Skip to content

feat: add api-proxy test coverage for Pi engine, use printf for models.json, and fix models.json baseUrl hostname (#pi-api-proxy)#30032

Merged
pelikhan merged 8 commits intomainfrom
copilot/review-api-proxy-provider-extension
May 4, 2026
Merged

feat: add api-proxy test coverage for Pi engine, use printf for models.json, and fix models.json baseUrl hostname (#pi-api-proxy)#30032
pelikhan merged 8 commits intomainfrom
copilot/review-api-proxy-provider-extension

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 4, 2026
edited
Loading

Summary

This PR adds test coverage confirming that the Pi engine correctly uses the AWF api-proxy sidecar to route LLM traffic through provider-specific gateway ports (Copilot, Anthropic, OpenAI/Codex). It also replaces the opaque base64-encoded models.json generation with a human-readable printf approach, and fixes a routing bug where the wrong hostname was used in models.json.

Changes

Build tag fixes

  • Added required //go:build !integration tags to enable_api_proxy_test.go and docker_api_proxy_test.go (mandatory per project conventions)

Production code changes (pi_engine.go)

  • Replaced echo <base64> | base64 -d > models.json with printf '%s\n' '<json>' > models.json, making the generated step content human-readable and auditable
  • Removed the now-unused encodeBase64 helper function and encoding/base64 import
  • Fixed models.json baseUrl: changed from http://host.docker.internal:{port} to http://api-proxy:{port}host.docker.internal resolves to the Docker host (runner machine), not the api-proxy sidecar container. Within the AWF Docker Compose network (awf-net), the api-proxy is only reachable via its service hostname api-proxy

Production code change (actions/setup/js/pi_provider.cjs)

  • Fixed resolveGatewayUrl() diagnostic function to use api-proxy hostname and the correct per-provider ports matching gh-aw-firewall (anthropic=10001, openai/codex=10000, copilot=10002, google=10003)

New test coverage

enable_api_proxy_test.go – Pi test case added to TestEngineAWFEnableApiProxy:

  • Verifies AWF config JSON has "apiProxy":{"enabled":true} when the Pi engine runs with firewall enabled

docker_api_proxy_test.go – Pi test case added to TestCollectDockerImages_APIProxyForEnginesWithLLMGateway:

  • Verifies the api-proxy Docker sidecar image is included in the collected images when Pi runs with the firewall

pi_engine_test.go – Three new firewall gateway routing tests:

  • TestPiEngine_GetExecutionSteps_FirewallCopilotProvider: copilot/ prefix → CopilotLLMGatewayPort (10002) via models.json
  • TestPiEngine_GetExecutionSteps_FirewallAnthropicProvider: anthropic/ prefix → ClaudeLLMGatewayPort via models.json
  • TestPiEngine_GetExecutionSteps_FirewallCodexProvider: codex/ prefix → CodexLLMGatewayPort via models.json

Each test validates:

  1. PI_CODING_AGENT_DIR is set to /tmp/gh-aw/pi-agent-dir (where models.json is written)
  2. The aw-gateway custom provider is registered in models.json
  3. The models.json JSON content uses the api-proxy Docker hostname (not host.docker.internal) and routes to the correct gateway port for the provider
  4. The AWF config JSON enables the api-proxy sidecar ("enabled":true)

How Pi uses the api-proxy

Pi's api-proxy integration differs from other engines (Claude, Copilot, Codex, Gemini):

  • Other engines set a base URL environment variable (e.g. ANTHROPIC_BASE_URL) which AWF overrides at runtime with http://{api-proxy-ip}:{port}
  • Pi uses a models.json file written at container startup via printf '%s\n' '<json>' that registers a custom aw-gateway provider pointing at http://api-proxy:{gatewayPort}
  • The provider prefix in engine.model (e.g. anthropic/, copilot/, codex/) determines which gateway port is used
  • Port assignments from gh-aw-firewall: openai/management=10000, anthropic=10001, copilot=10002, gemini=10003

Copilot AI and others added 2 commits May 4, 2026 00:08
@pelikhan
feat: add api-proxy test coverage for Pi engine
b9a1b86 
- Add //go:build !integration tags to enable_api_proxy_test.go and docker_api_proxy_test.go
- Add Pi engine test case to TestEngineAWFEnableApiProxy (verifies apiProxy.enabled in AWF config JSON)
- Add Pi engine test case to TestCollectDockerImages_APIProxyForEnginesWithLLMGateway (verifies api-proxy container is included)
- Add three firewall routing tests in pi_engine_test.go verifying that copilot/, anthropic/, and codex/ model prefixes route through the correct LLM gateway port via models.json

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/c959eaa6-7688-4814-b0cc-63d92185eaef

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
test: improve PI_CODING_AGENT_DIR assertion to verify path value
489515c 
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/c959eaa6-7688-4814-b0cc-63d92185eaef

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI requested a review from pelikhan May 4, 2026 00:11
@pelikhan pelikhan added the dev label May 4, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 4, 2026
edited
Loading

Dev completed successfully!

@github-actions github-actions Bot removed the dev label May 4, 2026
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 4, 2026

@copilot fix the code that generate base64 encoded conflig, using printf humans readable config

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 4, 2026

@copilot /reflect is failing, investigate github/gh-aw-firewall what this could be.

[gh-aw/pi-provider] 2026-05-04T00:25:47.135Z awf-reflect: fetching http://api-proxy:10000/reflect (timeout=5000ms)

@pelikhan
refactor: replace base64 models.json embedding with printf human-read…
598e060 
…able approach

Replace `echo <base64> | base64 -d > models.json` with
`printf '%s\n' '<json>' > models.json` matching the AWF config file
pattern. Remove now-unused encodeBase64 helper and encoding/base64 import.
Update tests to assert against the raw JSON content directly.

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/eb525114-2fdb-4e62-95ca-8a0a1975eb0e

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 4, 2026

@copilot fix the code that generate base64 encoded conflig, using printf humans readable config

Done in 598e060. Replaced echo <base64> | base64 -d > models.json with printf '%s\n' '<json>' > models.json, matching the AWF config file pattern. Also removed the now-unused encodeBase64 helper and encoding/base64 import.

Copilot AI changed the title feat: add api-proxy test coverage for Pi engine (#pi-api-proxy) feat: add api-proxy test coverage for Pi engine and use printf for models.json (#pi-api-proxy) May 4, 2026
@github-actions github-actions Bot mentioned this pull request May 4, 2026
Closed
Copilot AI and others added 2 commits May 4, 2026 01:34
@pelikhan
chore: outline fix plan for Pi api-proxy hostname
97443c4 
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/e62cbd13-97d7-401d-9e51-9b8fe8a05414

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
fix: use api-proxy Docker hostname in Pi models.json baseUrl
bc15a8b 
Root cause of /reflect failure: Pi's models.json was using
`http://host.docker.internal:{port}` as the baseUrl, but
host.docker.internal points to the Docker host (runner machine),
NOT the api-proxy sidecar container. The api-proxy is accessible
within the AWF Docker network via `http://api-proxy:{port}`.

Also fixes resolveGatewayUrl() in pi_provider.cjs to use the
correct hostname and gh-aw-firewall port assignments:
  anthropic=10001, openai/codex=10000, copilot=10002, google=10003

Tests updated to assert api-proxy: appears in models.json JSON
and host.docker.internal is absent from the generated payload.

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/e62cbd13-97d7-401d-9e51-9b8fe8a05414

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 4, 2026
edited
Loading

@copilot /reflect is failing, investigate github/gh-aw-firewall what this could be.

...

Root cause found by investigating gh-aw-firewall: Pi's models.json was using http://host.docker.internal:{port} as the baseUrl, but host.docker.internal resolves to the Docker host (runner machine), not the api-proxy sidecar container. In AWF's Docker Compose network (awf-net), the api-proxy is only reachable via its service hostname api-proxy (e.g. http://api-proxy:10002). host.docker.internal is only added to containers when --enable-host-access is explicitly set — which is not the case for Pi.

From gh-aw-firewall/src/types.ts:

// api-proxy URLs from inside the agent container:
// http://api-proxy:10000  (OpenAI / management port — also hosts /reflect)
// http://api-proxy:10001  (Anthropic)
// http://api-proxy:10002  (Copilot)
// http://api-proxy:10003  (Gemini)

Fixed in bc15a8b:

  • buildPiModelsJSON now generates "baseUrl":"http://api-proxy:{port}" instead of http://host.docker.internal:{port}
  • resolveGatewayUrl() in pi_provider.cjs updated to use api-proxy hostname with the correct per-provider ports (anthropic=10001, openai/codex=10000)
  • Tests strengthened to assert api-proxy: appears in the generated JSON and host.docker.internal is absent from the models.json payload

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login &#43; &#34;/&#34; &#43; .name ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 817931927/.github/workflows GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --check scripts/**/*.js 64/bin/go -d GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE de GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 go sv &#39;/tmp/TestParsegit &#39;/tmp/TestParserev-parse 4436295/b455/vet--show-toplevel git rev-�� ithub-script/git/ref/tags/v9 /opt/hostedtoolc--jq bject.type] | @tsv licyMinIntegritygh GOPROXY /opt/hostedtoolc/repos/actions/github-script/git/ref/tags/v9 git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 e/git sv npx prettier --cgit GOPROXY ache/node/24.14.--show-toplevel git rev-�� ithub-script/git/ref/tags/v9 sh bject.type] | @tsv k/gh-aw/gh-aw/.ggh iptables /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv remove other /usr/bin/git cli/install.sh..infocmp GO111MODULE 64/bin/go git init�� GOMODCACHE go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv test.txt go /usr/bin/git ub/workflows GO111MODULE 64/bin/go git rev-�� /ref/tags/v9 go sv -json GO111MODULE 86_64/node git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 node bject.type] | @tsv /tmp/TestHashCongit /opt/hostedtoolcrev-parse om/testorg/testr--show-toplevel git rev-�� --show-toplevel node /usr/bin/gh /home/REDACTED/worgh go _id&#34;:222}] gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git -lang=go1.25 go /opt/hostedtoolcxterm-color git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 node bject.type] | @tsv /home/REDACTED/worgit go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh k/gh-aw/gh-aw/pkgh remote /usr/bin/git gh (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv RequiresMinIntegrity3887050785/001 GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE 4436295/b398/vet.cfg s GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 git bject.type] | @tsv k/gh-aw/gh-aw -tests /usr/bin/git git rev-�� ithub-script/git/ref/tags/v9 git bject.type] | @tsv --get remote.origin.urrev-parse om/testorg/testr--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/infocmp --show-toplevel go /usr/bin/git infocmp -1 xterm-color git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv 4018-27021/test-2538144169 GOPROXY x_amd64/vet l GOWORK 64/bin/go x_amd64/vet rev-�� --show-toplevel sh /opt/hostedtoolcache/node/24.14.1/x64/bin/node &#34;prettier&#34; --chegit GOPROXY 64/bin/go node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /tmp/TestParseDefaultBranchFromLsRemoteWithRealGitbranch_with_hyphen4025291519/001 l /usr/bin/git &#34;prettier&#34; --chegit go 64/bin/go git rev-�� --show-toplevel go /usr/bin/gh -json GO111MODULE 64/bin/go gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git 01 (http block)
  • https://api.github.com/repos/actions/download-artifact/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel git 64/pkg/tool/linux_amd64/vet ithub-script/gitgit git bject.type] | @t/home/REDACTED/work/gh-aw/gh-aw 64/pkg/tool/linushow rev-�� --show-toplevel git /usr/bin/gh --show-toplevel git /usr/bin/git gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.gremote.origin.url git /usr/bin/git ithub-script/gitgit git bject.type] | @t/home/REDACTED/work/gh-aw/gh-aw git rev-�� ithub/workflows gh /usr/bin/gh l --jq /usr/bin/gh gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv /home/REDACTED/worremote.origin.url show r.lock.yml kflow/pi_engine.git git /usr/bin/git docker imag�� k/gh-aw/gh-aw/.github/workflows ghcr.io/github/serena-mcp-serverowner=github viewer.lock.yml --show-toplevel git 64/pkg/tool/linu/repos/actions/github-script/git/ref/tags/v9 git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 git sv /ref/tags/v9 go sv git rev-�� --show-toplevel git /usr/bin/gh --show-toplevel go /usr/bin/git gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel infocmp /usr/bin/git xterm-color go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOSUMDB GOWORK 64/bin/go sed -ne s/^session\.saveGOINSECURE go 64/bin/go -json GO111MODULE 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOSUMDB GOWORK 64/bin/go node /opt�� prettier --check 64/bin/go --ignore-path .prettierignore 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv prettier --check 64/bin/go **/*.ts **/*.json --ignore-path sh -c &#34;prettier&#34; --cheGOINSECURE go 64/bin/go -d GO111MODULE 64/bin/go go (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9.0.0
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOSUMDB GOWORK 64/bin/go sed -e s,@VERSION@,8.3,GOINSECURE go 64/bin/go -json GO111MODULE 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOSUMDB GOWORK run-script/lib/n-json node /opt�� prettier --check 64/bin/go --ignore-path .prettierignore 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti-json sh -c &#34;prettier&#34; --cheGOINSECURE go 64/bin/go tierignore GO111MODULE 64/bin/go go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git Onlymin-integritinfocmp GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git -json GO111MODULE Name,createdAt,s--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git 4239-49164/test-gh GO111MODULE /opt/hostedtoolc/repos/actions/github-script/git/ref/tags/v9 git add test-file.txt go /usr/bin/git 4239-49164/test-git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv GOMODCACHE go /usr/bin/git -json GO111MODULE 64/bin/go git bran�� --show-current go /usr/bin/git 345 GO111MODULE x_amd64/compile git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv xterm-color go /usr/bin/gh ithub/workflows/gh GO111MODULE 1/x64/bin/node gh api /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git ithub-script/gitgit GO111MODULE r: $owner, name:--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 /usr/bin/git bject.type] | @tsv -v l /usr/bin/git git rev-�� /ref/tags/v9 git sv runs/20260504-01infocmp config /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv GOPATH GOPROXY /usr/bin/git GOSUMDB GOWORK 64/bin/go git conf�� k/gh-aw/gh-aw/.github/workflows test@example.com /opt/hostedtoolcache/node/24.14.1/x64/bin/node &#34;prettier&#34; --chegit GOPROXY 64/bin/go node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv -stringintconv -tests /usr/bin/git &#34;prettier&#34; --chegit go 64/bin/go git -C /tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_explicit_repo3653544874/001 s/2/artifacts (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --get remote.origin.url om/org2/repo.git 01 GO111MODULE 64/bin/go /opt/hostedtoolcache/node/24.14.1/x64/bin/node /tmp�� github.event.inputs.enforce_all || &#39;round-robin&#39; go /usr/bin/git -json GO111MODULE nch,headSha,disp--show-toplevel git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv github.token go /usr/bin/git -json GO111MODULE 64/bin/go git conf�� --get remote.origin.url /usr/bin/git ned-imports-enabgit GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 config repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } remote.origin.urgit GO111MODULE 64/bin/go git conf�� user.email test@example.com /usr/bin/gh -json GO111MODULE nch,headSha,disp--show-toplevel gh (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv --show-toplevel git $name) { hasDiscussionsEnabled } } --show-toplevel git /usr/bin/infocmp--end-of-options git rev-�� test.go infocmp /usr/bin/gh xterm-color git /usr/bin/git gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv ithub/workflows git $name) { hasDiscussionsEnabled } } --show-toplevel git /usr/bin/git infocmp -1 alse git ache/go/1.25.8/x64/bin/go elete git f8c16f267bf97c36/home/REDACTED/work/gh-aw/gh-aw/.github/workflows gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv ithub/workflows -f /usr/bin/git -f owner=github -f git -C ithub-script/git/ref/tags/v9 show bject.type] | @tsv ock.yml git /usr/bin/git /usr/bin/gh (http block)
  • https://api.github.com/repos/aws-actions/configure-aws-credentials/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel node /usr/bin/git /tmp/TestHashStagit go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git /tmp/TestGuardPogh config /usr/bin/infocmpstatus git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git :latest remote ps git rev-�� --show-toplevel ps /usr/bin/git git --jq 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git /ref/tags/v9 origin sv git rev-�� --show-toplevel /opt/hostedtoolcache/node/24.14.^remote\..*\.gh-resolved$ /usr/bin/git github.repositorgh go /usr/bin/git git (http block)
  • https://api.github.com/repos/azure/login/git/ref/tags/v2
    • Triggering command: /usr/bin/gh gh api /repos/azure/login/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel (http block)
    • Triggering command: /usr/bin/gh gh api /repos/azure/login/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel infocmp /usr/bin/git xterm-color go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh /tmp/TestGuardPoinfocmp config /opt/hostedtoolcxterm-color gh (http block)
  • https://api.github.com/repos/docker/login-action/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 git bject.type] | @tsv --get remote.origin.urrev-parse om/testorg/testr--show-toplevel git rev-�� --show-toplevel git /usr/bin/infocmp /tmp/TestGuardPoinfocmp remote /usr/bin/git infocmp (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 /usr/bin/git bject.type] | @tsv --get-regexp ^remote\..*\.gh-rev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp --show-toplevel go /opt/hostedtoolcxterm-color infocmp (http block)
  • https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 git sv --show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /workflows/dev.lremote.origin.url --jq /usr/bin/git /repos/actions/ggh --jq (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw -buildtags kflows/claude-code-user-docs-review.lock.yml -errorsas -ifaceassert -nilfunc git show�� k/gh-aw/gh-aw/.gremote.origin.url -tests -agent.lock.yml l git /usr/bin/git /usr/bin/git (http block)
  • https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv graphql -f x_amd64/asm -f owner=github -f x_amd64/asm rev-�� /ref/tags/v9 git 64/pkg/tool/linux_amd64/vet --show-toplevel git /usr/bin/git 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /workflows/dev.lock.yml git sv --show-toplevel git docker-compose git rev-�� --show-toplevel docker-compose 64/pkg/tool/linux_amd64/vet --show-toplevel git /usr/bin/git 64/pkg/tool/linurev-parse (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.gremote.origin.url :latest (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch --show-toplevel infocmp yml xterm-color git bin/node git rev-�� --show-toplevel gh .cfg /repos/actions/ggit nly /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch k/gh-aw/gh-aw git yml --show-toplevel git /usr/bin/infocmp/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git -C k/gh-aw/gh-aw/.github/workflows config me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } remote.origin.urgit git ock.yml gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch ithub/workflows git yml ithub/workflows config DiscussionsEnabl/home/REDACTED/work/gh-aw/gh-aw/.github/workflows gh api k/gh-aw/gh-aw --jq me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } k/gh-aw/gh-aw -f ocs.lock.yml /usr/bin/gh (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git -json GO111MODULE /opt/hostedtoolc/repos/actions/github-script/git/ref/tags/v9 git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolcxterm-color git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv xterm-color go /usr/bin/infocmp 4239-49164/test-infocmp GO111MODULE /opt/hostedtoolcxterm-color infocmp -1 xterm-color go /usr/bin/git -json GO111MODULE e/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git iant-883168414 GO111MODULE 64/bin/go git add /tmp/file-tracker-test1232756929/test1.md /tmp/file-tracker-test1232756929/test2.lock.yml /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv /home/REDACTED/work/gh-aw/gh-aw rev-parse /usr/bin/git le-frontmatter.mgit GO111MODULE 64/bin/go git conf�� /ref/tags/v9 remote.origin.url sv -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv list --json /usr/bin/git --workflow nonexistent-workrev-parse --limit git -C /tmp/TestCompileErrorFormatting1079376030/001 config e/git-remote-https remote.origin.urgit GO111MODULE 64/bin/go e/git-remote-https (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� /ref/tags/v9 go sv -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created &gt;=2026-04-27 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created &gt;=2026-04-04 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created &gt;=2026-02-03 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env approach-validator.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE go env ck &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-patremote.origin.url GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuother (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link env edOutput4264217413/001 GO111MODULE rtcfg.link GOINSECURE UyroDE4thq9NUWnVinit GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env api-consumption-report.md GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE ache/node/24.14.1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go ache�� -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE erignore (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1234567890
    • Triggering command: /usr/bin/gh gh api repos/{owner}/{repo}/actions/runs/1234567890 --jq {databaseId: .id, number: .run_number, url: .html_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, createdAt: .created_at, startedAt: .run_started_at, updatedAt: .updated_at, event: .event, headBranch: .head_branch, --end-of-optionsGOINSECURE blob d580de28aa73216f-d -json GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api repos/{owner}/{repo}/actions/runs/1234567890 --jq {databaseId: .id, number: .run_number, url: .html_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, createdAt: .created_at, startedAt: .run_started_at, updatedAt: .updated_at, event: .event, headBranch: .head_branch, -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env edOutput4264217413/001 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/asm env 24600680/001 GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE k/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go env ck &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-patremote.origin.url GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE l_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, creat--show-toplevel GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link env api-consumption-report.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE go env ck &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-path ../../../.pret.prettierignore GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu^remote\..*\.gh-resolved$ env rity3887050785/001 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE sole.test GOINSECURE GOMOD GOMODCACHE sole.test 2144�� archie.md GO111MODULE k GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE go env ck &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-pat-errorsas GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote.upstream.url (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu--json env rity3887050785/0--limit GO111MODULE ache/go/1.25.8/x--created GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com env sole.test GO111MODULE ortcfg.link GOINSECURE GOMOD GOMODCACHE UB4Z85HNraJd7B2VBq/aMwv_nfK75JUCremote.origin.url (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE go env ck &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-path ../../../.pret.prettierignore GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linumyorg (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env rity3887050785/001 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE .test GOINSECURE GOMOD GOMODCACHE .test 2144�� -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE go env ck &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-path ../../../.pret.prettierignore GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuupstream (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --check scripts/**/*.js 64/bin/go -d GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linuremote2 env _.a GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User (http block)
  • https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
    • Triggering command: /tmp/go-build3214436295/b404/cli.test /tmp/go-build3214436295/b404/cli.test -test.testlogfile=/tmp/go-build3214436295/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE 4191037/b438/impGO111MODULE /hom�� che/go-build/a5/GOINSECURE **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti-json /opt/hostedtoolcGO111MODULE (http block)
    • Triggering command: /tmp/go-build2954860193/b404/cli.test /tmp/go-build2954860193/b404/cli.test -test.testlogfile=/tmp/go-build2954860193/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel e/git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh --show-toplevel go /usr/bin/git gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh /tmp/gh-aw-test-gh remote /usr/bin/git gh (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9.0.0 GO111MODULE $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go env sRemoteWithRealGitbranch_with_hyphen4025291519/001 sRemoteWithRealGitbranch_with_hyphen4025291519/002/work /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv Gitmaster_branch2155015759/001&#39; Gitmaster_branch2155015759/001&#39; 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ub/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE ode_modules/.bin/node GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go phen�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/google-github-actions/auth/git/ref/tags/v2
    • Triggering command: /usr/bin/gh gh api /repos/google-github-actions/auth/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git 64/bin/go l /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git runs/20260504-01git config 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/google-github-actions/auth/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel gh /usr/bin/git /orgs/test-ownergit l /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/gh git (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE tartedAt,updatedAt,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE go sRem�� -json GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv json&#39; --ignore-path ../../../.pr**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env y.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env 734058515 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env ck &#39;scripts/**/*.js&#39; --ignore-path .prettierignore GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE 1/x64/bin/node (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go -json GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go -d GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE .cfg GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name ays.md scripts/**/*.js 64/bin/go -d GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE /node GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/test/repo
    • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch runs/20260504-014239-49164/test-4271996670 go /usr/lib/git-core/git-upload-pack l GO111MODULE 64/bin/go git-upload-pack /tmp�� -aw/git/ref/tags/v3.0.0 go bject.type] | @tsv -json GO111MODULE 64/bin/go node (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title feat: add api-proxy test coverage for Pi engine and use printf for models.json (#pi-api-proxy) feat: add api-proxy test coverage for Pi engine, use printf for models.json, and fix models.json baseUrl hostname (#pi-api-proxy) May 4, 2026
@pelikhan pelikhan added the dev label May 4, 2026
@pelikhan pelikhan marked this pull request as ready for review May 4, 2026 01:59
Copilot AI review requested due to automatic review settings May 4, 2026 01:59
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 4, 2026

@copilot merge main and recompile

Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Pi engine coverage and updates Pi’s AWF api-proxy routing configuration so LLM traffic is routed via the api-proxy sidecar using a readable models.json setup step.

Changes:

  • Add Pi-focused tests to validate AWF api-proxy enablement and inclusion of the api-proxy sidecar image.
  • Update Pi engine to generate models.json via printf and fix baseUrl hostname to api-proxy.
  • Update Pi provider extension diagnostics and regenerate workflow lockfiles (env + rendered command updates).
Show a summary per file
File Description
pkg/workflow/pi_engine.go Switch models.json generation to printf and use api-proxy hostname in baseUrl.
pkg/workflow/pi_engine_test.go Add firewall routing tests validating models.json + AWF api-proxy enablement.
pkg/workflow/enable_api_proxy_test.go Add Pi case asserting apiProxy.enabled=true appears in AWF config JSON.
pkg/workflow/docker_api_proxy_test.go Add Pi case asserting api-proxy image is collected for firewall runs.
actions/setup/js/pi_provider.cjs Update diagnostic gateway URL resolution to api-proxy hostname and new port mapping.
.github/workflows/weekly-issue-summary.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/typist.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/terminal-stylist.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/stale-repo-identifier.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-workflow-call.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-update-cross-repo-pr.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-test-tools.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-temporary-id.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-service-ports.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-project.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-pi.lock.yml Add GH_AW_OTLP_ENDPOINTS env and update rendered Pi models.json command to printf + api-proxy hostname.
.github/workflows/smoke-opencode.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-multi-pr.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-gemini.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-create-cross-repo-pr.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-copilot-arm.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-codex.lock.yml Add GH_AW_OTLP_ENDPOINTS env (plus regenerated heredoc IDs).
.github/workflows/smoke-call-workflow.lock.yml Add GH_AW_OTLP_ENDPOINTS env (plus regenerated heredoc IDs).
.github/workflows/smoke-agent-scoped-approved.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-agent-public-none.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-agent-public-approved.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-agent-all-none.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/smoke-agent-all-merged.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/sergo.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/schema-consistency-checker.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/safe-output-health.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/repository-quality-improver.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/repo-audit-analyzer.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/prompt-clustering-analysis.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/mcp-inspector.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/lockfile-stats.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/go-fan.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/github-remote-mcp-auth-test.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/github-mcp-tools-report.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/github-mcp-structural-analysis.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/example-workflow-analyzer.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/docs-noob-tester.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/developer-docs-consolidator.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/dev.lock.yml Update rendered Pi models.json command to printf + api-proxy hostname.
.github/workflows/delight.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-workflow-updater.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-token-consumption-report.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-testify-uber-super-expert.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-team-status.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-team-evolution-insights.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-syntax-error-quality.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-skill-optimizer.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-sentrux-report.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-semgrep-scan.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-security-red-team.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-security-observability.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-secrets-analysis.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-safe-outputs-conformance.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-safe-output-optimizer.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-safe-output-integrator.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-repo-chronicle.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-rendering-scripts-verifier.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-regulatory.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-performance-summary.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-otel-instrumentation-advisor.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-observability-report.lock.yml Add GH_AW_OTLP_ENDPOINTS env (plus regenerated heredoc IDs).
.github/workflows/daily-news.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-multi-device-docs-tester.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-model-inventory.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-mcp-concurrency-analysis.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-malicious-code-scan.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-issues-report.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-hippo-learn.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-function-namer.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-firewall-report.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-file-diet.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-fact.lock.yml Add GH_AW_OTLP_ENDPOINTS env (plus regenerated heredoc IDs).
.github/workflows/daily-experiment-report.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-doc-updater.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-doc-healer.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-compiler-quality.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-community-attribution.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-code-metrics.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-cli-tools-tester.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-cli-performance.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-choice-test.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-caveman-optimizer.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-cache-strategy-analyzer.lock.yml Add GH_AW_OTLP_ENDPOINTS env (plus regenerated heredoc IDs).
.github/workflows/daily-aw-cross-repo-compile-check.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-assign-issue-to-user.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/daily-architecture-diagram.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/copilot-token-audit.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/copilot-session-insights.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/copilot-pr-prompt-analysis.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/copilot-pr-nlp-analysis.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/copilot-pr-merged-report.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/copilot-agent-analysis.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/claude-code-user-docs-review.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/blog-auditor.lock.yml Add GH_AW_OTLP_ENDPOINTS env.
.github/workflows/audit-workflows.lock.yml Add GH_AW_OTLP_ENDPOINTS env.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

pkg/workflow/pi_engine_test.go:339

  • This test expects Codex/OpenAI routing to use constants.CodexLLMGatewayPort (currently 10001), but the api-proxy /reflect contract used by other setup JS tests indicates OpenAI traffic uses port 10000 (actions/setup/js/awf_reflect_summary.test.cjs SAMPLE_REFLECT endpoints["openai"].port=10000), and the updated resolveGatewayUrl() maps codex→10000. If Codex should share the OpenAI gateway port, this test should assert 10000 (or whatever the shared source of truth is) so it actually validates the intended routing.
  • Files reviewed: 101/101 changed files
  • Comments generated: 3

Comment thread pkg/workflow/pi_engine.go
Comment on lines +290 to +292
// printf '%s\n' '<json>' is safe here because JSON uses only double quotes
// (never single quotes), so single-quoting via shellEscapeArg requires no
// further escaping in practice.
Comment thread actions/setup/js/pi_provider.cjs
Comment on lines 56 to +66
function resolveGatewayUrl(provider) {
const GATEWAY_PORTS = /** @type {Record<string, number>} */ {
copilot: 10002,
anthropic: 10000,
openai: 10001,
codex: 10001,
anthropic: 10001,
openai: 10000,
codex: 10000,
google: 10003,
};
const port = GATEWAY_PORTS[provider];
if (!port) return null;
return `http://host.docker.internal:${port}`;
return `http://api-proxy:${port}`;
Comment thread pkg/workflow/pi_engine_test.go
Comment on lines +303 to +308
// Anthropic provider routes through the Claude LLM gateway port.
// models.json must use the "api-proxy" Docker service hostname, not host.docker.internal.
expectedModelsJSON := buildPiModelsJSON(constants.ClaudeLLMGatewayPort, "ANTHROPIC_API_KEY", "claude-opus-4-20251101")
assert.Contains(t, expectedModelsJSON, "api-proxy:", "models.json baseUrl must use the api-proxy Docker hostname within the AWF network")
assert.NotContains(t, expectedModelsJSON, "host.docker.internal", "models.json baseUrl must not use host.docker.internal (not the api-proxy)")
assert.Contains(t, stepText, expectedModelsJSON, "Anthropic provider should route through ClaudeLLMGatewayPort via models.json")
@pelikhan
Merge remote-tracking branch 'origin/main' into copilot/review-api-pr…
7a008bc 
…oxy-provider-extension

# Conflicts:
#	.github/workflows/audit-workflows.lock.yml
#	.github/workflows/blog-auditor.lock.yml
#	.github/workflows/claude-code-user-docs-review.lock.yml
#	.github/workflows/copilot-agent-analysis.lock.yml
#	.github/workflows/copilot-pr-merged-report.lock.yml
#	.github/workflows/copilot-pr-nlp-analysis.lock.yml
#	.github/workflows/copilot-pr-prompt-analysis.lock.yml
#	.github/workflows/copilot-session-insights.lock.yml
#	.github/workflows/copilot-token-audit.lock.yml
#	.github/workflows/daily-architecture-diagram.lock.yml
#	.github/workflows/daily-assign-issue-to-user.lock.yml
#	.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml
#	.github/workflows/daily-aw-cross-repo-compile-check.lock.yml
#	.github/workflows/daily-cache-strategy-analyzer.lock.yml
#	.github/workflows/daily-caveman-optimizer.lock.yml
#	.github/workflows/daily-choice-test.lock.yml
#	.github/workflows/daily-cli-performance.lock.yml
#	.github/workflows/daily-cli-tools-tester.lock.yml
#	.github/workflows/daily-code-metrics.lock.yml
#	.github/workflows/daily-community-attribution.lock.yml
#	.github/workflows/daily-compiler-quality.lock.yml
#	.github/workflows/daily-doc-healer.lock.yml
#	.github/workflows/daily-doc-updater.lock.yml
#	.github/workflows/daily-experiment-report.lock.yml
#	.github/workflows/daily-fact.lock.yml
#	.github/workflows/daily-file-diet.lock.yml
#	.github/workflows/daily-firewall-report.lock.yml
#	.github/workflows/daily-function-namer.lock.yml
#	.github/workflows/daily-hippo-learn.lock.yml
#	.github/workflows/daily-issues-report.lock.yml
#	.github/workflows/daily-malicious-code-scan.lock.yml
#	.github/workflows/daily-mcp-concurrency-analysis.lock.yml
#	.github/workflows/daily-model-inventory.lock.yml
#	.github/workflows/daily-multi-device-docs-tester.lock.yml
#	.github/workflows/daily-news.lock.yml
#	.github/workflows/daily-observability-report.lock.yml
#	.github/workflows/daily-otel-instrumentation-advisor.lock.yml
#	.github/workflows/daily-performance-summary.lock.yml
#	.github/workflows/daily-regulatory.lock.yml
#	.github/workflows/daily-rendering-scripts-verifier.lock.yml
#	.github/workflows/daily-repo-chronicle.lock.yml
#	.github/workflows/daily-safe-output-integrator.lock.yml
#	.github/workflows/daily-safe-output-optimizer.lock.yml
#	.github/workflows/daily-safe-outputs-conformance.lock.yml
#	.github/workflows/daily-secrets-analysis.lock.yml
#	.github/workflows/daily-security-observability.lock.yml
#	.github/workflows/daily-security-red-team.lock.yml
#	.github/workflows/daily-semgrep-scan.lock.yml
#	.github/workflows/daily-sentrux-report.lock.yml
#	.github/workflows/daily-skill-optimizer.lock.yml
#	.github/workflows/daily-syntax-error-quality.lock.yml
#	.github/workflows/daily-team-evolution-insights.lock.yml
#	.github/workflows/daily-team-status.lock.yml
#	.github/workflows/daily-testify-uber-super-expert.lock.yml
#	.github/workflows/daily-token-consumption-report.lock.yml
#	.github/workflows/daily-workflow-updater.lock.yml
#	.github/workflows/delight.lock.yml
#	.github/workflows/developer-docs-consolidator.lock.yml
#	.github/workflows/docs-noob-tester.lock.yml
#	.github/workflows/example-workflow-analyzer.lock.yml
#	.github/workflows/github-mcp-structural-analysis.lock.yml
#	.github/workflows/github-mcp-tools-report.lock.yml
#	.github/workflows/github-remote-mcp-auth-test.lock.yml
#	.github/workflows/go-fan.lock.yml
#	.github/workflows/lockfile-stats.lock.yml
#	.github/workflows/mcp-inspector.lock.yml
#	.github/workflows/prompt-clustering-analysis.lock.yml
#	.github/workflows/repo-audit-analyzer.lock.yml
#	.github/workflows/repository-quality-improver.lock.yml
#	.github/workflows/safe-output-health.lock.yml
#	.github/workflows/schema-consistency-checker.lock.yml
#	.github/workflows/sergo.lock.yml
#	.github/workflows/smoke-agent-all-merged.lock.yml
#	.github/workflows/smoke-agent-all-none.lock.yml
#	.github/workflows/smoke-agent-public-approved.lock.yml
#	.github/workflows/smoke-agent-public-none.lock.yml
#	.github/workflows/smoke-agent-scoped-approved.lock.yml
#	.github/workflows/smoke-call-workflow.lock.yml
#	.github/workflows/smoke-codex.lock.yml
#	.github/workflows/smoke-copilot-arm.lock.yml
#	.github/workflows/smoke-create-cross-repo-pr.lock.yml
#	.github/workflows/smoke-gemini.lock.yml
#	.github/workflows/smoke-multi-pr.lock.yml
#	.github/workflows/smoke-opencode.lock.yml
#	.github/workflows/smoke-pi.lock.yml
#	.github/workflows/smoke-project.lock.yml
#	.github/workflows/smoke-service-ports.lock.yml
#	.github/workflows/smoke-temporary-id.lock.yml
#	.github/workflows/smoke-test-tools.lock.yml
#	.github/workflows/smoke-update-cross-repo-pr.lock.yml
#	.github/workflows/smoke-workflow-call.lock.yml
#	.github/workflows/stale-repo-identifier.lock.yml
#	.github/workflows/terminal-stylist.lock.yml
#	.github/workflows/typist.lock.yml
#	.github/workflows/weekly-issue-summary.lock.yml

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 4, 2026
edited
Loading

@copilot merge main and recompile

Done in 7a008bc. Merged origin/main (bringing in codex_harness.cjs retry logic and experiment statistics changes), rebuilt the binary, and recompiled all 210 workflow .lock.yml files.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --local user.email tion.lock.yml (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows -s -w -X main.version=v0.71.3-208-gbc15a8b66a-dirty kflows/go-fan.lock.yml gh-aw ./cmd/gh-aw (http block)
  • https://api.github.com/repos/actions/download-artifact/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv optimizer.lock.yml est.lock.yml ache/node/24.14.1/x64/bin/git gpg.program (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.github/workflows -- /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link l (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv ithub/workflows committer.email sh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv ithub/workflows config /usr/bin/git remote.origin.urgit r-extension ache/node/24.14./home/REDACTED/work/gh-aw/gh-aw/.github/workflows git -C k/gh-aw/gh-aw rev-parse urity-observability.lock.yml (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv 4 user.email /usr/sbin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.github/workflows log .lock.yml l (http block)
  • https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv get --local k/_temp/uv-python-dir/bash user.name (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows -- eport.lock.yml (http block)
  • https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv get --local lock.yml user.name (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.gremote.origin.url -- kflow-call-with-inputs.lock.yml (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch --local pull.rebase ning-fixer.lock.yml (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch ithub/workflows (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan added dev and removed dev labels May 4, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 4, 2026
edited
Loading

Dev completed successfully!

@github-actions github-actions Bot removed the dev label May 4, 2026
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 4, 2026

@copilot merge main and recompile

Copilot AI and others added 2 commits May 4, 2026 02:27
@pelikhan
Merge remote-tracking branch 'origin/main' into copilot/review-api-pr…
42a05ec 
…oxy-provider-extension

# Conflicts:
#	.github/workflows/daily-cache-strategy-analyzer.lock.yml
#	.github/workflows/daily-fact.lock.yml
#	.github/workflows/daily-observability-report.lock.yml
#	.github/workflows/smoke-call-workflow.lock.yml
#	.github/workflows/smoke-codex.lock.yml

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
chore: recompile workflows after merge with main
c3269c5 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 4, 2026
edited
Loading

@copilot merge main and recompile

Done in c3269c5. Merged origin/main (brings in the single-quoted bash tool sanitizer fix from #30040), rebuilt the binary, and recompiled 14 updated workflow .lock.yml files.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows --local ptables (http block)
  • https://api.github.com/repos/actions/download-artifact/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch mit} (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch ithub/workflows --get /opt/hostedtoolcache/node/24.14.1/x64/bin/git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan merged commit dd47e58 into main May 4, 2026
@pelikhan pelikhan deleted the copilot/review-api-proxy-provider-extension branch May 4, 2026 02:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan