mirror of
https://github.com/clash-verge-rev/clash-verge-rev.git
synced 2026-04-13 05:20:28 +08:00
1f32546404
After updating to gh-aw v0.62.5, the compiled workflow introduced automatic integrity-based lockdown via the determine-automatic-lockdown step. When only the default GITHUB_TOKEN is available (no PAT configured), this script sets GITHUB_MCP_GUARD_MIN_INTEGRITY to 'approved', which blocks the agent from reading PR content from external contributors (they have lower-than-approved integrity). Fix: Set GITHUB_MCP_GUARD_MIN_INTEGRITY to empty string and remove the min-integrity guard-policy from the GitHub MCP server config so the agent can read all incoming PR content, which is the entire purpose of this workflow. The repo restriction (GITHUB_MCP_GUARD_REPOS) is kept intact. Note: gh aw compile is not available in this environment (private extension, 403 Forbidden), so this is a direct manual edit to the lock file as an exception to the normal compile-based workflow. Co-authored-by: Tunglies <77394545+Tunglies@users.noreply.github.com> Agent-Logs-Url: https://github.com/clash-verge-rev/clash-verge-rev/sessions/24bdd1b4-1def-43ff-b676-a4f73ba9b267