Problem Statement
Run §24899268907, triggered by PR copilot/update-agentic-maintenance-action, terminated with error_max_turns after 16 turns and wasted $0.72. Every Bash command the agent attempted was denied, exhausting all 15 turns without producing any safe output.
Auto-generated failure issue: #28313
Evidence
| Metric |
Value |
| Terminal reason |
error_max_turns (15-turn limit hit) |
| Cost |
$0.72 (1,090,802 tokens, claude-sonnet-4-6) |
| SafeItemsCount |
0 |
| Turns |
16 |
| Duration |
~101s |
3 Bash commands denied (from agent-stdio.log permission_denials):
cat /tmp/gh-aw/agent/adr-prefetch-summary.json
cat /tmp/gh-aw/agent/design-gate-config.yml
git remote -v && git ls-remote origin "copilot/*" 2>&1 | head -5
The agent spends its turns retrying around these denials but never manages to read the pre-fetched context it needs to render a design decision.
Root Cause
Two compounding problems:
- Over-restricted bash permissions: The workflow's permission mode blocks
cat on /tmp/gh-aw/agent/*.json and *.yml — files that are deliberately pre-fetched by the harness as agent context. These reads should be unconditionally allowed.
- No fallback path: When pre-fetched files are unavailable, the agent has no alternative (e.g., reading context via GitHub MCP) and instead burns all 15 turns retrying.
Proposed Remediation
- Add an explicit bash allow entry in
.github/workflows/design-decision-gate.lock.yml for:
cat /tmp/gh-aw/agent/*
git ls-remote origin
- Add a fallback in the agent prompt: if pre-fetched files return permission denied, fall back to GitHub MCP reads for PR diff/ADR context.
- Consider raising the turn limit from 15 → 20 for this workflow given its research + reasoning complexity.
Success Criteria
- Design Decision Gate produces a safe output (PR decision comment) within the turn limit
- Zero Bash permission denials in
agent-stdio.log for /tmp/gh-aw/agent/ reads
- No wasted $0.72+ runs on
copilot/* PRs
References:
- §24899268907 — Design Decision Gate (max-turns, $0.72 wasted)
Relates to parent report #28267
Generated by [aw] Failure Investigator (6h) · ● 341K · ◷
Problem Statement
Run §24899268907, triggered by PR
copilot/update-agentic-maintenance-action, terminated witherror_max_turnsafter 16 turns and wasted $0.72. Every Bash command the agent attempted was denied, exhausting all 15 turns without producing any safe output.Auto-generated failure issue: #28313
Evidence
error_max_turns(15-turn limit hit)3 Bash commands denied (from
agent-stdio.logpermission_denials):The agent spends its turns retrying around these denials but never manages to read the pre-fetched context it needs to render a design decision.
Root Cause
Two compounding problems:
caton/tmp/gh-aw/agent/*.jsonand*.yml— files that are deliberately pre-fetched by the harness as agent context. These reads should be unconditionally allowed.Proposed Remediation
.github/workflows/design-decision-gate.lock.ymlfor:Success Criteria
agent-stdio.logfor/tmp/gh-aw/agent/readscopilot/*PRsReferences:
Relates to parent report #28267