You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: site/src/content/docs/troubleshooting/common-issues.mdx
+48-3Lines changed: 48 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,15 +30,60 @@ description: "Agent: does things"
30
30
---
31
31
```
32
32
33
+
### "Deprecated front-matter shapes"
34
+
35
+
`ado-aw check` may print:
36
+
37
+
```
38
+
contains deprecated front-matter shapes that need codemod fixes.
39
+
hint: run `ado-aw compile <file>` to apply the codemods in place.
40
+
```
41
+
42
+
**Solution:** Run `ado-aw compile ./agent.md`. The compiler detects the old shape, rewrites the source file in place, and prints which codemods fired. Once compilation succeeds, commit the updated front matter. See the [codemods reference](/ado-aw/reference/codemods/) for details.
43
+
44
+
### "Safe outputs require write access to ADO, but no write service connection is configured"
45
+
46
+
You configured one or more safe-output tools (e.g. `create-pull-request`, `create-work-item`, `add-pr-comment`) but omitted `permissions.write` from your front matter.
47
+
48
+
**Solution:** Add a write service connection:
49
+
50
+
```yaml
51
+
permissions:
52
+
write: ado-aw-write # name of your ARM service connection
53
+
```
54
+
55
+
If you haven't created a service connection yet, see the [Service Connections guide](/ado-aw/setup/service-connections/).
56
+
57
+
### "safe-outputs.comment-on-work-item requires a 'target' field"
58
+
59
+
Certain safe-output tools require an explicit `target:` in the front matter configuration. `comment-on-work-item` and `update-work-item` are the most common examples — they need `target:` to scope which work items can be modified.
60
+
61
+
**Solution:** Add a `target:` field under the tool's `safe-outputs:` entry:
62
+
63
+
```yaml
64
+
safe-outputs:
65
+
comment-on-work-item:
66
+
max: 3
67
+
target: "*" # any work item, or a specific ID / area path prefix
68
+
```
69
+
33
70
## Runtime Errors
34
71
35
72
### Network timeouts in AWF sandbox
36
73
37
74
The agent can only access explicitly allowed domains. If your agent needs to reach an external service:
38
75
39
-
1. Check if a runtime enables the domain (e.g., `runtimes: [python]` enables `pypi.org`)
40
-
2. Add custom domains via `allowed-hosts:` in front matter
41
-
3. For broader access, use ADO `permissions:` with a service connection
76
+
1. Check if a runtime enables the domain — for example, `runtimes: python: true` adds `pypi.org` and other Python ecosystem hosts.
77
+
2. Add custom domains explicitly under `network: allowed:` in the front matter:
78
+
79
+
```yaml
80
+
network:
81
+
allowed:
82
+
- "api.contoso.internal"
83
+
- "*.packages.example.com"
84
+
```
85
+
86
+
3. For Azure DevOps API access (work items, PRs, repos), configure a service connection under `permissions:` — that's separate from network domain access.
0 commit comments