Add 6-hour [aw] failure investigation workflow

[Copilot]

Summary

• add a new agentic workflow at .github/workflows/aw-failure-investigator.md
• schedule it every 6 hours and on manual dispatch
• configure it to use Claude with a 60-minute timeout
• instruct it to inspect open agentic-workflows issues, analyze last-6h failures with logs, audit, and audit-diff, and create a parent report issue plus linked fix sub-issues
• compile and add the generated lock file .github/workflows/aw-failure-investigator.lock.yml

Validation

• make recompile
• make agent-finish (fails due to pre-existing unrelated testifylint issues in pkg/stats/spec_test.go and pkg/testutil/spec_test.go)
• parallel_validation (code review comments were unrelated to this change; CodeQL scan timed out)

[github-actions]

Contribution Check: 🟢 Aligned

Great work on this PR! The failure investigator workflow is well-structured — the markdown definition, auto-compiled lock file, and MCP config are all cohesive and follow the project's conventions exactly.

Checklist summary:

Check	Result
On topic	✅ yes
Follows process	✅ yes
Focused	✅ yes
New dependencies	✅ no
Has description	✅ yes
Tests	⚠️ no

One note on tests: The checklist flagged the absence of test file changes. For these three files (workflow markdown, compiled lock file, MCP config), traditional Go unit tests don't directly apply — these are infrastructure/workflow-level artifacts. That said, if there are integration or workflow-level test patterns in the project (e.g., spec_test.go patterns in pkg/cli/workflows/) that could exercise or validate the new workflow definition, adding coverage there would strengthen the PR and get it to lgtm status.

Review the existing workflow spec tests in `pkg/cli/workflows/` (or similar directories) to understand the testing pattern used for agentic workflow definitions. If a pattern exists (e.g., compilation checks, schema validation tests, or spec_test.go files), add a corresponding test for the new `aw-failure-investigator` workflow. The test should at minimum verify that the workflow markdown compiles successfully and that the resulting lock file matches the expected output. If no such pattern exists, document why tests are not applicable for this workflow type in the PR description.

Generated by Contribution Check · ● 1.9M · ◷

[Copilot]

Pull request overview

Adds a scheduled Agentic Workflow that periodically investigates the last 6 hours of [aw] failures and files a parent report issue with linked fix sub-issues.

Changes:

• Introduces a new workflow spec at .github/workflows/aw-failure-investigator.md scheduled every ~6 hours and runnable via manual dispatch.
• Adds the compiled workflow lock file .github/workflows/aw-failure-investigator.lock.yml.
• Adds an MCP host configuration file .github/mcp.json for running gh aw mcp-server.

Show a summary per file

File	Description
.github/workflows/aw-failure-investigator.md	Defines the investigation workflow prompt, schedule, tools, and safe-output constraints.
.github/workflows/aw-failure-investigator.lock.yml	Generated compiled workflow YAML corresponding to the new workflow spec.
.github/mcp.json	Configures an MCP server entry to run gh aw mcp-server.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

.github/workflows/aw-failure-investigator.md:29

• As written, the workflow instructs the agent to call noop when there are no actionable failures, and noop is configured with defaults (which per repo docs default to report-as-issue: true). On a 6-hour schedule this can create a steady stream of “no action needed” issues. Consider setting safe-outputs.noop.report-as-issue: false (or changing the decision rule to emit no safe outputs when nothing actionable is found) to avoid issue spam.

    max: 20
  noop:
timeout-minutes: 60

• Files reviewed: 3/3 changed files
• Comments generated: 3

[Copilot]

safe-outputs.create-issue.group: true will cause created issues to be grouped under an auto-generated parent issue (group identifier is the workflow ID). Since this workflow already instructs the agent to create an explicit per-run parent report issue (and then link sub-issues to it), keeping group: true is likely to create an extra/unintended parent grouping issue. Consider removing group: true (or setting it to false) and relying on temporary_id + parent (or link-sub-issue) to build the desired parent/sub-issue structure.

This issue also appears on line 27 of the same file.

Suggested change

group: true

[Copilot]

The “Issue query to inspect first” link is hard-coded to github/gh-aw, while the workflow otherwise references ${{ github.repository }}. If this workflow is reused in another repo or run from a fork, the link will point to the wrong place. Consider building the URL from ${{ github.server_url }} + ${{ github.repository }} so it always targets the current repo.

Suggested change

	- **Issue query to inspect first**: <https://github.com/github/gh-aw/issues?q=is%3Aissue%20state%3Aopen%20label%3Aagentic-workflows>
	- **Issue query to inspect first**: <${{ github.server_url }}/${{ github.repository }}/issues?q=is%3Aissue%20state%3Aopen%20label%3Aagentic-workflows>

[Copilot]

The PR description doesn’t mention adding .github/mcp.json. If this file is intentionally introduced (e.g., via gh aw init / MCP host configuration), it would help to call that out in the PR summary; otherwise, consider dropping it from this change to keep scope aligned with the stated goals.