From 6cc995afef722af62f38ca5a48c5995d336d53f4 Mon Sep 17 00:00:00 2001 From: Nikolaj Bjorner Date: Wed, 24 Jun 2026 14:08:45 -0700 Subject: [PATCH] update aw --- .github/agents/agentic-workflows.md | 34 ++++---- .github/mcp.json | 12 ++- .../skills/agentic-workflow-designer/SKILL.md | 34 ++++++++ .github/workflows/agentics-maintenance.yml | 82 ++++++++++--------- 4 files changed, 105 insertions(+), 57 deletions(-) diff --git a/.github/agents/agentic-workflows.md b/.github/agents/agentic-workflows.md index 9a2e0130e8..b824e60580 100644 --- a/.github/agents/agentic-workflows.md +++ b/.github/agents/agentic-workflows.md @@ -35,7 +35,7 @@ Workflows may optionally include: - Workflow files: `.github/workflows/*.md` and `.github/workflows/**/*.md` - Workflow lock files: `.github/workflows/*.lock.yml` - Shared components: `.github/workflows/shared/*.md` -- Configuration: `.github/aw/github-agentic-workflows.md` +- Configuration: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md` ## Problems This Solves @@ -54,10 +54,12 @@ When you interact with this agent, it will: ## Available Prompts +> **Note**: The prompt and reference files listed below are located in the [`github/gh-aw`](https://github.com/github/gh-aw) repository and are **not available locally** in this repository. Load them from their public URLs. + ### Create New Workflow **Load when**: User wants to create a new workflow from scratch, add automation, or design a workflow that doesn't exist yet -**Prompt file**: `.github/aw/create-agentic-workflow.md` +**Prompt file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/create-agentic-workflow.md` **Use cases**: - "Create a workflow that triages issues" @@ -67,7 +69,7 @@ When you interact with this agent, it will: ### Update Existing Workflow **Load when**: User wants to modify, improve, or refactor an existing workflow -**Prompt file**: `.github/aw/update-agentic-workflow.md` +**Prompt file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/update-agentic-workflow.md` **Use cases**: - "Add web-fetch tool to the issue-classifier workflow" @@ -77,7 +79,7 @@ When you interact with this agent, it will: ### Debug Workflow **Load when**: User needs to investigate, audit, debug, or understand a workflow, troubleshoot issues, analyze logs, or fix errors -**Prompt file**: `.github/aw/debug-agentic-workflow.md` +**Prompt file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/debug-agentic-workflow.md` **Use cases**: - "Why is this workflow failing?" @@ -87,7 +89,7 @@ When you interact with this agent, it will: ### Upgrade Agentic Workflows **Load when**: User wants to upgrade workflows to a new gh-aw version or fix deprecations -**Prompt file**: `.github/aw/upgrade-agentic-workflows.md` +**Prompt file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/upgrade-agentic-workflows.md` **Use cases**: - "Upgrade all workflows to the latest version" @@ -97,7 +99,7 @@ When you interact with this agent, it will: ### Create a Report-Generating Workflow **Load when**: The workflow being created or updated produces reports — recurring status updates, audit summaries, analyses, or any structured output posted as a GitHub issue, discussion, or comment -**Prompt file**: `.github/aw/report.md` +**Prompt file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/report.md` **Use cases**: - "Create a weekly CI health report" @@ -107,7 +109,7 @@ When you interact with this agent, it will: ### Create Shared Agentic Workflow **Load when**: User wants to create a reusable workflow component or wrap an MCP server -**Prompt file**: `.github/aw/create-shared-agentic-workflow.md` +**Prompt file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/create-shared-agentic-workflow.md` **Use cases**: - "Create a shared component for Notion integration" @@ -117,7 +119,7 @@ When you interact with this agent, it will: ### Fix Dependabot PRs **Load when**: User needs to close or fix open Dependabot PRs that update dependencies in generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`) -**Prompt file**: `.github/aw/dependabot.md` +**Prompt file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/dependabot.md` **Use cases**: - "Fix the open Dependabot PRs for npm dependencies" @@ -127,7 +129,7 @@ When you interact with this agent, it will: ### Analyze Test Coverage **Load when**: The workflow reads, analyzes, or reports test coverage — whether triggered by a PR, a schedule, or a slash command. Always consult this prompt before designing the coverage data strategy. -**Prompt file**: `.github/aw/test-coverage.md` +**Prompt file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/test-coverage.md` **Use cases**: - "Create a workflow that comments coverage on PRs" @@ -137,7 +139,7 @@ When you interact with this agent, it will: ### CLI Commands Reference **Load when**: The user asks how to run, compile, debug, or manage workflows from the command line; needs the MCP tool equivalent of a `gh aw` command; or is in a restricted environment (e.g., Copilot Cloud) without direct CLI access. -**Reference file**: `.github/aw/cli-commands.md` +**Reference file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/cli-commands.md` **Use cases**: - "How do I trigger workflow X on the main branch?" @@ -148,7 +150,7 @@ When you interact with this agent, it will: ### Token Consumption Optimization **Load when**: The user asks how to reduce token usage, lower workflow costs, make a workflow faster or cheaper, or measure the impact of prompt or configuration changes. -**Reference file**: `.github/aw/token-optimization.md` +**Reference file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/token-optimization.md` **Use cases**: - "How do I reduce the token cost of this workflow?" @@ -161,7 +163,7 @@ When you interact with this agent, it will: ### Workflow Pattern Selection **Load when**: The user asks for architecture, strategy, operating model selection, or pattern recommendations for building agentic workflows. -**Reference file**: `.github/aw/patterns.md` +**Reference file**: `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/patterns.md` **Use cases**: - "Which pattern should I use for multi-repo rollout?" @@ -174,7 +176,7 @@ When you interact with this agent, it will: When a user interacts with you: 1. **Identify the task type** from the user's request -2. **Load the appropriate prompt** from the repository paths listed above +2. **Load the appropriate prompt** from the URLs listed above 3. **Follow the loaded prompt's instructions** exactly 4. **If uncertain**, ask clarifying questions to determine the right prompt @@ -213,12 +215,12 @@ gh aw compile --validate ## Important Notes -- Always reference the instructions file at `.github/aw/github-agentic-workflows.md` for complete documentation +- Always reference the instructions file at `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md` for complete documentation - Use the MCP tool `agentic-workflows` when running in GitHub Copilot Cloud - Workflows must be compiled to `.lock.yml` files before running in GitHub Actions - **Bash tools are enabled by default** - Don't restrict bash commands unnecessarily since workflows are sandboxed by the AWF - Follow security best practices: minimal permissions, explicit network access, no template injection -- **Network configuration**: Use ecosystem identifiers (`node`, `python`, `go`, etc.) or explicit FQDNs in `network.allowed`. Bare shorthands like `npm` or `pypi` are **not** valid. See `.github/aw/network.md` for the full list of valid ecosystem identifiers and domain patterns. +- **Network configuration**: Use ecosystem identifiers (`node`, `python`, `go`, etc.) or explicit FQDNs in `network.allowed`. Bare shorthands like `npm` or `pypi` are **not** valid. See `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/network.md` for the full list of valid ecosystem identifiers and domain patterns. - **Single-file output**: When creating a workflow, produce exactly **one** workflow `.md` file. Do not create separate documentation files (architecture docs, runbooks, usage guides, etc.). If documentation is needed, add a brief `## Usage` section inside the workflow file itself. - **Triggering runs**: Always use `gh aw run ` to trigger a workflow on demand — not `gh workflow run .lock.yml`. `gh aw run` handles workflow resolution by short name, input parsing and validation, and correct run-tracking for agentic workflows. Use `--ref ` to run on a specific branch. -- **CLI commands reference**: For a complete guide on all `gh aw` commands and their MCP tool equivalents (for restricted environments), see `.github/aw/cli-commands.md` +- **CLI commands reference**: For a complete guide on all `gh aw` commands and their MCP tool equivalents (for restricted environments), see `https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/cli-commands.md` diff --git a/.github/mcp.json b/.github/mcp.json index 2b6a938c8c..341a8b8758 100644 --- a/.github/mcp.json +++ b/.github/mcp.json @@ -1,14 +1,20 @@ { "mcpServers": { "github-agentic-workflows": { + "type": "local", "command": "gh", "args": [ "aw", "mcp-server" ], - "env": { - "GH_AW_DISABLE_UPDATE_CHECKS": "true" - } + "tools": [ + "compile", + "audit", + "logs", + "inspect", + "status", + "audit-diff" + ] } } } \ No newline at end of file diff --git a/.github/skills/agentic-workflow-designer/SKILL.md b/.github/skills/agentic-workflow-designer/SKILL.md index 42e9fd9358..eadac2bf65 100644 --- a/.github/skills/agentic-workflow-designer/SKILL.md +++ b/.github/skills/agentic-workflow-designer/SKILL.md @@ -157,9 +157,30 @@ Present a structured summary and ask for approval before generation. | User says... | Maps to | |---|---| | "calls an external API" | ask for exact FQDN/wildcard, then add to `network.allowed` | +| "reads GitHub data / clones repos" | include `github` in `network.allowed` | +| "uses GitHub Actions artifacts or cache" | include `github-actions` in `network.allowed` | | "installs npm packages" | include `node` in `network.allowed` | | "runs pip install" | include `python` in `network.allowed` | | "builds Go code" | include `go` in `network.allowed` | +| "installs gems / uses Bundler" | include `ruby` in `network.allowed` | +| "runs cargo build" | include `rust` in `network.allowed` | +| "uses NuGet / .NET restore" | include `dotnet` in `network.allowed` | +| "builds with Maven / Gradle" | include `java` in `network.allowed` | +| "uses Docker / pulls container images / pushes to GHCR" | include `containers` in `network.allowed` | +| "runs Playwright browser tests" | include `playwright` in `network.allowed` | +| "runs apt install / yum / apk" | include `linux-distros` in `network.allowed` | +| "uses Terraform / HashiCorp registry" | include `terraform` in `network.allowed` | +| "connects to localhost / loopback / local services" | include `local` in `network.allowed` | +| "uses Swift Package Manager" | include `swift` in `network.allowed` | +| "uses Composer / PHP packages" | include `php` in `network.allowed` | +| "uses pub.dev / Dart packages" | include `dart` in `network.allowed` | +| "uses Hackage / Haskell packages" | include `haskell` in `network.allowed` | +| "uses CPAN / Perl packages" | include `perl` in `network.allowed` | +| "serves or loads web fonts" | include `fonts` in `network.allowed` | +| "uses Deno or JSR packages" | include `deno` in `network.allowed` | +| "uses Elixir / Hex packages" | include `elixir` in `network.allowed` | +| "uses Bazel build" | include `bazel` in `network.allowed` | +| "uses R / CRAN packages" | include `r` in `network.allowed` | | "no external access" | `network.allowed: [defaults]` (or `[]` if explicitly zero network) | ### Tool Mapping @@ -184,6 +205,19 @@ Present a structured summary and ask for approval before generation. | "monitor workflow failures and trends" | `MonitorOps` | | "process a big backlog in chunks" | `BatchOps` | | "run manually with input parameters" | `DispatchOps` | +| "apply a label-based workflow" | `LabelOps` | +| "operate across multiple repositories" | `MultiRepoOps` | +| "coordinate multiple sub-agents" | `Orchestration` | +| "manage project board items" | `ProjectOps` | +| "research, plan, and assign issues" | `ResearchPlanAssignOps` | +| "self-correcting / retry on failure" | `CorrectionOps` | +| "run in a side/fork repo" | `SideRepoOps` | +| "write a spec before implementing" | `SpecOps` | +| "A/B test workflow variants" | `TrialOps` | +| "process items from a queue" | `WorkQueueOps` | +| "deterministic, no LLM needed" | `DeterministicOps` | +| "manage from a central repo" | `CentralRepoOps` | +| "track work via GitHub Projects" | `Monitoring with Projects` | ### Integration Auth Mapping diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index f23a7fce38..5ec4fa4246 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -1,4 +1,4 @@ -# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.79.8). DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md +# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.80.9). DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md # # ___ _ _ # / _ \ | | (_) @@ -21,15 +21,17 @@ # # For more information: https://github.github.com/gh-aw/introduction/overview/ # -# Alternative regeneration methods: -# make recompile +# This file defines the generated agentic maintenance workflow for this repository. +# It runs scheduled cleanup for expiring safe outputs and supports manual maintenance operations. # -# Or use the gh-aw CLI directly: -# ./gh-aw compile --validate --verbose +# This workflow is generated automatically when workflows use expiring safe outputs +# or when repository maintenance features are enabled in .github/workflows/aw.json. # -# The workflow is generated when any workflow uses the 'expires' field -# in create-discussions, create-issues, or create-pull-request safe-outputs configuration. -# Schedule frequency is automatically determined by the shortest expiration time. +# To disable maintenance workflow generation, set in .github/workflows/aw.json: +# {"maintenance": false} +# +# Agentic maintenance docs: +# https://github.github.com/gh-aw/reference/ephemerals/#manual-maintenance-operations # name: Agentic Maintenance @@ -94,7 +96,7 @@ jobs: pull-requests: write steps: - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -132,7 +134,7 @@ jobs: actions: write steps: - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -156,12 +158,12 @@ jobs: operation: ${{ steps.record.outputs.operation }} steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -176,9 +178,9 @@ jobs: await main(); - name: Install gh-aw - uses: github/gh-aw-actions/setup-cli@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: - version: v0.79.8 + version: v0.80.9 - name: Run operation uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -196,7 +198,9 @@ jobs: - name: Record outputs id: record - run: echo "operation=${{ inputs.operation }}" >> "$GITHUB_OUTPUT" + env: + GH_AW_OPERATION: ${{ inputs.operation }} + run: echo "operation=$GH_AW_OPERATION" >> "$GITHUB_OUTPUT" update_pull_request_branches: if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'update_pull_request_branches' && (!(github.event.repository.fork)) }} @@ -206,7 +210,7 @@ jobs: pull-requests: write steps: - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -245,14 +249,14 @@ jobs: run_url: ${{ steps.record.outputs.run_url }} steps: - name: Checkout actions folder - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: sparse-checkout: | actions persist-credentials: false - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -281,7 +285,9 @@ jobs: - name: Record outputs id: record - run: echo "run_url=${{ inputs.run_url }}" >> "$GITHUB_OUTPUT" + env: + GH_AW_RUN_URL: ${{ inputs.run_url }} + run: echo "run_url=$GH_AW_RUN_URL" >> "$GITHUB_OUTPUT" create_labels: if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'create_labels' && (!(github.event.repository.fork)) }} @@ -291,12 +297,12 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -311,9 +317,9 @@ jobs: await main(); - name: Install gh-aw - uses: github/gh-aw-actions/setup-cli@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: - version: v0.79.8 + version: v0.80.9 - name: Create missing labels uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -337,12 +343,12 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -357,9 +363,9 @@ jobs: await main(); - name: Install gh-aw - uses: github/gh-aw-actions/setup-cli@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: - version: v0.79.8 + version: v0.80.9 - name: Restore activity report logs cache id: activity_report_logs_cache @@ -380,10 +386,10 @@ jobs: ${GH_AW_CMD_PREFIX} logs \ --repo "${{ github.repository }}" \ --start-date -1w \ - --count 100 \ + --count 500 \ --output ./.cache/gh-aw/activity-report-logs \ --format markdown \ - > ./.cache/gh-aw/activity-report-logs/report.md + --report-file ./.cache/gh-aw/activity-report-logs/report.md - name: Save activity report logs cache if: ${{ always() }} @@ -442,12 +448,12 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -462,9 +468,9 @@ jobs: await main(); - name: Install gh-aw - uses: github/gh-aw-actions/setup-cli@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: - version: v0.79.8 + version: v0.80.9 - name: Restore forecast report logs cache id: forecast_report_logs_cache @@ -539,7 +545,7 @@ jobs: issues: write steps: - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -571,12 +577,12 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Setup Scripts - uses: github/gh-aw-actions/setup@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -591,9 +597,9 @@ jobs: await main(); - name: Install gh-aw - uses: github/gh-aw-actions/setup-cli@c0338fef4749d08c21f8f975fb0e37efa17dda47 # v0.79.8 + uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9 with: - version: v0.79.8 + version: v0.80.9 - name: Validate workflows and file issue on findings uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0