Conversation
Contributor
🏷️ Automatic Labeling SummaryThis PR has been automatically labeled based on the files changed and PR metadata. Applied Labels: size-xs Label Categories
For more information, see |
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
… minute 28 to avoid session expiry Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/bb717b51-2f75-4712-88b5-23fbf788d8c4 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
Copilot
AI
changed the title
[WIP] Debug News Realtime Monitor workflow failure
fix(news-realtime-monitor): move safeoutputs PR call to minute 28 to stay within MCP session lifetime
Apr 20, 2026
github-actions
Bot
added
documentation
Member
|
@copilot can we keep the session alive, ping it so we can do all the work required for longer ? Fix |
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
… MCP session alive Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/ba45b896-fa87-4235-bf6b-1dd1b300d569 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Contributor
Author
Yes — fixed in 2c0b27b. Each Changes:
This gives the agent the full 45-minute window for quality work while preventing |
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
Copilot
AI
changed the title
fix(news-realtime-monitor): move safeoutputs PR call to minute 28 to stay within MCP session lifetime
fix(news-realtime-monitor): rolling PRs (max:3) keep the safeoutputs MCP session alive
Apr 20, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the News Realtime Monitor agentic workflow to prevent safeoutputs MCP session expiry by enabling rolling PR intents (multiple safeoutputs___create_pull_request calls) so work is captured earlier and the session stays active longer.
Changes:
- Increase
safe-outputs.create-pull-request.maxfrom 1 → 3 to allow multiple PR intents per run. - Rewrite the workflow prompt’s time budget / hard cutoffs around an early PR “heartbeat” and a later improvement PR.
- Regenerate the compiled
.lock.ymlto reflect the updated safeoutputs tool limits/config.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/news-realtime-monitor.md |
Enables rolling PR intents and updates the prompt guidance (time budget, cutoffs, Step 5) to keep the safeoutputs session alive. |
.github/workflows/news-realtime-monitor.lock.yml |
Recompiled workflow lock with create_pull_request(max:3) and updated safeoutputs config/tool metadata. |
Comment on lines
+323
to
+333
| | **AI Analysis Pass 1** | **6–18** | **🚨 MANDATORY 12 min minimum**: Read methodology guides, create per-file analysis for EVERY document with Mermaid diagrams, evidence tables, SWOT entries. | | ||
| | Generate (initial) | 18–22 | Run `generate-news-enhanced.ts`; write a first real pass of the EN + SV articles (lead-story aligned; zero markers). | | ||
| | **PR #1 — heartbeat + initial batch** | **22–25** | 🚨 **HARD MIN: by minute 25.** `git add && git commit`, then `safeoutputs___create_pull_request` (title `🔴 Breaking $HHMM: {headline} - {date}` — initial batch). This keeps the session alive AND guarantees no work is lost if later phases fail. After the call succeeds, run `git checkout main` to avoid appending to a frozen patch. | | ||
| | **AI Analysis Pass 2** | **25–32** | **🚨 MANDATORY 7 min minimum**: Read ALL analysis back, improve every section, add cross-references, replace remaining script stubs. Run enrichment verification gate. | | ||
| | **Article Improvement** | **32–38** | **🚨 MANDATORY**: Read articles back, expand evidence citations, deepen SWOT/risk tables, replace any residual placeholders, run article quality gate. | | ||
| | Validate + fix-refs | 38–40 | Run `validate-news-generation.sh` and `fix-analysis-references.ts`. | | ||
| | **PR #2 — improvements batch** | **40–43** | Commit the improved articles + enriched analysis on a fresh branch (`git checkout main` first!), then `safeoutputs___create_pull_request` again (title `🔴 Breaking $HHMM (improved): {headline} - {date}`). This second call also refreshes the session. | | ||
| | Post-PR cleanup | 43–45 | Update repo-memory (`/tmp/gh-aw/repo-memory/default/*.json`) — artifact uploads, NOT PR content, so they run after the final PR call. Optional PR #3 if additional articles exist. | | ||
| | **HARD DEADLINE** | **43** | 🚨 Never exit without at least one `safeoutputs___create_pull_request` call if ANY files were created. ONLY call `safeoutputs___noop` if truly ZERO files were created. Never noop when files exist. | | ||
|
|
||
| > ⚠️ **Why rolling PRs answer "keep the session alive":** the safeoutputs MCP Streamable HTTP session dies from idle (~30–35 min observed). A single PR call at minute 42 is past expiry. Two PR calls at minutes 22 and 42 each re-exercise the session, keeping it healthy. PR #1 is the **safety net** (guarantees work is captured); PR #2 is the **quality upgrade** (captures Pass 2 improvements). This is exactly how `news-translate.md` uses `max: 5` — see its §"RULE 1: `safeoutputs___create_pull_request` Freezes the Patch — Use Rolling Batches". |
There was a problem hiding this comment.
The time budget now has “Generate (initial)” before Analysis Pass 2 and reduces Pass 1 to 12 minutes. This conflicts with earlier workflow rules that require full Pass 1 (15 min) + Pass 2 (7 min) to be completed before any article HTML is created/updated, and with the minimum analysis durations stated elsewhere in this prompt. Please reconcile the instructions (either move initial generation after Pass 2 / time gate, or explicitly relax/update the earlier blocking rule and minimum durations so the agent doesn’t follow contradictory guidance).
Suggested change
| | **AI Analysis Pass 1** | **6–18** | **🚨 MANDATORY 12 min minimum**: Read methodology guides, create per-file analysis for EVERY document with Mermaid diagrams, evidence tables, SWOT entries. | | |
| | Generate (initial) | 18–22 | Run `generate-news-enhanced.ts`; write a first real pass of the EN + SV articles (lead-story aligned; zero markers). | | |
| | **PR #1 — heartbeat + initial batch** | **22–25** | 🚨 **HARD MIN: by minute 25.** `git add && git commit`, then `safeoutputs___create_pull_request` (title `🔴 Breaking $HHMM: {headline} - {date}` — initial batch). This keeps the session alive AND guarantees no work is lost if later phases fail. After the call succeeds, run `git checkout main` to avoid appending to a frozen patch. | | |
| | **AI Analysis Pass 2** | **25–32** | **🚨 MANDATORY 7 min minimum**: Read ALL analysis back, improve every section, add cross-references, replace remaining script stubs. Run enrichment verification gate. | | |
| | **Article Improvement** | **32–38** | **🚨 MANDATORY**: Read articles back, expand evidence citations, deepen SWOT/risk tables, replace any residual placeholders, run article quality gate. | | |
| | Validate + fix-refs | 38–40 | Run `validate-news-generation.sh` and `fix-analysis-references.ts`. | | |
| | **PR #2 — improvements batch** | **40–43** | Commit the improved articles + enriched analysis on a fresh branch (`git checkout main` first!), then `safeoutputs___create_pull_request` again (title `🔴 Breaking $HHMM (improved): {headline} - {date}`). This second call also refreshes the session. | | |
| | Post-PR cleanup | 43–45 | Update repo-memory (`/tmp/gh-aw/repo-memory/default/*.json`) — artifact uploads, NOT PR content, so they run after the final PR call. Optional PR #3 if additional articles exist. | | |
| | **HARD DEADLINE** | **43** | 🚨 Never exit without at least one `safeoutputs___create_pull_request` call if ANY files were created. ONLY call `safeoutputs___noop` if truly ZERO files were created. Never noop when files exist. | | |
| > ⚠️ **Why rolling PRs answer "keep the session alive":** the safeoutputs MCP Streamable HTTP session dies from idle (~30–35 min observed). A single PR call at minute 42 is past expiry. Two PR calls at minutes 22 and 42 each re-exercise the session, keeping it healthy. PR #1 is the **safety net** (guarantees work is captured); PR #2 is the **quality upgrade** (captures Pass 2 improvements). This is exactly how `news-translate.md` uses `max: 5` — see its §"RULE 1: `safeoutputs___create_pull_request` Freezes the Patch — Use Rolling Batches". | |
| | **AI Analysis Pass 1** | **6–21** | **🚨 MANDATORY 15 min minimum**: Read methodology guides, create per-file analysis for EVERY document with Mermaid diagrams, evidence tables, SWOT entries. Do not create or update article HTML during this phase. | | |
| | **AI Analysis Pass 2** | **21–28** | **🚨 MANDATORY 7 min minimum**: Read ALL analysis back, improve every section, add cross-references, replace remaining script stubs. Run enrichment verification gate. No article generation before this pass is complete. | | |
| | Generate (initial) | 28–32 | Run `generate-news-enhanced.ts`; write the first real pass of the EN + SV articles only after both mandatory analysis passes are complete (lead-story aligned; zero markers). | | |
| | **PR #1 — heartbeat + initial batch** | **32–35** | 🚨 **HARD MIN: by minute 35 if any files were created.** `git add && git commit`, then `safeoutputs___create_pull_request` (title `🔴 Breaking $HHMM: {headline} - {date}` — initial batch). This keeps the session alive AND guarantees no work is lost if later phases fail. After the call succeeds, run `git checkout main` to avoid appending to a frozen patch. | | |
| | **Article Improvement** | **35–40** | **🚨 MANDATORY**: Read articles back, expand evidence citations, deepen SWOT/risk tables, replace any residual placeholders, run article quality gate. | | |
| | Validate + fix-refs | 40–42 | Run `validate-news-generation.sh` and `fix-analysis-references.ts`. | | |
| | **PR #2 — improvements batch** | **42–45** | Commit the improved articles + enriched analysis on a fresh branch (`git checkout main` first!), then `safeoutputs___create_pull_request` again (title `🔴 Breaking $HHMM (improved): {headline} - {date}`). This second call also refreshes the session. | | |
| | Post-PR cleanup | 45+ | Update repo-memory (`/tmp/gh-aw/repo-memory/default/*.json`) — artifact uploads, NOT PR content, so they run after the final PR call. Optional PR #3 only if additional articles exist and runtime remains available. | | |
| | **HARD DEADLINE** | **45** | 🚨 Never exit without at least one `safeoutputs___create_pull_request` call if ANY files were created. ONLY call `safeoutputs___noop` if truly ZERO files were created. Never noop when files exist. | | |
| > ⚠️ **Why rolling PRs answer "keep the session alive":** the safeoutputs MCP Streamable HTTP session dies from idle (~30–35 min observed). A single PR call only at minute 42 risks expiry. Two PR calls at approximately minutes 32–35 and 42–45 re-exercise the session while still respecting the AI FIRST rule that both analysis passes must finish before any article HTML is created or updated. PR #1 is the **safety net** (captures the first generated article batch after complete analysis); PR #2 is the **quality upgrade** (captures article improvements and enriched analysis). This preserves the rolling-batch pattern used by `news-translate.md` while removing the earlier sequencing conflict. |
Comment on lines
+834
to
+842
| > 🚨 **`safeoutputs___create_pull_request` freezes the patch at call time AND refreshes the MCP session.** A separate `safe_outputs` job (after the agent job ends) creates the branch and opens each PR. **Commits made after a given call are NOT added to that PR** (PR #1835). But because this workflow now has `create-pull-request.max: 3`, you can call the tool up to **3 times per run** — each call captures a new batch AND refreshes the Streamable HTTP MCP session idle timer. This is how we "keep the session alive" over the full 45-minute window. | ||
| > | ||
| > **Required pattern:** | ||
| > 1. **PR #1 (minute 22–25 — MANDATORY first call, session heartbeat #1)**: initial EN + SV articles + Pass 1 analysis. Title: `🔴 Breaking $HHMM: {headline} - $ARTICLE_DATE`. | ||
| > 2. After PR #1 succeeds, run `git checkout main` (or any branch other than the PR branch) before editing further files. Commits stacked onto the same branch after the call are silently discarded from the frozen patch (see PR #1835). | ||
| > 3. **PR #2 (minute 40–43 — session heartbeat #2)**: Pass 2 improvements + enriched analysis + fixed references. Title: `🔴 Breaking $HHMM (improved): {headline} - $ARTICLE_DATE`. | ||
| > 4. **PR #3 (optional, if additional HIGH/MEDIUM events discovered later in the run)**: extra article(s) on a new branch. | ||
| > 5. Repo-memory updates (`/tmp/gh-aw/repo-memory/default/*.json`) are artifact uploads, not PR content — safe to run after the final PR call. | ||
| > 6. If `safeoutputs___create_pull_request` returns `session not found` on any call, every subsequent safeoutputs call will also fail — recover is impossible. The rolling-batch pattern is specifically designed to prevent this by exercising the session at least twice. |
There was a problem hiding this comment.
This section instructs creating up to 3 rolling PR intents, but earlier in the same prompt the “NON-NEGOTIABLE RULES” say the run must end with exactly one safe output tool call. That contradiction can cause the agent to avoid the second safeoutputs___create_pull_request call (defeating the keep-alive strategy) or to think it violated a hard rule. Please update the earlier rule(s) to allow multiple create_pull_request calls (up to the configured max) and clarify what the “final” required safe-output action is.
Suggested change
| > 🚨 **`safeoutputs___create_pull_request` freezes the patch at call time AND refreshes the MCP session.** A separate `safe_outputs` job (after the agent job ends) creates the branch and opens each PR. **Commits made after a given call are NOT added to that PR** (PR #1835). But because this workflow now has `create-pull-request.max: 3`, you can call the tool up to **3 times per run** — each call captures a new batch AND refreshes the Streamable HTTP MCP session idle timer. This is how we "keep the session alive" over the full 45-minute window. | |
| > | |
| > **Required pattern:** | |
| > 1. **PR #1 (minute 22–25 — MANDATORY first call, session heartbeat #1)**: initial EN + SV articles + Pass 1 analysis. Title: `🔴 Breaking $HHMM: {headline} - $ARTICLE_DATE`. | |
| > 2. After PR #1 succeeds, run `git checkout main` (or any branch other than the PR branch) before editing further files. Commits stacked onto the same branch after the call are silently discarded from the frozen patch (see PR #1835). | |
| > 3. **PR #2 (minute 40–43 — session heartbeat #2)**: Pass 2 improvements + enriched analysis + fixed references. Title: `🔴 Breaking $HHMM (improved): {headline} - $ARTICLE_DATE`. | |
| > 4. **PR #3 (optional, if additional HIGH/MEDIUM events discovered later in the run)**: extra article(s) on a new branch. | |
| > 5. Repo-memory updates (`/tmp/gh-aw/repo-memory/default/*.json`) are artifact uploads, not PR content — safe to run after the final PR call. | |
| > 6. If `safeoutputs___create_pull_request` returns `session not found` on any call, every subsequent safeoutputs call will also fail — recover is impossible. The rolling-batch pattern is specifically designed to prevent this by exercising the session at least twice. | |
| > 🚨 **`safeoutputs___create_pull_request` freezes the patch at call time AND refreshes the MCP session.** A separate `safe_outputs` job (after the agent job ends) creates the branch and opens each PR. **Commits made after a given call are NOT added to that PR** (PR #1835). Because this workflow has `create-pull-request.max: 3`, `safeoutputs___create_pull_request` is allowed to be called **multiple times per run (1 to 3 total calls)**. Each call captures a new batch AND refreshes the Streamable HTTP MCP session idle timer. This is how we "keep the session alive" over the full 45-minute window. | |
| > | |
| > **Rule clarification:** if any earlier section says the run must end with "exactly one" safe-output tool call, interpret that here as: **the final safe-output action of the run must be a `safeoutputs___create_pull_request` call, after zero or more earlier `safeoutputs___create_pull_request` calls, up to the configured max of 3.** Do **not** avoid PR #2 or PR #3 because of singular wording elsewhere. | |
| > | |
| > **Required pattern:** | |
| > 1. **PR #1 (minute 22–25 — MANDATORY first call, session heartbeat #1)**: initial EN + SV articles + Pass 1 analysis. Title: `🔴 Breaking $HHMM: {headline} - $ARTICLE_DATE`. | |
| > 2. After PR #1 succeeds, run `git checkout main` (or any branch other than the PR branch) before editing further files. Commits stacked onto the same branch after the call are silently discarded from the frozen patch (see PR #1835). | |
| > 3. **PR #2 (minute 40–43 — session heartbeat #2)**: Pass 2 improvements + enriched analysis + fixed references. Title: `🔴 Breaking $HHMM (improved): {headline} - $ARTICLE_DATE`. | |
| > 4. **PR #3 (optional, if additional HIGH/MEDIUM events discovered later in the run)**: extra article(s) on a new branch. | |
| > 5. The **last** safe-output tool call in the run must be the **final** `safeoutputs___create_pull_request` invocation for the last batch you intend to publish in that run. | |
| > 6. Repo-memory updates (`/tmp/gh-aw/repo-memory/default/*.json`) are artifact uploads, not PR content — safe to run after the final PR call. | |
| > 7. If `safeoutputs___create_pull_request` returns `session not found` on any call, every subsequent safeoutputs call will also fail — recover is impossible. The rolling-batch pattern is specifically designed to prevent this by exercising the session at least twice. |
| GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" | ||
| GH_AW_INFO_STAGED: "false" | ||
| GH_AW_INFO_ALLOWED_DOMAINS: '["node","github","riksdag-regering-ai.onrender.com","api.scb.se","api.worldbank.org","data.riksdagen.se","www.riksdagen.se","riksdagen.se","www.regeringen.se","www.scb.se","regeringen.se","hack23.com","www.hack23.com","riksdagsmonitor.com","www.riksdagsmonitor.com","raw.githubusercontent.com","hack23.github.io","defaults"]' | ||
| GH_AW_INFO_ALLOWED_DOMAINS: '["node","github","riksdag-regering-ai.onrender.com","api.scb.se","api.worldbank.org","api.imf.org","data.imf.org","www.imf.org","data.riksdagen.se","www.riksdagen.se","riksdagen.se","www.regeringen.se","www.scb.se","regeringen.se","hack23.com","www.hack23.com","riksdagsmonitor.com","www.riksdagsmonitor.com","raw.githubusercontent.com","hack23.github.io","defaults"]' |
There was a problem hiding this comment.
The compiled lock file’s allowed domain list now includes IMF domains (api.imf.org/data.imf.org/www.imf.org), but the source workflow doesn’t reference IMF anywhere except these allowlists. This widens egress unnecessarily; please remove the IMF domains from the workflow’s network.allowed / safe-outputs.allowed-domains (then recompile) unless the workflow actually needs to fetch IMF data.
Suggested change
| GH_AW_INFO_ALLOWED_DOMAINS: '["node","github","riksdag-regering-ai.onrender.com","api.scb.se","api.worldbank.org","api.imf.org","data.imf.org","www.imf.org","data.riksdagen.se","www.riksdagen.se","riksdagen.se","www.regeringen.se","www.scb.se","regeringen.se","hack23.com","www.hack23.com","riksdagsmonitor.com","www.riksdagsmonitor.com","raw.githubusercontent.com","hack23.github.io","defaults"]' | |
| GH_AW_INFO_ALLOWED_DOMAINS: '["node","github","riksdag-regering-ai.onrender.com","api.scb.se","api.worldbank.org","data.riksdagen.se","www.riksdagen.se","riksdagen.se","www.regeringen.se","www.scb.se","regeringen.se","hack23.com","www.hack23.com","riksdagsmonitor.com","www.riksdagsmonitor.com","raw.githubusercontent.com","hack23.github.io","defaults"]' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Run 24672037751 produced both breaking articles (EN 3,344 words, SV 2,774 words) and committed them locally, but every safeoutputs call (
create_pull_request,noop,missing_tool,report_incomplete) returnedsession not foundat minute ~33, causing the downstreamsafe_outputsjob to be skipped and all work discarded. Same class of failure as PR #1768 (which fixednews-translate.md) but never applied here.Session keep-alive via rolling PRs
Each
safeoutputs___create_pull_requestcall re-exercises the Streamable HTTP MCP session and refreshes its idle timer. Liftingcreate-pull-request.maxfrom the default 1 → 3 lets the agent call the tool multiple times per run — each call both captures a new batch of work AND acts as a session heartbeat. This is the same proven pattern PR #1768 applied tonews-translate.md(which usesmax: 5).Verified propagated to the agent's tool list:
Tools: add_comment, create_pull_request(max:3)andCONSTRAINTS: Maximum 3 pull request(s) can be created.Time budget rewritten around rolling PRs (full 45 min preserved)
validate-news-generation.sh/fix-analysis-references.ts(38–40)git checkout mainfirst to avoid stacking onto the frozen PR Setup riksdagsmonitor: 14-language Swedish Parliament intelligence platform with ISMS compliance #1 patch)Hard cutoffs rewritten around the heartbeat pattern
≥22 min, no PR #1→ commit initial articles & callcreate_pull_requestnow (heartbeat + floor)≥28 min, no PR #1→ session expiry imminent, emergency flush≥43 min→ flush final improvements batch as PR Sync styles.css from Hack23/homepage #2Safe-output semantics aligned with
SHARED_PROMPT_PATTERNS.mdnoopwhen time runs out" with the universal rule: if any files exist → alwayscreate_pull_request;nooponly when zero files were producedsession not founderror-handling row now points at the rolling-PR keep-alive as the prevention mechanism (each PR call refreshes the session;max: 3is configured specifically to enable this)git checkout mainbetween batches (PR feat(translations): translate 2026-04-18-breaking-1705 to da, no, de, fi #1835 lesson)Why this answers "keep the session alive so we can do work longer"
create_pull_requestcall IS the heartbeat — no separate ping tool needed, nonoop/missing_dataside-effects polluting outputsSingle workflow file touched (plus regenerated
.lock.yml). Recompiled withgh aw compile --validate(v0.68.7) — 0 errors, 0 warnings. Code Review flagged unrelatedimf.orgentries in the lock file, which come from gh-aw v0.68.7's baked-indefaultsallowlist expansion at compile time — benign artifact unrelated to the session keep-alive fix.