Add support for defined custom safe-output scripts

[Copilot]

Adds safe-outputs.scripts support — inline JavaScript handlers that run within the consolidated safe-outputs job's handler loop, similar to safe-outputs.jobs but without creating a separate GitHub Actions job.

Usage

Users write only the body of the handler setup function — the compiler automatically wraps it with async function main(config = {}) { ... } and module.exports = { main };, the same pattern used by MCP-scripts and actions/github-script:

safe-outputs:
  scripts:
    slack-post-message:
      description: Post a message to Slack
      inputs:
        channel:
          description: Target channel
          required: true
          type: string
        message:
          description: Message text
          required: true
          type: string
      script: |
        return async function handleSlackPostMessage(item) {
          const channel = item.channel || "#general";
          const message = item.message || "(no message)";
          core.info(`[SLACK] → ${channel}: ${message}`);
          return { success: true };
        };

The compiler generates the full module file:

// Auto-generated safe-output script handler: slack-post-message
async function main(config = {}) {
  return async function handleSlackPostMessage(item) {
    const channel = item.channel || "#general";
    const message = item.message || "(no message)";
    core.info(`[SLACK] → ${channel}: ${message}`);
    return { success: true };
  };
}
module.exports = { main };

Note: Per-call input values sent by the agent are available as direct top-level properties on the item message object (e.g. item.channel). The config parameter holds the static YAML configuration — config.description and config.inputs (the input schema metadata) — not the runtime values.

How It Works

1. The compiler writes each inline script to ${RUNNER_TEMP}/gh-aw/actions/safe_output_script_<name>.cjs via a heredoc step in the safe-outputs job, wrapping the user's body in async function main(config = {}) { ... } and module.exports = { main };.
2. GH_AW_SAFE_OUTPUT_SCRIPTS (a JSON map of normalized name → filename) is passed as an env var to the handler manager step.
3. The handler manager loads each script, calls main(config), and dispatches messages of the matching type to the returned handler function.
4. MCP tool definitions (name, description, inputSchema) are generated the same way as custom safe-jobs.

Changes Made

• compiler_types.go — Added Scripts map[string]*SafeScriptConfig field to SafeOutputsConfig
• safe_scripts.go — New file: SafeScriptConfig struct, parsing helpers, JSON env var builder, and generateCustomScriptToolDefinition()
• safe_outputs_config.go — Parse scripts: key from frontmatter
• safe_outputs_state.go — Include Scripts in hasAnySafeOutputEnabled() and hasNonBuiltinSafeOutputsEnabled()
• safe_outputs_config_generation.go — Emit script config into GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG
• safe_outputs_tools_filtering.go — Include script tool definitions in filtered and dynamic tools JSON
• compiler_safe_outputs_job.go — generateSafeOutputScriptContent() wraps user body with main() + module.exports; buildCustomScriptFilesStep() writes wrapped scripts via heredoc; scripts included in hasHandlerManagerTypes
• compiler_safe_outputs_steps.go — Emit GH_AW_SAFE_OUTPUT_SCRIPTS env var on handler manager step
• safe_output_helpers.cjs — loadCustomSafeOutputScriptHandlers() parses GH_AW_SAFE_OUTPUT_SCRIPTS
• safe_output_handler_manager.cjs — Loads and dispatches to custom script handlers after built-in HANDLER_MAP handlers
• main_workflow_schema.json — Added scripts as a valid safe-outputs property with full sub-schema for inputs and script fields
• smoke-claude.md — Added post-slack-message script as a real-world usage example, with a corresponding test step (Fix orphan removal on "gh aw remove" #11) that exercises the post_slack_message tool
• actions/setup/js/types/safe-output-script.d.ts — New TypeScript definition file documenting the types available when writing a custom safe-output script

TypeScript Definitions

The new safe-output-script.d.ts file exports the following types for script authors:

Type	Description
SafeOutputScriptInputDefinition	Schema for a single declared input (type, description, required, default, options)
SafeOutputScriptConfig	The config parameter of main() — static YAML metadata (description + inputs schema)
SafeOutputScriptItem<TInputs>	Per-call message passed to the handler — user input values as direct top-level properties
SafeOutputScriptHandler<TInputs>	Async handler function returned by main()
SafeOutputScriptMain<TInputs>	Factory function type generated by the compiler

Testing

• ✅ 16 new unit tests covering parsing, JSON generation, tool definition generation, script content wrapping, step generation, and handler manager integration
• ✅ make build, make fmt, make lint all pass
• ✅ 174 existing workflows recompile cleanly with no output changes
• ✅ smoke-claude workflow recompiles cleanly with the new post-slack-message script

Original prompt

Add support for defined custom safe-output as scripts, similar safe output custom jobs.

safe-outputs:
scripts:
slack-post-message:
... inputs same as jobs
script: |
... # JavaScript handler

The script get written in the folder that holds the actions script and get loaded at runtime in the safe output handler message loop. The script should have the same JavaScript structure as existing handlers.

The compilation into the config and tools.json should reuse helped used by safe jobs.

The goal of this feature is to create safe output handlers that runs in the safe output loop and have better support for temporary ids.

---

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

[github-actions]

Hey @Copilot 👋 — great start on adding custom safe-output script support! The new safe_scripts.go and safe_scripts_test.go files lay a solid foundation for the feature, and the 377-line test file shows real coverage of parsing and config generation. A few things still need attention before this is ready for review:

• WIP checklist — All checklist items in the PR body are still unchecked, including the final validation step. Work through each item and check them off as they are completed.
• Run make agent-finish — Per the project's contribution process, make agent-finish (build + test + recompile + format + lint) must be run and pass before the PR is considered complete. This is a required quality gate per CONTRIBUTING.md and DEVGUIDE.md.
• Draft status — Once all checklist items are done and make agent-finish passes, convert this from a draft to a ready-for-review PR so @pelikhan can do a final pass.

If you'd like a hand finishing the remaining items, you can use this prompt with your coding agent:

Continue implementing the WIP PR for "Add support for defined custom safe-output for scripts" in github/gh-aw...

Generated by Contribution Check · ◷

[pelikhan]

@copilot keep working

[Copilot]

@copilot keep working

All checklist items are complete. The implementation adds safe-outputs.scripts support — inline JavaScript handlers that run within the consolidated safe-outputs job's handler loop (in contrast to safe-outputs.jobs which create separate GitHub Actions jobs).

Usage example:

safe-outputs:
  scripts:
    slack-post-message:
      description: Post a message to Slack
      inputs:
        channel:
          description: Target channel
          required: true
          type: string
        message:
          description: Message text
          required: true
          type: string
      script: |
        async function main(config = {}) {
          const { channel, message } = config;
          return async function handleSlackPostMessage(item) {
            // ... handler logic using github, context, core globals
            return { success: true };
          };
        }
        module.exports = { main };

How it works:

1. Compiler writes the inline script to ${RUNNER_TEMP}/gh-aw/actions/safe_output_script_<name>.cjs via a heredoc step
2. GH_AW_SAFE_OUTPUT_SCRIPTS env var (JSON map of name→filename) is passed to the handler manager step
3. The handler manager loads and calls main(config) on each script, then dispatches messages of the matching type to the returned handler function
4. MCP tool definitions are generated the same way as custom safe-jobs

Build, lint, and all 15 new unit tests pass. 174 existing workflows recompile cleanly.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://github.com/ghapi/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json .cfg 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw owner /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-current git 0/x64/bin/bash git (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /usr/bin/git /usr/bin/git git (http block)
• https://github.com/ghapi/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name pkg/mod/github.c-errorsas pkg/mod/github.c-ifaceassert 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc-buildtags -o /tmp/go-build152-errorsas -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel ingutil.test /usr/bin/git -json GO111MODULE ache/go/1.25.0/x/repos/actions/checkout/git/ref/tags/v5 git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/link /usr/bin/git 2020-28018/test-git /tmp/go-build236rev-parse 2688770/b429/imp--show-toplevel git (http block)
• https://github.com/ghapi/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha nt/action/git/ref/tags/v999.999.999 status /usr/bin/git .github/workflowgit GO111MODULE nch,headSha,disp--show-toplevel git rev-�� --show-toplevel x_amd64/vet /usr/bin/git ub/workflows GO111MODULE x_amd64/vet git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 0/x64/bin/node /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git ub/workflows git /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git node js/f�� 0/x64/bin/node git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git node (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -unreachable=false /tmp/go-build2362688770/b200/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet 5281312/b434/_pkgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile --show-toplevel ache/go/1.25.0/xrev-parse /usr/bin/git /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -V=f�� .cfg git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel ache/go/1.25.0/xrev-parse /usr/bin/git node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git 0/x64/bin/node --show-toplevel x_amd64/cgo /usr/bin/git git cjs --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git git (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu--json env -json GO111MODULE 64/pkg/tool/linu--limit GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 2688770/b449/_testmain.go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link -json GO111MODULE x_amd64/vet /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link -o /tmp/go-build2362688770/b449/workflow.test -importcfg /usr/bin/git -s -w -buildmode=exe git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git 432584703 2688770/b038/vetrev-parse ortcfg.link git rev-�� --show-toplevel yQm7JrG_JTdGyVRlef/N6GE9dzJuLpfUe9tz4e_/2s_1ls3qXTEKwHQoxHY9 /usr/bin/git ithub/workflows 2688770/b213/vetrev-parse les.test git (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --get remote.origin.url /usr/lib/git-core/git -json GO111MODULE 64/bin/go /usr/lib/git-core/git main�� run --auto /usr/bin/git --detach GO111MODULE x_amd64/vet git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --get remote.origin.url e/git -json GO111MODULE 64/bin/go e/git chec�� -b om/owner/repo.git /usr/bin/git -json GO111MODULE x_amd64/vet git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git 2020-28018/test-git 2688770/b083/vetrev-parse .cfg git (http block)
• https://github.com/ghapi/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha prettier --check 64/bin/go **/*.ts **/*.json --ignore-path git -c log.showsignatur-errorsas log 64/bin/go --format=%H:%ct (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha "prettier" --check 'scripts/**/*GOINSECURE sh 64/bin/go npx prettier --w/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha "prettier" --che-errorsas npx 64/bin/go tierignore **/*.cjs 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://github.com/ghapi/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha user.email test@example.com /usr/bin/git -json GO111MODULE 64/bin/go git conf�� /github.com/owner/repo.git Test User /opt/hostedtoolcache/node/24.14.0/x64/bin/node -json GO111MODULE x_amd64/vet node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git ache/node/24.14.0/x64/bin/node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git node (http block)
• https://github.com/ghapi/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/blog-auditor.md go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --get remote.origin.url /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git bash --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git node (http block)
• https://github.com/ghapi/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha run --auto $name) { hasDiscussionsEnabled } } --detach git /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git rev-�� --show-toplevel node 0/x64/bin/node /usr/bin/git git /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha HEAD node $name) { hasDiscussionsEnabled } } ache/go/1.25.0/xinfocmp git /opt/hostedtoolcxterm-color git rev-�� --show-toplevel node 0/x64/bin/node /usr/bin/git git /usr/bin/git git (http block)
• https://github.com/ghapi/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 2688770/b417/_pkg_.a /tmp/go-build2362688770/b065/vet.cfg (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/infocmp --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git infocmp -1 runs/20260318-152328-32850/test-3315192615 git 428280/b415/vet.cfg --show-toplevel ache/go/1.25.0/xrev-parse /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha ..feature-branch --stdout 0/x64/bin/node --git-dir git /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --get remote.origin.urrev-parse /usr/bin/git git (http block)
• https://github.com/ghapi/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git ache/node/24.14.--noprofile git rev-�� --show-toplevel git /tmp/TestGetNpmBinPathSetup_GorootOrdering2767095230/001/go/1.25.0/x64/bin/go --show-toplevel git /usr/bin/git go (http block)
• https://github.com/ghapi/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --show-toplevel node r: $owner, name: $name) { hasDiscussionsEnabled } } /usr/bin/git git /opt/hostedtoolc/repos/githubnext/agentics/git/ref/tags/# git conf�� user.name Test User 0/x64/bin/node /usr/bin/git git /usr/local/sbin/inspect git (http block)
• https://github.com/ghapi/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha t0 -buildtags (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha HEAD git 0/x64/bin/node --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node /usr/bin/git JjtEFmA/amODhwtkrev-parse /usr/bin/git git (http block)
• https://github.com/ghapi/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -bool -buildtags 2688770/b320/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu^remote\..*\.gh-resolved$ (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� ithub-script/git/ref/tags/v8 git /usr/bin/git --show-toplevel ache/go/1.25.0/xrev-parse /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha HEAD git 0/x64/bin/node --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --show-toplevel git /usr/bin/git git (http block)
• https://github.com/ghapi/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env hub/workflows .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 git /usr/bin/git --git-dir iEtxJ64HjgrP /usr/bin/git git rev-�� --show-toplevel git util.test --show-toplevel 4FalH7W/O6Ou1LJurev-parse /usr/bin/docker util.test (http block)
• https://github.com/ghapi/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 git /usr/bin/head --git-dir x_amd64/vet /usr/bin/git head -500�� /tmp/gh-aw/aw-feature-branch.patch git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git (http block)
• https://github.com/ghapi/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git init�� x_amd64/vet git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git (http block)
• https://github.com/ghapi/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 git /usr/bin/gh --show-toplevel JbrieQ94-F8q /usr/bin/git gh auth�� status git 64/pkg/tool/linux_amd64/link GOMODCACHE x_amd64/vet /bin/sh 64/pkg/tool/linux_amd64/link (http block)
• https://github.com/ghapi/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 /usr/bin/unpigz /usr/bin/git -c x_amd64/vet /usr/bin/git git rev-�� ai-moderator.md git 64/pkg/tool/linux_amd64/vet --git-dir x_amd64/vet /usr/lib/git-cor--show-toplevel 64/pkg/tool/linux_amd64/vet (http block)
• https://github.com/ghapi/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build2362688770/b438/_testmain.go env hub/workflows GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 git /usr/bin/infocmp --show-toplevel x_amd64/vet /usr/bin/git infocmp -1 xterm-color git /usr/bin/git --git-dir x_amd64/vet /usr/bin/git git (http block)
• https://github.com/ghapi/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 git /usr/bin/gh --show-toplevel x_amd64/vet /usr/bin/git gh auth�� status git /usr/bin/git --show-toplevel x_amd64/vet /usr/lib/git-cor--show-toplevel git (http block)
• https://github.com/ghapi/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path pkg/mod/github.cGOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc/tmp/go-build2362688770/b209/vet.cfg -o /tmp/go-build1525281312/b401/_pkGOINSECURE -trimpath 64/bin/go -p github.com/ayman-atomic -lang=go1.24 go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 main -lang=go1.25 go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/compile env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://github.com/ghapi/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha ty-test.md GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu12346 /usr/bin/git -bool l /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git assword=$GITHUB_infocmp assword=$GITHUB_-1 /usr/bin/git _9i2epq/EIrZf1RthI0_7U7555L_ (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git /usr/bin/git bility_SameInputnode git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel (http block)
• https://github.com/ghapi/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha /tmp/go-build1525281312/b417/_pkGOINSECURE -trimpath 64/bin/go -p github.com/githu-atomic -lang=go1.25 go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://github.com/ghapi/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha /tmp/go-build1525281312/b411/_pkGOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha /tmp/go-build1525281312/b418/_pkGOINSECURE -trimpath 64/bin/go -p github.com/githu-atomic -lang=go1.25 go env -json GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha /tmp/go-build1525281312/b400/_pkGOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
• https://github.com/ghapi/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha pkg/workflow/dis-json node 64/bin/go prettier --write 64/bin/go go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://github.com/ghapi/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git iptables git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /opt/hostedtoolcgraphql git (http block)
• https://github.com/ghapi/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE At,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 3662776422/.github/workflows .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu4 /usr/bin/git -bool -buildtags ipts.test git rev-�� --show-toplevel ipts.test /usr/bin/git /tmp/gh-aw-add-ggit config /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel 0/x64/bin/node /usr/bin/git bility_SameInputnode git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel l /usr/bin/git git (http block)
• https://github.com/ghapi/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --show-toplevel x_amd64/vet /usr/bin/git git rev-�� --show-toplevel /usr/bin/git /usr/bin/git --get-regexp ^remote\..*\.gh-run /usr/bin/git git (http block)
• https://github.com/ghapi/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc/tmp/go-build2362688770/b215/vet.cfg -o /tmp/go-build1525281312/b391/_pkGOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc/tmp/go-build2362688770/b202/vet.cfg -o /tmp/go-build1525281312/b420/_pkGOINSECURE -trimpath 64/bin/go -p github.com/githu-atomic -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x-tests /usr/bin/git -unreachable=falgit /tmp/go-build236rev-parse 0/x64/bin/node git (http block)
• https://github.com/ghapi/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build2362688770/b399/cli.test /tmp/go-build2362688770/b399/cli.test -test.testlogfile=/tmp/go-build2362688770/b399/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOSUMDB GOWORK 64/bin/go node /hom�� --check scripts/**/*.js 64/bin/go .prettierignore --write 64/bin/go go (http block)
  • Triggering command: /tmp/go-build548428280/b001/cli.test /tmp/go-build548428280/b001/cli.test -test.paniconexit0 -test.timeout=10m0s -test.count=1 rev-�� /ref/tags/v8 ache/go/1.25.0/x64/pkg/tool/linu12345 /usr/bin/git -json GO111MODULE trepo.git git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git -unreachable=falgit /tmp/go-build236rev-parse 2688770/b274/vet--show-toplevel git (http block)
• https://github.com/ghapi/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name k/gh-aw/gh-aw/pk-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK run-script/lib/n-bool /opt/hostedtoolc-buildtags -o /tmp/go-build152-errorsas -trimpath 64/bin/go -p github.com/githu-atomic -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel ache/go/1.25.0/x64/pkg/tool/linu--json /usr/bin/git vaScript17861412git GO111MODULE 2688770/b418/log--show-toplevel git rev-�� --show-toplevel 2688770/b418/logger.test /usr/bin/git t0 -trimpath (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot use the same trick as in MCP-scripts or actions/github-script and let the user write the body of main directly , then wrap it with main when writing the JavaScript file in the action.
So the user does not have to generate a exports section and main declaration

[Copilot]

@copilot use the same trick as in MCP-scripts or actions/github-script and let the user write the body of main directly , then wrap it with main when writing the JavaScript file in the action.
So the ...

Done in bda995e. Users now write only the body of main (the handler setup code + return statement), and the compiler wraps it with the function declaration and module.exports — same pattern as MCP-scripts and github-script.

Before (required boilerplate):

async function main(config = {}) {
  const { channel } = config;
  return async (msg) => ({ success: true });
}
module.exports = { main };

After (just the body):

const { channel } = config;
return async (msg) => ({ success: true });

The compiler generates the full module file with the async function main(config = {}) { ... } wrapper and module.exports = { main }; automatically.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://github.com/ghapi/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
• https://github.com/ghapi/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -unreachable=false /tmp/go-build2017224207/b060/vet.cfg 7224207/b248/vet.cfg (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha get .cfg 64/pkg/tool/linux_amd64/vet pull.rebase (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -bool -buildtags /usr/local/sbin/bash -errorsas -ifaceassert -nilfunc bash --no�� --noprofile -tests /usr/bin/git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel (http block)
• https://github.com/ghapi/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 7224207/b263/vet.cfg k/_temp/uv-python-dir/bash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel (http block)
• https://github.com/ghapi/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --noprofile (http block)
• https://github.com/ghapi/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --noprofile (http block)
• https://github.com/ghapi/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha (http block)
• https://github.com/ghapi/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha (http block)
• https://github.com/ghapi/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha (http block)
• https://github.com/ghapi/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
• https://github.com/ghapi/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot update smoke-claude to use safe-output scripts to post a ficticious slack message.

[Copilot]

@copilot update smoke-claude to use safe-output scripts to post a ficticious slack message.

Done in 9de4b93. smoke-claude now has a post-slack-message safe-output script and a test step (#11) that exercises it:

scripts:
  post-slack-message:
    description: Post a message to a fictitious Slack channel (smoke test only)
    inputs:
      channel: { type: string, required: true }
      message: { type: string, required: true }
    script: |
      const { channel, message } = config;
      return async function handlePostSlackMessage(item) {
        const targetChannel = item.data?.channel || channel || "#general";
        const text = item.data?.message || message || "(no message)";
        core.info(`[FICTITIOUS SLACK] → ${targetChannel}: ${text}`);
        return { success: true, channel: targetChannel, message: text };
      };

The scripts property was also added to the JSON schema so the compiler recognises it.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://github.com/ghapi/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot generate the typescript definition so that users know the typedefinition of config. (put it in a separate file)

[Copilot]

@copilot generate the typescript definition so that users know the typedefinition of config. (put it in a separate file)

Done in 6ca853f. Created actions/setup/js/types/safe-output-script.d.ts with the following exported types:

• SafeOutputScriptInputDefinition — schema for a single declared input (type, description, required, default, options)
• SafeOutputScriptConfig — the config parameter passed to main(): contains description and inputs (the static YAML metadata, not per-call values)
• SafeOutputScriptItem<TInputs> — the per-call message passed to the returned handler; user-declared input values are direct properties (item.channel, not item.data.channel)
• SafeOutputScriptHandler<TInputs> — the async handler function signature
• SafeOutputScriptMain<TInputs> — the factory function type wrapping it all

Also fixed the smoke-claude example script to use item.channel/item.message directly (the previous version incorrectly used item.data?.channel).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://github.com/ghapi/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
• https://github.com/ghapi/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -unreachable=false /tmp/go-build2001790754/b047/vet.cfg 1790754/b306/vet.cfg (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha te 'scripts/**/*.js' --ignore-path .prettierigno-errorsas .cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -bool -buildtags /usr/local/sbin/bash -errorsas -ifaceassert -nilfunc bash --no�� --noprofile -tests /usr/bin/git js/**/*.json' --git r cal/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git --verify copilot/add-supprev-parse x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git --noprofile (http block)
• https://github.com/ghapi/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha npx prettier --write '../../../**/*.json' '!../../../pkg/workflo-errorsas (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel git /usr/bin/git ../pkg/workflow/git credential.helperev-parse x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git copilot/add-suppgit est.go x_amd64/vet git (http block)
• https://github.com/ghapi/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 1790754/b264/vet.cfg k/_temp/uv-python-dir/bash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha npx prettier --write '../../../**/*.json' '!../../../pkg/workflo-errorsas (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --write ../../../**/*.json /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --ignore-path ../../../.prettirev-parse (http block)
• https://github.com/ghapi/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha npx prettier --write '../../../**/*.json' '!../../../pkg/workflo-errorsas (http block)
• https://github.com/ghapi/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha npx prettier --write '../../../**/*.json' '!../../../pkg/workflo-errorsas (http block)
• https://github.com/ghapi/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --noprofile .cfg 64/pkg/tool/linux_amd64/vet nore (http block)
• https://github.com/ghapi/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
• https://github.com/ghapi/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --noprofile .cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://github.com/ghapi/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --noprofile .cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://github.com/ghapi/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
• https://github.com/ghapi/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)