Skip to content

feat: implement private-to-public-flows: allow as a tools.github frontmatter field#45113

Merged
lpcox merged 6 commits into
mainfrom
copilot/implement-private-to-public-flows
Jul 12, 2026
Merged

feat: implement private-to-public-flows: allow as a tools.github frontmatter field#45113
lpcox merged 6 commits into
mainfrom
copilot/implement-private-to-public-flows

Conversation

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

The compiler didn't parse or emit private-to-public-flows despite the MCP Gateway spec (v1.15.0 §10.9) and gateway schema already defining forcePublicRepos and sinkVisibilityExemptServers. This wires the full frontmatter → struct → gateway JSON pipeline.

Frontmatter syntax

Blanket opt-out (disables forcePublicRepos and sink-visibility enforcement for all servers):

tools:
  github:
    private-to-public-flows: allow

Selective exemption (exempts listed server IDs from default sink-visibility enforcement only):

tools:
  github:
    private-to-public-flows:
      - github-mcp-server
      - custom-server-id

Changes

  • Schema (pkg/parser/schemas/main_workflow_schema.json): added private-to-public-flows to tools.github object; accepts "allow" string or array of server ID strings; additionalProperties: false already enforced.

  • Struct (pkg/workflow/tools_types.go): PrivateToPublicFlows any on GitHubToolConfig; ForcePublicRepos *bool and SinkVisibilityExemptServers []string on MCPGatewayRuntimeConfig.

  • Parser (pkg/workflow/tools_parser.go): parseGitHubTool handles string, []any, and []string forms.

  • Compiler emission (pkg/workflow/mcp_gateway_config.go, mcp_renderer.go): buildMCPGatewayConfig reads PrivateToPublicFlows and sets gateway fields; renderer emits "forcePublicRepos": false or "sinkVisibilityExemptServers": [...] in the gateway JSON block.

  • Strict mode (pkg/workflow/strict_mode_network_validation.go): private-to-public-flows: allow is rejected in strict mode per spec §10.9.4 (interaction matrix: allow + strict = compile error); list form remains valid.

  • Docs (docs/src/content/docs/reference/github-tools.md): added "Cross-Visibility Opt-Out" section covering both forms, security implications, and :::caution block for the strict mode incompatibility.

  • Tests (pkg/workflow/private_to_public_flows_test.go): parsing (all input variants), buildMCPGatewayConfig field propagation, end-to-end YAML emission assertions, strict mode acceptance/rejection.


Generated by 👨‍🍳 PR Sous Chef · 6.24 AIC · ⌖ 5.58 AIC · ⊞ 7.5K ·
Comment /souschef to run again


Generated by 👨‍🍳 PR Sous Chef · 10.1 AIC · ⌖ 6.32 AIC · ⊞ 7.5K ·
Comment /souschef to run again



✨ PR Review Safe Output Test - Run 29205138142

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 64.5 AIC · ⌖ 31.4 AIC · ⊞ 8.4K ·
Comment /smoke-claude to run again

@github-actions

Copy link
Copy Markdown
Contributor

Hey @Copilot 👋 — thanks for opening this PR to add the private-to-public-flows frontmatter field! The structured task checklist clearly maps out all the right touch-points (schema, parser, config, renderer, strict-mode validation, docs, and tests). This is looking well-planned.

A couple of things to address before this can move forward:

  • No code yet — this is a WIP draft with 0 lines changed. The checklist items still need to be implemented before review can begin in earnest.
  • Tests not yet present — the checklist does include pkg/workflow/private_to_public_flows_test.go, which is great. Make sure that file is added with coverage for at least: the allow value, the deny value, and strict-mode rejection of allow.

Once the checklist items are ticked off and the diff lands, this looks like it will be on a solid path to merge.

Implement all checklist items in PR #45113 for the `private-to-public-flows` frontmatter field:
1. Add `private-to-public-flows` to `tools.github` JSON schema in `pkg/parser/schemas/main_workflow_schema.json`.
2. Add `PrivateToPublicFlows any` field to `GitHubToolConfig` in `pkg/workflow/tools_types.go`.
3. Add `ForcePublicRepos *bool` and `SinkVisibilityExemptServers []string` to `MCPGatewayRuntimeConfig` in `pkg/workflow/tools_types.go`.
4. Parse `private-to-public-flows` in `parseGitHubTool` in `pkg/workflow/tools_parser.go`.
5. Set `ForcePublicRepos`/`SinkVisibilityExemptServers` in `buildMCPGatewayConfig` in `pkg/workflow/mcp_gateway_config.go`.
6. Emit `forcePublicRepos` and `sinkVisibilityExemptServers` in gateway JSON in `pkg/workflow/mcp_renderer.go`.
7. Add strict mode validation that rejects `private-to-public-flows: allow` when strict mode is enabled.
8. Add documentation to `docs/src/content/docs/reference/github-tools.md`.
9. Add tests in `pkg/workflow/private_to_public_flows_test.go` covering: allow value, deny value, and strict-mode rejection of allow.

Generated by ✅ Contribution Check · 85.7 AIC · ⌖ 13.2 AIC · ⊞ 6.2K ·

Copilot AI and others added 2 commits July 12, 2026 17:23
…ield

- Add `private-to-public-flows` to the workflow frontmatter JSON schema
  under `tools.github`, accepting either `"allow"` (blanket opt-out) or
  an array of server ID strings (selective exemption)
- Add `PrivateToPublicFlows any` field to `GitHubToolConfig` struct
- Parse `private-to-public-flows` in `parseGitHubTool` (string and
  []string/[]any forms)
- Add `ForcePublicRepos *bool` and `SinkVisibilityExemptServers []string`
  to `MCPGatewayRuntimeConfig`
- In `buildMCPGatewayConfig`, translate `PrivateToPublicFlows` to the
  gateway config fields
- Emit `"forcePublicRepos": false` and `"sinkVisibilityExemptServers"`
  in the gateway JSON section of the renderer
- Reject `private-to-public-flows: allow` in strict mode (list form
  allowed per MCP Gateway Spec Section 10.9.4)
- Add documentation section to github-tools.md
- Add tests: parsing, gateway config building, emission, strict mode

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot AI changed the title [WIP] Add private-to-public-flows frontmatter field for GitHub feat: implement private-to-public-flows: allow as a tools.github frontmatter field Jul 12, 2026
Copilot finished work on behalf of lpcox July 12, 2026 17:26
Copilot AI requested a review from lpcox July 12, 2026 17:26
@lpcox lpcox marked this pull request as ready for review July 12, 2026 17:27
Copilot AI review requested due to automatic review settings July 12, 2026 17:27

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds frontmatter support for configuring private-to-public MCP data flows.

Changes:

  • Parses and validates blanket or selective exemptions.
  • Emits corresponding MCP Gateway configuration.
  • Documents and tests the new behavior.
Show a summary per file
File Description
pkg/workflow/tools_types.go Adds configuration fields.
pkg/workflow/tools_parser.go Parses the new field.
pkg/workflow/strict_mode_network_validation.go Rejects blanket exemptions in strict mode.
pkg/workflow/private_to_public_flows_test.go Tests parsing, emission, and strict mode.
pkg/workflow/mcp_renderer.go Renders gateway JSON fields.
pkg/workflow/mcp_gateway_config.go Derives gateway runtime settings.
pkg/parser/schemas/main_workflow_schema.json Defines frontmatter schema.
docs/src/content/docs/reference/github-tools.md Documents both exemption forms.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 8/8 changed files
  • Comments generated: 6
  • Review effort level: Medium

Comment on lines +164 to +168
case string:
if v == "allow" {
// Blanket opt-out: disable the runtime public-repos override.
falseVal := false
forcePublicRepos = &falseVal
Comment on lines +398 to +406
case []any:
// Array of server ID strings
servers := make([]string, 0, len(v))
for _, item := range v {
if s, ok := item.(string); ok {
servers = append(servers, s)
}
}
config.PrivateToPublicFlows = servers
Comment on lines +220 to +224
for i, serverID := range options.GatewayConfig.SinkVisibilityExemptServers {
if i > 0 {
configBuilder.WriteString(", ")
}
fmt.Fprintf(&configBuilder, "%q", serverID)
Comment on lines +185 to +192
When you intentionally need private-to-public data flows, declare `private-to-public-flows` under `tools.github`.

### Blanket opt-out (`allow`)

```yaml
tools:
github:
private-to-public-flows: allow
Comment on lines +205 to +209
github:
private-to-public-flows:
- github-mcp-server
- my-custom-server
```
Comment thread docs/src/content/docs/reference/github-tools.md Outdated
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

\n@copilot please run the skill, address any unresolved review feedback, and rerun checks once the branch is up to date.

Generated by 👨‍🍳 PR Sous Chef · 6.24 AIC · ⌖ 5.58 AIC · ⊞ 7.5K ·
Comment /souschef to run again

@lpcox

lpcox commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

@copilot run pr-finisher skill

…date server IDs, fix shell safety, update docs

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

@copilot run pr-finisher skill

All six review issues have been addressed in commit fix: address code review - propagate allow into sink-visibility, validate server IDs, fix shell safety, update docs:

  1. sink-visibility suppressionderiveWriteSinkGuardPolicyFromWorkflow now detects private-to-public-flows: allow via workflowData.ParsedTools and omits sink-visibility from the returned write-sink policy (both the auto-lockdown and explicit guard-policy paths). Verified by new TestPrivateToPublicFlowsAllowSuppressesSinkVisibility tests.

  2. Server ID validation — Added validatePrivateToPublicFlowsServerIDs (wired into the compiler validation chain) that rejects any list-form server ID not present in workflowData.Tools. Verified by TestValidatePrivateToPublicFlowsServerIDs.

  3. Shell safety — Added isSafeMCPServerID regex (^[A-Za-z0-9_-]+$) in mcp_renderer.go; emitting an ID that fails the check returns an error instead of writing into the heredoc. Verified by TestIsSafeMCPServerID.

  4. Spec alignment — Updated mcp-gateway.md §10.9.1 examples to show tools.github.private-to-public-flows nesting (matching the implementation).

  5. Correct example ID — Changed github-mcp-servergithub in the selective-exemption example in github-tools.md, and added a matching mcp-servers declaration for the custom server.

  6. Broken URL — Fixed ../mcp-gateway./mcp-gateway (sibling reference within the reference/ directory).

Copilot finished work on behalf of lpcox July 12, 2026 18:00
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address unresolved review feedback, and rerun checks once the branch is up to date.

Generated by 👨‍🍳 PR Sous Chef · 10.1 AIC · ⌖ 6.32 AIC · ⊞ 7.5K ·
Comment /souschef to run again

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill, address unresolved review feedback, and rerun checks once the branch is up to date.

...

All prior review threads have been addressed in commit f5fcfe9 and local validation is green:

Review threads addressed:

  1. Sink-visibility suppression (mcp_gateway_config.go) — deriveWriteSinkGuardPolicyFromWorkflow now detects private-to-public-flows: allow and omits sink-visibility from the write-sink guard policy on both the auto-lockdown and explicit guard-policy paths.
  2. Server ID validation (tools_parser.go) — validatePrivateToPublicFlowsServerIDs (wired into the compiler validation chain) rejects any list-form server ID not declared in the workflow's tools or mcp-servers.
  3. Shell safety (mcp_renderer.go) — isSafeMCPServerID (^[A-Za-z0-9_-]+$) gates heredoc emission; unvalidated IDs return a compile error.
  4. Spec alignment (mcp-gateway.md §10.9.1) — examples updated to show tools.github nesting matching the implementation.
  5. Correct example IDs (github-tools.md) — selective-exemption example uses github (actual built-in ID), declares mcp-servers.my-custom-server, and fixes the sibling relative URL.

Local validation:

  • make fmt ✅ · make lint ✅ (0 errors) · make test-unit ✅ · make test ✅ · make recompile ✅ (256/256)

CI: All runs on f5fcfe9 show action_required — the agentic workflows require human approval to execute, not actual failures. A maintainer needs to re-trigger CI (close/reopen or workflow_dispatch) before merge.

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot Small failed. Please review the logs for details.

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

Smoke test

  • GitHub CLI: ✅
  • Web Fetch: ❌
  • File/Bash: ✅
  • Build: ❌
  • Overall: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

🥧 Smoke Pi — Powered by Pi · 2 AIC · ⌖ 2.4 AIC · ⊞ 4.4K ·
Comment /smoke-pi to run again

@github-actions

Copy link
Copy Markdown
Contributor

Agent Container Tool Check

Tool Status Version
bash 5.2.21
sh available
git 2.54.0
jq 1.7
yq v4.53.3
curl 8.5.0
gh 2.96.0
node v22.23.1
python3 3.11.15 (PyPy)
go 1.24.13
java 10.0.301
dotnet 10.0.301

Result: 12/12 tools available ✅

Overall Status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔧 Tool validation by Agent Container Smoke Test · 12.4 AIC · ⌖ 5.4 AIC · ⊞ 4.6K ·
Comment /smoke-test-tools to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Test: Gemini Results

  • GitHub MCP Testing: ✅
  • Web Fetch Testing: ✅
  • File Writing Testing: ✅
  • Bash Tool Testing: ✅
  • Build gh-aw: ❌

Overall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

Smoke Gemini — Powered by Gemini · 9.69 AIC · ⌖ 1.55 AIC · ⊞ 9.3K ·
Comment /smoke-gemini to run again

@github-actions

Copy link
Copy Markdown
Contributor

Comment Memory

Quiet snow settles
On the build tree, tests wait still
Dawn keeps count of green

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

🔮 The oracle has spoken through Smoke Codex · 4.32 AIC · ⊞ 12.8K ·
Comment /smoke-codex to run again

@github-actions

Copy link
Copy Markdown
Contributor

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Details

The threat detection engine failed to produce results.

Review the workflow run logs for details.

Pull request created: #45129

Generated by Changeset Generator · 4.71 AIC · ⊞ 12.1K

@github-actions

Copy link
Copy Markdown
Contributor

💥 Smoke Test: Claude — Run 29205138142

Core Tests #1-12: ✅ All passed
#13 Update PR:#14 Review Comments:#15 Submit Review:#16 Resolve Thread:#17 Add Reviewer:
#18 Push to Branch: ⚠️ (blocked by allowed-files policy on feature branch)
#19 Close PR: ⚠️ (no safe test PR)

Overall: PARTIAL (all runnable tests passed; 2 skipped)

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 64.5 AIC · ⌖ 31.4 AIC · ⊞ 8.4K ·
Comment /smoke-claude to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💥 Automated smoke test review - all systems nominal!

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 64.5 AIC · ⌖ 31.4 AIC · ⊞ 8.4K
Comment /smoke-claude to run again

// and MCPG >= v0.2.18.
// Valid values: "approved", "unapproved", "merged"
EndorserMinIntegrity string `yaml:"endorser-min-integrity,omitempty"`
// PrivateToPublicFlows opts out of cross-visibility protections for private→public data flows.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice clear doc comment explaining the dual string/[]string semantics of PrivateToPublicFlows. 👍

ToolTimeout string `yaml:"tool-timeout,omitempty"` // Timeout for individual MCP tool calls as a Go duration string (e.g. "2m", "30s"); empty = gateway built-in default (60s)
OTLPEndpoint string `yaml:"-"` // OTLP collector endpoint (derived from observability.otlp, not user-settable)
OTLPHeaders string `yaml:"-"` // Raw OTLP HTTP headers string (derived from observability.otlp, not user-settable)
// ForcePublicRepos controls the gateway's runtime public-repo override.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good use of *bool pointer for ForcePublicRepos to distinguish unset vs false. Consider a brief note on the default nil behavior.

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

@copilot fix the failing ci check https://github.com/github/gh-aw/actions/runs/29203022626/job/86683137194?pr=45113

Fixed in the latest commit. The CI failure was caused by starlightLinksValidator's errorOnRelativeLinks: true config rejecting the ./mcp-gateway#... relative path. Changed the link to use the absolute path format consistent with all other docs links: /gh-aw/reference/mcp-gateway/#109-cross-visibility-opt-out-private-to-public-flows.

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Copilot

PR: feat: implement private-to-public-flows: allow as a tools.github frontmatter field
Author: app/copilot-swe-agent | Assignees: lpcox, Copilot
1❌ 2✅ 3✅ 4✅
5❌ 6✅ 7❌ 8✅
9✅ 10✅ 11✅ 12✅
13✅ 14❌ 15✅ 16✅
Overall: FAIL

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 100.1 AIC · ⌖ 4.8 AIC · ⊞ 19.1K ·
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions

Copy link
Copy Markdown
Contributor

Comment Memory

Tests tap stone at dawn
Bots march slow through bright shell smoke
Green sparks wake the cave

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 100.1 AIC · ⌖ 4.8 AIC · ⊞ 19.1K ·
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke review done.

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 100.1 AIC · ⌖ 4.8 AIC · ⊞ 19.1K
Comment /smoke-copilot to run again
Add label smoke to run again

@lpcox lpcox merged commit e0a0e5d into main Jul 12, 2026
29 checks passed
@lpcox lpcox deleted the copilot/implement-private-to-public-flows branch July 12, 2026 20:01
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat: implement private-to-public-flows: allow as a tools.github frontmatter field

4 participants