diff --git a/.github/workflows/test-coverage-improver.lock.yml b/.github/workflows/test-coverage-improver.lock.yml
index 43d5186a..b4952958 100644
--- a/.github/workflows/test-coverage-improver.lock.yml
+++ b/.github/workflows/test-coverage-improver.lock.yml
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"af63942d26faa165c385c578254eee31b8eed89192a6f0602e83edfe03c80ec7","compiler_version":"v0.72.1","strict":true,"agent_id":"copilot"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c895dcb83e14c3dc8a53d19bea5901ec2f4aa9b906414a0c87a28105ef8c5865","compiler_version":"v0.72.1","strict":true,"agent_id":"copilot"}
# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"bc56a0cad2f450c562810785ef38649c04db812a","version":"v0.72.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.29","digest":"sha256:e68f37e36962dcb3f3d1de680a49bc2302cefd001b941a7dc377155ec7ce42f4","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.29@sha256:e68f37e36962dcb3f3d1de680a49bc2302cefd001b941a7dc377155ec7ce42f4"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.29","digest":"sha256:d1219e4110684402aabbeb5a43858f26790c9d0be210581cf3f7a521bd2c87b6","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.29@sha256:d1219e4110684402aabbeb5a43858f26790c9d0be210581cf3f7a521bd2c87b6"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.29","digest":"sha256:8a71ad9e40454051672312917e51567abfb8251d7c294d086c48f63d84e4cb53","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.29@sha256:8a71ad9e40454051672312917e51567abfb8251d7c294d086c48f63d84e4cb53"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.6","digest":"sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.6@sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c"},{"image":"ghcr.io/github/github-mcp-server:v1.0.3","digest":"sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.3@sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]}
# ___ _ _
# / _ \ | | (_)
@@ -22,7 +22,7 @@
#
# For more information: https://github.github.com/gh-aw/introduction/overview/
#
-# Weekly workflow that analyzes test coverage, identifies under-tested security-critical code paths,
+# Twice-daily workflow that analyzes test coverage, identifies under-tested security-critical code paths,
# and creates PRs with additional tests. Focuses on iptables manipulation, Squid ACL rules,
# container security, and domain validation - the core security components of the firewall.
#
@@ -50,11 +50,10 @@
# - ghcr.io/github/github-mcp-server:v1.0.3@sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959
# - node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f
-name: "Weekly Test Coverage Improver"
+name: "Test Coverage Improver"
"on":
schedule:
- - cron: "49 9 * * 0"
- # Friendly format: weekly (scattered)
+ - cron: "0 8,20 * * *"
# skip-if-match: # Skip-if-match processed as search check in pre-activation job
# max: 1
# query: is:pr is:open in:title "[Test Coverage]"
@@ -71,7 +70,7 @@ permissions: {}
concurrency:
group: "gh-aw-${{ github.workflow }}"
-run-name: "Weekly Test Coverage Improver"
+run-name: "Test Coverage Improver"
jobs:
activation:
@@ -99,7 +98,7 @@ jobs:
job-name: ${{ github.job }}
trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }}
env:
- GH_AW_SETUP_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_SETUP_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/test-coverage-improver.lock.yml@${{ github.ref }}
GH_AW_INFO_VERSION: "1.0.40"
- name: Generate agentic run info
@@ -111,7 +110,7 @@ jobs:
GH_AW_INFO_VERSION: "1.0.40"
GH_AW_INFO_AGENT_VERSION: "1.0.40"
GH_AW_INFO_CLI_VERSION: "v0.72.1"
- GH_AW_INFO_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_INFO_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_INFO_EXPERIMENTAL: "false"
GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true"
GH_AW_INFO_STAGED: "false"
@@ -137,6 +136,15 @@ jobs:
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
+ sparse-checkout: |
+ .github
+ .agents
+ .claude
+ .codex
+ .crush
+ .gemini
+ .opencode
+ .pi
sparse-checkout-cone-mode: true
fetch-depth: 1
- name: Save agent config folders for base branch restoration
@@ -186,23 +194,23 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_fe9f3e3597f49d66_EOF'
+ cat << 'GH_AW_PROMPT_7f6d64c528530218_EOF'
- GH_AW_PROMPT_fe9f3e3597f49d66_EOF
+ GH_AW_PROMPT_7f6d64c528530218_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_fe9f3e3597f49d66_EOF'
+ cat << 'GH_AW_PROMPT_7f6d64c528530218_EOF'
Tools: add_comment, create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_fe9f3e3597f49d66_EOF
+ GH_AW_PROMPT_7f6d64c528530218_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_fe9f3e3597f49d66_EOF'
+ cat << 'GH_AW_PROMPT_7f6d64c528530218_EOF'
- GH_AW_PROMPT_fe9f3e3597f49d66_EOF
+ GH_AW_PROMPT_7f6d64c528530218_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_fe9f3e3597f49d66_EOF'
+ cat << 'GH_AW_PROMPT_7f6d64c528530218_EOF'
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
@@ -231,12 +239,12 @@ jobs:
{{/if}}
- GH_AW_PROMPT_fe9f3e3597f49d66_EOF
+ GH_AW_PROMPT_7f6d64c528530218_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_fe9f3e3597f49d66_EOF'
+ cat << 'GH_AW_PROMPT_7f6d64c528530218_EOF'
{{#runtime-import .github/workflows/test-coverage-improver.md}}
- GH_AW_PROMPT_fe9f3e3597f49d66_EOF
+ GH_AW_PROMPT_7f6d64c528530218_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -361,7 +369,7 @@ jobs:
job-name: ${{ github.job }}
trace-id: ${{ needs.activation.outputs.setup-trace-id }}
env:
- GH_AW_SETUP_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_SETUP_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/test-coverage-improver.lock.yml@${{ github.ref }}
GH_AW_INFO_VERSION: "1.0.40"
- name: Set runtime paths
@@ -435,31 +443,8 @@ jobs:
run: bash "${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh" 1.0.40
env:
GH_HOST: github.com
- - name: Install awf dependencies
- run: npm ci
- - name: Build awf
- run: npm run build
- - name: Install awf binary (local)
- run: |
- WORKSPACE_PATH="${GITHUB_WORKSPACE:-$(pwd)}"
- NODE_BIN="$(command -v node)"
- if [ ! -d "$WORKSPACE_PATH" ]; then
- echo "Workspace path not found: $WORKSPACE_PATH"
- exit 1
- fi
- if [ ! -x "$NODE_BIN" ]; then
- echo "Node binary not found: $NODE_BIN"
- exit 1
- fi
- if [ ! -d "/usr/local/bin" ]; then
- echo "/usr/local/bin is missing"
- exit 1
- fi
- sudo tee /usr/local/bin/awf > /dev/null < "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_60e914fb9e78ac3f_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_c427d4df34e9dbf4_EOF'
{"add_comment":{"max":1,"target":"*"},"create_pull_request":{"draft":true,"max":1,"max_patch_files":100,"max_patch_size":1024,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"title_prefix":"[Test Coverage] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_60e914fb9e78ac3f_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_c427d4df34e9dbf4_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -726,7 +711,7 @@ jobs:
mkdir -p /home/runner/.copilot
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_79e6d7fa35c4c645_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_c6684fba3d6dbbfc_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -767,7 +752,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_79e6d7fa35c4c645_EOF
+ GH_AW_MCP_CONFIG_c6684fba3d6dbbfc_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -840,7 +825,7 @@ jobs:
(umask 177 && touch /tmp/gh-aw/agent-stdio.log)
printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.29/awf-config.schema.json","network":{"allowDomains":["*.githubusercontent.com","api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","codeload.github.com","docs.github.com","github-cloud.githubusercontent.com","github-cloud.s3.amazonaws.com","github.blog","github.com","github.githubassets.com","host.docker.internal","lfs.github.com","objects.githubusercontent.com","raw.githubusercontent.com","registry.npmjs.org","telemetry.enterprise.githubcopilot.com"]},"apiProxy":{"enabled":true,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.29,squid=sha256:8a71ad9e40454051672312917e51567abfb8251d7c294d086c48f63d84e4cb53,agent=sha256:e68f37e36962dcb3f3d1de680a49bc2302cefd001b941a7dc377155ec7ce42f4,agent-act=sha256:97b4cc14dc2123a45b9d5b9927489f66882dec5857de6afc0e5bab257be92ef1,api-proxy=sha256:d1219e4110684402aabbeb5a43858f26790c9d0be210581cf3f7a521bd2c87b6,cli-proxy=sha256:29917488eb90a01ff9544ffeeb5cc26434a8ea16d69ae8972f5f6be0e567e276"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json
# shellcheck disable=SC1003
- sudo -E awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --session-state-dir /tmp/gh-aw/sandbox/agent/session-state --enable-host-access --allow-host-ports 80,443,8080 --skip-pull \
+ sudo -E awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --enable-host-access --allow-host-ports 80,443,8080 --skip-pull \
-- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || echo node)"; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-tool github --allow-tool safeoutputs --allow-tool '\''shell(cat)'\'' --allow-tool '\''shell(cat:coverage/coverage-summary.json)'\'' --allow-tool '\''shell(cat:jest.config.js)'\'' --allow-tool '\''shell(cat:jest.config.ts)'\'' --allow-tool '\''shell(cat:src/*.test.ts)'\'' --allow-tool '\''shell(cat:src/*.ts)'\'' --allow-tool '\''shell(cat:tests/**)'\'' --allow-tool '\''shell(date)'\'' --allow-tool '\''shell(echo)'\'' --allow-tool '\''shell(git add:*)'\'' --allow-tool '\''shell(git branch:*)'\'' --allow-tool '\''shell(git checkout:*)'\'' --allow-tool '\''shell(git commit:*)'\'' --allow-tool '\''shell(git merge:*)'\'' --allow-tool '\''shell(git rm:*)'\'' --allow-tool '\''shell(git status)'\'' --allow-tool '\''shell(git switch:*)'\'' --allow-tool '\''shell(grep)'\'' --allow-tool '\''shell(head)'\'' --allow-tool '\''shell(head:*)'\'' --allow-tool '\''shell(ls)'\'' --allow-tool '\''shell(ls:coverage)'\'' --allow-tool '\''shell(ls:src)'\'' --allow-tool '\''shell(ls:tests)'\'' --allow-tool '\''shell(npm run build)'\'' --allow-tool '\''shell(npm run lint)'\'' --allow-tool '\''shell(npm run test)'\'' --allow-tool '\''shell(npm run test:coverage)'\'' --allow-tool '\''shell(pwd)'\'' --allow-tool '\''shell(safeoutputs:*)'\'' --allow-tool '\''shell(sort)'\'' --allow-tool '\''shell(tail)'\'' --allow-tool '\''shell(tail:*)'\'' --allow-tool '\''shell(uniq)'\'' --allow-tool '\''shell(wc)'\'' --allow-tool '\''shell(yq)'\'' --allow-tool write --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log
env:
AWF_REFLECT_ENABLED: 1
@@ -888,16 +873,7 @@ jobs:
- name: Copy Copilot session state files to logs
if: always()
continue-on-error: true
- run: |
- SESSION_STATE_SRC="/tmp/gh-aw/sandbox/agent/session-state"
- LOGS_DIR="/tmp/gh-aw/sandbox/agent/logs"
- if [ -d "$SESSION_STATE_SRC" ] && [ -n "$(ls -A "$SESSION_STATE_SRC" 2>/dev/null)" ]; then
- mkdir -p "$LOGS_DIR/session-state"
- cp -rp "$SESSION_STATE_SRC/." "$LOGS_DIR/session-state/"
- echo "Copied session state to $LOGS_DIR/session-state"
- else
- echo "No session state found at $SESSION_STATE_SRC"
- fi
+ run: bash "${RUNNER_TEMP}/gh-aw/actions/copy_copilot_session_state.sh"
- name: Stop MCP Gateway
if: always()
continue-on-error: true
@@ -1066,7 +1042,7 @@ jobs:
job-name: ${{ github.job }}
trace-id: ${{ needs.activation.outputs.setup-trace-id }}
env:
- GH_AW_SETUP_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_SETUP_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/test-coverage-improver.lock.yml@${{ github.ref }}
GH_AW_INFO_VERSION: "1.0.40"
- name: Download agent output artifact
@@ -1089,7 +1065,7 @@ jobs:
env:
GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }}
GH_AW_NOOP_MAX: "1"
- GH_AW_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }}
GH_AW_NOOP_REPORT_AS_ISSUE: "true"
@@ -1106,7 +1082,7 @@ jobs:
env:
GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }}
GH_AW_MISSING_TOOL_CREATE_ISSUE: "true"
- GH_AW_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_WORKFLOW_NAME: "Test Coverage Improver"
with:
github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
script: |
@@ -1120,7 +1096,7 @@ jobs:
env:
GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }}
GH_AW_REPORT_INCOMPLETE_CREATE_ISSUE: "true"
- GH_AW_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_WORKFLOW_NAME: "Test Coverage Improver"
with:
github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
script: |
@@ -1134,7 +1110,7 @@ jobs:
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }}
- GH_AW_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }}
GH_AW_WORKFLOW_ID: "test-coverage-improver"
@@ -1178,7 +1154,7 @@ jobs:
destination: ${{ runner.temp }}/gh-aw/actions
job-name: ${{ github.job }}
env:
- GH_AW_SETUP_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_SETUP_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/test-coverage-improver.lock.yml@${{ github.ref }}
GH_AW_INFO_VERSION: "1.0.40"
- name: Check team membership for workflow
@@ -1198,7 +1174,7 @@ jobs:
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
GH_AW_SKIP_QUERY: "is:pr is:open in:title \"[Test Coverage]\""
- GH_AW_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_SKIP_MAX_MATCHES: "1"
with:
script: |
@@ -1226,7 +1202,7 @@ jobs:
GH_AW_ENGINE_MODEL: ${{ needs.agent.outputs.model }}
GH_AW_ENGINE_VERSION: "1.0.40"
GH_AW_WORKFLOW_ID: "test-coverage-improver"
- GH_AW_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_WORKFLOW_NAME: "Test Coverage Improver"
outputs:
code_push_failure_count: ${{ steps.process_safe_outputs.outputs.code_push_failure_count }}
code_push_failure_errors: ${{ steps.process_safe_outputs.outputs.code_push_failure_errors }}
@@ -1247,7 +1223,7 @@ jobs:
job-name: ${{ github.job }}
trace-id: ${{ needs.activation.outputs.setup-trace-id }}
env:
- GH_AW_SETUP_WORKFLOW_NAME: "Weekly Test Coverage Improver"
+ GH_AW_SETUP_WORKFLOW_NAME: "Test Coverage Improver"
GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/test-coverage-improver.lock.yml@${{ github.ref }}
GH_AW_INFO_VERSION: "1.0.40"
- name: Download agent output artifact
diff --git a/.github/workflows/test-coverage-improver.md b/.github/workflows/test-coverage-improver.md
index 2d7fd2c7..c5e4ebee 100644
--- a/.github/workflows/test-coverage-improver.md
+++ b/.github/workflows/test-coverage-improver.md
@@ -1,11 +1,12 @@
---
description: |
- Weekly workflow that analyzes test coverage, identifies under-tested security-critical code paths,
+ Twice-daily workflow that analyzes test coverage, identifies under-tested security-critical code paths,
and creates PRs with additional tests. Focuses on iptables manipulation, Squid ACL rules,
container security, and domain validation - the core security components of the firewall.
on:
- schedule: weekly
+ schedule:
+ - cron: '0 8,20 * * *'
workflow_dispatch:
skip-if-match:
query: 'is:pr is:open in:title "[Test Coverage]"'
@@ -102,7 +103,7 @@ steps:
} >> "$GITHUB_OUTPUT"
---
-# Weekly Test Coverage Improver
+# Test Coverage Improver
You are a security-focused test engineer for `${{ github.repository }}`. Your mission is to systematically improve test coverage, prioritizing security-critical code paths in this network firewall tool.
@@ -141,6 +142,7 @@ Good tests should:
- ❌ Submit failing tests
- ❌ Reduce coverage in any file
- ❌ Remove or modify existing passing tests
+- ❌ Use `sudo` or the `awf` CLI — you are already running inside the sandbox; run `npm test` directly
## Your Task