From bb4eefd8038eba9e27f429a36d9632fd3f60aea2 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 18 Apr 2026 19:57:47 +0000
Subject: [PATCH 1/2] Initial plan


From 0cb05a3fbb27202bc376350e7e1b961ea9f7264d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 18 Apr 2026 20:38:44 +0000
Subject: [PATCH 2/2] fix: add noop fallback guidance for
 static-analysis-report MCP outages

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/3fbd01b6-544a-43e2-9ec3-465a7833ac2f

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .github/workflows/static-analysis-report.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/static-analysis-report.md b/.github/workflows/static-analysis-report.md
index 11196a8b73..224874c454 100644
--- a/.github/workflows/static-analysis-report.md
+++ b/.github/workflows/static-analysis-report.md
@@ -394,6 +394,19 @@ Issues created: [list of issue links for Critical/High findings, or "none"]
 
 Use the title `[static-analysis] Report - [DATE]` for the issue.
 
+### Safe-Output Reliability Fallback (Required)
+
+If safe-output tool calls fail because MCP tools are unavailable (for example, gateway connection failures), you **must** still produce at least one safe output by writing a fallback `noop` entry directly to the safe-outputs JSONL file with Bash:
+
+```bash
+printf '{"type":"noop","message":"Static analysis completed but safe-output MCP tools were unavailable; no issue could be created."}\n' >> "${GH_AW_SAFE_OUTPUTS:-/tmp/gh-aw/safeoutputs/outputs.jsonl}"
+```
+
+Rules:
+- Use this fallback only when `create_issue`/other safe-output tool calls are unavailable due infrastructure issues.
+- Do not exit with zero safe outputs. Always ensure at least one valid safe output record exists.
+- Keep the noop message concise and explicit about why action could not be taken.
+
 ### Phase 6: Analyze Runner-Guard Findings
 
 Runner-guard has performed source-to-sink vulnerability scanning as part of the compile step. The results are included in the compilation output at `/tmp/gh-aw/compile-output.txt`.