Skip to content

Fix step summary truncation: forward GITHUB_STEP_SUMMARY into sandbox for all engines, increase text limit to 2000 chars#19821

Merged
pelikhan merged 8 commits intomainfrom
copilot/fix-step-summary-truncation
Mar 6, 2026
Merged

Fix step summary truncation: forward GITHUB_STEP_SUMMARY into sandbox for all engines, increase text limit to 2000 chars#19821
pelikhan merged 8 commits intomainfrom
copilot/fix-step-summary-truncation

Conversation

Copy link
Contributor

Copilot AI commented Mar 6, 2026
edited
Loading

  • Add AgentStepSummaryPath constant and generateAgentStepSummaryAppend step
  • Forward GITHUB_STEP_SUMMARY for Copilot engine (AWF + non-AWF modes)
  • Forward GITHUB_STEP_SUMMARY for Codex engine (AWF + non-AWF modes)
  • Forward GITHUB_STEP_SUMMARY for Claude engine (AWF + non-AWF modes)
  • Forward GITHUB_STEP_SUMMARY for Gemini engine (AWF + non-AWF modes)
  • Move inline bash from "Append agent step summary" step to actions/setup/sh/append_agent_step_summary.sh
  • Increase truncation limit 500→2000 chars with visible [truncated: ...] notice
  • Update golden tests and recompile 166 lock files

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

Changeset

  • Type: patch
  • Description: Fix step summary truncation by forwarding GITHUB_STEP_SUMMARY into the sandbox, increasing the agent text limit to 2000 characters, and showing an explicit truncation notice.

Generated by Changeset Generator for issue #19821 ·

Warning

⚠️ Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

  • codeload.github.com
  • github.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "codeload.github.com"
    - "github.com"

See Network Configuration for more information.

✨ PR Review Safe Output Test - Run 22761537746

💥 [THE END] — Illustrated by Smoke Claude ·

Copilot AI and others added 2 commits March 6, 2026 08:27
@pelikhan
Initial plan for step summary truncation fixes
0407e75 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Fix step summary truncation: remove GITHUB_STEP_SUMMARY from agent en…
d9ff38d 
…v, increase text limit to 2000 chars, add visible truncation warning

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix step summary truncating agent output Fix step summary truncation: remove GITHUB_STEP_SUMMARY from agent env, increase text limit to 2000 chars Mar 6, 2026
@github-actions github-actions bot mentioned this pull request Mar 6, 2026
Open
@pelikhan
Copy link
Contributor

pelikhan commented Mar 6, 2026

@copilot create a empty step summary file in a reachable path for the agent step summary entries, pass it to the agent container, then append this file to the action step summary after the agent is done (after redacting secrets)

@pelikhan
Add agent step summary forwarding via /tmp/gh-aw/agent-step-summary.md
f3d0036 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 6, 2026
edited
Loading

@copilot create a empty step summary file in a reachable path for the agent step summary entries, pass it to the agent container, then append this file to the action step summary after the agent is do...

Done in f3d0036. Here's what was implemented:

  1. AgentStepSummaryPath = "/tmp/gh-aw/agent-step-summary.md" — new constant in engine_output.go. This path lives under /tmp/gh-aw/ which is already mounted inside the AWF sandbox.

  2. Before the agent runs — an empty file is created at that path:

    • AWF mode: via PathSetup: "touch " + AgentStepSummaryPath (runs on host before AWF starts, so the file is visible inside the container)
    • Non-AWF mode: a touch command is prepended to the shell script

  3. Agent envGITHUB_STEP_SUMMARY: AgentStepSummaryPath is set in both Copilot and Codex envs, so the agent writes its summary content to the sandbox-reachable file.

  4. After secret redaction — a new "Append agent step summary" step (generateAgentStepSummaryAppend) appends the file to the real $GITHUB_STEP_SUMMARY:

    if [ -s /tmp/gh-aw/agent-step-summary.md ]; then
  cat /tmp/gh-aw/agent-step-summary.md >> "$GITHUB_STEP_SUMMARY"
fi

    The redact_secrets.cjs already recursively scans all .md files under /tmp/gh-aw/, so the content is redacted before this step runs.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -ifaceassert -nilfunc git rev-�� --show-toplevel -tests /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw credential.helpe-c ache/go/1.25.0/x&#34;prettier&#34; --write &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-path ../../../.prettierignore e/git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 5467525/b347/_pknode (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw credential.helpe-c ache/go/1.25.0/x&#34;prettier&#34; --write &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-path ../../../.prettierignore git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 5467525/b349/_pknode (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha k/gh-aw/gh-aw/pkg/testutil/tempdir.go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -json stmain.go ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha get .cfg 64/pkg/tool/linux_amd64/vet http.https://gitgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -unreachable=false /tmp/go-build3155467525/b078/vet.cfg 5467525/b123/vet.cfg -c=4 -nolocalimports -importcfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3155467525/b236/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha se 5467525/b035/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha se 5467525/b087/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel DR0Xm2EPM75c /usr/bin/git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 5467525/b104/vet.cfg .cfg OUTPUT -d 168.63.129.16 ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 5467525/b092/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 5467525/b082/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha se 5467525/b034/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE k/_temp/ghcca-node/node/bin/bash GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha [:lower:] (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/bash GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha prettier --check 64/bin/go --ignore-path .prettierignore 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json ache/go/1.25.0/x--ignore-path /usr/bin/git se 5467525/b024/vet-c .cfg git rev-�� re --log-level=error ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet de --noprofile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha ath ../../../.pr**/*.json 64/pkg/tool/linu--ignore-path /usr/bin/git se 5467525/b027/vet-c .cfg git er --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git --noprofile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha xterm-color ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /sh se 5467525/b124/vet-o ache/go/1.25.0/x/tmp/go-build1187735683/b001/exe/a.out git rev-�� js/**/*.json&#39; ---buildmode=exe ache/go/1.25.0/x-buildid=AisG7RyFGUuhF7M_udHN/gdTVOBJcajfl-IuZVGPF/ADzGHLjWvU2QqU_AtbPS/AisG7RyF-1 (http block)
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/xgraphql git (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title Fix step summary truncation: remove GITHUB_STEP_SUMMARY from agent env, increase text limit to 2000 chars Fix step summary truncation: forward GITHUB_STEP_SUMMARY into sandbox, increase text limit to 2000 chars Mar 6, 2026
@pelikhan
Copy link
Contributor

pelikhan commented Mar 6, 2026

@copilot setting step summary file should be done for all agentic engines.

@pelikhan
Extend GITHUB_STEP_SUMMARY forwarding to Claude and Gemini engines
3e6f30a 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 6, 2026
edited
Loading

@copilot setting step summary file should be done for all agentic engines.

Done in 3e6f30a. GITHUB_STEP_SUMMARY is now forwarded to all four engines:

  • Claude (claude_engine.go): touch AgentStepSummaryPath combined with the existing promptSetup into hostSetup for AWF mode; prepended to the shell script for non-AWF mode
  • Gemini (gemini_engine.go): PathSetup: "touch " + AgentStepSummaryPath for AWF mode; touch prepended to the command for non-AWF mode

Both engines also have "GITHUB_STEP_SUMMARY": AgentStepSummaryPath added to their env maps.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE git rev-�� --show-toplevel GOPROXY /usr/bin/git GOSUMDB GOWORK 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go iptables -w -t security ch OUTPUT -d 168.63.129.16 git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -json GO111MODULE cal/bin/bash GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha ck &#39;**/*.cjs&#39; &#39;*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env e=false GO111MODULE 64/bin/go GOINSECURE %H %ct %D d7b3d2e5d85e8e0e--show-toplevel go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git e=false GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git thSetup_GorootOrgit GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel ortcfg /usr/bin/git edcfg GO111MODULE 64/bin/go git rev-�� --show-toplevel ache/go/1.25.0/xGO111MODULE /usr/bin/git 2175889/b397/_pkgit GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel ortcfg /usr/bin/git 23a0315c8ed0011dgit GO111MODULE 64/bin/go git rev-�� --show-toplevel ache/go/1.25.0/xGO111MODULE /usr/bin/git 2175889/b404/_pkgit GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ortcfg env d/gh-aw/main.go d/gh-aw/capitaliGOMOD 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/xgraphql git (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ortcfg env g/cli/access_logGOINSECURE g/cli/actionlintGOMOD 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title Fix step summary truncation: forward GITHUB_STEP_SUMMARY into sandbox, increase text limit to 2000 chars Fix step summary truncation: forward GITHUB_STEP_SUMMARY into sandbox for all engines, increase text limit to 2000 chars Mar 6, 2026
@pelikhan pelikhan added the smoke label Mar 6, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026
edited
Loading

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026
edited
Loading

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026
edited
Loading

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026

Agent Container Tool Check

Tool Status Version
bash 5.2.21
sh available
git 2.53.0
jq 1.7
yq v4.52.4
curl 8.5.0
gh 2.87.3
node v20.20.0
python3 3.12.3
go 1.24.13
java 21.0.10 (Temurin)
dotnet 10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test ·

@github-actions github-actions bot mentioned this pull request Mar 6, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026

🤖 Smoke test §22761537729 by @pelikhan:

Test
GitHub MCP
Safe Inputs GH CLI
Serena MCP
Playwright
Web Fetch
File Writing
Bash Tool
Discussion Interaction
Build
Discussion Creation
Workflow Dispatch
PR Review

Overall: ⚠️ PARTIAL PASS (11/12) — Serena MCP tools unavailable.

cc @pelikhan @Copilot

📰 BREAKING: Report filed by Smoke Copilot ·

@github-actions github-actions bot removed the smoke label Mar 6, 2026
github-actions[bot]
github-actions bot reviewed Mar 6, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR correctly fixes step summary truncation by forwarding GITHUB_STEP_SUMMARY as a sandbox-accessible file path and appending its contents back to the real summary after agent execution. The touch + hardcoded path + if: always() append pattern is clean and effective. No concerns.

📰 BREAKING: Report filed by Smoke Copilot

.github/workflows/ace-editor.lock.yml
timeout-minutes: 20
run: |
set -o pipefail
touch /tmp/gh-aw/agent-step-summary.md
Copy link
Contributor

@github-actions github-actions bot Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The touch ensures the file exists before the agent runs, preventing errors if the agent writes to GITHUB_STEP_SUMMARY before the file is created. Good defensive pattern — but worth noting this only covers the ace-editor workflow; the change appears across many lock files.

.github/workflows/ace-editor.lock.yml
GITHUB_REF_NAME: ${{ github.ref_name }}
GITHUB_SERVER_URL: ${{ github.server_url }}
GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }}
GITHUB_STEP_SUMMARY: /tmp/gh-aw/agent-step-summary.md
Copy link
Contributor

@github-actions github-actions bot Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoding /tmp/gh-aw/agent-step-summary.md here instead of inheriting from env.GITHUB_STEP_SUMMARY is the key fix — ensures the agent writes to the sandbox-accessible path. The if: always() on the append step guarantees the summary is captured even on failure. ✅

@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026

Commit pushed: 44d7054

Generated by Changeset Generator

@github-actions github-actions bot mentioned this pull request Mar 6, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026

Smoke Test Results — Run §22761537746

Core Tests #1–10: ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅
PR Review Tests #11–17: ✅ ✅ ✅ ⚠️ ✅ ✅ ⚠️

⚠️ #14 skipped (no review threads) · ⚠️ #17 skipped (no safe test PR)

Overall: PARTIAL — all non-skipped tests passed

💥 [THE END] — Illustrated by Smoke Claude ·

github-actions[bot]
github-actions bot reviewed Mar 6, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

pelikhan
pelikhan reviewed Mar 6, 2026
View reviewed changes
.github/workflows/ace-editor.lock.yml Outdated
- name: Append agent step summary
if: always()
run: |
# Append the agent's step summary to the real $GITHUB_STEP_SUMMARY.
Copy link
Contributor

@pelikhan pelikhan Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot move bash to a script file in actions/setup/sh

Copy link
Contributor Author

Copilot AI Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 51cce03. The inline bash is now in actions/setup/sh/append_agent_step_summary.sh and the step runs bash /opt/gh-aw/actions/append_agent_step_summary.sh.

@pelikhan
Move append agent step summary inline bash to actions/setup/sh script
51cce03 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 6, 2026

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -ifaceassert -nilfunc git rev-�� --show-toplevel -tests /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE rtcfg env 80bf13b2620176ebGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE rtcfg env g/fileutil/fileuGOINSECURE g/fileutil/tar.gGOMOD 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --noprofile (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha kysWS_1Th .cfg 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -unreachable=false /tmp/go-build1111546001/b088/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha se 1546001/b105/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --verify copilot/fix-step-summary-truncation ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 1546001/b003/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 1546001/b127/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 1546001/b098/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --abbrev-ref HEAD ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha se 1546001/b129/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha a1e46e74a3655a0aGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE env 100025/b413/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha -json 2dd2fd7e5bddc5c2GOMOD 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan marked this pull request as ready for review March 6, 2026 11:56
Copilot AI review requested due to automatic review settings March 6, 2026 11:56
@pelikhan pelikhan merged commit 956f874 into main Mar 6, 2026
@pelikhan pelikhan deleted the copilot/fix-step-summary-truncation branch March 6, 2026 11:56
Copilot AI reviewed Mar 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes GitHub Actions step summary truncation by ensuring GITHUB_STEP_SUMMARY is writable from inside sandboxed agent executions (AWF + non-AWF), then appending the agent-written content back into the real step summary after secret redaction.

Changes:

  • Introduces AgentStepSummaryPath and wires all engines to write step-summary output to /tmp/gh-aw/agent-step-summary.md (plus pre-creating it via touch).
  • Adds an “Append agent step summary” step (implemented as actions/setup/sh/append_agent_step_summary.sh) executed after secret redaction.
  • Increases agent text truncation limit from 500 → 2000 chars and adds an explicit truncation notice; updates tests and goldens/lock workflows accordingly.

Reviewed changes

Copilot reviewed 180 out of 180 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
pkg/workflow/engine_output.go Adds AgentStepSummaryPath constant used as the in-sandbox GITHUB_STEP_SUMMARY target.
pkg/workflow/copilot_engine_execution.go Creates the agent step summary file before execution and overrides GITHUB_STEP_SUMMARY to point at it.
pkg/workflow/codex_engine.go Ensures the agent step summary file exists before running Codex; overrides GITHUB_STEP_SUMMARY.
pkg/workflow/claude_engine.go Ensures the agent step summary file exists in AWF and non-AWF flows; overrides GITHUB_STEP_SUMMARY.
pkg/workflow/gemini_engine.go Ensures the agent step summary file exists in AWF and non-AWF flows; overrides GITHUB_STEP_SUMMARY.
pkg/workflow/compiler_yaml_ai_execution.go Adds generateAgentStepSummaryAppend step generator.
pkg/workflow/compiler_yaml_main_job.go Inserts the append step after secret redaction in the main job flow.
actions/setup/sh/append_agent_step_summary.sh New helper script to append the agent-written summary into the real $GITHUB_STEP_SUMMARY.
actions/setup/js/log_parser_shared.cjs Raises max agent text truncation to 2000 and adds explicit truncation notice.
actions/setup/js/log_parser_shared.test.cjs Updates truncation-related tests to match new limit + notice.
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden Golden update: pre-create agent summary file, point GITHUB_STEP_SUMMARY to it, add append step.
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden Golden update: pre-create agent summary file, point GITHUB_STEP_SUMMARY to it, add append step.
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden Golden update: pre-create agent summary file, point GITHUB_STEP_SUMMARY to it, add append step.
.changeset/patch-step-summary-truncation.md Adds a patch changeset describing the behavior change.
.github/workflows/ace-editor.lock.yml Lock workflow updated to create/forward agent summary file and append it after redaction.
.github/workflows/agent-performance-analyzer.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/agent-persona-explorer.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/ai-moderator.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/archie.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/bot-detection.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/brave.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/changeset.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/chroma-issue-indexer.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/ci-coach.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/ci-doctor.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/code-scanning-fixer.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/code-simplifier.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/codex-github-remote-mcp-test.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/contribution-check.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/constraint-solving-potd.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/copilot-pr-merged-report.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/craft.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-architecture-diagram.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-assign-issue-to-user.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-cli-performance.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-cli-tools-tester.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-malicious-code-scan.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-regulatory.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-secrets-analysis.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-semgrep-scan.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-team-status.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/daily-workflow-updater.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/dead-code-remover.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/dependabot-burner.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/dependabot-go-checker.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/dev.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/dictation-prompt.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/firewall.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/functional-pragmatist.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/github-remote-mcp-auth-test.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/gpclean.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/grumpy-reviewer.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/issue-monster.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/issue-triage-agent.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/metrics-collector.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/notion-issue-summary.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/pdf-summary.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/plan.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/pr-nitpick-reviewer.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/pr-triage-agent.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/q.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/refiner.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/repo-audit-analyzer.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/repo-tree-map.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/repository-quality-improver.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/security-compliance.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/security-review.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/smoke-create-cross-repo-pr.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/smoke-gemini.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/smoke-update-cross-repo-pr.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/sub-issue-closer.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/super-linter.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/terminal-stylist.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/test-dispatcher.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/test-project-url-default.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/test-workflow.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/workflow-generator.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/workflow-health-manager.lock.yml Same: forward agent summary into sandbox and append after redaction.
.github/workflows/example-permissions-warning.lock.yml Same: forward agent summary into sandbox and append after redaction.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

pkg/workflow/copilot_engine_execution.go
Comment on lines 207 to +210
command = fmt.Sprintf(`set -o pipefail
touch %s
COPILOT_CLI_INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"
%s%s 2>&1 | tee %s`, mkdirCommands.String(), copilotCommand, logFile)
%s%s 2>&1 | tee %s`, AgentStepSummaryPath, mkdirCommands.String(), copilotCommand, logFile)
Copy link

Copilot AI Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the non-AWF execution command, touch runs before the mkdirCommands block that creates all required --add-dir directories. If /tmp/gh-aw (or any parent dir for AgentStepSummaryPath) isn’t present for some reason, the step will fail before it has a chance to create the directories. Consider moving the touch after mkdirCommands, or explicitly mkdir -p $(dirname AgentStepSummaryPath) before touching the file.

Copilot uses AI. Check for mistakes.
actions/setup/sh/append_agent_step_summary.sh
Comment on lines +5 to +6
if [ -s /tmp/gh-aw/agent-step-summary.md ]; then
cat /tmp/gh-aw/agent-step-summary.md >> "$GITHUB_STEP_SUMMARY"
Copy link

Copilot AI Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script hard-codes /tmp/gh-aw/agent-step-summary.md, while the Go side introduces AgentStepSummaryPath as the source of truth. To avoid future drift (if the path ever changes), consider passing the agent summary path into this step via an env var (or defaulting from an env var) and using that in the script instead of an inline literal.

Copilot uses AI. Check for mistakes.
@github-actions github-actions bot mentioned this pull request Mar 6, 2026
Closed
github-actions bot added a commit that referenced this pull request Mar 7, 2026
@github-actions @claude
docs: document GITHUB_STEP_SUMMARY support for agents in sandbox
947381f 
Document the agent step summary feature introduced in #19821:
- GITHUB_STEP_SUMMARY is forwarded into the AWF sandbox for all engines
- Content is appended to the real step summary after secret redaction
- First 2000 characters are included with truncation notice if longer

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot mentioned this pull request Mar 7, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

smoke-claude smoke-copilot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan