[oblt-aw][agent-suggestions] Agent suggestions - 2026-05-05

[github-actions]

Agent Suggestions

Date: 2026-05-05
Expires: 24h

1. gh-aw-expiry-hygiene-sweeper

Trigger: Daily schedule + workflow_dispatch (optional issues events: opened, edited, labeled)

Purpose: Enforce TTL for short-lived AW operational/report issues by reconciling Expires metadata against current issue state, then closing only eligible expired issues while preserving canonical trackers (for example [aw] No-Op Runs).

Proposed safe outputs: add-comment (expiry decision/audit trail), create-issue (single exception report when policy conflicts), noop (no expired issues)

Current pain points and supporting evidence:

• Expired AW failure tickets remain open in elastic/oblt-actions, causing stale operational noise:
  • [aw] Agent Suggestions failed #856 ([aw] Agent Suggestions failed) — body includes expires on Apr 7, 2026 but issue is still open
  • [aw] Docs Patrol failed #894 ([aw] Docs Patrol failed) — body includes expires on Apr 17, 2026 but issue is still open
  • [aw] Dependency Review failed #898 ([aw] Dependency Review failed) — body includes expires on Apr 17, 2026 but issue is still open
• Short-lived suggestion reports in this repo also persist open past their Expires: 24h window:
  • [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-23 #915
  • [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-24 #916
  • [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-29 #931
• The repo has canonical long-lived trackers that should be exempted by policy, showing the need for explicit allowlists/exceptions:
  • [aw] No-Op Runs #528 ([aw] No-Op Runs)

Why existing workflows do not fully cover this gap:

• README.md documents .github/workflows/oblt-aw.yml (event ingress) and .github/workflows/updatecli.yml (update automation), but no workflow that reconciles issue TTL and closes expired AW operational reports.
• Existing open suggestions in this repo target adjacent concerns (adoption drift, reliability triage, no-safe-output autofix, automation PR batching), not expiration hygiene:
  • [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-05 #877
  • [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-23 #915
  • [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-24 #916
  • [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-29 #931

Expected benefits:

• Engineering productivity: maintainers triage only live issues, not expired noise.
• Review quality: active incidents become more visible when stale operational reports are auto-closed consistently.
• Cycle time: faster prioritization by reducing manual stale-issue cleanup.
• Risk reduction: clearer signal-to-noise for real AW regressions.

Potential trade-offs and rollout considerations:

• Requires conservative close policy to avoid closing issues with ongoing human activity.
• Must support explicit exemptions/labels for canonical trackers and hand-curated incidents.
• Should launch in report-only mode for 1–2 weeks (comment-only decisions) before enabling auto-close.
• Should close only when both conditions hold: TTL expired and no exemption label/marker present.

Duplicate Checks

• Open issue search reviewed: [aw] Agent Suggestions failed #856, [aw] Docs Patrol failed #894, [aw] Dependency Review failed #898, [aw] No-Op Runs #528
• Open workflow/agent PR search reviewed: build(deps): bump the github-actions group across 13 directories with 5 updates #937, bump @actions/core from 1.10.1 to 3.0.0 in /snapshoty/run #522, build(deps): bump @actions/exec from 1.1.1 to 3.0.0 in /snapshoty/run #520, build(deps): bump @actions/core from 1.11.1 to 3.0.0 in /github/mutex #896
• Prior agent-suggestion reports in this repo reviewed: [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-05 #877, [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-23 #915, [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-24 #916, [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-29 #931

Downstream Signals

• elastic/elastic-agent: persistent AW operational issues and no-op tracker remain open over time
  • [aw] Docs Patrol failed elastic-agent#13579
  • [aw] Issue Triage failed elastic-agent#13576
  • [aw] No-Op Runs elastic-agent#13410
• elastic/integrations: multiple open AW failure issues plus a long-lived no-op tracker
  • [aw] Docs Patrol failed integrations#18323
  • [aw] Issue Triage failed integrations#18329
  • [aw] No-Op Runs integrations#17851
• elastic/beats: similar recurring open AW failure/no-op pattern
  • [aw] Docs Patrol failed beats#50095
  • [aw] Agent Suggestions failed beats#50089
  • [aw] No-Op Runs beats#49170
• elastic/oblt-aw: same TTL hygiene gap has been raised as a suggestion there as well
  • [oblt-aw][agent-suggestions] Agent suggestions - 2026-04-09 oblt-aw#659

Suggested Next Steps

• Implement gh-aw-expiry-hygiene-sweeper in report-only mode first, with explicit exemption rules.
• Add policy markers/labels for non-expiring canonical trackers (for example [aw] No-Op Runs).
• After 1–2 weeks of audit data, enable auto-close for expired non-exempt AW operational/report issues.

Note

🔒 Integrity filter blocked 35 items

The following items were blocked because they don't meet the GitHub integrity level.

• #526 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #464 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #471 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• [oblt-aw] Control Plane Dashboard #526 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #940 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #912 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #911 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #904 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #885 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• Use https://elastic-release-api.s3.us-west-2.amazonaws.com/public/active-branches.txt #873 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13542 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13544 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13543 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13665 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13217 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #777 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• ... and 19 more items

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: Observability Agentic Workflow Entrypoint

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

• expires on May 12, 2026, 6:56 AM UTC