Summary
When the apply_samples driver replays a create_pull_request sample inside the agent job, the resulting bundle / patch contains files that were not declared in the sample patch — specifically host runtime artefacts such as .local/state/gh/device-id that get written into the workspace by the gh CLI during agent setup.
These extra files trigger protected_files_policy: request_review in the safe-outputs handler, so the safe-outputs job creates a fallback issue instead of the intended pull request, and the workflow exits successfully with no PR.
Reproduction
Evidence
safe_outputs job log:
Processing create_pull_request: title=Multi-commit test from Copilot, ...
Patch file path: /tmp/gh-aw/aw-githubnext-gh-aw-side-repo-gh-aw-sample-copilot-siderepo-multi-commit.patch
...
##[warning]Protected file protection triggered (request_review): .local/state/gh/device-id. Will create pull request with caution and request-changes review.
...
git diff-tree -r --raw <commit-sha>
:000000 100644 0000... cac197... A .local/state/gh/device-id
:000000 100644 0000... 75b21f... A README-test.md
...
##[error]Git push failed: pushSignedCommits: refusing unsigned push for branch '...': Signed-commit payload violates file-protection policy (request_review): .local/state/gh/device-id
##[warning]Git push operation failed - creating fallback issue instead of pull request
Created fallback issue #152: https://github.com/githubnext/gh-aw-side-repo/issues/152
The sample patch only declares README-test.md. apply_samples likely uses git add -A (or equivalent) when staging the sample commit, picking up workspace pollution.
Suggested fix
apply_samples should stage only the files declared in the sample patch (e.g. git apply --index <patch> or apply + diff-list-then-add), never git add -A. That way runtime artefacts placed in the workspace by other actions don't leak into sample bundles.
Impact
Summary
When the apply_samples driver replays a
create_pull_requestsample inside the agent job, the resulting bundle / patch contains files that were not declared in the sample patch — specifically host runtime artefacts such as.local/state/gh/device-idthat get written into the workspace by theghCLI during agent setup.These extra files trigger
protected_files_policy: request_reviewin the safe-outputs handler, so the safe-outputs job creates a fallback issue instead of the intended pull request, and the workflow exits successfully with no PR.Reproduction
githubnext/gh-aw-testEvidence
safe_outputsjob log:The sample patch only declares
README-test.md.apply_sampleslikely usesgit add -A(or equivalent) when staging the sample commit, picking up workspace pollution.Suggested fix
apply_samplesshould stage only the files declared in the sample patch (e.g.git apply --index <patch>or apply + diff-list-then-add), nevergit add -A. That way runtime artefacts placed in the workspace by other actions don't leak into sample bundles.Impact