Skip to content

fix security-alert-burndown: clarify safe-output call sequence #12465

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mnkiefer merged 4 commits into from
Jan 29, 2026
Merged

fix security-alert-burndown: clarify safe-output call sequence #12465

mnkiefer merged 4 commits into from
Jan 29, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 29, 2026
edited
Loading

The security alert burndown workflow created issues but failed to add them to the project board or assign them to agents. The agent executed only 1 of 3 required safe-output calls.

Root Cause

Step 4 instructions listed three required calls but interrupted them with bundling context:

After updating project items, you must complete all three actions below in order:
1. Create the parent tracking issue
2. Add the issue to the project board
3. Assign the issue to the Copilot agent

**Selection Criteria:**
1. Review all discovered PRs
2. Group by runtime...
[70 lines of bundling rules]

**Action 1: Create the parent issue**
[instructions for create_issue]

**Action 2: Add issue to project board**
[instructions for update_project]
...

The agent created the issue, but the intervening context caused it to skip the subsequent update_project and assign_to_agent calls.

Changes

Restructured Step 4 for sequential clarity:

### Step 4: Create parent issue and assign work

First complete the bundling analysis below, then immediately perform 
all three safe-output calls in sequence.

#### Bundling Analysis (Do This First)
[Analysis and rules moved here]

#### Required Safe-Output Calls (All Three Required):
After completing bundling analysis, immediately perform:

1. Call create_issue
2. Call update_project
3. Call assign_to_agent

#### Safe-Output Call #1: Create the Issue
[create_issue instructions with temporary ID capture]

#### Safe-Output Call #2: Add Issue to Project Board
[update_project instructions using temporary ID]

#### Safe-Output Call #3: Assign to Agent
[assign_to_agent instructions using temporary ID]

Added concrete example:

If create_issue returned aw_sec2026012901, then:
- Call #2: update_project(..., content_number="aw_sec2026012901", ...)
- Call #3: assign_to_agent(issue_number="aw_sec2026012901", ...)

The sequential structure (analysis → call #1 → call #2 → call #3) makes the required flow obvious and uninterruptible.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/githubnext/gh-aw/issues/12462
    • Triggering command: /usr/bin/curl curl -s -H Accept: application/vnd.github+json REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Fix security alert burndown campaign:

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 3 commits January 29, 2026 06:35
@mnkiefer
Improve security alert burndown workflow instructions for issue creation
c5fd6bc 
- Restructure Step 4 to make three required safe-output calls more explicit
- Add clear sequential numbering (#1, #2, #3) for the three calls
- Emphasize immediacy with "immediately perform" and "Immediately call"
- Move bundling analysis before the safe-output calls for better flow
- Add prominent example showing temporary ID usage across all three calls
- Use consistent naming: "call #1", "call #2", "call #3" for clarity

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
@mnkiefer
Fix instruction ordering: bundling analysis before safe-output calls
1a112d6 
Address code review feedback - clarify that bundling analysis must be completed
before performing the three safe-output calls. This resolves the contradictory
instruction sequencing where "immediately perform" came before "Do This First".

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
@mnkiefer
Remove duplicate Bundling Guidelines header
d8e2bda 
Minor cleanup - removed duplicate section header that was introduced
during the restructuring.

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
@mnkiefer mnkiefer marked this pull request as ready for review January 29, 2026 06:40
Copilot AI changed the title [WIP] Fix issue assignment and project board updates Fix security alert burndown: clarify safe-output call sequence Jan 29, 2026
Copilot AI requested a review from mnkiefer January 29, 2026 06:44
@mnkiefer mnkiefer changed the title Fix security alert burndown: clarify safe-output call sequence fix: clarify safe-output call sequence Jan 29, 2026
@mnkiefer mnkiefer changed the title fix: clarify safe-output call sequence fix security-alert-burndown: clarify safe-output call sequence Jan 29, 2026
@mnkiefer mnkiefer merged commit 2b9a5f4 into main Jan 29, 2026
192 checks passed
@mnkiefer mnkiefer deleted the copilot/fix-security-alert-issues branch January 29, 2026 06:48
@github-actions github-actions bot mentioned this pull request Jan 29, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mnkiefer mnkiefer mnkiefer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mnkiefer mnkiefer

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mnkiefer