Skip to content

feat: protect well-known top-level .md files from agent modification#29794

Merged
pelikhan merged 8 commits into
mainfrom
copilot/add-protection-for-top-level-md-files
May 2, 2026
Merged

feat: protect well-known top-level .md files from agent modification#29794
pelikhan merged 8 commits into
mainfrom
copilot/add-protection-for-top-level-md-files

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 2, 2026
edited
Loading

Agents frequently import top-level .md files as context. Common root-level Markdown files (README.md, CONTRIBUTING.md, CHANGELOG.md, SECURITY.md, CODE_OF_CONDUCT.md) should therefore be treated as protected files alongside existing agent instruction files like AGENTS.md, CLAUDE.md, and GEMINI.md.

Changes

  • runtime_definitions.go — adds README.md, CONTRIBUTING.md, CHANGELOG.md, SECURITY.md, and CODE_OF_CONDUCT.md to securityConfigFiles, so they appear in the existing protected_files array sent to the runtime handler. No new config flag is introduced; the existing protected_files basename-matching mechanism handles these files, and the standard exclude list can be used to opt specific files out.

  • compiler_safe_outputs_handlers.go — no new flags; the new files are picked up automatically via getAllManifestFiles().

  • safe-outputs-pull-requests.md — documents the newly protected files in the "What Is Protected" section and adds a tip explaining that workflows explicitly designed to modify a root-level Markdown file (e.g. CHANGELOG.md) should add it to the exclude list in their frontmatter.

  • spec-extractor.md — adds protected-files: exclude: [README.md] since this workflow writes pkg/*/README.md specification files. Because protected_files uses basename-only matching, README.md at any path depth would otherwise be blocked.

  • daily-community-attribution.md — adds protected-files: exclude: [README.md] since this workflow explicitly updates the root-level README.md Community Contributions section.

  • TestsTestProtectTopLevelMdFiles Go test verifies that README.md, CONTRIBUTING.md, CHANGELOG.md, SECURITY.md, and CODE_OF_CONDUCT.md are present in protected_files for both handler configs; JS checkFileProtection tests updated to use protected_files directly; TestProtectTopLevelDotFolders and TestProtectTopLevelMdFiles share an extractHandlerManagerConfigJSON helper to eliminate duplication.

@pelikhan
feat: protect all top-level .md files from agent modification
6ad259b 
Add protect_top_level_md_files flag to both create_pull_request and
push_to_pull_request_branch handlers so that any .md file at the
repository root is treated as a protected file. Agents may import any
top-level .md file (e.g. README.md, CONTRIBUTING.md) at any time, so
all such files should require explicit protected-files: allowed override.

- manifest_file_helpers.cjs: add checkForTopLevelMdFiles() function and
  wire it into checkFileProtection() via protect_top_level_md_files flag
- compiler_safe_outputs_handlers.go: emit protect_top_level_md_files: true
  as a default in both PR-creating handler configs
- Tests added for both the JS helper function and the Go compiler output

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/cccddca6-61d5-4ae6-964c-1390cc25ba47

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan pelikhan marked this pull request as ready for review May 2, 2026 17:56
Copilot AI review requested due to automatic review settings May 2, 2026 17:56
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 2, 2026

@copilot Merge main and review all comments

Copilot AI reviewed May 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new safe-outputs protection rule to block agent modifications to any root-level Markdown files (e.g., README.md, CONTRIBUTING.md), since these can be imported as context/instructions.

Changes:

  • Add checkForTopLevelMdFiles() and integrate it into checkFileProtection() behind a new protect_top_level_md_files flag.
  • Emit protect_top_level_md_files: true by default in the Go compiler for relevant handler configs.
  • Update JS/Go tests and update workflow lock configs to include the new flag.
Show a summary per file
File Description
pkg/workflow/compiler_safe_outputs_handlers.go Adds protect_top_level_md_files: true default to handler configs.
pkg/workflow/compiler_safe_outputs_config_test.go Adds a Go test asserting the new flag is always present/true in handler configs.
actions/setup/js/manifest_file_helpers.cjs Implements top-level .md detection and includes it in protection checks.
actions/setup/js/manifest_file_helpers.test.cjs Adds unit tests for the new detector and integration tests for protection behavior.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/weekly-editors-health-check.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/weekly-blog-post-writer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/update-astro.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/unbloat-docs.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/ubuntu-image-analyzer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/tidy.lock.yml Adds protect_top_level_md_files to locked handler config JSON (create + push handlers).
.github/workflows/test-create-pr-error-handling.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/technical-doc-writer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/spec-extractor.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/spec-enforcer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/smoke-update-cross-repo-pr.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/smoke-project.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/smoke-multi-pr.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/smoke-create-cross-repo-pr.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/smoke-claude.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/slide-deck-maintainer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/schema-feature-coverage.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/refiner.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/q.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/poem-bot.lock.yml Adds protect_top_level_md_files to locked handler config JSON (create + push handlers).
.github/workflows/mergefest.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/layout-spec-maintainer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/jsweep.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/instructions-janitor.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/hourly-ci-cleaner.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/go-logger.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/glossary-maintainer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/github-mcp-tools-report.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/functional-pragmatist.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/dictation-prompt.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/developer-docs-consolidator.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/design-decision-gate.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/dependabot-repair.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/dead-code-remover.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-workflow-updater.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-safe-output-integrator.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-rendering-scripts-verifier.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-doc-updater.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-doc-healer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-community-attribution.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-caveman-optimizer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/daily-architecture-diagram.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/craft.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/code-simplifier.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/code-scanning-fixer.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/cloclo.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/ci-coach.lock.yml Adds protect_top_level_md_files to locked handler config JSON.
.github/workflows/changeset.lock.yml Adds protect_top_level_md_files to locked handler config JSON.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 54/54 changed files
  • Comments generated: 2

Comment thread actions/setup/js/manifest_file_helpers.cjs Outdated
Comment on lines +240 to +242
const { topLevelDotFoldersFound } = config.protect_top_level_dot_folders ? checkForTopLevelDotFolders(patchContent, dotFolderExcludes) : { topLevelDotFoldersFound: [] };
const allFound = [...new Set([...manifestFilesFound, ...protectedPathsFound, ...topLevelDotFoldersFound])];
const { topLevelMdFilesFound } = config.protect_top_level_md_files ? checkForTopLevelMdFiles(patchContent) : { topLevelMdFilesFound: [] };
const allFound = [...new Set([...manifestFilesFound, ...protectedPathsFound, ...topLevelDotFoldersFound, ...topLevelMdFilesFound])];
Comment thread pkg/workflow/compiler_safe_outputs_config_test.go Outdated
Comment on lines +2599 to +2624
func TestProtectTopLevelMdFiles(t *testing.T) {
compiler := NewCompiler()
workflowData := &WorkflowData{
Name: "Test Workflow",
SafeOutputs: &SafeOutputsConfig{
CreatePullRequests: &CreatePullRequestsConfig{
BaseSafeOutputConfig: BaseSafeOutputConfig{Max: strPtr("1")},
},
PushToPullRequestBranch: &PushToPullRequestBranchConfig{},
},
}

var steps []string
compiler.addHandlerManagerConfigEnvVar(&steps, workflowData)
require.NotEmpty(t, steps, "should produce config steps")

var configJSON string
for _, step := range steps {
if strings.Contains(step, "GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG") {
parts := strings.Split(step, "GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: ")
require.Len(t, parts, 2, "should split env var line")
configJSON = strings.TrimSpace(parts[1])
configJSON = strings.Trim(configJSON, "\"")
configJSON = strings.ReplaceAll(configJSON, "\\\"", "\"")
}
}
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 2, 2026

@copilot update the instructions file to explain that if a AW plans to modify any top level markdown files, it should exclude them from protected-files in the front matter

Copilot AI and others added 2 commits May 2, 2026 18:03
@pelikhan
Merge remote-tracking branch 'origin/main' into copilot/add-protectio…
f5cde40 
…n-for-top-level-md-files

# Conflicts:
#	.github/workflows/unbloat-docs.lock.yml

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Merge remote-tracking branch 'origin/main' into copilot/add-protectio…
7a84a94 
…n-for-top-level-md-files

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/9eeb44f2-7ad3-4967-abdd-c51e5db38114

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 2, 2026
edited
Loading

@copilot Merge main and review all comments

Done — merged main into this branch (7a84a94). The only conflict was in .github/workflows/unbloat-docs.lock.yml, which I resolved by keeping the HEAD version (which includes the new protect_top_level_md_files: true field). Build, recompile, and tests all pass.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv get ection-for-top-level-md-files repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } credential.userngit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows --local repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } credential.userngit (http block)
  • https://api.github.com/repos/actions/download-artifact/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv ns.json and pkg/workflow/data/action_pins.json...&#34; (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv logs/command.sh (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows ection-for-top-level-md-files cal/bin/bash credential.userngit (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv evel-md-files^{commit} (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch ithub/workflows --local /usr/sbin/git committer.name (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI requested a review from pelikhan May 2, 2026 18:04
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 2, 2026

@copilot do not add new field protect_top_level_md_files , there is already protected_files

Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 2, 2026

@copilot update the instructions file to explain that if a AW plans to modify any top level markdown files, it should exclude them from protected-files in the front matter

Done in 4eac289. Updated docs/src/content/docs/reference/safe-outputs-pull-requests.md to:

  • Add "Any top-level .md file" to the "What Is Protected" list, explaining that root-level Markdown files are protected because agents can import them as context
  • Expand the exclude example to show CHANGELOG.md alongside AGENTS.md
  • Update the explanation to note that top-level .md basenames in the exclude list opt those files out of the protection rule
  • Add a :::tip callout specifically for workflows designed to modify root-level Markdown files, with an example frontmatter snippet

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 2, 2026

@copilot review all existing agentic workflows that may write top-level files such as radiate.me.md and agents.md, and ensure they have proper protected file exclusions configured.

@pelikhan
refactor: replace protect_top_level_md_files flag with entries in sec…
278cc1c 
…urityConfigFiles

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/4bd4dfc7-b313-457d-8e52-7db656e54720

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 2, 2026
edited
Loading

@copilot do not add new field protect_top_level_md_files , there is already protected_files

Done in 278cc1c. Removed protect_top_level_md_files as a new config flag. Instead, added README.md, CONTRIBUTING.md, CHANGELOG.md, SECURITY.md, and CODE_OF_CONDUCT.md directly to securityConfigFiles in runtime_definitions.go, so they appear in the existing protected_files array. Removed checkForTopLevelMdFiles from the JS helper and all associated tests/type defs; updated Go and JS tests to assert the specific filenames are present in protected_files.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw main /git git conf�� commit.gpgsign false n-dir/git 53da2d4dda105ee5/opt/hostedtoolcache/node/24.14.1/x64/bin/node e9224640..featur--experimental-import-meta-resolve k/gh-aw/gh-aw/ac--require git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --stdin ndor/bin/git git conf�� commit.gpgsign false ode_modules/.bin/node 53da2d4dda105ee5/opt/hostedtoolcache/node/24.14.1/x64/bin/node e9224640..featur--experimental-import-meta-resolve es/.bin/git git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --quiet tions/setup/js/node_modules/.binrun forks.js add . git thon3 e9224640..featur/opt/hostedtoolcache/node/24.14.1/x64/bin/node 0e517ce2f7933605--experimental-import-meta-resolve t git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --binary ings.cjs rgo/bin/git 53da2d4dda105ee5python3 ode_modules/vite/tmp/python-handler-test-DmoKB4/text-output.py /home/REDACTED/.cargo/bin/git forks.js conf�� commit.gpgsign st/suppress-warnings.cjs /python3 e_outputs_tools./opt/hostedtoolcache/node/24.14.1/x64/bin/node ode_modules/vite--experimental-import-meta-resolve /git st/dist/workers//home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/suppress-warnings.cjs (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv . git repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } feature; rm -rf git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 git sv feature; rm -rf git (http block)
  • https://api.github.com/repos/actions/download-artifact/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv test-V0etiC/test.go tions/setup/js/node_modules/vitest/suppress-warnings.cjs $name) { hasDiscussionsEnabled } } --require /home/REDACTED/worapi modules/@npmcli//repos/actions/github-script/git/ref/tags/v9 tions/setup/js/n--jq init�� -q /opt/hostedtoolcache/node/24.14.false k/gh-aw/gh-aw/actions/setup/node_modules/.bin/python3 process.stderr.wgh d2354654..696771api k/gh-aw/gh-aw/ac/repos/docker/setup-buildx-action/git/ref/tags/v4 git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv test-V0etiC/test.go tions/setup/js/node_modules/vitest/suppress-warnings.cjs k/gh-aw/gh-aw/actions/setup/node_modules/.bin/go --require /home/REDACTED/worapi cal/bin/git tions/setup/js/n--jq conf�� test-KMLga4/test-cwd.go Test repository(owner: $owner, name:-f process.stderr.wgit d2354654..696771-C /git git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv --binary ings.cjs it 53da2d4dda105ee5python3 ode_modules/vite/tmp/python-handler-test-DmoKB4/text-output.py ache/go/1.25.8/x64/bin/git forks.js conf�� commit.gpgsign st/suppress-warnings.cjs k/gh-aw/node_modules/.bin/git e_outputs_tools./opt/hostedtoolcache/node/24.14.1/x64/bin/node ode_modules/vite--experimental-import-meta-resolve 1/x64/lib/node_m--require st/dist/workers//home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/suppress-warnings.cjs (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv --binary --output=/tmp/git-patch-utils-DlZDcK/.diffsize.tmp k/gh-aw/gh-aw/actions/node_modules/.bin/git email &#34;test@exampython3 main git git conf�� commit.gpgsign st/suppress-warnings.cjs it 53da2d4dda105ee5/opt/hostedtoolcache/node/24.14.1/x64/bin/node e9224640..featur--experimental-import-meta-resolve /opt/hostedtoolc--require st/dist/workers//home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/suppress-warnings.cjs (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv --binary 016da4885a2dcfa2-w thon3 nit&#34; main t git conf�� commit.gpgsign false git 53da2d4dda105ee5/opt/hostedtoolcache/node/24.14.1/x64/bin/node e9224640..featur--experimental-import-meta-resolve tions/setup/js/n--require git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --binary ings.cjs ode_modules/.bin/git 53da2d4dda105ee5python3 ode_modules/vite/tmp/python-handler-test-DmoKB4/text-output.py tions/setup/js/node_modules/.bin-q forks.js conf�� commit.gpgsign st/suppress-warnings.cjs in/git e_outputs_tools./opt/hostedtoolcache/node/24.14.1/x64/bin/node ode_modules/vite--experimental-import-meta-resolve /home/REDACTED/wor--require st/dist/workers//home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/suppress-warnings.cjs (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows git python3 feature; rm -rf git (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv . git x_amd64/asm HEAD 53da2d4dda105ee5api ode x_amd64/asm init�� -q /bin/sh rgo/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv . git de_modules/.bin/development HEAD 53da2d4dda105ee5api tions/setup/js/ngraphql git init�� -q /bin/sh k/gh-aw/gh-aw/ac-f git add . forks.js 64/bin/git git (http block)
  • https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --binary --output=/tmp/git-patch-utils-mlGNdz/.diffsize.tmp 1/x64/bin/node hacked git _modules/.bin/gigraphql 1/x64/bin/node ve . tions/setup/js/nowner=github ache/go/1.25.8/x-f --require /home/REDACTED/wor-C tions/setup/js/n/home/REDACTED/work/gh-aw/gh-aw/.github/workflows tions/setup/js/nconfig (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --binary --output=/tmp/git-patch-utils-mlGNdz/.diffsize.tmp 1/x64/bin/node hacked git run-script/lib/n/repos/actions/github-script/git/ref/tags/v9 1/x64/bin/node ve test-V0etiC/test.go tions/setup/js/node_modules/vitest/suppress-warnings.cjs r: $owner, name: $name) { hasDiscussionsEnabled } } --require /home/REDACTED/worimage tions/setup/nodeinspect tions/setup/js/nghcr.io/github/serena-mcp-server:latest (http block)
  • https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --binary --output=/tmp/git-patch-utils-mlGNdz/.diffsize.tmp 1/x64/bin/node hacked git ode_modules/.bin/home/REDACTED/work/gh-aw/gh-aw 1/x64/bin/node ve def6316056a12d4907a9d4d84ff7a3b tions/setup/js/node_modules/vitest/suppress-warnings.cjs bin/go --require /home/REDACTED/wor-C es/.bin/git tions/setup/js/nshow (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --binary --output=/tmp/git-patch-utils-mlGNdz/.diffsize.tmp 1/x64/bin/node hacked git /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows 1/x64/bin/node ve test-V0etiC/test.go tions/setup/js/node_modules/viteowner=github r: $owner, name: $name) { hasDiscussionsEnabled } } --require /home/REDACTED/wor-1 de_modules/.bin/xterm-color tions/setup/js/node_modules/vitest/dist/workers/show (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch ithub/workflows main ache/node/24.14.-f feature | cat /egit git bin/git ache/node/24.14.show mpor�� /tmp/go-handler-test-zl1Uam/no-input.go k/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/suppress-warnings.cjs rostylelite-markdown-spellcheck.lock.yml it ings.cjs odules/npm/node_/home/REDACTED/work/gh-aw/gh-aw k/gh-aw/gh-aw/acshow (http block)
  • invalid.example.invalid
    • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git git conf�� user.email test@example.com ache/uv/0.11.8/x86_64/git /tmp/bare-incremgit . bin/git git clon�� /tmp/bare-incremental-Lpxr41 . it README.md git t git (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title feat: protect all top-level .md files from agent modification feat: protect well-known top-level .md files from agent modification May 2, 2026
@pelikhan
fix: add README.md exclude to spec-extractor and daily-community-attr…
9480c7d 
…ibution workflows

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/b6e07ed4-14dd-4921-bf0f-8e5561d2964c

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 2, 2026
edited
Loading

@copilot review all existing agentic workflows that may write top-level files such as radiate.me.md and agents.md, and ensure they have proper protected file exclusions configured.

Done in 9480c7d. Reviewed all workflows and found two that write to files with now-protected basenames:

  • spec-extractor.md — writes pkg/*/README.md specification files. Since protected_files uses basename-only matching, all README.md files at any path would be blocked. Added exclude: [README.md].
  • daily-community-attribution.md — explicitly writes the root-level README.md. Added exclude: [README.md].

Other workflows were already correctly handled:

  • update-astro, instructions-janitor, daily-workflow-updater, daily-caveman-optimizer — already have protected-files: allowed
  • spec-enforcer — writes only .go test files, not README.md
  • daily-doc-updater — writes files under docs/, already has protected-files: fallback-to-issue as a soft guard
  • refiner — no edit tool, cannot write files directly

I didn't find a radiate.me.md file in the repo — it may have been removed or never committed.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw credential.usern--norc nfig/composer/ve--noprofile cho -c TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md ty-red-team.md&#34; | head -5; echo /usr/bin/grep \|Community.*REAbash gpg.program ache/node/24.14.--noprofile grep (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw credential.usern--norc 86_64/sh HANGELOG&#34; | head -5; echo -c ot-go-checker.md&#34;; content=$(grep -i &#34;safe-output\|create.pull.request&#34; &#34;$file&#34; | head -3); if [git ty-red-team.md&#34; | head -5; echo bin/sh smoke-project.mdbash s/daily-communit--norc tnet/tools/sh md|CHANGELOG&#34; | head -5; echo (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw credential.usern--norc ache/node/24.14.--noprofile HANGELOG&#34; | head -5; echo -c ot-go-checker.md&#34;; content=$(grep -i &#34;safe-output\|create.pull.request&#34; &#34;$file&#34; | head -3); if [/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link ty-red-team.md&#34; create-pull-request: nfig/composer/vendor/bin/sh &#34; | head -3); ifbash commit.gpgsign k/_temp/uv-pytho--noprofile md|CHANGELOG&#34; | head -5; echo (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md ver.md&#34; | head -5; echo 1/x64/bin/sh r.md&#34; 2&gt;/dev/nulbash --local h sh -c TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md ad -5; echo n-dir/bash /smoke-multi-pr.bash md rgo/bin/sh head (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --noprofile 5; echo repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } S.md cho (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 5; echo sv S.md (http block)
  • https://api.github.com/repos/actions/download-artifact/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv README.md\|CHANGELOG.md\|CONTRIBUTING.md\|SECURIgh-aw .github/workflows/daily-performance-summary.md $name) { hasDiscussionsEnabled } } 30 &#34;create-pullgh .github/workflowapi p/bin/bash grep -qi README.md\|CHANGELOG.md\|CONTRIBUTING.md\|SECURIremote.origin.url .github/workflows/smoke-test-tools.md /home/REDACTED/work/_temp/uv-python-dir/bash S.md (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv README.md\|CHANGELOG.md\|CONTRIBUTING.md\|SECURITY.md\|CODE_OF_CONDUCT.md\|AGENTS.md .github/workflows/daily-safe-output-optimizer.md /usr/bin/grep S.md (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md ver.md&#34; | head -5; echo p/bin/sh r.md&#34; 2&gt;/dev/nulbash s/breaking-chang--norc tnet/tools/sh cho -c TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md ad -5; echo /usr/bin/grep /smoke-multi-pr.bash committer.email ndor/bin/bash HANGELOG&#34; | head -5; echo (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md .md nfig/composer/vendor/bin/sh lows/safe-outputbash s/changeset.md tnet/tools/sh cho -c TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md ty-red-team.md&#34; | head -5; echo /usr/bin/head smoke-project.mdbash gpg.program ndor/bin/sh md|CHANGELOG&#34; | head -5; echo (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md ver.md&#34; | head -^--- /usr/local/sbin/sh r.md&#34; 2&gt;/dev/nulbash --local n-dir/sh cho -c TY.md\|CODE_OF_CONDUCT.md\|AGENTS.md ad -5; echo bin/sh /smoke-multi-pr.bash committer.email p/bin/sh OG&#34; | head -5; echo (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows 5; echo cal/bin/bash S.md k/_temp/runtime--C nfig/composer/ve/home/REDACTED/work/gh-aw/gh-aw head -10 (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv rkflows/weekly-editors-health-check.md&#34;; grep -A 30 &#34;create-pull-request:&#34; &#34;.github/workflows/we/usr/bin/gh ad -5; echo cal/bin/bash -3); if [ -n &#34;$/usr/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv l-request explorer.md /home/REDACTED/.local/bin/sh -3); if [ -n &#34;$/usr/bin/gh (http block)
  • https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv file=&#34;.github/woremote.origin.url -5; echo ash eate-pull-reques/usr/bin/gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv file=&#34;.github/workflows/update-aremote.origin.url -5; echo ache/uv/0.11.8/x86_64/bash t\|create.pull.rgit (http block)
  • https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv file=&#34;.github/workflows/update-astro.md&#34;; content=$(grep -i &#34;safe-output\|create.pull.request&#34; &#34;gh -5; echo tnet/tools/bash \|create.pull.regit .github/workflow-C /home/REDACTED/.do/home/REDACTED/work/gh-aw/gh-aw grep -qi README.md\|CHANGELOG.md\|CONTRIBUTING.md\|SECURITY.md\|CODE_OF_CONDUCT.md\|AGENTS.md .github/workflows/daily-multi-device-docs-tester.md ache/node/24.14.1/x64/bin/bash 30 &#34;create-pullgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv file=&#34;.github/workflows/update-a-f -5; echo 1/x64/bin/bash t\|create.pull.rgit (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch ithub/workflows security ash OUTPUT -d 168.63.129.16 bash --no�� --noprofile conntrack rostylelite-markdown-spellcheck.lock.yml INVALID,NEW -j DROP bash (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 2, 2026

@copilot merge main and recompile.

Copilot AI and others added 2 commits May 2, 2026 18:52
@pelikhan
Merge remote-tracking branch 'origin/main' into copilot/add-protectio…
443034a 
…n-for-top-level-md-files

# Conflicts:
#	.github/workflows/schema-feature-coverage.lock.yml

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
merge: merge main and recompile lock files
c1edcf6 
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/10cf0479-4d6e-42ba-ac51-c2a57e048f04

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 2, 2026
edited
Loading

@copilot merge main and recompile.

Done in c1edcf6. Merged main (one conflict in schema-feature-coverage.lock.yml, resolved by keeping HEAD) and recompiled — two lock files updated: daily-subagent-optimizer.lock.yml and schema-feature-coverage.lock.yml.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/constants/constants.go /home/REDACTED/work/gh-aw/gh-aw/pkg/constants/engine_constants.go (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --get-regexp --local repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 --local sv (http block)
  • https://api.github.com/repos/actions/download-artifact/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv ns.json and pkg/workflow/data/action_pins.json...&#34; (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -c=4 -nolocalimports -importcfg /tmp/go-build2170153962/b345/importcfg -embedcfg /tmp/go-build2170153962/b345/embedcfg -pack (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows --local tnet/tools/bash (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch ithub/workflows --local cal/bin/bash credential.userngit (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan merged commit 38b1b27 into main May 2, 2026
@pelikhan pelikhan deleted the copilot/add-protection-for-top-level-md-files branch May 2, 2026 18:58
This was referenced May 2, 2026
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan