Skip to content

fix(audit): remove failure_analysis, surface stderr in MCP error messages#18955

Merged
pelikhan merged 2 commits intomainfrom
copilot/fix-failure-analysis-errors
Mar 1, 2026
Merged

fix(audit): remove failure_analysis, surface stderr in MCP error messages#18955
pelikhan merged 2 commits intomainfrom
copilot/fix-failure-analysis-errors

Conversation

Copy link
Contributor

Copilot AI commented Mar 1, 2026
edited
Loading

Two bugs in the audit MCP tool degraded error reporting quality: auto-generated failure_analysis always returned "No specific errors identified" for failed runs, and invalid run IDs returned an opaque exit status 1 with no actionable context.

Remove failure_analysis

Per @pelikhan's review: failure analysis is better left to agents. The auto-generated analysis was structurally broken — it only inspected pre-extracted errors[] which was empty for runs where the agent executed, so error_summary was always the default string regardless of what was in agent-stdio.log.

Removed: FailureAnalysis struct, generateFailureAnalysis, renderFailureAnalysis, and all references across audit_report.go, audit_report_analysis.go, audit_report_render.go, and test files.

Surface stderr in MCP audit errors

When gh aw audit exits non-zero, the MCP tool was building its error message from err.Error() (exit status 1) while the human-readable message (e.g. "workflow run 99999999999 not found. Please verify the run ID...") was buried in errorData.stderr.

// Before
return nil, nil, newMCPError(..., "failed to audit workflow run: "+err.Error(), errorData)

// After — use stderr content when available
mainMsg := strings.TrimSpace(stderr)
if mainMsg == "" {
    mainMsg = err.Error()
}
return nil, nil, newMCPError(..., "failed to audit workflow run: "+mainMsg, errorData)

The detailed error data map (stdout, stderr, exit_code) is still included for structured consumers.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw security 64/bin/go docker pull�� test/concurrent-image:v1.0.0 go /usr/bin/git -json GO111MODULE x_amd64/compile git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /tmp/go-build2491041519/b421/_pkg_.a -trimpath ache/node/24.13.1/x64/bin/node -p main -lang=go1.25 ache/node/24.13.1/x64/bin/node 1989�� 4N_hV3O2Cg4KalLpCxFj/4N_hV3O2Cg4KalLpCxFj -dwarf=false /usr/bin/git go1.25.0 -c=4 -nolocalimports git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha 0724-27865/test-3817069586 GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub-script/git/ref/tags/v8 GO111MODULE 1/x64/bin/node GOINSECURE GOMOD GOMODCACHE 1/x64/bin/node (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -b feature-branch /usr/bin/git npx prettier --cgit GOPROXY nch,headSha,disp--show-toplevel git rev-�� --show-toplevel sh /usr/bin/git ub/workflows /opt/hostedtoolcrev-parse 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git ithub/workflows GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/gh-aw-add-gitattributes-test2059866421/.github/workflows/test.md /tmp/gh-aw-add-gitattributes-test2059866421/.github/workflows/test.lock.yml /opt/hostedtoolcache/node/24.13.1/x64/bin/node GOSUMDB GOWORK 64/bin/go node /tmp�� /tmp/TestHashConsistency_GoAndJavaScript1656668779/001/test-simple-frontmatter.md go /usr/bin/git ck 'scripts/**/*git GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -v GOPROXY /usr/bin/git GOSUMDB GOWORK layTitle git -C /tmp/gh-aw-test-runs/20260301-010724-27865/test-419121033/.github/workflows rev-parse /usr/bin/git ck 'scripts/**/*git GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go k/gh�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD ode-gyp-bin/node-json ache/go/1.25.0/xGO111MODULE (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build2491041519/b392/importcfg -pack /tmp/go-build2491041519/b392/_testmain.go env 6855118/b405/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/stri-o GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE env 6855118/b417/_pkGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha f/tags/v999.999.999 GOPROXY 1041519/b435/vet.cfg GOSUMDB GOWORK layTitle git rev-�� --show-toplevel go /usr/bin/git ck 'scripts/**/*git GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /v1.0.0 GOPROXY /opt/hostedtoolcache/node/24.13.1/x64/bin/node GOSUMDB GOWORK 64/bin/go node /tmp�� /tmp/TestHashConsistency_GoAndJavaScript1656668779/001/test-complex-frontmatter-with-tools.md go /usr/bin/git ck 'scripts/**/*git GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE g_.a GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile env 1041519/b405/_pkg_.a GO111MODULE 1041519/b405=> GOINSECURE b/gh-aw/pkg/parsrev-parse GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 go /usr/bin/git ithub/workflows/git GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git --noprofile GOPROXY /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 go /usr/bin/git -json GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git -json GO111MODULE /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env hub/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 go /usr/bin/git sistency_GoAndJagit GO111MODULE /bin/sh git rev-�� --show-toplevel /bin/sh /usr/bin/git echo "��� All vagit (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 go /usr/bin/git ithub-script/gitgit GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git :latest GOPROXY /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go estl�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 1041519/b424/_pkgit GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git image:v1.0.0 GOPROXY /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 ache/go/1.25.0/x64/pkg/tool/linux_amd64/link e/git 1041519/b421/tesgit GO111MODULE 1/x64/bin/node e/git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git e: ${{ secrets.Tgit GOPROXY 1041519/b421/_pk--show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 go /usr/bin/git sistency_GoAndJagit GO111MODULE ache/node/24.13..github/workflows/test.md git rev-�� --show-toplevel bash /usr/bin/git sistency_WithImpgit GOPROXY /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ck 'scripts/**/*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE Zm/GFtmVa307QDDNuUCuh0B/7zrZo2ypVmaEewr479zV (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 3669849299/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE At,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion t0 GO111MODULE epo.git git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git /tmp/go-build249git -trimpath /usr/bin/git git (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go m/_n�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git .test GO111MODULE ortcfg.link git 1/x6�� --show-toplevel VUr98Iun0wk_kdWL8D/o45KJWS6_470XCa_4V22/jVtXMMqsrLOcWH7fjhqo /usr/bin/git -json GO111MODULE g_.a git (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build2491041519/b380/cli.test /tmp/go-build2491041519/b380/cli.test -test.testlogfile=/tmp/go-build2491041519/b380/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE ortcfg k/gh�� 35126d5394e2a1caGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE (http block)
    • Triggering command: /tmp/go-build1549291269/b001/cli.test /tmp/go-build1549291269/b001/cli.test -test.paniconexit0 -test.timeout=10m0s -test.count=1 rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE tartedAt,updated--show-toplevel git rev-�� --show-toplevel go /usr/bin/git 0724-27865/test-git GO111MODULE .cfg git (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ck 'scripts/**/*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel 64/pkg/tool/linux_amd64/vet 1/x64/bin/node -json GO111MODULE ache/go/1.25.0/x--show-toplevel git 1/x6�� --show-toplevel go /usr/bin/git 15785216/.githubgit GO111MODULE .cfg git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>[cli-tools-test] audit tool: failure_analysis does not surface actual errors from agent logs + opaque error on invalid run IDs</issue_title>
<issue_description>## Summary

Daily exploratory testing (run #22531620317) identified two bugs in the audit MCP tool related to error reporting quality.

Bug 1: failure_analysis.error_summary always reports "No specific errors identified" for failed runs

Steps to Reproduce

  1. Audit a failed workflow run (e.g., AI Moderator run #22531456203): 
    audit(run_id_or_url: "22531456203")

Expected Behavior

failure_analysis.error_summary should surface the actual error message extracted from agent-stdio.log.

Actual Behavior

"failure_analysis": {
  "primary_failure": "failure",
  "failed_jobs": ["agent"],
  "error_summary": "No specific errors identified"
}
```

Yet the actual error is clearly present in `agent-stdio.log`:
```
ERROR: stream disconnected before completion: This user's access to gpt-5.3-codex has been
temporarily limited for potentially suspicious activity related to cybersecurity.
[WARN] Command completed with exit code: 1
```

The `run_summary.json` also has an empty errors array `[]` despite the agent-stdio.log containing a clear `ERROR:` line.

### Impact

- **Severity**: High
- **Frequency**: Always (reproducible on both AI Moderator run 22531456203 and Terminal Stylist run 22506113327)
- The audit tool is the primary debugging interface for failed runs; returning "No specific errors identified" makes it useless for diagnosing failures.

---

## Bug 2: Invalid/non-existent run ID returns opaque `exit status 1`

### Steps to Reproduce

```
audit(run_id_or_url: "99999999999")
```

### Expected Behavior

A clear error message like: `"Run ID 99999999999 not found in github/gh-aw"` with guidance to check the run ID.

### Actual Behavior

```
McpError: MCP error -32603: calling "tools/call": failed to audit workflow run: exit status 1

No indication that the run doesn't exist. The user has no actionable information.

Impact

  • Severity: Medium
  • Frequency: Always
  • Degrades developer experience when there's a typo in the run ID

Environment

  • Repository: github/gh-aw
  • Run ID: 22531620317
  • Date: 2026-02-28
  • Test runs audited: 22531177735 (success), 22531456203 (failure), 22506113327 (failure)

Additional Observations (non-blocking)

  • compile with actionlint: true fails with "docker images not ready" instead of a message explaining actionlint requires Docker — the error is misleading when Docker isn't available in the environment.
  • workflow_path field is empty in unfiltered logs results but populated when using the engine filter — minor inconsistency in response data.

Generated by Daily CLI Tools Exploratory Tester

  • expires on Mar 7, 2026, 11:54 PM UTC

Comments on the Issue (you are @copilot in this section)

@pelikhan @copilot remove failure analysis , let the agents do that

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@pelikhan
fix: remove failure_analysis from audit and improve MCP error messages
a1a5c4b 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix failure_analysis to surface actual errors from logs fix(audit): remove failure_analysis, surface stderr in MCP error messages Mar 1, 2026
@pelikhan pelikhan marked this pull request as ready for review March 1, 2026 01:16
Copilot AI review requested due to automatic review settings March 1, 2026 01:16
@github-actions github-actions bot mentioned this pull request Mar 1, 2026
Closed
Copilot AI reviewed Mar 1, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes the auto-generated failure_analysis from the audit tool output and improves MCP error messaging by surfacing actionable stderr content when gh aw audit fails.

Changes:

  • Removed FailureAnalysis types/logic and stopped emitting/rendering failure_analysis in audit reports.
  • Updated MCP audit tool error handling to prefer trimmed stderr over err.Error() when constructing the main error message.
  • Updated/removed tests that previously asserted on failure_analysis.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pkg/cli/mcp_tools_privileged.go Prefer stderr for MCP audit error messages to provide actionable context.
pkg/cli/audit_report.go Removes FailureAnalysis from AuditData and stops generating it in buildAuditData.
pkg/cli/audit_report_analysis.go Deletes generateFailureAnalysis implementation.
pkg/cli/audit_report_render.go Removes console rendering for the failure analysis section.
pkg/cli/audit_report_test.go Drops failure analysis tests and updates assertions to validate extracted step-log errors.
pkg/cli/audit_agent_output_test.go Removes JSON-structure expectations around failure_analysis.
pkg/cli/audit_agent_example_test.go Removes failure analysis assertions from the example failure scenario.
Comments suppressed due to low confidence (2)

pkg/cli/audit_report_test.go:1399

  • In this subtest, the assertions now validate data.Errors extracted from step logs, but the subtest name (the t.Run(...) just above) still refers to building an "error summary". Please rename the subtest to reflect the new behavior so the intent remains clear when reading test output.

		data := buildAuditData(processedRun, metrics, nil)

		require.NotEmpty(t, data.Errors, "Should have errors extracted from step logs for failed run")
		assert.Contains(t, data.Errors[0].Message, "Lockdown mode is enabled",
			"Error should contain the actual error from the step log")

pkg/cli/mcp_tools_privileged.go:305

  • errorData for the audit tool omits the executed command/args, which makes debugging harder and is inconsistent with the logs tool above (it includes a "command" field). Consider adding the joined cmdArgs string to errorData here as well so structured consumers can reproduce failures more easily.
			// Build detailed error data
			errorData := map[string]any{
				"error":         err.Error(),
				"exit_code":     exitCode,
				"stdout":        outputStr,
				"stderr":        stderr,
				"run_id_or_url": args.RunIDOrURL,
			}

			// Use stderr content as the main message when available (provides actionable details)
			mainMsg := strings.TrimSpace(stderr)
			if mainMsg == "" {
				mainMsg = err.Error()
			}
			return nil, nil, newMCPError(jsonrpc.CodeInternalError, "failed to audit workflow run: "+mainMsg, errorData)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pelikhan pelikhan merged commit db68e8b into main Mar 1, 2026
110 checks passed
@pelikhan pelikhan deleted the copilot/fix-failure-analysis-errors branch March 1, 2026 02:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[cli-tools-test] audit tool: failure_analysis does not surface actual errors from agent logs + opaque error on invalid run IDs

3 participants

@pelikhan