Add cache-memory filename safety warning to create-agentic-workflow.md

[Copilot]

The filename safety requirement for cache-memory (no colons in artifact names) was documented in AGENTS.md but not co-located with the cache-memory configuration instructions, causing agents to apply it inconsistently.

Changes

• Cross-reference at heuristic mention (~line 486): Appended a (see filename safety note below) link to the existing cache-memory: bullet so the constraint is visible at first mention.
• Inline warning block after cache-memory: true YAML (Round-Robin Processing Pattern section): Added a callout immediately after the frontmatter snippet showing ✅/❌ timestamp format examples and explicit prompt-authoring guidance:

> ⚠️ **Filename safety**: Cache-memory files are uploaded as GitHub Actions artifacts.
> Artifact filenames **must not contain colons** (NTFS limitation).
> ✅ Use: `investigation-2026-02-12-11-20-45.json`
> ❌ Avoid: `investigation-2026-02-12T11:20:45Z.json`
> When instructing the agent to write timestamped files, explicitly say:
> "Use filesystem-safe timestamp format `YYYY-MM-DD-HH-MM-SS[-sss]` (no colons, no `T`, no `Z`)."

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/cmd/gh-aw/main.go (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Make cache-memory filename safety (no colons) a default reminder in create-agentic-workflow.md</issue_title>
<issue_description>## Objective

Make the cache-memory filename safety requirement (no colons, use YYYY-MM-DD-HH-MM-SS format) a default, always-surfaced reminder in .github/aw/create-agentic-workflow.md whenever cache-memory is recommended — not just an implicit footnote.

Context

From the Agent Persona Exploration (discussion github/gh-aw#19306), the colons-in-filenames footgun was caught for FE1 (Visual Regression) but missed for DV2 (Cloud Cost Anomaly Digest). The root cause: the filename safety guidance is not co-located with the cache-memory configuration instructions in the prompt, so the agent applies it inconsistently.

The AGENTS.md already documents this under "Workflow Artifacts and Cache-Memory":

Filenames with invalid characters cause actions/upload-artifact to fail — use YYYY-MM-DD-HH-MM-SS-sss instead of ISO 8601 with colons.

Approach

1. Open .github/aw/create-agentic-workflow.md
2. Locate the cache-memory configuration section (around line 518–530)
3. Add an inline warning block immediately after cache-memory: true is introduced:

> ⚠️ **Filename safety**: Cache-memory files are uploaded as GitHub Actions artifacts.
> Artifact filenames **must not contain colons** (NTFS limitation).
> ✅ Use: `investigation-2026-02-12-11-20-45.json`
> ❌ Avoid: `investigation-2026-02-12T11:20:45Z.json`
> When instructing the agent to write timestamped files, explicitly say:
> "Use filesystem-safe timestamp format `YYYY-MM-DD-HH-MM-SS[-sss]` (no colons, no `T`, no `Z`)."

4. Also add this reminder to the tool selection heuristics for cache-memory (line ~486)

Files to Modify

• .github/aw/create-agentic-workflow.md — add filename safety callout in the cache-memory section

Acceptance Criteria

• Filename safety warning appears inline in the cache-memory configuration section
• Shows ✅ correct and ❌ incorrect timestamp format examples
• Instructs the prompt author to explicitly tell the agent to use filesystem-safe timestamps
• Lock file recompiled: make recompile

Generated by Plan Command for issue #discussion #19306

• expires on Mar 5, 2026, 4:03 AM UTC

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Make cache-memory filename safety (no colons) a default reminder in create-agentic-workflow.md #19324

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Documents cache-memory filename safety guidance (no colons in filenames) directly alongside the cache-memory recommendation to prevent inconsistent application by agents.

Changes:

• Adds an early cross-reference link from the cache-memory heuristic to a filename safety note.
• Adds an inline warning callout near the cache-memory enablement example with ✅/❌ timestamp filename examples and prompt-authoring guidance.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The link target #cache-memory-filename-safety does not exist in this document (the only occurrence is this link), so the cross-reference will be broken. Add a heading/explicit anchor with that ID near the new filename safety callout, or update the link to point at an existing section anchor.

[Copilot]

This callout states cache-memory files "are uploaded as GitHub Actions artifacts", but cache-memory is primarily stored via Actions cache; artifact upload only happens in specific flows (e.g., threat detection / extended retention). Consider rewording to "may be uploaded as artifacts" (and optionally mention when) to keep the guidance accurate.

Suggested change

	> ⚠️ **Filename safety**: Cache-memory files are uploaded as GitHub Actions artifacts.
	> ⚠️ **Filename safety**: Cache-memory files may be uploaded as GitHub Actions artifacts in certain workflows (for example, security/threat-detection or extended-retention flows).

[Copilot]

The guidance "no T, no Z" is stricter than the actual filename restriction (colons are the problematic character). To avoid teaching an incorrect constraint, consider focusing the instruction on "no colons" and describing the recommended format as an alternative to ISO 8601 (which includes colons) rather than forbidding T/Z explicitly.

Suggested change

	> "Use filesystem-safe timestamp format `YYYY-MM-DD-HH-MM-SS[-sss]` (no colons, no `T`, no `Z`)."
	> "Use a filesystem-safe timestamp format without colons, such as `YYYY-MM-DD-HH-MM-SS[-sss]`, instead of ISO 8601 timestamps with colons (for example, `2026-02-12T11:20:45Z`)."