[deep-report] Stabilize Smoke Copilot PR-path failures with preflight diagnostics and branch gating

[github-actions]

Description

Recent run telemetry shows Smoke Copilot failing in 6 of the last 8 runs (75%), with failures concentrated on pull_request events while scheduled main-branch execution remains healthy. Add a lightweight preflight step that checks PR context, validates required tools/config, and emits explicit skip/fail reasons before agent execution. Add branch/event gating rules so known non-target PR contexts are skipped deterministically instead of failing late.

Expected Impact

• Reduce repeated CI noise from avoidable smoke failures
• Improve signal quality for real regressions in smoke coverage
• Shorten triage time by exposing clear failure class early

Suggested Agent

copilot (workflow-focused reliability patch)

Estimated Effort

Medium (1-4 hours)

Data Source

DeepReport analysis run (workflow run §23549309910); Smoke Copilot logs summary over last 8 runs reported 6 failures and 2 successes.

Note

🔒 Integrity filter blocked 7 items

The following items were blocked because they don't meet the GitHub integrity level.

• gh-aw compiler must reject env.* expressions in markdown per documented safety policy #22914 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• Failed to register MCP tools | HTTP 400: Bad Request #22913 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• MCP gateway should enforce tool allowlist at the gateway layer, not only at the Claude client layer #22908 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• HTML attribute injection not sanitized in convertXmlTags(): event handlers and CSS survive safe-outputs pipeline #22904 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• cache-memory restore must clear or validate prior-run artifacts before agent launch #22902 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• Assign to agent seems to be limited for 1 assignment per issue, I would like to extend it to multiple assignments so agent can work on multiple repos. #22897 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• Anthropic API proxy must enforce per-request credential validation #22894 list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by DeepReport - Intelligence Gathering Agent · ◷

• expires on Mar 27, 2026, 3:47 PM UTC

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot coding agent.

The Copilot coding agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster · ◷

[copilot-swe-agent]

The agent encountered an error and was unable to start working on this issue: This may be caused by a repository ruleset violation. See granting bypass permissions for the agent, or please contact support if the issue persists.