Summary
All four agent workflows (perf-analysis, feature-planner, issue-implementer, test-analysis) are failing because the Copilot CLI engine blocks both MCP servers (github and safeoutputs) by policy. Without MCP access, agents cannot call noop, create_pull_request, or any other safe-output tool, causing every run to be marked as a failure.
Root Cause
PR #920 (dependabot) bumped github/gh-aw from 0.66.1 → 0.68.1 and PR #919 bumped github/gh-aw-actions to match. Both were merged on April 13.
However, the .lock.yml files were never recompiled after the merge. They still contain:
# compiler_version: "v0.66.1"
uses: github/gh-aw-actions/setup@v0.66.1
GH_AW_INFO_CLI_VERSION: "v0.66.1"
This creates a version mismatch: the repository declares 0.68.1 as the gh-aw version, but the lock files (which are what GitHub Actions actually executes) still reference 0.66.1 actions/setup steps compiled by the 0.66.1 compiler. The 0.68.1 release included security hardening changes (agent-stdio.log permissions, MCP gateway token redaction) and Copilot CLI pinning that likely changed how the sandbox policy is evaluated — the stale lock files do not include these changes, producing a broken intermediate state.
Evidence
Every failed run since April 13 shows the same error in agent-stdio.log:
! 2 MCP servers were blocked by policy: 'github', 'safeoutputs'
Affected issues (all filed April 16, all showing this error):
The lock file header confirms the stale version:
# This file was automatically generated by gh-aw (v0.66.1). DO NOT EDIT.
# gh-aw-metadata: {"compiler_version":"v0.66.1",...}
Fix
Run gh aw compile to regenerate all .lock.yml files with the 0.68.1 compiler, then commit and push both the .md and .lock.yml files.
Related
Summary
All four agent workflows (perf-analysis, feature-planner, issue-implementer, test-analysis) are failing because the Copilot CLI engine blocks both MCP servers (
githubandsafeoutputs) by policy. Without MCP access, agents cannot callnoop,create_pull_request, or any other safe-output tool, causing every run to be marked as a failure.Root Cause
PR #920 (dependabot) bumped
github/gh-awfrom 0.66.1 → 0.68.1 and PR #919 bumpedgithub/gh-aw-actionsto match. Both were merged on April 13.However, the
.lock.ymlfiles were never recompiled after the merge. They still contain:This creates a version mismatch: the repository declares 0.68.1 as the gh-aw version, but the lock files (which are what GitHub Actions actually executes) still reference 0.66.1 actions/setup steps compiled by the 0.66.1 compiler. The 0.68.1 release included security hardening changes (agent-stdio.log permissions, MCP gateway token redaction) and Copilot CLI pinning that likely changed how the sandbox policy is evaluated — the stale lock files do not include these changes, producing a broken intermediate state.
Evidence
Every failed run since April 13 shows the same error in
agent-stdio.log:Affected issues (all filed April 16, all showing this error):
The lock file header confirms the stale version:
Fix
Run
gh aw compileto regenerate all.lock.ymlfiles with the 0.68.1 compiler, then commit and push both the.mdand.lock.ymlfiles.Related