63 lines (+ 2 more)

79 lines

90 lines (+ 18 more)

295 lines

77 lines (+ 4 more)

145 lines

136 lines (+ 8 more)

94 lines

90 lines (+ 3 more)

295 lines

306 lines","is_error":false}]},"parent_tool_use_id":"toolu_01P489p8Q6xRbTjvcjLN1k43","session_id":"de028404-b77c-4b55-97a4-a3bdc4dfec78","uuid":"147cc989-e64d-4052-ac0a-16d6d67faa7f","timestamp":"2026-04-12T21:29:22.597Z"}

50 lines","is_error":false}]},"parent_tool_use_id":"toolu_01P489p8Q6xRbTjvcjLN1k43","session_id":"de028404-b77c-4b55-97a4-a3bdc4dfec78","uuid":"f2a4a066-7d8d-4c80-93e3-99a8d8bb4b83","timestamp":"2026-04-12T21:29:16.137Z"}

349 lines","is_error":false}]},"parent_tool_use_id":"toolu_01P489p8Q6xRbTjvcjLN1k43","session_id":"de028404-b77c-4b55-97a4-a3bdc4dfec78","uuid":"32d8c9a3-f42e-4579-b1d8-eefbff7f7254","timestamp":"2026-04-12T21:29:14.671Z"}

284 lines","is_error":false}]},"parent_tool_use_id":"toolu_01P489p8Q6xRbTjvcjLN1k43","session_id":"de028404-b77c-4b55-97a4-a3bdc4dfec78","uuid":"2b156a82-0b87-4fc5-94b5-984ed5d018b6","timestamp":"2026-04-12T21:29:12.776Z"}

JavaScript runtime mode compatibility\n27\t//\n28\t// # Pass-Through Field Validation\n29\t//\n30\t// Several workflow frontmatter fields are \"pass-through\" fields - they are extracted\n31\t// from frontmatter and passed directly to GitHub Actions without modification:\n32\t// - concurrency: Workflow concurrency control\n33\t// - container: Container configuration for jobs\n34\t// - environment: GitHub environment configuration\n35\t// - env: Environment variables\n36\t// - runs-on: Runner selection\n37\t// - services: Service containers\n38\t//\n39\t// These fields ARE validated during frontmatter parsing using JSON Schema validation\n40\t// (see pkg/parser/schemas/main_workflow_schema.json). The schema catches:\n41\t// - Invalid data types (e.g., array when object expected)\n42\t// - Missing required properties (e.g., container missing 'image')\n43\t// - Invalid additional properties (e.g., unknown fields in concurrency)\n44\t// - Structure violations (e.g., runs-on as number instead of string/array/object)\n45\t//\n46\t// Schema validation happens in pkg/parser/schema_validation.go during frontmatter\n47\t// parsing, so errors are caught at compile time rather than GitHub Actions runtime.\n48\t// See pkg/parser/schema_passthrough_validation_test.go for comprehensive test coverage.\n49\t//\n50\t// # When to Add New Validation\n51\t//\n52\t// Add validation to existing domain files when:\n53\t// - It fits the domain (e.g., package validation → pip_validation.go)\n54\t// - It extends existing functionality\n55\t//\n56\t// Create a new validation file when:\n57\t// - It represents a distinct validation domain\n58\t// - It has multiple related validation functions\n59\t// - It requires its own caching or state management\n60\t//\n61\t// # Validation Patterns\n62\t//\n63\t// The validation system uses several patterns:\n64\t// - Schema validation: JSON schema validation with caching\n65\t// - External resource validation: Docker images, npm/pip packages\n66\t// - Size limit validation: Expression sizes, file sizes\n67\t// - Feature detection: Repository capabilities\n68\t// - Security validation: Permission restrictions, expression safety\n69\t\n70\tpackage workflow\n71\t"}]},"parent_tool_use_id":"toolu_01HtersepE3uSZf5V4UZQdix","session_id":"de028404-b77c-4b55-97a4-a3bdc4dfec78","uuid":"b7028562-ca8e-48da-a5b4-6bd4082a3b32","timestamp":"2026-04-12T21:25:45.196Z"}

Main workflow orchestration and YAML generation\n//\n// The orchestrator follows a phased approach with typed result structures\n// for clear data flow between compilation stages. Each module handles a specific\n// concern in the compilation pipeline, making the codebase easier to understand\n// and maintain.\npackage workflow\n\nimport (\n\t\"github.com/github/gh-aw/pkg/logger\"\n)\n\n// Shared logger used across compiler orchestrator modules\nvar detectionLog = logger.New(\"workflow:detection\")\n","numLines":23,"startLine":1,"totalLines":23}}}

JavaScript runtime mode compatibility\n//\n// # Pass-Through Field Validation\n//\n// Several workflow frontmatter fields are \"pass-through\" fields - they are extracted\n// from frontmatter and passed directly to GitHub Actions without modification:\n// - concurrency: Workflow concurrency control\n// - container: Container configuration for jobs\n// - environment: GitHub environment configuration\n// - env: Environment variables\n// - runs-on: Runner selection\n// - services: Service containers\n//\n// These fields ARE validated during frontmatter parsing using JSON Schema validation\n// (see pkg/parser/schemas/main_workflow_schema.json). The schema catches:\n// - Invalid data types (e.g., array when object expected)\n// - Missing required properties (e.g., container missing 'image')\n// - Invalid additional properties (e.g., unknown fields in concurrency)\n// - Structure violations (e.g., runs-on as number instead of string/array/object)\n//\n// Schema validation happens in pkg/parser/schema_validation.go during frontmatter\n// parsing, so errors are caught at compile time rather than GitHub Actions runtime.\n// See pkg/parser/schema_passthrough_validation_test.go for comprehensive test coverage.\n//\n// # When to Add New Validation\n//\n// Add validation to existing domain files when:\n// - It fits the domain (e.g., package validation → pip_validation.go)\n// - It extends existing functionality\n//\n// Create a new validation file when:\n// - It represents a distinct validation domain\n// - It has multiple related validation functions\n// - It requires its own caching or state management\n//\n// # Validation Patterns\n//\n// The validation system uses several patterns:\n// - Schema validation: JSON schema validation with caching\n// - External resource validation: Docker images, npm/pip packages\n// - Size limit validation: Expression sizes, file sizes\n// - Feature detection: Repository capabilities\n// - Security validation: Permission restrictions, expression safety\n\npackage workflow\n","numLines":71,"startLine":1,"totalLines":71}}}

Main execution logic (RunWorkflowOnGitHub, RunWorkflowsOnGitHub)\n//\n// Public API functions are now in their respective modules:\n// - IsRunnable (run_workflow_validation.go)\n// - RunWorkflowOnGitHub (run_workflow_execution.go)\n// - RunWorkflowsOnGitHub (run_workflow_execution.go)\n","numLines":13,"startLine":1,"totalLines":13}}}

Main orchestration (CompileWorkflows function)\n","numLines":10,"startLine":1,"totalLines":10}}}

Topological ordering\npackage parser\n\nimport \"github.com/github/gh-aw/pkg/logger\"\n\nvar importLog = logger.New(\"parser:import_processor\")\n\n// ImportsResult holds the result of processing imports from frontmatter\ntype ImportsResult struct {\n\tMergedTools string // Merged tools configuration from all imports\n\tMergedMCPServers string // Merged mcp-servers configuration from all imports\n\tMergedEngines []string // Merged engine configurations from all imports\n\tMergedSafeOutputs []string // Merged safe-outputs configurations from all imports\n\tMergedMCPScripts []string // Merged mcp-scripts configurations from all imports\n\tMergedMarkdown string // Only contains imports WITH inputs (for compile-time substitution)\n\tImportPaths []string // List of import file paths for runtime-import macro generation (replaces MergedMarkdown)\n\tMergedSteps string // Merged steps configuration from all imports (excluding copilot-setup-steps)\n\tCopilotSetupSteps string // Steps from copilot-setup-steps.yml (inserted at start)\n\tMergedPreSteps string // Merged pre-steps configuration from all imports (prepended in order)\n\tMergedRuntimes string // Merged runtimes configuration from all imports\n\tMergedRunInstallScripts bool // true if any imported workflow sets run-install-scripts: true (global or node-level)\n\tMergedServices string // Merged services configuration from all imports\n\tMergedNetwork string // Merged network configuration from all imports\n\tMergedPermissions string // Merged permissions configuration from all imports\n\tMergedSecretMasking string // Merged secret-masking steps from all imports\n\tMergedBots []string // Merged bots list from all imports (union of bot names)\n\tMergedSkipRoles []string // Merged skip-roles list from all imports (union of role names)\n\tMergedSkipBots []string // Merged skip-bots list from all imports (union of usernames)\n\tMergedActivationGitHubToken string // GitHub token from on.github-token in first imported workflow that defines it\n\tMergedActivationGitHubApp string // JSON-encoded on.github-app from first imported workflow that defines it\n\tMergedTopLevelGitHubApp string // JSON-encoded top-level github-app from first imported workflow that defines it\n\tMergedPostSteps string // Merged post-steps configuration from all imports (appended in order)\n\tMergedLabels []string // Merged labels from all imports (union of label names)\n\tMergedCaches []string // Merged cache configurations from all imports (appended in order)\n\tMergedJobs string // Merged jobs from imported YAML workflows (JSON format)\n\tMergedFeatures []map[string]any // Merged features configuration from all imports (parsed YAML structures)\n\tMergedObservability string // Observability config (JSON) from first import that defines it (first-wins)\n\tImportedFiles []string // List of imported file paths (for manifest)\n\tAgentFile string // Path to custom agent file (if imported)\n\tAgentImportSpec string // Original import specification for agent file (e.g., \"owner/repo/path@ref\")\n\tRepositoryImports []string // List of repository imports (format: \"owner/repo@ref\") for .github folder merging\n\t// ImportInputs uses map[string]any because input values can be different types (string, number, boolean).\n\t// This is parsed from YAML frontmatter where the structure is dynamic and not known at compile time.\n\t// This is an appropriate use of 'any' for

Failed to process file /tmp/gh-aw/mcp-logs/mcp-gateway.log: EACCES: permission denied, open '/tmp/gh-aw/mcp-logs/mcp-gateway.log'

GitHub MCP guard policy automatically applied for public repository. min-integrity='approved' and repos='all' ensure only approved-integrity content is accessible.

MCP Scripts Server Startup Log