Copilot Agent PR Analysis #276
copilot-agent-analysis.lock.yml
on: schedule
activation
21s
push_repo_memory
25s
safe_outputs
21s
update_cache_memory
17s
conclusion
14s
Annotations
5 warnings
|
agent
Fence count mismatch` on every run because the fence... |\n| [#35175](https://github.com/github/gh-aw/pull/35175) | Closed | `gh aw add` was ambiguous for direct workflow file specs with branch refs (especially slash-delimite... |\n| [#35174](https://github.com/github/gh-aw/pull/35174) | Merged | In multi-repo `create-pull-request` workflows (e.g. `allowed-repos: [\"org/*\"]`), the `extract-base-b... |\n| [#35173](https://github.com/github/gh-aw/pull/35173) | Merged | `safe-outputs.call-workflow` fan-out was lossy because compiler-injected agent job concurrency used ... |\n| [#35148](https://github.com/github/gh-aw/pull/35148) | Merged | - Closes https://github.com/github/gh-aw/issues/35146 Threat detection was classifying some npm d... |\n| [#35117](https://github.com/github/gh-aw/pull/35117) | Merged | This updates gh-aw’s default runtime pins to the requested AWF Firewall and MCP Gateway releases, an... |\n| [#35115](https://github.com/github/gh-aw/pull/35115) | Merged | The compiler threat spec optimizer was still scheduled daily even though this audit only needs a wee... |\n| [#35113](https://github.com/github/gh-aw/pull/35113) | Merged | This PR replaces existence-based outcome classification for `create_issue`, `add_comment`, and `add_... |\n| [#35112](https://github.com/github/gh-aw/pull/35112) | Closed | LintMonster flagged oversized test functions (and nested literals) across `*_test.go` files, with re... |\n| [#35111](https://github.com/github/gh-aw/pull/35111) | Merged | This addresses the lint group reporting 33 issues in three buckets: unchecked single-value type asse... |\n| [#35102](https://github.com/github/gh-aw/pull/35102) | Merged | Smoke Antigravity was failing in the conclusion step because the runner payload did not reliably con... |\n| [#35101](https://github.com/github/gh-aw/pull/35101) | Closed | Workflow run #8016 on `main` failed the `lint-go` job due to unformatted Go code introduced in commi... |\n| [#35100](https://github.com/github/gh-aw/pull/35100) | Merged | This change replaces generic/fallback outcome checks for the two highest-signal safe-output types wi... |\n| [#35092](https://github.com/github/gh-aw/pull/35092) | Closed | Quick Start first mentioned **frontmatter** in optional Step 4, so users skipping customization coul... |\n| [#35091](https://github.com/github/gh-aw/pull/35091) | Merged | Semantic clustering of 858 non-test Go files identified four or
|
|
agent
Fence count mismatch` on every run because the fence... |\\n| [#35175](https://github.com/github/gh-aw/pull/35175) | Closed | `gh aw add` was ambiguous for direct workflow file specs with branch refs (especially slash-delimite... |\\n| [#35174](https://github.com/github/gh-aw/pull/35174) | Merged | In multi-repo `create-pull-request` workflows (e.g. `allowed-repos: [\\\"org/*\\\"]`), the `extract-base-b... |\\n| [#35173](https://github.com/github/gh-aw/pull/35173) | Merged | `safe-outputs.call-workflow` fan-out was lossy because compiler-injected agent job concurrency used ... |\\n| [#35148](https://github.com/github/gh-aw/pull/35148) | Merged | - Closes https://github.com/github/gh-aw/issues/35146 Threat detection was classifying some npm d... |\\n| [#35117](https://github.com/github/gh-aw/pull/35117) | Merged | This updates gh-aw’s default runtime pins to the requested AWF Firewall and MCP Gateway releases, an... |\\n| [#35115](https://github.com/github/gh-aw/pull/35115) | Merged | The compiler threat spec optimizer was still scheduled daily even though this audit only needs a wee... |\\n| [#35113](https://github.com/github/gh-aw/pull/35113) | Merged | This PR replaces existence-based outcome classification for `create_issue`, `add_comment`, and `add_... |\\n| [#35112](https://github.com/github/gh-aw/pull/35112) | Closed | LintMonster flagged oversized test functions (and nested literals) across `*_test.go` files, with re... |\\n| [#35111](https://github.com/github/gh-aw/pull/35111) | Merged | This addresses the lint group reporting 33 issues in three buckets: unchecked single-value type asse... |\\n| [#35102](https://github.com/github/gh-aw/pull/35102) | Merged | Smoke Antigravity was failing in the conclusion step because the runner payload did not reliably con... |\\n| [#35101](https://github.com/github/gh-aw/pull/35101) | Closed | Workflow run #8016 on `main` failed the `lint-go` job due to unformatted Go code introduced in commi... |\\n| [#35100](https://github.com/github/gh-aw/pull/35100) | Merged | This change replaces generic/fallback outcome checks for the two highest-signal safe-output types wi... |\\n| [#35092](https://github.com/github/gh-aw/pull/35092) | Closed | Quick Start first mentioned **frontmatter** in optional Step 4, so users skipping customization coul... |\\n| [#35091](https://github.com/github/gh-aw/pull/35091) | Merged | Semantic clustering of 858 non-test Go files identified four organizational issues: functions in fil... |\\n| [#35090](https://github.com/github/gh-aw/pull/35090) | Closed | The repo policy says `gopkg.in/yaml.v3` has been migrated to `go.yaml.in/yaml/v3`, but one workflow ... |\\n| [#35089](https://github.com/github/gh-aw/pull/35089) | Merged | This change adds OTLP runtime auth configuration in frontmatter so workflows can mint a bearer crede... |\\n| [#35078](https://github.com/github/gh-aw/pull/35078) | Merged | Quick Start Step 2 mentioned that `add-wizard` creates both `.md` and `.lock.yml` files but did not ... |\\n| [#35077](https://github.com/github/gh-aw/pull/35077) | Merged | `pkg/stringutil/fuzzy_match_test.go` covered core behavior but left key contract edges implicit. Thi... |\\n| [#35076](https://github.com/github/gh-aw/pull/35076) | Merged | `BenchmarkValidation` regressed significantly in the validation pipeline. The hot path was repeatedl... |\\n| [#35072](https://github.com/github/gh-aw/pull/35072) | Merged | Bundles four open Dependabot PRs (#35017, #35020, #35022, #35023) for the `/actions/setup/js` manife... |\\n| [#35070](https://github.com/github/gh-aw/pull/35070) | Merged | Monetary cost estimates should never appear in reports. Removes all cost fields from every report su... |\\n| [#35069](https://github.com/github/gh-aw/pull/35069) | Merged | When DIFC/CLI proxy mode is enabled, proxy containers were started as root and created `/tmp/gh-aw/m... |\\n| [#35065](https://github.com/github/gh-aw/pull/35065) | Merged | The Dead Code Removal Agent was running ~57-turn executions with high cache amplification, primarily... |\\n| [#35064](https://github
|
|
agent
Fence count mismatch` on every run because the fence integrity assertion compared raw input fence markers against the output without accounting for code\"\n },\n {\n \"number\": 35175,\n \"title\": \"Clarify and regress `gh aw add` spec handling for direct paths and shorthand `@ref` forms\",\n \"state\": \"CLOSED\",\n \"createdAt\": \"2026-05-27T10:18:38Z\",\n \"closedAt\": \"2026-05-27T11:51:20Z\",\n \"mergedAt\": null,\n \"url\": \"https://github.com/github/gh-aw/pull/35175\",\n \"body\": \"`gh aw add` was ambiguous for direct workflow file specs with branch refs (especially slash-delimited branch names), and users could reasonably interpret failures as package-parser rejection. This cha\"\n },\n {\n \"number\": 35174,\n \"title\": \"fix(safe_outputs): skip cross-repo items in extract-base-branch to prevent checkout failure\",\n \"state\": \"MERGED\",\n \"createdAt\": \"2026-05-27T10:17:45Z\",\n \"closedAt\": \"2026-05-27T17:58:18Z\",\n \"mergedAt\": \"2026-05-27T17:58:18Z\",\n \"url\": \"https://github.com/github/gh-aw/pull/35174\",\n \"body\": \"In multi-repo `create-pull-request` workflows (e.g. `allowed-repos: [\\\"org/*\\\"]`), the `extract-base-branch` step was picking up `base_branch` from items targeting *other* repos. That branch (e.g. `feat\"\n },\n {\n \"number\": 35173,\n \"title\": \"Prevent `workflow_call` worker fan-out cancellations by namespacing agent concurrency + enabling queued pending runs\",\n \"state\": \"MERGED\",\n \"createdAt\": \"2026-05-27T10:15:00Z\",\n \"closedAt\": \"2026-05-27T12:21:59Z\",\n \"mergedAt\": \"2026-05-27T12:21:59Z\",\n \"url\": \"https://github.com/github/gh-aw/pull/35173\",\n \"body\": \"`safe-outputs.call-workflow` fan-out was lossy because compiler-injected agent job concurrency used `gh-aw-{engine}-${{ github.workflow }}`; in reusable workers, `${{ github.workflow }}` resolves to t\"\n },\n {\n \"number\": 35148,\n \"title\": \"Prevent stale npm metadata false positives in threat detection\",\n \"state\": \"MERGED\",\n \"createdAt\": \"2026-05-27T06:49:12Z\",\n \"closedAt\": \"2026-05-27T10:01:59Z\",\n \"mergedAt\": \"2026-05-27T10:01:59Z\",\n \"url\": \"https://github.com/github/gh-aw/pull/35148\",\n \"body\": \"- Closes https://github.com/github/gh-aw/issues/35146\\r\\n\\r\\nThreat detection was classifying some npm dependency updates as malicious using stale registry assumptions (e.g., version non-existence). This \"\n },\n {\n \"number\": 35117,\n \"title\": \"Bump AWF Firewall to v0.25.56 and MCP Gateway to v0.3.20\",\n \"state\": \"MERGED\",\n \"createdAt\": \"2026-05-27T04:52:22Z\",\n \"closedAt\": \"2026-05-27T11:10:38Z\",\n \"mergedAt\": \"2026-05-27T11:10:38Z\",\n \"url\": \"https://github.com/github/gh-aw/pull/35117\",\n \"body\": \"This updates gh-aw’s default runtime pins to the requested AWF Firewall and MCP Gateway releases, and refreshes generated artifacts that embed those versions. The change is scoped to version integrati\"\n },\n {\n \"number\": 35115,\n \"title\": \"Change compiler threat spec optimizer cadence to weekly\",\n \"state\": \"MERGED\",\n \"createdAt\": \"2026-05-27T04:45:51Z\",\n \"closedAt\": \"2026-05-27T05:01:50Z\",\n \"mergedAt\": \"2026-05-27T05:01:50Z\",\n \"url\": \"https://github.com/github/gh-aw/pull/35115\",\n \"body\": \"The compiler threat spec optimizer was still scheduled daily even though this audit only needs a weekly review cycle. This updates the workflow source so the job runs weekly on Monday around 03:00 ins\"\n },\n {\n \"number\": 35113,\n \"title\": \"Add type-specific outcome evaluators for `create_issue`, `add_comment`, and `add_labels`\",\n \"state\": \"MERGED\",\n \"createdAt\": \"2026-05-27T03:57:42Z\",\n \"closedAt\": \"2026-05-27T18:11:15Z\",\n \"mergedAt\": \"2026-05-27T18:11:15Z\",\n \"url\": \"https://github.com/github/gh-aw/pull/35113\",\n \"body\": \"This PR replaces existence-based outcome classification for `create_i
|
|
detection
Fence count mismatch` on every run because the fence... |\\n| [#35175](https://github.com/github/gh-aw/pull/35175) | Closed | `gh aw add` was ambiguous for direct workflow file specs with branch refs (especially slash-delimite... |\\n| [#35174](https://github.com/github/gh-aw/pull/35174) | Merged | In multi-repo `create-pull-request` workflows (e.g. `allowed-repos: [\\\"org/*\\\"]`), the `extract-base-b... |\\n| [#35173](https://github.com/github/gh-aw/pull/35173) | Merged | `safe-outputs.call-workflow` fan-out was lossy because compiler-injected agent job concurrency used ... |\\n| [#35148](https://github.com/github/gh-aw/pull/35148) | Merged | - Closes https://github.com/github/gh-aw/issues/35146 Threat detection was classifying some npm d... |\\n| [#35117](https://github.com/github/gh-aw/pull/35117) | Merged | This updates gh-aw’s default runtime pins to the requested AWF Firewall and MCP Gateway releases, an... |\\n| [#35115](https://github.com/github/gh-aw/pull/35115) | Merged | The compiler threat spec optimizer was still scheduled daily even though this audit only needs a wee... |\\n| [#35113](https://github.com/github/gh-aw/pull/35113) | Merged | This PR replaces existence-based outcome classification for `create_issue`, `add_comment`, and `add_... |\\n| [#35112](https://github.com/github/gh-aw/pull/35112) | Closed | LintMonster flagged oversized test functions (and nested literals) across `*_test.go` files, with re... |\\n| [#35111](https://github.com/github/gh-aw/pull/35111) | Merged | This addresses the lint group reporting 33 issues in three buckets: unchecked single-value type asse... |\\n| [#35102](https://github.com/github/gh-aw/pull/35102) | Merged | Smoke Antigravity was failing in the conclusion step because the runner payload did not reliably con... |\\n| [#35101](https://github.com/github/gh-aw/pull/35101) | Closed | Workflow run #8016 on `main` failed the `lint-go` job due to unformatted Go code introduced in commi... |\\n| [#35100](https://github.com/github/gh-aw/pull/35100) | Merged | This change replaces generic/fallback outcome checks for the two highest-signal safe-output types wi... |\\n| [#35092](https://github.com/github/gh-aw/pull/35092) | Closed | Quick Start first mentioned **frontmatter** in optional Step 4, so users skipping customization coul... |\\n| [#35091](https://github.com/github/gh-aw/pull/35091) | Merged | Semantic clustering of 858 non-test Go files identified four organizational issues: functions in fil... |\\n| [#35090](https://github.com/github/gh-aw/pull/35090) | Closed | The repo policy says `gopkg.in/yaml.v3` has been migrated to `go.yaml.in/yaml/v3`, but one workflow ... |\\n| [#35089](https://github.com/github/gh-aw/pull/35089) | Merged | This change adds OTLP runtime auth configuration in frontmatter so workflows can mint a bearer crede... |\\n| [#35078](https://github.com/github/gh-aw/pull/35078) | Merged | Quick Start Step 2 mentioned that `add-wizard` creates both `.md` and `.lock.yml` files but did not ... |\\n| [#35077](https://github.com/github/gh-aw/pull/35077) | Merged | `pkg/stringutil/fuzzy_match_test.go` covered core behavior but left key contract edges implicit. Thi... |\\n| [#35076](https://github.com/github/gh-aw/pull/35076) | Merged | `BenchmarkValidation` regressed significantly in the validation pipeline. The hot path was repeatedl... |\\n| [#35072](https://github.com/github/gh-aw/pull/35072) | Merged | Bundles four open Dependabot PRs (#35017, #35020, #35022, #35023) for the `/actions/setup/js` manife... |\\n| [#35070](https://github.com/github/gh-aw/pull/35070) | Merged | Monetary cost estimates should never appear in reports. Removes all cost fields from every report su... |\\n| [#35069](https://github.com/github/gh-aw/pull/35069) | Merged | When DIFC/CLI proxy mode is enabled, proxy containers were started as root and created `/tmp/gh-aw/m... |\\n| [#35065](https://github.com/github/gh-aw/pull/35065) | Merged | The Dead Code Removal Agent was running ~57-turn executions with high cache amplification, primarily... |\\n| [#35064](https://github
|
|
push_repo_memory
Skipping file that does not match allowed patterns: copilot-agent-metrics/history.json
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
activation
Expired
|
5.77 MB |
sha256:36e1794b943b4b3647d7c2d6b3a24f0029f155c3dd85f47a1857968d208ef095
|
|
|
agent
|
1.7 MB |
sha256:b244f51282caa31ea59532ba36f7273e4b33c443c8f0a67701f9f7002b939475
|
|
|
cache-memory
|
47 MB |
sha256:fdfbe57378968ecc94fd8c3527c64bce8b2966cf1b0686d7b8dfe000f00d90fb
|
|
|
detection
|
12.9 KB |
sha256:7cc72a96b159bea83aa064df266c0f76c952a141d8e9d3fd0f2b9431288ebf46
|
|
|
repo-memory-default
Expired
|
407 Bytes |
sha256:0522601c7570eab2e5da7f9b0815b1d75671efa8c22687185fde94f5cdf7a61c
|
|
|
safe-outputs-items
|
426 Bytes |
sha256:513b582e29e7bdfff14f7f8146e2617bf6a6fab8d1b85b4292d70d9922e06e92
|
|