diff --git a/.github/workflows/doc-maintainer.lock.yml b/.github/workflows/doc-maintainer.lock.yml
index 8d9b955be..56c0c7719 100644
--- a/.github/workflows/doc-maintainer.lock.yml
+++ b/.github/workflows/doc-maintainer.lock.yml
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7fdf9c81966078fa821eaefaa66f97e568b72b6bb567c8583ed3c57f5eb31e82","compiler_version":"v0.76.1","strict":true,"agent_id":"claude","agent_model":"claude-haiku-4-5"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"70b1fceac1a4362ce84f33ea87471b0cd152ba48a8cc6cbd1fce7f0f236f52b2","compiler_version":"v0.76.1","strict":true,"agent_id":"claude","agent_model":"claude-haiku-4-5"}
# gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"46d564922b082d0db93244972e8005ea6904ee5f","version":"v0.76.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.55"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.55"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.55"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.19"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]}
# ___ _ _
# / _ \ | | (_)
@@ -186,26 +186,26 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_fdcb2aa2631d2fe8_EOF'
+ cat << 'GH_AW_PROMPT_6deff40e6e057ec2_EOF'
- GH_AW_PROMPT_fdcb2aa2631d2fe8_EOF
+ GH_AW_PROMPT_6deff40e6e057ec2_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_fdcb2aa2631d2fe8_EOF'
+ cat << 'GH_AW_PROMPT_6deff40e6e057ec2_EOF'
Tools: create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_fdcb2aa2631d2fe8_EOF
+ GH_AW_PROMPT_6deff40e6e057ec2_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_fdcb2aa2631d2fe8_EOF'
+ cat << 'GH_AW_PROMPT_6deff40e6e057ec2_EOF'
- GH_AW_PROMPT_fdcb2aa2631d2fe8_EOF
+ GH_AW_PROMPT_6deff40e6e057ec2_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
- cat << 'GH_AW_PROMPT_fdcb2aa2631d2fe8_EOF'
+ cat << 'GH_AW_PROMPT_6deff40e6e057ec2_EOF'
{{#runtime-import .github/workflows/doc-maintainer.md}}
- GH_AW_PROMPT_fdcb2aa2631d2fe8_EOF
+ GH_AW_PROMPT_6deff40e6e057ec2_EOF
} > "$GH_AW_PROMPT"
- name: Substitute placeholders
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -328,7 +328,7 @@ jobs:
EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES: ${{ steps.has-changes.outputs.has_changes }}
id: git-changes
name: Gather recent git diffs
- run: "CONTEXT_DIR=/tmp/gh-aw/doc-maintainer-context\nif [ \"$EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES\" = \"true\" ]; then\n git log --since=\"7 days ago\" --format=\"=== Commit %H: %s ===\" --patch --stat --unified=3 -- src/ containers/ scripts/ docs/ '*.md' | head -500 > \"$CONTEXT_DIR/recent-diffs.txt\"\nelse\n echo \"No relevant source changes detected in the past 7 days.\" > \"$CONTEXT_DIR/recent-diffs.txt\"\nfi\nDELIM=\"GH_AW_RECENT_DIFFS_$(date +%s%N)_$RANDOM\"\n{\n echo \"RECENT_DIFFS<<$DELIM\"\n cat \"$CONTEXT_DIR/recent-diffs.txt\"\n echo \"$DELIM\"\n} >> \"$GITHUB_OUTPUT\"\n"
+ run: "CONTEXT_DIR=/tmp/gh-aw/doc-maintainer-context\nif [ \"$EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES\" = \"true\" ]; then\n git log --since=\"7 days ago\" --format=\"=== Commit %H: %s ===\" --patch --stat --unified=2 -- src/ containers/ scripts/ docs/ '*.md' | head -200 > \"$CONTEXT_DIR/recent-diffs.txt\"\nelse\n echo \"No relevant source changes detected in the past 7 days.\" > \"$CONTEXT_DIR/recent-diffs.txt\"\nfi\nDELIM=\"GH_AW_RECENT_DIFFS_$(date +%s%N)_$RANDOM\"\n{\n echo \"RECENT_DIFFS<<$DELIM\"\n cat \"$CONTEXT_DIR/recent-diffs.txt\"\n echo \"$DELIM\"\n} >> \"$GITHUB_OUTPUT\"\n"
- id: doc-files
name: List documentation files
run: |
@@ -347,7 +347,7 @@ jobs:
EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES: ${{ steps.has-changes.outputs.has_changes }}
id: affected-docs
name: Identify affected docs
- run: "CONTEXT_DIR=/tmp/gh-aw/doc-maintainer-context\nDOC_POOL=$(mktemp)\nTOKENS=$(mktemp)\nAFFECTED=$(mktemp)\n\ncat \"$CONTEXT_DIR/doc-files.txt\" > \"$DOC_POOL\"\n\nif [ \"$EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES\" = \"true\" ]; then\n git log --since=\"7 days ago\" --format=\"%H\" -- src/ containers/ scripts/ | \\\n while read -r sha; do\n git show --name-only --format=\"\" \"$sha\" -- docs/ '*.md' 2>/dev/null\n done | grep -E '(^docs/.*\\.md$|^[^/]+\\.md$)' | sort -u | head -30 > \"$AFFECTED\" || true\nfi\n\nif [ ! -s \"$AFFECTED\" ] && [ \"$EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES\" = \"true\" ]; then\n git log --since=\"7 days ago\" --name-only --format=\"\" -- src/ containers/ scripts/ | \\\n grep -v '^$' | sed -E 's|.*/||; s|\\.[^.]+$||' | \\\n tr '[:upper:]' '[:lower:]' | tr '[:punct:]' '\\n' | grep -E '^[a-z0-9]{3,}$' | sort -u > \"$TOKENS\" || true\n if [ -s \"$TOKENS\" ]; then\n grep -i -F -f \"$TOKENS\" \"$DOC_POOL\" | head -30 > \"$AFFECTED\" || true\n fi\nfi\n\nif [ ! -s \"$AFFECTED\" ]; then\n head -30 \"$DOC_POOL\" > \"$AFFECTED\"\nfi\n\ncp \"$AFFECTED\" \"$CONTEXT_DIR/affected-docs.txt\"\n\nDELIM=\"GH_AW_AFFECTED_DOCS_$(date +%s%N)_$RANDOM\"\n{\n echo \"AFFECTED_DOCS<<$DELIM\"\n cat \"$CONTEXT_DIR/affected-docs.txt\"\n echo \"$DELIM\"\n} >> \"$GITHUB_OUTPUT\"\n"
+ run: "CONTEXT_DIR=/tmp/gh-aw/doc-maintainer-context\nDOC_POOL=$(mktemp)\nTOKENS=$(mktemp)\nAFFECTED=$(mktemp)\n\ncat \"$CONTEXT_DIR/doc-files.txt\" > \"$DOC_POOL\"\n\nif [ \"$EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES\" = \"true\" ]; then\n git log --since=\"7 days ago\" --format=\"%H\" -- src/ containers/ scripts/ | \\\n while read -r sha; do\n git show --name-only --format=\"\" \"$sha\" -- docs/ '*.md' 2>/dev/null\n done | grep -E '(^docs/.*\\.md$|^[^/]+\\.md$)' | sort -u | head -10 > \"$AFFECTED\" || true\nfi\n\nif [ ! -s \"$AFFECTED\" ] && [ \"$EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES\" = \"true\" ]; then\n git log --since=\"7 days ago\" --name-only --format=\"\" -- src/ containers/ scripts/ | \\\n grep -v '^$' | sed -E 's|.*/||; s|\\.[^.]+$||' | \\\n tr '[:upper:]' '[:lower:]' | tr '[:punct:]' '\\n' | grep -E '^[a-z0-9]{3,}$' | sort -u > \"$TOKENS\" || true\n if [ -s \"$TOKENS\" ]; then\n grep -i -F -f \"$TOKENS\" \"$DOC_POOL\" | head -10 > \"$AFFECTED\" || true\n fi\nfi\n\nif [ ! -s \"$AFFECTED\" ]; then\n head -10 \"$DOC_POOL\" > \"$AFFECTED\"\nfi\n\ncp \"$AFFECTED\" \"$CONTEXT_DIR/affected-docs.txt\"\n\nDELIM=\"GH_AW_AFFECTED_DOCS_$(date +%s%N)_$RANDOM\"\n{\n echo \"AFFECTED_DOCS<<$DELIM\"\n cat \"$CONTEXT_DIR/affected-docs.txt\"\n echo \"$DELIM\"\n} >> \"$GITHUB_OUTPUT\"\n"
- name: Configure Git credentials
env:
@@ -412,9 +412,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_976cbb15fcece69a_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8ecfd74bfacd69b9_EOF'
{"create_pull_request":{"draft":false,"labels":["documentation","ai-generated"],"max":1,"max_patch_files":100,"max_patch_size":1024,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","CLAUDE.md","AGENTS.md"],"protected_files_policy":"request_review","reviewers":["copilot"],"title_prefix":"[docs] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
- GH_AW_SAFE_OUTPUTS_CONFIG_976cbb15fcece69a_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_8ecfd74bfacd69b9_EOF
- name: Generate Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -623,7 +623,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.19'
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_647def475deaeddd_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_d1feccd5a89c72b9_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"safeoutputs": {
@@ -641,7 +641,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_647def475deaeddd_EOF
+ GH_AW_MCP_CONFIG_d1feccd5a89c72b9_EOF
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
@@ -704,7 +704,7 @@ jobs:
fi
# shellcheck disable=SC1003
sudo -E awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" ${GH_AW_DOCKER_HOST_PATH_PREFIX_ARGS} --tty --env-all --exclude-env ANTHROPIC_API_KEY --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --enable-host-access --allow-host-ports 80,443,8080 --skip-pull \
- -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/claude_harness.cjs claude --print --no-chrome --allowed-tools '\''Bash,BashOutput,Edit,Edit(/tmp/*),Edit(/tmp/gh-aw/agent/*),ExitPlanMode,Glob,Grep,KillBash,LS,MultiEdit,MultiEdit(/tmp/*),MultiEdit(/tmp/gh-aw/agent/*),NotebookEdit,NotebookRead,Read,Read(/tmp/*),Read(/tmp/gh-aw/agent/*),Task,TodoWrite,Write,Write(/tmp/*),Write(/tmp/gh-aw/agent/*),mcp__safeoutputs'\'' --debug-file /tmp/gh-aw/agent-stdio.log --verbose --permission-mode acceptEdits --output-format stream-json --mcp-config "${RUNNER_TEMP}/gh-aw/mcp-config/mcp-servers.json" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log
+ -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/claude_harness.cjs claude --print --no-chrome --max-turns 15 --allowed-tools '\''Bash,BashOutput,Edit,Edit(/tmp/*),Edit(/tmp/gh-aw/agent/*),ExitPlanMode,Glob,Grep,KillBash,LS,MultiEdit,MultiEdit(/tmp/*),MultiEdit(/tmp/gh-aw/agent/*),NotebookEdit,NotebookRead,Read,Read(/tmp/*),Read(/tmp/gh-aw/agent/*),Task,TodoWrite,Write,Write(/tmp/*),Write(/tmp/gh-aw/agent/*),mcp__safeoutputs'\'' --debug-file /tmp/gh-aw/agent-stdio.log --verbose --permission-mode acceptEdits --output-format stream-json --mcp-config "${RUNNER_TEMP}/gh-aw/mcp-config/mcp-servers.json" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
ANTHROPIC_MODEL: claude-haiku-4-5
@@ -714,6 +714,7 @@ jobs:
DISABLE_BUG_COMMAND: 1
DISABLE_ERROR_REPORTING: 1
DISABLE_TELEMETRY: 1
+ GH_AW_MAX_TURNS: 15
GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/mcp-servers.json
GH_AW_PHASE: agent
GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt
diff --git a/.github/workflows/doc-maintainer.md b/.github/workflows/doc-maintainer.md
index df26ccdf2..bd5ee0209 100644
--- a/.github/workflows/doc-maintainer.md
+++ b/.github/workflows/doc-maintainer.md
@@ -16,6 +16,7 @@ sandbox:
engine:
id: claude
model: claude-haiku-4-5
+ max-turns: 15
tools:
edit:
bash: true
@@ -57,7 +58,7 @@ steps:
run: |
CONTEXT_DIR=/tmp/gh-aw/doc-maintainer-context
if [ "$EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES" = "true" ]; then
- git log --since="7 days ago" --format="=== Commit %H: %s ===" --patch --stat --unified=3 -- src/ containers/ scripts/ docs/ '*.md' | head -500 > "$CONTEXT_DIR/recent-diffs.txt"
+ git log --since="7 days ago" --format="=== Commit %H: %s ===" --patch --stat --unified=2 -- src/ containers/ scripts/ docs/ '*.md' | head -200 > "$CONTEXT_DIR/recent-diffs.txt"
else
echo "No relevant source changes detected in the past 7 days." > "$CONTEXT_DIR/recent-diffs.txt"
fi
@@ -97,7 +98,7 @@ steps:
git log --since="7 days ago" --format="%H" -- src/ containers/ scripts/ | \
while read -r sha; do
git show --name-only --format="" "$sha" -- docs/ '*.md' 2>/dev/null
- done | grep -E '(^docs/.*\.md$|^[^/]+\.md$)' | sort -u | head -30 > "$AFFECTED" || true
+ done | grep -E '(^docs/.*\.md$|^[^/]+\.md$)' | sort -u | head -10 > "$AFFECTED" || true
fi
if [ ! -s "$AFFECTED" ] && [ "$EXPR_STEPS_HAS_CHANGES_OUTPUTS_HAS_CHANGES" = "true" ]; then
@@ -105,12 +106,12 @@ steps:
grep -v '^$' | sed -E 's|.*/||; s|\.[^.]+$||' | \
tr '[:upper:]' '[:lower:]' | tr '[:punct:]' '\n' | grep -E '^[a-z0-9]{3,}$' | sort -u > "$TOKENS" || true
if [ -s "$TOKENS" ]; then
- grep -i -F -f "$TOKENS" "$DOC_POOL" | head -30 > "$AFFECTED" || true
+ grep -i -F -f "$TOKENS" "$DOC_POOL" | head -10 > "$AFFECTED" || true
fi
fi
if [ ! -s "$AFFECTED" ]; then
- head -30 "$DOC_POOL" > "$AFFECTED"
+ head -10 "$DOC_POOL" > "$AFFECTED"
fi
cp "$AFFECTED" "$CONTEXT_DIR/affected-docs.txt"
@@ -141,21 +142,26 @@ This repository is a security-critical firewall for GitHub Copilot CLI. Accurate
## Task Steps
-### 1. Analyze Pre-computed Changes
+### 0. Check For Changes First (Do This Before Anything Else)
+
+Read `/tmp/gh-aw/doc-maintainer-context/has-changes.txt`.
-Read `/tmp/gh-aw/doc-maintainer-context/has-changes.txt` and `/tmp/gh-aw/doc-maintainer-context/changed-count.txt` first.
+- If `false`: call `safeoutputs noop` immediately and stop. Do not read any other files.
+- If `true`: proceed to Step 1.
+
+### 1. Analyze Pre-computed Changes
-If `has-changes.txt` is `false`, exit immediately using a no-op result without editing files or creating a PR.
+Read `/tmp/gh-aw/doc-maintainer-context/changed-count.txt`.
-Use `/tmp/gh-aw/doc-maintainer-context/recent-diffs.txt` as your source of truth for recent source changes. Do not run `git show ` per commit unless absolutely necessary.
+Use `/tmp/gh-aw/doc-maintainer-context/recent-diffs.txt` as your **sole source** for recent source changes. **Do not run any `git` commands** — all required git data is already pre-computed. Running `git show`, `git log`, or `git diff` wastes turns.
### 2. Identify Documentation Gaps
-Compare code changes with current documentation and identify what needs to be updated.
+Review only the files listed in `/tmp/gh-aw/doc-maintainer-context/affected-docs.txt` (max 10 files) and identify what needs to be updated. Do not proactively read additional files not in this list.
### 3. Review Current Documentation
-Start with `/tmp/gh-aw/doc-maintainer-context/affected-docs.txt`. Review the broader list in `/tmp/gh-aw/doc-maintainer-context/doc-files.txt` only when there is a clear link to the recent source changes.
+Review only `/tmp/gh-aw/doc-maintainer-context/affected-docs.txt`. Do not expand review scope to `/tmp/gh-aw/doc-maintainer-context/doc-files.txt`.
### 4. Verify Code Examples
diff --git a/scripts/ci/doc-maintainer-workflow.test.ts b/scripts/ci/doc-maintainer-workflow.test.ts
index 5881a308e..c4a110de5 100644
--- a/scripts/ci/doc-maintainer-workflow.test.ts
+++ b/scripts/ci/doc-maintainer-workflow.test.ts
@@ -9,7 +9,15 @@ describe('doc maintainer workflow optimization config', () => {
it('disables unused tools and keeps condensed prompt sections in source workflow', () => {
const source = fs.readFileSync(sourcePath, 'utf-8');
+ expect(source).toContain('max-turns: 15');
expect(source).toContain('github: false');
+ expect(source).toContain('### 0. Check For Changes First (Do This Before Anything Else)');
+ expect(source).toContain("If `false`: call `safeoutputs noop` immediately and stop.");
+ expect(source).toContain('Use `/tmp/gh-aw/doc-maintainer-context/recent-diffs.txt` as your **sole source**');
+ expect(source).toContain('**Do not run any `git` commands**');
+ expect(source).toContain('Do not expand review scope to `/tmp/gh-aw/doc-maintainer-context/doc-files.txt`.');
+ expect(source).toContain("git log --since=\"7 days ago\" --format=\"=== Commit %H: %s ===\" --patch --stat --unified=2 -- src/ containers/ scripts/ docs/ '*.md' | head -200");
+ expect(source).toContain("grep -i -F -f \"$TOKENS\" \"$DOC_POOL\" | head -10 > \"$AFFECTED\" || true");
expect(source).toContain(
'**PR Description**: Summarize updated docs, reference the triggering code changes, and list what was verified.'
);
@@ -19,11 +27,16 @@ describe('doc maintainer workflow optimization config', () => {
);
expect(source).not.toContain('## Edge Cases');
expect(source).not.toContain('A successful run means:');
+ expect(source).not.toContain('Review the broader list in `/tmp/gh-aw/doc-maintainer-context/doc-files.txt` only when there is a clear link to the recent source changes.');
});
it('compiles tool disabling into the lock workflow', () => {
const lock = fs.readFileSync(lockPath, 'utf-8');
+ expect(lock).toContain('--max-turns 15');
+ expect(lock).toContain('--patch --stat --unified=2');
+ expect(lock).toContain('head -200 > \\"$CONTEXT_DIR/recent-diffs.txt\\"');
+ expect(lock).toContain('head -10 > \\"$AFFECTED\\" || true');
expect(lock).not.toContain('mcp__github');
});
});