You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
.github/workflows/aw-portfolio-yield.md (introduced by #31363 on 2026-05-11 ~05:35 UTC) imports .github/workflows/shared/otel-observability.md, which contains:
a placeholder npm package @your-org/otel-query-mcp that does not exist on the npm registry; and
an unconditional gateway.opentelemetry.endpoint set to ${{ secrets.OTLP_ENDPOINT }}, which resolves to the empty string in this repo (the secret is unset).
This causes two separate downstream failures:
Compile-time: Every run of the Agentic Maintenance workflow's compile-workflows job now fails with:
.github/workflows/aw-portfolio-yield.md:1:1: error: runtime package validation failed
npx package '`@your-org/otel-query-mcp`' not found on npm registry: npm error code E404
✗ compilation failed
##[error]Process completed with exit code 1.
Runtime:Agentic Workflow Portfolio Yield itself can't start because the MCP Gateway (v0.3.6) rejects its config:
config:validation_schema Schema validation failed:
jsonschema: '/gateway/opentelemetry/endpoint' does not validate with .../endpoint/minLength: length must be >= 1, but got 0
Error: does not match pattern '^((redacted)+|\${[A-Za-z_][A-Za-z0-9_]*})$'
failed to load config: Configuration validation error (MCP Gateway version: v0.3.6)
##[error]Process completed with exit code 1.
Agentic Maintenance — entire compile-workflows job and everything downstream of it is now skipped on every schedule. This is high-blast-radius: maintenance includes cleanup-cache-memory, close-expired-entities, update_pull_request_branches, apply_safe_outputs, close_agentic_workflows_issues — all currently not running.
Agentic Workflow Portfolio Yield — 100% failure rate (can't even reach the agent step).
Any other workflow that imports shared/otel-observability.md is at the same risk.
PR #31363 was authored against a template/example version of shared/otel-observability.md whose values (@your-org/otel-query-mcp, hard OTLP_ENDPOINT reference) were never replaced with real ones before merge. Compile-time package validation was bypassed because the new file didn't itself fail compile — aw-portfolio-yield.md's lock file was already present in the merge commit, and the compile-workflows regeneration didn't run until the next scheduled Agentic Maintenance.
Remove the mcp-servers.otel block, or replace @your-org/otel-query-mcp with the real published MCP server package name.
Wrap or remove the observability.otlp.endpoint block so the gateway config is omitted when OTLP_ENDPOINT is unset (or write a literal (redacted) URL).
Run gh aw compile .github/workflows/aw-portfolio-yield.md locally and confirm 0 errors before committing.
Defense in depth (P1) — Add a CI guard so any new shared file referencing an unpublished npm package is rejected at PR time, not at the next scheduled Agentic Maintenance. The Agentic Maintenance compile-workflows job already does this validation; gating PR merges on it would have caught Add Agentic Workflow Portfolio Yield workflow #31363 before merge.
Success criteria / verification
gh aw compile .github/workflows/aw-portfolio-yield.md exits 0 with no runtime.packages errors.
gh aw compile over the whole repo produces ✗ Compiled N workflow(s): 0 error(s) again.
A fresh workflow_dispatch of Agentic Workflow Portfolio Yield advances past the MCP Gateway startup step (gateway logs do not contain Configuration validation error).
The next scheduled Agentic Maintenance run reports compile-workflowssuccess.
Problem
.github/workflows/aw-portfolio-yield.md(introduced by #31363 on 2026-05-11 ~05:35 UTC) imports.github/workflows/shared/otel-observability.md, which contains:@your-org/otel-query-mcpthat does not exist on the npm registry; andgateway.opentelemetry.endpointset to${{ secrets.OTLP_ENDPOINT }}, which resolves to the empty string in this repo (the secret is unset).This causes two separate downstream failures:
Compile-time: Every run of the
Agentic Maintenanceworkflow'scompile-workflowsjob now fails with:Reproduced in §25657460521 and §25654651003; the last green Agentic Maintenance run §25653034240 was at 05:58 UTC, 5 minutes before Add Agentic Workflow Portfolio Yield workflow #31363 was pushed.
Runtime:
Agentic Workflow Portfolio Yielditself can't start because the MCP Gateway (v0.3.6) rejects its config:Reproduced in §25654663141. Auto-issue [aw] Agentic Workflow Portfolio Yield failed #31439 tracks the symptom; this issue tracks the root cause and fix.
Affected workflows
Agentic Maintenance— entirecompile-workflowsjob and everything downstream of it is now skipped on every schedule. This is high-blast-radius: maintenance includescleanup-cache-memory,close-expired-entities,update_pull_request_branches,apply_safe_outputs,close_agentic_workflows_issues— all currently not running.Agentic Workflow Portfolio Yield— 100% failure rate (can't even reach the agent step).shared/otel-observability.mdis at the same risk.Affected run IDs
Probable root cause
PR #31363 was authored against a template/example version of
shared/otel-observability.mdwhose values (@your-org/otel-query-mcp, hardOTLP_ENDPOINTreference) were never replaced with real ones before merge. Compile-time package validation was bypassed because the new file didn't itself fail compile —aw-portfolio-yield.md's lock file was already present in the merge commit, and thecompile-workflowsregeneration didn't run until the next scheduledAgentic Maintenance.Proposed remediation
Pick whichever scope matches intent:
Minimum fix (P0) — Edit
.github/workflows/shared/otel-observability.md:mcp-servers.otelblock, or replace@your-org/otel-query-mcpwith the real published MCP server package name.observability.otlp.endpointblock so the gateway config is omitted whenOTLP_ENDPOINTis unset (or write a literal(redacted)URL).gh aw compile .github/workflows/aw-portfolio-yield.mdlocally and confirm 0 errors before committing.Defense in depth (P1) — Add a CI guard so any new shared file referencing an unpublished npm package is rejected at PR time, not at the next scheduled
Agentic Maintenance. The Agentic Maintenancecompile-workflowsjob already does this validation; gating PR merges on it would have caught Add Agentic Workflow Portfolio Yield workflow #31363 before merge.Success criteria / verification
gh aw compile .github/workflows/aw-portfolio-yield.mdexits 0 with noruntime.packageserrors.gh aw compileover the whole repo produces✗ Compiled N workflow(s): 0 error(s)again.workflow_dispatchofAgentic Workflow Portfolio Yieldadvances past the MCP Gateway startup step (gateway logs do not containConfiguration validation error).Agentic Maintenancerun reportscompile-workflowssuccess.References
.github/workflows/aw-portfolio-yield.md(introduced by Add Agentic Workflow Portfolio Yield workflow #31363).github/workflows/shared/otel-observability.mdaw_parent01Related to #30961