Enable workflow log access for build-warning-fixer agent

[Copilot]

The build-warning-fixer agent was unable to access GitHub Actions logs, reporting "Cannot access CI build logs (GitHub Actions logs are protected/expired)" and falling back to noop.

Changes

• Added agentic-workflows MCP server to workflow tools, providing specialized workflow introspection capabilities (logs, audit, status, compile)
• Updated workflow instructions to document both GitHub Actions MCP tools and agentic-workflows alternatives for log access

Configuration

The agent now has access to workflow logs through two mechanisms:

tools:
  github:
    toolsets: [default, actions]
  agentic-workflows:  # Provides gh aw mcp-server tools

This compiles to:

"agentic_workflows": {
  "type": "local",
  "command": "gh",
  "args": ["aw", "mcp-server"],
  "tools": ["*"],
  "env": {
    "GITHUB_TOKEN": "${GITHUB_TOKEN}"
  }
}

The workflow already has permissions: read-all (includes actions: read), so no permission changes were needed.

Impact

Agent can now:

• Access recent workflow run logs via agentic-workflows logs or github-mcp-server-get_job_logs
• Parse compiler warnings from CI builds
• Create automated fix PRs instead of exiting with noop

Resolves the issue from workflow run 20827975162.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/Z3Prover/z3/actions/artifacts/5067066035/zip
  • Triggering command: /usr/bin/curl curl -L -H Accept: application/vnd.github+json -H X-GitHub-Api-Version: 2022-11-28 REDACTED -o /tmp/agent_outputs.zip (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

hey make sure the agent can access action workflow logs https://github.com/Z3Prover/z3/actions/runs/20827975162

Custom agent used: debug-agentic-workflow
Debug and refine agentic workflows using gh-aw CLI tools - analyze logs, audit runs, and improve workflow performance

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.