diff --git a/.github/workflows/architecture-guardian.lock.yml b/.github/workflows/architecture-guardian.lock.yml index 2e1612ed77a..14bf25b1f9a 100644 --- a/.github/workflows/architecture-guardian.lock.yml +++ b/.github/workflows/architecture-guardian.lock.yml @@ -1792,6 +1792,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"violations-analyzed","question":"Did the workflow analyze changed Go or JavaScript files from the last 24 hours for architecture violations, or correctly conclude there were none?"},{"id":"issue-created-or-noop","question":"Was an architecture report issue created when violations were found, or was noop or skip behavior used appropriately when there was nothing actionable?"}]' GH_AW_EVALS_MODEL: "small" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 535260cc1d3..73044875ffd 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -1857,6 +1857,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"audit-completed","question":"Did the workflow complete the blog availability audit, including page access and content validation checks?"},{"id":"discussion-created","question":"Was an audit discussion created summarizing the pass or fail results and suggested remediation when needed?"}]' GH_AW_EVALS_MODEL: "small" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 6bf5ab0efcf..d3ab17ed7bd 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -1843,6 +1843,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"repair-or-optimization-path","question":"Did the workflow check validation-status first and then follow the correct repair or optimization path for this run?"},{"id":"pr-created-or-noop","question":"Was a focused CI improvement pull request created when actionable work was found, or was noop called when CI was already healthy?"}]' GH_AW_EVALS_MODEL: "small" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index b108fc219dd..c7ea55cde8c 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -1970,6 +1970,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"gaps-confirmed","question":"Did the workflow identify at least one confirmed documentation gap to fix, or correctly conclude that no actionable gap remained?"},{"id":"pr-issue-or-noop","question":"Was a documentation pull request or issue created for confirmed gaps, or was noop used appropriately when nothing required action?"}]' GH_AW_EVALS_MODEL: "${{ needs.activation.outputs.model_size }}" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index a01527c95c0..4218bec6d89 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -2036,6 +2036,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"report-generated","question":"Did the workflow analyze the prefetched issues data and generate a clustered daily issues report with metrics and trends?"},{"id":"discussion-created","question":"Was a daily issues discussion created successfully with the report findings and recommendations?"}]' GH_AW_EVALS_MODEL: "small" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 64da77c50b2..8783ab81823 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -1965,6 +1965,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"digest-generated","question":"Did the workflow analyze the prefetched repository activity and generate a coherent daily news digest?"},{"id":"discussion-created","question":"Was a daily-news discussion created or updated successfully with the report output?"}]' GH_AW_EVALS_MODEL: "copilot/gpt-5.4" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index bc855a84b50..d0a9dc20b9f 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -1765,6 +1765,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"stale-drafts-triaged","question":"Did the workflow review open draft pull requests and classify stale drafts according to the warning and cleanup policy?"},{"id":"warnings-or-closures-applied","question":"Were the expected labels, comments, and closures applied to stale draft pull requests when appropriate?"}]' GH_AW_EVALS_MODEL: "small" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 51073d47135..f4f285d33b0 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -1904,6 +1904,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"subissues-planned","question":"Did the workflow analyze the triggering issue or discussion and break the work into actionable sub-issues?"},{"id":"issue-actions-completed","question":"Were the planned sub-issues created successfully, with discussion closure handled correctly when required?"}]' GH_AW_EVALS_MODEL: "small" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 058f08554ef..968879fddd7 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"64f79551fff15322662b124f9b0205195c60dd747b70ea2cb5be8585f4731c1c","body_hash":"2c461e27e47a032747bca83012c389b7240693fdfd9d9874e490dfcb698776f2","strict":true,"agent_id":"claude","engine_versions":{"claude":"2.1.210"}} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"27f7292f1428aa5577d6f4cbbfee5ac57a7da4d0789143db02895a0882aa63da","body_hash":"2c461e27e47a032747bca83012c389b7240693fdfd9d9874e490dfcb698776f2","strict":true,"agent_id":"claude","engine_versions":{"claude":"2.1.210"}} # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"55cc8345863c7cc4c66a329aec7e433d2d1c52a9","version":"v6.1.0"},{"repo":"actions/cache/save","sha":"55cc8345863c7cc4c66a329aec7e433d2d1c52a9","version":"v6.1.0"},{"repo":"actions/checkout","sha":"9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0","version":"v7.0.0"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"924ae3a1cded613372ab5595356fb5720e22ba16","version":"v6.5.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"docker/build-push-action","sha":"f9f3042f7e2789586610d6e8b85c8f03e5195baf","version":"v7.2.0"},{"repo":"docker/setup-buildx-action","sha":"d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5","version":"v4.1.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.31","digest":"sha256:84d861cb6da723ac10b7a00dddf778be681b8cd74b2091f18ce1d67fe4b3e7a1","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.31@sha256:84d861cb6da723ac10b7a00dddf778be681b8cd74b2091f18ce1d67fe4b3e7a1"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.31","digest":"sha256:80d982fe7925c640d76cbbfbe94081d2d34f7657b7c37494d8d5488f5dae3c63","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.31@sha256:80d982fe7925c640d76cbbfbe94081d2d34f7657b7c37494d8d5488f5dae3c63"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.31","digest":"sha256:c05a3f086946fab0833e078f46d35571080f187ca72f038958d45aa5cc150494","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.31@sha256:c05a3f086946fab0833e078f46d35571080f187ca72f038958d45aa5cc150494"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.4.1","digest":"sha256:ad2a979c2cd8b50098e84938ca9c9c1580eb8e91526f101a90adfba7859b2c32","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.4.1@sha256:ad2a979c2cd8b50098e84938ca9c9c1580eb8e91526f101a90adfba7859b2c32"},{"image":"ghcr.io/github/gh-aw-node","digest":"sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b","pinned_image":"ghcr.io/github/gh-aw-node@sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b"},{"image":"ghcr.io/github/github-mcp-server:v1.5.0","digest":"sha256:e25564dccc9110a70a77b9df560cbde11aa392fcb5f08b9abe5c4ebc6d146ea4","pinned_image":"ghcr.io/github/github-mcp-server:v1.5.0@sha256:e25564dccc9110a70a77b9df560cbde11aa392fcb5f08b9abe5c4ebc6d146ea4"}]} # This file was automatically generated by gh-aw. DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md # @@ -804,7 +804,7 @@ jobs: export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network bridge -p 127.0.0.1:'"${MCP_GATEWAY_PORT}"':'"${MCP_GATEWAY_PORT}"' --name awmg-mcpg --add-host host.docker.internal:host-gateway --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_POLICY_ALLOW_CREATE_PULL_REQUEST -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.4.1' GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_c2ec0bf1aaf37de7_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_3331d52fe463a4d6_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { "agenticworkflows": { @@ -879,6 +879,7 @@ jobs: "domain": "${MCP_GATEWAY_DOMAIN}", "apiKey": "${MCP_GATEWAY_API_KEY}", "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}", + "toolTimeout": 600, "opentelemetry": { "endpoint": "${OTEL_EXPORTER_OTLP_ENDPOINT}", "traceId": "${GITHUB_AW_OTEL_TRACE_ID}", @@ -886,7 +887,7 @@ jobs: } } } - GH_AW_MCP_CONFIG_c2ec0bf1aaf37de7_EOF + GH_AW_MCP_CONFIG_3331d52fe463a4d6_EOF - name: Mount MCP servers as CLIs id: mount-mcp-clis continue-on-error: true diff --git a/.github/workflows/safe-output-health.md b/.github/workflows/safe-output-health.md index ea4cd72c799..960c839103a 100644 --- a/.github/workflows/safe-output-health.md +++ b/.github/workflows/safe-output-health.md @@ -15,7 +15,10 @@ sandbox: agent: sudo: false -engine: claude +engine: + id: claude + mcp: + tool-timeout: 10m max-ai-credits: 1500 tools: cli-proxy: true diff --git a/.github/workflows/stale-pr-cleanup.lock.yml b/.github/workflows/stale-pr-cleanup.lock.yml index b13c8de2d8d..0c71624650e 100644 --- a/.github/workflows/stale-pr-cleanup.lock.yml +++ b/.github/workflows/stale-pr-cleanup.lock.yml @@ -1754,6 +1754,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"stale-prs-triaged","question":"Did the workflow review pull requests open for 30 or more days and classify them according to the cleanup policy?"},{"id":"actions-taken-or-noop","question":"Were the appropriate stale PR comments, labels, and closures applied when needed, or was noop used correctly when no action was required?"}]' GH_AW_EVALS_MODEL: "small" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/.github/workflows/weekly-blog-post-writer.lock.yml b/.github/workflows/weekly-blog-post-writer.lock.yml index e4616091ae7..77ec897fe2b 100644 --- a/.github/workflows/weekly-blog-post-writer.lock.yml +++ b/.github/workflows/weekly-blog-post-writer.lock.yml @@ -1974,6 +1974,7 @@ jobs: GH_AW_EVALS_QUESTIONS: '[{"id":"draft-prepared","question":"Did the workflow analyze recent releases and merged pull requests and prepare a weekly blog post draft?"},{"id":"pr-created-or-explained","question":"Was a blog post pull request created when a draft was ready, or did the agent clearly explain why no pull request was needed?"}]' GH_AW_EVALS_MODEL: "small" GH_AW_EVALS_PHASE: parse + GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); diff --git a/docs/src/content/docs/reference/gh-aw-as-mcp-server.md b/docs/src/content/docs/reference/gh-aw-as-mcp-server.md index ecec429a3dd..f57232e2c78 100644 --- a/docs/src/content/docs/reference/gh-aw-as-mcp-server.md +++ b/docs/src/content/docs/reference/gh-aw-as-mcp-server.md @@ -142,7 +142,7 @@ Download and analyze workflow logs with timeout handling and size guardrails. - `engine`, `firewall`, `no_firewall`, `branch` (optional): Run filters - `after_run_id`, `before_run_id` (optional): Pagination by run ID - `artifacts` (array of strings, optional): Artifact sets to download. Valid values: `all`, `activation`, `agent`, `detection`, `experiment`, `firewall`, `github-api`, `mcp`, `usage`. Defaults to `usage`. -- `timeout` (optional): Max seconds to download (default: 50) +- `timeout` (optional): Max minutes to download (default: auto-scales with count in the MCP server, rounded up in 40-run increments; e.g. 1 minute up to 40 runs, 2 minutes for 41-80, 3 minutes for 81-120). For large date-range fetches set this explicitly (e.g. `10`) and also configure `engine.mcp.tool-timeout: 10m` in the workflow frontmatter so the MCP gateway allows enough time. - `max_tokens` (optional): Output token guardrail (default: 12000) - `jq` (optional): Apply jq filter to JSON output diff --git a/pkg/cli/mcp_tools_privileged.go b/pkg/cli/mcp_tools_privileged.go index f2cb0450c93..3ab9282b644 100644 --- a/pkg/cli/mcp_tools_privileged.go +++ b/pkg/cli/mcp_tools_privileged.go @@ -208,7 +208,7 @@ from where the previous request stopped due to timeout.`, cmdArgs = appendRepoFlagFromEnv(cmdArgs) // Scale the implicit MCP timeout with the requested fetch window so - // larger fleet-wide requests do not hit the 60s server deadline by default. + // larger fleet-wide requests do not hit the default per-tool timeout. timeoutValue := effectiveMCPLogsToolTimeoutMinutes(args.Timeout, effectiveCount) cmdArgs = append(cmdArgs, "--timeout", strconv.Itoa(timeoutValue)) @@ -262,6 +262,7 @@ from where the previous request stopped due to timeout.`, if mainMsg == "" { mainMsg = err.Error() } + return nil, nil, newMCPError(jsonrpc.CodeInternalError, "failed to download workflow logs: "+mainMsg, errorData) }