Defer cache-memory saves until after threat detection validates agent output

[Copilot]

Summary

Successfully implemented cache-memory artifact-based updates to ensure memories are only saved to cache after threat detection validates the agent's output.

Changes Made

• Modified generateCacheMemorySteps to use actions/cache/restore instead of actions/cache when threat detection is enabled, preventing automatic cache saves via post-action
• Created buildUpdateCacheMemoryJob function that generates a new job to download cache-memory artifacts and save them to GitHub Actions cache after detection passes
• Integrated update_cache_memory job into the compiler workflow building process in compiler_jobs.go
• Added actions/cache/save@v4 to actions-lock.json for explicit cache saving
• Comprehensive tests added in cache_memory_threat_detection_test.go covering:
  • Single cache with threat detection
  • Multiple caches with threat detection
  • Restore-only caches with threat detection
  • Cache without threat detection (baseline)
• Updated action_pins_test.go to reflect the new action pin count
• Validated with unit tests - all tests passing
• Manual verification - compiled test workflow confirms correct behavior
• Added security documentation in memory.md explaining delayed cache updates
• Added cache-memory to smoke test workflows for continuous validation in production
• Merged main branch - resolved conflicts and integrated latest changes
• Fixed module missing error - added update_pr_description_helpers to JavaScript sources map

How It Works

Before (Issue):

1. Agent job used actions/cache which auto-saves cache via post-action
2. Cache was updated BEFORE detection job ran
3. Potentially malicious memory changes could be saved before validation

After (Fixed):

1. Agent job uses actions/cache/restore (no auto-save)
2. Agent job uploads cache-memory as artifacts
3. Detection job validates agent output
4. New update_cache_memory job downloads artifacts and saves to cache ONLY if detection succeeds
5. Cache is updated AFTER validation

Documentation

Added security section to memory.md explaining:

• How delayed cache updates work with threat detection
• The 5-step process for cache validation
• Security benefits of deferring cache updates

Smoke Test Coverage

Added cache-memory configuration to the following smoke test workflows to validate the feature with real agentic workloads:

• smoke-copilot
• smoke-claude
• smoke-codex
• smoke-copilot-no-firewall
• smoke-copilot-playwright

Each workflow now includes cache memory test requirements to verify that cache-memory functionality works correctly and that the delayed cache update behavior operates as expected when threat detection is enabled.

Bug Fix

Fixed module missing error where update_pr_description_helpers.cjs was not available to the bundler when processing update_pull_request.cjs. The module was registered in scripts.go but missing from the GetJavaScriptSources() map in js.go.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Modify agentic job to upload memories as artifacts instead of cache</issue_title>
<issue_description>## Objective

Update the agentic job implementation to upload cache memories as artifacts at the end of execution, rather than updating cache directly.

Context

Currently, cache memories are updated too early in the agentic job. We need to defer the cache update until after detection has run, so memories are uploaded as artifacts first.

Approach

1. Locate the code that handles cache memory updates in agentic jobs (likely in pkg/workflow/js/*.cjs or workflow compiler)
2. Replace cache update logic with artifact upload logic
3. Ensure artifacts are named consistently for detection job to find them (e.g., cache-memory-{workflow-id})
4. Remove early cache update calls

Files to Investigate

• pkg/workflow/js/*.cjs - JavaScript files that handle cache operations
• pkg/workflow/compiler.go or related - Workflow compiler that generates job steps
• pkg/workflow/templates/ - Any templates used for job generation

Acceptance Criteria

• Agentic jobs upload memories as artifacts at job end
• Cache is NOT updated directly in agentic jobs (when detection is enabled)
• Artifact naming is consistent and predictable for downstream jobs
• Existing tests pass or are updated appropriately
  Related to [plan] Update cache memory handling for detection workflow #5762

AI generated by Plan Command for #5760

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Modify agentic job to upload memories as artifacts instead of cache #5763

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

---

Changeset

• Type: patch
• Description: Defer cache-memory saves until after threat detection validates agent output. Agent uploads cache-memory artifacts and a new update_cache_memory job saves them to the Actions cache only after detection succeeds.

🏴‍☠️ Ahoy! This treasure was crafted by Changeset Generator

---

---

Smoke Test Summary - Run 20008666097

Timestamp: 2025-12-07T18:44:16Z
Status: FAIL
Summary: 5/6 tests passed - gh safe-input tool requires GH_TOKEN authentication

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall

[pelikhan]

@copilot add security section in memory docs about delayed updates

[Copilot]

@copilot add security section in memory docs about delayed updates

Added security section to memory.md documenting the delayed cache update behavior with threat detection. The section explains the 5-step validation process and security benefits of deferring cache updates until after detection succeeds.

Commit: 440dc66

[pelikhan]

@copilot add caches to smoke agentic workflows

[Copilot]

@copilot add caches to smoke agentic workflows

Added cache-memory: true to all main smoke test workflows (smoke-copilot, smoke-claude, smoke-codex, smoke-copilot-no-firewall, smoke-copilot-playwright). Each workflow now includes a cache memory test requirement to verify the cache-memory functionality.

These workflows will test the delayed cache update behavior with threat detection since they all have safe-outputs configured. The cache will be saved via the update_cache_memory job only after threat detection passes.

Commit: 013a92a

[pelikhan]

@copilot merge main

[pelikhan]

@copilot merge main

[Copilot]

@copilot merge main

Merged main branch successfully. Resolved conflicts in smoke test workflows by combining both test requirements - kept cache-memory testing from this branch and added safe-input gh tool testing from main. All unit tests pass.

Commits: f494879 (merge) and a96260d (recompile)

[pelikhan]

@copilot add issues: read permissions to smoke agentic workflows. In strict mode, extra read permissions is a warning, not an error.

[Copilot]

@copilot fix #5772 (comment)

Fixed the module missing error. The issue was that update_pr_description_helpers.cjs was registered in scripts.go but not included in the GetJavaScriptSources() map in js.go, causing the bundler to fail when update_pull_request.cjs tried to require it.

Added the missing embed directive and map entry to make the module available to the bundler.

Commit: ea7e41f

[github-actions]

🤖 SYSTEM_INIT: Smoke Copilot No Firewall ACTIVATED. PROCESSING pull request. ALL SUBSYSTEMS ONLINE.

[github-actions]

📰 BREAKING: Smoke Copilot Playwright is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

📰🚀🔍👀📡🕵️ https://github.com/githubnext/gh-aw/actions/runs/20008666116

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

Smoke Test Results - Run 20008666097

Timestamp: 2025-12-07T18:44:16Z

Test Results:

• ✅ GitHub MCP: Retrieved last 2 merged PRs (Add expires field with relative time support to create-discussion, create-issue, and create-pull-request for auto-closing #5775, Add shared/gh.md import and gh issues list test to smoke workflows #5776)
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-20008666097.txt
• ✅ Bash Tool: Verified file creation successful
• ✅ Playwright MCP: Navigated to GitHub, title contains "GitHub"
• ✅ Cache Memory: Created /tmp/gh-aw/cache-memory/smoke-test-20008666097.txt
• ❌ Safe Input gh Tool: Requires GH_TOKEN authentication

Overall Status: FAIL (gh tool authentication issue)

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #5772 🗺️

[Copilot]

@copilot add issues: read permissions to smoke agentic workflows. In strict mode, extra read permissions is a warning, not an error.

All smoke test workflows already have issues: read permissions in their frontmatter (lines 14 in each workflow). The compiled lock files also include this permission at the top level. No changes needed - the workflows are correctly configured.

[github-actions]

Smoke Test Results - Claude

Last 2 PRs:

• Add expires field with relative time support to create-discussion, create-issue, and create-pull-request for auto-closing #5775: Add expires field with relative time support
• Defer cache-memory updates until after successful threat detection #5778: Defer cache-memory updates until after successful threat detection (draft)

Tests:

• ✅ GitHub MCP
• ✅ File Writing
• ✅ Bash Tool
• ✅ Playwright MCP
• ✅ Cache Memory
• ✅ gh Safe-Input Tool

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #5772 🗺️

[github-actions]

Smoke Test Results

✅ Playwright MCP: Successfully navigated to GitHub.com (title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
✅ Cache Memory: Successfully created /tmp/gh-aw/cache-memory/smoke-test-20008666111.txt
✅ Safe Input gh Tool: Successfully ran gh issue list --limit 3

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #5772 🗺️

[github-actions]

Smoke Test Results: Copilot Engine

✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-20008666116.txt successfully
✅ Bash Tool: Verified file creation with cat
❌ GitHub MCP: gh-aw extension not available in environment
❌ Serena MCP: gh-aw extension not available in environment
❌ Safe Input gh Tool: gh CLI not authenticated in workflow environment

Status: FAIL - Critical tools (gh-aw, jq, authenticated gh) unavailable in workflow execution environment

📰🔥📋 https://github.com/githubnext/gh-aw/actions/runs/20008666116 fer issue #5772 🗺️

[github-actions]

Last merged PRs: #5776 "Add shared/gh.md import and gh issues list test to smoke workflows"; #5775 "Add expires field with relative time support to create-discussion, create-issue, and create-pull-request for auto-closing"
GitHub MCP: ✅
Agent file write+cat: ✅
Cache memory file: ✅
Playwright title contains "GitHub": ✅
gh issues list safe-input: ❌ (gh CLI unauthenticated in this env)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #5772 🗺️