Skip to content

[aw-failures] Safe-outputs patch parser under-detects modified files — false-positive "patch-parser bypass" aborts legitimate ch [Content truncated due to length] #41456

Description

@github-actions

Problem statement

  1. In the safe_outputs job (Process Safe Outputs), the pre-apply patch parser detected only 1 changed file (.changeset/...md), but applying the bundle modified 4 files.
  2. The post-apply file-protection check flagged the 3 undetected files as a possible "patch-parser bypass attempt" and aborted push_to_pull_request_branch, discarding a legitimately-authored changeset commit.
  3. The agent job itself succeeded (agent_job_conclusion: success); only the safe-output push failed — a false positive in the security guard.
  4. Severity: P1 — a correctly-authored multi-file bundle is misclassified as a security bypass and silently blocked. Untracked.

Affected workflow & run

Run Workflow Job / step Branch
§28171955821 Changeset Generator safe_outputs / Process Safe Outputs copilot/remove-strict-false-and-fix-env-support (PR push)

Evidence

Process Safe Outputs log tail
git diff --name-only --no-renames b49106e83..HEAD
  .changeset/patch-fix-copilot-byok-env-handling.md
  pkg/workflow/pi_byok_env_passthrough_integration_test.go
  pkg/workflow/pi_engine.go
  pkg/workflow/pi_engine_test.go
Post-apply verification: 4 file(s) actually modified
##[error]SECURITY: Post-apply file-protection check failed. The patch applied files that were not detected by the pre-apply parser: pkg/workflow/pi_byok_env_passthrough_integration_test.go, pkg/workflow/pi_engine.go, pkg/workflow/pi_engine_test.go. This may indicate a patch-parser bypass attempt. Aborting push.
git reset --hard b49106e838fabdc40d01836e3f28df007e856938
✗ Message 1 (push_to_pull_request_branch) failed: SECURITY: Post-apply file-protection check failed ...

The pre-apply parser saw only .changeset/patch-fix-copilot-byok-env-handling.md; the post-apply git diff --name-only correctly saw all 4 files.

Probable root cause

  1. The pre-apply protected-file list and the post-apply verification derive the modified-file set from different sources and disagree.
  2. The pre-apply parser misses files in a multi-file bundle (likely multiple diffs / specific hunk-header forms), so legitimately-modified source files appear "undetected" and trip the bypass guard.

Proposed remediation

  1. Derive the pre-apply protected-file check from the same authoritative source as the post-apply step (e.g. git apply --numstat / git diff --name-only against the bundle) so both sides see an identical file set.
  2. If the parser is intentionally independent (defense-in-depth), fix it to enumerate every file in a multi-file bundle so legitimate changes are not misclassified.
  3. Add a regression test: a bundle modifying a .changeset/*.md plus ≥3 source files must pass the file-protection check and push successfully.

Success criteria / verification

  1. Changeset Generator pushes multi-file changeset bundles without SECURITY: Post-apply file-protection check failed.
  2. Pre-apply and post-apply file-detection produce identical sets for the same bundle (asserted by test).
  3. The bypass guard still fires for genuinely out-of-scope files (no security regression).

References: §28171955821
Related to #39884

Generated by 🔍 [aw] Failure Investigator (6h) · 190.5 AIC · ⌖ 34.2 AIC · ⊞ 5.3K ·

  • expires on Jul 2, 2026, 5:41 AM UTC-08:00

Metadata

Metadata

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions