From 8aaa0ccab23f4f7a221021735e381751c0cfee48 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 16 Mar 2026 23:47:58 +0000 Subject: [PATCH 1/4] Initial plan From c5d9038118271289f281dbcaee7305f8751c7579 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 17 Mar 2026 00:01:13 +0000 Subject: [PATCH 2/4] fix: safe-outputs prompt incorrectly claims all GitHub ops when GitHub MCP is mounted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Change `safe_outputs_prompt.md` line 3: "all GitHub operations" → "GitHub writes and completion signaling" so the static intro is accurate regardless of whether GitHub MCP is also enabled. - Add `buildGitHubMCPToolsGuidance()` in `unified_prompt_step.go` and inject it as a `` section whenever `tools.github` is enabled. When safe-outputs is also enabled the section explicitly separates reads (GitHub MCP) from writes (safeoutputs) so the model is never steered away from the available read tools. - Add `TestCollectPromptSections_GitHubMCPAndSafeOutputsConsistency` regression test covering three scenarios: both enabled, only GitHub MCP, and no GitHub MCP. Fixes: # Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/ace-editor.lock.yml | 3 + .../agent-performance-analyzer.lock.yml | 3 + .../workflows/agent-persona-explorer.lock.yml | 3 + .github/workflows/ai-moderator.lock.yml | 3 + .github/workflows/archie.lock.yml | 3 + .github/workflows/artifacts-summary.lock.yml | 3 + .github/workflows/audit-workflows.lock.yml | 3 + .github/workflows/auto-triage-issues.lock.yml | 3 + .github/workflows/blog-auditor.lock.yml | 3 + .github/workflows/bot-detection.lock.yml | 3 + .github/workflows/brave.lock.yml | 3 + .../breaking-change-checker.lock.yml | 3 + .github/workflows/changeset.lock.yml | 3 + .github/workflows/ci-coach.lock.yml | 3 + .github/workflows/ci-doctor.lock.yml | 3 + .../claude-code-user-docs-review.lock.yml | 3 + .../cli-consistency-checker.lock.yml | 3 + .../workflows/cli-version-checker.lock.yml | 3 + .github/workflows/cloclo.lock.yml | 3 + .../workflows/code-scanning-fixer.lock.yml | 3 + .github/workflows/code-simplifier.lock.yml | 3 + .../codex-github-remote-mcp-test.lock.yml | 3 + .../commit-changes-analyzer.lock.yml | 3 + .../constraint-solving-potd.lock.yml | 3 + .github/workflows/contribution-check.lock.yml | 3 + .../workflows/copilot-agent-analysis.lock.yml | 3 + .../copilot-cli-deep-research.lock.yml | 3 + .../copilot-pr-merged-report.lock.yml | 3 + .../copilot-pr-nlp-analysis.lock.yml | 3 + .../copilot-pr-prompt-analysis.lock.yml | 3 + .../copilot-session-insights.lock.yml | 3 + .github/workflows/craft.lock.yml | 3 + .../daily-architecture-diagram.lock.yml | 3 + .../daily-assign-issue-to-user.lock.yml | 3 + .github/workflows/daily-choice-test.lock.yml | 3 + .../workflows/daily-cli-performance.lock.yml | 3 + .../workflows/daily-cli-tools-tester.lock.yml | 3 + .github/workflows/daily-code-metrics.lock.yml | 3 + .../workflows/daily-compiler-quality.lock.yml | 3 + .../daily-copilot-token-report.lock.yml | 3 + .github/workflows/daily-doc-healer.lock.yml | 3 + .github/workflows/daily-doc-updater.lock.yml | 3 + .github/workflows/daily-fact.lock.yml | 3 + .github/workflows/daily-file-diet.lock.yml | 3 + .../workflows/daily-firewall-report.lock.yml | 3 + .../workflows/daily-function-namer.lock.yml | 3 + .../workflows/daily-issues-report.lock.yml | 3 + .../daily-malicious-code-scan.lock.yml | 3 + .../daily-mcp-concurrency-analysis.lock.yml | 3 + .../daily-multi-device-docs-tester.lock.yml | 3 + .github/workflows/daily-news.lock.yml | 3 + .../daily-observability-report.lock.yml | 3 + .../daily-performance-summary.lock.yml | 3 + .github/workflows/daily-regulatory.lock.yml | 3 + .../daily-rendering-scripts-verifier.lock.yml | 3 + .../workflows/daily-repo-chronicle.lock.yml | 3 + .../daily-safe-output-optimizer.lock.yml | 3 + .../daily-safe-outputs-conformance.lock.yml | 3 + .../workflows/daily-secrets-analysis.lock.yml | 3 + .../daily-security-red-team.lock.yml | 3 + .github/workflows/daily-semgrep-scan.lock.yml | 3 + .../daily-syntax-error-quality.lock.yml | 3 + .../daily-team-evolution-insights.lock.yml | 3 + .github/workflows/daily-team-status.lock.yml | 3 + .../daily-testify-uber-super-expert.lock.yml | 3 + .../workflows/daily-workflow-updater.lock.yml | 3 + .github/workflows/dead-code-remover.lock.yml | 3 + .github/workflows/deep-report.lock.yml | 3 + .github/workflows/delight.lock.yml | 3 + .github/workflows/dependabot-burner.lock.yml | 3 + .../workflows/dependabot-go-checker.lock.yml | 3 + .github/workflows/dev-hawk.lock.yml | 3 + .github/workflows/dev.lock.yml | 3 + .../developer-docs-consolidator.lock.yml | 3 + .github/workflows/dictation-prompt.lock.yml | 3 + .../workflows/discussion-task-miner.lock.yml | 3 + .github/workflows/docs-noob-tester.lock.yml | 3 + .github/workflows/draft-pr-cleanup.lock.yml | 3 + .../duplicate-code-detector.lock.yml | 3 + .../example-permissions-warning.lock.yml | 3 + .../example-workflow-analyzer.lock.yml | 3 + .github/workflows/firewall-escape.lock.yml | 3 + .github/workflows/firewall.lock.yml | 3 + .../workflows/functional-pragmatist.lock.yml | 3 + .../github-mcp-structural-analysis.lock.yml | 3 + .../github-mcp-tools-report.lock.yml | 3 + .../github-remote-mcp-auth-test.lock.yml | 3 + .../workflows/glossary-maintainer.lock.yml | 3 + .github/workflows/go-fan.lock.yml | 3 + .github/workflows/go-logger.lock.yml | 3 + .../workflows/go-pattern-detector.lock.yml | 3 + .github/workflows/gpclean.lock.yml | 3 + .github/workflows/grumpy-reviewer.lock.yml | 3 + .github/workflows/hourly-ci-cleaner.lock.yml | 3 + .../workflows/instructions-janitor.lock.yml | 3 + .github/workflows/issue-arborist.lock.yml | 3 + .github/workflows/issue-monster.lock.yml | 3 + .github/workflows/issue-triage-agent.lock.yml | 3 + .github/workflows/jsweep.lock.yml | 3 + .../workflows/layout-spec-maintainer.lock.yml | 3 + .github/workflows/lockfile-stats.lock.yml | 3 + .github/workflows/mcp-inspector.lock.yml | 3 + .github/workflows/mergefest.lock.yml | 3 + .github/workflows/metrics-collector.lock.yml | 3 + .../workflows/notion-issue-summary.lock.yml | 3 + .github/workflows/org-health-report.lock.yml | 3 + .github/workflows/pdf-summary.lock.yml | 3 + .github/workflows/plan.lock.yml | 3 + .github/workflows/poem-bot.lock.yml | 3 + .github/workflows/portfolio-analyst.lock.yml | 3 + .../workflows/pr-nitpick-reviewer.lock.yml | 3 + .github/workflows/pr-triage-agent.lock.yml | 3 + .../prompt-clustering-analysis.lock.yml | 3 + .github/workflows/python-data-charts.lock.yml | 3 + .github/workflows/q.lock.yml | 3 + .github/workflows/refiner.lock.yml | 3 + .github/workflows/release.lock.yml | 3 + .../workflows/repo-audit-analyzer.lock.yml | 3 + .github/workflows/repo-tree-map.lock.yml | 3 + .../repository-quality-improver.lock.yml | 3 + .github/workflows/research.lock.yml | 3 + .github/workflows/safe-output-health.lock.yml | 3 + .../schema-consistency-checker.lock.yml | 3 + .github/workflows/scout.lock.yml | 3 + ...ecurity-alert-burndown.campaign.g.lock.yml | 3 + .../workflows/security-compliance.lock.yml | 3 + .github/workflows/security-review.lock.yml | 3 + .../semantic-function-refactor.lock.yml | 3 + .github/workflows/sergo.lock.yml | 3 + .../workflows/slide-deck-maintainer.lock.yml | 3 + .../workflows/smoke-agent-all-merged.lock.yml | 3 + .../workflows/smoke-agent-all-none.lock.yml | 3 + .../smoke-agent-public-approved.lock.yml | 3 + .../smoke-agent-public-none.lock.yml | 3 + .../smoke-agent-scoped-approved.lock.yml | 3 + .../workflows/smoke-call-workflow.lock.yml | 3 + .github/workflows/smoke-claude.lock.yml | 3 + .github/workflows/smoke-codex.lock.yml | 3 + .github/workflows/smoke-copilot-arm.lock.yml | 3 + .github/workflows/smoke-copilot.lock.yml | 3 + .../smoke-create-cross-repo-pr.lock.yml | 3 + .github/workflows/smoke-gemini.lock.yml | 3 + .github/workflows/smoke-multi-pr.lock.yml | 3 + .github/workflows/smoke-project.lock.yml | 3 + .github/workflows/smoke-temporary-id.lock.yml | 3 + .github/workflows/smoke-test-tools.lock.yml | 3 + .../smoke-update-cross-repo-pr.lock.yml | 3 + .../smoke-workflow-call-with-inputs.lock.yml | 3 + .../workflows/smoke-workflow-call.lock.yml | 3 + .../workflows/stale-repo-identifier.lock.yml | 3 + .../workflows/static-analysis-report.lock.yml | 3 + .../workflows/step-name-alignment.lock.yml | 3 + .github/workflows/sub-issue-closer.lock.yml | 3 + .github/workflows/super-linter.lock.yml | 3 + .../workflows/technical-doc-writer.lock.yml | 3 + .github/workflows/terminal-stylist.lock.yml | 3 + .../test-create-pr-error-handling.lock.yml | 3 + .github/workflows/test-dispatcher.lock.yml | 3 + .../test-project-url-default.lock.yml | 3 + .github/workflows/test-workflow.lock.yml | 3 + .github/workflows/tidy.lock.yml | 3 + .github/workflows/typist.lock.yml | 3 + .../workflows/ubuntu-image-analyzer.lock.yml | 3 + .github/workflows/unbloat-docs.lock.yml | 3 + .github/workflows/video-analyzer.lock.yml | 3 + .../weekly-editors-health-check.lock.yml | 3 + .../workflows/weekly-issue-summary.lock.yml | 3 + .../weekly-safe-outputs-spec-review.lock.yml | 3 + .github/workflows/workflow-generator.lock.yml | 3 + .../workflow-health-manager.lock.yml | 3 + .../workflows/workflow-normalizer.lock.yml | 3 + .../workflow-skill-extractor.lock.yml | 3 + actions/setup/md/safe_outputs_prompt.md | 2 +- pkg/workflow/unified_prompt_step.go | 28 ++++++ pkg/workflow/unified_prompt_step_test.go | 94 +++++++++++++++++++ 175 files changed, 639 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ace-editor.lock.yml b/.github/workflows/ace-editor.lock.yml index a850d970899..6f564ee5b82 100644 --- a/.github/workflows/ace-editor.lock.yml +++ b/.github/workflows/ace-editor.lock.yml @@ -203,6 +203,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 090119537a4..7336ee04de2 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -165,6 +165,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 5905d9fa6a0..946baa2efa2 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -170,6 +170,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 8eb1c9b498f..8df70bd0092 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -208,6 +208,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index 84cd9e86012..7fd3b292ba3 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -224,6 +224,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 4e0e4267c24..caabaf4edfc 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -161,6 +161,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 424084d4745..519883a8743 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -174,6 +174,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index 22a1186d502..fd6fada3447 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -178,6 +178,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 0bff552d543..96552dc5dbb 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/bot-detection.lock.yml b/.github/workflows/bot-detection.lock.yml index 090156cc499..7b285c06f0d 100644 --- a/.github/workflows/bot-detection.lock.yml +++ b/.github/workflows/bot-detection.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 7477a8cac16..b7024a83f19 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -210,6 +210,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 4eb780f3d60..f5f5ac702db 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -163,6 +163,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index dc14df50bba..bfd0c266e85 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -212,6 +212,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 3234db3e6f0..42716506b77 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 77a4069d2e3..22fe7a397d2 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -183,6 +183,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index d5bf7da5fb6..66442b684d5 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 72f14f151f9..7652ed6fb94 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -155,6 +155,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index f8482136837..f83ea991011 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index be2e9d28025..13486dddfc0 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -274,6 +274,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index 516dcdd36cb..0efaa47df5f 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -165,6 +165,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index 138d6b20b72..9456d4d8cb5 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -173,6 +173,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index 3414d4ebda0..ea9bb23551c 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -155,6 +155,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index 5a275166318..ee7754047fc 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -169,6 +169,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml index 254b302cee9..eda9b4cd4ce 100644 --- a/.github/workflows/constraint-solving-potd.lock.yml +++ b/.github/workflows/constraint-solving-potd.lock.yml @@ -162,6 +162,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index 62fb028f1d4..3f020f128ff 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -165,6 +165,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index 2fc6d5efeb0..177c0ebdc22 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -172,6 +172,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index d43f812d0fa..6aa9729175c 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -162,6 +162,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 38cc5ce3880..704c2f347b9 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -164,6 +164,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 45976bd19db..24bfe9c311a 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -169,6 +169,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index d885495d4e5..54128d0eac3 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index a3f5a4fd3ee..353c17496e8 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -177,6 +177,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index f9a47a7917a..138d1439f3f 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -209,6 +209,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index c34783f1511..58fcd1be36c 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -164,6 +164,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index a393228394b..1d76d6a379c 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -155,6 +155,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 3c428389070..da937feffda 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -161,6 +161,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index ffcd4d584d1..8d6487d7c59 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -164,6 +164,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index f239bc995ea..bd08204d7b0 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index 384fa1e722c..385f9980343 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -173,6 +173,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 9b7df2b481b..36ce94137f5 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -162,6 +162,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index 12fed61e15b..e9605a51390 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index 751aae9ca49..c243ac6a9a0 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -171,6 +171,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index eebe208f068..95223b9d34f 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -170,6 +170,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 1ebc4cc7a3b..bdebf0096db 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -148,6 +148,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index d976b58d679..89725568451 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -165,6 +165,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index c653f6e2372..b86478c1a7f 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -171,6 +171,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index 48995dfb37b..2605bb011cd 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 1af2d718675..42e79382566 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -180,6 +180,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 6963b9288a7..a72421b12a9 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -160,6 +160,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 9f769068027..6c9873432d4 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -161,6 +161,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 097f65559a6..86ebea94ae9 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -176,6 +176,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index f89ac666fb4..fcd2e590bad 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 8ed3fb125f4..09582af9ed7 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -170,6 +170,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index ed48a0cbb22..4fae0d0c03a 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -171,6 +171,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index 373b9d29846..ef7f8228e88 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index dff6ca6a347..bd6fdc3db9e 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -175,6 +175,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 412e7cc04f9..5d7a09111fb 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -164,6 +164,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 97b2307f6e2..c4672e2c82f 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -173,6 +173,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index 6dabc67179f..f3fa0a0a2b7 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index f2a2c5af47a..96cd57fa1bb 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -160,6 +160,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index 9e80c7a0eb7..d9600552308 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 87fa1bb6e91..ec92c02add7 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 5f4e589ce91..6aa70108d79 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -160,6 +160,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index 9dd0dfb3196..001e98a39e6 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index b375257fce2..8421a68143b 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -175,6 +175,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index f52f31b545a..6fb2a6e45cf 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 5b476c8d48c..ab79370c345 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -159,6 +159,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/dead-code-remover.lock.yml b/.github/workflows/dead-code-remover.lock.yml index 3c8c64ea335..3b36134dc3f 100644 --- a/.github/workflows/dead-code-remover.lock.yml +++ b/.github/workflows/dead-code-remover.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index ddd75c4542e..55243be13aa 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -174,6 +174,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 6f02de0fa53..6dcf07f55eb 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -163,6 +163,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index df8ab110d18..aeb7995d5db 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 0784f1aea7d..b6ece959964 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -165,6 +165,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index d1c30ef9f55..211984aeac9 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -173,6 +173,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index 0feceea9e83..cdcc366a688 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -155,6 +155,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index d0d563ef5b4..47eab16f37a 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -173,6 +173,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index eb181ddf17d..10291cb5f77 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -163,6 +163,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index 50553aea67c..d78f87fa566 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index c5967fa3904..ade5ac84437 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -164,6 +164,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index 9b18960a1cf..5ca1670eddc 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -156,6 +156,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 6826d913920..c8ae61f8ea6 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -169,6 +169,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index 30d6c1f5253..a9f12533147 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -154,6 +154,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 5b6d01ee35d..1d8da31e1e4 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index f66ebf85ebc..02274f12a5a 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -181,6 +181,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index af555d05f68..882ba01c6d8 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -154,6 +154,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index b73ca5e83cd..1efb18f7507 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 565fe593d2d..c40b9a2eed8 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -169,6 +169,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 20600fb11d7..62e950852a6 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -170,6 +170,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index 208409a79a7..cb6ea38a81e 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -163,6 +163,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index 85ae6996d92..0c532324beb 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -173,6 +173,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index eba00135acf..529da0036ae 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index 8125515b8dd..12355bbf6d4 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -170,6 +170,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index e9834ca0cbc..f7f08f4cab6 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index 637f495023b..7bbdf8f378d 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 6c89c33af64..c225e877c9c 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -220,6 +220,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index 776620068eb..790422aa1c5 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -173,6 +173,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 0f07c689312..b7d93d2c442 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 5ff9e45d616..f03d9e9f0a1 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -171,6 +171,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 4e1edd2f58c..66cc9086de3 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -515,6 +515,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index a50ec2d3725..1d082afcd64 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 6282a6953de..9072c9bc743 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index d766554c393..65da63dc42d 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index ef72508ba0f..eb706024c90 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 4483b1ff665..68ded8bb46b 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -183,6 +183,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 5a76ef909db..1b1df760cf4 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -212,6 +212,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 2518ec7f9e2..484342ba9b5 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -162,6 +162,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index faf617f6ede..c00018a0b1d 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -169,6 +169,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 65e144a4389..8ccb53b85bf 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -174,6 +174,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index d879c5fafcc..5dca458a45c 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -238,6 +238,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 253f9caa49b..5bdaa6ddc00 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -215,6 +215,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 5e5b96454a5..a2443d8f428 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -234,6 +234,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index dabcaf30dfc..7ca23586e50 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -172,6 +172,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 4d17964c3b4..9eeeb5c7b6a 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -245,6 +245,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index bf82bc50d8e..3ac85dec8c9 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index 9688ae23184..1e7d27ef5b4 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -174,6 +174,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 52ebec7ca05..882235a2529 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -169,6 +169,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index ae7a15ec67d..fc76a864b57 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -258,6 +258,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index 2e848606bff..60c6a4c69b2 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -193,6 +193,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 2847d96cdd2..9625e7dafd1 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -174,6 +174,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index 63e76a8ed2c..3e28f4e20d2 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -171,6 +171,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index 213d3578b19..542e9fee70e 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 828a09f9d80..bd8ba810559 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index b9081f1ab4c..d82816fe6a5 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -170,6 +170,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 6961cee38ed..052aa5fee1b 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -169,6 +169,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 0b88fc5add8..1817a0b2a4c 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index e1b355a9f08..04905eddd5e 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -275,6 +275,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/security-alert-burndown.campaign.g.lock.yml b/.github/workflows/security-alert-burndown.campaign.g.lock.yml index 8e9e47a85f0..839ea538ad0 100644 --- a/.github/workflows/security-alert-burndown.campaign.g.lock.yml +++ b/.github/workflows/security-alert-burndown.campaign.g.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index eaa9a9f959a..1ffab7e683e 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -188,6 +188,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 3599b6f40e9..d2a6e0ec4f7 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -218,6 +218,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index ebb120dbed2..b06f5fe2fae 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 28eee76de16..f31657d8aba 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index c3876feded4..b3ce817281c 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -180,6 +180,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index 5d800c57085..592e02db95a 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -199,6 +199,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index 4ee65589e9a..4ee5d330035 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -199,6 +199,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index 2d68b2eb7ea..e8ba5dadf5a 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -199,6 +199,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 3581617bb79..4bdeb45a42e 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -199,6 +199,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index 467e61d071a..1a310bed544 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -199,6 +199,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 757611156e6..649d79a0984 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -182,6 +182,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 4383d4d683e..2cfb815f65a 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -232,6 +232,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 48399403c72..b0b0f1595b9 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -224,6 +224,9 @@ jobs: - **Note**: If a branch you need is not in the list above and is not listed as an additional fetched ref, it has NOT been checked out. For private repositories you cannot fetch it without proper authentication. If the branch is required and not available, exit with an error and ask the user to add it to the `fetch:` option of the `checkout:` configuration (e.g., `fetch: ["refs/pulls/open/*"]` for all open PR refs, or `fetch: ["main", "feature/my-branch"]` for specific branches). + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 10922fb2b19..a37290f08d3 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -221,6 +221,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 97b0b83de7a..e4d92486f11 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -227,6 +227,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml index b074463a9ba..2d1ced883ff 100644 --- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml @@ -201,6 +201,9 @@ jobs: - **Note**: If a branch you need is not in the list above and is not listed as an additional fetched ref, it has NOT been checked out. For private repositories you cannot fetch it without proper authentication. If the branch is required and not available, exit with an error and ask the user to add it to the `fetch:` option of the `checkout:` configuration (e.g., `fetch: ["refs/pulls/open/*"]` for all open PR refs, or `fetch: ["main", "feature/my-branch"]` for specific branches). + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index 8483ab1c3c0..261186eaa93 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -219,6 +219,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index 4942aa2eb34..26ff20114f3 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -216,6 +216,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index aa26c1310a6..b4372512cf3 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -214,6 +214,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index 6f55860dec9..6daf38adf3f 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -211,6 +211,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 9d703ef69a9..552d6484f5a 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -200,6 +200,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index 4efe40bddfe..35acf6f680a 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -202,6 +202,9 @@ jobs: - **Note**: If a branch you need is not in the list above and is not listed as an additional fetched ref, it has NOT been checked out. For private repositories you cannot fetch it without proper authentication. If the branch is required and not available, exit with an error and ask the user to add it to the `fetch:` option of the `checkout:` configuration (e.g., `fetch: ["refs/pulls/open/*"]` for all open PR refs, or `fetch: ["main", "feature/my-branch"]` for specific branches). + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml index dedfbbfa27f..37f03c620b8 100644 --- a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml +++ b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml @@ -212,6 +212,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/smoke-workflow-call.lock.yml b/.github/workflows/smoke-workflow-call.lock.yml index 331cdb75659..cf7d7479fa5 100644 --- a/.github/workflows/smoke-workflow-call.lock.yml +++ b/.github/workflows/smoke-workflow-call.lock.yml @@ -212,6 +212,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index f538cf138e3..b2f1c7da705 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -184,6 +184,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 9b74b89e9de..75020603072 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index cdf791c3f02..48968b682a6 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -163,6 +163,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 6145a121b59..4d6b9fe08d8 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -162,6 +162,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index e42dbb1c234..23ce43a61af 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index c6e01d11e4f..a2682b3feff 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -178,6 +178,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index d598d8ae073..8533360cd89 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index 724ccf0bf73..808d263e6ac 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -163,6 +163,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index 9b974c70cd3..9e4398168b6 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -158,6 +158,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index a6261245c27..d9d1503df34 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -158,6 +158,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index ed7899beead..4ac9eb71486 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -158,6 +158,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index 45128488fcd..d30c4dd9564 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -226,6 +226,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index edc9a6192f9..71e775b8a45 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index a08c3fcdf93..c788696d7c7 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -172,6 +172,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 70d8b04bff6..80b376b8761 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -226,6 +226,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 505d5452e9c..8185b1c6dc5 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -169,6 +169,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index 13a5fd9e3f4..7250bee3011 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index c49a38b6a34..2f1f40921d6 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -173,6 +173,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml index 70b1e48ca79..f01d1576030 100644 --- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml +++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml @@ -168,6 +168,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index ff186f79184..91ea57bc6fd 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -206,6 +206,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index b5ede9bb611..b21037ed842 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -170,6 +170,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 2827a0d21c3..7afe8657ad0 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -167,6 +167,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index 9d16e955013..846bde4b193 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -166,6 +166,9 @@ jobs: {{/if}} + + The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + GH_AW_PROMPT_EOF cat << 'GH_AW_PROMPT_EOF' diff --git a/actions/setup/md/safe_outputs_prompt.md b/actions/setup/md/safe_outputs_prompt.md index 716b9227448..b7f6abee917 100644 --- a/actions/setup/md/safe_outputs_prompt.md +++ b/actions/setup/md/safe_outputs_prompt.md @@ -1,6 +1,6 @@ -gh CLI is NOT authenticated. Use safeoutputs MCP server tools for all GitHub operations — tool calls required. +gh CLI is NOT authenticated. Use safeoutputs MCP server tools for GitHub writes and completion signaling — tool calls required. **CRITICAL: You MUST call exactly one safe-output tool before finishing.** If no GitHub action was taken (no issues, comments, PRs, etc. were created or updated), you MUST call `noop` with a message explaining why no action was needed. Failing to call any safe-output tool is the #1 cause of workflow failures. Do NOT end your response without calling at least one safe-output tool. diff --git a/pkg/workflow/unified_prompt_step.go b/pkg/workflow/unified_prompt_step.go index f727c8c0e25..0b4336e163e 100644 --- a/pkg/workflow/unified_prompt_step.go +++ b/pkg/workflow/unified_prompt_step.go @@ -340,6 +340,16 @@ func (c *Compiler) collectPromptSections(data *WorkflowData) []PromptSection { EnvVars: envVars, }) } + + // GitHub MCP tool-use guidance: clarifies that the MCP server is read-only and + // directs the model to use it for GitHub reads. When safe-outputs is also enabled, + // the guidance explicitly separates reads (GitHub MCP) from writes (safeoutputs) so + // the model is never steered away from the available read tools. + unifiedPromptLog.Print("Adding GitHub MCP tool-use guidance") + sections = append(sections, PromptSection{ + Content: buildGitHubMCPToolsGuidance(HasSafeOutputsEnabled(data.SafeOutputs)), + IsFile: false, + }) } // 10. PR context (if comment-related triggers and checkout is needed) @@ -779,3 +789,21 @@ func buildSafeOutputsSections(safeOutputs *SafeOutputsConfig) []PromptSection { return sections } + +// buildGitHubMCPToolsGuidance returns inline text for the section. +// It tells the model that the GitHub MCP server is read-only and directs it to use +// those tools for all GitHub reads (issues, PRs, workflows, repository content, search). +// When safe-outputs is also enabled, it explicitly separates the two paths so the model +// is never steered away from the available GitHub MCP read tools. +func buildGitHubMCPToolsGuidance(hasSafeOutputs bool) string { + text := "\n" + + "The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: " + + "listing and searching issues, pull requests, discussions, labels, milestones; " + + "reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. " + + "Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated." + if hasSafeOutputs { + text += " Use safeoutputs tools for GitHub writes and completion signaling." + } + text += "\n" + return text +} diff --git a/pkg/workflow/unified_prompt_step_test.go b/pkg/workflow/unified_prompt_step_test.go index 1fbe992ef61..6d6e2229a99 100644 --- a/pkg/workflow/unified_prompt_step_test.go +++ b/pkg/workflow/unified_prompt_step_test.go @@ -538,3 +538,97 @@ func TestCollectPromptSections_DisableXPIA(t *testing.T) { assert.True(t, hasXPIA, "XPIA section should be included when feature flag is explicitly false") }) } + +// TestCollectPromptSections_GitHubMCPAndSafeOutputsConsistency is a regression test that +// ensures the generated prompt never assigns "all GitHub operations" to safeoutputs when +// the GitHub MCP server is also mounted, and that GitHub MCP read guidance is always present. +func TestCollectPromptSections_GitHubMCPAndSafeOutputsConsistency(t *testing.T) { + t.Run("both GitHub MCP and safe-outputs enabled", func(t *testing.T) { + compiler := &Compiler{} + + data := &WorkflowData{ + ParsedTools: NewTools(map[string]any{"github": true}), + SafeOutputs: &SafeOutputsConfig{ + MissingData: &MissingDataConfig{}, + NoOp: &NoOpConfig{}, + }, + } + + sections := compiler.collectPromptSections(data) + require.NotEmpty(t, sections, "Should collect sections") + + // No inline section should claim safeoutputs handles "all GitHub operations" + for _, section := range sections { + if !section.IsFile { + assert.NotContains(t, section.Content, "all GitHub operations", + "Prompt must not claim safeoutputs handles all GitHub operations when GitHub MCP is mounted") + } + } + + // A section must be present and say the server is read-only + var githubMCPSection *PromptSection + for i := range sections { + if !sections[i].IsFile && strings.Contains(sections[i].Content, "github-mcp-tools") { + githubMCPSection = §ions[i] + break + } + } + require.NotNil(t, githubMCPSection, "Should include guidance when GitHub MCP is enabled") + assert.Contains(t, githubMCPSection.Content, "read-only", + "GitHub MCP guidance must state the server is read-only") + + // When safe-outputs is also enabled, the guidance must direct writes to safeoutputs + assert.Contains(t, githubMCPSection.Content, "safeoutputs", + "GitHub MCP guidance must direct writes to safeoutputs when both are enabled") + }) + + t.Run("only GitHub MCP enabled (no safe-outputs)", func(t *testing.T) { + compiler := &Compiler{} + + data := &WorkflowData{ + ParsedTools: NewTools(map[string]any{"github": true}), + SafeOutputs: nil, + } + + sections := compiler.collectPromptSections(data) + require.NotEmpty(t, sections, "Should collect sections") + + // guidance must still be present + var githubMCPSection *PromptSection + for i := range sections { + if !sections[i].IsFile && strings.Contains(sections[i].Content, "github-mcp-tools") { + githubMCPSection = §ions[i] + break + } + } + require.NotNil(t, githubMCPSection, "Should include guidance even without safe-outputs") + assert.Contains(t, githubMCPSection.Content, "read-only", + "GitHub MCP guidance must state the server is read-only") + + // Without safe-outputs, the guidance should NOT mention safeoutputs + assert.NotContains(t, githubMCPSection.Content, "safeoutputs", + "GitHub MCP guidance should not mention safeoutputs when safe-outputs is not enabled") + }) + + t.Run("no GitHub MCP tool", func(t *testing.T) { + compiler := &Compiler{} + + data := &WorkflowData{ + ParsedTools: NewTools(map[string]any{}), + SafeOutputs: &SafeOutputsConfig{ + MissingData: &MissingDataConfig{}, + NoOp: &NoOpConfig{}, + }, + } + + sections := compiler.collectPromptSections(data) + + // Without GitHub MCP there should be no section + for _, section := range sections { + if !section.IsFile { + assert.NotContains(t, section.Content, "github-mcp-tools", + "Should not include GitHub MCP guidance when GitHub tool is not enabled") + } + } + }) +} From ebb542a058467adfc5ddbbae50e7d184a34d559f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 17 Mar 2026 01:45:43 +0000 Subject: [PATCH 3/4] refactor: move GitHub MCP tools guidance to files in actions/setup/md Per review feedback, replace the inline buildGitHubMCPToolsGuidance() function with two static prompt files in actions/setup/md/, following the same pattern as safe_outputs_prompt.md: - actions/setup/md/github_mcp_tools_prompt.md - actions/setup/md/github_mcp_tools_with_safeoutputs_prompt.md Add two constants in prompt_constants.go and select the correct file in collectPromptSections based on whether safe-outputs is enabled. Update regression test assertions to check for the file constant rather than inline content. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/ace-editor.lock.yml | 4 +-- .../agent-performance-analyzer.lock.yml | 4 +-- .../workflows/agent-persona-explorer.lock.yml | 4 +-- .github/workflows/ai-moderator.lock.yml | 4 +-- .github/workflows/archie.lock.yml | 4 +-- .github/workflows/artifacts-summary.lock.yml | 4 +-- .github/workflows/audit-workflows.lock.yml | 4 +-- .github/workflows/auto-triage-issues.lock.yml | 4 +-- .github/workflows/blog-auditor.lock.yml | 4 +-- .github/workflows/bot-detection.lock.yml | 4 +-- .github/workflows/brave.lock.yml | 4 +-- .../breaking-change-checker.lock.yml | 4 +-- .github/workflows/changeset.lock.yml | 4 +-- .github/workflows/ci-coach.lock.yml | 4 +-- .github/workflows/ci-doctor.lock.yml | 4 +-- .../claude-code-user-docs-review.lock.yml | 4 +-- .../cli-consistency-checker.lock.yml | 4 +-- .../workflows/cli-version-checker.lock.yml | 4 +-- .github/workflows/cloclo.lock.yml | 4 +-- .../workflows/code-scanning-fixer.lock.yml | 4 +-- .github/workflows/code-simplifier.lock.yml | 4 +-- .../codex-github-remote-mcp-test.lock.yml | 4 +-- .../commit-changes-analyzer.lock.yml | 4 +-- .../constraint-solving-potd.lock.yml | 4 +-- .github/workflows/contribution-check.lock.yml | 4 +-- .../workflows/copilot-agent-analysis.lock.yml | 4 +-- .../copilot-cli-deep-research.lock.yml | 4 +-- .../copilot-pr-merged-report.lock.yml | 4 +-- .../copilot-pr-nlp-analysis.lock.yml | 4 +-- .../copilot-pr-prompt-analysis.lock.yml | 4 +-- .../copilot-session-insights.lock.yml | 4 +-- .github/workflows/craft.lock.yml | 4 +-- .../daily-architecture-diagram.lock.yml | 4 +-- .../daily-assign-issue-to-user.lock.yml | 4 +-- .github/workflows/daily-choice-test.lock.yml | 4 +-- .../workflows/daily-cli-performance.lock.yml | 4 +-- .../workflows/daily-cli-tools-tester.lock.yml | 4 +-- .github/workflows/daily-code-metrics.lock.yml | 4 +-- .../workflows/daily-compiler-quality.lock.yml | 4 +-- .../daily-copilot-token-report.lock.yml | 4 +-- .github/workflows/daily-doc-healer.lock.yml | 4 +-- .github/workflows/daily-doc-updater.lock.yml | 4 +-- .github/workflows/daily-fact.lock.yml | 4 +-- .github/workflows/daily-file-diet.lock.yml | 4 +-- .../workflows/daily-firewall-report.lock.yml | 4 +-- .../workflows/daily-function-namer.lock.yml | 4 +-- .../workflows/daily-issues-report.lock.yml | 4 +-- .../daily-malicious-code-scan.lock.yml | 4 +-- .../daily-mcp-concurrency-analysis.lock.yml | 4 +-- .../daily-multi-device-docs-tester.lock.yml | 4 +-- .github/workflows/daily-news.lock.yml | 4 +-- .../daily-observability-report.lock.yml | 4 +-- .../daily-performance-summary.lock.yml | 4 +-- .github/workflows/daily-regulatory.lock.yml | 4 +-- .../daily-rendering-scripts-verifier.lock.yml | 4 +-- .../workflows/daily-repo-chronicle.lock.yml | 4 +-- .../daily-safe-output-optimizer.lock.yml | 4 +-- .../daily-safe-outputs-conformance.lock.yml | 4 +-- .../workflows/daily-secrets-analysis.lock.yml | 4 +-- .../daily-security-red-team.lock.yml | 4 +-- .github/workflows/daily-semgrep-scan.lock.yml | 4 +-- .../daily-syntax-error-quality.lock.yml | 4 +-- .../daily-team-evolution-insights.lock.yml | 4 +-- .github/workflows/daily-team-status.lock.yml | 4 +-- .../daily-testify-uber-super-expert.lock.yml | 4 +-- .../workflows/daily-workflow-updater.lock.yml | 4 +-- .github/workflows/dead-code-remover.lock.yml | 4 +-- .github/workflows/deep-report.lock.yml | 4 +-- .github/workflows/delight.lock.yml | 4 +-- .github/workflows/dependabot-burner.lock.yml | 4 +-- .../workflows/dependabot-go-checker.lock.yml | 4 +-- .github/workflows/dev-hawk.lock.yml | 4 +-- .github/workflows/dev.lock.yml | 4 +-- .../developer-docs-consolidator.lock.yml | 4 +-- .github/workflows/dictation-prompt.lock.yml | 4 +-- .../workflows/discussion-task-miner.lock.yml | 4 +-- .github/workflows/docs-noob-tester.lock.yml | 4 +-- .github/workflows/draft-pr-cleanup.lock.yml | 4 +-- .../duplicate-code-detector.lock.yml | 4 +-- .../example-permissions-warning.lock.yml | 4 +-- .../example-workflow-analyzer.lock.yml | 4 +-- .github/workflows/firewall-escape.lock.yml | 4 +-- .github/workflows/firewall.lock.yml | 4 +-- .../workflows/functional-pragmatist.lock.yml | 4 +-- .../github-mcp-structural-analysis.lock.yml | 4 +-- .../github-mcp-tools-report.lock.yml | 4 +-- .../github-remote-mcp-auth-test.lock.yml | 4 +-- .../workflows/glossary-maintainer.lock.yml | 4 +-- .github/workflows/go-fan.lock.yml | 4 +-- .github/workflows/go-logger.lock.yml | 4 +-- .../workflows/go-pattern-detector.lock.yml | 4 +-- .github/workflows/gpclean.lock.yml | 4 +-- .github/workflows/grumpy-reviewer.lock.yml | 4 +-- .github/workflows/hourly-ci-cleaner.lock.yml | 4 +-- .../workflows/instructions-janitor.lock.yml | 4 +-- .github/workflows/issue-arborist.lock.yml | 4 +-- .github/workflows/issue-monster.lock.yml | 4 +-- .github/workflows/issue-triage-agent.lock.yml | 4 +-- .github/workflows/jsweep.lock.yml | 4 +-- .../workflows/layout-spec-maintainer.lock.yml | 4 +-- .github/workflows/lockfile-stats.lock.yml | 4 +-- .github/workflows/mcp-inspector.lock.yml | 4 +-- .github/workflows/mergefest.lock.yml | 4 +-- .github/workflows/metrics-collector.lock.yml | 4 +-- .../workflows/notion-issue-summary.lock.yml | 4 +-- .github/workflows/org-health-report.lock.yml | 4 +-- .github/workflows/pdf-summary.lock.yml | 4 +-- .github/workflows/plan.lock.yml | 4 +-- .github/workflows/poem-bot.lock.yml | 4 +-- .github/workflows/portfolio-analyst.lock.yml | 4 +-- .../workflows/pr-nitpick-reviewer.lock.yml | 4 +-- .github/workflows/pr-triage-agent.lock.yml | 4 +-- .../prompt-clustering-analysis.lock.yml | 4 +-- .github/workflows/python-data-charts.lock.yml | 4 +-- .github/workflows/q.lock.yml | 4 +-- .github/workflows/refiner.lock.yml | 4 +-- .github/workflows/release.lock.yml | 4 +-- .../workflows/repo-audit-analyzer.lock.yml | 4 +-- .github/workflows/repo-tree-map.lock.yml | 4 +-- .../repository-quality-improver.lock.yml | 4 +-- .github/workflows/research.lock.yml | 4 +-- .github/workflows/safe-output-health.lock.yml | 4 +-- .../schema-consistency-checker.lock.yml | 4 +-- .github/workflows/scout.lock.yml | 4 +-- ...ecurity-alert-burndown.campaign.g.lock.yml | 4 +-- .../workflows/security-compliance.lock.yml | 4 +-- .github/workflows/security-review.lock.yml | 4 +-- .../semantic-function-refactor.lock.yml | 4 +-- .github/workflows/sergo.lock.yml | 4 +-- .../workflows/slide-deck-maintainer.lock.yml | 4 +-- .../workflows/smoke-agent-all-merged.lock.yml | 4 +-- .../workflows/smoke-agent-all-none.lock.yml | 4 +-- .../smoke-agent-public-approved.lock.yml | 4 +-- .../smoke-agent-public-none.lock.yml | 4 +-- .../smoke-agent-scoped-approved.lock.yml | 4 +-- .../workflows/smoke-call-workflow.lock.yml | 4 +-- .github/workflows/smoke-claude.lock.yml | 4 +-- .github/workflows/smoke-codex.lock.yml | 4 +-- .github/workflows/smoke-copilot-arm.lock.yml | 4 +-- .github/workflows/smoke-copilot.lock.yml | 4 +-- .../smoke-create-cross-repo-pr.lock.yml | 4 +-- .github/workflows/smoke-gemini.lock.yml | 4 +-- .github/workflows/smoke-multi-pr.lock.yml | 4 +-- .github/workflows/smoke-project.lock.yml | 4 +-- .github/workflows/smoke-temporary-id.lock.yml | 4 +-- .github/workflows/smoke-test-tools.lock.yml | 4 +-- .../smoke-update-cross-repo-pr.lock.yml | 4 +-- .../smoke-workflow-call-with-inputs.lock.yml | 4 +-- .../workflows/smoke-workflow-call.lock.yml | 4 +-- .../workflows/stale-repo-identifier.lock.yml | 4 +-- .../workflows/static-analysis-report.lock.yml | 4 +-- .../workflows/step-name-alignment.lock.yml | 4 +-- .github/workflows/sub-issue-closer.lock.yml | 4 +-- .github/workflows/super-linter.lock.yml | 4 +-- .../workflows/technical-doc-writer.lock.yml | 4 +-- .github/workflows/terminal-stylist.lock.yml | 4 +-- .../test-create-pr-error-handling.lock.yml | 4 +-- .github/workflows/test-dispatcher.lock.yml | 4 +-- .../test-project-url-default.lock.yml | 4 +-- .github/workflows/test-workflow.lock.yml | 4 +-- .github/workflows/tidy.lock.yml | 4 +-- .github/workflows/typist.lock.yml | 4 +-- .../workflows/ubuntu-image-analyzer.lock.yml | 4 +-- .github/workflows/unbloat-docs.lock.yml | 4 +-- .github/workflows/video-analyzer.lock.yml | 4 +-- .../weekly-editors-health-check.lock.yml | 4 +-- .../workflows/weekly-issue-summary.lock.yml | 4 +-- .../weekly-safe-outputs-spec-review.lock.yml | 4 +-- .github/workflows/workflow-generator.lock.yml | 4 +-- .../workflow-health-manager.lock.yml | 4 +-- .../workflows/workflow-normalizer.lock.yml | 4 +-- .../workflow-skill-extractor.lock.yml | 4 +-- actions/setup/md/github_mcp_tools_prompt.md | 3 ++ ...ithub_mcp_tools_with_safeoutputs_prompt.md | 3 ++ pkg/workflow/prompt_constants.go | 32 +++++++++-------- pkg/workflow/unified_prompt_step.go | 26 ++++---------- pkg/workflow/unified_prompt_step_test.go | 34 +++++++------------ 177 files changed, 214 insertions(+), 572 deletions(-) create mode 100644 actions/setup/md/github_mcp_tools_prompt.md create mode 100644 actions/setup/md/github_mcp_tools_with_safeoutputs_prompt.md diff --git a/.github/workflows/ace-editor.lock.yml b/.github/workflows/ace-editor.lock.yml index 6f564ee5b82..d9f11a7b889 100644 --- a/.github/workflows/ace-editor.lock.yml +++ b/.github/workflows/ace-editor.lock.yml @@ -203,10 +203,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 7336ee04de2..195eff6e857 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -165,10 +165,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 946baa2efa2..f33cac28ce6 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -170,10 +170,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 8df70bd0092..2d5791cd4c6 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -208,10 +208,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index 7fd3b292ba3..806bc90c55c 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -224,10 +224,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index caabaf4edfc..9559b841e08 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -161,10 +161,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 519883a8743..dfb12c44968 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -174,10 +174,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index fd6fada3447..2429ecf8422 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -178,10 +178,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 96552dc5dbb..23556c5f3b1 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/bot-detection.lock.yml b/.github/workflows/bot-detection.lock.yml index 7b285c06f0d..3258a5e5392 100644 --- a/.github/workflows/bot-detection.lock.yml +++ b/.github/workflows/bot-detection.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index b7024a83f19..a45a1d5a559 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -210,10 +210,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index f5f5ac702db..2d88265b96a 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -163,10 +163,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index bfd0c266e85..6caf3b22cd5 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -212,10 +212,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 42716506b77..65ba1742309 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 22fe7a397d2..0d7be2a3965 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -183,10 +183,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index 66442b684d5..2796f2e3764 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 7652ed6fb94..71cd88d954c 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -155,10 +155,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index f83ea991011..10c589e35f4 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 13486dddfc0..c0e72af22f9 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -274,10 +274,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index 0efaa47df5f..4085df4f8d9 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -165,10 +165,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index 9456d4d8cb5..41b30409644 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -173,10 +173,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index ea9bb23551c..481f68e414e 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -155,10 +155,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index ee7754047fc..c27ccba9aa7 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -169,10 +169,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml index eda9b4cd4ce..8bfe3395340 100644 --- a/.github/workflows/constraint-solving-potd.lock.yml +++ b/.github/workflows/constraint-solving-potd.lock.yml @@ -162,10 +162,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index 3f020f128ff..a507a9fe363 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -165,10 +165,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index 177c0ebdc22..42782a54d3b 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -172,10 +172,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 6aa9729175c..c593ec100bd 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -162,10 +162,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 704c2f347b9..840a7a638eb 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -164,10 +164,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 24bfe9c311a..ffe7d539393 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -169,10 +169,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 54128d0eac3..4274dcb3625 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 353c17496e8..5c9b6275473 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -177,10 +177,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index 138d1439f3f..04ebb167dd3 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -209,10 +209,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index 58fcd1be36c..2111c2f0213 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -164,10 +164,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index 1d76d6a379c..aef5dfd2569 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -155,10 +155,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index da937feffda..b269046315e 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -161,10 +161,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 8d6487d7c59..b5be08a935e 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -164,10 +164,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index bd08204d7b0..9e7cc499dbb 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index 385f9980343..8c705bc9161 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -173,10 +173,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 36ce94137f5..cd17213e43b 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -162,10 +162,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index e9605a51390..4ad839d6c27 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index c243ac6a9a0..9eeb8bca5d8 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -171,10 +171,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 95223b9d34f..a7c3613560c 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -170,10 +170,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index bdebf0096db..699579009ee 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -148,10 +148,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 89725568451..35a86a48640 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -165,10 +165,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index b86478c1a7f..09f01f03fab 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -171,10 +171,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index 2605bb011cd..3eb40e60df2 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 42e79382566..a7172ef4dfa 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -180,10 +180,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index a72421b12a9..c191fa55564 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -160,10 +160,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 6c9873432d4..1490070c5bf 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -161,10 +161,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 86ebea94ae9..41fb7d02fc6 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -176,10 +176,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index fcd2e590bad..c7363702ba5 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 09582af9ed7..c403bdb046d 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -170,10 +170,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 4fae0d0c03a..6f2e34909b7 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -171,10 +171,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index ef7f8228e88..3790722a19f 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index bd6fdc3db9e..fd35f7f845b 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -175,10 +175,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 5d7a09111fb..4be5130a49d 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -164,10 +164,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index c4672e2c82f..1974059a910 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -173,10 +173,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index f3fa0a0a2b7..8f84a1d87ce 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 96cd57fa1bb..9fcf8cd5f9a 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -160,10 +160,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index d9600552308..c2046ff19fb 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index ec92c02add7..c6a27630ccd 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 6aa70108d79..79bc0e1792e 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -160,10 +160,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index 001e98a39e6..73896390d16 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 8421a68143b..4e6cef1da6a 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -175,10 +175,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index 6fb2a6e45cf..32f9e9bee1c 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index ab79370c345..94b8133b136 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -159,10 +159,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/dead-code-remover.lock.yml b/.github/workflows/dead-code-remover.lock.yml index 3b36134dc3f..e4530ad0135 100644 --- a/.github/workflows/dead-code-remover.lock.yml +++ b/.github/workflows/dead-code-remover.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 55243be13aa..0908ef98875 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -174,10 +174,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 6dcf07f55eb..dbae4a3f691 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -163,10 +163,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index aeb7995d5db..ec1186dc35c 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index b6ece959964..c8557ae4c2c 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -165,10 +165,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 211984aeac9..b11f398cf2a 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -173,10 +173,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index cdcc366a688..b6dad369d51 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -155,10 +155,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 47eab16f37a..4ea0f1ecc7c 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -173,10 +173,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index 10291cb5f77..c3da7d0f168 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -163,10 +163,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index d78f87fa566..9da1abea8e1 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index ade5ac84437..e6b25ce6f44 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -164,10 +164,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index 5ca1670eddc..3fc6d3f9d46 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -156,10 +156,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index c8ae61f8ea6..63cd9c4faae 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -169,10 +169,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index a9f12533147..6120be2bb73 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -154,10 +154,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 1d8da31e1e4..a7aea97bd44 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 02274f12a5a..7d295d6ca99 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -181,10 +181,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index 882ba01c6d8..da6dde54463 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -154,10 +154,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index 1efb18f7507..2b4c60c281c 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index c40b9a2eed8..4187df0a0b5 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -169,10 +169,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 62e950852a6..0c4a22d1f1d 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -170,10 +170,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index cb6ea38a81e..681f0064436 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -163,10 +163,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index 0c532324beb..e9c1235148f 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -173,10 +173,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index 529da0036ae..8ef930c7aec 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index 12355bbf6d4..f8271065a16 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -170,10 +170,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index f7f08f4cab6..8da55d71683 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index 7bbdf8f378d..b93a7ec4026 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index c225e877c9c..b8a101efa4e 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -220,10 +220,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index 790422aa1c5..139cf2c26c0 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -173,10 +173,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index b7d93d2c442..9fc17e8b84f 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index f03d9e9f0a1..1cff00c2dc8 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -171,10 +171,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 66cc9086de3..95a59ca9a75 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -515,10 +515,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index 1d082afcd64..a63d2daaab2 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 9072c9bc743..cf99bf3a502 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index 65da63dc42d..589d0f2f26e 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index eb706024c90..1c841992443 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 68ded8bb46b..cbc41b4fb12 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -183,10 +183,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 1b1df760cf4..d180e2de86c 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -212,10 +212,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 484342ba9b5..556b7554593 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -162,10 +162,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index c00018a0b1d..2c8240f6db6 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -169,10 +169,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 8ccb53b85bf..64462f27278 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -174,10 +174,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 5dca458a45c..953e4f867b9 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -238,10 +238,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 5bdaa6ddc00..929b354c2b3 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -215,10 +215,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index a2443d8f428..c60a31ba30d 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -234,10 +234,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index 7ca23586e50..b49d3477485 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -172,10 +172,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 9eeeb5c7b6a..fa66b849641 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -245,10 +245,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index 3ac85dec8c9..1becb3a1b5b 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index 1e7d27ef5b4..146927a25ab 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -174,10 +174,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 882235a2529..32cacd6cfdd 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -169,10 +169,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index fc76a864b57..d46539b3936 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -258,10 +258,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index 60c6a4c69b2..285bcea06d3 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -193,10 +193,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 9625e7dafd1..c495c5c1586 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -174,10 +174,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index 3e28f4e20d2..3de1d6bf3ad 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -171,10 +171,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index 542e9fee70e..b4c30e24cb3 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index bd8ba810559..c71a58098d8 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index d82816fe6a5..844633b343d 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -170,10 +170,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 052aa5fee1b..2ab25f7cdb7 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -169,10 +169,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 1817a0b2a4c..6f6c4dfacc3 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index 04905eddd5e..8e6eb6ba109 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -275,10 +275,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/security-alert-burndown.campaign.g.lock.yml b/.github/workflows/security-alert-burndown.campaign.g.lock.yml index 839ea538ad0..36101ec9e24 100644 --- a/.github/workflows/security-alert-burndown.campaign.g.lock.yml +++ b/.github/workflows/security-alert-burndown.campaign.g.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index 1ffab7e683e..870b5055a56 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -188,10 +188,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index d2a6e0ec4f7..90bd2dc1513 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -218,10 +218,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index b06f5fe2fae..58622ba72f8 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index f31657d8aba..f92c4fec195 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index b3ce817281c..23ebd1a0cd8 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -180,10 +180,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index 592e02db95a..150fc5de6a5 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -199,10 +199,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index 4ee5d330035..931dd1427e4 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -199,10 +199,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index e8ba5dadf5a..74b31295913 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -199,10 +199,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 4bdeb45a42e..794f93c0d14 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -199,10 +199,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index 1a310bed544..7037effebe6 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -199,10 +199,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 649d79a0984..99b6ebcb663 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -182,10 +182,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 2cfb815f65a..b03f4fdc771 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -232,10 +232,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index b0b0f1595b9..5b1baf71c9f 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -224,10 +224,8 @@ jobs: - **Note**: If a branch you need is not in the list above and is not listed as an additional fetched ref, it has NOT been checked out. For private repositories you cannot fetch it without proper authentication. If the branch is required and not available, exit with an error and ask the user to add it to the `fetch:` option of the `checkout:` configuration (e.g., `fetch: ["refs/pulls/open/*"]` for all open PR refs, or `fetch: ["main", "feature/my-branch"]` for specific branches). - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index a37290f08d3..29fc9662190 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -221,10 +221,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index e4d92486f11..dbd06cd3910 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -227,10 +227,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml index 2d1ced883ff..52a8b7c5796 100644 --- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml @@ -201,10 +201,8 @@ jobs: - **Note**: If a branch you need is not in the list above and is not listed as an additional fetched ref, it has NOT been checked out. For private repositories you cannot fetch it without proper authentication. If the branch is required and not available, exit with an error and ask the user to add it to the `fetch:` option of the `checkout:` configuration (e.g., `fetch: ["refs/pulls/open/*"]` for all open PR refs, or `fetch: ["main", "feature/my-branch"]` for specific branches). - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index 261186eaa93..017b21d8447 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -219,10 +219,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index 26ff20114f3..ed254be6fb6 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -216,10 +216,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index b4372512cf3..78ebf293028 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -214,10 +214,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index 6daf38adf3f..9b9b24f9f7e 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -211,10 +211,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 552d6484f5a..c05a8bb8c06 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -200,10 +200,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index 35acf6f680a..dbae174520d 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -202,10 +202,8 @@ jobs: - **Note**: If a branch you need is not in the list above and is not listed as an additional fetched ref, it has NOT been checked out. For private repositories you cannot fetch it without proper authentication. If the branch is required and not available, exit with an error and ask the user to add it to the `fetch:` option of the `checkout:` configuration (e.g., `fetch: ["refs/pulls/open/*"]` for all open PR refs, or `fetch: ["main", "feature/my-branch"]` for specific branches). - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml index 37f03c620b8..632fe89689a 100644 --- a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml +++ b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml @@ -212,10 +212,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/smoke-workflow-call.lock.yml b/.github/workflows/smoke-workflow-call.lock.yml index cf7d7479fa5..cee59d69d88 100644 --- a/.github/workflows/smoke-workflow-call.lock.yml +++ b/.github/workflows/smoke-workflow-call.lock.yml @@ -212,10 +212,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index b2f1c7da705..38e21aa4722 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -184,10 +184,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 75020603072..e37c49c883d 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index 48968b682a6..2f39f344413 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -163,10 +163,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 4d6b9fe08d8..3f4e6c757ee 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -162,10 +162,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 23ce43a61af..3e805a3a590 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index a2682b3feff..a7330108921 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -178,10 +178,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 8533360cd89..44a9e5bcb7a 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index 808d263e6ac..4bced483e75 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -163,10 +163,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index 9e4398168b6..aed50bab3e4 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -158,10 +158,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index d9d1503df34..3dc7517adf2 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -158,10 +158,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index 4ac9eb71486..249ab4e2a8b 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -158,10 +158,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index d30c4dd9564..52875937af2 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -226,10 +226,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" if [ "$GITHUB_EVENT_NAME" = "issue_comment" ] && [ -n "$GH_AW_IS_PR_COMMENT" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review_comment" ] || [ "$GITHUB_EVENT_NAME" = "pull_request_review" ]; then cat "/opt/gh-aw/prompts/pr_context_prompt.md" fi diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index 71e775b8a45..126d0559df4 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index c788696d7c7..09f50f2f609 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -172,10 +172,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 80b376b8761..f4cf3b19847 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -226,10 +226,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 8185b1c6dc5..3c7acc0590c 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -169,10 +169,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index 7250bee3011..d11a792f282 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 2f1f40921d6..768ca49f0da 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -173,10 +173,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml index f01d1576030..24ae31a9e9d 100644 --- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml +++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml @@ -168,10 +168,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 91ea57bc6fd..f3f00aaadd6 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -206,10 +206,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index b21037ed842..414d098527a 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -170,10 +170,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 7afe8657ad0..a438ebfdf2f 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -167,10 +167,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index 846bde4b193..a9e4dc89f2c 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -166,10 +166,8 @@ jobs: {{/if}} - - The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. - GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/actions/setup/md/github_mcp_tools_prompt.md b/actions/setup/md/github_mcp_tools_prompt.md new file mode 100644 index 00000000000..37878b225f5 --- /dev/null +++ b/actions/setup/md/github_mcp_tools_prompt.md @@ -0,0 +1,3 @@ + +The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. + diff --git a/actions/setup/md/github_mcp_tools_with_safeoutputs_prompt.md b/actions/setup/md/github_mcp_tools_with_safeoutputs_prompt.md new file mode 100644 index 00000000000..d9960b2e16c --- /dev/null +++ b/actions/setup/md/github_mcp_tools_with_safeoutputs_prompt.md @@ -0,0 +1,3 @@ + +The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: listing and searching issues, pull requests, discussions, labels, milestones; reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated. Use safeoutputs tools for GitHub writes and completion signaling. + diff --git a/pkg/workflow/prompt_constants.go b/pkg/workflow/prompt_constants.go index 6c26bf782ec..16c2015c22b 100644 --- a/pkg/workflow/prompt_constants.go +++ b/pkg/workflow/prompt_constants.go @@ -4,21 +4,23 @@ import _ "embed" // Prompt file paths at runtime (copied by setup action to /opt/gh-aw/prompts) const ( - promptsDir = "/opt/gh-aw/prompts" - prContextPromptFile = "pr_context_prompt.md" - tempFolderPromptFile = "temp_folder_prompt.md" - playwrightPromptFile = "playwright_prompt.md" - markdownPromptFile = "markdown.md" - xpiaPromptFile = "xpia.md" - cacheMemoryPromptFile = "cache_memory_prompt.md" - cacheMemoryPromptMultiFile = "cache_memory_prompt_multi.md" - repoMemoryPromptFile = "repo_memory_prompt.md" - repoMemoryPromptMultiFile = "repo_memory_prompt_multi.md" - safeOutputsPromptFile = "safe_outputs_prompt.md" - safeOutputsCreatePRFile = "safe_outputs_create_pull_request.md" - safeOutputsPushToBranchFile = "safe_outputs_push_to_pr_branch.md" - safeOutputsAutoCreateIssueFile = "safe_outputs_auto_create_issue.md" - agenticWorkflowsGuideFile = "agentic_workflows_guide.md" + promptsDir = "/opt/gh-aw/prompts" + prContextPromptFile = "pr_context_prompt.md" + tempFolderPromptFile = "temp_folder_prompt.md" + playwrightPromptFile = "playwright_prompt.md" + markdownPromptFile = "markdown.md" + xpiaPromptFile = "xpia.md" + cacheMemoryPromptFile = "cache_memory_prompt.md" + cacheMemoryPromptMultiFile = "cache_memory_prompt_multi.md" + repoMemoryPromptFile = "repo_memory_prompt.md" + repoMemoryPromptMultiFile = "repo_memory_prompt_multi.md" + safeOutputsPromptFile = "safe_outputs_prompt.md" + safeOutputsCreatePRFile = "safe_outputs_create_pull_request.md" + safeOutputsPushToBranchFile = "safe_outputs_push_to_pr_branch.md" + safeOutputsAutoCreateIssueFile = "safe_outputs_auto_create_issue.md" + agenticWorkflowsGuideFile = "agentic_workflows_guide.md" + githubMCPToolsPromptFile = "github_mcp_tools_prompt.md" + githubMCPToolsWithSafeOutputsPromptFile = "github_mcp_tools_with_safeoutputs_prompt.md" ) // GitHub context prompt is kept embedded because it contains GitHub Actions expressions diff --git a/pkg/workflow/unified_prompt_step.go b/pkg/workflow/unified_prompt_step.go index 0b4336e163e..068ae6bb368 100644 --- a/pkg/workflow/unified_prompt_step.go +++ b/pkg/workflow/unified_prompt_step.go @@ -346,9 +346,13 @@ func (c *Compiler) collectPromptSections(data *WorkflowData) []PromptSection { // the guidance explicitly separates reads (GitHub MCP) from writes (safeoutputs) so // the model is never steered away from the available read tools. unifiedPromptLog.Print("Adding GitHub MCP tool-use guidance") + githubMCPFile := githubMCPToolsPromptFile + if HasSafeOutputsEnabled(data.SafeOutputs) { + githubMCPFile = githubMCPToolsWithSafeOutputsPromptFile + } sections = append(sections, PromptSection{ - Content: buildGitHubMCPToolsGuidance(HasSafeOutputsEnabled(data.SafeOutputs)), - IsFile: false, + Content: githubMCPFile, + IsFile: true, }) } @@ -789,21 +793,3 @@ func buildSafeOutputsSections(safeOutputs *SafeOutputsConfig) []PromptSection { return sections } - -// buildGitHubMCPToolsGuidance returns inline text for the section. -// It tells the model that the GitHub MCP server is read-only and directs it to use -// those tools for all GitHub reads (issues, PRs, workflows, repository content, search). -// When safe-outputs is also enabled, it explicitly separates the two paths so the model -// is never steered away from the available GitHub MCP read tools. -func buildGitHubMCPToolsGuidance(hasSafeOutputs bool) string { - text := "\n" + - "The GitHub MCP server is read-only. Use GitHub MCP tools for all GitHub reads: " + - "listing and searching issues, pull requests, discussions, labels, milestones; " + - "reading workflow runs, jobs, and artifacts; accessing repository contents, code, and metadata. " + - "Do not use shell `gh` commands for GitHub API reads — `gh` is not authenticated." - if hasSafeOutputs { - text += " Use safeoutputs tools for GitHub writes and completion signaling." - } - text += "\n" - return text -} diff --git a/pkg/workflow/unified_prompt_step_test.go b/pkg/workflow/unified_prompt_step_test.go index 6d6e2229a99..d90832aa634 100644 --- a/pkg/workflow/unified_prompt_step_test.go +++ b/pkg/workflow/unified_prompt_step_test.go @@ -565,21 +565,17 @@ func TestCollectPromptSections_GitHubMCPAndSafeOutputsConsistency(t *testing.T) } } - // A section must be present and say the server is read-only + // The with-safeoutputs variant of the GitHub MCP guidance file must be selected var githubMCPSection *PromptSection for i := range sections { - if !sections[i].IsFile && strings.Contains(sections[i].Content, "github-mcp-tools") { + if sections[i].IsFile && strings.Contains(sections[i].Content, "github_mcp_tools") { githubMCPSection = §ions[i] break } } - require.NotNil(t, githubMCPSection, "Should include guidance when GitHub MCP is enabled") - assert.Contains(t, githubMCPSection.Content, "read-only", - "GitHub MCP guidance must state the server is read-only") - - // When safe-outputs is also enabled, the guidance must direct writes to safeoutputs - assert.Contains(t, githubMCPSection.Content, "safeoutputs", - "GitHub MCP guidance must direct writes to safeoutputs when both are enabled") + require.NotNil(t, githubMCPSection, "Should include github_mcp_tools file when GitHub MCP is enabled") + assert.Equal(t, githubMCPToolsWithSafeOutputsPromptFile, githubMCPSection.Content, + "Should use the with-safeoutputs variant when both GitHub MCP and safe-outputs are enabled") }) t.Run("only GitHub MCP enabled (no safe-outputs)", func(t *testing.T) { @@ -593,21 +589,17 @@ func TestCollectPromptSections_GitHubMCPAndSafeOutputsConsistency(t *testing.T) sections := compiler.collectPromptSections(data) require.NotEmpty(t, sections, "Should collect sections") - // guidance must still be present + // The base GitHub MCP guidance file must be selected (without safeoutputs) var githubMCPSection *PromptSection for i := range sections { - if !sections[i].IsFile && strings.Contains(sections[i].Content, "github-mcp-tools") { + if sections[i].IsFile && strings.Contains(sections[i].Content, "github_mcp_tools") { githubMCPSection = §ions[i] break } } - require.NotNil(t, githubMCPSection, "Should include guidance even without safe-outputs") - assert.Contains(t, githubMCPSection.Content, "read-only", - "GitHub MCP guidance must state the server is read-only") - - // Without safe-outputs, the guidance should NOT mention safeoutputs - assert.NotContains(t, githubMCPSection.Content, "safeoutputs", - "GitHub MCP guidance should not mention safeoutputs when safe-outputs is not enabled") + require.NotNil(t, githubMCPSection, "Should include github_mcp_tools file even without safe-outputs") + assert.Equal(t, githubMCPToolsPromptFile, githubMCPSection.Content, + "Should use the base variant when only GitHub MCP is enabled") }) t.Run("no GitHub MCP tool", func(t *testing.T) { @@ -623,10 +615,10 @@ func TestCollectPromptSections_GitHubMCPAndSafeOutputsConsistency(t *testing.T) sections := compiler.collectPromptSections(data) - // Without GitHub MCP there should be no section + // Without GitHub MCP there should be no github_mcp_tools file section for _, section := range sections { - if !section.IsFile { - assert.NotContains(t, section.Content, "github-mcp-tools", + if section.IsFile { + assert.NotContains(t, section.Content, "github_mcp_tools", "Should not include GitHub MCP guidance when GitHub tool is not enabled") } } From aae205b5b2eeed61b5212c5c96ba9aaead432b97 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 17 Mar 2026 02:11:21 +0000 Subject: [PATCH 4/4] test: update wasm golden files for github_mcp_tools_prompt sections The new github_mcp_tools prompt file sections added by the previous commit caused TestWasmGolden_CompileFixtures to fail because the golden files were out of date. Regenerate them with `make update-wasm-golden`. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../TestWasmGolden_CompileFixtures/basic-copilot.golden | 1 + .../TestWasmGolden_CompileFixtures/smoke-copilot.golden | 1 + .../TestWasmGolden_CompileFixtures/with-imports.golden | 1 + 3 files changed, 3 insertions(+) diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden index 978e2bfd2f8..15c4fda456b 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden @@ -130,6 +130,7 @@ jobs: GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden index abca140c02f..ee2aa67ae65 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden @@ -156,6 +156,7 @@ jobs: GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden index 9c73e81bc96..200134b6482 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden @@ -130,6 +130,7 @@ jobs: GH_AW_PROMPT_EOF + cat "/opt/gh-aw/prompts/github_mcp_tools_prompt.md" cat << 'GH_AW_PROMPT_EOF' GH_AW_PROMPT_EOF