fix: improve issue URL format in firewall-issue-dispatcher prompt#1899
fix: improve issue URL format in firewall-issue-dispatcher prompt#1899
Conversation
Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/3169bf2f-5258-452f-8a24-255e8067b4c1 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
There was a problem hiding this comment.
Pull request overview
Updates the Firewall Issue Dispatcher workflow prompt to prevent malformed cross-repo tracking issue links when commenting on github/gh-aw issues, and regenerates the compiled lock workflow.
Changes:
- Tightens “already audited” detection to match both full URLs and
owner/repo#cross-repo references. - Makes the tracking-issue URL template explicit with a
{NUMBER}placeholder and rules for substituting only the numeric ID. - Recompiled the workflow lock file (and updated the scheduled cron minute).
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/firewall-issue-dispatcher.md | Prompt edits for audited-detection and explicit tracking-issue URL formatting (but currently drops the “create tracking issue” step and has numbering inconsistencies). |
| .github/workflows/firewall-issue-dispatcher.lock.yml | Regenerated compiled workflow; cron minute changed while keeping 6h cadence. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comments suppressed due to low confidence (1)
.github/workflows/firewall-issue-dispatcher.md:84
- The step numbering/headers are inconsistent after the edit (e.g., Step 3 contains an item labeled "4.", and "### 4. Report Results" appears under Step 3). This can confuse the agent and increases the chance it will skip required actions; renumber the steps and headings to be sequential and consistent.
## Step 3: Create Tracking Issues
For each **unprocessed** issue:
4. **Comment on the original `github/gh-aw` issue** linking to the newly created tracking issue. Use this exact format:
> 🔗 AWF tracking issue: https://github.com/github/gh-aw-firewall/issues/{NUMBER}
where `{NUMBER}` is replaced with **only the numeric issue number** (e.g., `1896`). Do NOT include the repository name, hash symbols, or any other text — just the number in the URL path. Use the `add_comment` safe output tool with `repo: "github/gh-aw"` and the original issue number.
### 4. Report Results
Report: issues found, skipped (already audited), tracking issues created.
- Files reviewed: 2/2 changed files
- Comments generated: 2
| ## Step 3: Create Tracking Issues | ||
|
|
||
| For each **unprocessed** issue: | ||
|
|
||
| 1. **Create a tracking issue in `github/gh-aw-firewall`** with: | ||
| - Title: `[awf] <component>: <summary>` | ||
| - Body: **Problem**, **Context** (link to original), **Root Cause**, **Proposed Solution** | ||
| - Reference specific source files. See `AGENTS.md` for component descriptions. | ||
| 4. **Comment on the original `github/gh-aw` issue** linking to the newly created tracking issue. Use this exact format: | ||
|
|
||
| 2. **Comment on the original `github/gh-aw` issue**: | ||
| > 🔗 AWF tracking issue: https://github.com/github/gh-aw-firewall/issues/NUMBER | ||
| > 🔗 AWF tracking issue: https://github.com/github/gh-aw-firewall/issues/{NUMBER} | ||
|
|
||
| ## Step 4: Summarize | ||
| where `{NUMBER}` is replaced with **only the numeric issue number** (e.g., `1896`). Do NOT include the repository name, hash symbols, or any other text — just the number in the URL path. Use the `add_comment` safe output tool with `repo: "github/gh-aw"` and the original issue number. |
There was a problem hiding this comment.
In Step 3, the instructions for actually creating the tracking issue in github/gh-aw-firewall were removed, but the workflow still claims it "creates tracking issues" and the safe-outputs include create-issue. As written, the agent is only instructed to comment on the original issue, which will prevent tracking issues from being created. Restore the explicit "create tracking issue" step (title/body/labels + use create_issue safe output) before the comment step.
This issue also appears on line 72 of the same file.
| schedule: | ||
| - cron: "11 */6 * * *" | ||
| - cron: "20 */6 * * *" | ||
| # Friendly format: every 6h (scattered) |
There was a problem hiding this comment.
The cron schedule minute changed from "11" to "20" (still every 6 hours). This behavioral change isn’t mentioned in the PR description; confirm it’s intentional and, if so, document it in the PR description (or revert if it was an accidental change from recompile/postprocess).
Smoke Test Results✅ GitHub MCP: perf: optimize firewall-issue-dispatcher token usage / perf: optimize secret-digger-claude token usage Overall: PASS
|
🔥 Smoke Test Results
Overall: PASS PR by
|
Smoke Test: GitHub Actions Services Connectivity ✅All connectivity checks passed:
|
|
Smoke Test: Codex Engine Validation
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
Problem
The Firewall Issue Dispatcher workflow was generating malformed URLs when commenting on
github/gh-awissues. Instead of:It generated:
See: github/gh-aw#25593 (comment)
The AI agent confused URL path format with GitHub's cross-repo reference format (
owner/repo#number), embedding the repo name and#in the URL path.Changes
Made the URL template more explicit — Changed
NUMBERto{NUMBER}placeholder with clear instructions that only the numeric issue number should be substituted, and explicitly prohibiting repository names, hash symbols, or any other text in the URL path.Improved already-audited detection — Updated the comment-scanning pattern to also match GitHub cross-repo references (
github/gh-aw-firewall#) in addition to full URLs, so previously-processed issues with either format are correctly detected and skipped.Recompiled lock.yml — Regenerated via
gh aw compile+ post-processing.