Skip to content

Detect MCP policy errors and surface actionable guidance in failure issues#25819

Merged
pelikhan merged 4 commits intomainfrom
copilot/fix-mcp-servers-policy-issue
Apr 11, 2026
Merged

Detect MCP policy errors and surface actionable guidance in failure issues#25819
pelikhan merged 4 commits intomainfrom
copilot/fix-mcp-servers-policy-issue

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 11, 2026
edited
Loading

On GHE instances, Copilot CLI blocks MCP servers when the "MCP servers in Copilot" enterprise/org policy is disabled, producing ! 2 MCP servers were blocked by policy: 'github', 'safeoutputs'. The agent runs without tools (wasting tokens) and the user gets no actionable feedback.

Driver: skip retry for policy errors

Policy errors are persistent configuration issues — retrying is wasteful.

  • New MCP_POLICY_BLOCKED_PATTERN in copilot_driver.cjs
  • Breaks out of retry loop immediately with a clear log message

Unified error detection step (replaces separate bash scripts)

Both inference_access_error and mcp_policy_error detection are now handled by a single JavaScript step instead of two separate bash scripts:

  • detect_copilot_errors.cjs — scans agent-stdio.log for both inference access errors and MCP policy errors, sets both outputs in one step
  • generateCopilotErrorDetectionStep() in Go — emits a single detect-copilot-errors step for Copilot engine only (replaces generateInferenceAccessErrorDetectionStep() + generateMCPPolicyErrorDetectionStep())
  • Both inference_access_error and mcp_policy_error outputs wired from agent job → conclusion job env vars

Removed:

  • detect_inference_access_error.sh
  • detect_mcp_policy_error.sh

Failure issue/comment context

  • buildMCPPolicyErrorContext() in handle_agent_failure.cjs — reads template, falls back to inline message
  • mcp_policy_error.md template with progressive disclosure:
**🔒 MCP Servers Blocked by Policy**: The Copilot CLI blocked MCP server connections
due to an organization or enterprise policy.

<details>
<summary>How to fix this</summary>
1. Go to enterprise or organization settings
2. Navigate to Policies → Copilot
3. Enable "MCP servers in Copilot"

See: https://docs.github.com/en/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-server-access
</details>

Tests

  • Go: mcp_policy_error_test.go + inference_access_error_test.go — unified detection step present, outputs wired, excluded from non-Copilot engines
  • JS: detect_copilot_errors.test.cjs — pattern matching for both error types, combined detection
  • JS: driver pattern matching + no-retry behavior, buildMCPPolicyErrorContext with/without template

Copilot AI linked an issue Apr 11, 2026 that may be closed by this pull request
MCP servers blocked by policy on GHE — unable to find "MCP servers in Copilot" policy setting #25626
Closed
@pelikhan
feat: detect MCP policy errors and surface actionable message in fail…
3fd5ad4 
…ure issues

Add detection for "MCP servers were blocked by policy:" errors from
Copilot CLI. This is a persistent enterprise/org policy issue that
should not be retried.

Changes:
- copilot_driver.cjs: detect MCP policy errors and skip retry
- detect_mcp_policy_error.sh: agent job detection script
- mcp_policy_error.md: actionable error template with progressive disclosure
- copilot_engine_execution.go: add detection step generation
- compiler_main_job.go: add mcp_policy_error output
- notify_comment.go: wire GH_AW_MCP_POLICY_ERROR to conclusion job
- handle_agent_failure.cjs: add buildMCPPolicyErrorContext function
- agent_failure_comment.md/agent_failure_issue.md: add placeholder
- Tests for all new code paths

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/421e0187-731d-47df-a0e5-ba405a044c59

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix MCP servers blocked by policy on GHE Detect MCP policy errors and surface actionable guidance in failure issues Apr 11, 2026
Copilot AI requested a review from pelikhan April 11, 2026 15:02
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 11, 2026

Merge logic of inference_access_error and MCP policy error bash scripts into the copilot driver javasceipt. Remove the steps with bash scripts. @copilot

Copilot stopped work on behalf of pelikhan due to an error April 11, 2026 15:36
The session was cancelled by the user.
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 11, 2026

@copilot merge Merge the logic of inference_access_error and MCP policy error bash scripts as a single step in JavaScript (not shell)

@pelikhan
refactor: merge inference_access_error and mcp_policy_error detection…
33046f0 
… into single JS step

Replace two separate bash scripts (detect_inference_access_error.sh,
detect_mcp_policy_error.sh) with a single JavaScript file
(detect_copilot_errors.cjs) that scans the agent log for both error
patterns and sets both outputs in one step.

Go changes:
- Replace generateInferenceAccessErrorDetectionStep() and
  generateMCPPolicyErrorDetectionStep() with single
  generateCopilotErrorDetectionStep()
- Update step ID references: detect-inference-error/detect-mcp-policy-error
  → detect-copilot-errors
- Update job output expressions to reference new unified step

Removed:
- actions/setup/sh/detect_inference_access_error.sh
- actions/setup/sh/detect_mcp_policy_error.sh

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/8c007043-8759-4254-8090-c1d69df68878

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 11, 2026
edited
Loading

@copilot merge Merge the logic of inference_access_error and MCP policy error bash scripts as a single step in JavaScript (not shell)

Done in 33046f0. Merged both detect_inference_access_error.sh and detect_mcp_policy_error.sh into a single JavaScript step detect_copilot_errors.cjs that scans the agent log for both error patterns in one pass. Removed the two bash scripts and replaced generateInferenceAccessErrorDetectionStep() + generateMCPPolicyErrorDetectionStep() with a single generateCopilotErrorDetectionStep(). All step IDs updated from detect-inference-error/detect-mcp-policy-errordetect-copilot-errors.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 3788786274 hxms/bWOB0OjYPOsrev-parse .cfg git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -trimpath x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git ache/go/1.25.8/xinfocmp -trimpath x_amd64/vet git (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel x_amd64/compile /usr/bin/gh -json GO111MODULE 64/pkg/tool/linu--show-toplevel gh run list --json /usr/bin/git --workflow nonexistent-workrev-parse --limit git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -unreachable=false 480753/b334/importcfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile 64/src/runtime/cgit go e/git-remote-htt--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build467480753/b356/_pkg_.a -trimpath /usr/bin/git -p github.com/stretrev-parse -lang=go1.17 git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel -pack /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel l ache/node/24.14.1/x64/bin/node -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ache/go/1.25.8/x64/src/net 480753/b229/ cfg -I ctor p=/opt/hostedtoo--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 28/001/test-complex-frontmatter-with-tools.md yi2fVdpoL ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE util GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linutest@example.com env EklR7_A7a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE fips140/sha3 GOMODCACHE ortcfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linuremote.origin.url /usr/bin/git ut3881867988/001git YGaDW_VvF 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git 41P7GWbPK GO111MODULE Name,createdAt,s--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git ipts.test pkg/mod/golang.orev-parse ortcfg.link git rev-�� --show-toplevel 9FX53sm1OTZ6jdpoJ_/CWrYu2czG7Ca7ylQP4Z8/vCNYLdc7D8RXanEmFBss /usr/bin/git /tmp/go-build193git -trimpath g_.a git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --get remote.origin.url /usr/bin/git ub/workflows GO111MODULE 86_64/sh git rev-�� --show-toplevel go /usr/bin/git echo &#34;Running wagit GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha image:v1.0.0 other /usr/bin/git repo1331748030/0git GO111MODULE x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git .js&#39; --ignore-pagit GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm /usr/bin/git ithub-script/gitgit -trimpath /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel go /usr/bin/git ortcfg cjNZiRS1g x_amd64/link git rev-�� --show-toplevel x_amd64/link /usr/bin/git ortcfg GO111MODULE ache/go/1.25.8/x--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel 480753/b012/syma/tmp/go-build467480753/b206/vet.cfg /usr/bin/git ache/go/1.25.8/xcut go cal/bin/as git rev-�� --show-toplevel 480753/b125/_x00-buildtags /usr/bin/git 64/src/os/user -trimpath x_amd64/compile git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha go1.25.8 -c=4 -nolocalimports -importcfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE odules/npm/node_-lang=go1.25 GOINSECURE GOMOD GOMODCACHE go ode_�� -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha on 2&gt;&amp;1 | grep --p GO111MODULE ules/.bin/sh GOINSECURE GOMOD GOMODCACHE go env th .prettierigno-goversion GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha GOMODCACHE x_amd64/compile /usr/bin/git &#39;**/*.ts&#39; &#39;**/*.git GO111MODULE 1/x64/bin/sh git conf�� user.email test@example.com /usr/bin/git m/workflows GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/go-build467480753/b346/_pkg_.a -trimpath /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p golang.org/x/texrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build467480753/b090/vet.cfg 480753/b362/vet.cfg -goversion go1.25.8 -c=4 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha add upstream /usr/bin/git ub/workflows GO111MODULE nch,headSha,disp--show-toplevel git init�� GOMODCACHE r_wasm.s /opt/hostedtoolcache/node/24.14.1/x64/bin/node .js&#39; --ignore-pagit GO111MODULE 64/pkg/tool/linu--show-toplevel node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/go-build467480753/b357/_pkg_.a -trimpath 480753/b260/vet.cfg -p github.com/davecrev-parse -lang=go1.16 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build467480753/b089/vet.cfg 480753/b341/vet.cfg -goversion go1.25.8 -c=4 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha /tmp/go-build2764029203/b383/_pkg_.a -trimpath ache/node/24.14.1/x64/bin/node -p main -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet t-41�� sistency_GoAndJavaScript2790533228/001/test-inlined-imports-enabremote.origin.url -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 480753/b252/_pkg_.a cfg 64/pkg/tool/linux_amd64/vet pWmN/G9u_VFqGUdMgit /go-timezone-locrev-parse -fno-stack-prote--show-toplevel 64/pkg/tool/linux_amd64/vet -I ache/go/1.25.8/x64/src/net cfg 64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha detect_mcp_policy_error (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha k/_temp/runtime--errorsas (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/docker/build-push-action/git/ref/tags/v7
    • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha --local --get $name) { hasDiscussionsEnabled } } (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v7 --jq .object.sha --local --get 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/docker/metadata-action/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq .object.sha --local --get r: $owner, name: $name) { hasDiscussionsEnabled } } (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v6 --jq .object.sha 07a9d4d84ff7a3b --local 64/pkg/tool/linux_amd64/vet credential.helpeinfocmp (http block)
  • https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq .object.sha --local --get 64/pkg/tool/linu-f (http block)
    • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v4 --jq .object.sha ify@v1.11.1/requremote.origin.url ify@v1.11.1/require/forward_requirements.go 64/pkg/tool/linux_amd64/vet credential.helpeinfocmp (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility get --local r: $owner, name: $name) { hasDiscussionsEnabled } } committer.email (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha .github/workflows/test.md resolved$ /usr/bin/git -json GO111MODULE x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha /tmp/go-build467480753/b333/_pkg_.a -trimpath /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p github.com/modelrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags 480753/b359/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha sistency_GoAndJavaScript2790533228/001/test-empty-frontmatter.md -trimpath /usr/lib/git-core/git-receive-pack -p main -lang=go1.25 git-receive-pack /tmp�� YxDUHkFJjjgiIFELxCW3/YxDUHkFJjjgiIFELxCW3 -dwarf=false /usr/bin/git go1.25.8 -c=4 -nolocalimports git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -I cfg 64/pkg/tool/linux_amd64/vet 8L4S/meSZtwZoupXgit --gdwarf2 --64 64/pkg/tool/linux_amd64/vet om/s�� ache/go/1.25.8/x64/src/net cfg 64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 4029203/b431/_pkg_.a -trimpath 4029203/b431=&gt; -p b/gh-aw/pkg/slicrev-parse -lang=go1.25 git push�� ErrorFormatting3376145054/001 my-default /usr/bin/git l -nolocalimports -importcfg 4029203/b431/importcfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -I cfg 64/pkg/tool/linux_amd64/vet gFFH/3a5Z8FpZ2oTgit --gdwarf2 --64 64/pkg/tool/linux_amd64/vet bis om/segmentio/asm@v1.1.3/keyset/keyset_amd64.s cfg 64/pkg/tool/linux_amd64/vet --gdwarf-5 --64 -o 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile k/gh�� g_.a dAR9m3zY_ 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD erignore 64/pkg/tool/linux_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 0/feature/plural/common.go 64/pkg/tool/linux_amd64/compile GOINSECURE cha8_stub.o 64/src/internal/chacha8rand/chac/tmp/go-build2764029203/b435/_pkg_.a 64/pkg/tool/linux_amd64/compile k/gh�� g_.a QuPWq4ACQ ache/go/1.25.8/x64/pkg/tool/linu-lang=go1.25 GOINSECURE GOMOD erignore ache/go/1.25.8/x64/pkg/tool/linu-dwarf=false (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name LsRemoteWithRealGitbranch_with_hyphen4149649335/001&#39; n-dir/node GOINSECURE GOMOD GOMODCACHE go 1/x6�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com env g_.a m0O72i2Jk stants.test GOINSECURE ack GOMODCACHE stants.test (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 rotocol/go-sdk@v1.5.0/internal/xcontext/xcontext.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env g_.a GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE v3 abis 64/src/reflect/asm_wasm.s (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name itcustom_branch2420047028/002/work ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_with_explicit_repo602040545/001 GO111MODULE ules/.bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env ithub/workflows 06SIChxms util.test GOINSECURE bidirule GOMODCACHE util.test (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 emplate/v3@v3.0.2/compile.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com env g_.a kLZAPaMu6 /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_with_explicit_repo602040545/001 GO111MODULE de_modules/.bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name _56Gjvce9 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile k/gh�� 539971595 dq87ptaK6 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD erignore 64/pkg/tool/linux_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 0/message/catalog/catalog.go 64/pkg/tool/linux_amd64/compile GOINSECURE al_wasm.o 64/src/internal/--show-toplevel 64/pkg/tool/linux_amd64/compile k/gh�� 1304565618/.github/workflows YfB4YDUdE ache/go/1.25.8/x64/pkg/tool/linu-nilfunc GOINSECURE t erignore ache/go/1.25.8/x64/pkg/tool/linu-tests (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name LsRemoteWithRealGitcustom_branch2420047028/001&#39; ode GOINSECURE GOMOD GOMODCACHE go 1/x6�� 9953/001/stability-test.md GO111MODULE t GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name 0/internal/tag/tag.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User k/gh�� 539971595 LamLkoYmy 64/pkg/tool/linux_amd64/vet GOINSECURE age erignore 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 0/internal/format/format.go 64/pkg/tool/linux_amd64/compile GOINSECURE exbyte_wasm.o 64/src/internal/--git-dir 64/pkg/tool/linux_amd64/compile k/gh�� 1304565618 J9_2Hh5RJ k GOINSECURE (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 1/x6�� ut4154307534/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name 0/internal/strin-c=4 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD abis 64/pkg/tool/linu/tmp/go-build2764029203/b444/_testmain.go k/gh�� g_.a go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD erignore ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 0/message/catalog.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ylQP4Z8/vCNYLdc7D8RXanEmFBss env g_.a Y_7BzNNuM ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE chema/v6/kind GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 1/x6�� ut4154307534/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name 0/internal/langu-nolocalimports 64/pkg/tool/linu-importcfg GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com k/gh�� 539971595 InX8DV7o_ x_amd64/vet GOINSECURE gset erignore x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 0/internal/internal.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile k/gh�� 1304565618/.github/workflows fG0BeREzZ ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE g erignore ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name itbranch_with_hyphen4149649335/002/work 1/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node GOINSECURE GOMOD GOMODCACHE go 1/x6�� ut4154307534/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build2764029203/b411/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE y.s (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build2764029203/b438/_testmain.go env edOutput314860145/001 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE obyte abis 64/pkg/tool/linutest@example.com (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linurev-parse /usr/bin/git 7628065/b029/_pk/bin/sh PSlwfWm62 ache/go/1.25.8/xgit-upload-pack &#39;origin&#39; git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel -tests /usr/bin/git 64/src/runtime/rgit go n-dir/as git rev-�� --show-toplevel _main.o /usr/bin/git 480753/b063/_pkg/bin/sh go 64/pkg/tool/linugit-upload-pack &#39;origin&#39; git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha edOutput314860145/001 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE obyte abis 64/pkg/tool/linutest@example.com env g_.a 57OuoO-7M ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE %H %ct %D (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -goversion go1.25.8 -c=4 -race -nolocalimports -importcfg /tmp/go-build467480753/b175/importcfg rev-�� ache/go/1.25.8/x64/src/runtime/c--gdwarf-5 cgo_.o nfig/composer/vendor/bin/as e-analyzer.md GO111MODULE 64/bin/go 480753/b125/_x00-trimpath (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env lGitmain_branch1--repo lGitmain_branch1owner/repo 64/bin/go olangci-lint rungh GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json o x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha l &amp;&amp; debian-sa1 1 1 (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha edOutput314860145/001 1y3cTijPK 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env ortcfg BBDxPPYcw x_amd64/compile GOINSECURE %H %ct %D (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -goversion go1.25.8 -c=4 -race -nolocalimports -importcfg /tmp/go-build467480753/b249/importcfg rev-�� _.a go tnet/tools/as plorer.md /lcs 64/bin/go 480753/b125/_x00-trimpath (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env ortcfg GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/src/math/big/arith_wasm.s (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env */*.ts&#39; &#39;**/*.json&#39; --ignore-path ../../../.pret-- GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json th_meta.go 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json .go 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build2764029203/b397/cli.test /tmp/go-build2764029203/b397/cli.test -test.testlogfile=/tmp/go-build2764029203/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build1937628065/b220/importcfg -pack env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /tmp/go-build3197982489/b397/cli.test /tmp/go-build3197982489/b397/cli.test -test.testlogfile=/tmp/go-build3197982489/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true --show-toplevel e/git run-script/lib/n-json go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --diff git 64/bin/go --show-toplevel nly /usr/bin/git go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan marked this pull request as ready for review April 11, 2026 16:27
Copilot AI review requested due to automatic review settings April 11, 2026 16:27
Copilot AI reviewed Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves Copilot-engine workflow failure handling by detecting MCP policy blocks and inference-access failures in a single step, surfacing actionable remediation guidance, and avoiding wasteful retries when the failure is a persistent policy configuration.

Changes:

  • Add MCP policy blocked detection to the Copilot CLI driver and skip resume retries for that error class.
  • Replace per-error bash detection with a unified Node-based detect-copilot-errors step that sets both inference_access_error and mcp_policy_error outputs.
  • Propagate mcp_policy_error into the conclusion job and include a new failure context template in failure issues/comments.
Show a summary per file
File Description
pkg/workflow/testdata/wasm_golden/WasmBinary/with-imports.golden Updates generated workflow fixture to use unified Copilot error detection step + outputs.
pkg/workflow/testdata/wasm_golden/WasmBinary/basic-copilot.golden Updates generated workflow fixture to use unified Copilot error detection step + outputs.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden Updates compile-fixture golden to include unified detection outputs and step.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden Updates smoke-fixture golden to include unified detection outputs and step.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden Updates compile-fixture golden to include unified detection outputs and step.
pkg/workflow/notify_comment.go Passes mcp_policy_error from agent job outputs into conclusion job env for Copilot engine.
pkg/workflow/mcp_policy_error_test.go Adds Go tests asserting unified detection step presence and env wiring for Copilot engine only.
pkg/workflow/inference_access_error_test.go Updates existing Go tests to assert unified detection step and updated output wiring.
pkg/workflow/copilot_engine_execution.go Replaces inference-only detection step generator with unified Copilot error detection step.
pkg/workflow/compiler_yaml_main_job.go Emits unified Copilot error detection step for Copilot engine workflows.
pkg/workflow/compiler_main_job.go Adds mcp_policy_error (and updates inference output) to main job outputs for Copilot engine.
actions/setup/sh/detect_inference_access_error.sh Removes legacy bash-based inference access error detector script.
actions/setup/md/mcp_policy_error.md Adds a new failure-context template describing MCP policy blocks and remediation steps.
actions/setup/md/agent_failure_issue.md Includes {mcp_policy_error_context} in failure issue template interpolation.
actions/setup/md/agent_failure_comment.md Includes {mcp_policy_error_context} in failure comment template interpolation.
actions/setup/js/handle_agent_failure.test.cjs Adds unit tests for building MCP policy error context (template + fallback behavior).
actions/setup/js/handle_agent_failure.cjs Adds MCP policy error context builder and wires it into failure issue/comment rendering.
actions/setup/js/detect_copilot_errors.test.cjs Adds unit tests for unified Copilot error log pattern matching and combined detection results.
actions/setup/js/detect_copilot_errors.cjs Adds unified detector that scans agent-stdio.log and sets both error outputs.
actions/setup/js/copilot_driver.test.cjs Adds tests validating MCP policy blocked pattern and that it prevents retries.
actions/setup/js/copilot_driver.cjs Detects MCP policy blocks and breaks out of retry loop immediately with logging.
.github/workflows/workflow-skill-extractor.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/workflow-normalizer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/workflow-health-manager.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/workflow-generator.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/weekly-issue-summary.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/weekly-editors-health-check.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/weekly-blog-post-writer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/video-analyzer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/update-astro.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/ubuntu-image-analyzer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/tidy.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/test-workflow.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/test-quality-sentinel.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/test-project-url-default.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/test-dispatcher.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/terminal-stylist.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/technical-doc-writer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/super-linter.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/sub-issue-closer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/stale-repo-identifier.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-workflow-call.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-workflow-call-with-inputs.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-update-cross-repo-pr.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-test-tools.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-temporary-id.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-service-ports.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-project.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-multi-pr.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-create-cross-repo-pr.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-copilot.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/smoke-copilot-arm.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/slide-deck-maintainer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/security-review.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/security-compliance.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/research.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/repository-quality-improver.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/repo-tree-map.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/repo-audit-analyzer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/release.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/refiner.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/refactoring-cadence.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/q.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/python-data-charts.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/pr-triage-agent.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/pr-nitpick-reviewer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/portfolio-analyst.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/poem-bot.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/plan.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/pdf-summary.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/org-health-report.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/notion-issue-summary.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/metrics-collector.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/mergefest.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/mcp-inspector.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/layout-spec-maintainer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/jsweep.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/issue-triage-agent.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/issue-monster.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/gpclean.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/glossary-maintainer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/github-remote-mcp-auth-test.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/functional-pragmatist.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/firewall.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/firewall-escape.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/example-permissions-warning.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/draft-pr-cleanup.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/docs-noob-tester.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/discussion-task-miner.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/dictation-prompt.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/dev.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/dev-hawk.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/dependabot-go-checker.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/dependabot-burner.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/delight.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/dead-code-remover.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-workflow-updater.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-testify-uber-super-expert.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-team-status.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-syntax-error-quality.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-semgrep-scan.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-secrets-analysis.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-safe-output-integrator.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-repo-chronicle.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-regulatory.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-performance-summary.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-news.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-mcp-concurrency-analysis.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-malicious-code-scan.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-issues-report.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-integrity-analysis.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-firewall-report.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-file-diet.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-compiler-quality.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-community-attribution.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-cli-tools-tester.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-cli-performance.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-assign-issue-to-user.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/daily-architecture-diagram.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/craft.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/copilot-token-optimizer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/copilot-token-audit.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/copilot-pr-prompt-analysis.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/copilot-pr-nlp-analysis.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/copilot-pr-merged-report.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/copilot-cli-deep-research.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/contribution-check.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/constraint-solving-potd.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/code-simplifier.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/code-scanning-fixer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/cli-consistency-checker.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/ci-coach.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/breaking-change-checker.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/brave.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/bot-detection.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/auto-triage-issues.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/artifacts-summary.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/architecture-guardian.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/archie.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/agentic-observability-kit.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/agent-persona-explorer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/agent-performance-analyzer.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.
.github/workflows/ace-editor.lock.yml Updates workflow lock to use detect-copilot-errors outputs/step and pass MCP policy error into conclusion env.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 145/145 changed files
  • Comments generated: 0

@github-actions
docs(adr): add draft ADR-25819 for unified Copilot error detection step
e2a04a8 
Generated by Design Decision Gate workflow for PR #25819.
Captures the decision to consolidate inference_access_error and
mcp_policy_error detection into a single JavaScript step and to
skip retries for persistent MCP policy configuration errors.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 11, 2026

Commit pushed: 1afd983

🏗️ ADR gate enforced by Design Decision Gate 🏗️

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 11, 2026

🏗️ Design Decision Gate — ADR Required

This PR makes significant changes to core business logic (pkg/ directory: 239 new lines) but does not have a linked Architecture Decision Record (ADR).

AI has analyzed the PR diff and generated a draft ADR to help you get started:

📄 Draft ADR: docs/adr/25819-unified-copilot-error-detection-step.md

The draft captures three interlocked design decisions found in the diff:

  1. Consolidation — two bash detection scripts replaced by a single JavaScript step
  2. Language choice — Node.js over bash for testability and constant sharing between driver and detector
  3. No-retry policy — MCP policy errors short-circuit the retry loop immediately (persistent config failure, not transient)

What to do next

  1. Review the draft ADR committed to your branch — it was generated from the PR diff
  2. Complete the missing sections — add context the AI couldn't infer (e.g. who made the call, timeline pressures, whether Alternative 3 / structured CLI errors was seriously considered), refine the decision rationale, and verify the listed alternatives match what was actually evaluated
  3. Commit the finalized ADR to docs/adr/ on your branch
  4. Reference the ADR in this PR body by adding a line such as:

    ADR: ADR-25819: Unified Copilot Error Detection Step

Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision.

Why ADRs Matter

"AI made me procrastinate on key design decisions. Because refactoring was cheap, I could always say 'I'll deal with this later.' Deferring decisions corroded my ability to think clearly."

ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you.

📋 Michael Nygard ADR Format Reference

An ADR must contain these four sections to be considered complete:

  • Context — What is the problem? What forces are at play?
  • Decision — What did you decide? Why?
  • Alternatives Considered — What else could have been done?
  • Consequences — What are the trade-offs (positive and negative)?

All ADRs are stored in docs/adr/ as Markdown files numbered by PR number (e.g., 25819-unified-copilot-error-detection-step.md for PR #25819).

🔒 This PR has been marked as requesting changes. It cannot merge until an ADR is linked in the PR body.

🏗️ ADR gate enforced by Design Decision Gate 🏗️ · ● 213.2K ·

github-actions[bot]
github-actions Bot requested changes Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR requires an Architecture Decision Record (ADR) before it can merge. The PR adds 239 new lines of code in pkg/ (core business logic) and makes three significant design decisions — consolidating two bash detection scripts into a single JavaScript step, choosing Node.js over bash for log-scanning, and introducing an explicit no-retry policy for MCP policy errors — none of which are documented.

A draft ADR has been generated and committed to your branch at docs/adr/25819-unified-copilot-error-detection-step.md. Please review, complete, and link it in the PR body. See the comment above for instructions.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 11, 2026

🧪 Test Quality Sentinel Report

Test Quality Score: 72/100

⚠️ Acceptable — with suggestions

Metric Value
New/modified tests analyzed 27
✅ Design tests (behavioral contracts) 25 (92.6%)
⚠️ Implementation tests (low value) 2 (7.4%)
Tests with error/edge cases 18 (66.7%)
Duplicate test clusters 1
Test inflation detected Yes (copilot_driver.test.cjs 2.35:1)
🚨 Coding-guideline violations 0

Test Classification Details

📋 All 27 tests (click to expand)
Test File Classification Issues Detected
TestMCPPolicyErrorDetectionStep pkg/workflow/mcp_policy_error_test.go ✅ Design Happy path only
TestMCPPolicyErrorInConclusionJob pkg/workflow/mcp_policy_error_test.go ✅ Design Happy path only
TestMCPPolicyErrorNotInNonCopilotEngine pkg/workflow/mcp_policy_error_test.go ✅ Design Good negative case
TestInferenceAccessErrorDetectionStep (updated) pkg/workflow/inference_access_error_test.go ✅ Design Rename update
TestInferenceAccessErrorNotInNonCopilotEngine (updated) pkg/workflow/inference_access_error_test.go ✅ Design Rename update
INFERENCE_ACCESS_ERROR_PATTERN — matches 'Access denied...' detect_copilot_errors.test.cjs ✅ Design
INFERENCE_ACCESS_ERROR_PATTERN — matches 'invalid access...' detect_copilot_errors.test.cjs ✅ Design
INFERENCE_ACCESS_ERROR_PATTERN — matches when embedded in larger log detect_copilot_errors.test.cjs ✅ Design Edge case ✓
INFERENCE_ACCESS_ERROR_PATTERN — does not match unrelated errors detect_copilot_errors.test.cjs ✅ Design Edge cases ✓
MCP_POLICY_BLOCKED_PATTERN — matches exact error from issue report detect_copilot_errors.test.cjs ✅ Design
MCP_POLICY_BLOCKED_PATTERN — matches with different server names detect_copilot_errors.test.cjs ✅ Design Edge case ✓
MCP_POLICY_BLOCKED_PATTERN — does not match unrelated errors detect_copilot_errors.test.cjs ✅ Design Edge cases ✓
detectErrors — returns both false for empty log detect_copilot_errors.test.cjs ✅ Design Edge case ✓
detectErrors — detects inference access error only detect_copilot_errors.test.cjs ✅ Design Isolation case ✓
detectErrors — detects MCP policy error only detect_copilot_errors.test.cjs ✅ Design Isolation case ✓
detectErrors — detects both errors in the same log detect_copilot_errors.test.cjs ✅ Design Compound edge case ✓
detectErrors — returns false for unrelated log content detect_copilot_errors.test.cjs ✅ Design Edge case ✓
MCP policy blocked detection pattern — matches exact error copilot_driver.test.cjs ⚠️ Low fidelity Duplicates detect_copilot_errors tests; tests local pattern copy
MCP policy blocked detection pattern — matches with different server names copilot_driver.test.cjs ⚠️ Low fidelity Duplicates detect_copilot_errors tests; tests local pattern copy
MCP policy blocked detection pattern — does not match unrelated errors copilot_driver.test.cjs ⚠️ Low fidelity Duplicates detect_copilot_errors tests; tests local pattern copy
MCP policy error prevents retry — does not retry when blocked copilot_driver.test.cjs ✅ Design Tests local shouldRetry copy — see flag below
MCP policy error prevents retry — does not retry on first attempt with output copilot_driver.test.cjs ✅ Design Edge case ✓; tests local copy
MCP policy error prevents retry — still retries non-policy errors copilot_driver.test.cjs ✅ Design Edge case ✓; tests local copy
buildMCPPolicyErrorContext — returns empty string when no error handle_agent_failure.test.cjs ✅ Design Edge case ✓
buildMCPPolicyErrorContext — returns template content when error + template exists handle_agent_failure.test.cjs ✅ Design
buildMCPPolicyErrorContext — includes link to official documentation handle_agent_failure.test.cjs ✅ Design
buildMCPPolicyErrorContext — returns inline fallback when template is missing handle_agent_failure.test.cjs ✅ Design Edge case ✓

Flagged Tests — Requires Review

⚠️ MCP policy blocked detection pattern × 3 (copilot_driver.test.cjs)

Classification: Low-fidelity / Duplicated
Issue: These three tests re-declare MCP_POLICY_BLOCKED_PATTERN locally as a test-internal constant and then test that local copy — they do not import or exercise the pattern exported by detect_copilot_errors.cjs. Meanwhile detect_copilot_errors.test.cjs already covers the same inputs against the actual exported symbol.
What would break if deleted? Only the copilot_driver's local copy would go untested; the real production pattern would still be covered by detect_copilot_errors.test.cjs.
Suggested improvement: Either remove these three tests (the coverage is already in detect_copilot_errors.test.cjs) or replace them with an import: const { MCP_POLICY_BLOCKED_PATTERN } = require('./detect_copilot_errors.cjs') so the tests bind to the real production symbol.

⚠️ MCP policy error prevents retry × 3 (copilot_driver.test.cjs)

Classification: Design test — but testing a locally-defined copy of production logic
Issue: The describe block inlines its own shouldRetry function rather than importing/calling the real one from copilot_driver.cjs. If the actual production shouldRetry is refactored (e.g. the MCP check is removed or the condition reordered), these tests will still pass because they exercise a frozen copy.
What would break if deleted? A behavioral regression in copilot_driver.cjs's real retry logic would not be caught.
Suggested improvement: Export shouldRetry (or an equivalent function) from copilot_driver.cjs and import it here, or drive the test through a higher-level integration point (e.g. calling the actual driver with a mock process that emits MCP-blocked output and asserting on retry count).

📊 Test Inflation — copilot_driver.test.cjs

Ratio: 54 test lines added vs 23 production lines added ≈ 2.35:1 (threshold: 2:1)
The inflation is partly explained by inlining the shouldRetry function definition inside the test describe block. Removing the duplicated pattern tests (see above) would bring the ratio closer to 1.5:1.

Language Support

Tests analyzed:

  • 🐹 Go (*_test.go): 5 tests — unit (//go:build !integration) ✅ all build tags present
  • 🟨 JavaScript (*.test.cjs): 22 tests (vitest)

Verdict

Check passed. 7.4% of new tests are implementation tests (threshold: 30%). The core behavioral coverage is strong — the detect_copilot_errors.test.cjs suite in particular is exemplary. Two actionable suggestions: (1) remove or de-duplicate the MCP pattern tests in copilot_driver.test.cjs that shadow detect_copilot_errors.test.cjs, and (2) have the retry-logic tests import from the real production module rather than exercising an inlined copy.

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

  • Assert on observable outputs, return values, or state changes
  • Cover error paths and boundary conditions
  • Would catch a behavioral regression if deleted
  • Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

  • Assert on internal function calls (mocking internals)
  • Only test the happy path with typical inputs
  • Break during legitimate refactoring even when behavior is correct
  • Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

🧪 Test quality analysis by Test Quality Sentinel · ● 841K ·

github-actions[bot]
github-actions Bot approved these changes Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Test Quality Sentinel: 72/100. Test quality is acceptable — 7.4% of new tests are implementation tests (threshold: 30%). Two non-blocking suggestions posted in the comment above: de-duplicate the MCP pattern tests in copilot_driver.test.cjs that shadow detect_copilot_errors.test.cjs, and have the retry-logic tests import from the real production module rather than an inlined copy.

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 11, 2026

@copilot review all comments

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 11, 2026

@copilot review all comments

The 3 inline review comments from copilot-pull-request-reviewer are stale — they reference design-decision-gate.md and .gitattributes, neither of which is in the current PR diff. They were from a previous review cycle on commit 4bf9047c which is no longer in the branch. All CI checks are passing green.

@pelikhan pelikhan merged commit 4c3f97a into main Apr 11, 2026
1 check failed
@pelikhan pelikhan deleted the copilot/fix-mcp-servers-policy-issue branch April 11, 2026 17:03
Copilot AI restored the copilot/fix-mcp-servers-policy-issue branch April 11, 2026 17:03
Copilot stopped work on behalf of pelikhan due to an error April 11, 2026 17:04
The session was cancelled by the user.
@github-actions github-actions Bot deleted the copilot/fix-mcp-servers-policy-issue branch April 19, 2026 02:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@github-actions github-actions[bot] github-actions[bot] approved these changes

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

MCP servers blocked by policy on GHE — unable to find "MCP servers in Copilot" policy setting

3 participants

@pelikhan