fix(daily-formal-spec-verifier): add sed -n to bash allowlist#39864
Merged
Conversation
…tool denial limit exceeded Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix daily formal spec verifier tool denial issue
fix(daily-formal-spec-verifier): add Jun 17, 2026
sed -n to bash allowlist
Contributor
There was a problem hiding this comment.
⚠️ Not ready to approve
The regenerated lockfile includes a substantial toolchain/runtime pin change (appearing to roll back several pinned versions) that isn’t clearly explained as part of the intended sed -n allowlist fix.
Pull request overview
Updates the Daily Formal Spec Verifier agentic workflow tool allowlist to permit sed -n (used for reading specific line ranges), and recompiles the generated workflow lockfile so the Copilot SDK server args include the corresponding shell(sed -n) allow-tool entry.
Changes:
- Add
"sed -n"to the workflow’stools.bashallowlist. - Recompile the workflow lockfile so the Copilot SDK server args include
--allow-tool shell(sed -n). - Update pinned
github/gh-aw-actions/setupaction version fromv0.79.6→v0.79.8across pin/lock data files.
File summaries
| File | Description |
|---|---|
pkg/workflow/data/action_pins.json |
Bumps the pinned github/gh-aw-actions/setup action version/SHA. |
pkg/actionpins/data/action_pins.json |
Mirrors the same github/gh-aw-actions/setup pin bump in the second pins dataset. |
.github/workflows/daily-formal-spec-verifier.md |
Adds "sed -n" to the bash tool allowlist. |
.github/workflows/daily-formal-spec-verifier.lock.yml |
Regenerated lockfile; now contains shell(sed -n) allow-tool plus many other generated changes. |
.github/aw/actions-lock.json |
Updates the action pin lock to match the new github/gh-aw-actions/setup version/SHA. |
Copilot's findings
- Files reviewed: 5/5 changed files
- Comments generated: 2
Note
Your feedback helps us improve the quality of this feature.
Please use 👍 or 👎 to tell us whether this assessment is correct.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+1
to
+2
| # gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"7282f619432d4e8888225711f1fb6a9fc3e9d18fb12eaeb3424fe198e8885c86","body_hash":"511c354d1036187b61d80cedbcc3a648d047e9e336b83a11a0bcc8bbf096319d","compiler_version":"v0.79.8","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.60","copilot-sdk":"1.0.0"}} | ||
| # gh-aw-manifest: {"version":1,"secrets":["GH_AW_AGENT_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6.0.3"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"c0338fef4749d08c21f8f975fb0e37efa17dda47","version":"v0.79.8"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2","digest":"sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2@sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2","digest":"sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2@sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2","digest":"sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2@sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2","digest":"sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.25","digest":"sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.25@sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa"},{"image":"ghcr.io/github/github-mcp-server:v1.1.2","digest":"sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c","pinned_image":"ghcr.io/github/github-mcp-server:v1.1.2@sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c"}]} |
Comment on lines
+153
to
+156
| "github/gh-aw-actions/setup@v0.79.8": { | ||
| "repo": "github/gh-aw-actions/setup", | ||
| "version": "v0.79.6", | ||
| "sha": "5c2fe865bb4dc46e1450f6ee0d0541d759aea73a" | ||
| "version": "v0.79.8", | ||
| "sha": "c0338fef4749d08c21f8f975fb0e37efa17dda47" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
Daily Formal Spec Verifierworkflow was hitting the Copilot SDK's max tool denial guardrail (5/5 denials) because the agent usedsed -n 'X,Yp' pkg/cli/*.goto read specific line ranges from Go source files — a command not in the bash allowlist.Changes
.github/workflows/daily-formal-spec-verifier.md— adds"sed -n"to thetools.bashallowlist.github/workflows/daily-formal-spec-verifier.lock.yml— recompiled; now includes--allow-tool "shell(sed -n)"in the Copilot SDK server argsDue to how
sanitizeCopilotShellCommandtruncates at the first single quote, specifying"sed -n"in the allowlist correctly generates the prefix-matchshell(sed -n), covering allsed -n 'X,Yp' <file>invocations.