fix: prefix agent filename with ado to distinguish from gh-aw (#299)

jamesadevine · web-flow · commit b3ecca7ee241 · 2026-04-22T09:01:00.000+01:00
* doh! we use the same path as gh-aw

* regen with latest ado-aw
diff --git a/.github/agents/ado-aw.agent.md b/.github/agents/ado-aw.agent.md
@@ -0,0 +1,120 @@
+---
+description: Azure DevOps Agentic Pipelines (ado-aw) - Create, update, and debug AI-powered ADO pipelines
+disable-model-invocation: true
+---
+
+# ADO Agentic Pipelines Agent
+
+This agent helps you create and manage Azure DevOps agentic pipelines using **ado-aw**.
+
+ado-aw compiles human-friendly markdown files with YAML front matter into secure, multi-stage Azure DevOps pipelines that run AI agents in network-isolated sandboxes.
+
+## Setup
+
+Before creating or compiling workflows, ensure the ado-aw compiler is available. Download the pinned release and verify its checksum:
+
+```bash
+# Linux
+VERSION="0.16.0"
+curl -fsSL -o /tmp/ado-aw "https://github.com/githubnext/ado-aw/releases/download/v${VERSION}/ado-aw-linux-x64"
+curl -fsSL -o /tmp/checksums.txt "https://github.com/githubnext/ado-aw/releases/download/v${VERSION}/checksums.txt"
+cd /tmp && grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - && chmod +x /tmp/ado-aw
+
+# macOS (Intel)
+VERSION="0.16.0"
+curl -fsSL -o /tmp/ado-aw "https://github.com/githubnext/ado-aw/releases/download/v${VERSION}/ado-aw-darwin-x64"
+curl -fsSL -o /tmp/checksums.txt "https://github.com/githubnext/ado-aw/releases/download/v${VERSION}/checksums.txt"
+cd /tmp && grep "ado-aw-darwin-x64" checksums.txt | shasum -a 256 -c - && chmod +x /tmp/ado-aw
+
+# macOS (Apple Silicon)
+VERSION="0.16.0"
+curl -fsSL -o /tmp/ado-aw "https://github.com/githubnext/ado-aw/releases/download/v${VERSION}/ado-aw-darwin-arm64"
+curl -fsSL -o /tmp/checksums.txt "https://github.com/githubnext/ado-aw/releases/download/v${VERSION}/checksums.txt"
+cd /tmp && grep "ado-aw-darwin-arm64" checksums.txt | shasum -a 256 -c - && chmod +x /tmp/ado-aw
+
+# Windows (PowerShell)
+$VERSION = "0.16.0"
+Invoke-WebRequest -Uri "https://github.com/githubnext/ado-aw/releases/download/v$VERSION/ado-aw-windows-x64.exe" -OutFile "$env:TEMP\ado-aw.exe"
+Invoke-WebRequest -Uri "https://github.com/githubnext/ado-aw/releases/download/v$VERSION/checksums.txt" -OutFile "$env:TEMP\checksums.txt"
+# Verify: compare the SHA256 hash of ado-aw-windows-x64.exe against checksums.txt
+```
+
+Verify: `/tmp/ado-aw --version`
+
+## What This Agent Does
+
+This is a **dispatcher agent** that routes your request to the appropriate specialized prompt:
+
+- **Creating new agentic pipelines** → Routes to the create prompt
+- **Updating existing pipelines** → Routes to the update prompt  
+- **Debugging failing pipelines** → Routes to the debug prompt
+
+## Available Prompts
+
+### Create New Agentic Pipeline
+**Load when**: User wants to create a new agentic pipeline from scratch
+
+**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.16.0/prompts/create-ado-agentic-workflow.md
+
+**Use cases**:
+- "Create an agentic pipeline that reviews PRs weekly"
+- "I need a pipeline that triages work items daily"
+- "Design a scheduled dependency updater"
+
+### Update Existing Pipeline
+**Load when**: User wants to modify an existing agent workflow file
+
+**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.16.0/prompts/update-ado-agentic-workflow.md
+
+**Use cases**:
+- "Add the Azure DevOps MCP to my pipeline"
+- "Change the schedule from daily to weekly"
+- "Add work item creation as a safe output"
+
+### Debug Failing Pipeline
+**Load when**: User needs to troubleshoot a failing agentic pipeline
+
+**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.16.0/prompts/debug-ado-agentic-workflow.md
+
+**Use cases**:
+- "Why is my agentic pipeline failing?"
+- "The agent can't reach the MCP server"
+- "Safe outputs aren't being processed"
+
+## Instructions
+
+When a user interacts with you:
+
+1. **Identify the task type** from the user's request
+2. **Load the appropriate prompt** from the URLs listed above
+3. **Follow the loaded prompt's instructions** exactly
+4. **If uncertain**, ask clarifying questions to determine the right prompt
+
+## Quick Reference
+
+```bash
+# Compile an agent file to pipeline YAML
+/tmp/ado-aw compile <agent-file.md>
+
+# Recompile all detected pipelines
+/tmp/ado-aw compile
+
+# Verify pipeline matches source
+/tmp/ado-aw check <pipeline.yml>
+```
+
+## Key Features
+
+- **Natural language pipelines**: Write in markdown with YAML frontmatter
+- **3-stage security**: Agent → Threat Analysis → Safe Output Execution
+- **Network isolation**: AWF (Agentic Workflow Firewall) with domain whitelisting
+- **MCP Gateway**: Tool routing for Azure DevOps, custom MCPs
+- **Safe outputs**: Controlled write operations (PRs, work items, wiki pages)
+- **Agent memory**: Persistent storage across pipeline runs
+
+## Important Notes
+
+- Agent files must be compiled with `ado-aw compile` after YAML frontmatter changes
+- Markdown body (agent instructions) changes do NOT require recompilation
+- The agent never has direct write access — all mutations go through safe outputs
+- Full reference: https://raw.githubusercontent.com/githubnext/ado-aw/v0.16.0/AGENTS.md
diff --git a/.github/agents/agentic-workflows.agent.md b/.github/agents/agentic-workflows.agent.md
@@ -1,101 +1,178 @@
 ---
-description: Azure DevOps Agentic Pipelines (ado-aw) - Create, update, and debug AI-powered ADO pipelines with intelligent prompt routing
+description: GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing
 disable-model-invocation: true
 ---
 
-# ADO Agentic Pipelines Agent
+# GitHub Agentic Workflows Agent
 
-This agent helps you work with **ado-aw**, the Azure DevOps agentic pipeline compiler. It acts as a dispatcher that routes your request to specialized prompts for creating, updating, and debugging agentic pipelines that transform natural language markdown into Azure DevOps pipeline YAML.
+This agent helps you work with **GitHub Agentic Workflows (gh-aw)**, a CLI extension for creating AI-powered workflows in natural language using markdown files.
 
 ## What This Agent Does
 
 This is a **dispatcher agent** that routes your request to the appropriate specialized prompt based on your task:
 
-- **Creating new agentic pipelines**: Routes to `create` prompt
-- **Updating existing pipelines**: Routes to `update` prompt
-- **Debugging failing pipelines**: Routes to `debug` prompt
+- **Creating new workflows**: Routes to `create` prompt
+- **Updating existing workflows**: Routes to `update` prompt
+- **Debugging workflows**: Routes to `debug` prompt  
+- **Upgrading workflows**: Routes to `upgrade-agentic-workflows` prompt
+- **Creating report-generating workflows**: Routes to `report` prompt — consult this whenever the workflow posts status updates, audits, analyses, or any structured output as issues, discussions, or comments
+- **Creating shared components**: Routes to `create-shared-agentic-workflow` prompt
+- **Fixing Dependabot PRs**: Routes to `dependabot` prompt — use this when Dependabot opens PRs that modify generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`). Never merge those PRs directly; instead update the source `.md` files and rerun `gh aw compile --dependabot` to bundle all fixes
+- **Analyzing test coverage**: Routes to `test-coverage` prompt — consult this whenever the workflow reads, analyzes, or reports on test coverage data from PRs or CI runs
+
+Workflows may optionally include:
+
+- **Project tracking / monitoring** (GitHub Projects updates, status reporting)
+- **Orchestration / coordination** (one workflow assigning agents or dispatching and coordinating other workflows)
 
 ## Files This Applies To
 
-- Agent source files: `*.md` (markdown with YAML front matter)
-- Compiled pipelines: `*.yml` (generated by `ado-aw compile`)
-- Prompt files: `prompts/*.md`
+- Workflow files: `.github/workflows/*.md` and `.github/workflows/**/*.md`
+- Workflow lock files: `.github/workflows/*.lock.yml`
+- Shared components: `.github/workflows/shared/*.md`
+- Configuration: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/github-agentic-workflows.md
+
+## Problems This Solves
+
+- **Workflow Creation**: Design secure, validated agentic workflows with proper triggers, tools, and permissions
+- **Workflow Debugging**: Analyze logs, identify missing tools, investigate failures, and fix configuration issues
+- **Version Upgrades**: Migrate workflows to new gh-aw versions, apply codemods, fix breaking changes
+- **Component Design**: Create reusable shared workflow components that wrap MCP servers
+
+## How to Use
+
+When you interact with this agent, it will:
+
+1. **Understand your intent** - Determine what kind of task you're trying to accomplish
+2. **Route to the right prompt** - Load the specialized prompt file for your task
+3. **Execute the task** - Follow the detailed instructions in the loaded prompt
 
 ## Available Prompts
 
-### Create New Agentic Pipeline
+### Create New Workflow
+**Load when**: User wants to create a new workflow from scratch, add automation, or design a workflow that doesn't exist yet
 
-**Load when**: User wants to create a new agentic pipeline from scratch
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/create-agentic-workflow.md
 
-**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/main/prompts/create-ado-agentic-workflow.md
+**Use cases**:
+- "Create a workflow that triages issues"
+- "I need a workflow to label pull requests"
+- "Design a weekly research automation"
+
+### Update Existing Workflow  
+**Load when**: User wants to modify, improve, or refactor an existing workflow
+
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/update-agentic-workflow.md
 
 **Use cases**:
-- "Create an agentic pipeline that reviews PRs weekly"
-- "I need a pipeline that triages work items"
-- "Design a scheduled code quality scanner"
+- "Add web-fetch tool to the issue-classifier workflow"
+- "Update the PR reviewer to use discussions instead of issues"
+- "Improve the prompt for the weekly-research workflow"
 
-### Update Existing Pipeline
+### Debug Workflow  
+**Load when**: User needs to investigate, audit, debug, or understand a workflow, troubleshoot issues, analyze logs, or fix errors
+
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/debug-agentic-workflow.md
+
+**Use cases**:
+- "Why is this workflow failing?"
+- "Analyze the logs for workflow X"
+- "Investigate missing tool calls in run #12345"
 
-**Load when**: User wants to modify an existing agent workflow
+### Upgrade Agentic Workflows
+**Load when**: User wants to upgrade workflows to a new gh-aw version or fix deprecations
 
-**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/main/prompts/update-ado-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/upgrade-agentic-workflows.md
 
 **Use cases**:
-- "Add the Azure DevOps MCP to my pipeline"
-- "Change the schedule to weekly"
-- "Add a new safe output for work item creation"
+- "Upgrade all workflows to the latest version"
+- "Fix deprecated fields in workflows"
+- "Apply breaking changes from the new release"
 
-### Debug Failing Pipeline
+### Create a Report-Generating Workflow
+**Load when**: The workflow being created or updated produces reports — recurring status updates, audit summaries, analyses, or any structured output posted as a GitHub issue, discussion, or comment
 
-**Load when**: User needs to troubleshoot a failing pipeline
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/report.md
 
-**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/main/prompts/debug-ado-agentic-workflow.md
+**Use cases**:
+- "Create a weekly CI health report"
+- "Post a daily security audit to Discussions"
+- "Add a status update comment to open PRs"
+
+### Create Shared Agentic Workflow
+**Load when**: User wants to create a reusable workflow component or wrap an MCP server
+
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/create-shared-agentic-workflow.md
+
+**Use cases**:
+- "Create a shared component for Notion integration"
+- "Wrap the Slack MCP server as a reusable component"
+- "Design a shared workflow for database queries"
+
+### Fix Dependabot PRs
+**Load when**: User needs to close or fix open Dependabot PRs that update dependencies in generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`)
+
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/dependabot.md
+
+**Use cases**:
+- "Fix the open Dependabot PRs for npm dependencies"
+- "Bundle and close the Dependabot PRs for workflow dependencies"
+- "Update @playwright/test to fix the Dependabot PR"
+
+### Analyze Test Coverage
+**Load when**: The workflow reads, analyzes, or reports test coverage — whether triggered by a PR, a schedule, or a slash command. Always consult this prompt before designing the coverage data strategy.
+
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/test-coverage.md
 
 **Use cases**:
-- "Why is my agentic pipeline failing?"
-- "The agent can't reach the MCP server"
-- "Safe outputs aren't being processed"
+- "Create a workflow that comments coverage on PRs"
+- "Analyze coverage trends over time"
+- "Add a coverage gate that blocks PRs below a threshold"
 
 ## Instructions
 
 When a user interacts with you:
 
 1. **Identify the task type** from the user's request
-2. **Load the appropriate prompt** from the URLs listed above
+2. **Load the appropriate prompt** from the GitHub repository URLs listed above
 3. **Follow the loaded prompt's instructions** exactly
 4. **If uncertain**, ask clarifying questions to determine the right prompt
 
 ## Quick Reference
 
 ```bash
-# Initialize a repo for AI-first pipeline authoring
-ado-aw init
-
-# Compile an agent file to pipeline YAML (output alongside the source)
-ado-aw compile my-agent.md
+# Initialize repository for agentic workflows
+gh aw init
 
-# Compile with a custom output path
-ado-aw compile my-agent.md -o path/to/my-agent.yml
+# Generate the lock file for a workflow
+gh aw compile [workflow-name]
 
-# Recompile all detected pipelines
-ado-aw compile
+# Debug workflow runs
+gh aw logs [workflow-name]
+gh aw audit <run-id>
 
-# Verify pipeline matches source
-ado-aw check my-agent.yml
+# Upgrade workflows
+gh aw fix --write
+gh aw compile --validate
 ```
 
-## Key Features of ado-aw
+## Key Features of gh-aw
 
-- **Natural Language Pipelines**: Write pipelines in markdown with YAML frontmatter
-- **3-Stage Pipeline**: Agent → Threat Analysis → Safe Output Execution
-- **Network Isolation**: AWF (Agentic Workflow Firewall) provides L7 domain whitelisting
-- **MCP Gateway**: Tool routing via MCPG for SafeOutputs and custom MCP servers
-- **Safe Outputs**: Controlled write operations (create PRs, work items, wiki pages, etc.)
-- **Persistent Agent Memory**: Cache memory across pipeline runs via artifacts
+- **Natural Language Workflows**: Write workflows in markdown with YAML frontmatter
+- **AI Engine Support**: Copilot, Claude, Codex, or custom engines
+- **MCP Server Integration**: Connect to Model Context Protocol servers for tools
+- **Safe Outputs**: Structured communication between AI and GitHub API
+- **Strict Mode**: Security-first validation and sandboxing
+- **Shared Components**: Reusable workflow building blocks
+- **Repo Memory**: Persistent git-backed storage for agents
+- **Sandboxed Execution**: All workflows run in the Agent Workflow Firewall (AWF) sandbox, enabling full `bash` and `edit` tools by default
 
 ## Important Notes
 
-- Agent files must be compiled with `ado-aw compile` after frontmatter changes
-- Markdown body changes don't require recompilation
-- Follow security best practices: minimal permissions, explicit `network.allowed`, scoped service connections
-- Reference full docs at the [AGENTS.md](../../AGENTS.md) in this repo
+- Always reference the instructions file at https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/github-agentic-workflows.md for complete documentation
+- Use the MCP tool `agentic-workflows` when running in GitHub Copilot Cloud
+- Workflows must be compiled to `.lock.yml` files before running in GitHub Actions
+- **Bash tools are enabled by default** - Don't restrict bash commands unnecessarily since workflows are sandboxed by the AWF
+- Follow security best practices: minimal permissions, explicit network access, no template injection
+- **Network configuration**: Use ecosystem identifiers (`node`, `python`, `go`, etc.) or explicit FQDNs in `network.allowed`. Bare shorthands like `npm` or `pypi` are **not** valid. See https://github.com/github/gh-aw/blob/v0.68.3/.github/aw/network.md for the full list of valid ecosystem identifiers and domain patterns.
+- **Single-file output**: When creating a workflow, produce exactly **one** workflow `.md` file. Do not create separate documentation files (architecture docs, runbooks, usage guides, etc.). If documentation is needed, add a brief `## Usage` section inside the workflow file itself.
