Stabilize Step Name Alignment by permitting direct manifest reads and tightening agent guidance#34873
Merged
Merged
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix step name alignment issues
Stabilize Step Name Alignment by permitting direct manifest reads and tightening agent guidance
May 26, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to stop the Step Name Alignment workflow from hitting error_max_turns by (1) granting the agent explicit permission to read the prebuilt step-alignment manifest and (2) tightening prompt guidance to avoid denied /tmp probing loops.
Changes:
- Added explicit bash allowlist entries to read
/tmp/gh-aw/agent/step-alignment-input.json(viacatandjq). - Updated agent instructions to prefer the
cache-memorytool and avoid exploratory/tmpscans. - Recompiled the workflow lock file so the runtime allowed-tools list reflects the new permissions.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/step-name-alignment.md | Expands agent bash allowlist and updates instructions around cache-memory + manifest consumption. |
| .github/workflows/step-name-alignment.lock.yml | Regenerated compiled workflow to include the new allowed-tools entries. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 1
| Read it directly with: | ||
|
|
||
| ```bash | ||
| cat /tmp/gh-aw/agent/step-alignment-input.json | jq . |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The Step Name Alignment workflow was failing in
agentwitherror_max_turnsafter repeated denied Bash attempts against/tmp/gh-aw/agentand/tmp/gh-aw/cache-memory. This change aligns tool permissions and prompt instructions so the agent can consume the prebuilt manifest without exploratory/tmpprobing loops.Workflow permission alignment
.github/workflows/step-name-alignment.mdfor direct manifest access:cat /tmp/gh-aw/agent/step-alignment-input.jsonjq* /tmp/gh-aw/agent/step-alignment-input.jsonPrompt hardening to avoid denial loops
cache-memorytool directly instead of shell exploration of/tmp/gh-aw/cache-memory.ls/find/cpdiscovery scans in/tmp.Compiled workflow sync
.github/workflows/step-name-alignment.lock.ymlso runtime allowed-tools reflect the new manifest-read permissions.