fix(safe-outputs): bundle safe-outputs-items manifest into usage artifact to restore SafeItemsCount#43056
Conversation
…temsCount backfill - Add parseSafeOutputsManifest() to generate_usage_activity_summary.cjs to read /tmp/gh-aw/safe-output-items.jsonl and include safe_outputs counts in activity/summary.json - Add "Download safe outputs items manifest" step in conclusion job (buildUsageArtifactUploadSteps) so the safe-outputs-items artifact is available before usage summary generation - Add usageActivitySafeOutputs struct and SafeItemsCount backfill logic in logs_usage_activity.go - Add tests for parseSafeOutputsManifest in generate_usage_activity_summary.test.cjs - Add tests for SafeItemsCount backfill in logs_usage_activity_test.go - Update TestConclusionJobIncludesUsageArtifactSteps to assert new download step Fixes SafeItemsCount=0 / actuation_style=read_only undercount since 2026-05-31. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
|
|
✅ Design Decision Gate 🏗️ completed the design decision gate check. |
|
✅ Test Quality Sentinel completed test quality analysis. |
|
🧠 Matt Pocock Skills Reviewer failed during the skills-based review. |
There was a problem hiding this comment.
Pull request overview
This PR restores safe-output item accounting in gh aw logs --artifacts usage by ensuring the safe-outputs items manifest is present when the usage activity summary is generated, then surfacing those counts in activity/summary.json and backfilling SafeItemsCount from that summary when needed.
Changes:
- Download
{prefix}safe-outputs-itemsinto/tmp/gh-aw/in the conclusion job before generating the usage activity summary. - Extend
generate_usage_activity_summary.cjsto parse/tmp/gh-aw/safe-output-items.jsonland emit asafe_outputssection inactivity/summary.json. - Backfill
SafeItemsCountfromsummary.safe_outputs.total_itemswhenSafeItemsCountis zero but the usage summary reports items.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/notify_comment.go | Adds a download-artifact step so the safe-outputs manifest is available during usage summary generation. |
| pkg/workflow/notify_comment_test.go | Extends coverage to assert the manifest download step exists and precedes usage artifact collection. |
| pkg/cli/logs_usage_activity.go | Parses safe_outputs from the usage activity summary and backfills SafeItemsCount when appropriate. |
| pkg/cli/logs_usage_activity_test.go | Adds tests for safe-outputs parsing and SafeItemsCount backfill behavior. |
| actions/setup/js/generate_usage_activity_summary.cjs | Adds parseSafeOutputsManifest() and includes safe_outputs in the generated summary JSON. |
| actions/setup/js/generate_usage_activity_summary.test.cjs | Adds unit tests for parseSafeOutputsManifest(). |
| .github/workflows/ab-testing-advisor.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/ace-editor.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/agent-performance-analyzer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/agent-persona-explorer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/agentic-token-audit.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/agentic-token-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/agentic-token-trend-audit.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/ai-moderator.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/api-consumption-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/approach-validator.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/archie.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/architecture-guardian.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/artifacts-summary.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/audit-workflows.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/auto-triage-issues.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/avenger.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/aw-failure-investigator.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/bot-detection.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/brave.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/breaking-change-checker.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/chaos-pr-bundle-fuzzer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/changeset.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/ci-coach.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/ci-doctor.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/claude-code-user-docs-review.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/cli-consistency-checker.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/cli-version-checker.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/cloclo.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/codex-github-remote-mcp-test.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/code-scanning-fixer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/code-simplifier.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/commit-changes-analyzer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/contribution-check.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/constraint-solving-potd.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-agent-analysis.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-centralization-drilldown.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-centralization-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-cli-deep-research.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-opt.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-pr-merged-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-pr-nlp-analysis.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-pr-prompt-analysis.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/copilot-session-insights.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/craft.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-agentrx-trace-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-ambient-context-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-architecture-diagram.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-assign-issue-to-user.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-aw-cross-repo-compile-check.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-awf-spec-compiler-surfacing.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-byok-ollama-test.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-cache-strategy-analyzer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-caveman-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-choice-test.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-cli-performance.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-cli-tools-tester.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-code-metrics.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-community-attribution.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-compiler-quality.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-compiler-threat-spec-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-credit-limit-test.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-doc-healer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-doc-updater.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-experiment-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-fact.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-file-diet.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-firewall-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-formal-spec-verifier.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-function-namer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-geo-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-hippo-learn.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-issues-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-malicious-code-scan.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-max-ai-credits-test.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-mcp-concurrency-analysis.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-model-inventory.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-model-resolution.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-multi-device-docs-tester.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-news.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-observability-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-performance-summary.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-regulatory.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-rendering-scripts-verifier.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-reliability-review.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-repo-chronicle.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-safe-output-integrator.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-safe-output-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-safe-outputs-conformance.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-safeoutputs-git-simulator.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-security-observability.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-security-red-team.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-semgrep-scan.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-sentrux-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-secrets-analysis.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-skill-optimizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-spdd-spec-planner.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-syntax-error-quality.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-team-evolution-insights.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-team-status.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-testify-uber-super-expert.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-token-consumption-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-workflow-updater.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-windows-terminal-integration-builder.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/daily-yamllint-fixer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/dead-code-remover.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/dependabot-burner.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/dependabot-go-checker.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/dependabot-repair.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/deployment-incident-monitor.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/designer-drift-audit.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/design-decision-gate.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/detection-analysis-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/dev-hawk.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/dev.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/dictation-prompt.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/discussion-task-miner.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/docs-noob-tester.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/draft-pr-cleanup.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/delight.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/duplicate-code-detector.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/eslint-miner.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/eslint-monster.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/eslint-refiner.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/example-failure-category-filter.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/example-permissions-warning.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/example-workflow-analyzer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/firewall-escape.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/firewall.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/functional-pragmatist.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/github-mcp-structural-analysis.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/github-mcp-tools-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/github-remote-mcp-auth-test.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/glossary-maintainer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/go-fan.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/go-logger.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/go-pattern-detector.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/gpclean.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/grumpy-reviewer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/hippo-embed.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/hourly-ci-cleaner.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/impeccable-skills-reviewer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/instructions-janitor.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/issue-arborist.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/issue-monster.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/issue-triage-agent.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/jsweep.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/layout-spec-maintainer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/lint-monster.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/linter-miner.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/lockfile-stats.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/mattpocock-skills-reviewer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/mcp-inspector.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/mergefest.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/metrics-collector.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/necromancer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/notion-issue-summary.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/objective-impact-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/org-health-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/outcome-collector.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/pdf-summary.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/plan.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/poem-bot.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/portfolio-analyst.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/pr-code-quality-reviewer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/pr-description-caveman.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/pr-nitpick-reviewer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/pr-sous-chef.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/pr-triage-agent.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/prompt-clustering-analysis.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/python-data-charts.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/q.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/refactoring-cadence.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/refiner.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/release.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/repo-audit-analyzer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/repo-tree-map.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/repository-quality-improver.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/research.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/ruflo-backed-task.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/safe-output-health.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/scout.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/schema-consistency-checker.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/schema-feature-coverage.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/security-compliance.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/security-review.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/semantic-function-refactor.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/sergo.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/skillet.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/slide-deck-maintainer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-agent-all-merged.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-agent-all-none.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-agent-public-approved.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-agent-public-none.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-agent-scoped-approved.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-antigravity.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-call-workflow.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-ci.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-claude-on-copilot.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-claude.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-codex.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-copilot-arm.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-copilot-aoai-apikey.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-copilot-aoai-entra.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-copilot-sdk.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-copilot-sub-agents.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-copilot.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-create-cross-repo-pr.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-crush.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-gemini.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-multi-pr.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-opencode.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-otel-backends.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-pi.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-project.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-service-ports.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-temporary-id.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-test-tools.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-update-cross-repo-pr.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/smoke-workflow-call-with-inputs.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job (with artifact prefixing for workflow_call). |
| .github/workflows/smoke-workflow-call.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job (with artifact prefixing for workflow_call). |
| .github/workflows/spec-enforcer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/spec-extractor.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/spec-librarian.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/static-analysis-report.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/stale-pr-cleanup.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/stale-repo-identifier.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/step-name-alignment.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/sub-issue-closer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/super-linter.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/technical-doc-writer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/terminal-stylist.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/test-create-pr-error-handling.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/test-dispatcher.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/test-project-url-default.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/test-quality-sentinel.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/test-workflow.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/tidy.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/typist.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/ubuntu-image-analyzer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/uk-ai-operational-resilience.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/unbloat-docs.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/update-astro.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/video-analyzer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/visual-regression-checker.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/weekly-blog-post-writer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/weekly-editors-health-check.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/weekly-issue-summary.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/weekly-safe-outputs-spec-review.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/workflow-generator.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/workflow-health-manager.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/workflow-normalizer.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
| .github/workflows/workflow-skill-extractor.lock.yml | Regenerates compiled workflow to include the new manifest download step in the conclusion job. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 264/264 changed files
- Comments generated: 1
- Review effort level: Low
…ad in conclusion job
🏗️ Design Decision Gate — ADR RequiredThis PR makes significant changes to core business logic (>100 new lines) but does not have a linked Architecture Decision Record (ADR). 📄 Draft ADR committed:
📋 What to do next
Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision. ❓ Why ADRs Matter
ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you. 📋 Michael Nygard ADR Format ReferenceAn ADR must contain these four sections to be considered complete:
All ADRs are stored in
|
🧪 Test Quality Sentinel Report
📊 Metrics (10 tests)
|
There was a problem hiding this comment.
✅ Test Quality Sentinel: 78/100 (Acceptable). 0% implementation tests (threshold: 30%). No guideline violations. Test inflation flagged for logs_usage_activity_test.go (3.94:1) but justified by thorough behavioral coverage of the new SafeItemsCount backfill logic.
There was a problem hiding this comment.
Review: fix(safe-outputs): bundle safe-outputs-items manifest into restore SafeItemsCount
Overall assessment: Correct approach, one minor maintainability note.
The fix correctly addresses the root cause: the safe-output-items.jsonl manifest was never available when generate_usage_activity_summary.cjs ran in the conclusion job, causing SafeItemsCount=0 on every run since 2026-05-31.
What the PR does well
- Correct placement: the new
Download safe outputs items manifeststep is prepended before "Collect usage artifact files" (verified by the ordering test innotify_comment_test.go), so the manifest is present when the summary generator runs. - Safe failure mode:
continue-on-error: trueensures workflows that emit no safe outputs don't fail the conclusion job. - Zero-item protection in Go backfill: the backfill in
logs_usage_activity.goonly fires whensummary.SafeOutputs.TotalItems > 0, correctly avoiding masking genuine zero-item runs. - Well-tested: new tests cover the JS manifest parser (null on missing/empty/blank file, counts by type, skips bad entries) and the Go backfill (backfill fires, not overwritten if already set, no backfill on zero).
- Clean struct design:
usageActivitySafeOutputsfollows the existing pattern of the other activity structs.
One inline note
Hardcoded path in parseSafeOutputsManifest() — see inline comment. Non-blocking, but worth aligning with the MANIFEST_FILE_PATH constant that already exists in constants.cjs.
🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 89.4 AIC · ⌖ 6.59 AIC · ⊞ 4.9K
| * @returns {{ total_items: number, items_by_type: Record<string, number> } | null} | ||
| */ | ||
| function parseSafeOutputsManifest() { | ||
| const manifestPath = "/tmp/gh-aw/safe-output-items.jsonl"; |
There was a problem hiding this comment.
The manifest path is hardcoded as /tmp/gh-aw/safe-output-items.jsonl directly here, but MANIFEST_FILE_PATH from constants.cjs already defines this exact path — and sibling modules like safe_output_manifest.cjs import it from there.\n\nConsider reusing the constant to avoid silent drift if the path ever changes:\njs\nconst { MANIFEST_FILE_PATH } = require('./constants.cjs');\n// ...\nconst manifestPath = MANIFEST_FILE_PATH;\n\n\n@copilot please address this.
Skills-Based Review Summary 🧠Applied The approach is correct — downloading the 🔴 Ordering bug in
|
| Issue | File | Comment |
|---|---|---|
| Missing integration test for the combined pipeline | logs_usage_activity_test.go |
See inline comment |
| Shared global manifest path blocks test isolation | generate_usage_activity_summary.test.cjs |
See inline comment |
Hardcoded path in parseSafeOutputsManifest |
generate_usage_activity_summary.cjs |
See inline comment |
No id: on download step (masks silent failures) |
notify_comment.go |
See inline comment |
The implementation quality of the new code is solid — good error handling, correct null returns, and thorough unit tests. The primary ask is to fix the call-site ordering and make the path injectable.
@copilot please address the review comments above.
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 162.1 AIC · ⌖ 8.27 AIC · ⊞ 6.6K · ◷
Comment /matt to run again
There was a problem hiding this comment.
Skills-Based Review 🧠
Applied /diagnosing-bugs, /tdd, and /codebase-design — requesting changes on one correctness bug and three supporting improvements.
📋 Key Themes & Highlights
Key Themes
- Ordering bug (blocks the fix):
applyUsageActivitySummaryToResultinlogs_run_processor.goruns beforeextractCreatedItemsFromManifestunconditionally resetsSafeItemsCountto 0. The backfill guardSafeItemsCount == 0is therefore always satisfied at call time, but the result is always overwritten by the subsequent line — making the entire backfill logic dead code. This file was not changed in the PR, but the call-site ordering must be fixed for the bug to actually be resolved. - Test isolation:
parseSafeOutputsManifesttests write to a shared global path/tmp/gh-aw/safe-output-items.jsonl; the hardcoded path in the implementation forces this. Accepting the path as an optional parameter would close both issues at once. - Observability gap: The new download-artifact step has no
id:, socontinue-on-errorfailures are invisible to downstream steps and harder to diagnose. - Missing integration test: Unit tests for
applyUsageActivitySummaryToResultare thorough, but no test exercises the combined processor pipeline to catch the ordering regression.
Positive Highlights
- ✅
parseSafeOutputsManifestis well-structured: consistent error handling, correct null-returns for all empty/missing cases - ✅ Good use of
continue-on-error: trueon the download step — workflows without safe outputs won't fail - ✅ The
usageActivitySafeOutputsstruct mirrors the JSON schema cleanly and is exported from the module for testing - ✅ Test coverage for the new Go and JS code is comprehensive — 4 new Go tests and 5 new JS tests covering all boundary conditions
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 162.1 AIC · ⌖ 8.27 AIC · ⊞ 6.6K
Comment /matt to run again
|
|
||
| applyUsageActivitySummaryToResult(summary, &result, true) | ||
|
|
||
| assert.Equal(t, 3, result.Run.SafeItemsCount, "SafeItemsCount should be backfilled from usage summary safe_outputs.total_items") |
There was a problem hiding this comment.
[/tdd] This test calls applyUsageActivitySummaryToResult in isolation and correctly validates the backfill — but there is no integration test in logs_run_processor.go that verifies the overall call order: currently applyUsageActivitySummaryToResult runs before extractCreatedItemsFromManifest in the processor, so the backfill is always overwritten. A test that exercises the full downloadRunArtifactsConcurrent path with a missing manifest artifact (so extractCreatedItemsFromManifest returns 0) would catch this ordering bug.
💡 What to add
Add a test to logs_run_processor_test.go (or equivalent) that:
- Sets up a run directory without a
safe-output-items.jsonlmanifest file - Provides a
usage/activity/summary.jsonwithsafe_outputs.total_items > 0 - Invokes the processor pipeline
- Asserts that
result.Run.SafeItemsCountequals the summary value (not 0)
This would have caught the ordering bug before merge.
@copilot please address this.
| }); | ||
|
|
||
| describe("parseSafeOutputsManifest", () => { | ||
| const manifestPath = "/tmp/gh-aw/safe-output-items.jsonl"; |
There was a problem hiding this comment.
[/tdd] The manifest path /tmp/gh-aw/safe-output-items.jsonl is shared across all test runs in the suite. If another test or a parallel vitest worker writes to the same path, tests can interfere with each other — the afterEach cleanup only helps within the same describe block.
💡 Suggested fix — use a unique tmp path per test
Follow the same pattern used in the parseFirewallLogs suite: create a unique directory per test and pass it as a parameter, or stub fs so the manifest path can be overridden:
// Option A: unique dir per test
const testDir = fs.mkdtempSync('/tmp/gh-aw-test-');
const manifestPath = path.join(testDir, 'safe-output-items.jsonl');Or expose the manifest path as a parameter to parseSafeOutputsManifest(manifestPath?) so tests can inject a unique path.
@copilot please address this.
| * @returns {{ total_items: number, items_by_type: Record<string, number> } | null} | ||
| */ | ||
| function parseSafeOutputsManifest() { | ||
| const manifestPath = "/tmp/gh-aw/safe-output-items.jsonl"; |
There was a problem hiding this comment.
[/codebase-design] parseSafeOutputsManifest() has a hardcoded path /tmp/gh-aw/safe-output-items.jsonl. Every other parser in this file (parseFirewallLogs, parseGatewayLogs, parseSessionLogs) derives its paths via globSync or a configurable variable. The hardcoded path makes the function untestable with unique paths per test (the tests must write to the exact global path) and makes the module harder to reuse in non-standard environments.
💡 Accept an optional path parameter
function parseSafeOutputsManifest(manifestPath = "/tmp/gh-aw/safe-output-items.jsonl") {
if (!fs.existsSync(manifestPath)) {
return null;
}
// ...
}Tests can then pass a temp-unique path, and main() continues to use the default.
@copilot please address this.
| usageArtifactName := prefix + "usage" | ||
| safeOutputsItemsArtifactName := prefix + constants.SafeOutputItemsArtifactName | ||
| return []string{ | ||
| " - name: Download safe outputs items manifest\n", |
There was a problem hiding this comment.
[/diagnosing-bugs] The download step has no id: field. When continue-on-error: true silently masks a failure (e.g., the artifact doesn't exist yet, or there's a naming mismatch), there is no way to detect this in subsequent steps via steps.<id>.outcome. Future debugging will require reading the full workflow log to find out whether the download actually succeeded.
💡 Add an id for observability
- name: Download safe outputs items manifest
id: download-safe-outputs-manifest
if: always()
continue-on-error: true
uses: actions/download-artifact@...Then a later diagnostic step can check ${{ steps.download-safe-outputs-manifest.outcome }} without scanning raw logs.
@copilot please address this.
|
@copilot please run the
|
Smoke Test: Gemini
Overall Status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
@copilot merge main and recompile |
|
Smoke test: FAIL
Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
💥 Smoke Test: Claude — Run 28636821292Core #1-12: ✅ all passed (GitHub read, gh CLI, make build, Playwright, Tavily, file/bash, discussion, AW status, Slack, code-scan alert, check-run) Overall: PARTIAL (all executable tests passed; 2 skipped by design) Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · 100.4 AIC · ⌖ 31.5 AIC · ⊞ 8.7K
Comment /smoke-claude to run again
| @@ -77,9 +77,20 @@ func (c *Compiler) buildConclusionJob(data *WorkflowData, mainJobName string, sa | |||
|
|
|||
| // buildUsageArtifactUploadSteps creates steps that collect and upload a compact usage artifact. | |||
| // The artifact includes aw_info.json, aw-info.jsonl, agent_usage.json, agent_usage.jsonl, detection_usage.jsonl, and agent/detection token usage JSONL files (when present). | |||
| // It also downloads the safe-outputs-items artifact so that generate_usage_activity_summary.cjs | |||
There was a problem hiding this comment.
Nice — the doc comment clearly explains the new manifest download behavior. 👍
| func buildUsageArtifactUploadSteps(prefix string, pinAction func(string) string) []string { | ||
| usageArtifactName := prefix + "usage" | ||
| safeOutputsItemsArtifactName := prefix + constants.SafeOutputItemsArtifactName |
There was a problem hiding this comment.
Deriving the artifact name from the constant keeps this DRY — looks good.
|
Smoke tests: 15 total, 0 passed, 15 failed ❌\nOverall status: FAIL\nTested PRs: none\n@app/copilot-swe-agent
|
|
PR: fix(safe-outputs): bundle safe-outputs-items manifest into usage artifact to restore SafeItemsCount Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
Smoke test review submitted successfully.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · 630.6 AIC · ⌖ 9.82 AIC · ⊞ 19K
Comment /smoke-copilot to run again
Add label smoke to run again
|
Smoke Test Results:\n- List merged PRs: ✅\n- mcpscripts-gh PR list: ❌\n- Serena find_symbol: ❌\n- Playwright open/screenshot: ✅\n- Fetch GitHub: ✅\n- Create/read file: ✅\n- Discussion query: ❌\n- Build project: ❌\nOverall: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done — merged origin/main (all conflicts were in generated |
|
@copilot please run the
|
…rdering test Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Fixed the ordering bug in |
Since 2026-05-31,
SafeItemsCount=0andactuation_style=read_onlyon every run because thesafe-output-items.jsonlmanifest (uploaded assafe-outputs-itemsartifact by thesafe_outputsjob) was never downloaded in the conclusion job — soactivity/summary.jsoncontained no safe-output data, andgh aw logs --artifacts usagealways saw zero items.Changes
Conclusion job — download manifest before summary generation (
notify_comment.go)actions/download-artifactstep inbuildUsageArtifactUploadSteps()that fetches{prefix}safe-outputs-items→/tmp/gh-aw/before "Collect usage artifact files" runscontinue-on-error: trueso workflows with no safe outputs don't failUsage summary generator — parse manifest (
generate_usage_activity_summary.cjs)parseSafeOutputsManifest(): reads/tmp/gh-aw/safe-output-items.jsonl, returns{ total_items, items_by_type }keyed by handler type (create_issue,add_comment, …)safe_outputskey inactivity/summary.jsonGo backfill (
logs_usage_activity.go)usageActivitySafeOutputsstruct; whenSafeItemsCount == 0andsummary.SafeOutputs.TotalItems > 0, backfillresult.Run.SafeItemsCountfrom the summary — avoids masking genuine zero-item runs✨ PR Review Safe Output Test - Run 28636821292
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.