diff --git a/.github/workflows/copilot-token-audit.lock.yml b/.github/workflows/copilot-token-audit.lock.yml
index 4e9be857ab9..785c8a056b2 100644
--- a/.github/workflows/copilot-token-audit.lock.yml
+++ b/.github/workflows/copilot-token-audit.lock.yml
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4993afcb4a3c4deba55338531bccb1f2368e81e959816495af1ce71b96edac94","strict":true,"agent_id":"copilot"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"30107ff06ddff13a593f175c86fe6ac713e80c7174980a1b05dddccb48fff938","strict":true,"agent_id":"copilot"}
# ___ _ _
# / _ \ | | (_)
# | |_| | __ _ ___ _ __ | |_ _ ___
@@ -79,6 +79,7 @@ jobs:
comment_repo: ""
lockdown_check_failed: ${{ steps.generate_aw_info.outputs.lockdown_check_failed == 'true' }}
model: ${{ steps.generate_aw_info.outputs.model }}
+ setup-trace-id: ${{ steps.setup.outputs.trace-id }}
steps:
- name: Checkout actions folder
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -88,9 +89,11 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
- name: Generate agentic run info
id: generate_aw_info
env:
@@ -154,9 +157,9 @@ jobs:
run: |
bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh
{
- cat << 'GH_AW_PROMPT_054db1186592fa8a_EOF'
+ cat << 'GH_AW_PROMPT_ce062c0246294651_EOF'
- GH_AW_PROMPT_054db1186592fa8a_EOF
+ GH_AW_PROMPT_ce062c0246294651_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
@@ -164,7 +167,7 @@ jobs:
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_054db1186592fa8a_EOF'
+ cat << 'GH_AW_PROMPT_ce062c0246294651_EOF'
Tools: create_discussion, upload_asset, missing_tool, missing_data, noop
@@ -198,15 +201,15 @@ jobs:
{{/if}}
- GH_AW_PROMPT_054db1186592fa8a_EOF
+ GH_AW_PROMPT_ce062c0246294651_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_054db1186592fa8a_EOF'
+ cat << 'GH_AW_PROMPT_ce062c0246294651_EOF'
{{#runtime-import .github/workflows/shared/mcp/gh-aw.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/shared/python-dataviz.md}}
{{#runtime-import .github/workflows/copilot-token-audit.md}}
- GH_AW_PROMPT_054db1186592fa8a_EOF
+ GH_AW_PROMPT_ce062c0246294651_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
@@ -234,7 +237,7 @@ jobs:
GH_AW_GITHUB_RUN_ID: ${{ github.run_id }}
GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }}
GH_AW_MEMORY_BRANCH_NAME: 'memory/token-audit'
- GH_AW_MEMORY_CONSTRAINTS: "\n\n**Constraints:**\n- **Allowed Files**: Only files matching patterns: memory/token-audit/*.json, memory/token-audit/*.jsonl, memory/token-audit/*.csv, memory/token-audit/*.md\n- **Max File Size**: 102400 bytes (0.10 MB) per file\n- **Max File Count**: 100 files per commit\n- **Max Patch Size**: 10240 bytes (10 KB) total per push (max: 100 KB)\n"
+ GH_AW_MEMORY_CONSTRAINTS: "\n\n**Constraints:**\n- **Allowed Files**: Only files matching patterns: memory/token-audit/*.json, memory/token-audit/*.jsonl, memory/token-audit/*.csv, memory/token-audit/*.md\n- **Max File Size**: 102400 bytes (0.10 MB) per file\n- **Max File Count**: 100 files per commit\n- **Max Patch Size**: 51200 bytes (50 KB) total per push (max: 100 KB)\n"
GH_AW_MEMORY_DESCRIPTION: ' Historical daily Copilot token usage snapshots'
GH_AW_MEMORY_DIR: '/tmp/gh-aw/repo-memory/default/'
GH_AW_MEMORY_TARGET_REPO: ' of the current repository'
@@ -315,6 +318,7 @@ jobs:
model: ${{ needs.activation.outputs.model }}
output: ${{ steps.collect_output.outputs.output }}
output_types: ${{ steps.collect_output.outputs.output_types }}
+ setup-trace-id: ${{ steps.setup.outputs.trace-id }}
steps:
- name: Checkout actions folder
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -324,9 +328,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Set runtime paths
id: set-runtime-paths
run: |
@@ -482,12 +489,12 @@ jobs:
mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_819e53f76fde48af_EOF'
- {"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[copilot-token-audit] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":10240}]},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg"],"branch":"assets/${{ github.workflow }}","max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_819e53f76fde48af_EOF
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_b6b826edcb8b04b7_EOF'
+ {"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[copilot-token-audit] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":51200}]},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg"],"branch":"assets/${{ github.workflow }}","max-size":10240}}
+ GH_AW_SAFE_OUTPUTS_CONFIG_b6b826edcb8b04b7_EOF
- name: Write Safe Outputs Tools
run: |
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_288b8994e1fd8d09_EOF'
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_6958f4e62971e574_EOF'
{
"description_suffixes": {
"create_discussion": " CONSTRAINTS: Maximum 1 discussion(s) can be created. Title will be prefixed with \"[copilot-token-audit] \". Discussions will be created in category \"audits\".",
@@ -496,8 +503,8 @@ jobs:
"repo_params": {},
"dynamic_tools": []
}
- GH_AW_SAFE_OUTPUTS_TOOLS_META_288b8994e1fd8d09_EOF
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_8fca0007804a33a6_EOF'
+ GH_AW_SAFE_OUTPUTS_TOOLS_META_6958f4e62971e574_EOF
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_7a53351007f7d205_EOF'
{
"create_discussion": {
"defaultMax": 1,
@@ -592,7 +599,7 @@ jobs:
}
}
}
- GH_AW_SAFE_OUTPUTS_VALIDATION_8fca0007804a33a6_EOF
+ GH_AW_SAFE_OUTPUTS_VALIDATION_7a53351007f7d205_EOF
node ${RUNNER_TEMP}/gh-aw/actions/generate_safe_outputs_tools.cjs
- name: Generate Safe Outputs MCP Server Config
id: safe-outputs-config
@@ -666,7 +673,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.12'
mkdir -p /home/runner/.copilot
- cat << GH_AW_MCP_CONFIG_d7bab00102f5cd4c_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
+ cat << GH_AW_MCP_CONFIG_c8b290cf6d2bafa7_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
{
"mcpServers": {
"agenticworkflows": {
@@ -726,7 +733,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_d7bab00102f5cd4c_EOF
+ GH_AW_MCP_CONFIG_c8b290cf6d2bafa7_EOF
- name: Download activation artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
@@ -982,9 +989,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Download agent output artifact
id: download-agent-output
continue-on-error: true
@@ -1065,7 +1075,9 @@ jobs:
await main();
detection:
- needs: agent
+ needs:
+ - activation
+ - agent
if: >
always() && needs.agent.result != 'skipped' && (needs.agent.outputs.output_types != '' || needs.agent.outputs.has_patch == 'true')
runs-on: ubuntu-latest
@@ -1084,9 +1096,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Download agent output artifact
id: download-agent-output
continue-on-error: true
@@ -1220,6 +1235,7 @@ jobs:
push_repo_memory:
needs:
+ - activation
- agent
- detection
if: >
@@ -1244,9 +1260,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
@@ -1284,7 +1303,7 @@ jobs:
BRANCH_NAME: memory/token-audit
MAX_FILE_SIZE: 102400
MAX_FILE_COUNT: 100
- MAX_PATCH_SIZE: 10240
+ MAX_PATCH_SIZE: 51200
ALLOWED_EXTENSIONS: '[]'
FILE_GLOB_FILTER: "memory/token-audit/*.json memory/token-audit/*.jsonl memory/token-audit/*.csv memory/token-audit/*.md"
with:
@@ -1305,6 +1324,7 @@ jobs:
safe_outputs:
needs:
+ - activation
- agent
- detection
if: (!cancelled()) && needs.agent.result != 'skipped' && needs.detection.result == 'success'
@@ -1338,9 +1358,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Download agent output artifact
id: download-agent-output
continue-on-error: true
@@ -1390,6 +1413,7 @@ jobs:
update_cache_memory:
needs:
+ - activation
- agent
- detection
if: >
@@ -1409,9 +1433,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Download cache-memory artifact (default)
id: download_cache_default
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
@@ -1436,7 +1463,9 @@ jobs:
path: /tmp/gh-aw/cache-memory
upload_assets:
- needs: agent
+ needs:
+ - activation
+ - agent
if: (!cancelled()) && needs.agent.result != 'skipped' && contains(needs.agent.outputs.output_types, 'upload_asset')
runs-on: ubuntu-slim
permissions:
@@ -1454,9 +1483,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
diff --git a/.github/workflows/copilot-token-audit.md b/.github/workflows/copilot-token-audit.md
index 87879fb8c95..bf31bc3232a 100644
--- a/.github/workflows/copilot-token-audit.md
+++ b/.github/workflows/copilot-token-audit.md
@@ -54,6 +54,7 @@ imports:
with:
branch-name: "memory/token-audit"
description: "Historical daily Copilot token usage snapshots"
+ max-patch-size: 51200
- copilot-setup-steps.yml
- uses: shared/mcp/gh-aw.md
- shared/reporting.md
diff --git a/.github/workflows/copilot-token-optimizer.lock.yml b/.github/workflows/copilot-token-optimizer.lock.yml
index 567037774da..19d48acb675 100644
--- a/.github/workflows/copilot-token-optimizer.lock.yml
+++ b/.github/workflows/copilot-token-optimizer.lock.yml
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"711f32a7552facdfd64cd7b87379b0761180f36ccec3654c8b6e1b15fc4c0d7d","strict":true,"agent_id":"copilot"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"86a159c3ff0374493fa651d638eab96762e4dad20a9b47e1cd175c3d768437be","strict":true,"agent_id":"copilot"}
# ___ _ _
# / _ \ | | (_)
# | |_| | __ _ ___ _ __ | |_ _ ___
@@ -26,7 +26,6 @@
# Resolved workflow manifest:
# Imports:
# - copilot-setup-steps.yml
-# - shared/daily-audit-discussion.md
# - shared/mcp/gh-aw.md
# - shared/repo-memory-standard.md
# - shared/reporting.md
@@ -75,6 +74,7 @@ jobs:
comment_repo: ""
lockdown_check_failed: ${{ steps.generate_aw_info.outputs.lockdown_check_failed == 'true' }}
model: ${{ steps.generate_aw_info.outputs.model }}
+ setup-trace-id: ${{ steps.setup.outputs.trace-id }}
steps:
- name: Checkout actions folder
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -84,9 +84,11 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
- name: Generate agentic run info
id: generate_aw_info
env:
@@ -150,18 +152,18 @@ jobs:
run: |
bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh
{
- cat << 'GH_AW_PROMPT_70b3610d51da5d44_EOF'
+ cat << 'GH_AW_PROMPT_822a6d37b217ea93_EOF'
- GH_AW_PROMPT_70b3610d51da5d44_EOF
+ GH_AW_PROMPT_822a6d37b217ea93_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/agentic_workflows_guide.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_70b3610d51da5d44_EOF'
+ cat << 'GH_AW_PROMPT_822a6d37b217ea93_EOF'
- Tools: create_discussion, missing_tool, missing_data, noop
+ Tools: create_issue, missing_tool, missing_data, noop
The following GitHub context information is available for this workflow:
@@ -191,14 +193,14 @@ jobs:
{{/if}}
- GH_AW_PROMPT_70b3610d51da5d44_EOF
+ GH_AW_PROMPT_822a6d37b217ea93_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_70b3610d51da5d44_EOF'
+ cat << 'GH_AW_PROMPT_822a6d37b217ea93_EOF'
{{#runtime-import .github/workflows/shared/mcp/gh-aw.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/copilot-token-optimizer.md}}
- GH_AW_PROMPT_70b3610d51da5d44_EOF
+ GH_AW_PROMPT_822a6d37b217ea93_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
@@ -223,7 +225,7 @@ jobs:
GH_AW_GITHUB_RUN_ID: ${{ github.run_id }}
GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }}
GH_AW_MEMORY_BRANCH_NAME: 'memory/token-audit'
- GH_AW_MEMORY_CONSTRAINTS: "\n\n**Constraints:**\n- **Allowed Files**: Only files matching patterns: memory/token-audit/*.json, memory/token-audit/*.jsonl, memory/token-audit/*.csv, memory/token-audit/*.md\n- **Max File Size**: 102400 bytes (0.10 MB) per file\n- **Max File Count**: 100 files per commit\n- **Max Patch Size**: 10240 bytes (10 KB) total per push (max: 100 KB)\n"
+ GH_AW_MEMORY_CONSTRAINTS: "\n\n**Constraints:**\n- **Allowed Files**: Only files matching patterns: memory/token-audit/*.json, memory/token-audit/*.jsonl, memory/token-audit/*.csv, memory/token-audit/*.md\n- **Max File Size**: 102400 bytes (0.10 MB) per file\n- **Max File Count**: 100 files per commit\n- **Max Patch Size**: 51200 bytes (50 KB) total per push (max: 100 KB)\n"
GH_AW_MEMORY_DESCRIPTION: ' Historical daily Copilot token usage snapshots (shared with copilot-token-audit)'
GH_AW_MEMORY_DIR: '/tmp/gh-aw/repo-memory/default/'
GH_AW_MEMORY_TARGET_REPO: ' of the current repository'
@@ -301,6 +303,7 @@ jobs:
model: ${{ needs.activation.outputs.model }}
output: ${{ steps.collect_output.outputs.output }}
output_types: ${{ steps.collect_output.outputs.output_types }}
+ setup-trace-id: ${{ steps.setup.outputs.trace-id }}
steps:
- name: Checkout actions folder
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -310,9 +313,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Set runtime paths
id: set-runtime-paths
run: |
@@ -423,23 +429,23 @@ jobs:
mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_e3270863d960a7f7_EOF'
- {"create_discussion":{"category":"audits","close_older_discussions":true,"expires":168,"fallback_to_issue":true,"max":1,"title_prefix":"[copilot-token-optimizer] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":10240}]}}
- GH_AW_SAFE_OUTPUTS_CONFIG_e3270863d960a7f7_EOF
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_0b64c8e56368c0ae_EOF'
+ {"create_issue":{"expires":168,"max":1,"title_prefix":"[copilot-token-optimizer] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":51200}]}}
+ GH_AW_SAFE_OUTPUTS_CONFIG_0b64c8e56368c0ae_EOF
- name: Write Safe Outputs Tools
run: |
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_a39a8061be3ab911_EOF'
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_fa1fbe008d87589d_EOF'
{
"description_suffixes": {
- "create_discussion": " CONSTRAINTS: Maximum 1 discussion(s) can be created. Title will be prefixed with \"[copilot-token-optimizer] \". Discussions will be created in category \"audits\"."
+ "create_issue": " CONSTRAINTS: Maximum 1 issue(s) can be created. Title will be prefixed with \"[copilot-token-optimizer] \"."
},
"repo_params": {},
"dynamic_tools": []
}
- GH_AW_SAFE_OUTPUTS_TOOLS_META_a39a8061be3ab911_EOF
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_ec2de261c878b880_EOF'
+ GH_AW_SAFE_OUTPUTS_TOOLS_META_fa1fbe008d87589d_EOF
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_3faae8610bd35d4c_EOF'
{
- "create_discussion": {
+ "create_issue": {
"defaultMax": 1,
"fields": {
"body": {
@@ -448,15 +454,22 @@ jobs:
"sanitize": true,
"maxLength": 65000
},
- "category": {
- "type": "string",
- "sanitize": true,
- "maxLength": 128
+ "labels": {
+ "type": "array",
+ "itemType": "string",
+ "itemSanitize": true,
+ "itemMaxLength": 128
+ },
+ "parent": {
+ "issueOrPRNumber": true
},
"repo": {
"type": "string",
"maxLength": 256
},
+ "temporary_id": {
+ "type": "string"
+ },
"title": {
"required": true,
"type": "string",
@@ -523,7 +536,7 @@ jobs:
}
}
}
- GH_AW_SAFE_OUTPUTS_VALIDATION_ec2de261c878b880_EOF
+ GH_AW_SAFE_OUTPUTS_VALIDATION_3faae8610bd35d4c_EOF
node ${RUNNER_TEMP}/gh-aw/actions/generate_safe_outputs_tools.cjs
- name: Generate Safe Outputs MCP Server Config
id: safe-outputs-config
@@ -594,7 +607,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.12'
mkdir -p /home/runner/.copilot
- cat << GH_AW_MCP_CONFIG_88101803d64e3d6f_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
+ cat << GH_AW_MCP_CONFIG_f021b11b7f2e027d_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
{
"mcpServers": {
"agenticworkflows": {
@@ -654,7 +667,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_88101803d64e3d6f_EOF
+ GH_AW_MCP_CONFIG_f021b11b7f2e027d_EOF
- name: Download activation artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
@@ -867,7 +880,6 @@ jobs:
runs-on: ubuntu-slim
permissions:
contents: read
- discussions: write
issues: write
concurrency:
group: "gh-aw-conclusion-copilot-token-optimizer"
@@ -885,9 +897,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Download agent output artifact
id: download-agent-output
continue-on-error: true
@@ -949,8 +964,6 @@ jobs:
GH_AW_ENGINE_ID: "copilot"
GH_AW_CHECKOUT_PR_SUCCESS: ${{ needs.agent.outputs.checkout_pr_success }}
GH_AW_INFERENCE_ACCESS_ERROR: ${{ needs.agent.outputs.inference_access_error }}
- GH_AW_CREATE_DISCUSSION_ERRORS: ${{ needs.safe_outputs.outputs.create_discussion_errors }}
- GH_AW_CREATE_DISCUSSION_ERROR_COUNT: ${{ needs.safe_outputs.outputs.create_discussion_error_count }}
GH_AW_LOCKDOWN_CHECK_FAILED: ${{ needs.activation.outputs.lockdown_check_failed }}
GH_AW_PUSH_REPO_MEMORY_RESULT: ${{ needs.push_repo_memory.result }}
GH_AW_REPO_MEMORY_VALIDATION_FAILED_default: ${{ needs.push_repo_memory.outputs.validation_failed_default }}
@@ -968,7 +981,9 @@ jobs:
await main();
detection:
- needs: agent
+ needs:
+ - activation
+ - agent
if: >
always() && needs.agent.result != 'skipped' && (needs.agent.outputs.output_types != '' || needs.agent.outputs.has_patch == 'true')
runs-on: ubuntu-latest
@@ -987,9 +1002,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Download agent output artifact
id: download-agent-output
continue-on-error: true
@@ -1123,6 +1141,7 @@ jobs:
push_repo_memory:
needs:
+ - activation
- agent
- detection
if: >
@@ -1147,9 +1166,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
@@ -1187,7 +1209,7 @@ jobs:
BRANCH_NAME: memory/token-audit
MAX_FILE_SIZE: 102400
MAX_FILE_COUNT: 100
- MAX_PATCH_SIZE: 10240
+ MAX_PATCH_SIZE: 51200
ALLOWED_EXTENSIONS: '[]'
FILE_GLOB_FILTER: "memory/token-audit/*.json memory/token-audit/*.jsonl memory/token-audit/*.csv memory/token-audit/*.md"
with:
@@ -1208,13 +1230,13 @@ jobs:
safe_outputs:
needs:
+ - activation
- agent
- detection
if: (!cancelled()) && needs.agent.result != 'skipped' && needs.detection.result == 'success'
runs-on: ubuntu-slim
permissions:
contents: read
- discussions: write
issues: write
timeout-minutes: 15
env:
@@ -1230,6 +1252,8 @@ jobs:
code_push_failure_errors: ${{ steps.process_safe_outputs.outputs.code_push_failure_errors }}
create_discussion_error_count: ${{ steps.process_safe_outputs.outputs.create_discussion_error_count }}
create_discussion_errors: ${{ steps.process_safe_outputs.outputs.create_discussion_errors }}
+ created_issue_number: ${{ steps.process_safe_outputs.outputs.created_issue_number }}
+ created_issue_url: ${{ steps.process_safe_outputs.outputs.created_issue_url }}
process_safe_outputs_processed_count: ${{ steps.process_safe_outputs.outputs.processed_count }}
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
@@ -1241,9 +1265,12 @@ jobs:
actions
persist-credentials: false
- name: Setup Scripts
+ id: setup
uses: ./actions/setup
with:
destination: ${{ runner.temp }}/gh-aw/actions
+ job-name: ${{ github.job }}
+ trace-id: ${{ needs.activation.outputs.setup-trace-id }}
- name: Download agent output artifact
id: download-agent-output
continue-on-error: true
@@ -1275,7 +1302,7 @@ jobs:
GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com"
GITHUB_SERVER_URL: ${{ github.server_url }}
GITHUB_API_URL: ${{ github.api_url }}
- GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_discussion\":{\"category\":\"audits\",\"close_older_discussions\":true,\"expires\":168,\"fallback_to_issue\":true,\"max\":1,\"title_prefix\":\"[copilot-token-optimizer] \"},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"}}"
+ GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_issue\":{\"expires\":168,\"max\":1,\"title_prefix\":\"[copilot-token-optimizer] \"},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"}}"
with:
github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
script: |
diff --git a/.github/workflows/copilot-token-optimizer.md b/.github/workflows/copilot-token-optimizer.md
index eb119b08a1e..bb3d6c75acf 100644
--- a/.github/workflows/copilot-token-optimizer.md
+++ b/.github/workflows/copilot-token-optimizer.md
@@ -17,16 +17,19 @@ tools:
toolsets: [default]
bash:
- "*"
+safe-outputs:
+ create-issue:
+ expires: 7d
+ title-prefix: "[copilot-token-optimizer] "
+ close-older-issues: true
+ max: 1
timeout-minutes: 30
imports:
- - uses: shared/daily-audit-discussion.md
- with:
- title-prefix: "[copilot-token-optimizer] "
- expires: "7d"
- uses: shared/repo-memory-standard.md
with:
branch-name: "memory/token-audit"
description: "Historical daily Copilot token usage snapshots (shared with copilot-token-audit)"
+ max-patch-size: 51200
- copilot-setup-steps.yml
- uses: shared/mcp/gh-aw.md
- shared/reporting.md
@@ -45,7 +48,7 @@ You are the Copilot Token Optimizer — an analyst that picks one high-token-usa
2. Pick the **single workflow** with the highest total token usage that has **not been optimized recently**.
3. Use the `agentic-workflows` MCP tools (`logs`, `audit`) to deeply inspect 5–10 recent runs of that workflow.
4. Analyze firewall proxy token logs, tool usage patterns, MCP server calls, and error/warning counts.
-5. Produce a conservative, evidence-based optimization discussion with specific recommendations.
+5. Produce a conservative, evidence-based optimization issue with specific recommendations.
## Guiding Principles
@@ -203,9 +206,9 @@ Generate specific, actionable recommendations with estimated token savings:
- Use shared components to reduce duplication
- Pre-compute data in bash steps to reduce agent work
-## Phase 5 — Publish Discussion
+## Phase 5 — Publish Issue
-Create a discussion with the analysis. Use this structure:
+Create an issue with the analysis. Use this structure:
```
### 🔍 Optimization Target: [Workflow Name]
diff --git a/.github/workflows/shared/repo-memory-standard.md b/.github/workflows/shared/repo-memory-standard.md
index 3869456ed7c..db3ba3ad010 100644
--- a/.github/workflows/shared/repo-memory-standard.md
+++ b/.github/workflows/shared/repo-memory-standard.md
@@ -22,6 +22,10 @@ import-schema:
type: integer
default: 102400
description: "Max file size in bytes (default: 100KB)"
+ max-patch-size:
+ type: integer
+ default: 10240
+ description: "Max total patch size in bytes per push (default: 10KB, max: 100KB)"
tools:
repo-memory:
@@ -33,4 +37,5 @@ tools:
- "${{ github.aw.import-inputs.branch-name }}/*.csv"
- "${{ github.aw.import-inputs.branch-name }}/*.md"
max-file-size: ${{ github.aw.import-inputs.max-file-size }}
+ max-patch-size: ${{ github.aw.import-inputs.max-patch-size }}
---