Severity: High.
Summary: In a Copilot CLI session, content-exclusion enforcement entered a broad-block state. After it triggered, EVERY shell command and file write was denied, including paths no rule should match: /dev/null, the date binary, the agent ~/.copilot/session-state workspace, and an empty dir ~/git/create_cluster. A concurrent Copilot CLI session in the same environment wrote to the same directory with no problem, so this is session-local poisoned state, not a real path rule.
Version: copilot 1.0.64-0
Env: Linux (WSL), cwd /home/hugues/git/create_cluster (empty).
Steps to reproduce: 1) Run a session doing kubectl/file ops under ~/git. 2) Right after a kubectl get produced output, enforcement flipped to broad-block. 3) From then on all commands failed with: Access denied: "/" is excluded by organization content policy (e.g. echo probe-$(date) denied on .../create_cluster/date; gh auth status denied on .../create_cluster/auth; file create at ~/.copilot/session-state/.../probe.txt denied). 4) A concurrent session was unaffected and wrote files in the same dir.
Expected: Only configured content-exclusion globs are blocked; /dev/null, binaries, and the agent workspace stay usable; the state is not session-sticky.
Actual: Whole working tree + all commands blocked for the rest of THAT session; the CWD itself is reported as excluded; other sessions are fine.
Additional context / questions: 1) What rule matches .../create_cluster and why does it cascade to /dev/null and binaries? 2) Is CWD-relative resolution of the command first token intended? 3) Why is the block sticky to one session while a concurrent session is fine — is a failure state cached?
Severity: High.
Summary: In a Copilot CLI session, content-exclusion enforcement entered a broad-block state. After it triggered, EVERY shell command and file write was denied, including paths no rule should match: /dev/null, the
datebinary, the agent ~/.copilot/session-state workspace, and an empty dir ~/git/create_cluster. A concurrent Copilot CLI session in the same environment wrote to the same directory with no problem, so this is session-local poisoned state, not a real path rule.Version: copilot 1.0.64-0
Env: Linux (WSL), cwd /home/hugues/git/create_cluster (empty).
Steps to reproduce: 1) Run a session doing kubectl/file ops under ~/git. 2) Right after a kubectl get produced output, enforcement flipped to broad-block. 3) From then on all commands failed with: Access denied: "/" is excluded by organization content policy (e.g. echo probe-$(date) denied on .../create_cluster/date; gh auth status denied on .../create_cluster/auth; file create at ~/.copilot/session-state/.../probe.txt denied). 4) A concurrent session was unaffected and wrote files in the same dir.
Expected: Only configured content-exclusion globs are blocked; /dev/null, binaries, and the agent workspace stay usable; the state is not session-sticky.
Actual: Whole working tree + all commands blocked for the rest of THAT session; the CWD itself is reported as excluded; other sessions are fine.
Additional context / questions: 1) What rule matches .../create_cluster and why does it cascade to /dev/null and binaries? 2) Is CWD-relative resolution of the command first token intended? 3) Why is the block sticky to one session while a concurrent session is fine — is a failure state cached?