Apply DIFC integrity filtering to pre-agentic activation and pre-activation job steps

[Copilot]

Pre-agentic actions/github-script steps in the activation job (reactions, timestamp checks, body fetch, status comments, issue locking, label removal) and the pre_activation job (membership checks, rate-limit, skip-if queries, command position checks, and user-defined on.steps / jobs.pre-activation custom steps) made direct unfiltered calls to api.github.com even when min-integrity was configured — the DIFC proxy only ran during the agent phase.

Changes

• compiler_activation_job.go: Inject proxy start immediately after generateSetupStep (before any github-script/gh CLI call) and proxy stop before the artifact upload, gated on hasDIFCGuardsConfigured — the same condition used by the indexing job. Adds a warning log when guards are configured but step generation unexpectedly returns empty.

• compiler_pre_activation_job.go: Inject proxy start immediately after generateSetupStep (before any github-script call including membership checks, rate-limit, skip-if queries, and command position checks) and proxy stop after all steps including user-defined on.steps and jobs.pre-activation custom steps, gated on hasDIFCGuardsConfigured.

• compiler_difc_proxy.go: Extend package comment to document the activation job and pre-activation job proxy lifecycles alongside the existing main job and indexing job entries. Update injection conditions table to include the pre-activation job.

• compiler_difc_proxy_test.go: Add TestDIFCProxyInjectedInActivationJob (4 sub-tests) and TestDIFCProxyInjectedInPreActivationJob (4 sub-tests) covering full compilation (with/without guard policy) and direct job builder calls verifying step presence and ordering.

How it works

No per-step base-url injection is needed. The existing proxy startup script already exports GITHUB_API_URL, GITHUB_GRAPHQL_URL, NODE_EXTRA_CA_CERTS, and GH_HOST via $GITHUB_ENV — all subsequent Octokit calls in github-script steps are intercepted automatically. This follows the same pattern already in use for the qmd indexing job.

# Injected into pre-activation job (when min-integrity is set)
- name: Start DIFC proxy for pre-agent gh calls
  env:
    GH_TOKEN: ...
  run: |
    bash ${RUNNER_TEMP}/gh-aw/actions/start_difc_proxy.sh '<policy>' '<image>'

# ... compiler-added checks (membership, rate-limit, skip-if, command position) ...
# ... user-defined on.steps and jobs.pre-activation custom steps ...

- name: Stop DIFC proxy          # always runs, continue-on-error: true
  if: always()
  run: bash ${RUNNER_TEMP}/gh-aw/actions/stop_difc_proxy.sh

# Injected into activation job (when min-integrity is set)
- name: Start DIFC proxy for pre-agent gh calls
  env:
    GH_TOKEN: ...
  run: |
    bash ${RUNNER_TEMP}/gh-aw/actions/start_difc_proxy.sh '<policy>' '<image>'

# ... existing activation steps (react, timestamp check, compute_text, etc.) ...

- name: Stop DIFC proxy          # always runs, continue-on-error: true
  if: always()
  run: bash ${RUNNER_TEMP}/gh-aw/actions/stop_difc_proxy.sh

- name: Upload activation artifact
  if: success()
  ...

Coverage

Job	Proxy coverage
pre_activation	✅ compiler checks + user on.steps + jobs.pre-activation custom steps
activation	✅ all compiler-added steps (reactions, timestamp, compute_text, etc.)
Main agent job	✅ existing coverage (pre-existing implementation)
indexing (qmd)	✅ existing coverage (pre-existing implementation)

[!WARNING]

---

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

[pelikhan]

@lpcox are you wrapping the user injected steps?

[github-actions]

Hey @Copilot 👋 — great work on extending DIFC proxy coverage to the pre-agentic activation job steps! Closing the gap where reactions, timestamp checks, body fetches, and other actions/github-script calls bypassed integrity filtering is an important security improvement.

This PR looks well-structured — the fix is focused, the description clearly explains the "why" and "how", the pattern mirrors the existing indexing-job injection, and the 4-sub-test TestDIFCProxyInjectedInActivationJob suite provides solid coverage of the happy path and the guard-absent case.

One thing to note: the PR is currently in draft state. Once the firewall-block warning in the PR body has been addressed (or confirmed as non-blocking for the change), marking it ready for review will unblock maintainer attention.

This PR looks ready for review! 🚀

Generated by Contribution Check · ◷

[lpcox]

@pelikhan it should be but I will double check.

[lpcox]

@copilot make sure that you are proxying compiler-added steps and user defined steps (from the front matter). is there a way to also proxy imported steps? can imported steps access GH_TOKEN?

[Copilot]

@copilot make sure that you are proxying compiler-added steps and user defined steps (from the front matter). is there a way to also proxy imported steps? can imported steps access GH_TOKEN?

Done in ac14b09.

Compiler-added steps: All steps in the activation job (reactions, timestamp check, compute_text, status comments, lock, label removal) are wrapped — proxy starts right after setup, stops before artifact upload.

User-defined steps from frontmatter:

• on.steps / jobs.pre-activation custom steps: now also wrapped. The proxy is injected into the pre-activation job (start after setup, stop after all steps including on.steps). All membership checks, rate-limit, skip-if queries, command position checks, and user on.steps run through the proxy when min-integrity is set.
• steps: (main job): already wrapped by the existing pre-agent proxy.

Imported steps (RepositoryImports): these are checked out and used in the main agent job, which already has proxy coverage from the pre-existing DIFC implementation.

Can imported steps access GH_TOKEN?: Yes — both the pre-activation and main jobs have GITHUB_TOKEN available. The proxy intercepts Octokit calls via GITHUB_API_URL / GITHUB_GRAPHQL_URL set in $GITHUB_ENV by the startup script, so all subsequent actions/github-script calls in those jobs are routed through integrity filtering automatically.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git *.json' '!../../git GO111MODULE cal/bin/node git (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name "prettier" --cheGOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/xGO111MODULE -o h ../../../.prettierignore -trimpath 64/bin/go -d github.com/githu/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.25 go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel go /usr/bin/git json' --ignore-pgit GO111MODULE 64/bin/go git rev-�� --git-dir go /usr/bin/gh b/workflows GO111MODULE 64/bin/go gh (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha "prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' ---errorsas go 0/x64/bin/node rror GO111MODULE run-script/lib/n--show-toplevel 0/x64/bin/node -o ons-test3342656162 -trimpath /usr/bin/git l github.com/githurev-parse -lang=go1.25 git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE tions/setup/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go env *.json' '!../../../pkg/workflow/js/**/*.json' ---errorsas GO111MODULE k/_temp/ghcca-node/node/bin/bash GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git ../pkg/workflow/git GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ode git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git 3932-30179/test-git GO111MODULE nfig/composer/ve--show-toplevel git rev-�� --show-toplevel go 0/x64/bin/node audit-workflows.git GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/go-build1999536239/b447/_pkg_.a -trimpath /usr/bin/git -p main -lang=go1.25 git -C /tmp/gh-aw-test-runs/20260325-033932-30179/test-3409121192 status /usr/bin/git .github/workflowgit -c=4 -nolocalimports git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha uts.version -importcfg /usr/bin/git -s -w -buildmode=exe git chec�� .github/workflows/test.md -extld=gcc /usr/bin/git -json GO111MODULE odules/npm/node_--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git e0Ym01Ca4 GO111MODULE k/gh-aw/gh-aw/no--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha prettier --check de **/*.ts **/*.json --ignore-path /bin/sh -c GOPATH=$(go env --ignore-path node 64/bin/go tierignore --write 64/bin/go go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ath ../../../.pr**/*.json --ignore-path 64/bin/go tierignore ache/go/1.25.0/x-c 64/bin/go go env re --log-level=error GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ath ../../../.pr**/*.json scripts/**/*.js 64/bin/go .prettierignore --write 64/bin/go go er -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/bot-detection.md -test.v=true /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git rev-�� --git-dir siWHJxF12LLI /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/go-build1999536239/b447/timeutil.test -importcfg /usr/bin/git -s -w -buildmode=exe git chec�� .github/workflows/test.md -extld=gcc /usr/bin/git -json GO111MODULE es/.bin/node git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha npx prettier --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GOPROXY /home/REDACTED/.npm/_npx/b388654678d519d9/node_modules/.bin/prettier GOSUMDB GOWORK 64/bin/go prettier --wr�� runs/20260325-033932-30179/test-1887717827/.github/workflows --ignore-path /home/node_modules/.bin/node l GO111MODULE 64/bin/go node (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha prettier --write /bin/sh **/*.ts **/*.json --ignore-path /bin/sh -c k/gh-aw/gh-aw ache/go/1.25.0/xGO111MODULE 9536239/b434/vet.cfg tierignore GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 3932-30179/test-3409121192 --write 0/x64/bin/node **/*.ts **/*.json --ignore-path node t-ha�� ithub/workflows/agent-persona-explorer.md scripts/**/*.js /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile .prettierignore --log-level=errorev-parse 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 0/x6�� -json GO111MODULE h GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 0/x6�� -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE h GOINSECURE GOMOD GOMODCACHE go estl�� '**/*.ts' '**/*.json' --ignore-premote.origin.url GO111MODULE de/node/bin/sh GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE ef/N6GE9dzJuLpfUe9tz4e_/ThKvzodBlPIPkS6j74YO (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path k/gh-aw/gh-aw/scGOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/xGO111MODULE -o h ../../../.prettierignore -trimpath 64/bin/go -d github.com/githu/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 github.com/githu-atomic -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE go env -json GO111MODULE tions/node_modules/.bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha /\1/p GO111MODULE At,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE go env y_with_repos_array_c1614436499/001 GO111MODULE ules/.bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---p GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha nore --log-level=error 2>&1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json GO111MODULE /node GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE _modules/.bin/sh-lang=go1.25 GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha )$/\1/p GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithout_min-integrity1814204060/001 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go 0/x6�� 4077260802/.github/workflows GO111MODULE 86_64/node GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc--ignore-path -o h ../../../.pret--log-level=error -trimpath 64/bin/go -p github.com/githu/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo modules/@npmcli/run-script/lib/node-gyp-bin/sh GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcscripts/**/*.js -o h ../../../.pret.prettierignore -trimpath 64/bin/go -p github.com/githu/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.25 go (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build1999536239/b402/cli.test /tmp/go-build1999536239/b402/cli.test -test.testlogfile=/tmp/go-build1999536239/b402/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOSUMDB GOWORK 64/bin/go sh -c ath ../../../.pr**/*.json sh 64/bin/go tierignore ache/go/1.25.0/x-c 64/bin/go go (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name prettier --check 64/bin/go **/*.ts **/*.json --ignore-path git stat�� --porcelain node 64/bin/go -d --write 64/bin/go go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

Are you going to break these steps?

[pelikhan]

I'd like to discuss this one... preactivation/activation is infrastructure

[lpcox]

@pelikhan happy to chat. we can limit to post-preactivation/activation