Deep-clean .github/aw/*.md: remove invalid patterns and deprecated references

[Copilot]

Several .github/aw/*.md prompt files contained configurations that would fail compilation, deprecated fields that shouldn't be used, and duplicate/inaccurate content. All write-permission examples shown as "optional" or "not recommended" are actually rejected by the compiler (validateDangerousPermissions), making them actively misleading rather than just discouraged.

Compiler-rejected write permissions removed

The compiler rejects all write permissions on the agent job — these were wrong, not just discouraged:

• github-agentic-workflows.md: Removed "Direct Issue Management Pattern (Not Recommended)" that showed issues: write as a viable fallback
• create-agentic-workflow.md: Removed pull-requests: write # Required for automatic label removal from label_command example — the compiler auto-adds this to the activation job
• memory.md: Removed contents: write from repo-memory/wiki examples; added accurate note that the compiler creates a separate push_repo_memory job with this permission
• test-coverage.md: Removed pull-requests: write from frontmatter template — the template already uses safe-outputs: add-comment:

Deprecated fields removed

Stopped mentioning fields that should never be used:

• Removed all references to the deprecated command: trigger (3 locations) — only slash_command: exists
• Removed deprecated roles: top-level field migration note — only on.roles: applies
• Removed deprecated create-agent-task note — only create-agent-session applies

Duplicate and inaccurate content removed

• github-agentic-workflows.md: Removed duplicate "Output Processing Examples" section (~87 lines) that repeated content already in "Output Processing and Issue Creation"
• github-agentic-workflows.md: Removed min-integrity: none from Issue Triage Bot example — internal/advanced field with a factually incorrect inline comment

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw v1C3mExQJe3V (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --all --quiet bash --no�� --noprofile (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --local user.email ash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ithub/workflows /home/REDACTED/wor-j /usr/local/bin/bACCEPT /home/REDACTED/worbash /home/REDACTED/wor--norc /home/REDACTED/wor--noprofile bash --no�� kflow/mcp_renderer_github.go /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/actioowner=github er: String!, $name: String!) { repository(owne-f /home/REDACTED/worinfocmp /home/REDACTED/wor-1 /home/REDACTED/worxterm-color bash (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility -docs-review.locremote.origin.url checker.lock.yml r: $owner, name: $name) { hasDiscussionsEnabled } } (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility k/gh-aw/gh-aw/.gremote.origin.url git r: $owner, name: $name) { hasDiscussionsEnabled } } l --local cal/bin/bash git -C 0b2a1e66:pkg/wor-f config er: String!, $na-f remote.origin.urdocker --local /home/REDACTED/.doinspect infocmp (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --verify main 0/x64/bin/bash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha kflow/args_field_test.go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

[pelikhan]

@dsyme they come back, make this a weekly agent as well.

[Copilot]

Pull request overview

This PR cleans up the .github/aw/*.md agentic-workflow prompt docs by removing examples/config patterns that the compiler rejects (notably write permissions on the agent job) and deleting deprecated/duplicate content.

Changes:

• Removed compiler-rejected write-permission examples from multiple prompt templates.
• Removed mentions of deprecated fields (command:, top-level roles:, create-agent-task) and deleted duplicate sections.
• Clarified repo-memory behavior to note the compiler-generated push_repo_memory job with contents: write.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
.github/aw/test-coverage.md	Removes pull-requests: write from the template permissions block.
.github/aw/memory.md	Removes contents: write from examples; documents compiler-generated push job permissions; updates tradeoffs text.
.github/aw/github-agentic-workflows.md	Removes deprecated references and deletes duplicate/misleading sections (incl. write-permission pattern).
.github/aw/create-agentic-workflow.md	Removes pull-requests: write from the label_command example.

Comments suppressed due to low confidence (1)

.github/aw/memory.md:203

• The wiki-backed repo-memory tradeoffs table repeats the same con (“Produces Git commits to wiki repo”) for multiple pros. It would read more clearly if each row had a distinct con or if the repeated point were consolidated into a single row.

| Browsable in the GitHub Wiki UI | Produces Git commits to wiki repo |
| Great for human-readable knowledge bases | Produces Git commits to wiki repo |

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The repo-memory tradeoffs table now repeats the same con (“Produces Git commits — repository noise”) for two different pros, which makes the comparison less informative. Consider replacing one of these with a distinct downside (e.g., requires a push job / write permission handled via compiler, potential merge conflicts, etc.) or consolidating the row to avoid duplication.

This issue also appears on line 202 of the same file.

Suggested change

	| Auditable: Git history shows every change | Produces Git commits — repository noise |
	| Auditable: Git history shows every change | Requires separate push job with write permissions |