fix: use 0755 permissions for extracted log directories instead of 0750

[Copilot]

Log subdirectories extracted to /tmp/gh-aw/aw-mcp/logs/ were created root:root 0750, making them unreadable by the runner user (uid=1001) who lacks group membership.

Changes

• pkg/cli/logs_download.go — Changed all four os.MkdirAll calls in unzipFile and flattenArtifactTree from 0750 to 0755, setting world-read/execute bits on extracted directories
• pkg/cli/logs_download_test.go — Added assertion to TestUnzipFile verifying extracted subdirectories have world-accessible permissions (mode & 0o005 != 0)

// Before
return os.MkdirAll(filePath, 0750)

// After
return os.MkdirAll(filePath, 0755)

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile ortc�� g_.a _wTXDDAYc ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE er GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
  • Triggering command: /usr/bin/gh gh repo view owner/repo 0735�� 2940309628/.github/workflows JWpi-bmPh x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env t1180427617/.github/workflows GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-nilfunc GOINSECURE 3942609/b011/ GOMODCACHE ache/go/1.25.8/x^remote\..*\.gh-resolved$ (http block)
  • Triggering command: /usr/bin/gh gh repo view owner/repo 0735�� 2940309628/.github/workflows Q8gElMZ6A ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-buildtags env t1180427617 GO111MODULE .yml GOINSECURE 3942609/b006/ GOMODCACHE ache/go/1.25.8/x12346 (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv /tmp/TestCollectWorkflowFiles_TransitiveImports4246300985/001 config /usr/bin/git remote.origin.urgit 1Yg0zHCmd ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuTest User /usr/bin/git ortcfg GO111MODULE ache/go/1.25.8/xinstall git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv 5831-33952/test-3122078660 go /usr/bin/git -json GO111MODULE x_amd64/compile git -C /tmp/TestCompileErrorFormatting1409739424/001 rev-parse /usr/bin/git -json GO111MODULE x_amd64/compile git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv 5831-33952/test-455994255/.github/workflows stmain.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/link GOINSECURE /go-yaml GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/link env 5831-33952/test-1020776263 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/vet /usr/bin/git 3942609/b152/_pktr GO111MODULE 3942609/b152=> git rev-�� --show-toplevel go /usr/bin/git sm-opt >/dev/nulgit GO111MODULE 1/x64/bin/node git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git s/test.md remote.origin.urrev-parse ache/node/24.14.--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv -8Dk/5nodp3IL84tZKq5R-8Dk -trimpath /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -I /tmp/go-build192rev-parse -I /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile 3532�� /tmp/go-build1923942609/b227/_pkg_.a 3532416/b420/_testmain.go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p net/http/internarev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x-buildtags (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv runs/20260429-115831-33952/test-1020776263 -buildtags ache/node/24.14.1/x64/bin/node -errorsas -ifaceassert -nilfunc git t-10�� bility_SameInputSameOutput1041316876/001/stability-test.md test@example.com /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv -m initial commit 3532416/b443/vet.cfg -json GO111MODULE 64/bin/go git -C /tmp/TestGuardPolicyTrustedUsersRequiresMinIntegrity3231638741/001 rev-parse ache/node/24.14.1/x64/bin/node -json GO111MODULE 64/bin/go /usr/bin/git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x-buildtags /usr/bin/git 5831-33952/test-git FnMM/DTE1YZYN5-Llog 3532416/b424=> git rev-�� --show-toplevel /opt/hostedtoolc-tests (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -goversion go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build1923942609/b206/importcfg -pack env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build1923942609/b254/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go env -json o 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --git-dir 64/pkg/tool/linux_amd64/compile 3532416/b471/vet.cfg g_.a GO111MODULE 64/pkg/tool/linu--show-toplevel /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /tmp/go-build3073532416/b469/workflow.test y_with_repos_arrgit GO111MODULE x_amd64/link /tmp/go-build3073532416/b469/workflow.test (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/pkg/stringutil/ansi.go k/gh-aw/gh-aw/pkg/stringutil/identifiers.go /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json GO111MODULE 64/bin/go node /tmp�� /tmp/TestHashConsistency_GoAndJavaScript1707104100/001/test-frontmatter-with-nested-objects.md go /usr/bin/git -json GO111MODULE x_amd64/compile git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --git-dir 64/pkg/tool/linux_amd64/compile 3532416/b468/vet.cfg mLsRemoteWithReagit mLsRemoteWithRearev-parse 64/pkg/tool/linu--show-toplevel infocmp -1 xterm-color 64/pkg/tool/linuremote.origin.url /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link y_with_repos=pubgit 06SIChxms 64/pkg/tool/linu--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv 3 pkg/mod/github.com/modelcontextprotocol/go-sdk@v-c=4 g_.a -p crypto/internal/rev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu/tmp/go-build3073532416/b452/_testmain.go -o licyMinIntegrityOnlymin-integrity_with_repos_array_c806803755/001 -trimpath /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link l github.com/modelrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x-test.v=true (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv runs/20260429-115831-33952/test-1020776263 -trimpath x_amd64/compile l main -lang=go1.25 x_amd64/compile conf�� user.name Test User /usr/bin/git go1.25.8 -c=4 -nolocalimports git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv origin (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /tmp/gh-aw-test-runs/20260429-115831-33952/test-1870445963/.github/workflows (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv HEAD st/dist/workers/forks.js $name) { hasDiscussionsEnabled } } c654e1993e259136/opt/hostedtoolcache/node/24.14.1/x64/bin/node full-mode-branch--experimental-import-meta-resolve ache/uv/0.11.8/x--require git diff�� --binary 564dbdc84e58bc7c--conditions ache/go/1.25.8/xdevelopment full2.txt ode_modules/vite-C it git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv HEAD st/dist/workers/forks.js bin/git -b k/gh-aw/gh-aw/acconfig t git diff�� --binary (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch -output.go git r: $owner, name: $name) { hasDiscussionsEnabled } } --is-ancestor 8751e48915f54c65-C ache/node/24.14./home/REDACTED/work/gh-aw/gh-aw 1/x64/bin/node ve . tions/setup/js/node_modules/vitest/suppress-warnings.cjs r: $owner, name: $name) { hasDiscussionsEnabled } } -exist git es/.bin/git tions/setup/js/nshow (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch ithub/workflows main ock.yml e/git git tnet/tools/git /tmp/go-build166rev-parse '/tm�� ithub/workflows git repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } feature$(whoami)git git DiscussionsEnabl/home/REDACTED/work/gh-aw/gh-aw /opt/hostedtoolcshow (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git g_.a GO111MODULE 64/pkg/tool/linu--show-toplevel /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git g_.a AUUx1O_e3 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_repos=public_4165189944/001 config /usr/bin/git remote.origin.urgit GO111MODULE 64/bin/go git -C /tmp/gh-aw-test-runs/20260429-115831-33952/test--errorsas rev-parse om/org2/repo2.git -json GO111MODULE x_amd64/asm git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/pkg/cli go /usr/bin/git -json GO111MODULE 64/bin/go git remo�� GOMODCACHE go /usr/bin/git -json GO111MODULE x_amd64/compile git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-22 GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a t.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuInitial commit (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-03-30 GOMOD GOMODCACHE arith_wasm.s env g_.a GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE RIQEcng/RaQh55-ZTest User (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-01-29 GOMOD GOMODCACHE 64/pkg/tool/linuremote.origin.url env ned-imports-enabled-with-env-template-expressions-in-body.md GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuorigin (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name xCmVfTE68 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env ortcfg op5fLH1pk ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 8kq6Gg-gh ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE ack GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm env ortcfg Hgqea9f-D ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE on abis 64/pkg/tool/linuTest User env -obugO3Wj ortcfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/xtest@example.com (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE ntdrain.test GOINSECURE _wasm.o 64/src/runtime/s--show-toplevel ntdrain.test 0735�� 2940309628/.github/workflows Q8gElMZ6A ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-buildtags (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE .o 64/src/runtime/auser.email 64/pkg/tool/linutest@example.com env -json BytXhgNOP ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile env 2940309628 5Lj-UidHf ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name l_test.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a CLJOlIPxV ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 m0O72i2Jk /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ortcfg Ffa_H-Eee k GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-tests (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE obyte GOMODCACHE 64/pkg/tool/linux_amd64/link estl�� e-analyzer.md 57OuoO-7M ortcfg.link GOINSECURE GOMOD GOMODCACHE D1vb8bV6YvrCyz0kYU/UimiJ_lt2omPMBb08Enn/rF_9p0J5remote.origin.url (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 h00yucQ7c /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE /bidi GOMODCACHE go env ortcfg JmzP4TwGo ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE %H %ct %D (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE .o 64/src/internal/--show-toplevel 64/pkg/tool/linux_amd64/compile estl�� g_.a jPRjWWcxh k GOINSECURE til GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-dwarf=false (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE /norm GOMODCACHE ylQP4Z8/vCNYLdc7D8RXanEmFBss ortc�� -json aTWjRYknE ache/go/1.25.8/x64/pkg/tool/linu-nilfunc GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-tests (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name DW6KATJ4J 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet estl�� ortcfg PumV21ljR ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 rrG8ct2Bi ache/go/1.25.8/x64/pkg/tool/linux_amd64/cgo GOINSECURE bidirule GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu--jq env ortcfg cu5AAtlhm ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE s (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/compile env 17780697/.github/workflows l/errors/error.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 (http block)
• https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
  • Triggering command: /tmp/go-build3073532416/b404/cli.test /tmp/go-build3073532416/b404/cli.test -test.testlogfile=/tmp/go-build3073532416/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build1923942609/b208/importcfg -pack env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/xsh /usr/bin/git ExpressionCompilgit r73k/ZR15bOYtzO_rev-parse 3942609/b253=> git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm /usr/bin/git ithub/workflows (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv 5831-33952/test-source-field-variant-3593655377/.github/workflows GO111MODULE tartedAt,updatedAt,event,headBranch,headSha,displayTitle GOINSECURE 3942609/b013/ GOMODCACHE ache/go/1.25.8/x--jq ortc�� 3942609/b144/_pkg_.a in/yaml/v3@v3.0.4/apic.go ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE ntio/asm/base64 ache/go/1.25.8/xview ache/go/1.25.8/x12345 (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env Gitmain_branch2915304730/001' Gitmain_branch2915304730/001' x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile 5304�� -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv d GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv 5831-33952/test-source-field-variant-3593655377 GO111MODULE k GOINSECURE 3942609/b015/ GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile sRem�� 3942609/b160/_pkg_.a rg/x/text@v0.36.0/internal/language/compact/compact.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE light 3942609/b015/sym--remote=REDACTED ache/go/1.25.8/xv1.0.0 (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-goversion ortc�� 5831-33952/test-source-field-var-c=4 5Hh4AuvTv ache/go/1.25.8/x64/pkg/tool/linu-importcfg GOINSECURE 3942609/b012/ GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/xtest@example.com estl�� -json om/segmentio/encoding@v0.5.4/json/codec.go .cfg GOINSECURE 3942609/b011/ GOMODCACHE ache/go/1.25.8/xrepos/{owner}/{repo}/actions/runs/12346/artifacts (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/test/repo
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch ortcfg Hgqea9f-D ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile env ortcfg GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE fips140/sha256 GOMODCACHE ache/go/1.25.8/x5 (http block)
• invalid.example.invalid
  • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git e/git init�� e/git-receive-pa-b git ode_modules/.bin/git user.email test@example.com--git-dir=/tmp/bare-incremental-qFzwEn tnet/tools/git git comm�� -m Initial commit de_modules/.bin/git /tmp/bare-incremgit . ode_modules/.binagent-change.txt git (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Adjusts directory permissions used when extracting workflow logs/artifacts so the runner user can traverse and read extracted log directories even when they’re created as root:root.

Changes:

• Update os.MkdirAll calls in extraction/flattening paths to use 0755 instead of 0750.
• Add a unit test assertion that extracted log subdirectories are world-accessible.

Show a summary per file

File	Description
pkg/cli/logs_download.go	Switch extracted/flattened directory creation to 0755 to avoid unreadable root:root 0750 directories.
pkg/cli/logs_download_test.go	Add a permission assertion for the extracted logs/ subdirectory.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 1

[Copilot]

The permission assertion is too weak for the stated requirement: perm&0o005 == 0 will pass if either world-read or world-execute is set, but “browse the logs” generally requires both (read to list, execute to traverse). Consider asserting perm&0o005 == 0o005 (or explicitly checking both bits) so the test fails for modes like 0751 / 0754 that still prevent directory listing or traversal.

Suggested change

	if perm&0o005 == 0 {
	t.Errorf("Extracted subdirectory has restrictive permissions %04o (world-read/execute bits not set); expected 0755", perm)
	if perm&0o005 != 0o005 {
	t.Errorf("Extracted subdirectory has restrictive permissions %04o (world-read and world-execute bits must both be set); expected 0755", perm)

[github-actions]

🧪 Test Quality Sentinel Report

Test Quality Score: 100/100

✅ Excellent test quality

Metric	Value
New/modified tests analyzed	1 (modified assertions in TestUnzipFile)
✅ Design tests (behavioral contracts)	1 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	1 (100%)
Duplicate test clusters	0
Test inflation detected	No (12 test lines / 6 production lines = 2:1, at threshold)
🚨 Coding-guideline violations	None

---

Test Classification Details

Test	File	Classification	Issues Detected
TestUnzipFile (permission assertions)	pkg/cli/logs_download_test.go	✅ Design	None

---

Test Analysis

✅ TestUnzipFile — permission assertions (pkg/cli/logs_download_test.go:490+)

Classification: Design test (behavioral contract)

What design invariant does this test enforce? Directories extracted from zip archives must have world-readable/executable permissions (0755) so that non-root users can access them.

What would break if deleted? A regression back to 0750 permissions (or any other mode missing the world-execute bit) would go undetected — exactly the bug this PR fixes.

Assessment: The test uses t.Fatalf on the stat error (correct — stops test early if the directory doesn't exist), then t.Errorf with a descriptive message including the actual permission value. Both assertions have sufficient context for failure diagnosis. Error path is covered.

---

Language Support

Tests analyzed:

• 🟨 JavaScript: No JS test files changed

---

Verdict

✅ Check passed. 0% of new/modified tests are implementation tests (threshold: 30%). The added assertions directly verify the observable behavioral contract introduced by this bug fix.

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

References: §25107832109

🧪 Test quality analysis by Test Quality Sentinel · ● 414.7K · ◷

[github-actions]

✅ Test Quality Sentinel: 100/100. Test quality is excellent — 0% of new/modified tests are implementation tests (threshold: 30%). The permission assertions directly verify the behavioral contract of the bug fix.