perf(security-guard): prioritize security-relevant files in PR diff (#5329)

* perf(security-guard): prioritize security-relevant files in PR diff

The Security Guard agent's pre-fetched diff dumped full patches for every
changed file, so large refactor PRs sent oversized prompts (cost,
latency, and a larger first-request that can trip the upstream Copilot
provider). Rework the pre-fetch so it includes full patches only for
security-relevant files (matching the same path regex the relevance
gate uses), largest first, and lists every other changed file by name
only. A non-security file's patch no longer bloats the prompt (e.g. a
workflow/test-only PR drops from ~22 KB to a few hundred bytes).

Also stop instructing the agent to re-fetch the entire PR diff on
truncation: security-relevant patches are shown first, so it should only
fetch a still-missing security-relevant file via
get_pull_request_diff. Prompt copy and the truncation note updated to
match.

Recompiled the lock (security-relevant patch prioritization in the
pr-diff step); the COPILOT_DUMMY_BYOK placeholder fix from #5306 and the
gh-aw-mcpg image pin are preserved.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(security-guard): address review feedback on diff scope and wording

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

Author: 3 people

.github/workflows/security-guard.lock.yml

@@ -67,16 +67,30 @@ steps:
     run: |
       DELIM="GHAW_PR_FILES_$(date +%s)"
       DIFF_LIMIT=100000
+      SECURITY_RE='host-iptables|setup-iptables|squid-config|docker-manager|seccomp-profile|domain-patterns|entrypoint\.sh|Dockerfile|(^|/)containers/'
+      TEST_EXCLUDE_RE='(^|/)tests?/|\.test\.'
       DIFF_TMP="$(mktemp)"
+      # Include full patches only for security-relevant files (largest first);
+      # list every other changed file by name so large non-security refactors
+      # don't bloat the prompt.
+      gh api "repos/${GH_REPO}/pulls/${PR_NUMBER}/files" --paginate --slurp \
+        | jq -r --arg re "$SECURITY_RE" --arg test_ex "$TEST_EXCLUDE_RE" '
+            ([.[][]]) as $files
+            | ([$files[] | select((.filename | test($re)) and (.filename | test($test_ex) | not))] | sort_by(-(.additions + .deletions))) as $sec
+            | ([$files[] | select(((.filename | test($re)) and (.filename | test($test_ex) | not)) | not)]) as $other
+            | ( $sec[]
+                | "### " + .filename + " (+" + (.additions|tostring) + "/-" + (.deletions|tostring) + ") [security-relevant]\n" + (.patch // "(binary or no textual patch)") + "\n" ),
+              ( if ($other | length) > 0
+                then "\n### Other changed files (not security-relevant — patches omitted to save context):\n"
+                     + ([$other[] | "- " + .filename + " (+" + (.additions|tostring) + "/-" + (.deletions|tostring) + ")"] | join("\n")) + "\n"
+                else empty end )
+        ' > "$DIFF_TMP" || true
+      DIFF_SIZE="$(wc -c < "$DIFF_TMP" | tr -d ' ')"
       {
         echo "PR_FILES<<${DELIM}"
-        gh api "repos/${GH_REPO}/pulls/${PR_NUMBER}/files" \
-          --paginate --jq '.[] | "### " + .filename + " (+" + (.additions|tostring) + "/-" + (.deletions|tostring) + ")\n" + (.patch // "") + "\n"' \
-          > "$DIFF_TMP" || true
-        DIFF_SIZE="$(wc -c < "$DIFF_TMP" | tr -d ' ')"
         head -c "$DIFF_LIMIT" "$DIFF_TMP" || true
         if [ "$DIFF_SIZE" -gt "$DIFF_LIMIT" ]; then
-          echo -e "\n[DIFF TRUNCATED at ${DIFF_LIMIT} bytes — use mcp__github__get_pull_request_diff for full context]"
+          echo -e "\n[DIFF TRUNCATED at ${DIFF_LIMIT} bytes — security-relevant patches are shown first; if one is still missing, fetch the full PR diff once via mcp__github__get_pull_request_diff and locate that file section]"
         fi
         echo ""
         echo "${DELIM}"
@@ -126,7 +140,7 @@ steps:
 
 ## ⚡ Fast Path
 
-Read the pre-fetched diff below first. If you see `[DIFF TRUNCATED ...]`, fetch full context once with `mcp__github__get_pull_request_diff` before deciding to noop. Only use the fast path when the full diff contains **no** security-weakening changes: no weakened DROP/REJECT or expanded ACCEPT, no egress/domain allowlist expansion, no firewall chain changes, no capability additions, no ACL regressions, no seccomp relaxations, no DNS/wildcard bypass, no input validation weakening, and no secrets. Then call `safeoutputs noop` immediately — do not read additional files or make further tool calls.
+Read the pre-fetched diff below first. Security-relevant files are included in full; other changed files are listed by name only. If you see `[DIFF TRUNCATED ...]` and a **security-relevant** patch is missing, fetch the full PR diff once with `mcp__github__get_pull_request_diff` and locate that file section before deciding to noop. Only use the fast path when the security-relevant changes contain **no** security-weakening changes: no weakened DROP/REJECT or expanded ACCEPT, no egress/domain allowlist expansion, no firewall chain changes, no capability additions, no ACL regressions, no seccomp relaxations, no DNS/wildcard bypass, no input validation weakening, and no secrets. Then call `safeoutputs noop` immediately — do not read additional files or make further tool calls.
 
 ## Repository Context
 
@@ -137,9 +151,9 @@ Security-critical files: `src/host-iptables.ts`, `containers/agent/setup-iptable
 
 Analyze PR #${{ github.event.pull_request.number }} in repository ${{ github.repository }}.
 
-1. **Review the pre-fetched diff below** (up to 100 KB of changes are included)
+1. **Review the pre-fetched diff below** (security-relevant files in full; other files listed by name)
 2. **Batch all independent reads** in a single tool-use block rather than making sequential calls
-3. **Use ONLY the pre-fetched diff below.** Do NOT call `gh pr diff`, `gh pr view`, `gh api`, `git diff`, `git log`, or `git show`. Do NOT read files from the checkout. If `[DIFF TRUNCATED ...]` appears, call `mcp__github__get_pull_request_diff` once — then stop making tool calls and analyze inline.
+3. **Use ONLY the pre-fetched diff below.** Do NOT call `gh pr diff`, `gh pr view`, `gh api`, `git diff`, `git log`, or `git show`. Do NOT read files from the checkout. If `[DIFF TRUNCATED ...]` appears and a security-relevant patch is missing, call `mcp__github__get_pull_request_diff` once (it returns the full PR diff), locate the missing security-relevant file section, then stop making tool calls and analyze inline.
 4. **Collect evidence** with specific file names, line numbers, and code snippets
 
 ## Security Checks
@@ -149,7 +163,7 @@ Focus: weakened DROP/REJECT, added capabilities (SYS_ADMIN/NET_RAW), expanded AC
 ## Output Format
 
 **IMPORTANT: Be concise.** Report each security finding in ≤ 150 words. Maximum 5 findings total.
-If `[DIFF TRUNCATED ...]` is present, fetch full context once with `mcp__github__get_pull_request_diff` before deciding to noop.
+If `[DIFF TRUNCATED ...]` is present and a security-relevant patch is missing, fetch the full PR diff once with `mcp__github__get_pull_request_diff`, locate that file section, then decide whether to noop.
 
 If you find security concerns:
 1. Add a comment to the PR explaining each concern
@@ -165,7 +179,7 @@ If no security issues are found:
 
 **SECURITY**: Be thorough but avoid false positives. Focus on actual security weakening, not code style or refactoring that maintains the same security level.
 
-## Changed Files (Pre-fetched, up to 100 KB)
+## Changed Files (Pre-fetched; security-relevant patches in full)
 
 The following PR diff has been pre-computed. Focus your security analysis on these changes: