[q] fix(daily-observability-report): download agent and detection artifacts

[github-actions]

Q Workflow Optimization Report

Fixes #40699

Issues Found (from live data)

Daily Observability Report for AWF Firewall and MCP Gateway

• Run Analyzed: 27921795956
• Conclusion: succeeded with 0 turns / 0 token usage — no safe outputs generated
• Root Cause:
  • The logs tool calls used an invalid parse: true parameter (not in tool schema) and defaulted to downloading only the usage artifact set
  • The MCP server returned: "Only the usage artifact was downloaded. Use --artifacts all to download all artifacts, or a specific set such as --artifacts agent"
  • Without the agent and detection artifact sets, the workflow had no agent logs or detection data to analyze, causing it to produce no report and no noop call
  • The targeted follow-up count was also set to 100, contradicting the workflow's own instruction ("at most 10 runs per targeted call")

Changes Made

Daily Observability Report (.github/workflows/daily-observability-report.md)

Location	Before	After
Step 1.1 logs params	"parse": true	"artifacts": ["agent", "detection"]
Step 1.2 logs params	"parse": true, count: 100	"artifacts": ["agent", "detection"], count: 10

• Added "artifacts": ["agent", "detection"] to both logs tool call examples to provide agent stdout/stderr logs and detection-system data needed to generate the report
• Removed the unsupported "parse": true parameter (not present in the logs tool schema)
• Fixed count: 100 to count: 10 in Step 1.2, matching the workflow's own instruction

Expected Improvements

• Agent will now receive agent-stdio.log, agent_output/, and detection artifacts when calling logs
• Workflow can generate a complete observability report and call create_discussion or noop
• No more "no safe outputs" failures caused by missing artifact data

Validation

• daily-observability-report compiled successfully

Note: .lock.yml files will be regenerated automatically after merge.

References

• Run analyzed: 27921795956
• Valid artifact sets: all, activation, agent, detection, experiment, firewall, github-api, mcp, usage

---

Warning

Protected Files — Push Permission Denied

This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.

Protected files

• .github/workflows/daily-observability-report.md

The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.

Create the pull request manually

# Download the patch from the workflow run
gh run download 27922114119 -n agent -D /tmp/agent-27922114119

# Create a new branch
git checkout -b q/daily-observability-report-artifacts-96aa1755b7097bf0 main

# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-27922114119/aw-q-daily-observability-report-artifacts.patch

# Push the branch and create the pull request
git push origin q/daily-observability-report-artifacts-96aa1755b7097bf0
gh pr create --title '[q] fix(daily-observability-report): download agent and detection artifacts' --base main --head q/daily-observability-report-artifacts-96aa1755b7097bf0 --repo github/gh-aw

🎩 Equipped by Q · 71.5 AIC · ⌖ 10.1 AIC · ⊞ 7.8K · ◷

• expires on Jun 23, 2026, 4:25 PM UTC-08:00