[agent-suggestions] Agent suggestions - 2026-05-18

[github-actions]

Agent Suggestions

Date: 2026-05-18

1. Downstream Release Compatibility Canary

Trigger: release.published + workflow_dispatch (optional weekly schedule)
Purpose: Run a small compatibility canary against representative downstream repos immediately after release to catch rollout-breaking changes early (token wiring, integrity policy defaults, trigger/contract drift) before broad downstream failures accumulate.
Proposed safe outputs: create-issue (single deduplicated compatibility report), add-comment (optional release/upgrade thread), noop
Evidence:

• fix(issue-fixer): trust allowed-bot-users for MCP integrity on public repos #1128 — downstream/public-repo trust + integrity mismatch fix in progress.
• feat(issue-fixer): expose GH_AW_GITHUB_TOKEN in workflow_call contract #1027 — workflow-call token contract gap that blocked downstream label-driven automation.
• [bug-hunter] Issue Triage trigger no-ops for non-collaborator issue openers #1110 — issue-triage behavior mismatch causing effective no-op for non-collaborator reporters.
• docs(issue-triage): clarify activation scope for opened issues #1111 — docs update needed to clarify activation scope after mismatch.
• [downstream-health] Downstream health report for 2026-05-18 #1126 — internal downstream-health report showing recurring downstream failures/noise across monitored repos.
• https://github.com/elastic/ai-github-actions/blob/main/gh-agent-workflows/internal-downstream-health/README.md — current downstream workflow is post-hoc monitoring.
• https://github.com/elastic/ai-github-actions/blob/main/gh-agent-workflows/release-update/README.md — release-update handles ref updates, not compatibility canary validation.

Why not covered already: Existing workflows either monitor downstream failures after they happen (internal-downstream-health) or update workflow references (release-update). There is no release-gated compatibility canary that validates a representative downstream matrix before/at rollout.

Duplicate Checks

• Existing open agent suggestion reviewed: [agent-suggestions] Agent suggestions - 2026-05-11 #1094
• Existing open no-op-noise proposal reviewed: [product-manager-impersonator] Workflow-call switch for no-op issue noise #935
• Open issues query reviewed: https://github.com/elastic/ai-github-actions/issues?q=is:issue+is:open+%28agent+OR+workflow+OR+automation%29
• Open PRs query reviewed: https://github.com/elastic/ai-github-actions/pulls?q=is:pr+is:open+%28agent+OR+workflow%29
• Prior agent-suggestions titles reviewed: https://github.com/elastic/ai-github-actions/issues?q=is:issue+in:title+%22%5Bagent-suggestions%5D%22

Downstream Signals

• Adoption discovered via workflow references in: elastic/beats, elastic/integrations, elastic/elastic-agent, elastic/oblt-aw, elastic/ai-github-actions-playground.
• High-frequency downstream workflow activity/no-op pressure:
  • [aw] No-Op Runs beats#49170
  • [aw] No-Op Runs integrations#17851
  • [aw] No-Op Runs elastic-agent#13410
  • [aw] No-Op Runs oblt-aw#28

Suggested Next Steps

• Add gh-aw-downstream-release-canary workflow under gh-agent-workflows/ with a small configurable repo matrix.
• Validate core contracts per repo (COPILOT_GITHUB_TOKEN/GH_AW_GITHUB_TOKEN wiring, integrity/trusted-bot settings, and trigger activation paths).
• Emit one deduplicated compatibility report issue per run with per-repo pass/fail evidence and remediation hints.
• Optionally gate release promotion on canary outcome (soft-fail initially).

Note

🔒 Integrity filter blocked 37 items

The following items were blocked because they don't meet the GitHub integrity level.

• #1128 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #392 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• Mint Ephemeral Tokens #1067 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #1025 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #1067 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #50759 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #50758 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #50754 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #19002 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18899 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #19048 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #50680 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #50257 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #14331 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #101 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #99 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• ... and 21 more items

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: Trigger Agent Suggestions

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

• expires on May 25, 2026, 1:43 PM UTC

[github-actions]

This issue was automatically closed because it expired on 2026-05-25T13:43:14.485Z.

Closed by Workflow