (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /php.ini (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv f/tags/v6 HEAD sv (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv get --global x_amd64/compile http.https://gitgit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv get --local x_amd64/compile pull.rebase (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --local core.hooksPath 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv json ]; then \ cp .github/aw/actions-lock.json -errorsas (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv h ../../../.pret.prettierignore git /usr/bin/git --show-toplevel (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv js/**/*.json' --**/*.ts --jq $name) { hasDiscussionsEnabled } } --show-toplevel (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv js/**/*.json' --**/*.ts git /node --show-toplevel (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch '**/*.ts' '**/*.name git .lock.yml --show-toplevel git /usr/bin/git git ache�� .js' --ignore-path .prettierignore --log-level=error git r: $owner, name: $name) { hasDiscussionsEnabled } } --show-toplevel /sa1 /usr/bin/git erignore (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv -m conntrack /home/REDACTED/.local/bin/bash INVALID,NEW -j DROP bash --no�� --noprofile (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv arget k/gh-aw/gh-aw/pkg/workflow/claude_engine.go ache/uv/0.11.8/x86_64/bash (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv HEAD (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

@copilot review all comments

Reviewed all automated reviewer comments:

Code change (e9fedcc): Added early-exit in parseFirewallAuthErrors once all known providers have been matched — avoids iterating the rest of the file unnecessarily (addresses the memory/performance comment at line 910-913).

Lock file permissions (brave, ace-editor, plan, pdf-summary): The pull-requests: write entries are pre-existing in the source .md files — they existed before this PR and are not introduced by these changes. Fixing them would require edits to those source workflows, which is out of scope here.

tidy.lock.yml behavioral note: The MCP CLI mounting and tool pattern changes the reviewer flagged come from tidy.md having been updated on main before the merge, not from this PR's own changes.