You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Updates the /cloclo agentic workflow to strongly enforce that any file changes must go through the create-pull-request safe output tool — no exceptions.
Problem
Cloclo was committing changes directly to existing branches (e.g. 1d45d42 on copilot/add-logging-to-spellcheck) instead of creating a new pull request. The old instructions said "ALWAYS create a new pull request" but were not strong enough to prevent direct commits.
Also fixed a typo in the Critical Constraints section: .github/.workflows → .github/workflows.
Changes Made
.github/workflows/cloclo.md:
Step 4 of "If Code Changes Are Needed" — rewritten as a 🚨 MANDATORY constraint with explicit language: "This is non-negotiable — if you modified any files, a PR must be created. Never commit directly to any branch."
New "Critical Constraints" block — added 🚨 MANDATORY: If ANY files were changed, you MUST create a pull request with five bullet-point rules including an explicit failure condition: "If you modified files but did not call create-pull-request, you have failed the task."
Begin Processing checklist — updated from a soft reminder to 🚨 MANDATORY: If you changed any files, call create-pull-request — no exceptions, no alternatives; added ❌ Never push or commit directly to any branch.
Fixed typo: .github/.workflows → .github/workflows in the directory constraint.
Validation
✅ Workflow compiled successfully with no errors or warnings via agenticworkflows compile --workflows cloclo
Note: .lock.yml file excluded from this PR — will be regenerated automatically after merge.
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.
Create the pull request manually
# Download the patch from the workflow run
gh run download 24673282403 -n agent -D /tmp/agent-24673282403
# Create a new branch
git checkout -b q/update-cloclo-pr-requirement-692041d2bd3aecd9 main
# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-24673282403/aw-q-update-cloclo-pr-requirement.patch
# Push the branch and create the pull request
git push origin q/update-cloclo-pr-requirement-692041d2bd3aecd9
gh pr create --title '[q] Enforce mandatory PR creation for file changes in cloclo workflow' --base main --head q/update-cloclo-pr-requirement-692041d2bd3aecd9 --repo github/gh-aw
Summary
Updates the
/clocloagentic workflow to strongly enforce that any file changes must go through thecreate-pull-requestsafe output tool — no exceptions.Problem
Cloclo was committing changes directly to existing branches (e.g.
1d45d42oncopilot/add-logging-to-spellcheck) instead of creating a new pull request. The old instructions said "ALWAYS create a new pull request" but were not strong enough to prevent direct commits.Also fixed a typo in the Critical Constraints section:
.github/.workflows→.github/workflows.Changes Made
.github/workflows/cloclo.md:Step 4 of "If Code Changes Are Needed" — rewritten as a
🚨 MANDATORYconstraint with explicit language: "This is non-negotiable — if you modified any files, a PR must be created. Never commit directly to any branch."New "Critical Constraints" block — added
🚨 MANDATORY: If ANY files were changed, you MUST create a pull requestwith five bullet-point rules including an explicit failure condition: "If you modified files but did not callcreate-pull-request, you have failed the task."Begin Processing checklist — updated from a soft reminder to
🚨 MANDATORY: If you changed any files, call create-pull-request — no exceptions, no alternatives; added❌ Never push or commit directly to any branch.Fixed typo:
.github/.workflows→.github/workflowsin the directory constraint.Validation
✅ Workflow compiled successfully with no errors or warnings via
agenticworkflows compile --workflows clocloNote:
.lock.ymlfile excluded from this PR — will be regenerated automatically after merge.Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
The push was rejected because GitHub Actions does not have
workflowspermission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.Create the pull request manually