ado-aw-debug reference
The compiler accepts a top-level ado-aw-debug: block in agent front matter. Currently exposed knobs:
| Knob | Purpose | Default |
|---|---|---|
skip-integrity | Omit the “Verify pipeline integrity” step from the generated YAML. OR-ed with the --skip-integrity CLI flag. | false |
create-issue | Enable the debug-only create-issue safe output. | absent (disabled) |
Unrecognised keys under ado-aw-debug: cause a compile-time error (#[serde(deny_unknown_fields)]).
create-issue
Section titled “create-issue”Files a GitHub issue against an operator-configured target repository. Used to surface failures from ADO-hosted dogfood pipelines back to githubnext/ado-aw for triage.
Why it’s gated
Section titled “Why it’s gated”create-issue is default-deny at three layers:
- MCP layer. The SafeOutputs MCP server lists
create-issueinDEBUG_ONLY_TOOLS, so the route is removed from the tool router unless the compiler explicitly opts in via--enabled-tools. - Compiler layer.
--enabled-tools create-issueis only emitted whenado-aw-debug.create-issue:is present in front matter. The compiler also rejectssafe-outputs.create-issue:outright, so the tool can’t be smuggled in via the regular safe-outputs surface. - Executor layer. Stage 3 maintains a separate
ExecutionContext.debug_enabled_toolsset populated only fromado-aw-debug:. The executor refuses any NDJSONcreate-issueentry that isn’t in that set, so a forged or smuggled NDJSON entry fails closed before any token is read.
Front-matter schema
Section titled “Front-matter schema”ado-aw-debug: create-issue: target-repo: githubnext/ado-aw # REQUIRED. Operator-only; agent has no override. title-prefix: "[pipeline-failure] " # Optional; prepended to every agent title. labels: # Optional; static labels always applied. - pipeline-failure - automated allowed-labels: # Optional; default-deny — see below. - "agent-*" - "pipeline-failure" assignees: # Optional; static assignees always applied. - "jamesdevine" max: 3 # Optional; per-run budget. Default 1.Configuration fields:
target-repo(required) — Target GitHub repository inowner/repoformat. The agent has no parameter to override it; you cannot redirect issues to a different repository at runtime.title-prefix(optional) — Prepended to every agent-supplied title at execution time. The final title length (prefix + agent title) must be ≤ 256 characters; longer titles fail at Stage 3.labels(optional) — Static labels applied unconditionally to every issue, on top of any agent-supplied labels that passallowed-labels.allowed-labels(optional, default-deny) — Allowlist for agent-supplied labels. An empty or absent list means no agent-supplied labels are accepted. To accept any agent label, setallowed-labels: ["*"]explicitly. Patterns may include*wildcards (e.g."agent-*").assignees(optional) — Static assignees always added regardless of agent input. Merged with agent-supplied assignees.max(optional, default: 1) — Per-run budget controlling the maximum number of issues the agent can file.
Agent-supplied parameters
Section titled “Agent-supplied parameters”The agent calls the create-issue MCP tool with:
{ "title": "Pipeline failure on main", "body": "<markdown body, ≥ 30 chars>", "labels": ["pipeline-failure"], // optional "assignees": ["copilot"] // optional}The MCP-side Validate impl rejects ADO pipeline-command sequences in labels and assignees. Stage 3 also neutralises ##vso[…] in any error messages it produces, so agent-supplied content cannot escape the executor’s stdout.
Pipeline variable: ADO_AW_DEBUG_GITHUB_TOKEN
Section titled “Pipeline variable: ADO_AW_DEBUG_GITHUB_TOKEN”Stage 3 authenticates against GitHub using the ADO_AW_DEBUG_GITHUB_TOKEN ADO pipeline variable. The compiler emits
env: SYSTEM_ACCESSTOKEN: $(SC_WRITE_TOKEN) # if permissions: write is set ADO_AW_DEBUG_GITHUB_TOKEN: $(ADO_AW_DEBUG_GITHUB_TOKEN) # only when ado-aw-debug.create-issue is setinto the executor step’s env: block. The token is not exposed to the agent in Stage 1 — the read-only GITHUB_TOKEN the agent sees is a separate variable wired through engine.env and used only for GitHub MCP read access.
Setting up the PAT
Section titled “Setting up the PAT”- Generate a fine-grained PAT scoped to only
target-repo(e.g.githubnext/ado-aw). Required permissions:- Repository access: only the target repo.
- Permissions: Issues = Read and write. Nothing else.
- Store as a secret pipeline variable named exactly
ADO_AW_DEBUG_GITHUB_TOKEN. Mark it secret. Do not copy it intoengine.envor any non-secret variable. - Confirm the operator-configured target-repo matches the PAT scope. The compiler validator only checks shape (
owner/repo); it cannot verify the PAT has access. If the PAT lacks Issues:write, the Stage 3 call fails with the GitHub API error and Stage 3 reportssucceeded with issues. ado-aw secrets setdoes not automate this variable today — set it manually in the ADO pipeline definition.
Auto-footer
Section titled “Auto-footer”Every issue gets an auto-appended traceability footer that looks like:
<!-- ado-aw -->---Pipeline: `dogfood-failure-reporter`Run: <https://dev.azure.com/myorg/MyProject/_build/results?buildId=42>Trigger: `Manual`The <!-- ado-aw --> marker is stable so that future tooling can locate the generated content without parsing prose. The footer is built from BUILD_BUILDID, BUILD_DEFINITIONNAME, BUILD_REASON, SYSTEM_TEAMFOUNDATIONCOLLECTIONURI and SYSTEM_TEAMPROJECT — these are present whenever Stage 3 runs inside an ADO pipeline.
Security checklist
Section titled “Security checklist”Before enabling create-issue:
- Target repo’s GitHub PAT is scoped to that repo only and only has Issues:write.
-
ADO_AW_DEBUG_GITHUB_TOKENis stored as a secret pipeline variable, never hard-coded or printed. -
allowed-labelsis set explicitly. Empty means default-deny;["*"]accepts any agent label — pick deliberately. -
target-repois private if the agent’s prompts or pipeline metadata are sensitive (the auto-footer publishes ADO run URLs and pipeline names). -
skip-integrityis not enabled in pipelines triggered by untrusted PRs.
skip-integrity
Section titled “skip-integrity”Equivalent to passing --skip-integrity on the ado-aw compile CLI. Setting either OR setting both omits the Verify pipeline integrity step from the generated YAML.
The integrity step downloads the same ado-aw binary the pipeline was compiled with and runs ado-aw check against the committed pipeline file. Without it, a tampered *.yml won’t be caught at run time.
Use this only for short-lived dogfood pipelines where you’re iterating on the compiler and re-compiling frequently.
Example:
ado-aw-debug: skip-integrity: trueSee also
Section titled “See also”- Safe Outputs — regular safe-outputs surface (
create-issueis not in it). - CLI Commands —
--skip-integrityCLI flag. - Pipeline IR — typed pipeline IR and how debug-only choices such as integrity-check omission are represented in generated steps.