feat: add --no-ask-user flag to copilot agentic engine for fully autonomous runs

[Copilot]

Reapplies the --no-ask-user changes from #25686 onto current HEAD (bare mode changes were already merged separately).

Emits --no-ask-user when invoking the Copilot CLI to suppress interactive prompts during both agent and detection jobs, version-gated to CLI ≥ 1.0.19.

Changes

• pkg/constants/version_constants.go: Add CopilotNoAskUserMinVersion = "1.0.19"
• pkg/workflow/copilot_engine_execution.go:
  • copilotSupportsNoAskUser() — version-gate helper following the same pattern as awfSupportsExcludeEnv/awfSupportsCliProxy
  • Emit --no-ask-user for both agent and detection jobs when version supports it
  • Hoist isDetectionJob declaration earlier to share with both --no-ask-user and --autopilot guards
• pkg/workflow/copilot_engine_test.go: TestCopilotEngineNoAskUser (8 cases) and TestCopilotSupportsNoAskUser (10 cases)
• 187 lock files recompiled

Version-gate logic

Version	--no-ask-user emitted?
unspecified (default 1.0.21)	✅
latest	✅
>= 1.0.19	✅
< 1.0.19	❌
non-semver (e.g. branch name)	❌ (conservative)

[pelikhan]

@copilot also emit for detection job

[Copilot]

Done in 18ac63b — --no-ask-user is now emitted for both agent and detection jobs (still version-gated to CLI ≥ 1.0.19). Updated tests to match.

[Copilot]

Pull request overview

Adds support for running Copilot agent jobs fully autonomously by passing --no-ask-user to the Copilot CLI, gated to Copilot CLI versions that support the flag (>= 1.0.19) and excluded from detection jobs.

Changes:

• Introduce CopilotNoAskUserMinVersion = "1.0.19" and a copilotSupportsNoAskUser() version-gate helper.
• Emit --no-ask-user for Copilot agent jobs (not detection jobs) when supported by the configured/effective Copilot CLI version.
• Regenerate workflow lock files so compiled commands include --no-ask-user where applicable.

Show a summary per file

File	Description
pkg/constants/version_constants.go	Adds the minimum Copilot CLI version constant for --no-ask-user support.
pkg/workflow/copilot_engine_execution.go	Adds version-gate helper and conditionally appends --no-ask-user for agent jobs only.
.changeset/patch-add-copilot-no-ask-user-flag.md	Changeset documenting the new behavior and version gating.
.github/workflows/agent-performance-analyzer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/agent-persona-explorer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/agentic-observability-kit.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/archie.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/architecture-guardian.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/artifacts-summary.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/auto-triage-issues.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/bot-detection.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/brave.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/breaking-change-checker.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/ci-coach.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/cli-consistency-checker.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/code-scanning-fixer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/code-simplifier.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/constraint-solving-potd.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/contribution-check.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/copilot-cli-deep-research.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/copilot-pr-merged-report.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/copilot-pr-nlp-analysis.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/copilot-pr-prompt-analysis.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/copilot-token-audit.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/copilot-token-optimizer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/craft.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-architecture-diagram.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-assign-issue-to-user.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-cli-performance.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-cli-tools-tester.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-firewall-report.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-integrity-analysis.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-issues-report.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-malicious-code-scan.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-news.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-performance-summary.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-regulatory.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-repo-chronicle.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-secrets-analysis.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-semgrep-scan.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-team-status.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/daily-workflow-updater.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/dead-code-remover.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/delight.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/dependabot-burner.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/dependabot-go-checker.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/dev-hawk.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/dev.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/dictation-prompt.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/discussion-task-miner.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/docs-noob-tester.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/draft-pr-cleanup.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/firewall-escape.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/functional-pragmatist.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/github-remote-mcp-auth-test.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/glossary-maintainer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/gpclean.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/issue-monster.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/issue-triage-agent.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/jsweep.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/mcp-inspector.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/notion-issue-summary.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/org-health-report.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/pdf-summary.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/plan.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/poem-bot.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/portfolio-analyst.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/pr-nitpick-reviewer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/pr-triage-agent.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/python-data-charts.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/q.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/refactoring-cadence.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/refiner.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/release.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/repo-audit-analyzer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/repo-tree-map.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/repository-quality-improver.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/research.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/security-compliance.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/security-review.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-copilot-arm.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-copilot.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation (and keeps detection job free of the flag).
.github/workflows/smoke-create-cross-repo-pr.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-project.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-service-ports.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-temporary-id.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-test-tools.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-update-cross-repo-pr.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-workflow-call-with-inputs.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/smoke-workflow-call.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/stale-repo-identifier.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/sub-issue-closer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/super-linter.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/technical-doc-writer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/terminal-stylist.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/test-dispatcher.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/test-project-url-default.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/test-quality-sentinel.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/tidy.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/update-astro.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/video-analyzer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/weekly-blog-post-writer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/weekly-editors-health-check.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/weekly-issue-summary.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/workflow-generator.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/workflow-health-manager.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/workflow-normalizer.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.
.github/workflows/workflow-skill-extractor.lock.yml	Regenerated lock file to include --no-ask-user in the Copilot agent invocation.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 122/122 changed files
• Comments generated: 0

[github-actions]

🧪 Test Quality Sentinel Report

Test Quality Score: 90/100

✅ Excellent test quality

Metric	Value
New/modified tests analyzed	3
✅ Design tests (behavioral contracts)	3 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	3 (100%)
Duplicate test clusters	0
Test inflation detected	✅ YES — 167 test lines added vs 40 production lines (ratio 4.2:1)
🚨 Coding-guideline violations	None

---

Test Classification Details

All 3 tests analyzed

Test	File	Classification	Issues Detected
TestCopilotEngineExecutionSteps (modified)	pkg/workflow/copilot_engine_test.go:162	✅ Design	None — adds negative assertion verifying --no-ask-user absent in detection job output
TestCopilotEngineNoAskUser	pkg/workflow/copilot_engine_test.go:1540	✅ Design	Minor — test inflation (see below)
TestCopilotSupportsNoAskUser	pkg/workflow/copilot_engine_test.go:~1630	✅ Design	None

---

Flagged Tests — Requires Review

⚠️ Test Inflation — pkg/workflow/copilot_engine_test.go

Issue: 167 lines added to the test file vs. 40 lines added to copilot_engine_execution.go (ratio ≈ 4.2:1, threshold is 2:1).

Is this a real problem? In this case, no — the high ratio is a natural consequence of thorough table-driven testing. Two new table-driven tests (TestCopilotEngineNoAskUser with 8 cases and TestCopilotSupportsNoAskUser with 10 cases) cover a relatively small production change (a new helper function + a version-gated flag). The verbosity is appropriate and valuable.

Recommended action: No change needed. The inflation is expected for well-structured table-driven tests covering boundary values and edge cases. The 10-point deduction to the score is a mechanical artefact of the ratio rule, not a real quality issue.

---

Language Support

Tests analyzed:

• 🐹 Go (*_test.go): 3 test functions — unit (//go:build !integration)
• 🟨 JavaScript (*.test.cjs, *.test.js): 0 tests

---

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%). All three new/modified tests verify observable behavioral contracts — the presence/absence of the --no-ask-user flag in compiled engine output based on version and job type. The tests cover positive cases, negative cases, boundary versions (1.0.18 vs 1.0.19), v-prefix normalization, case-insensitive "latest", nil config defaults, and non-semver branch names.

---

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

🧪 Test quality analysis by Test Quality Sentinel · ● 670K · ◷

[github-actions]

✅ Test Quality Sentinel: 90/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). All tests verify real behavioral contracts with strong boundary and edge-case coverage.

[github-actions]

Commit pushed: 01bbe65

🏗️ ADR gate enforced by Design Decision Gate 🏗️

[github-actions]

🏗️ Design Decision Gate — ADR Required

This PR makes significant changes to core business logic (212 new lines in pkg/, exceeding the 100-line threshold) but does not have a linked Architecture Decision Record (ADR).

AI has analyzed the PR diff and generated a draft ADR to help you get started:

📄 Draft ADR: docs/adr/0001-version-gated-no-ask-user-flag-for-autonomous-copilot-runs.md

The draft captures the core design decision: using a version-gate helper (copilotSupportsNoAskUser) to conditionally emit --no-ask-user for agent jobs only when the configured Copilot CLI version ≥ 1.0.19, following the established awfSupportsExcludeEnv/awfSupportsCliProxy pattern.

What to do next

1. Review the draft ADR committed to your branch — it was generated from the PR diff
2. Complete any missing sections — fill in [TODO: verify] items, refine the decision rationale, and confirm the alternatives listed match what was actually considered
3. Reference the ADR in this PR body by adding a line such as:

   ADR: ADR-0001: Version-Gated --no-ask-user Flag for Autonomous Copilot Agent Runs

Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision.

Why ADRs Matter

"AI made me procrastinate on key design decisions. Because refactoring was cheap, I could always say 'I'll deal with this later.' Deferring decisions corroded my ability to think clearly."

ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you.

---

📋 Michael Nygard ADR Format Reference

An ADR must contain these four sections to be considered complete:

• Context — What is the problem? What forces are at play?
• Decision — What did you decide? Why?
• Alternatives Considered — What else could have been done?
• Consequences — What are the trade-offs (positive and negative)?

All ADRs are stored in docs/adr/ as numbered Markdown files (e.g., 0001-use-postgresql.md).

🔒 This PR has been marked as requesting changes. It cannot merge until an ADR is linked in the PR body.

🏗️ ADR gate enforced by Design Decision Gate 🏗️ · ● 153.6K · ◷

[github-actions]

This PR requires an Architecture Decision Record (ADR) before it can merge. The PR adds 212 new lines to pkg/ (core business logic) without a linked ADR documenting the design rationale.

A draft ADR has been generated and committed to your branch at docs/adr/0001-version-gated-no-ask-user-flag-for-autonomous-copilot-runs.md. Please review, complete, and link it in the PR body. See the comment above for instructions.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -embedcfg /tmp/go-build2362777901/b063/embedcfg -pack (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw util (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot merge main, recompile

[Copilot]

@copilot merge main, recompile

Merged main and recompiled all 187 lock files in b408d96.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha 07a9d4d84ff7a3b (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha submodules | head -n 10 (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
• https://api.github.com/repos/docker/build-push-action/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha (http block)
• https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq .object.sha (http block)
• https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq .object.sha k/_temp/runtime--f (http block)
  • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)