feat: support uses/with import syntax, import-schema validation, deprecate tools.serena, migrate workflows to serena-go.md, and enforce single-import constraint

[Copilot]

Imports currently only accept a string path or {path, inputs} object. This adds a uses/with form (mirroring GitHub Actions reusable workflow syntax), a top-level import-schema field for declaring and validating those inputs, and new expressions for accessing them.

New syntax

# Shared workflow (shared/worker.md)
---
import-schema:
  region:
    type: string
    required: true
  environment:
    type: choice
    options: [staging, production]
    required: true
  count:
    type: number
    default: 10
  languages:
    type: array
    items:
      type: string
    required: true
  config:
    type: object
    description: Configuration object
    properties:
      apiKey:
        type: string
        required: true
      timeout:
        type: number
        default: 30
---
Deploy ${{ github.aw.import-inputs.count }} items to ${{ github.aw.import-inputs.region }}.
API key: ${{ github.aw.import-inputs.config.apiKey }}.
Languages: ${{ github.aw.import-inputs.languages }}.

# Importing workflow
imports:
  - uses: shared/worker.md
    with:
      region: us-east-1
      environment: staging
      count: 5
      languages: ["go", "typescript"]
      config:
        apiKey: my-secret-key
        timeout: 60

New: Parameterized Serena shared workflows

shared/mcp/serena.md uses import-schema to accept a languages array and configures a complete explicit Serena MCP server (container, args, entrypoint, entrypointArgs, and workspace mount) — without relying on any tools.serena shorthand:

# Any workflow
imports:
  - uses: shared/mcp/serena.md
    with:
      languages: ["go", "typescript"]

shared/mcp/serena-go.md is a Go-specific convenience wrapper that imports serena.md pre-configured for Go:

# Any Go workflow
imports:
  - shared/mcp/serena-go.md

Deprecation: tools.serena

tools.serena is now deprecated in favour of mcp-servers.serena via the shared/mcp/serena.md shared workflow. Compiling any workflow that uses tools.serena emits a deprecation warning:

⚠ 'tools.serena' is deprecated. Use 'mcp-servers.serena' with the shared/mcp/serena.md workflow instead:
  imports:
    - uses: shared/mcp/serena.md
      with:
        languages: ["go", "typescript"]

Existing workflows continue to compile without errors (backward compatible). The deprecation warning only fires when tools.serena is explicitly set in the workflow frontmatter — it no longer fires incorrectly when mcp-servers.serena is used via the recommended import path.

Single-import constraint with with conflict detection

A workflow file can now only be imported once per import graph. If the same file appears more than once, the with values must be identical — conflicting values produce a compile-time error:

import conflict: 'shared/worker.md' is imported more than once with different 'with' values.
An imported workflow can only be imported once per workflow.
  Previous 'with': {"region":"us-east-1"}
  New 'with':      {"region":"eu-west-1"}

Identical with values (including both empty) continue to be silently deduplicated. The check applies to both direct imports and transitively discovered nested imports.

Migrated workflows

All agentic workflows that previously used tools.serena directly have been migrated:

• smoke-copilot.md, smoke-copilot-arm.md, smoke-claude.md, smoke-codex.md — now import shared/mcp/serena-go.md
• jsweep.md — now uses imports: - uses: shared/mcp/serena.md with: languages: ["typescript"]
• daily-mcp-concurrency-analysis.md — now uses imports: - uses: shared/mcp/serena.md with: languages: ["go", "typescript"]

Changes

• pkg/parser/import_bfs.go — parseImportSpecsFromArray now accepts uses as alias for path and with as alias for inputs; BFS nested import discovery now handles uses/with map syntax (previously only plain strings), enabling chains like serena-go.md → serena.md to correctly propagate mcp-servers and tools to the parent workflow; adds visitedInputs map and checkImportInputsConsistency/importInputsEqual/formatImportInputs helpers to enforce the single-import constraint
• pkg/parser/import_conflict_test.go — four tests covering: conflicting with values (error), identical with values (ok), no-with deduplication (ok), and transitive nested conflict (error)
• pkg/parser/import_field_extractor.go — validates with values against the imported workflow's import-schema: required fields, unknown keys, type matching (string, number, boolean, choice, object, array), choice membership, object sub-property validation, and per-element array item type validation; adds substituteImportInputsInContent to apply expression substitution to raw imported file content (including YAML frontmatter) before parsing
• pkg/parser/include_processor.go — adds import-schema to the allowed fields list for shared workflow frontmatter; suppresses schema validation warnings for shared files containing unsubstituted ${{ }} expressions in both tools and mcp-servers fields (resolved at import time)
• pkg/parser/schemas/main_workflow_schema.json — adds import-schema top-level property supporting scalar, object, and array types; extends import item oneOf with uses/with object form; allows object and array values in with; marks tools.serena as deprecated: true with x-deprecation-message
• pkg/workflow/frontmatter_types.go — adds ImportSchema map[string]any field to FrontmatterConfig
• pkg/workflow/expression_patterns.go — adds AWImportInputsPattern / AWImportInputsExpressionPattern for github.aw.import-inputs.* and dotted paths (github.aw.import-inputs.<key>.<subkey>)
• pkg/workflow/expression_extraction.go — SubstituteImportInputs handles github.aw.inputs.* (legacy), github.aw.import-inputs.<key> (scalar/array), and github.aw.import-inputs.<key>.<subkey> (object sub-field); adds resolveImportInputPath for dotted-path lookup; arrays and maps serialize as JSON (valid YAML inline syntax) via marshalImportInputValue
• pkg/workflow/expression_safety_validation.go — permits github.aw.import-inputs.* and dotted forms through expression safety checks
• pkg/workflow/tools_parser.go — removes the tools.serena deprecation warning from NewTools (was firing incorrectly for mcp-servers.serena usage)
• pkg/workflow/compiler_orchestrator_tools.go — emits the tools.serena deprecation warning only when tools.serena is explicitly set in the frontmatter tools: section, before any mcp-servers merging
• pkg/workflow/mcp_renderer.go and pkg/workflow/codex_mcp.go — case "serena": now routes to the generic custom MCP renderer when an explicit container: config is present, instead of always using the hardcoded serena-specific renderer
• pkg/workflow/docker.go — Docker image collection reads the explicit container: value from the serena config map first, falling back to language-based selection for legacy tools.serena usage
• pkg/workflow/serena_go_import_test.go — adds TestImportSerenaGoMD (end-to-end main.md → serena-go.md → serena.md chain verifying Serena MCP container config, entrypoint args, and docker download step) and TestImportSerenaWithLanguagesMD (direct serena.md import with multiple languages)
• .github/workflows/shared/mcp/serena.md — parameterized shared workflow using import-schema with languages: {type: array} that configures a complete explicit Serena MCP server (container, args, entrypoint, entrypointArgs, mounts) via mcp-servers
• .github/workflows/shared/mcp/serena-go.md — Go-specific convenience wrapper that imports serena.md with languages: ["go"]

Backward compatibility is preserved: imports without import-schema accept any with/inputs values unchanged; workflows using tools.serena continue to compile with a deprecation warning.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

---

---

✨ PR Review Safe Output Test - Run 23673763387

💥 [THE END] — Illustrated by Smoke Claude · ◷

---

Changeset

• Type: patch
• Description: Adds support for uses/with import syntax with import-schema input validation and github.aw.import-inputs.* expressions, and deprecates tools.serena in favor of shared Serena workflows backed by mcp-servers.serena.

Generated by Changeset Generator for issue #23192 · ◷

---

---

✨ PR Review Safe Output Test - Run 23684090954

💥 [THE END] — Illustrated by Smoke Claude · ◷

[pelikhan]

@copilot allow one level deep object definitions in import-schema

It should be enough to recreate the qmd configuration data

[Copilot]

@copilot allow one level deep object definitions in import-schema

It should be enough to recreate the qmd configuration data

Done in 8714dad. import-schema now supports type: object with a one-level deep properties map:

import-schema:
  config:
    type: object
    properties:
      apiKey:
        type: string
        required: true
      timeout:
        type: number
        default: 30

Sub-fields are validated (unknown keys, required checks, scalar type matching) and accessible via ${{ github.aw.import-inputs.config.apiKey }} expressions in the shared workflow prompt.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha 0 -j ACCEPT (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot create a shared agentic workflow that uses import-schema and inputs to reimplement the "serena" tool support.

• add support for array of string as import input simple type
• takes the list of languages to add
• configures the MCP and the runtimes based on the languages selected

[Copilot]

@copilot create a shared agentic workflow that uses import-schema and inputs to reimplement the "serena" tool support.

• add support for array of string as import input simple type...

Done in 242029a. Here's what was added:

type: array support in import-schema:

import-schema:
  languages:
    type: array
    items:
      type: string
    required: true

Array items are validated element-by-element. Arrays serialize as JSON (["go","typescript"]) when substituted into raw YAML frontmatter, producing valid inline YAML.

Frontmatter expression substitution:
${{ github.aw.import-inputs.* }} expressions are now applied to the imported workflow's raw content (including YAML frontmatter) before parsing. This allows fields like tools.serena and runtimes to be driven by import inputs.

New shared/mcp/serena.md:

# Importing workflow
imports:
  - uses: shared/mcp/serena.md
    with:
      languages: ["go", "typescript"]

The shared workflow declares languages via import-schema, sets tools: serena: ${{ github.aw.import-inputs.languages }}, and provides the standard Serena instructions in its markdown body. Adding runtimes to the shared workflow for node/python can be done the same way once you decide on the desired runtime mapping.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go git rev-�� --show-toplevel /bin/sh /usr/bin/git cd actions/setupgit GOPROXY 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ache/go/1.25.0/x64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x64/bin/go git (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ache/go/1.25.0/x64/bin/go git rev-�� /v0.47.4 go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x64/bin/go git (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /usr/bin/git GOINSECURE GOMOD GOMODCACHE git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha ck 'scripts/**/*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/blog-auditor.md GOPROXY /usr/bin/git GOSUMDB GOWORK 64/bin/go git rev-�� --show-toplevel go /usr/bin/git ays.md GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha .repository }}, Run: ${{ github.run_id }} sh /usr/bin/git "prettier" --chegit go 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha sistency_GoAndJavaScript2778968398/001/test-empty-frontmatter.md GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha sistency_GoAndJavaScript2778968398/001/test-simple-frontmatter.md GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x64/bin/go git rev-�� --show-toplevel go /usr/bin/git TH="$(find "/tmpgit GO111MODULE /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility install --package-lock-only /usr/bin/git bility_SameInput/usr/bin/gh GO111MODULE /opt/hostedtoolcgraphql git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE /opt/pipx_bin/bainspect git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 0/x64/bin/node git rev-�� --show-toplevel go /usr/bin/gh ithub/workflows//usr/bin/gh GO111MODULE /opt/hostedtoolcgraphql gh (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha -json GO111MODULE ache/node/24.14.0/x64/bin/node GOINSECURE GOMOD GOMODCACHE go t-28�� bility_SameInputSameOutput3897917875/001/stability-test.md GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 0/x64/bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel go /usr/bin/git with-tools.md GO111MODULE 64/bin/go git rev-�� --show-toplevel ache/go/1.25.0/xGO111MODULE /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go k/gh�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE nfig/composer/ve/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git rev-�� --show-toplevel go /home/REDACTED/.local/bin/node -json GO111MODULE 0/x64/bin/node node (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go k/gh�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot reimplement the Serena tool functionality in the Serena.md workflows WITHOUT using tools.serena

[Copilot]

@copilot reimplement the Serena tool functionality in the Serena.md workflows WITHOUT using tools.serena

Done in 788997c. shared/mcp/serena.md now uses mcp-servers.serena instead of tools.serena:

mcp-servers:
  serena: ${{ github.aw.import-inputs.languages }}

After expression substitution (e.g., languages: ["go", "typescript"]), the mcp-servers.serena value is merged into the tools map and compiled identically to the equivalent tools.serena: ["go", "typescript"] — producing the same container, entrypoint, and MCP gateway configuration. The source file no longer contains tools.serena.

I also fixed the schema validation to suppress mcp-servers warnings (same as tools) when the shared file contains unsubstituted ${{ }} expressions that are resolved at import time.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw k/gh-aw/gh-aw/pk/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/pre�� k/gh-aw/gh-aw/pk--write x_amd64/vet k/gh�� ath ../../../.pr**/*.json k/gh-aw/gh-aw/pk--ignore-path x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw k/gh-aw/gh-aw/pk-c k/gh-aw/gh-aw/pknpx prettier --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path x_amd64/vet /pre�� k/gh-aw/gh-aw/pkg/cli/workflows/-errorsas k/gh-aw/gh-aw/pkg/cli/workflows/-ifaceassert x_amd64/vet k/gh-aw/gh-aw/pkgit k/gh-aw/gh-aw/pkconfig k/gh-aw/gh-aw/pk--get x_amd64/vet (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha npx prettier --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ache/go/1.25.0/xconfig /usr/bin/git se 8479175/b033/vetrev-parse r: $owner, name:--show-toplevel git -c log.showsignature=false log /usr/bin/git -n1 --format=format:rev-parse 242029a22e26 git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha xterm-color x_amd64/vet k/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/sh nore 04e97293 x_amd64/vet git -C te '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore config k/gh-aw/gh-aw/node_modules/.bin/sh remote.origin.urgit (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha ithub/workflows /tmp/go-build3358479175/b043/vet.cfg repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } example-blocked-/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile user.name bin/bash /opt/hostedtoolc-trimpath k/gh�� js/**/*.json' ---p -buildtags repository(owne-lang=go1.25 -errorsas -ifaceassert erignore /opt/hostedtoolc-goversion (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript4246386549/001/test-complex-frontmatter-with-tools.md ache/go/1.25.0/x64/pkg/tool/linu-f ache/node/24.14.0/x64/bin/node */*.json' '!../.git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel node /usr/bin/git k/gh-aw/gh-aw/.ggit **/*.cjs 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/asm /usr/bin/git k/gh-aw/gh-aw/.ggit --write /usr/bin/gh git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha run format:cjs /node_modules/.bin/sh ./../pkg/workflogit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json 64/pkg/tool/linux_amd64/vet /snap/bin/sh ./../pkg/workflogit .cfg $name) { has--show-toplevel sh -c "prettier" --write 'scripts/**/*.js' --ignore-path .prettierignore --log-level=error 64/pkg/tool/linurev-parse /home/REDACTED/node_modules/.bin/node tierignore -data-downloaderrev-parse de_modules/.bin/--show-toplevel node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha .repository }}, Run: ${{ github.run_id }} bash /usr/bin/git ty-test.md -tests _modules/.bin/sh--show-toplevel git rev-�� --show-toplevel node /usr/bin/git ../pkg/workflow/git **/*.cjs (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha t0 m0s /bin/sh -silent >/dev/nugit .cfg r: $owner, name:--show-toplevel /bin/sh -c npx prettier --write 'scripts/**/*.js' --ignore-path .prettierignore --log-level=error 2>&1 64/pkg/tool/linux_amd64/vet /home/REDACTED/go/bin/sh ettierignore l r: $owner, name:--show-toplevel sh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json 64/pkg/tool/linurev-parse /opt/hostedtoolcache/go/1.25.0/x64/bin/sh ./../pkg/workflogit .cfg 64/pkg/tool/linu--show-toplevel sh -c "prettier" --write 'scripts/**/*.js' --ignore-path .prettierignore --log-level=error 64/pkg/tool/linuconfig /home/REDACTED/work/gh-aw/gh-aw/node_modules/.bin/node tierignore (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha sistency_GoAndJavaScript4246386549/001/test-simple-frontmatter.md 64/pkg/tool/linuconfig /opt/pipx_bin/sh ./../pkg/workflogit (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json 64/pkg/tool/linurev-parse /home/REDACTED/.local/bin/sh ./../pkg/workflogit (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha sistency_GoAndJavaScript4246386549/001/test-empty-frontmatter.md 64/pkg/tool/linurev-parse ache/node/24.14.0/x64/bin/node ./../pkg/workflogit .cfg 64/pkg/tool/linu--show-toplevel sh t-12�� bility_SameInputSameOutput2900646373/001/stability-test.md 64/pkg/tool/linuconfig /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/node rt (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse tions/setup/js/node_modules/.bin/sh --noprofile (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel /usr/bin/gh /usr/bin/git graphql -f k/_temp/ghcca-node/node/bin/sh git rev-�� --show-toplevel git e te '../../../**/git rev-parse /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows gh (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility install --package-lock-only /usr/bin/git **/*.cjs **/*.ts /home/REDACTED/.lographql git rev-�� --show-toplevel node /usr/bin/git prettier --write ache/node/24.14.inspect git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha ath ../../../.pr**/*.json (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha --show-toplevel git /usr/bin/git te 'scripts/**/*node rev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh te '../../../**//usr/bin/gh rev-parse /opt/hostedtoolcgraphql gh (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha -w actions/setup/js/node_modules/flatted/golang/pkg/flatted/flatted.go /home/REDACTED/.local/bin/node cmd/gh-aw/capitagit cmd/gh-aw/commanrev-parse cmd/gh-aw/format--show-toplevel node /opt�� prettier --write /snap/bin/sh --ignore-path .prettierignore --log-level=erro--show-toplevel sh (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha k/gh-aw/gh-aw/.github/workflows bash 86_64/sh l (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha /tmp/TestHashStability_SameInputSameOutput2900646373/001/stability-test.md ache/go/1.25.0/x**/*.cjs /usr/bin/git ath ../../../.prgit 8479175/b074/vetrev-parse son git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linurev-parse /opt/hostedtoolcache/node/24.14.0/x64/bin/node re --log-level=esed /tmp/go-build335s/-\{2,\}/-/g repository(owner: $owner, name:--show-toplevel node (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha */*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path 8479175/b260/vet.cfg 8479175/b001/workflow.test -nxv --local 0/x64/bin/bash 8479175/b001/workflow.test e=/t�� h ../../../.prettierignore m0s k/gh-aw/node_modules/.bin/sh nore credential.usern/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier 86_64/bash /opt/hostedtoolc../../../**/*.json (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel docker $name) { hasDiscussionsEnabled } } inspect mcp/fetch nfig/composer/ve/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link /home/REDACTED/.local/bin/node /tmp/go-build155/usr/bin/gh -importcfg /home/REDACTED/worgraphql node (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha */*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path git modules/@npmcli/run-script/lib/node-gyp-bin/sh get --local ache/go/1.25.0/x"prettier" --write 'scripts/**/*.js' --ignore-path .prettierignore --log-level=error /opt/hostedtoolcache/go/1.25.0/xconfig -V=f�� h ../../../.prettierignore ('stdio_mcp_tool:') print(json.dumps(stdio, ind repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } nore credential.usern/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier 0/x64/bin/bash /opt/hostedtoolc../../../**/*.json (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot mark tools.serena as deprecated

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --local /home/REDACTED/.co--noprofile bash --no�� --noprofile git ache/go/1.25.0/x64/bin/bash (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --local k/_temp/uv-pytho--noprofile bash --no�� --noprofile git k/_temp/ghcca-node/node/bin/bash168.63.129.16 --local user.name indmnt bash (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --local ache/go/1.25.0/x--noprofile bash --no�� --noprofile git 86_64/bash --local user.name (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE /sh GOINSECURE GOMOD GOMODCACHE node /hom�� h ../../../.prettierignore **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti--write go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --noprofile bash ash --noprofile pkg/cli/codemod_-atomic ache/uv/0.11.2/x-bool bash --no�� --noprofile head /usr/bin/git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel go /usr/bin/git json' --ignore-pgit GO111MODULE 64/bin/go git rev-�� --show-toplevel iptables /usr/bin/git b/workflows security -d /usr/bin/git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/wc --show-toplevel go /usr/bin/git wc -l ../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git 64/bin/gofmt --get remote.origin.urrev-parse /usr/bin/git 64/bin/gofmt (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ithub/workflows/archie.md ache/go/1.25.0/xGO111MODULE 0/x64/bin/node rror b/gh-aw/pkg/strirev-parse 64/bin/go 0/x64/bin/node t-47�� bility_SameInputSameOutput1380993069/001/stability-test.md go /usr/bin/git -RLl/S64LTMlMEozgit GO111MODULE 64/bin/go 9338193/b440/importcfg (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE bin/sh GOINSECURE GOMOD GOMODCACHE go env *.json' '!../../../pkg/workflow/js/**/*.json' ---errorsas GO111MODULE p/bin/bash GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha list --json /usr/bin/git --workflow nonexistent-workrev-parse --limit git rev-�� --show-toplevel x_amd64/link /usr/bin/git -json GO111MODULE 86_64/node git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git te 'scripts/**/*git GO111MODULE k/gh-aw/gh-aw/ac--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json on (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git js/**/*.json' --git GO111MODULE 64/bin/go git rev-�� --show-toplevel go /opt/hostedtoolcache/node/24.14.0/x64/bin/node -json GO111MODULE 64/bin/go node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha ts.result go /opt/hostedtoolcache/node/24.14.0/x64/bin/node js/**/*.json' --git GO111MODULE 64/bin/go node /tmp�� /tmp/TestHashConsistency_KeyOrdering2624095961/001/test2.md go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a GO111MODULE p/bin/sh git rev-�� --show-toplevel go /usr/bin/git 0536-65567/test-git GO111MODULE k/gh-aw/gh-aw/ac--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 6Cd_/cPf7o5jZIThGOSUMDB GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 1858631/b438/imp--write -c k/gh-aw/gh-aw/pk--ignore-path k/gh-aw/gh-aw/pk.prettierignore 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/xGO111MODULE (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ath ../../../.pr**/*.json GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/xGO111MODULE er /tmp/go-build1621858631/b426/_pkGOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha k/gh-aw/gh-aw/pk--ignore-path k/gh-aw/gh-aw/pk.prettierignore 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/xGO111MODULE er /tmp/go-build1621858631/b424/_pkGOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript524737378/001/test-frontmatter-with-arrays.md go /usr/bin/git js/**/*.json' --git GO111MODULE 64/bin/go git chec�� .github/workflows/test.md go /usr/bin/git -json GO111MODULE odules/npm/node_--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/sed --show-toplevel go /usr/bin/git sed s/^-�� ../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/TestCompileErrorFormatting2044976428/001 config /usr/bin/git remote.origin.urgit GO111MODULE 64/bin/go git -C /tmp/gh-aw-test-runs/20260328-020536-65567/test-3440650178 rev-parse /usr/bin/git @{u} GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/sed --show-toplevel go /usr/bin/git sed s/-$�� ../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git /usr/bin/infocmp --show-toplevel go /usr/bin/git infocmp (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha prettier --write 0/x64/bin/node **/*.ts **/*.json --ignore-path node t-ha�� ithub/workflows/agent-performance-analyzer.md scripts/**/*.js /usr/bin/make .prettierignore --log-level=errorev-parse 64/bin/go make (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --noprofile git ache/uv/0.11.2/x86_64/bash --local committer.email (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --verify s/shared/mcp/context7.md k/_temp/ghcca-node/node/bin/bash s/shared/mcp/micbash s/shared/mcp/arx--norc s/shared/mcp/ser--noprofile s/shared/mcp/qmd.md s/sh�� s/shared/mcp/deepwiki.md s/shared/mcp/brave.md s/shared/mcp/azure.md s/shared/mcp/skigrep 3a2597fb s/shared/mcp/nottools\|serena s/shared/mcp/draactions/setup/sh/convert_gateway_config_copilot.sh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility INVALID,NEW -j DROP ion_resolver_tesbash ion_sha_checker.--norc ion_sha_checker_--noprofile ion_sha_checker_test.go ion_�� ivation_checkout_test.go ivation_github_token_test.go n-dir/bash (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha oolsToMCPToolOrder\|getMCPOrder git de/node/bin/bash --local gpg.program tion_test.go _test.go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript524737378/001/test-frontmatter-with-nested-objects.md go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha jpq_JbW5I GOPROXY 9338193/b070/_pkg_.a l GOWORK 64/bin/go ortcfg -c g/timeutil/format.go g/timeutil/format_test.go ache/go/1.25.0/x64/pkg/tool/linux_amd64/link ck 'scripts/**/*git GO111MODULE 64/bin/go ache/go/1.25.0/x64/pkg/tool/linux_amd64/link (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha KalLpCxFj --write /home/REDACTED/work/gh-aw/gh-aw/actions/setup/node_modules/.bin/sh l **/*.json --ignore-path sh ortc�� k/gh-aw/gh-aw/.github/workflows stmain.go ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet ck 'scripts/**/*git GO111MODULE 64/bin/go ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 0/x64/bin/sh GOINSECURE GOMOD GOMODCACHE go env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env '**/*.ts' '**/*.json' --ignore-premote.origin.url GO111MODULE 0/x64/bin/sh GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE de/node/bin/sh GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE _QUvJx9/eZ420Er5bfpaslI2Q9Xq env '**/*.ts' '**/*.json' --ignore-pgo1.25.0 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE ef/N6GE9dzJuLpfUe9tz4e_/ThKvzodBremote.origin.url (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env '**/*.ts' '**/*.json' --ignore-premote.origin.url GO111MODULE 8d519d9/node_modules/.bin/prettier GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GO111MODULE 64/bin/go go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 86_64/node GOINSECURE GOMOD GOMODCACHE 8A/RFr094xa-M6ehmK-ZS-f/-nXLG8d-CyxHzcGHNa9W (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git 172801306/.githused GO111MODULE ache/go/1.25.0/x64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_with_repos_array_c156114129/001 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha GOPATH=$(go env GOPATH); \ if coGOINSECURE go 64/bin/go -d GO111MODULE 64/bin/go go env js/**/*.json' ---s GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha GOMODCACHE go 64/bin/go tierignore GO111MODULE 64/bin/go go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json -f 64/bin/go -- unsafe 64/bin/go go env js/**/*.json' ---p GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json go 64/bin/go -json GO111MODULE 64/bin/go go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GOMOD 64/bin/go -d GO111MODULE 64/bin/go go env js/**/*.json' ---errorsas (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha .github/workflows/smoke-claude.md test.go $name) { hasDiscussionsEnabled } } _test.go oken_test.go k/_temp/uv-pytho-c bash --no�� --noprofile bash 86_64/bash .version=bdc2447git (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha command -v debia@{u} GOPROXY ache/go/1.25.0/x64/bin/go GOSUMDB GOWORK ode_modules/.bin--show-toplevel go env */*.ts' '**/*.json' --ignore-path ../../../.prettierignore GO111MODULE n-dir/node GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go 0/x6�� 272418628/.github/workflows GO111MODULE tions/setup/js/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� h ../../../.pret.prettierignore **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti--write go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� h ../../../.pret.prettierignore --check 64/bin/go --ignore-path .prettierignore 64/bin/go go (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build3149338193/b403/cli.test /tmp/go-build3149338193/b403/cli.test -test.testlogfile=/tmp/go-build3149338193/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE 1858631/b408/imp**/*.cjs -c ath ../../../.pr**/*.json GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/xGO111MODULE (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs /sh **/*.json --ignore-path ../../../.pretti--write go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

@copilot add integration test that ensure that if serena-go.md is imported, the serena MCP is enabled in the MCP config file

Done in 791101d. Added two tests in pkg/workflow/serena_go_import_test.go:

• TestImportSerenaGoMD — exercises the full chain main.md → serena-go.md (uses/with) → serena.md. Verifies the compiled lock file contains the "serena" MCP entry, the ghcr.io/github/serena-mcp-server:latest container, start-mcp-server entrypoint args, GITHUB_WORKSPACE mount, and the docker image download step.

• TestImportSerenaWithLanguagesMD — directly imports shared/mcp/serena.md with languages: ["go", "typescript"] and checks the same MCP config fields.

[pelikhan]

@copilot add check in importer that if it is imported more than once, the with values are matching. An imported script can only be imported once.

[Copilot]

@copilot add check in importer that if it is imported more than once, the with values are matching. An imported script can only be imported once.

Done in 70749d7.

pkg/parser/import_bfs.go now tracks with values for each visited path in a visitedInputs map[string]map[string]any. When a file is encountered again (either from the initial seed loop or from nested BFS expansion), checkImportInputsConsistency compares the previously-recorded inputs with the new ones using JSON-based deep equality. Differing values produce an error like:

import conflict: 'shared.md' is imported more than once with different 'with' values.
An imported workflow can only be imported once per workflow.
  Previous 'with': {"region":"us-east-1"}
  New 'with':      {"region":"eu-west-1"}

Identical with values (including both empty) are still silently deduplicated as before.

Four tests in pkg/parser/import_conflict_test.go cover: conflicting with (error), identical with (ok), no-with dedup (ok), and transitive nested conflict (error).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	v4.52.4
curl	✅	8.5.0
gh	✅	2.88.1
node	✅	v20.20.1
python3	✅	3.12.3
go	✅	go1.24.13
java	✅	openjdk 21.0.10
dotnet	✅	10.0.201

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test · ◷

[github-actions]

Smoke test results for run §23684090942:

Test	Status
GitHub MCP (last 2 merged PRs)	✅
MCP Scripts GH CLI	✅
Serena MCP	✅
Playwright (github.com)	✅
Web Fetch	✅
File Writing + Bash	✅
Discussion Interaction	✅
Build gh-aw	✅
Discussion Creation	✅
Workflow Dispatch	✅
PR Review	✅

Overall: ✅ PASS

@pelikhan

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions]

Smoke test review for PR #23192. Changeset and expression extraction changes look correct. The import-schema feature with uses/with syntax is well-implemented.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🔍 Smoke test review: New awImportInputsExprRegex looks good. The pattern correctly handles github.aw.import-inputs.<key> expressions for typed input validation in imported workflows.

[github-actions]

🔍 Smoke test review: Changeset correctly describes the uses/with import syntax addition and the deprecation of tools.serena. Clear and informative.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results — Run §23684090954

Core tests: ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅
PR review tests: ✅ ✅ ✅ ⚠️ ✅ ✅ ⚠️

#	Test
1	GitHub MCP	✅
2	GH CLI	✅
3	Serena (11 symbols)	✅
4	Make build	✅
5	Playwright	✅
6	Tavily search	✅
7-8	File write + bash	✅
9	Discussion comment	✅
10	AW MCP status	✅
11	Slack safe output	✅
12	Update PR	✅
13	Review comments	✅
14	Submit review	✅
15	Resolve thread	⚠️ skipped
16	Add reviewer	✅
17	Push to branch	✅
18	Close test PR	⚠️ skipped

Overall: PARTIAL (2 skipped, 0 failed)

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Good changeset description — clearly summarizes the import schema additions and the tools.serena deprecation in one concise entry.

[github-actions]

Adding shared/mcp/serena.md to the resolved imports list looks correct — this aligns with the migration from tools.serena to the new shared MCP server workflow.