Skip to content

feat: add security guard agentic workflow for PR review#152

Merged
Mossaka merged 3 commits intomainfrom
copilot/create-security-guard-workflow
Dec 19, 2025
Merged

feat: add security guard agentic workflow for PR review#152
Mossaka merged 3 commits intomainfrom
copilot/create-security-guard-workflow

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Dec 19, 2025
edited
Loading

  • Understand the repository structure and security aspects

  • Create security guard agentic workflow

    • Created .github/workflows/security-guard.md workflow specification
    • Triggers on pull_request (opened, synchronize, reopened) and workflow_dispatch
    • Uses GitHub MCP server with default toolsets for PR analysis
    • Configures safe-outputs: add-comment for reporting findings
    • Documents critical security components to check

  • Fix role requirements issue

    • Added roles: all to allow workflow to run for any user including bots like Copilot
    • Recompiled workflow with gh aw compile security-guard

  • Compile workflow

    • Generated .github/workflows/security-guard.lock.yml
    • No errors or warnings
Original prompt

create a "security guard" agentic workflow that examines each PR very carefully (with evidence collected) to see if the PR weakens the security posture or extended the security boundary by any chance. Comment on the PR to suggest actions if the PR weakens it, or do nothing if it passes.

You should deeply understand this repo before creating an security guard agent.

Custom agent used: create-agentic-workflow
Design agentic workflows using GitHub Agentic Workflows (gh-aw) extension with interactive guidance on triggers, tools, and security best practices.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@Mossaka
feat: add security guard agentic workflow for PR review
4f491b7 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copilot AI changed the title [WIP] Add security guard agentic workflow for PR reviews feat: add security guard agentic workflow for PR review Dec 19, 2025
Copilot AI requested a review from Mossaka December 19, 2025 22:33
@Mossaka Mossaka marked this pull request as ready for review December 19, 2025 23:08
@Mossaka
Copy link
Copy Markdown
Collaborator

Mossaka commented Dec 19, 2025

waiting for the security guard workflow to run against this PR

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 19, 2025
edited
Loading

Test Coverage Report

Metric Coverage Covered/Total
Lines 81.02% 1230/1518
Statements 80.98% 1261/1557
Functions 78.16% 136/174
Branches 72.56% 410/565
Coverage Thresholds

The project has the following coverage thresholds configured:

  • Lines: 38%
  • Statements: 38%
  • Functions: 35%
  • Branches: 30%

Coverage report generated by `npm run test:coverage`

@Mossaka
Copy link
Copy Markdown
Collaborator

Mossaka commented Dec 19, 2025

@copilot fix this issue by dropping the role requirements: Checking if user 'Copilot' has required permissions for githubnext/gh-aw-firewall
Required permissions: admin, maintainer, write
Warning: Repository permission check failed: Copilot is not a user

@Mossaka
fix: set roles to all for security-guard workflow
6949a63 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Dec 19, 2025

@copilot fix this issue by dropping the role requirements: Checking if user 'Copilot' has required permissions for githubnext/gh-aw-firewall
Required permissions: admin, maintainer, write
Warning: R...

Added roles: all to the workflow configuration in commit 6949a63. This removes the role permission check and allows the workflow to run for any user including bots.

Copilot AI requested a review from Mossaka December 19, 2025 23:39
@Mossaka Mossaka merged commit c36b13b into main Dec 19, 2025
32 checks passed
@Mossaka Mossaka deleted the copilot/create-security-guard-workflow branch December 19, 2025 23:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossaka Mossaka Awaiting requested review from Mossaka Mossaka is a code owner

Assignees

@Mossaka Mossaka

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mossaka