From 9e08c4da8d6c30b7fcb333251411649b72e84ca7 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 1 Jan 2026 03:29:37 +0000
Subject: [PATCH 1/3] Initial plan
From 8bd97b3db0163626e54723fb84287135705d1b1b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 1 Jan 2026 03:38:00 +0000
Subject: [PATCH 2/3] Add bash tool to workflow-health-manager to fix
permission restrictions
Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
---
.github/workflows/workflow-health-manager.lock.yml | 4 +---
.github/workflows/workflow-health-manager.md | 1 +
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml
index d9531d35ec3..3cc6bd99110 100644
--- a/.github/workflows/workflow-health-manager.lock.yml
+++ b/.github/workflows/workflow-health-manager.lock.yml
@@ -1146,13 +1146,11 @@ jobs:
- name: Execute GitHub Copilot CLI
id: agentic_execution
# Copilot CLI tool arguments (sorted):
- # --allow-tool github
- # --allow-tool safeoutputs
timeout-minutes: 20
run: |
set -o pipefail
sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --mount /tmp:/tmp:rw --mount "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw" --mount /usr/bin/date:/usr/bin/date:ro --mount /usr/bin/gh:/usr/bin/gh:ro --mount /usr/bin/yq:/usr/bin/yq:ro --mount /usr/local/bin/copilot:/usr/local/bin/copilot:ro --mount /home/runner/.copilot:/home/runner/.copilot:rw --allow-domains api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --image-tag 0.7.0 \
- -- /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-tool github --allow-tool safeoutputs --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"} \
+ -- /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"} \
2>&1 | tee /tmp/gh-aw/agent-stdio.log
env:
COPILOT_AGENT_RUNNER_TYPE: STANDALONE
diff --git a/.github/workflows/workflow-health-manager.md b/.github/workflows/workflow-health-manager.md
index 7616874a2f3..8266cf80176 100644
--- a/.github/workflows/workflow-health-manager.md
+++ b/.github/workflows/workflow-health-manager.md
@@ -8,6 +8,7 @@ permissions:
actions: read
engine: copilot
tools:
+ bash: [":*"]
github:
mode: remote
toolsets: [default, actions]
From 498fc36e437107ab5f7ce7dfb72787dd840ce183 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 1 Jan 2026 15:13:15 +0000
Subject: [PATCH 3/3] Add edit tool and remove remote mode from
workflow-health-manager
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
.../workflow-health-manager.lock.yml | 43 +++++++++++++++----
.github/workflows/workflow-health-manager.md | 2 +-
2 files changed, 35 insertions(+), 10 deletions(-)
diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml
index 3cc6bd99110..05e4bcf3c45 100644
--- a/.github/workflows/workflow-health-manager.lock.yml
+++ b/.github/workflows/workflow-health-manager.lock.yml
@@ -167,6 +167,8 @@ jobs:
script: |
const detectRepoVisibility = require('/tmp/gh-aw/actions/detect_repo_visibility.cjs');
await detectRepoVisibility(github, context, core);
+ - name: Downloading container images
+ run: bash /tmp/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.26.3
- name: Write Safe Outputs Config
run: |
mkdir -p /tmp/gh-aw/safeoutputs
@@ -437,14 +439,22 @@ jobs:
{
"mcpServers": {
"github": {
- "type": "http",
- "url": "https://api.githubcopilot.com/mcp/",
- "headers": {
- "Authorization": "Bearer \${GITHUB_PERSONAL_ACCESS_TOKEN}",
- "X-MCP-Lockdown": "${{ steps.detect-repo-visibility.outputs.lockdown }}",
- "X-MCP-Readonly": "true",
- "X-MCP-Toolsets": "context,repos,issues,pull_requests,actions"
- },
+ "type": "local",
+ "command": "docker",
+ "args": [
+ "run",
+ "-i",
+ "--rm",
+ "-e",
+ "GITHUB_PERSONAL_ACCESS_TOKEN",
+ "-e",
+ "GITHUB_READ_ONLY=1",
+ "-e",
+ "GITHUB_LOCKDOWN_MODE=${{ steps.detect-repo-visibility.outputs.lockdown == 'true' && '1' || '0' }}",
+ "-e",
+ "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions",
+ "ghcr.io/github/github-mcp-server:v0.26.3"
+ ],
"tools": ["*"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "\${GITHUB_MCP_SERVER_TOKEN}"
@@ -993,6 +1003,21 @@ jobs:
When you need to create temporary files or directories during your work, always use the /tmp/gh-aw/agent/ directory that has been pre-created for you. Do NOT use the root /tmp/ directory directly.
+ PROMPT_EOF
+ - name: Append edit tool accessibility instructions to prompt
+ env:
+ GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt
+ run: |
+ cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT"
+
+ File Editing Access Permissions
+
+ $GITHUB_WORKSPACE
+ /tmp/gh-aw/
+
+ Do NOT attempt to edit files outside these directories as you do not have the necessary permissions.
+
+
PROMPT_EOF
- name: Append repo memory instructions to prompt
env:
@@ -1150,7 +1175,7 @@ jobs:
run: |
set -o pipefail
sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --mount /tmp:/tmp:rw --mount "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw" --mount /usr/bin/date:/usr/bin/date:ro --mount /usr/bin/gh:/usr/bin/gh:ro --mount /usr/bin/yq:/usr/bin/yq:ro --mount /usr/local/bin/copilot:/usr/local/bin/copilot:ro --mount /home/runner/.copilot:/home/runner/.copilot:rw --allow-domains api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --image-tag 0.7.0 \
- -- /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"} \
+ -- /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --allow-all-paths --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"} \
2>&1 | tee /tmp/gh-aw/agent-stdio.log
env:
COPILOT_AGENT_RUNNER_TYPE: STANDALONE
diff --git a/.github/workflows/workflow-health-manager.md b/.github/workflows/workflow-health-manager.md
index 8266cf80176..af891320de6 100644
--- a/.github/workflows/workflow-health-manager.md
+++ b/.github/workflows/workflow-health-manager.md
@@ -9,8 +9,8 @@ permissions:
engine: copilot
tools:
bash: [":*"]
+ edit:
github:
- mode: remote
toolsets: [default, actions]
repo-memory:
branch-name: memory/meta-orchestrators