Handle permission-blocked safe-output writes in Smoke Codex workflow

[Copilot]

Smoke Codex was failing on PR runs when Codex attempted required write actions (PR/discussion comments, labels) but the runtime environment denied them (403 / GraphQL denied). The workflow then failed on post-step safe-output assertions even though the root cause was permissions, not agent execution flow.

• What changed

  • Updated the smoke-codex.lock.yml post-step Validate safe outputs were invoked logic to detect the known permission-denied signature from agent logs.
  • Added conditional bypass for strict safe-output assertions (outputs.jsonl non-empty and add_comment presence) only when that explicit permission-blocked condition is present.
  • Kept existing strict validation behavior unchanged for all normal runs.

• Why this is scoped

  • The change is isolated to the Smoke Codex lock workflow’s post-step validation branch.
  • No changes to agent prompts, tool configuration, or safe-output policy definitions.

# in smoke-codex.lock.yml post-step
if [ -f "$LOG_FILE" ] && grep -qE 'blocked by permissions in this environment.*GraphQL operation denied' "$LOG_FILE"; then
  PERMISSION_BLOCKED=true
fi

if [ ! -s "$OUTPUTS_FILE" ] && [ "$PERMISSION_BLOCKED" = true ]; then
  exit 0
fi

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.68.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.68.3 --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw/releases/latest
  • Triggering command: /usr/bin/gh gh extension install github/gh-aw --pin v0.68.7 (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	85.74%	85.83%	📈 +0.09%
Statements	85.76%	85.84%	📈 +0.08%
Functions	88.04%	88.04%	➡️ +0.00%
Branches	79.91%	79.95%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	86.8% → 87.1% (+0.30%)	86.4% → 86.7% (+0.29%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

Updates the Smoke Codex compiled lock workflow to tolerate PR-run environments where GitHub write operations are permission-blocked, preventing post-step “safe outputs” assertions from failing for the wrong reason.

Changes:

• Detects a known permission-denied signature in agent logs during the “Validate safe outputs were invoked” post-step.
• Conditionally bypasses strict safe-output assertions (non-empty outputs + add_comment on PR triggers) only when that permission-blocked condition is detected.
• Keeps existing strict validation behavior unchanged for normal runs.

Show a summary per file

File	Description
.github/workflows/smoke-codex.lock.yml	Adds permission-blocked detection and conditional bypass logic to the safe-output validation post-step.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 2

[Copilot]

In the PR-trigger add_comment check, the PERMISSION_BLOCKED bypass exits 0 without emitting any message at the point of exit. Consider emitting a specific ::warning::/::notice:: explaining that the add_comment assertion is being skipped (and ideally why) so runs are self-explanatory in the step logs.

Suggested change

run: "OUTPUTS_FILE=\"${GH_AW_SAFE_OUTPUTS:-${RUNNER_TEMP}/gh-aw/safeoutputs/outputs.jsonl}\"\nPERMISSION_BLOCKED=false\nfor LOG_FILE in \"/tmp/gh-aw/agent-stdio.log\" \"${RUNNER_TEMP}/gh-aw/agent-stdio.log\"; do\n if [ -f \"$LOG_FILE\" ] && grep -qE 'blocked by permissions in this environment.*GraphQL operation denied' \"$LOG_FILE\"; then\n PERMISSION_BLOCKED=true\n echo \"::warning::Detected permission-blocked write actions in agent output; skipping strict safe-output checks for this run.\"\n break\n fi\ndone\nif [ ! -s \"$OUTPUTS_FILE\" ]; then\n if [ \"$PERMISSION_BLOCKED\" = true ]; then\n exit 0\n fi\n echo \"::error::No safe outputs were invoked. Smoke tests require the agent to call safe output tools.\"\n exit 1\nfi\necho \"Safe output entries found: $(wc -l < \"$OUTPUTS_FILE\")\"\nif [ \"$GITHUB_EVENT_NAME\" = \"pull_request\" ]; then\n if ! grep -q '\"add_comment\"' \"$OUTPUTS_FILE\"; then\n if [ \"$PERMISSION_BLOCKED\" = true ]; then\n exit 0\n fi\n echo \"::error::Agent did not call add_comment on a pull_request trigger.\"\n exit 1\n fi\n echo \"add_comment verified for PR trigger\"\nfi\necho \"Safe output validation passed\""

run: "OUTPUTS_FILE=\"${GH_AW_SAFE_OUTPUTS:-${RUNNER_TEMP}/gh-aw/safeoutputs/outputs.jsonl}\"\nPERMISSION_BLOCKED=false\nfor LOG_FILE in \"/tmp/gh-aw/agent-stdio.log\" \"${RUNNER_TEMP}/gh-aw/agent-stdio.log\"; do\n if [ -f \"$LOG_FILE\" ] && grep -qE 'blocked by permissions in this environment.*GraphQL operation denied' \"$LOG_FILE\"; then\n PERMISSION_BLOCKED=true\n echo \"::warning::Detected permission-blocked write actions in agent output; skipping strict safe-output checks for this run.\"\n break\n fi\ndone\nif [ ! -s \"$OUTPUTS_FILE\" ]; then\n if [ \"$PERMISSION_BLOCKED\" = true ]; then\n exit 0\n fi\n echo \"::error::No safe outputs were invoked. Smoke tests require the agent to call safe output tools.\"\n exit 1\nfi\necho \"Safe output entries found: $(wc -l < \"$OUTPUTS_FILE\")\"\nif [ \"$GITHUB_EVENT_NAME\" = \"pull_request\" ]; then\n if ! grep -q '\"add_comment\"' \"$OUTPUTS_FILE\"; then\n if [ \"$PERMISSION_BLOCKED\" = true ]; then\n echo \"::warning::Skipping add_comment validation for pull_request trigger because comment/write actions were blocked by repository permissions in this environment.\"\n exit 0\n fi\n echo \"::error::Agent did not call add_comment on a pull_request trigger.\"\n exit 1\n fi\n echo \"add_comment verified for PR trigger\"\nfi\necho \"Safe output validation passed\""

[lpcox]

@copilot rebase to main and recompile

[Copilot]

@copilot rebase to main and recompile

Updated: branch is now synced with latest main in commit 92de574, and I re-ran the Smoke Codex compile check (/tmp/gh-aw compile .github/workflows/smoke-codex.md --no-emit) successfully with no workflow drift.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -m elf_x86_64 --hash-style=gnu --as-needed -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie conf�� 0.1-go1.25.9.lin. ux-amd64/src/cry--gdwarf2 ux-amd64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -c=4 -nolocalimports -importcfg /tmp/go-build1817161664/b312/importcfg -pack /home/REDACTED/go/pkg/mod/github.com/segmentio/asm@v1.1.3/cpu/arm64/arm64.go tmp/go-build conf�� pretty/format.go. user.name 0.1-go1.25.9.lin--64 (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.68.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.68.3 --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/f52802884d655622f0a2dfd6d6a2250983c95523
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/f52802884d655622f0a2dfd6d6a2250983c95523 --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw/releases/tags/v0.68.7
  • Triggering command: /usr/bin/curl curl -s REDACTED (http block)
  • Triggering command: /usr/bin/curl curl -i -s REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

Smoke Test Results:

• ✅ GitHub PR retrieval: Last 2 merged PRs (Handle non-standard runner HOME and missing ~/.copilot in agent mount setup #2114, Optimize security-guard token usage with pre-run relevance gating, lower turn cap, and leaner prompt context #2113)
• ✅ Playwright: GitHub page title verified
• ✅ File writing: Test file created
• ✅ Bash tool: File verified

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Smoke Test: Copilot BYOK — PASS ✅

1. GitHub MCP ✅ — Latest merged PR: "Handle non-standard runner HOME and missing ~/.copilot in agent mount setup" (Handle non-standard runner HOME and missing ~/.copilot in agent mount setup #2114)
2. GitHub.com connectivity ✅
3. File write/read ✅ — /tmp/gh-aw/agent/smoke-test-copilot-byok-24677434549.txt confirmed
4. BYOK inference ✅ — Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

Author: @app/copilot-swe-agent | Assignees: @lpcox, @Copilot

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

🔥 Smoke Test Results

• ✅ GitHub MCP: Latest merged PR — "Handle non-standard runner HOME and missing ~/.copilot in agent mount setup" (Handle non-standard runner HOME and missing ~/.copilot in agent mount setup #2114)
• ✅ GitHub.com connectivity: HTTP 200
• ✅ File write/read: smoke-test-copilot-24677434522.txt confirmed on disk

Overall: PASS

PR author: @app/copilot-swe-agent | Assignees: @lpcox, @Copilot

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING (host.docker.internal:6379)	✅ PONG
PostgreSQL ready (host.docker.internal:5432)	✅ accepting connections
PostgreSQL SELECT 1 (db: smoketest, user: postgres)	✅ 1

All checks passed. (redis-cli was unavailable; used nc for raw Redis PING.)

🔌 Service connectivity validated by Smoke Services

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Note: Java Maven required ~/.m2/repository to be created at a writable path (/tmp/gh-aw/agent/m2-repo) since the default .m2 directory was root-owned in this environment.

Generated by Build Test Suite for issue #2116 · ● 721.7K · ◷