Skip to content

Fix security-alert-burndown: add explicit create_agent_session instructions#12334

Merged
mnkiefer merged 2 commits intomainfrom
copilot/fix-missing-agent-session-outputs
Jan 28, 2026
Merged

Fix security-alert-burndown: add explicit create_agent_session instructions#12334
mnkiefer merged 2 commits intomainfrom
copilot/fix-missing-agent-session-outputs

Conversation

Copy link
Contributor

Copilot AI commented Jan 28, 2026
edited
Loading

Problem

Campaign run 21450478269 discovered 10 Dependabot PRs and updated the project board but skipped agent session creation despite create-agent-session being configured in safe-outputs. The Create Agent Session step was skipped because the orchestrator output contained no create_agent_session items—only update_project items.

Root cause: Step 4 ("Assign work") described bundling rules but never instructed the orchestrator to call the create_agent_session tool.

Changes

Workflow Instructions (.github/workflows/security-alert-burndown.md)

  • Added explicit "Creating Agent Sessions" section in Step 4
  • Provided template showing how to call create_agent_session with required body parameter
  • Specified selection criteria: up to 3 sessions grouped by runtime + target file
  • Included detailed task structure with research requirements and constraints

Before

### Step 4: Assign work

**Dependabot Burndown Rules**:
- Group work by **runtime** (Node.js, Python, etc.). Never mix runtimes.
- Group changes by **target dependency file**...

After

### Step 4: Assign work

After updating project items, **create agent sessions** to bundle and merge Dependabot PRs:

**Creating Agent Sessions:**

For each selected group (up to 3 total), use the `create_agent_session` tool:

create_agent_session(body="Bundle and merge Dependabot PRs for [runtime] [package.json]:

PRs to merge:
- #[pr_number]: [title] ([old_version][new_version])

Task:
1. Research each package update for breaking changes
2. Create a research report documenting changes
3. Bundle the PRs into a single update
4. Test the bundled changes (run tests, verify CI passes)
5. Create a PR with bundled update and research report
...")

Expected Behavior

Next run will produce agent output containing both update_project items (project board updates) and create_agent_session items (agent session creation requests). The Create Agent Session step will execute instead of being skipped.

Original prompt

Analyze campaign run: https://github.com/githubnext/gh-aw/actions/runs/21450478269
Missing create-agent-session safe outputs. Orchestrator should have followed instructions given.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@github-actions github-actions bot mentioned this pull request Jan 28, 2026
Closed
@mnkiefer
Add explicit create_agent_session instructions to security-alert-burn…
0b39736 
…down workflow

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix missing create-agent-session safe outputs Fix security-alert-burndown: add explicit create_agent_session instructions Jan 28, 2026
Copilot AI requested a review from mnkiefer January 28, 2026 18:47
@mnkiefer mnkiefer marked this pull request as ready for review January 28, 2026 18:48
@mnkiefer mnkiefer merged commit 825f6e6 into main Jan 28, 2026
144 checks passed
@mnkiefer mnkiefer deleted the copilot/fix-missing-agent-session-outputs branch January 28, 2026 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mnkiefer mnkiefer mnkiefer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mnkiefer mnkiefer

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mnkiefer