|
| 1 | +--- |
| 2 | +title: "ado-aw-debug reference" |
| 3 | +description: "Debug-only front-matter section for dogfood pipelines and development workflows." |
| 4 | +--- |
| 5 | + |
| 6 | +:::danger[Dogfood pipelines only] |
| 7 | +Anything declared under `ado-aw-debug:` is **not** part of the regular agent surface and is not recommended for general use. These knobs exist so the team can validate `githubnext/ado-aw` changes against real Azure DevOps pipelines and file failures back to GitHub for triage. Each knob bypasses or weakens a normal safety control. |
| 8 | +::: |
| 9 | + |
| 10 | +The compiler accepts a top-level `ado-aw-debug:` block in agent front matter. Currently exposed knobs: |
| 11 | + |
| 12 | +| Knob | Purpose | Default | |
| 13 | +| --- | --- | --- | |
| 14 | +| `skip-integrity` | Omit the "Verify pipeline integrity" step from the generated YAML. OR-ed with the `--skip-integrity` CLI flag. | `false` | |
| 15 | +| `create-issue` | Enable the [debug-only `create-issue`](#create-issue) safe output. | absent (disabled) | |
| 16 | + |
| 17 | +Unrecognised keys under `ado-aw-debug:` cause a compile-time error (`#[serde(deny_unknown_fields)]`). |
| 18 | + |
| 19 | +## create-issue |
| 20 | + |
| 21 | +Files a GitHub issue against an operator-configured target repository. Used to surface failures from ADO-hosted dogfood pipelines back to `githubnext/ado-aw` for triage. |
| 22 | + |
| 23 | +### Why it's gated |
| 24 | + |
| 25 | +`create-issue` is **default-deny** at three layers: |
| 26 | + |
| 27 | +1. **MCP layer.** The SafeOutputs MCP server lists `create-issue` in `DEBUG_ONLY_TOOLS`, so the route is removed from the tool router unless the compiler explicitly opts in via `--enabled-tools`. |
| 28 | +2. **Compiler layer.** `--enabled-tools create-issue` is only emitted when `ado-aw-debug.create-issue:` is present in front matter. The compiler also rejects `safe-outputs.create-issue:` outright, so the tool can't be smuggled in via the regular safe-outputs surface. |
| 29 | +3. **Executor layer.** Stage 3 maintains a separate `ExecutionContext.debug_enabled_tools` set populated only from `ado-aw-debug:`. The executor refuses any NDJSON `create-issue` entry that isn't in that set, so a forged or smuggled NDJSON entry fails closed before any token is read. |
| 30 | + |
| 31 | +### Front-matter schema |
| 32 | + |
| 33 | +```yaml |
| 34 | +ado-aw-debug: |
| 35 | + create-issue: |
| 36 | + target-repo: githubnext/ado-aw # REQUIRED. Operator-only; agent has no override. |
| 37 | + title-prefix: "[pipeline-failure] " # Optional; prepended to every agent title. |
| 38 | + labels: # Optional; static labels always applied. |
| 39 | + - pipeline-failure |
| 40 | + - automated |
| 41 | + allowed-labels: # Optional; default-deny — see below. |
| 42 | + - "agent-*" |
| 43 | + - "pipeline-failure" |
| 44 | + assignees: # Optional; static assignees always applied. |
| 45 | + - "jamesdevine" |
| 46 | + max: 3 # Optional; per-run budget. Default 1. |
| 47 | +``` |
| 48 | +
|
| 49 | +**Configuration fields:** |
| 50 | +
|
| 51 | +- **`target-repo`** (required) — Target GitHub repository in `owner/repo` format. The agent has no parameter to override it; you cannot redirect issues to a different repository at runtime. |
| 52 | +- **`title-prefix`** (optional) — Prepended to every agent-supplied title at execution time. The final title length (prefix + agent title) must be ≤ 256 characters; longer titles fail at Stage 3. |
| 53 | +- **`labels`** (optional) — Static labels applied unconditionally to every issue, on top of any agent-supplied labels that pass `allowed-labels`. |
| 54 | +- **`allowed-labels`** (optional, default-deny) — Allowlist for agent-supplied labels. An empty or absent list means **no agent-supplied labels are accepted**. To accept any agent label, set `allowed-labels: ["*"]` explicitly. Patterns may include `*` wildcards (e.g. `"agent-*"`). |
| 55 | +- **`assignees`** (optional) — Static assignees always added regardless of agent input. Merged with agent-supplied assignees. |
| 56 | +- **`max`** (optional, default: 1) — Per-run budget controlling the maximum number of issues the agent can file. |
| 57 | + |
| 58 | +:::note[Case-insensitive label matching] |
| 59 | +Allowed-label matching is case-insensitive. It uses the same `tag_matches_pattern` helper as ADO tag allow-lists. GitHub labels are case-sensitive, so `allowed-labels: ["safe"]` will also admit `SAFE` and `Safe` — keep that in mind when modelling policy. |
| 60 | +::: |
| 61 | + |
| 62 | +:::note[No assignee allowlist] |
| 63 | +There is intentionally no `allowed-assignees` allowlist in v1. If you need assignee restrictions, configure assignees only via the static `assignees:` list and skip the agent parameter. |
| 64 | +::: |
| 65 | + |
| 66 | +### Agent-supplied parameters |
| 67 | + |
| 68 | +The agent calls the `create-issue` MCP tool with: |
| 69 | + |
| 70 | +```jsonc |
| 71 | +{ |
| 72 | + "title": "Pipeline failure on main", |
| 73 | + "body": "<markdown body, ≥ 30 chars>", |
| 74 | + "labels": ["pipeline-failure"], // optional |
| 75 | + "assignees": ["copilot"] // optional |
| 76 | +} |
| 77 | +``` |
| 78 | + |
| 79 | +The MCP-side `Validate` impl rejects ADO pipeline-command sequences in labels and assignees. Stage 3 also neutralises `##vso[…]` in any error messages it produces, so agent-supplied content cannot escape the executor's stdout. |
| 80 | + |
| 81 | +### Pipeline variable: ADO_AW_DEBUG_GITHUB_TOKEN |
| 82 | + |
| 83 | +Stage 3 authenticates against GitHub using the **`ADO_AW_DEBUG_GITHUB_TOKEN`** ADO pipeline variable. The compiler emits |
| 84 | + |
| 85 | +```yaml |
| 86 | +env: |
| 87 | + SYSTEM_ACCESSTOKEN: $(SC_WRITE_TOKEN) # if permissions: write is set |
| 88 | + ADO_AW_DEBUG_GITHUB_TOKEN: $(ADO_AW_DEBUG_GITHUB_TOKEN) # only when ado-aw-debug.create-issue is set |
| 89 | +``` |
| 90 | + |
| 91 | +into the executor step's `env:` block. The token is **not** exposed to the agent in Stage 1 — the read-only `GITHUB_TOKEN` the agent sees is a separate variable wired through `engine.env` and used only for GitHub MCP read access. |
| 92 | + |
| 93 | +### Setting up the PAT |
| 94 | + |
| 95 | +1. **Generate a fine-grained PAT** scoped to **only** `target-repo` (e.g. `githubnext/ado-aw`). Required permissions: |
| 96 | + - Repository access: only the target repo. |
| 97 | + - Permissions: **Issues** = Read and write. Nothing else. |
| 98 | +2. **Store as a secret pipeline variable** named exactly `ADO_AW_DEBUG_GITHUB_TOKEN`. Mark it secret. Do **not** copy it into `engine.env` or any non-secret variable. |
| 99 | +3. **Confirm the operator-configured target-repo matches the PAT scope.** The compiler validator only checks shape (`owner/repo`); it cannot verify the PAT has access. If the PAT lacks Issues:write, the Stage 3 call fails with the GitHub API error and Stage 3 reports `succeeded with issues`. |
| 100 | +4. `ado-aw secrets set` does **not** automate this variable today — set it manually in the ADO pipeline definition. |
| 101 | + |
| 102 | +### Auto-footer |
| 103 | + |
| 104 | +Every issue gets an auto-appended traceability footer that looks like: |
| 105 | + |
| 106 | +```markdown |
| 107 | +<!-- ado-aw --> |
| 108 | +--- |
| 109 | +Pipeline: `dogfood-failure-reporter` |
| 110 | +Run: <https://dev.azure.com/myorg/MyProject/_build/results?buildId=42> |
| 111 | +Trigger: `Manual` |
| 112 | +``` |
| 113 | +
|
| 114 | +The `<!-- ado-aw -->` marker is stable so that future tooling can locate the generated content without parsing prose. The footer is built from `BUILD_BUILDID`, `BUILD_DEFINITIONNAME`, `BUILD_REASON`, `SYSTEM_TEAMFOUNDATIONCOLLECTIONURI` and `SYSTEM_TEAMPROJECT` — these are present whenever Stage 3 runs inside an ADO pipeline. |
| 115 | + |
| 116 | +:::caution[Sensitive metadata] |
| 117 | +If your pipeline / org / project names are sensitive, do not enable `create-issue` against a public repo. |
| 118 | +::: |
| 119 | + |
| 120 | +### Security checklist |
| 121 | + |
| 122 | +Before enabling `create-issue`: |
| 123 | + |
| 124 | +- [ ] Target repo's GitHub PAT is scoped to that repo only and only has Issues:write. |
| 125 | +- [ ] `ADO_AW_DEBUG_GITHUB_TOKEN` is stored as a secret pipeline variable, never hard-coded or printed. |
| 126 | +- [ ] `allowed-labels` is set explicitly. Empty means default-deny; `["*"]` accepts any agent label — pick deliberately. |
| 127 | +- [ ] `target-repo` is private if the agent's prompts or pipeline metadata are sensitive (the auto-footer publishes ADO run URLs and pipeline names). |
| 128 | +- [ ] `skip-integrity` is **not** enabled in pipelines triggered by untrusted PRs. |
| 129 | + |
| 130 | +## skip-integrity |
| 131 | + |
| 132 | +Equivalent to passing `--skip-integrity` on the `ado-aw compile` CLI. Setting either OR setting both omits the `Verify pipeline integrity` step from the generated YAML. |
| 133 | + |
| 134 | +The integrity step downloads the same `ado-aw` binary the pipeline was compiled with and runs `ado-aw check` against the committed pipeline file. Without it, a tampered `*.yml` won't be caught at run time. |
| 135 | + |
| 136 | +Use this only for short-lived dogfood pipelines where you're iterating on the compiler and re-compiling frequently. |
| 137 | + |
| 138 | +**Example:** |
| 139 | + |
| 140 | +```yaml |
| 141 | +ado-aw-debug: |
| 142 | + skip-integrity: true |
| 143 | +``` |
| 144 | + |
| 145 | +## See also |
| 146 | + |
| 147 | +- [Safe Outputs](/ado-aw/reference/safe-outputs/) — regular safe-outputs surface (`create-issue` is **not** in it). |
| 148 | +- [CLI Commands](/ado-aw/setup/cli/) — `--skip-integrity` CLI flag. |
| 149 | +- [Template Markers](/ado-aw/reference/template-markers/) — `{{ executor_ado_env }}` and `{{ integrity_check }}` markers and their conditional behaviour. |
0 commit comments