Fix observability workflow to use MCP server tools instead of shell commands

[Copilot]

The daily observability workflow had tools: agentic-workflows: true configured but instructed agents to run shell commands (gh aw status, gh aw logs) instead of calling MCP server tools. This caused the workflow to report 0 runs analyzed and fail to collect any firewall or MCP gateway telemetry.

Changes

• Added MCP tool usage warning in Phase 1 to clarify these are tool calls, not shell commands

• Converted shell commands to MCP tool format:

  Before:

  gh aw logs --start-date -7d -o /tmp/gh-aw/observability-logs -c 100

  After:

  Tool: logs
  Parameters: {
    "workflow_name": "",
    "count": 100,
    "start_date": "-7d",
    "parse": true
  }

• Updated output paths throughout: /tmp/gh-aw/observability-logs/ → /tmp/gh-aw/aw-mcp/logs/ (MCP tools output location)

The workflow now correctly instructs agents to invoke MCP server tools with JSON parameters, restoring observability coverage for firewall access logs and MCP gateway telemetry.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Fix observability workflow to use MCP server tools</issue_title>
<issue_description># Q Workflow Optimization Report

Issues Found (from live data)

Daily Observability Report (daily-observability-report.md)

• Analysis Source: Discussion #11692 - Daily Regulatory Report
• Run ID Analyzed: §21318073275
• Issues Identified:
  • Critical: Log download failure - workflow reported 0 runs analyzed
  • Root Cause: Workflow instructions tell agent to run shell commands (gh aw logs) instead of using MCP server tools
  • Impact: Complete observability coverage failure - no firewall or MCP gateway telemetry data collected

Root Cause Analysis

The workflow is configured with tools: agentic-workflows: true which sets up the gh-aw MCP server exposing tools like status, logs, and audit. However, the workflow instructions contained shell command examples like:

gh aw status --json
gh aw logs --start-date -7d -o /tmp/gh-aw/observability-logs -c 100

When the agent tried to execute these shell commands, they failed because:

1. The commands should be called as MCP server tools with JSON parameters, not as shell commands
2. The MCP server tools use different output paths (/tmp/gh-aw/aw-mcp/logs/ not /tmp/gh-aw/observability-logs/)
3. The workflow didn't clarify that these are MCP tools, leading to confusion

Changes Made

.github/workflows/daily-observability-report.md

Added clear MCP tool guidance:

• Added warning at the top explaining that status, logs, and audit are MCP server tools
• Emphasized these should be called as tools with JSON parameters, not shell commands

Updated Phase 1 (Fetch Workflow Runs):

• Replaced shell command examples with MCP tool parameter examples
• Step 1.1: Updated to use status MCP tool with JSON parameters
• Step 1.2: Updated to use logs MCP tool with JSON parameters
• Step 1.3: Updated to reference correct output directory (/tmp/gh-aw/aw-mcp/logs/)

Updated file paths throughout:

• Changed /tmp/gh-aw/observability-logs/ → /tmp/gh-aw/aw-mcp/logs/ (MCP tool output location)
• Updated all path patterns to use the correct MCP tool output directory

Example of changes:

Before:

gh aw logs --start-date -7d -o /tmp/gh-aw/observability-logs -c 100

After:

Tool: logs
Parameters:
{
  "workflow_name": "",
  "count": 100,
  "start_date": "-7d",
  "parse": true
}

Expected Improvements

• Fixes critical observability failure: Workflow will now successfully download logs using MCP server tools
• Restores telemetry coverage: Firewall access logs and MCP gateway logs will be properly analyzed
• Prevents future confusion: Clear documentation of MCP tool usage vs shell commands
• Improves reliability: Agents will correctly use the configured MCP server tools

Validation

✅ Workflow compiled successfully with gh aw compile daily-observability-report

• No compilation errors
• Only expected warnings (unrelated to this fix)
• Generated lock file matches expected structure

Note: Lock file will be regenerated automatically after merge by the copilot agent.

References

• Investigation Source: Discussion githubnext/gh-aw#11692
• Failed Run: §21318073275
• MCP Server Documentation: The agentic-workflows MCP server exposes status, logs, audit, compile, and other tools
• Output Location: MCP tools automatically output to /tmp/gh-aw/aw-mcp/logs/

---

Q Mission Summary: Investigated Daily Regulatory Report findings, identified MCP tool configuration issue, made surgical fix to workflow instructions, validated compilation. This fix should restore the Daily Observability Report functionality and prevent similar issues in other workflows using the agentic-workflows MCP server.

AI generated by Q

---

[!NOTE]
This was originally intended as a pull request, but the git push operation failed.

Workflow Run: View run details and download patch artifact

The patch file is available in the agent-artifacts artifact in the workflow run linked above.

To apply the patch locally:

# Download the artifact from the workflow run https://github.com/githubnext/gh-aw/actions/runs/21320594020
# (Use GitHub MCP tools if gh CLI is not available)
gh run download 21320594020 -n agent-artifacts

# The patch file will be at agent-artifacts/tmp/gh-aw/aw.patch after download
# Apply the patch
git am agent-artifacts/tmp/gh-aw/aw.patch

Show patch preview (149 of...

• Fixes Fix observability workflow to use MCP server tools #11698

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.