From 328a4d19916f645aeaf0d8484c4cf9f331fe1c5f Mon Sep 17 00:00:00 2001 From: Mara Nikola Kiefer Date: Mon, 11 May 2026 10:38:32 +0200 Subject: [PATCH 1/5] feat: add otel-queries skill for efficient telemetry analysis --- .github/skills/agentic-workflows/SKILL.md | 5 +- ...fana-otel-instrumentation-advisor.lock.yml | 28 +- ...ly-grafana-otel-instrumentation-advisor.md | 1 + ...aily-otel-instrumentation-advisor.lock.yml | 28 +- .../daily-otel-instrumentation-advisor.md | 1 + .github/workflows/shared/otel-queries.md | 3 + AGENTS.md | 1 + skills/otel-queries/SKILL.md | 291 ++++++++++++++++++ 8 files changed, 331 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/shared/otel-queries.md create mode 100644 skills/otel-queries/SKILL.md diff --git a/.github/skills/agentic-workflows/SKILL.md b/.github/skills/agentic-workflows/SKILL.md index 7548b40809f..e748245fcdd 100644 --- a/.github/skills/agentic-workflows/SKILL.md +++ b/.github/skills/agentic-workflows/SKILL.md @@ -7,6 +7,9 @@ description: Router skill for gh-aw workflow tasks. Load `.github/agents/agentic Use this skill when a user asks to create, update, debug, or upgrade GitHub Agentic Workflows. +When the task involves OTEL, OTLP, traces, observability backends, or telemetry-driven analysis, also read `/skills/otel-queries/SKILL.md` after loading the matching workflow prompt. + 1. Read `.github/agents/agentic-workflows.agent.md` (also referred to as `.github/actions/agentic-workflows.agent.md` in older notes). 2. Select and read the matching prompt from `.github/aw/*.md`. -3. Follow that prompt directly and keep responses concise. +3. If the task is telemetry-driven, also read `/skills/otel-queries/SKILL.md` and use its fixed query loop. +4. Follow the loaded prompt directly and keep responses concise. diff --git a/.github/workflows/daily-grafana-otel-instrumentation-advisor.lock.yml b/.github/workflows/daily-grafana-otel-instrumentation-advisor.lock.yml index 3397a09970e..8608c7a733f 100644 --- a/.github/workflows/daily-grafana-otel-instrumentation-advisor.lock.yml +++ b/.github/workflows/daily-grafana-otel-instrumentation-advisor.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"16aaca756cb7115cd6a5b895469ba865f404b2aa60517dd75a1ec7184690ca5b","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"37678d5276c5f1df62c180060d026f97df4c206c7259fc74c30181a83dac749f","strict":true,"agent_id":"claude"} # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_ENDPOINT","GH_AW_OTEL_HEADERS","GITHUB_TOKEN","GRAFANA_SERVICE_ACCOUNT_TOKEN","GRAFANA_URL"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.43"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.6","digest":"sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.6@sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c"},{"image":"ghcr.io/github/github-mcp-server:v1.0.3","digest":"sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.3@sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959"},{"image":"grafana/mcp-grafana","digest":"sha256:60a4e3a417a69eeb864a72052c53b4aa4466ff3577d6ef9bacc671f4b77d7090","pinned_image":"grafana/mcp-grafana@sha256:60a4e3a417a69eeb864a72052c53b4aa4466ff3577d6ef9bacc671f4b77d7090"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) @@ -28,6 +28,7 @@ # Imports: # - shared/daily-audit-discussion.md # - shared/observability-otlp.md +# - shared/otel-queries.md # - shared/reporting.md # - shared/daily-audit-base.md # @@ -204,20 +205,20 @@ jobs: run: | bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh" { - cat << 'GH_AW_PROMPT_e4af1ba7c073141a_EOF' + cat << 'GH_AW_PROMPT_6f5e5e0d76f1eb7c_EOF' - GH_AW_PROMPT_e4af1ba7c073141a_EOF + GH_AW_PROMPT_6f5e5e0d76f1eb7c_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_e4af1ba7c073141a_EOF' + cat << 'GH_AW_PROMPT_6f5e5e0d76f1eb7c_EOF' Tools: create_issue, create_discussion, missing_tool, missing_data, noop - GH_AW_PROMPT_e4af1ba7c073141a_EOF + GH_AW_PROMPT_6f5e5e0d76f1eb7c_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md" - cat << 'GH_AW_PROMPT_e4af1ba7c073141a_EOF' + cat << 'GH_AW_PROMPT_6f5e5e0d76f1eb7c_EOF' The following GitHub context information is available for this workflow: {{#if __GH_AW_GITHUB_ACTOR__ }} @@ -246,14 +247,15 @@ jobs: {{/if}} - GH_AW_PROMPT_e4af1ba7c073141a_EOF + GH_AW_PROMPT_6f5e5e0d76f1eb7c_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_e4af1ba7c073141a_EOF' + cat << 'GH_AW_PROMPT_6f5e5e0d76f1eb7c_EOF' + {{#runtime-import .github/workflows/shared/otel-queries.md}} {{#runtime-import .github/workflows/shared/observability-otlp.md}} {{#runtime-import .github/workflows/shared/reporting.md}} {{#runtime-import .github/workflows/daily-grafana-otel-instrumentation-advisor.md}} - GH_AW_PROMPT_e4af1ba7c073141a_EOF + GH_AW_PROMPT_6f5e5e0d76f1eb7c_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -470,9 +472,9 @@ jobs: mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs" mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_f527e753ee36f9f7_EOF' + cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_e77785751739c4a5_EOF' {"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[grafana-otel-advisor] "},"create_issue":{"close_older_issues":true,"expires":168,"labels":["observability","developer-experience","automated-analysis"],"max":1,"title_prefix":"[grafana-otel-advisor] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}} - GH_AW_SAFE_OUTPUTS_CONFIG_f527e753ee36f9f7_EOF + GH_AW_SAFE_OUTPUTS_CONFIG_e77785751739c4a5_EOF - name: Generate Safe Outputs Tools env: GH_AW_TOOLS_META_JSON: | @@ -702,7 +704,7 @@ jobs: export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e GRAFANA_SERVICE_ACCOUNT_TOKEN -e GRAFANA_URL -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.6' GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_9dd7ba9be2a0187d_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_99f015fb60e43827_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { "grafana": { @@ -753,7 +755,7 @@ jobs: } } } - GH_AW_MCP_CONFIG_9dd7ba9be2a0187d_EOF + GH_AW_MCP_CONFIG_99f015fb60e43827_EOF - name: Mount MCP servers as CLIs id: mount-mcp-clis continue-on-error: true diff --git a/.github/workflows/daily-grafana-otel-instrumentation-advisor.md b/.github/workflows/daily-grafana-otel-instrumentation-advisor.md index 4f1e0404fd6..df4417cb21f 100644 --- a/.github/workflows/daily-grafana-otel-instrumentation-advisor.md +++ b/.github/workflows/daily-grafana-otel-instrumentation-advisor.md @@ -41,6 +41,7 @@ imports: title-prefix: "[grafana-otel-advisor] " expires: 3d + - shared/otel-queries.md - shared/observability-otlp.md --- diff --git a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml index 3926663778a..bb777ad6960 100644 --- a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml +++ b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"508ed3c645a7345809d35847956dac3620f4c468c13ae40e27d51b73ba47c7f7","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8e5986cbb2d3d0fa2c59905733a2d1f5d65025c9089443bd4c72b9ccc04edaa8","strict":true,"agent_id":"claude"} # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_ENDPOINT","GH_AW_OTEL_HEADERS","GITHUB_TOKEN","SENTRY_API_KEY"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.43"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.6","digest":"sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.6@sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c"},{"image":"ghcr.io/github/github-mcp-server:v1.0.3","digest":"sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.3@sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) @@ -28,6 +28,7 @@ # Imports: # - shared/daily-audit-discussion.md # - shared/observability-otlp.md +# - shared/otel-queries.md # - shared/reporting.md # - shared/daily-audit-base.md # @@ -202,20 +203,20 @@ jobs: run: | bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh" { - cat << 'GH_AW_PROMPT_b416332d5fa19b3f_EOF' + cat << 'GH_AW_PROMPT_4792422acbddace2_EOF' - GH_AW_PROMPT_b416332d5fa19b3f_EOF + GH_AW_PROMPT_4792422acbddace2_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_b416332d5fa19b3f_EOF' + cat << 'GH_AW_PROMPT_4792422acbddace2_EOF' Tools: create_issue, create_discussion, missing_tool, missing_data, noop - GH_AW_PROMPT_b416332d5fa19b3f_EOF + GH_AW_PROMPT_4792422acbddace2_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md" - cat << 'GH_AW_PROMPT_b416332d5fa19b3f_EOF' + cat << 'GH_AW_PROMPT_4792422acbddace2_EOF' The following GitHub context information is available for this workflow: {{#if __GH_AW_GITHUB_ACTOR__ }} @@ -244,14 +245,15 @@ jobs: {{/if}} - GH_AW_PROMPT_b416332d5fa19b3f_EOF + GH_AW_PROMPT_4792422acbddace2_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_b416332d5fa19b3f_EOF' + cat << 'GH_AW_PROMPT_4792422acbddace2_EOF' + {{#runtime-import .github/workflows/shared/otel-queries.md}} {{#runtime-import .github/workflows/shared/observability-otlp.md}} {{#runtime-import .github/workflows/shared/reporting.md}} {{#runtime-import .github/workflows/daily-otel-instrumentation-advisor.md}} - GH_AW_PROMPT_b416332d5fa19b3f_EOF + GH_AW_PROMPT_4792422acbddace2_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -468,9 +470,9 @@ jobs: mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs" mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_2adb7f85ecacf40e_EOF' + cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_7505acba85507a01_EOF' {"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[otel-advisor] "},"create_issue":{"close_older_issues":true,"expires":168,"labels":["observability","developer-experience","automated-analysis"],"max":1,"title_prefix":"[otel-advisor] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}} - GH_AW_SAFE_OUTPUTS_CONFIG_2adb7f85ecacf40e_EOF + GH_AW_SAFE_OUTPUTS_CONFIG_7505acba85507a01_EOF - name: Generate Safe Outputs Tools env: GH_AW_TOOLS_META_JSON: | @@ -699,7 +701,7 @@ jobs: export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e SENTRY_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.6' GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_11e70d0dece1de73_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_bdd7dd8fe074021b_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { "safeoutputs": { @@ -747,7 +749,7 @@ jobs: } } } - GH_AW_MCP_CONFIG_11e70d0dece1de73_EOF + GH_AW_MCP_CONFIG_bdd7dd8fe074021b_EOF - name: Mount MCP servers as CLIs id: mount-mcp-clis continue-on-error: true diff --git a/.github/workflows/daily-otel-instrumentation-advisor.md b/.github/workflows/daily-otel-instrumentation-advisor.md index 1f522961622..d3fd88e612c 100644 --- a/.github/workflows/daily-otel-instrumentation-advisor.md +++ b/.github/workflows/daily-otel-instrumentation-advisor.md @@ -36,6 +36,7 @@ imports: title-prefix: "[otel-advisor] " expires: 3d + - shared/otel-queries.md - shared/observability-otlp.md --- diff --git a/.github/workflows/shared/otel-queries.md b/.github/workflows/shared/otel-queries.md new file mode 100644 index 00000000000..e0fd254134b --- /dev/null +++ b/.github/workflows/shared/otel-queries.md @@ -0,0 +1,3 @@ +Read `/skills/otel-queries/SKILL.md` before starting telemetry analysis and use it as the default query playbook. + +Prefer the cheapest trustworthy telemetry source first, run the skill's common query set, and only propose follow-on optimization after confirming one concrete bottleneck or observability gap. \ No newline at end of file diff --git a/AGENTS.md b/AGENTS.md index 593c824fdb7..9f893910885 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1286,6 +1286,7 @@ Skills provide specialized, detailed knowledge on specific topics. **Use them on - **[custom-agents](skills/custom-agents/SKILL.md)** - GitHub custom agent file format - **[gh-agent-session](skills/gh-agent-session/SKILL.md)** - GitHub CLI agent session extension - **adding-new-engines** - Comprehensive guide for adding new agentic engines (AI coding agents) +- **[otel-queries](skills/otel-queries/SKILL.md)** - Fixed OTEL query loop for gh-aw spans: use local JSONL mirrors or live backends, answer telemetry questions efficiently, and only then drive follow-on optimization when needed ### Safe Outputs & Features - **[temporary-id-safe-output](skills/temporary-id-safe-output/SKILL.md)** - Adding temporary ID support to safe output jobs diff --git a/skills/otel-queries/SKILL.md b/skills/otel-queries/SKILL.md new file mode 100644 index 00000000000..715dcac4c1f --- /dev/null +++ b/skills/otel-queries/SKILL.md @@ -0,0 +1,291 @@ +--- +name: otel-queries +description: Query and interpret gh-aw OpenTelemetry data efficiently, using a fixed analysis loop over local JSONL mirrors or live OTLP backends to answer telemetry questions and support downstream decisions. +--- + +# OTel Queries + +Use this skill when a task requires an agent to inspect OpenTelemetry or OTLP data from gh-aw and answer telemetry questions efficiently. + +This skill exists to avoid wasting prompt budget on rediscovering the same trace fields, backend filters, and diagnostic questions. + +## When To Use + +Use this skill for requests such as: + +- analyze OTEL or OTLP data +- inspect traces in Grafana, Tempo, Sentry, Honeycomb, or Datadog +- explain why a workflow or agent run is slow or failing +- compare run phases, error clusters, or span attributes +- identify the best observability or performance improvement +- close the loop from telemetry into code or workflow changes + +Do not use this skill for instrumentation-only tasks that do not require reading telemetry. For pure emit-side work, start with the existing OTLP code and docs. + +## Primary Goal + +Reduce a broad telemetry task to one tight loop: + +1. Find the cheapest trustworthy telemetry source. +2. Run a small fixed set of common queries. +3. Confirm one concrete bottleneck, missing attribute, or broken correlation path. +4. Answer the user's telemetry question directly. +5. Recommend or implement a follow-on optimization only when the evidence supports it. + +## Telemetry Sources In Priority Order + +Prefer sources in this order unless the user says otherwise: + +1. Local artifacts or mirrors already in the workspace. +2. `/tmp/gh-aw/otel.jsonl` for gh-aw spans. +3. `/tmp/gh-aw/copilot-otel.jsonl` for Copilot CLI spans. +4. Live OTLP backend data through an MCP server or supported tool. +5. Static code inspection only, when no telemetry is available. + +Use the cheapest source that can disconfirm the current hypothesis. + +## Standard Analysis Loop + +Always answer these questions in order before expanding scope. + +### 1. Do spans exist for the run or workflow at all? + +Look for: + +- `traceId` +- span `name` +- `service.name` +- `github.repository` +- `github.run_id` + +If these are missing, the problem is likely export, filtering, or trace propagation rather than optimization. + +### 2. Is trace continuity intact? + +Check whether spans that should belong together share the same: + +- trace ID +- parent span lineage +- run ID +- workflow reference + +If setup, agent, and conclusion spans are not connected, fix correlation before interpreting latency. + +### 3. Which phase is actually slow or failing? + +Bucket spans into phases: + +- setup +- agent execution +- tool or safe-output calls +- conclusion + +Prefer wall-clock duration and count by span name prefix before reading code. + +### 4. Do the spans contain enough attributes to explain the slowdown or failure? + +Minimum diagnostic attributes to verify: + +- `service.version` +- `deployment.environment` +- `github.repository` +- `github.run_id` +- `github.event_name` +- `github.workflow_ref` +- `gh-aw.workflow` +- `gh-aw.engine` +- conclusion or failure attributes + +If the slow or failing span lacks the attribute needed to group, filter, or explain it, the right next step may be an instrumentation change rather than a runtime change. + +### 5. Is the problem systemic or isolated? + +Check whether the pattern repeats across: + +- multiple runs of the same workflow +- multiple jobs in the same trace +- one engine only +- one event type only +- one environment only + +Do not propose broad architectural changes for a single outlier trace. + +## Common Queries + +Use these backend-agnostic query shapes first. Translate them into the native query language or MCP tool calls for the active backend. + +### Query 1: Recent gh-aw spans + +Filter for the last 24 hours and `service.name = gh-aw`. + +Return: + +- timestamp +- trace ID +- span name +- duration +- status +- `github.run_id` +- `github.workflow_ref` + +### Query 2: Slowest spans by name + +Group by span name and sort by: + +- p95 duration +- max duration +- count + +Use this to find whether the bottleneck is setup, agent, tool, or conclusion work. + +### Query 3: Errors by span name + +Filter for error status and group by: + +- span name +- status message +- workflow ref +- engine + +Use this to separate exporter failures from workflow logic failures. + +### Query 4: Missing core attributes + +Sample recent spans and explicitly record whether each span includes: + +- `service.version` +- `github.repository` +- `github.run_id` +- `github.event_name` +- `deployment.environment` + +If a backend supports `has` or `exists` filters, use them. Otherwise inspect a small sample manually. + +### Query 5: Trace integrity for one failing run + +Pick one trace ID and inspect the full trace. Record: + +- root span name +- child spans present +- missing expected spans +- parent-child continuity gaps + +### Query 6: Repeated cost or latency hotspot + +For agent-heavy traces, group by: + +- engine +- workflow +- job +- tool span name + +Then compare count, total duration, and p95 duration. + +## Local JSONL Recipes + +When telemetry is available as JSONL, prefer shell plus `jq` over broad file reading. + +### Recent spans + +```bash +jq -c '.resourceSpans[]?.scopeSpans[]?.spans[]? | {traceId, name, startTimeUnixNano, endTimeUnixNano, status, attributes}' /tmp/gh-aw/otel.jsonl +``` + +### Filter by span name prefix + +```bash +jq -c '.resourceSpans[]?.scopeSpans[]?.spans[]? | select(.name | startswith("gh-aw."))' /tmp/gh-aw/otel.jsonl +``` + +### Extract one attribute by key + +```bash +jq -r '.resourceSpans[]?.scopeSpans[]?.spans[]? as $span | $span.attributes[]? | select(.key == "github.run_id") | .value.stringValue' /tmp/gh-aw/otel.jsonl +``` + +### Find spans missing an attribute + +```bash +jq -c '.resourceSpans[]?.scopeSpans[]?.spans[]? | select(any(.attributes[]?; .key == "github.run_id") | not) | {traceId, name}' /tmp/gh-aw/otel.jsonl +``` + +### Inspect one trace + +```bash +jq -c '.resourceSpans[]?.scopeSpans[]?.spans[]? | select(.traceId == $traceId)' --arg traceId "TRACE_ID_HERE" /tmp/gh-aw/otel.jsonl +``` + +## Backend Translation Notes + +Adapt the same six common queries to the active backend instead of inventing new analysis questions. + +### Grafana or Tempo + +- Start with datasource or trace search discovery. +- Prefer trace search scoped to `service.name="gh-aw"` and a short time window. +- Use trace detail views to validate parent-child continuity. +- Use derived metrics or span aggregations only after a sample trace confirms the field names. + +### Sentry + +- Search the spans dataset first. +- Fall back to transactions only if spans are unavailable. +- Use one full trace to validate attribute presence; do not infer from issue titles alone. + +### Honeycomb or Datadog + +- Start with dataset or service filters on `service.name`. +- Group by span name and error status. +- Sample raw spans to confirm exact attribute keys before building aggregate conclusions. + +## Follow-On Decisions + +After answering the telemetry question, choose the next step based on the evidence. + +Prioritize in this order: + +1. Broken trace continuity or missing spans. +2. Missing attributes that block filtering, correlation, or incident response. +3. High-frequency latency hotspot with a narrow owner. +4. High-severity error cluster with a narrow owner. +5. Dashboard or query ergonomics improvements. + +Prefer the smallest change that unlocks the most operational clarity. + +## Output Contract + +When using this skill, produce findings in this shape: + +1. Telemetry source used. +2. The question answered. +3. One confirmed bottleneck, observability gap, or healthy result. +4. The exact evidence: span name, trace ID or run ID, attribute presence or absence, and duration or error pattern. +5. The smallest code, workflow, or instrumentation change to make, if one is needed. +6. The validation step that would prove the result or follow-on change. + +## gh-aw Specific Pointers + +Start with these files when telemetry indicates an instrumentation or correlation problem: + +- `actions/setup/js/send_otlp_span.cjs` +- `actions/setup/js/action_setup_otlp.cjs` +- `actions/setup/js/action_conclusion_otlp.cjs` +- `actions/setup/js/otlp.cjs` +- `actions/setup/js/generate_observability_summary.cjs` +- `actions/setup/js/aw_context.cjs` +- `pkg/workflow/observability_otlp.go` +- `docs/src/content/docs/guides/custom-otlp-attributes.md` + +## Anti-Patterns + +Avoid these common mistakes: + +- starting with full-code inspection before checking whether telemetry already proves the issue +- treating a single anomalous trace as a systemic problem +- proposing instrumentation changes without naming the missing attribute or broken correlation edge +- spending prompt budget on backend-specific browsing before confirming the standard six queries +- mixing exporter failures with business-logic failures + +## Expected Result + +After using this skill, the agent should be able to move from raw OTel data to a grounded answer without re-deriving the telemetry playbook. From 23e51a7f9257200406a363f2f3032c00fdb21924 Mon Sep 17 00:00:00 2001 From: Mara Nikola Kiefer <8320933+mnkiefer@users.noreply.github.com> Date: Mon, 11 May 2026 10:46:30 +0200 Subject: [PATCH 2/5] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/workflows/shared/otel-queries.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shared/otel-queries.md b/.github/workflows/shared/otel-queries.md index e0fd254134b..47740199b03 100644 --- a/.github/workflows/shared/otel-queries.md +++ b/.github/workflows/shared/otel-queries.md @@ -1,3 +1,3 @@ -Read `/skills/otel-queries/SKILL.md` before starting telemetry analysis and use it as the default query playbook. +Read `skills/otel-queries/SKILL.md` before starting telemetry analysis and use it as the default query playbook. Prefer the cheapest trustworthy telemetry source first, run the skill's common query set, and only propose follow-on optimization after confirming one concrete bottleneck or observability gap. \ No newline at end of file From 8c1957fc3e866b5cb73b7fa3af0bc65d5eceb89b Mon Sep 17 00:00:00 2001 From: Mara Nikola Kiefer <8320933+mnkiefer@users.noreply.github.com> Date: Mon, 11 May 2026 10:47:10 +0200 Subject: [PATCH 3/5] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/skills/agentic-workflows/SKILL.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/skills/agentic-workflows/SKILL.md b/.github/skills/agentic-workflows/SKILL.md index e748245fcdd..53adfadea00 100644 --- a/.github/skills/agentic-workflows/SKILL.md +++ b/.github/skills/agentic-workflows/SKILL.md @@ -7,9 +7,9 @@ description: Router skill for gh-aw workflow tasks. Load `.github/agents/agentic Use this skill when a user asks to create, update, debug, or upgrade GitHub Agentic Workflows. -When the task involves OTEL, OTLP, traces, observability backends, or telemetry-driven analysis, also read `/skills/otel-queries/SKILL.md` after loading the matching workflow prompt. +When the task involves OTEL, OTLP, traces, observability backends, or telemetry-driven analysis, also read `skills/otel-queries/SKILL.md` after loading the matching workflow prompt. 1. Read `.github/agents/agentic-workflows.agent.md` (also referred to as `.github/actions/agentic-workflows.agent.md` in older notes). 2. Select and read the matching prompt from `.github/aw/*.md`. -3. If the task is telemetry-driven, also read `/skills/otel-queries/SKILL.md` and use its fixed query loop. +3. If the task is telemetry-driven, also read `skills/otel-queries/SKILL.md` and use its fixed query loop. 4. Follow the loaded prompt directly and keep responses concise. From 6644b7a08b1b5b09c5c76f333d0a25347bc7c5af Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 09:15:13 +0000 Subject: [PATCH 4/5] chore: start lint and test follow-up Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- .github/workflows/lockfile-stats.lock.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index 4838aea3ac4..5fe2c8893e7 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -259,7 +259,6 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_ENGINE_ID: "claude" - GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); From 104d4913eb83fcce72b174a40ee886e3ecfbbd5d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 09:25:56 +0000 Subject: [PATCH 5/5] fix lint and test failures Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- pkg/cli/forecast.go | 11 +++---- pkg/cli/forecast_montecarlo.go | 13 +++----- pkg/cli/forecast_montecarlo_test.go | 31 +++++++++---------- pkg/workflow/action_pins_test.go | 10 +++--- .../basic-copilot.golden | 8 ++--- .../playwright-cli-mode.golden | 8 ++--- .../smoke-copilot.golden | 8 ++--- .../with-imports.golden | 8 ++--- 8 files changed, 45 insertions(+), 52 deletions(-) diff --git a/pkg/cli/forecast.go b/pkg/cli/forecast.go index 00c5d789777..6ef782d4dd5 100644 --- a/pkg/cli/forecast.go +++ b/pkg/cli/forecast.go @@ -916,11 +916,11 @@ func renderForecastTable(output ForecastResult, config ForecastConfig) error { // multi-run episodes (i.e. orchestrator-style workflows dispatching sub-workflows). func printEpisodeBreakdown(workflows []ForecastWorkflowResult) { type episodeRow struct { - Workflow string `json:"workflow" console:"header:Workflow"` - Episodes int `json:"episodes" console:"header:Episodes"` - RunsPerEpisode string `json:"runs_per_episode" console:"header:Runs/Episode"` - AvgETPerEpisode string `json:"avg_et_per_episode" console:"header:Avg ET/Episode"` - EpisodesPerPeriod string `json:"episodes_per_period" console:"header:Episodes/Period"` + Workflow string `json:"workflow" console:"header:Workflow"` + Episodes int `json:"episodes" console:"header:Episodes"` + RunsPerEpisode string `json:"runs_per_episode" console:"header:Runs/Episode"` + AvgETPerEpisode string `json:"avg_et_per_episode" console:"header:Avg ET/Episode"` + EpisodesPerPeriod string `json:"episodes_per_period" console:"header:Episodes/Period"` } fmt.Fprintln(os.Stderr, console.FormatInfoMessage("Episode analysis (runs grouped by logical task):")) @@ -985,7 +985,6 @@ func printEvalBreakdown(workflows []ForecastWorkflowResult) { "Training window ended at the forecast anchor; validation window is the following projection period.")) } - func printVariantBreakdown(wf ForecastWorkflowResult) { type variantRow struct { Experiment string `json:"experiment" console:"header:Experiment"` diff --git a/pkg/cli/forecast_montecarlo.go b/pkg/cli/forecast_montecarlo.go index c49c4805ab8..181a6ba6997 100644 --- a/pkg/cli/forecast_montecarlo.go +++ b/pkg/cli/forecast_montecarlo.go @@ -107,14 +107,14 @@ func runMonteCarlo(etObservations []int, successCount int, observedRunsPerPeriod simETs := make([]int, monteCarloIterations) - for i := 0; i < monteCarloIterations; i++ { + for i := range monteCarloIterations { // Draw run-count rate from posterior Gamma (accounts for estimation uncertainty in λ). lambdaTrial := gammaSample(rng, gammaShape) * gammaScale // Draw number of runs from Poisson(λ_trial). numRuns := poissonSample(rng, lambdaTrial) var totalET int - for j := 0; j < numRuns; j++ { + for range numRuns { // Each run succeeds independently with probability successRate. if rng.Float64() >= successRate { continue @@ -254,9 +254,7 @@ func percentileFloat64(sorted []float64, p int) float64 { return 0 } idx := int(math.Ceil(float64(p)/100*float64(len(sorted)))) - 1 - if idx < 0 { - idx = 0 - } + idx = max(idx, 0) if idx >= len(sorted) { idx = len(sorted) - 1 } @@ -270,12 +268,9 @@ func percentileInt(sorted []int, p int) int { return 0 } idx := int(math.Ceil(float64(p)/100*float64(len(sorted)))) - 1 - if idx < 0 { - idx = 0 - } + idx = max(idx, 0) if idx >= len(sorted) { idx = len(sorted) - 1 } return sorted[idx] } - diff --git a/pkg/cli/forecast_montecarlo_test.go b/pkg/cli/forecast_montecarlo_test.go index 3e6a12272f2..8fc7655f86c 100644 --- a/pkg/cli/forecast_montecarlo_test.go +++ b/pkg/cli/forecast_montecarlo_test.go @@ -26,7 +26,7 @@ func TestPoissonSample(t *testing.T) { sum := 0.0 sumSq := 0.0 - for i := 0; i < n; i++ { + for range n { v := float64(poissonSample(rng, lambda)) sum += v sumSq += v * v @@ -46,7 +46,7 @@ func TestPoissonSampleLargeLambda(t *testing.T) { const n = 100_000 sum := 0.0 - for i := 0; i < n; i++ { + for range n { sum += float64(poissonSample(rng, lambda)) } mean := sum / n @@ -64,10 +64,10 @@ func TestPoissonSampleEdgeCases(t *testing.T) { // TestPercentileFloat64 checks the nearest-rank percentile helper. func TestPercentileFloat64(t *testing.T) { sorted := []float64{1, 2, 3, 4, 5, 6, 7, 8, 9, 10} - assert.Equal(t, 1.0, percentileFloat64(sorted, 10), "P10") - assert.Equal(t, 5.0, percentileFloat64(sorted, 50), "P50") - assert.Equal(t, 9.0, percentileFloat64(sorted, 90), "P90") - assert.Equal(t, 0.0, percentileFloat64(nil, 50), "empty slice") + assert.InDelta(t, 1.0, percentileFloat64(sorted, 10), 0, "P10") + assert.InDelta(t, 5.0, percentileFloat64(sorted, 50), 0, "P50") + assert.InDelta(t, 9.0, percentileFloat64(sorted, 90), 0, "P90") + assert.InDelta(t, 0.0, percentileFloat64(nil, 50), 0, "empty slice") } // TestPercentileInt checks the int variant of the percentile helper. @@ -89,7 +89,7 @@ func TestMeanStdDevInt(t *testing.T) { m0, s0 := meanStdDevInt(nil) assert.Equal(t, 0, m0) - assert.Equal(t, 0.0, s0) + assert.InDelta(t, 0.0, s0, 0) } // TestRunMonteCarloNilOnEmpty verifies that runMonteCarlo returns nil for empty inputs. @@ -167,8 +167,8 @@ func TestRunMonteCarloOrderOfMagnitude(t *testing.T) { // TestRunMonteCarloSortedOutputs verifies CI ordering holds across many random seeds. func TestRunMonteCarloSortedOutputs(t *testing.T) { etObs := []int{5_000, 7_000, 6_000, 4_500} - for seed := int64(0); seed < 5; seed++ { - rng := rand.New(rand.NewSource(seed)) //nolint:gosec + for seed := range 5 { + rng := rand.New(rand.NewSource(int64(seed))) //nolint:gosec mc := runMonteCarlo(etObs, len(etObs), 12.0, rng) require.NotNil(t, mc) assert.LessOrEqual(t, mc.P10ProjectedEffectiveTokens, mc.P50ProjectedEffectiveTokens) @@ -194,8 +194,8 @@ func TestRunMonteCarloDistributionShape(t *testing.T) { // TestPercentileSingleElement ensures percentile works for a length-1 slice. func TestPercentileSingleElement(t *testing.T) { sorted := []float64{42.0} - assert.Equal(t, 42.0, percentileFloat64(sorted, 10)) - assert.Equal(t, 42.0, percentileFloat64(sorted, 90)) + assert.InDelta(t, 42.0, percentileFloat64(sorted, 10), 0) + assert.InDelta(t, 42.0, percentileFloat64(sorted, 90), 0) } // TestGammaSampleMeanVariance verifies that gammaSample produces the expected mean @@ -206,7 +206,7 @@ func TestGammaSampleMeanVariance(t *testing.T) { const n = 200_000 var sum, sumSq float64 - for i := 0; i < n; i++ { + for range n { v := gammaSample(rng, shape) sum += v sumSq += v * v @@ -227,7 +227,7 @@ func TestGammaSampleSmallShape(t *testing.T) { for _, shape := range []float64{0.3, 0.5, 0.8} { rng := deterministicRNG() var sum float64 - for i := 0; i < n; i++ { + for range n { sum += gammaSample(rng, shape) } mean := sum / n @@ -239,8 +239,8 @@ func TestGammaSampleSmallShape(t *testing.T) { // TestGammaSampleEdgeCases checks boundary and degenerate inputs. func TestGammaSampleEdgeCases(t *testing.T) { rng := deterministicRNG() - assert.Equal(t, 0.0, gammaSample(rng, 0), "shape=0 → 0") - assert.Equal(t, 0.0, gammaSample(rng, -1), "shape<0 → 0") + assert.InDelta(t, 0.0, gammaSample(rng, 0), 0, "shape=0 → 0") + assert.InDelta(t, 0.0, gammaSample(rng, -1), 0, "shape<0 → 0") } // TestRunMonteCarloIsReliable verifies that IsReliable reflects the minimum @@ -328,4 +328,3 @@ func TestRunMonteCarloFullEpisodePath(t *testing.T) { sort.Ints(sorted) assert.Equal(t, ets, sorted, "ET percentiles should already be in ascending order") } - diff --git a/pkg/workflow/action_pins_test.go b/pkg/workflow/action_pins_test.go index b2650b5bf71..e9ea99fd9ec 100644 --- a/pkg/workflow/action_pins_test.go +++ b/pkg/workflow/action_pins_test.go @@ -894,11 +894,11 @@ func TestFallbackVersionUsesRequestedVersionInComment(t *testing.T) { expectedSHA string }{ { - name: "v8 falls back to v8.0.0 and comment records source v8", + name: "v8 falls back to v9.0.0 and comment records source v8", repo: "actions/github-script", requestedVer: "v8", - expectedComment: "# v8.0.0 (source v8)", - expectedSHA: "ed597411d8f924073f98dfc5c65a23a2325f34cd", + expectedComment: "# v9.0.0 (source v8)", + expectedSHA: "3a2844b7e9c422d3c10d287c895573f7108da1b3", }, { name: "v7 falls back to v9.0.0 and comment records source v7", @@ -930,8 +930,8 @@ func TestFallbackVersionUsesRequestedVersionInComment(t *testing.T) { tt.repo, tt.requestedVer, result, tt.expectedSHA) } - if tt.requestedVer == "v8" && !strings.Contains(result, "# v8.0.0 (source v8)") { - t.Errorf("Expected v8 fallback comment to record resolved version v8.0.0, got: %s", result) + if tt.requestedVer == "v8" && !strings.Contains(result, "# v9.0.0 (source v8)") { + t.Errorf("Expected v8 fallback comment to record resolved version v9.0.0, got: %s", result) } }) } diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden index deaed5633ce..d50af14a356 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden @@ -68,7 +68,7 @@ jobs: GH_AW_INFO_STAGED: "false" GH_AW_INFO_ALLOWED_DOMAINS: '["defaults"]' GH_AW_INFO_FIREWALL_ENABLED: "true" - GH_AW_INFO_AWF_VERSION: "v0.25.42" + GH_AW_INFO_AWF_VERSION: "v0.25.43" GH_AW_INFO_AWMG_VERSION: "" GH_AW_INFO_FIREWALL_TYPE: "squid" GH_AW_COMPILED_STRICT: "true" @@ -332,7 +332,7 @@ jobs: env: GH_HOST: github.com - name: Install AWF binary - run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.42 + run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.43 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 (source v9) @@ -360,7 +360,7 @@ jobs: GH_AW_SUB_AGENT_EXT: ".agent.md" run: bash "${RUNNER_TEMP}/gh-aw/actions/restore_inline_sub_agents.sh" - name: Download container images - run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.25.42 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.42 ghcr.io/github/gh-aw-firewall/squid:0.25.42 ghcr.io/github/gh-aw-mcpg:v0.3.6 ghcr.io/github/github-mcp-server:v1.0.3 + run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.25.43 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.43 ghcr.io/github/gh-aw-firewall/squid:0.25.43 ghcr.io/github/gh-aw-mcpg:v0.3.6 ghcr.io/github/github-mcp-server:v1.0.3 - name: Start MCP Gateway id: start-mcp-gateway env: @@ -436,7 +436,7 @@ jobs: GH_AW_NODE_BIN=$(command -v node 2>/dev/null || true) export GH_AW_NODE_BIN (umask 177 && touch /tmp/gh-aw/agent-stdio.log) - printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.42/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true,"maxEffectiveTokens":10000000,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","gemini/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*","gemini/gemini-*flash*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*","gemini/gemini-*pro*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.42"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json + printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.43/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true,"maxEffectiveTokens":10000000,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","gemini/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*","gemini/gemini-*flash*"],"gemini-flash-lite":["copilot/gemini-*flash*lite*","google/gemini-*flash*lite*","gemini/gemini-*flash*lite*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*","gemini/gemini-*pro*"],"gemma":["copilot/gemma*","google/gemma*","gemini/gemma*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash-lite"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.43"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json # shellcheck disable=SC1003 sudo -E awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --enable-host-access --allow-host-ports 80,443,8080 --skip-pull \ -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden index 5a4b8763074..b7e861c736c 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden @@ -68,7 +68,7 @@ jobs: GH_AW_INFO_STAGED: "false" GH_AW_INFO_ALLOWED_DOMAINS: '["defaults","playwright"]' GH_AW_INFO_FIREWALL_ENABLED: "true" - GH_AW_INFO_AWF_VERSION: "v0.25.42" + GH_AW_INFO_AWF_VERSION: "v0.25.43" GH_AW_INFO_AWMG_VERSION: "" GH_AW_INFO_FIREWALL_TYPE: "squid" GH_AW_COMPILED_STRICT: "true" @@ -342,7 +342,7 @@ jobs: env: GH_HOST: github.com - name: Install AWF binary - run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.42 + run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.43 - name: Install Playwright CLI run: npm install -g @playwright/cli@0.1.13 - name: Install Playwright CLI skills @@ -374,7 +374,7 @@ jobs: GH_AW_SUB_AGENT_EXT: ".agent.md" run: bash "${RUNNER_TEMP}/gh-aw/actions/restore_inline_sub_agents.sh" - name: Download container images - run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.25.42 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.42 ghcr.io/github/gh-aw-firewall/squid:0.25.42 ghcr.io/github/gh-aw-mcpg:v0.3.6 ghcr.io/github/github-mcp-server:v1.0.3 + run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.25.43 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.43 ghcr.io/github/gh-aw-firewall/squid:0.25.43 ghcr.io/github/gh-aw-mcpg:v0.3.6 ghcr.io/github/github-mcp-server:v1.0.3 - name: Start MCP Gateway id: start-mcp-gateway env: @@ -450,7 +450,7 @@ jobs: GH_AW_NODE_BIN=$(command -v node 2>/dev/null || true) export GH_AW_NODE_BIN (umask 177 && touch /tmp/gh-aw/agent-stdio.log) - printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.42/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","cdn.playwright.dev","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","playwright.download.prss.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true,"maxEffectiveTokens":10000000,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","gemini/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*","gemini/gemini-*flash*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*","gemini/gemini-*pro*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.42"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json + printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.43/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","cdn.playwright.dev","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","playwright.download.prss.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true,"maxEffectiveTokens":10000000,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","gemini/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*","gemini/gemini-*flash*"],"gemini-flash-lite":["copilot/gemini-*flash*lite*","google/gemini-*flash*lite*","gemini/gemini-*flash*lite*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*","gemini/gemini-*pro*"],"gemma":["copilot/gemma*","google/gemma*","gemini/gemma*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash-lite"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.43"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json # shellcheck disable=SC1003 sudo -E awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --enable-host-access --allow-host-ports 80,443,8080 --skip-pull \ -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden index 2f6509627b1..7a5a2fd06e6 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden @@ -82,7 +82,7 @@ jobs: GH_AW_INFO_STAGED: "false" GH_AW_INFO_ALLOWED_DOMAINS: '["defaults","node","github","playwright"]' GH_AW_INFO_FIREWALL_ENABLED: "true" - GH_AW_INFO_AWF_VERSION: "v0.25.42" + GH_AW_INFO_AWF_VERSION: "v0.25.43" GH_AW_INFO_AWMG_VERSION: "" GH_AW_INFO_FIREWALL_TYPE: "squid" GH_AW_COMPILED_STRICT: "true" @@ -485,7 +485,7 @@ jobs: env: GH_HOST: github.com - name: Install AWF binary - run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.42 + run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.43 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 (source v9) @@ -513,7 +513,7 @@ jobs: GH_AW_SUB_AGENT_EXT: ".agent.md" run: bash "${RUNNER_TEMP}/gh-aw/actions/restore_inline_sub_agents.sh" - name: Download container images - run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.25.42 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.42 ghcr.io/github/gh-aw-firewall/squid:0.25.42 ghcr.io/github/gh-aw-mcpg:v0.3.6 ghcr.io/github/github-mcp-server:v1.0.3 ghcr.io/github/serena-mcp-server:latest mcr.microsoft.com/playwright/mcp + run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.25.43 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.43 ghcr.io/github/gh-aw-firewall/squid:0.25.43 ghcr.io/github/gh-aw-mcpg:v0.3.6 ghcr.io/github/github-mcp-server:v1.0.3 ghcr.io/github/serena-mcp-server:latest mcr.microsoft.com/playwright/mcp - name: Install gh-aw extension env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -682,7 +682,7 @@ jobs: GH_AW_NODE_BIN=$(command -v node 2>/dev/null || true) export GH_AW_NODE_BIN (umask 177 && touch /tmp/gh-aw/agent-stdio.log) - printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.42/awf-config.schema.json","network":{"allowDomains":["*.githubusercontent.com","api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.npms.io","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","bun.sh","cdn.jsdelivr.net","cdn.playwright.dev","codeload.github.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","deb.nodesource.com","deno.land","docs.github.com","esm.sh","get.pnpm.io","github-cloud.githubusercontent.com","github-cloud.s3.amazonaws.com","github.blog","github.com","github.githubassets.com","go.dev","golang.org","googleapis.deno.dev","googlechromelabs.github.io","goproxy.io","host.docker.internal","json-schema.org","json.schemastore.org","jsr.io","keyserver.ubuntu.com","lfs.github.com","nodejs.org","npm.pkg.github.com","npmjs.com","npmjs.org","objects.githubusercontent.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","pkg.go.dev","playwright.download.prss.microsoft.com","ppa.launchpad.net","proxy.golang.org","raw.githubusercontent.com","registry.bower.io","registry.npmjs.com","registry.npmjs.org","registry.yarnpkg.com","repo.yarnpkg.com","s.symcb.com","s.symcd.com","security.ubuntu.com","skimdb.npmjs.com","storage.googleapis.com","sum.golang.org","telemetry.enterprise.githubcopilot.com","telemetry.vercel.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com","www.npmjs.com","www.npmjs.org","yarnpkg.com"]},"apiProxy":{"enabled":true,"maxEffectiveTokens":10000000,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","gemini/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*","gemini/gemini-*flash*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*","gemini/gemini-*pro*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.42"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json + printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.43/awf-config.schema.json","network":{"allowDomains":["*.githubusercontent.com","api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.npms.io","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","bun.sh","cdn.jsdelivr.net","cdn.playwright.dev","codeload.github.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","deb.nodesource.com","deno.land","docs.github.com","esm.sh","get.pnpm.io","github-cloud.githubusercontent.com","github-cloud.s3.amazonaws.com","github.blog","github.com","github.githubassets.com","go.dev","golang.org","googleapis.deno.dev","googlechromelabs.github.io","goproxy.io","host.docker.internal","json-schema.org","json.schemastore.org","jsr.io","keyserver.ubuntu.com","lfs.github.com","nodejs.org","npm.pkg.github.com","npmjs.com","npmjs.org","objects.githubusercontent.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","pkg.go.dev","playwright.download.prss.microsoft.com","ppa.launchpad.net","proxy.golang.org","raw.githubusercontent.com","registry.bower.io","registry.npmjs.com","registry.npmjs.org","registry.yarnpkg.com","repo.yarnpkg.com","s.symcb.com","s.symcd.com","security.ubuntu.com","skimdb.npmjs.com","storage.googleapis.com","sum.golang.org","telemetry.enterprise.githubcopilot.com","telemetry.vercel.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com","www.npmjs.com","www.npmjs.org","yarnpkg.com"]},"apiProxy":{"enabled":true,"maxEffectiveTokens":10000000,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","gemini/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*","gemini/gemini-*flash*"],"gemini-flash-lite":["copilot/gemini-*flash*lite*","google/gemini-*flash*lite*","gemini/gemini-*flash*lite*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*","gemini/gemini-*pro*"],"gemma":["copilot/gemma*","google/gemma*","gemini/gemma*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash-lite"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.43"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json # shellcheck disable=SC1003 sudo -E awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --enable-host-access --allow-host-ports 80,443,8080 --skip-pull \ -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden index 92c6ebc387f..c1012322f7a 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden @@ -68,7 +68,7 @@ jobs: GH_AW_INFO_STAGED: "false" GH_AW_INFO_ALLOWED_DOMAINS: '["defaults"]' GH_AW_INFO_FIREWALL_ENABLED: "true" - GH_AW_INFO_AWF_VERSION: "v0.25.42" + GH_AW_INFO_AWF_VERSION: "v0.25.43" GH_AW_INFO_AWMG_VERSION: "" GH_AW_INFO_FIREWALL_TYPE: "squid" GH_AW_COMPILED_STRICT: "true" @@ -333,7 +333,7 @@ jobs: env: GH_HOST: github.com - name: Install AWF binary - run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.42 + run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.43 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 (source v9) @@ -361,7 +361,7 @@ jobs: GH_AW_SUB_AGENT_EXT: ".agent.md" run: bash "${RUNNER_TEMP}/gh-aw/actions/restore_inline_sub_agents.sh" - name: Download container images - run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.25.42 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.42 ghcr.io/github/gh-aw-firewall/squid:0.25.42 ghcr.io/github/gh-aw-mcpg:v0.3.6 ghcr.io/github/github-mcp-server:v1.0.3 + run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.25.43 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.43 ghcr.io/github/gh-aw-firewall/squid:0.25.43 ghcr.io/github/gh-aw-mcpg:v0.3.6 ghcr.io/github/github-mcp-server:v1.0.3 - name: Start MCP Gateway id: start-mcp-gateway env: @@ -437,7 +437,7 @@ jobs: GH_AW_NODE_BIN=$(command -v node 2>/dev/null || true) export GH_AW_NODE_BIN (umask 177 && touch /tmp/gh-aw/agent-stdio.log) - printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.42/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true,"maxEffectiveTokens":10000000,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","gemini/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*","gemini/gemini-*flash*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*","gemini/gemini-*pro*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.42"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json + printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.43/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true,"maxEffectiveTokens":10000000,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","copilot/o3-deep-research*","copilot/o4-mini-deep-research*","google/deep-research*","gemini/deep-research*","openai/o3-deep-research*","openai/o4-mini-deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*","gemini/gemini-*flash*"],"gemini-flash-lite":["copilot/gemini-*flash*lite*","google/gemini-*flash*lite*","gemini/gemini-*flash*lite*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*","gemini/gemini-*pro*"],"gemma":["copilot/gemma*","google/gemma*","gemini/gemma*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash-lite"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.43"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json # shellcheck disable=SC1003 sudo -E awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --enable-host-access --allow-host-ports 80,443,8080 --skip-pull \ -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log