Conversation
…orkflows Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/2904af3c-9eec-4dd4-af2e-0abda94c197a Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/2904af3c-9eec-4dd4-af2e-0abda94c197a Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
…Copilot API token expiry loss Root cause (gh-aw issue #24920): github.token is baked at step start and the Copilot API session expires at ~60 minutes. All tool calls fail silently after that point — the agent runs but produces no PR, losing all work. Changes: - 07-commit-and-pr.md: deadline 40min → 25min with token-expiry explanation - 00-base-contract.md: explicit ~60-min token expiry warning + 25-min PR rule - All 12 workflow .md files: timeout-minutes 90/60 → 55 (kills workflow before 30-min post-expiry drift; 5min setup + 25min agent + 5min safe-outputs = 35min) - news-article-generator.md: removed stale playwright: tool entry - Recompiled all 12 .lock.yml files (0 errors, 0 warnings) Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/f30d661b-83d2-486b-af62-8817143320a0 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
…ly PR, Run 2 articles PR Changes: - 00-base-contract.md: replace single-run pipeline with two-run model (Analysis mode / Article mode selected automatically at pre-flight) - 03-data-download.md: new §Pre-flight check — reads ANALYSIS_DIR for 9 core artifacts; sets SKIP_ANALYSIS=true if all present, directing agent to article generation without re-downloading or re-running analysis - 04-analysis-pipeline.md: SKIP_ANALYSIS fast-path note at top of execution order - 07-commit-and-pr.md: two-run PR strategy table — Analysis mode creates analysis-only PR and stops; Article mode creates articles PR and dispatches news-translate - All 11 analysis workflow .md files: updated What-this-does, Time-budget (split into Run 1 ~43-45 min / Run 2 ~25 min), and Dedup→Run-mode-selection sections - news-translate.md: time budget tightened to ~40 min (was 60 min) - All 12 .lock.yml recompiled (0 errors, 0 warnings) Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/fb858939-9b83-4a19-935d-a3dc20b627dc Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
github-actions
Bot
added
documentation
🏷️ Automatic Labeling SummaryThis PR has been automatically labeled based on the files changed and PR metadata. Applied Labels: documentation,workflow,ci-cd,testing,size-xl,news,agentic-workflow Label Categories
For more information, see |
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
|
@copilot TypeScript & JavaScript Testing / Unit Tests (Vitest) (pull_request) |
There was a problem hiding this comment.
Pull request overview
Updates the agentic news workflows to a two-run “analysis then articles” pipeline with automatic mode selection, aiming to keep each run within the Copilot session/token time limits and avoid losing work when auth expires.
Changes:
- Adds a pre-flight check to detect existing analysis artifacts and skip analysis when complete.
- Updates news workflows’ documented run model/time budgets and tightens
timeout-minutes(mostly to 55). - Recompiles workflow lock files and adjusts architecture prompts/tests accordingly.
Reviewed changes
Copilot reviewed 31 out of 31 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/workflow-architecture.test.ts | Adjusts timeout guardrail test for news workflows. |
| .github/workflows/news-weekly-review.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-weekly-review.lock.yml | Recompiled compiled workflow output for weekly-review. |
| .github/workflows/news-week-ahead.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-week-ahead.lock.yml | Recompiled compiled workflow output for week-ahead. |
| .github/workflows/news-translate.md | Tightens translation time budget; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-translate.lock.yml | Recompiled compiled workflow output for translate. |
| .github/workflows/news-realtime-monitor.md | Documents two-run model for realtime runs; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-propositions.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-motions.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-monthly-review.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-month-ahead.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-month-ahead.lock.yml | Recompiled compiled workflow output for month-ahead. |
| .github/workflows/news-interpellations.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-evening-analysis.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-committee-reports.md | Documents two-run model; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/workflows/news-article-generator.md | Documents two-run model for manual generator; adds MCP gateway sandbox keepalive; lowers timeout. |
| .github/prompts/07-commit-and-pr.md | Defines two-run PR strategy and adds new “deadline enforcement” guidance. |
| .github/prompts/04-analysis-pipeline.md | Adds fast-path note when SKIP_ANALYSIS=true. |
| .github/prompts/03-data-download.md | Adds pre-flight analysis-artifact presence check driving mode selection. |
| .github/prompts/02-mcp-access.md | Updates MCP/tooling description to remove repo-memory and note keepalive. |
| .github/prompts/00-base-contract.md | Replaces single-run pipeline with two-run canonical contract and token/session guidance. |
| .github/aw/actions-lock.json | Updates pinned gh-aw action entries used by compiled workflows. |
| @@ -1288,8 +1288,8 @@ describe('Workflow timeout limits', () => { | |||
| const timeout = parseInt(timeoutMatch[1]!, 10); | |||
| expect( | |||
| timeout, | |||
| `Workflow ${workflowFile} has timeout-minutes: ${timeout} which exceeds 60 minutes` | |||
| ).toBeLessThanOrEqual(60); | |||
| `Workflow ${workflowFile} has timeout-minutes: ${timeout} which exceeds 90 minutes` | |||
| ).toBeLessThanOrEqual(90); | |||
There was a problem hiding this comment.
The timeout upper bound was relaxed to 90 minutes, but all news-*.md workflows now declare timeout-minutes: 55 (and the PR motivation is staying under the ~60-minute token window). Raising the test limit weakens the guardrail and could allow regressions that reintroduce token-expiry failures. Consider enforcing <= 60 (or <= 55 to match the new standard) instead of <= 90.
| # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"94051ac701b4cdb38b285dd56b6068734b9bffde701d2957e309f9a81ab770ce","compiler_version":"v0.68.3","agent_id":"copilot","agent_model":"claude-opus-4.7"} | ||
| # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/setup-node","sha":"6044e13b5dc448c55e2357c09f80417699197238","version":"6044e13b5dc448c55e2357c09f80417699197238"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"ba90f2186d7ad780ec640f364005fa24e797b360","version":"v0.68.3"}],"containers":[{"image":"alpine:latest"},{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.20"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.20"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.20"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.2.19"},{"image":"ghcr.io/github/github-mcp-server:v0.32.0"},{"image":"node:25-alpine"},{"image":"node:lts-alpine"}]} |
There was a problem hiding this comment.
These lock files were compiled with compiler_version":"v0.68.3", but the repo’s compile workflow pins gh-aw CLI to v0.69.3 (.github/workflows/compile-agentic-workflows.yml). This will likely fail the “lock file is up to date” checks and cause churn on every compile. Recompile the workflows using the pinned CLI version so the lock metadata (and generated action SHAs) match the repository standard.
| "version": "v7.0.1", | ||
| "sha": "043fb46d1a93c77aae656e7c1c64a875d1fc6a0a" | ||
| }, | ||
| "github/gh-aw-actions/setup-cli@v0.69.3": { | ||
| "repo": "github/gh-aw-actions/setup-cli", | ||
| "version": "v0.69.3", | ||
| "sha": "006ffd856b868b71df342dbe0ba082a963249b31" | ||
| }, | ||
| "github/gh-aw-actions/setup@v0.69.3": { | ||
| "github/gh-aw-actions/setup@v0.68.3": { | ||
| "repo": "github/gh-aw-actions/setup", | ||
| "version": "v0.69.3", | ||
| "sha": "006ffd856b868b71df342dbe0ba082a963249b31" | ||
| "version": "v0.68.3", | ||
| "sha": "ba90f2186d7ad780ec640f364005fa24e797b360" | ||
| }, |
There was a problem hiding this comment.
.github/workflows/compile-agentic-workflows.yml pins gh-aw CLI to v0.69.3, but this lockfile pins github/gh-aw-actions/setup to v0.68.3 (and removed setup-cli@v0.69.3). This mismatch will cause inconsistent compilation outputs and likely CI failures/churn. Update this file by recompiling with the pinned gh-aw CLI version so the actions lock matches the toolchain used in CI.
| ANALYSIS_DIR="analysis/daily/$ARTICLE_DATE/$SUBFOLDER" | ||
| REQ=(synthesis-summary.md swot-analysis.md risk-assessment.md threat-analysis.md \ | ||
| stakeholder-perspectives.md significance-scoring.md classification-results.md \ | ||
| cross-reference-map.md data-download-manifest.md) | ||
| SKIP_ANALYSIS=false | ||
| ALL_PRESENT=true | ||
| for f in "${REQ[@]}"; do | ||
| [ -s "$ANALYSIS_DIR/$f" ] || { ALL_PRESENT=false; break; } | ||
| done | ||
| [ "$ALL_PRESENT" = "true" ] && SKIP_ANALYSIS=true | ||
| echo "SKIP_ANALYSIS=$SKIP_ANALYSIS (analysis folder present: $ALL_PRESENT)" |
There was a problem hiding this comment.
The pre-flight check only validates the 9 core artifacts. For Tier-C workflows (week-ahead/month-ahead/weekly-review/monthly-review/evening-analysis/realtime-*) the contract requires 14 artifacts (ext/tier-c-aggregation.md). As written, a partially-complete Tier-C folder could set SKIP_ANALYSIS=true and incorrectly skip analysis/gate, even though required Tier-C artifacts are missing. Consider extending the required list conditionally (e.g., append the 5 Tier-C filenames when $SUBFOLDER matches the Tier-C workflows / realtime-*).
Also, this section’s “never create propositions-2/propositions-3” folder-reuse rule conflicts with the later “auto-suffix” rule in the same file; they should be made consistent with the new two-run model.
| > **Root cause**: The Copilot API session is bound to the `github.token` baked in at step start. That token expires at approximately **60 minutes** and is never refreshed mid-run (gh-aw issue #24920). Every tool call and inference request fails silently after that point — the agent appears to run but makes no progress and the PR is never created. Setup steps consume ~5 minutes, so the agent has at most **~55 minutes** of usable session time, and safe-outputs publishing needs several minutes on top. | ||
|
|
||
| **If the run exceeds 25 minutes with no safe-output call yet:** | ||
|
|
||
| 1. Stop analysis / article work immediately. | ||
| 2. Stage whatever exists on disk. | ||
| 3. Commit. | ||
| 2. Stage whatever exists on disk (analysis artifacts and/or partial articles). | ||
| 3. Commit with message including `[early-pr]` to signal partial content. | ||
| 4. Call `safeoutputs___create_pull_request` with label `analysis-only` if articles are incomplete. |
There was a problem hiding this comment.
The new deadline rule triggers an early PR after 25 minutes without a safe-output call, but the documented Analysis-mode run plan budgets ~43–45 minutes before PR creation. This would force most analysis runs to stop early and publish partial output, contradicting the two-run design and time budgets.
To align the guidance with the stated ~60-minute token expiry and timeout-minutes: 55, consider setting this threshold closer to the real safety margin (e.g., ~45–50 minutes after agent start, leaving time for staging + safe-outputs), and ensure the same threshold is used consistently in 00-base-contract.md.
|
|
||
| To mitigate MCP idle-connection drops, workflows set `sandbox.mcp.keepalive-interval: 300` (5-minute ping). This keeps MCP connections alive but does **not** refresh the Copilot API token. | ||
|
|
||
| **The only reliable mitigation is to call `safeoutputs___create_pull_request` within 25 minutes of agent start** — before the token nears expiry. See `07-commit-and-pr.md §Deadline enforcement` for the mandatory early-PR procedure. |
There was a problem hiding this comment.
This states that the only reliable mitigation is calling safeoutputs___create_pull_request within 25 minutes, but the same PR describes Analysis-mode runs lasting ~43–45 minutes and workflows set timeout-minutes: 55. The 25-minute requirement appears inconsistent with the two-run time budgets and would push runs into the “early PR” path unnecessarily.
Consider updating this guidance to match the actual token-expiry window (~60 min) and the intended PR timing (e.g., “ensure PR is created well before ~55 minutes of agent start”).
| **The only reliable mitigation is to call `safeoutputs___create_pull_request` within 25 minutes of agent start** — before the token nears expiry. See `07-commit-and-pr.md §Deadline enforcement` for the mandatory early-PR procedure. | |
| **The reliable mitigation is to ensure `safeoutputs___create_pull_request` is called well before the session approaches expiry**. Plan the run so the PR is created before the workflow nears its ~55-minute budget from agent start, rather than waiting until the token is close to the ~60-minute expiry window. See `07-commit-and-pr.md §Deadline enforcement` for the required PR-timing procedure. |
|
@copilot apply changes based on the comments in this thread and TypeScript & JavaScript Testing / Unit Tests (Vitest) (pull_request) |
…ion, timeout <=55, Tier-C pre-flight, v0.69.3 recompile)
- tests/workflow-architecture.test.ts:
* restore failing force_generation check by re-introducing `force_generation=false` literal
in each article-type workflow .md (Run-mode selection section)
* tighten no-timeout test from <= 90 min to <= 55 min (matches current standard)
- .github/prompts/00-base-contract.md: replace "25-min only reliable mitigation" with a
mode-aware guidance that aligns with the ~60-min token window and 55-min workflow cap
- .github/prompts/07-commit-and-pr.md: Deadline enforcement now a mode-aware table
(Analysis mode target 40–45min / hard 48min; Article mode target 20–25min / hard 30min)
instead of a single 25-min hard rule that would force early PRs on healthy analysis runs
- .github/prompts/03-data-download.md:
* Tier-C pre-flight now conditionally extends REQ with the 5 Tier-C artifacts when
$SUBFOLDER matches evening-analysis | week-ahead | month-ahead | weekly-review |
monthly-review | deep-inspection | realtime-*
* reconcile folder-reuse rule with legacy auto-suffix: base folder reused when
force_generation=false; suffix only as escape hatch when force_generation=true
- Installed gh-aw v0.69.3 (the CLI pinned in compile-agentic-workflows.yml) and
recompiled all 12 .lock.yml → compiler_version now v0.69.3 and
.github/aw/actions-lock.json picks up github/gh-aw-actions/setup-cli@v0.69.3
- Full vitest run: 107 files, 4324/4324 tests passing
Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/aba5a55a-e7b3-4703-bd9d-a06176e7fa5b
Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
workflow-architecture.test.ts:764— restoredforce_generation=falseliteral in all 11 article-type/analysis workflow.mdfiles:1292from<= 90to<= 55(matches currenttimeout-minutes: 55standard)00-base-contract.md+07-commit-and-pr.md— replaced 25-min hard rule with mode-aware table (Analysis 40–45 min target / 48 min hard; Article 20–25 min target / 30 min hard)03-data-download.md— pre-flight check now conditionally extends required artifacts from 9 → 14 for Tier-C subfolders03-data-download.md— base folder reused onforce_generation=false, auto-suffix only as escape hatch onforce_generation=truecompile-agentic-workflows.yml, recompiled all 12.lock.yml;actions-lock.jsonnow matches (setup-cli@v0.69.3, setup@v0.69.3)