Fix daily-agent-of-the-day-blog-writer producing no safe outputs#36790
Closed
Copilot wants to merge 3 commits into
Closed
Fix daily-agent-of-the-day-blog-writer producing no safe outputs#36790Copilot wants to merge 3 commits into
Copilot wants to merge 3 commits into
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Root cause: two cascading issues prevented the agent from producing any safe output: 1. mcp_cli_tools_prompt.md told agents to run `<server> --help` which agents tried as `agenticworkflows --help 2>&1 | head -40` — a piped command that is BLOCKED by shell policy (only simple commands allowed via `--allow-tool shell(agenticworkflows:*)`). 2. The workflow prompt said "Use agentic-workflows MCP tools" but agenticworkflows is only available as a CLI tool in this workflow, not via MCP. This confused the agent which delegated all work to a general-purpose sub-agent. Sub-agents cannot call the parent's safeoutputs tools, so the session ended with no safe output. Fixes: - mcp_cli_tools_prompt.md: warn against pipes/redirects; instruct agents to invoke CLI servers with simple commands only - daily-agent-of-the-day-blog-writer.md: replace vague "MCP tools" with explicit CLI command examples; add warning against delegating to sub-agents; clarify main agent must call create_pull_request directly; strengthen noop fallback to trigger on command failures - daily-agent-of-the-day-blog-writer.lock.yml: update body_hash to reflect new workflow body (all other content preserved from main) - agentic-workflows SKILL.md: add agentic-workflows-mcp.md reference so agents using this skill know about the available MCP server tools Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix workflow failure in Daily Agent of the Day blog writer
Fix daily-agent-of-the-day-blog-writer producing no safe outputs
Jun 4, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the “Daily Agent of the Day Blog Writer” workflow and shared MCP-CLI prompt text to prevent runs that “succeed” but never emit a safe output (e.g., {"items":[]}), primarily by avoiding shell-policy-blocked command forms and by clarifying which interface (CLI vs MCP tool) to use.
Changes:
- Updates the shared MCP CLI prompt to warn against pipes/redirects/operators that can be blocked by restricted shell policies.
- Updates the daily blog writer workflow instructions to use
agenticworkflowsCLI commands, avoid sub-agent delegation for evidence collection, and ensure the main agent ends withcreate_pull_requestornoop. - Updates the workflow lockfile hash and expands the agentic-workflows skill reading list.
Show a summary per file
| File | Description |
|---|---|
| actions/setup/md/mcp_cli_tools_prompt.md | Adjusts generic MCP CLI usage guidance to reduce shell-policy-blocked invocations. |
| .github/workflows/daily-agent-of-the-day-blog-writer.md | Clarifies evidence collection steps and safe-output completion requirements for the workflow agent. |
| .github/workflows/daily-agent-of-the-day-blog-writer.lock.yml | Updates generated lock metadata hash for the workflow body change. |
| .github/skills/agentic-workflows/SKILL.md | Adds agentic-workflows MCP reference doc to the skill’s suggested reading list. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 4/4 changed files
- Comments generated: 4
Comment on lines
+103
to
+105
| 1. `agenticworkflows status` to identify active workflows. | ||
| 2. `agenticworkflows logs <workflow-name> --start-date -3d --limit 5` for recent runs of top candidates. | ||
| 3. `agenticworkflows audit <run-id>` for structured evidence when available. |
| ### 2) Collect live workflow evidence | ||
|
|
||
| Use `agentic-workflows` MCP tools: | ||
| Use `agenticworkflows` CLI commands (run each as a **simple shell command with no pipes or redirects**): |
| CLI servers are available on `PATH`: | ||
| __GH_AW_MCP_CLI_SERVERS_LIST__ | ||
| Use `<server> --help` for tool names, parameters, and examples before calling any command. | ||
| Invoke as a simple shell command: `<server> <tool> [--flag value ...]`. Do **NOT** add pipes, redirects, or shell operators (`|`, `&&`, `2>&1`, etc.) — run `<server> --help` or `<server> <tool> --help` as a standalone command (no pipes) to discover available tools and parameters. |
Comment on lines
14
to
16
| - `.github/aw/agentic-chat.md` | ||
| - `.github/aw/agentic-workflows-mcp.md` | ||
| - `.github/aw/asciicharts.md` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Agent run succeeded but emitted
{"items":[]}— no safe outputs — because two issues caused a cascade that prevented anysafeoutputstool from being called.Root Cause
Shell policy blocked piped commands.
mcp_cli_tools_prompt.mdsaid "Use<server> --help...", so the agent ranagenticworkflows --help 2>&1 | head -40. The--allow-tool shell(agenticworkflows:*)policy only permits simple commands — any pipe/redirect makes the entire command non-matching and it's blocked.Prompt misidentified tool type. Step 2 said "Use
agentic-workflowsMCP tools" butagenticworkflowsis only accessible as a CLI tool in this workflow (--allow-tool shell(agenticworkflows:*), not--allow-tool agenticworkflows). After all bash calls failed, the agent spawned ageneral-purposesub-agent for everything. Sub-agents don't inherit the parent'ssafeoutputsMCP server — session ended without callingcreate_pull_requestornoop.Changes
actions/setup/md/mcp_cli_tools_prompt.md(affects 131+ workflows)--helpdiscovery instruction with explicit syntax and a hard warning against pipes/redirects:.github/workflows/daily-agent-of-the-day-blog-writer.mdagenticworkflows status,agenticworkflows logs <name> --start-date -3d --limit 5,agenticworkflows audit <run-id>)noopif commands failcreate_pull_requestdirectly — sub-agents cannotnooptrigger to include CLI command failures; added hard rule that the session must end with at least one safe-output tool call.github/workflows/daily-agent-of-the-day-blog-writer.lock.ymlbody_hashonly; all versions, digests, and cron schedule preserved frommain.github/skills/agentic-workflows/SKILL.mdagentic-workflows-mcp.mdto the skill's file-reading list so agents using the skill are aware of the MCP server tool reference