From f9cd02005c88b35b5d8f2880d8d84cf8360a5e77 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 00:13:22 +0000 Subject: [PATCH 01/10] Plan wildcard safe-output validation Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/design-decision-gate.lock.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/design-decision-gate.lock.yml b/.github/workflows/design-decision-gate.lock.yml index 35b8cf0a123..b9c37433632 100644 --- a/.github/workflows/design-decision-gate.lock.yml +++ b/.github/workflows/design-decision-gate.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"1c1efd464b8abce72ea3e7a83b6fbe9bd835f14977119ec27b8b6639b23662a7","body_hash":"9880585d9d235e2471ffd64a8f88bc3980d510d92a24ce288650c7e6bfc3ee10","strict":true,"agent_id":"claude","engine_versions":{"claude":"2.1.168"}} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"1c1efd464b8abce72ea3e7a83b6fbe9bd835f14977119ec27b8b6639b23662a7","body_hash":"f7128337e3ace722fd3887a9911d1d21e5dd1a768495d4cf067d10bc31cc77f3","strict":true,"agent_id":"claude","engine_versions":{"claude":"2.1.168"}} # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6.0.3"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2","digest":"sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2@sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2","digest":"sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2@sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2","digest":"sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2@sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2","digest":"sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.25","digest":"sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.25@sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa"},{"image":"ghcr.io/github/github-mcp-server:v1.1.2","digest":"sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c","pinned_image":"ghcr.io/github/github-mcp-server:v1.1.2@sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c"}]} # This file was automatically generated by gh-aw. DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md # From 4564b6f0d5886ace5e7501f4cea37d6b97fc4c26 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 00:16:49 +0000 Subject: [PATCH 02/10] Add wildcard target validation to safe-outputs MCP Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/js/safe_outputs_handlers.cjs | 35 ++++++++++++- .../setup/js/safe_outputs_handlers.test.cjs | 49 +++++++++++++++++++ 2 files changed, 82 insertions(+), 2 deletions(-) diff --git a/actions/setup/js/safe_outputs_handlers.cjs b/actions/setup/js/safe_outputs_handlers.cjs index bafa4f25cb7..fbed161334a 100644 --- a/actions/setup/js/safe_outputs_handlers.cjs +++ b/actions/setup/js/safe_outputs_handlers.cjs @@ -60,6 +60,15 @@ function buildMissingTemporaryIdError(toolName, configKey) { return `${toolName} requires 'temporary_id' when safe-outputs.${configKey}.require-temporary-id is enabled. Set temporary_id (for example "${example}") and retry.`; } +/** + * @param {Record} safeOutputsConfig + * @param {string} toolName + * @returns {Record} + */ +function getSafeOutputsToolConfig(safeOutputsConfig, toolName) { + return safeOutputsConfig?.[toolName] || safeOutputsConfig?.[toolName.replace(/_/g, "-")] || {}; +} + /** * @param {Record} entry * @returns {boolean} @@ -68,6 +77,14 @@ function hasExplicitAddCommentTargetNumber(entry) { return ["item_number", "pr_number", "pr"].some(field => entry[field] !== undefined && entry[field] !== null && String(entry[field]).trim() !== ""); } +/** + * @param {Record} entry + * @returns {boolean} + */ +function hasExplicitPullRequestTargetNumber(entry) { + return ["pull_request_number", "pr_number", "pr", "pull_number"].some(field => entry[field] !== undefined && entry[field] !== null && String(entry[field]).trim() !== ""); +} + /** * Returns true if `args` contains at least one meaningful field for update_pull_request: * a string `title`, a string `body`, or `update_branch === true`. @@ -154,8 +171,11 @@ function resolvePatchWorkspacePath(workspacePath) { */ function createHandlers(server, appendSafeOutput, config = {}) { const TOKEN_THRESHOLD = 16000; - const addCommentConfig = config.add_comment || config["add-comment"] || {}; + const addCommentConfig = getSafeOutputsToolConfig(config, "add_comment"); const wildcardAddCommentTargetRequiresItemNumber = addCommentConfig.target === "*"; + const wildcardReviewCommentTargetRequiresPullRequestNumber = getSafeOutputsToolConfig(config, "create_pull_request_review_comment").target === "*"; + const wildcardSubmitReviewTargetRequiresPullRequestNumber = getSafeOutputsToolConfig(config, "submit_pull_request_review").target === "*"; + const wildcardUpdatePullRequestTargetRequiresPullRequestNumber = getSafeOutputsToolConfig(config, "update_pull_request").target === "*"; /** * Detect and offload large string fields to files. @@ -204,6 +224,15 @@ function createHandlers(server, appendSafeOutput, config = {}) { */ const defaultHandler = type => args => { const entry = { ...(args || {}), type }; + if (type === "create_pull_request_review_comment" && wildcardReviewCommentTargetRequiresPullRequestNumber && !hasExplicitPullRequestTargetNumber(entry)) { + return buildIntentErrorResponse("create_pull_request_review_comment requires pull_request_number when safe-outputs.create-pull-request-review-comment.target is '*'. Provide pull_request_number and retry."); + } + if (type === "submit_pull_request_review" && wildcardSubmitReviewTargetRequiresPullRequestNumber && !hasExplicitPullRequestTargetNumber(entry)) { + return buildIntentErrorResponse("submit_pull_request_review requires pull_request_number when safe-outputs.submit-pull-request-review.target is '*'. Provide pull_request_number and retry."); + } + if (type === "update_pull_request" && wildcardUpdatePullRequestTargetRequiresPullRequestNumber && !hasExplicitPullRequestTargetNumber(entry)) { + return buildIntentErrorResponse("update_pull_request requires pull_request_number when safe-outputs.update-pull-request.target is '*'. Provide pull_request_number (or pr_number/pr alias) and retry."); + } const largeContentResponse = maybeHandleLargeContent(entry); if (largeContentResponse) return largeContentResponse; @@ -1619,7 +1648,9 @@ function createHandlers(server, appendSafeOutput, config = {}) { // Increment only after the default handler returns successfully; if it throws // (e.g. due to large-content rejection or an append write error) the counter // must not advance so the empty-review guard remains accurate. - inlineReviewCommentCount++; + if (!result?.isError) { + inlineReviewCommentCount++; + } return result; }; diff --git a/actions/setup/js/safe_outputs_handlers.test.cjs b/actions/setup/js/safe_outputs_handlers.test.cjs index b2824000a15..fa41391c593 100644 --- a/actions/setup/js/safe_outputs_handlers.test.cjs +++ b/actions/setup/js/safe_outputs_handlers.test.cjs @@ -2031,6 +2031,22 @@ describe("safe_outputs_handlers", () => { expect(() => handlers.submitPullRequestReviewHandler({ body: "LGTM", event: "comment" })).not.toThrow(); expect(() => handlers.submitPullRequestReviewHandler({ body: "needs work", event: "request_changes" })).not.toThrow(); }); + + it("should require explicit pull_request_number when submit_pull_request_review target is '*'", () => { + const wildcardHandlers = createHandlers(mockServer, mockAppendSafeOutput, { + submit_pull_request_review: { + target: "*", + }, + }); + + const result = wildcardHandlers.submitPullRequestReviewHandler({ body: "LGTM", event: "COMMENT" }); + + expect(result.isError).toBe(true); + const responseData = JSON.parse(result.content[0].text); + expect(responseData.result).toBe("error"); + expect(responseData.error).toContain("requires pull_request_number"); + expect(mockAppendSafeOutput).not.toHaveBeenCalled(); + }); }); describe("createPullRequestReviewCommentHandler", () => { @@ -2058,6 +2074,23 @@ describe("safe_outputs_handlers", () => { // Counter was NOT incremented, so empty-body submit should still be rejected expect(() => handlers.submitPullRequestReviewHandler({ event: "COMMENT" })).toThrow(expect.objectContaining({ code: -32602, message: expect.stringContaining("review body is empty") })); }); + + it("should require explicit pull_request_number when review comment target is '*'", () => { + const wildcardHandlers = createHandlers(mockServer, mockAppendSafeOutput, { + create_pull_request_review_comment: { + target: "*", + }, + }); + + const result = wildcardHandlers.createPullRequestReviewCommentHandler({ path: "src/foo.js", line: 5, body: "Consider renaming." }); + + expect(result.isError).toBe(true); + const responseData = JSON.parse(result.content[0].text); + expect(responseData.result).toBe("error"); + expect(responseData.error).toContain("requires pull_request_number"); + expect(mockAppendSafeOutput).not.toHaveBeenCalled(); + expect(() => wildcardHandlers.submitPullRequestReviewHandler({ event: "COMMENT" })).toThrow(expect.objectContaining({ code: -32602, message: expect.stringContaining("review body is empty") })); + }); }); describe("updatePullRequestHandler", () => { @@ -2075,6 +2108,22 @@ describe("safe_outputs_handlers", () => { expect(() => handlers.updatePullRequestHandler(undefined)).toThrow(expect.objectContaining({ code: -32602 })); }); + it("should require explicit pull_request_number when update_pull_request target is '*'", () => { + const wildcardHandlers = createHandlers(mockServer, mockAppendSafeOutput, { + update_pull_request: { + target: "*", + }, + }); + + const result = wildcardHandlers.updatePullRequestHandler({ body: "Update the PR body." }); + + expect(result.isError).toBe(true); + const responseData = JSON.parse(result.content[0].text); + expect(responseData.result).toBe("error"); + expect(responseData.error).toContain("requires pull_request_number"); + expect(mockAppendSafeOutput).not.toHaveBeenCalled(); + }); + it("should throw MCP error when update_branch is explicitly false and no other fields", () => { expect(() => handlers.updatePullRequestHandler({ update_branch: false })).toThrow(expect.objectContaining({ code: -32602 })); }); From 30049ce8b12b1643b128c38549b17130e9b97d44 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 13:39:06 +0000 Subject: [PATCH 03/10] Generalize wildcard safe-output target validation Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/js/safe_outputs_handlers.cjs | 69 +++++++++++-------- .../setup/js/safe_outputs_handlers.test.cjs | 18 +++++ actions/setup/js/safe_outputs_tools.json | 32 ++++++++- pkg/workflow/js/safe_outputs_tools.json | 46 ++++++++++++- 4 files changed, 134 insertions(+), 31 deletions(-) diff --git a/actions/setup/js/safe_outputs_handlers.cjs b/actions/setup/js/safe_outputs_handlers.cjs index fbed161334a..70e12585ab7 100644 --- a/actions/setup/js/safe_outputs_handlers.cjs +++ b/actions/setup/js/safe_outputs_handlers.cjs @@ -25,6 +25,9 @@ const { sanitizeTitle, applyTitlePrefix } = require("./sanitize_title.cjs"); const { parseDeduplicateByTitle, normalizeTitleForDedup, findDuplicateByTitle } = require("./issue_title_dedup.cjs"); const { validateCreatePullRequestIntent, validatePushToPullRequestBranchIntent, validateCreateIssueIntent, validateAddCommentIntent } = require("./intent_probe.cjs"); const { globPatternToRegex } = require("./glob_pattern_helpers.cjs"); +const safeOutputsTools = require("./safe_outputs_tools.json"); + +const safeOutputsToolMap = new Map(safeOutputsTools.map(tool => [tool.name, tool])); /** * @param {string} error @@ -69,20 +72,12 @@ function getSafeOutputsToolConfig(safeOutputsConfig, toolName) { return safeOutputsConfig?.[toolName] || safeOutputsConfig?.[toolName.replace(/_/g, "-")] || {}; } -/** - * @param {Record} entry - * @returns {boolean} - */ -function hasExplicitAddCommentTargetNumber(entry) { - return ["item_number", "pr_number", "pr"].some(field => entry[field] !== undefined && entry[field] !== null && String(entry[field]).trim() !== ""); +function hasExplicitTargetParameter(entry, fieldNames) { + return fieldNames.some(field => entry[field] !== undefined && entry[field] !== null && String(entry[field]).trim() !== ""); } -/** - * @param {Record} entry - * @returns {boolean} - */ -function hasExplicitPullRequestTargetNumber(entry) { - return ["pull_request_number", "pr_number", "pr", "pull_number"].some(field => entry[field] !== undefined && entry[field] !== null && String(entry[field]).trim() !== ""); +function getWildcardTargetRequirement(toolName) { + return safeOutputsToolMap.get(toolName)?.["x-safe-outputs-target-requirements"]?.["*"] || null; } /** @@ -171,11 +166,29 @@ function resolvePatchWorkspacePath(workspacePath) { */ function createHandlers(server, appendSafeOutput, config = {}) { const TOKEN_THRESHOLD = 16000; - const addCommentConfig = getSafeOutputsToolConfig(config, "add_comment"); - const wildcardAddCommentTargetRequiresItemNumber = addCommentConfig.target === "*"; - const wildcardReviewCommentTargetRequiresPullRequestNumber = getSafeOutputsToolConfig(config, "create_pull_request_review_comment").target === "*"; - const wildcardSubmitReviewTargetRequiresPullRequestNumber = getSafeOutputsToolConfig(config, "submit_pull_request_review").target === "*"; - const wildcardUpdatePullRequestTargetRequiresPullRequestNumber = getSafeOutputsToolConfig(config, "update_pull_request").target === "*"; + + const validateWildcardTargetRequirement = entry => { + const toolName = entry?.type; + const requirement = getWildcardTargetRequirement(toolName); + if (!requirement) { + return null; + } + + const toolConfig = getSafeOutputsToolConfig(config, toolName); + if (toolConfig.target !== "*") { + return null; + } + + const anyOf = Array.isArray(requirement.anyOf) ? requirement.anyOf.filter(field => typeof field === "string" && field.trim() !== "") : []; + if (anyOf.length === 0 || hasExplicitTargetParameter(entry, anyOf)) { + return null; + } + + const configKey = requirement.configKey || toolName.replace(/_/g, "-"); + const primary = requirement.primary || anyOf[0]; + const guidance = anyOf.length === 1 ? primary : `one of: ${anyOf.join(", ")}`; + return buildIntentErrorResponse(`${toolName} requires ${primary} when safe-outputs.${configKey}.target is '*'. Provide ${guidance} and retry.`); + }; /** * Detect and offload large string fields to files. @@ -224,14 +237,9 @@ function createHandlers(server, appendSafeOutput, config = {}) { */ const defaultHandler = type => args => { const entry = { ...(args || {}), type }; - if (type === "create_pull_request_review_comment" && wildcardReviewCommentTargetRequiresPullRequestNumber && !hasExplicitPullRequestTargetNumber(entry)) { - return buildIntentErrorResponse("create_pull_request_review_comment requires pull_request_number when safe-outputs.create-pull-request-review-comment.target is '*'. Provide pull_request_number and retry."); - } - if (type === "submit_pull_request_review" && wildcardSubmitReviewTargetRequiresPullRequestNumber && !hasExplicitPullRequestTargetNumber(entry)) { - return buildIntentErrorResponse("submit_pull_request_review requires pull_request_number when safe-outputs.submit-pull-request-review.target is '*'. Provide pull_request_number and retry."); - } - if (type === "update_pull_request" && wildcardUpdatePullRequestTargetRequiresPullRequestNumber && !hasExplicitPullRequestTargetNumber(entry)) { - return buildIntentErrorResponse("update_pull_request requires pull_request_number when safe-outputs.update-pull-request.target is '*'. Provide pull_request_number (or pr_number/pr alias) and retry."); + const wildcardTargetValidationError = validateWildcardTargetRequirement(entry); + if (wildcardTargetValidationError) { + return wildcardTargetValidationError; } const largeContentResponse = maybeHandleLargeContent(entry); if (largeContentResponse) return largeContentResponse; @@ -840,6 +848,10 @@ function createHandlers(server, appendSafeOutput, config = {}) { // Drop it so the agent cannot override the derived source branch. const { branch: _agentBranch, ...sanitizedArgs } = args || {}; const entry = { ...sanitizedArgs, type: "push_to_pull_request_branch" }; + const wildcardTargetValidationError = validateWildcardTargetRequirement(entry); + if (wildcardTargetValidationError) { + return wildcardTargetValidationError; + } // Resolve target repo configuration and validate the target repo early // This is needed before getBaseBranch to ensure we resolve the base branch @@ -1590,10 +1602,9 @@ function createHandlers(server, appendSafeOutput, config = {}) { // Build the entry with a temporary_id const entry = { ...(args || {}), type: "add_comment" }; - if (wildcardAddCommentTargetRequiresItemNumber) { - if (!hasExplicitAddCommentTargetNumber(entry)) { - return buildIntentErrorResponse("add_comment requires item_number when safe-outputs.add-comment.target is '*'. Provide item_number (or pr_number/pr alias)."); - } + const wildcardTargetValidationError = validateWildcardTargetRequirement(entry); + if (wildcardTargetValidationError) { + return wildcardTargetValidationError; } const intentValidationError = validateAddCommentIntent(entry); if (intentValidationError) { diff --git a/actions/setup/js/safe_outputs_handlers.test.cjs b/actions/setup/js/safe_outputs_handlers.test.cjs index fa41391c593..7ef3d56179e 100644 --- a/actions/setup/js/safe_outputs_handlers.test.cjs +++ b/actions/setup/js/safe_outputs_handlers.test.cjs @@ -511,6 +511,24 @@ describe("safe_outputs_handlers", () => { }); }); + describe("defaultHandler wildcard target validation", () => { + it("should require explicit pull_request_number when close_pull_request target is '*'", () => { + const wildcardHandlers = createHandlers(mockServer, mockAppendSafeOutput, { + close_pull_request: { + target: "*", + }, + }); + + const result = wildcardHandlers.defaultHandler("close_pull_request")({ body: "Closing in favor of a newer PR." }); + + expect(result.isError).toBe(true); + const responseData = JSON.parse(result.content[0].text); + expect(responseData.result).toBe("error"); + expect(responseData.error).toContain("requires pull_request_number"); + expect(mockAppendSafeOutput).not.toHaveBeenCalled(); + }); + }); + describe("createPullRequestHandler", () => { /** * Creates a side-repo checkout where: diff --git a/actions/setup/js/safe_outputs_tools.json b/actions/setup/js/safe_outputs_tools.json index 945df3314b3..5b0ad9b8896 100644 --- a/actions/setup/js/safe_outputs_tools.json +++ b/actions/setup/js/safe_outputs_tools.json @@ -230,7 +230,7 @@ }, "pull_request_number": { "type": ["number", "string"], - "description": "Pull request number to close. This is the numeric ID from the GitHub URL (e.g., 432 in github.com/owner/repo/pull/432). If omitted, closes the PR that triggered this workflow (requires a pull_request event trigger).", + "description": "Pull request number to close. This is the numeric ID from the GitHub URL (e.g., 432 in github.com/owner/repo/pull/432). If omitted, closes the PR that triggered this workflow (requires a pull_request event trigger). Required when the workflow target is '*' (any PR).", "x-synonyms": ["pullRequestNumber"] }, "secrecy": { @@ -243,6 +243,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": ["pull_request_number"] + } } }, { @@ -302,6 +308,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "item_number", + "anyOf": ["item_number", "pr_number", "pr"] + } } }, { @@ -408,6 +420,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": ["pull_request_number"] + } } }, { @@ -444,6 +462,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": ["pull_request_number"] + } } }, { @@ -905,6 +929,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": ["pull_request_number", "pr_number", "pr"] + } } }, { diff --git a/pkg/workflow/js/safe_outputs_tools.json b/pkg/workflow/js/safe_outputs_tools.json index 10cea9eb8f9..9675953ff8d 100644 --- a/pkg/workflow/js/safe_outputs_tools.json +++ b/pkg/workflow/js/safe_outputs_tools.json @@ -284,7 +284,7 @@ "number", "string" ], - "description": "Pull request number to close. This is the numeric ID from the GitHub URL (e.g., 432 in github.com/owner/repo/pull/432). If omitted, closes the PR that triggered this workflow (requires a pull_request event trigger).", + "description": "Pull request number to close. This is the numeric ID from the GitHub URL (e.g., 432 in github.com/owner/repo/pull/432). If omitted, closes the PR that triggered this workflow (requires a pull_request event trigger). Required when the workflow target is '*' (any PR).", "x-synonyms": [ "pullRequestNumber" ] @@ -299,6 +299,14 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": [ + "pull_request_number" + ] + } } }, { @@ -385,6 +393,16 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "item_number", + "anyOf": [ + "item_number", + "pr_number", + "pr" + ] + } } }, { @@ -516,6 +534,14 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": [ + "pull_request_number" + ] + } } }, { @@ -561,6 +587,14 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": [ + "pull_request_number" + ] + } } }, { @@ -1151,6 +1185,16 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": [ + "pull_request_number", + "pr_number", + "pr" + ] + } } }, { From 0b4b90f5827fce154822d3312fefebd471ccbd69 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 13:41:55 +0000 Subject: [PATCH 04/10] Polish schema-driven wildcard validation Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/js/safe_outputs_handlers.cjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/setup/js/safe_outputs_handlers.cjs b/actions/setup/js/safe_outputs_handlers.cjs index 70e12585ab7..d6ce4df6e28 100644 --- a/actions/setup/js/safe_outputs_handlers.cjs +++ b/actions/setup/js/safe_outputs_handlers.cjs @@ -179,12 +179,12 @@ function createHandlers(server, appendSafeOutput, config = {}) { return null; } - const anyOf = Array.isArray(requirement.anyOf) ? requirement.anyOf.filter(field => typeof field === "string" && field.trim() !== "") : []; + const anyOf = Array.isArray(requirement.anyOf) ? requirement.anyOf : []; if (anyOf.length === 0 || hasExplicitTargetParameter(entry, anyOf)) { return null; } - const configKey = requirement.configKey || toolName.replace(/_/g, "-"); + const configKey = toolName.replace(/_/g, "-"); const primary = requirement.primary || anyOf[0]; const guidance = anyOf.length === 1 ? primary : `one of: ${anyOf.join(", ")}`; return buildIntentErrorResponse(`${toolName} requires ${primary} when safe-outputs.${configKey}.target is '*'. Provide ${guidance} and retry.`); From 5bc293847d81d6c5c732379d76c2ea875f61bf27 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 13:44:55 +0000 Subject: [PATCH 05/10] Document wildcard validation helpers Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/js/safe_outputs_handlers.cjs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/actions/setup/js/safe_outputs_handlers.cjs b/actions/setup/js/safe_outputs_handlers.cjs index d6ce4df6e28..a173e1b40b6 100644 --- a/actions/setup/js/safe_outputs_handlers.cjs +++ b/actions/setup/js/safe_outputs_handlers.cjs @@ -72,10 +72,19 @@ function getSafeOutputsToolConfig(safeOutputsConfig, toolName) { return safeOutputsConfig?.[toolName] || safeOutputsConfig?.[toolName.replace(/_/g, "-")] || {}; } +/** + * @param {Record} entry + * @param {string[]} fieldNames + * @returns {boolean} + */ function hasExplicitTargetParameter(entry, fieldNames) { return fieldNames.some(field => entry[field] !== undefined && entry[field] !== null && String(entry[field]).trim() !== ""); } +/** + * @param {string} toolName + * @returns {{primary?: string, anyOf?: string[]} | null} + */ function getWildcardTargetRequirement(toolName) { return safeOutputsToolMap.get(toolName)?.["x-safe-outputs-target-requirements"]?.["*"] || null; } @@ -167,6 +176,11 @@ function resolvePatchWorkspacePath(workspacePath) { function createHandlers(server, appendSafeOutput, config = {}) { const TOKEN_THRESHOLD = 16000; + /** + * Validate schema-declared explicit target parameters for wildcard-target tools. + * @param {Record} entry + * @returns {{content: Array<{type: "text", text: string}>, isError: true} | null} + */ const validateWildcardTargetRequirement = entry => { const toolName = entry?.type; const requirement = getWildcardTargetRequirement(toolName); From ed1abebd640ef9221a6b77466669d49f795937a2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 13:58:17 +0000 Subject: [PATCH 06/10] Read safe output tools JSON explicitly Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/js/safe_outputs_handlers.cjs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/actions/setup/js/safe_outputs_handlers.cjs b/actions/setup/js/safe_outputs_handlers.cjs index a173e1b40b6..6d16fae6116 100644 --- a/actions/setup/js/safe_outputs_handlers.cjs +++ b/actions/setup/js/safe_outputs_handlers.cjs @@ -25,7 +25,16 @@ const { sanitizeTitle, applyTitlePrefix } = require("./sanitize_title.cjs"); const { parseDeduplicateByTitle, normalizeTitleForDedup, findDuplicateByTitle } = require("./issue_title_dedup.cjs"); const { validateCreatePullRequestIntent, validatePushToPullRequestBranchIntent, validateCreateIssueIntent, validateAddCommentIntent } = require("./intent_probe.cjs"); const { globPatternToRegex } = require("./glob_pattern_helpers.cjs"); -const safeOutputsTools = require("./safe_outputs_tools.json"); +/** + * Read and parse a JSON file. + * @param {string} filePath + * @returns {any} + */ +function readJSONFile(filePath) { + return JSON.parse(fs.readFileSync(filePath, "utf8")); +} + +const safeOutputsTools = readJSONFile(path.join(__dirname, "safe_outputs_tools.json")); const safeOutputsToolMap = new Map(safeOutputsTools.map(tool => [tool.name, tool])); From 7ca7e3231d0066f45b842c389ddc18b5797efc6f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 14:33:41 +0000 Subject: [PATCH 07/10] Expand wildcard target requirements for additional safe output tools Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../setup/js/safe_outputs_handlers.test.cjs | 48 + actions/setup/js/safe_outputs_tools.json | 18 + pkg/workflow/js/safe_outputs_tools.json | 845 ++++-------------- 3 files changed, 261 insertions(+), 650 deletions(-) diff --git a/actions/setup/js/safe_outputs_handlers.test.cjs b/actions/setup/js/safe_outputs_handlers.test.cjs index 7ef3d56179e..0b620e5315d 100644 --- a/actions/setup/js/safe_outputs_handlers.test.cjs +++ b/actions/setup/js/safe_outputs_handlers.test.cjs @@ -512,6 +512,22 @@ describe("safe_outputs_handlers", () => { }); describe("defaultHandler wildcard target validation", () => { + it("should require explicit discussion_number when update_discussion target is '*'", () => { + const wildcardHandlers = createHandlers(mockServer, mockAppendSafeOutput, { + update_discussion: { + target: "*", + }, + }); + + const result = wildcardHandlers.defaultHandler("update_discussion")({ body: "Updated discussion body." }); + + expect(result.isError).toBe(true); + const responseData = JSON.parse(result.content[0].text); + expect(responseData.result).toBe("error"); + expect(responseData.error).toContain("requires discussion_number"); + expect(mockAppendSafeOutput).not.toHaveBeenCalled(); + }); + it("should require explicit pull_request_number when close_pull_request target is '*'", () => { const wildcardHandlers = createHandlers(mockServer, mockAppendSafeOutput, { close_pull_request: { @@ -527,6 +543,22 @@ describe("safe_outputs_handlers", () => { expect(responseData.error).toContain("requires pull_request_number"); expect(mockAppendSafeOutput).not.toHaveBeenCalled(); }); + + it("should require explicit pull_request_number when create_check_run target is '*'", () => { + const wildcardHandlers = createHandlers(mockServer, mockAppendSafeOutput, { + create_check_run: { + target: "*", + }, + }); + + const result = wildcardHandlers.defaultHandler("create_check_run")({ conclusion: "success", title: "Checks passed", summary: "All checks passed." }); + + expect(result.isError).toBe(true); + const responseData = JSON.parse(result.content[0].text); + expect(responseData.result).toBe("error"); + expect(responseData.error).toContain("requires pull_request_number"); + expect(mockAppendSafeOutput).not.toHaveBeenCalled(); + }); }); describe("createPullRequestHandler", () => { @@ -1144,6 +1176,22 @@ describe("safe_outputs_handlers", () => { expect(mockAppendSafeOutput).not.toHaveBeenCalled(); }); + it("should require explicit pull_request_number when push_to_pull_request_branch target is '*'", async () => { + const wildcardHandlers = createHandlers(mockServer, mockAppendSafeOutput, { + push_to_pull_request_branch: { + target: "*", + }, + }); + + const result = await wildcardHandlers.pushToPullRequestBranchHandler({ message: "Apply requested changes." }); + + expect(result.isError).toBe(true); + const responseData = JSON.parse(result.content[0].text); + expect(responseData.result).toBe("error"); + expect(responseData.error).toContain("requires pull_request_number"); + expect(mockAppendSafeOutput).not.toHaveBeenCalled(); + }); + it("should reject obvious exploratory test payloads before recording a PR branch update intent", async () => { // The agent can no longer supply `branch`; the handler derives it from // the current working checkout. Model the failure mode where the diff --git a/actions/setup/js/safe_outputs_tools.json b/actions/setup/js/safe_outputs_tools.json index 5b0ad9b8896..551f5422845 100644 --- a/actions/setup/js/safe_outputs_tools.json +++ b/actions/setup/js/safe_outputs_tools.json @@ -154,6 +154,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "discussion_number", + "anyOf": ["discussion_number"] + } } }, { @@ -1007,6 +1013,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": ["pull_request_number"] + } } }, { @@ -1691,6 +1703,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": ["pull_request_number", "pr_number", "pr", "pull_number"] + } } } ] diff --git a/pkg/workflow/js/safe_outputs_tools.json b/pkg/workflow/js/safe_outputs_tools.json index 9675953ff8d..551f5422845 100644 --- a/pkg/workflow/js/safe_outputs_tools.json +++ b/pkg/workflow/js/safe_outputs_tools.json @@ -4,10 +4,7 @@ "description": "WRITE-ONCE: do NOT call this tool with empty or placeholder arguments to probe or discover its schema \u2014 required fields (title, body) are listed in this schema; if you are not ready to open the real issue, call `noop` instead. Creates a new GitHub issue for tracking bugs, feature requests, or tasks. Use this for actionable work items that need assignment, labeling, and status tracking. For reports, announcements, or status updates that don't require task tracking, use create_discussion instead. Compatibility: labels may be passed as either an array of strings or a comma-separated string; string input is split, trimmed, and normalized to an array.", "inputSchema": { "type": "object", - "required": [ - "title", - "body" - ], + "required": ["title", "body"], "properties": { "title": { "type": "string", @@ -19,10 +16,7 @@ "description": "Detailed issue description in Markdown. Must be the final intended body \u2014 not a placeholder or test value. Do NOT repeat the title as a heading since it already appears as the issue's h1. Include context, reproduction steps, or acceptance criteria as appropriate." }, "labels": { - "type": [ - "array", - "string" - ], + "type": ["array", "string"], "items": { "type": "string" }, @@ -33,20 +27,14 @@ "description": "Optional issue fields to set after creating the issue (e.g., Priority, Iteration, Start Date).", "items": { "type": "object", - "required": [ - "name", - "value" - ], + "required": ["name", "value"], "properties": { "name": { "type": "string", "description": "Issue field name exactly as configured in the repository (e.g., \"Priority\", \"Iteration\")." }, "value": { - "type": [ - "string", - "number" - ], + "type": ["string", "number"], "description": "Field value. Use string for text, single-select, iteration, and date (YYYY-MM-DD) fields; use number for numeric fields." } }, @@ -54,19 +42,14 @@ } }, "parent": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Parent issue number for creating sub-issues. This is the numeric ID from the GitHub URL (e.g., 42 in github.com/owner/repo/issues/42). Can also be a temporary_id from a previously created issue in the same workflow run \u2014 use the '#aw_abc123' form (e.g., '#aw_Test123'); the bare 'aw_abc123' form is also accepted and normalised to '#aw_abc123'." }, "temporary_id": { "type": "string", "pattern": "^#?aw_[A-Za-z0-9_]{3,12}$", "description": "Unique temporary identifier for this issue. Canonical form: '#aw_' followed by 3 to 12 alphanumeric or underscore characters (A-Za-z0-9_) \u2014 e.g., '#aw_abc1', '#aw_pr_fix'. The bare 'aw_abc1' form is also accepted and normalised to '#aw_abc1'. Use this same '#aw_ID' form in body text to cross-reference the issue; these references are replaced with the real issue number after creation.", - "x-synonyms": [ - "temporaryId" - ] + "x-synonyms": ["temporaryId"] }, "secrecy": { "type": "string", @@ -85,9 +68,7 @@ "description": "Create a GitHub Copilot coding agent session to delegate coding work. Use this when you need another Copilot coding agent to implement code changes, fix bugs, or complete development tasks. The task becomes a new issue that triggers the Copilot coding agent. For non-coding tasks or manual work items, use create_issue instead.", "inputSchema": { "type": "object", - "required": [ - "body" - ], + "required": ["body"], "properties": { "body": { "type": "string", @@ -110,10 +91,7 @@ "description": "Create a GitHub discussion for announcements, Q&A, reports, status updates, or community conversations. Use this for content that benefits from threaded replies, doesn't require task tracking, or serves as documentation. For actionable work items that need assignment and status tracking, use create_issue instead. Arguments must be flat tool arguments (title, body), not nested under create_discussion.", "inputSchema": { "type": "object", - "required": [ - "title", - "body" - ], + "required": ["title", "body"], "properties": { "title": { "type": "string", @@ -126,10 +104,7 @@ "category": { "type": "string", "description": "Discussion category by name (e.g., 'General'), slug (e.g., 'general'), or ID. If omitted, uses the first available category. Category must exist in the repository. NOTE: the field is named category (not categoryId or category_id as in the GitHub GraphQL API).", - "x-synonyms": [ - "categoryId", - "category_id" - ] + "x-synonyms": ["categoryId", "category_id"] }, "secrecy": { "type": "string", @@ -165,14 +140,9 @@ "description": "Replace the discussion labels with this list (e.g., ['bug', 'help wanted']). Labels must exist in the repository. This replaces all existing labels on the discussion." }, "discussion_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Discussion number to update. This is the numeric ID from the GitHub URL (e.g., 345 in github.com/owner/repo/discussions/345). Required when the workflow target is '*' (any discussion).", - "x-synonyms": [ - "discussionNumber" - ] + "x-synonyms": ["discussionNumber"] }, "secrecy": { "type": "string", @@ -184,6 +154,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "discussion_number", + "anyOf": ["discussion_number"] + } } }, { @@ -191,9 +167,7 @@ "description": "Close a GitHub discussion with a resolution comment and optional reason. You can and should always add a comment when closing a discussion to explain the action or provide context. Use this to mark discussions as resolved, answered, or no longer needed. The closing comment should explain why the discussion is being closed. If the discussion is already closed, a comment will still be posted.", "inputSchema": { "type": "object", - "required": [ - "body" - ], + "required": ["body"], "properties": { "body": { "type": "string", @@ -201,23 +175,13 @@ }, "reason": { "type": "string", - "enum": [ - "RESOLVED", - "DUPLICATE", - "OUTDATED", - "ANSWERED" - ], + "enum": ["RESOLVED", "DUPLICATE", "OUTDATED", "ANSWERED"], "description": "Resolution reason: RESOLVED (issue addressed), DUPLICATE (discussed elsewhere), OUTDATED (no longer relevant), or ANSWERED (question answered)." }, "discussion_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Discussion number to close. This is the numeric ID from the GitHub URL (e.g., 678 in github.com/owner/repo/discussions/678). If omitted, closes the discussion that triggered this workflow (requires a discussion event trigger).", - "x-synonyms": [ - "discussionNumber" - ] + "x-synonyms": ["discussionNumber"] }, "secrecy": { "type": "string", @@ -236,23 +200,16 @@ "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted.", "inputSchema": { "type": "object", - "required": [ - "body" - ], + "required": ["body"], "properties": { "body": { "type": "string", "description": "Closing comment explaining why the issue is being closed and summarizing any resolution, workaround, or conclusion." }, "issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue number to close. This is the numeric ID from the GitHub URL (e.g., 901 in github.com/owner/repo/issues/901). If omitted, closes the issue that triggered this workflow (requires an issue event trigger).", - "x-synonyms": [ - "issueNumber" - ] + "x-synonyms": ["issueNumber"] }, "secrecy": { "type": "string", @@ -271,23 +228,16 @@ "description": "Close a pull request WITHOUT merging, adding a closing comment. You can and should always add a comment when closing a PR to explain the action or provide context. Use this for PRs that should be abandoned, superseded, or closed for other reasons. The closing comment should explain why the PR is being closed. This does NOT merge the changes. If the PR is already closed, a comment will still be posted.", "inputSchema": { "type": "object", - "required": [ - "body" - ], + "required": ["body"], "properties": { "body": { "type": "string", "description": "Closing comment explaining why the PR is being closed without merging (e.g., superseded by another PR, no longer needed, approach rejected)." }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to close. This is the numeric ID from the GitHub URL (e.g., 432 in github.com/owner/repo/pull/432). If omitted, closes the PR that triggered this workflow (requires a pull_request event trigger). Required when the workflow target is '*' (any PR).", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "secrecy": { "type": "string", @@ -303,9 +253,7 @@ "x-safe-outputs-target-requirements": { "*": { "primary": "pull_request_number", - "anyOf": [ - "pull_request_number" - ] + "anyOf": ["pull_request_number"] } } }, @@ -314,9 +262,7 @@ "description": "WRITE-ONCE: do NOT call this tool with empty or placeholder arguments to probe or discover its schema \u2014 the required `body` field is listed in this schema; if you are not ready to post a real comment, call `noop` instead. Adds a comment to an existing GitHub issue, pull request, or discussion. Use this to provide feedback, answer questions, or add information to an existing conversation. For creating new items, use create_issue, create_discussion, or create_pull_request instead. IMPORTANT: Comments are subject to validation constraints enforced by the MCP server - maximum 65536 characters for the complete comment (including footer which is added automatically), 10 mentions (@username), and 50 links. Exceeding these limits will result in an immediate error with specific guidance. NOTE: By default, this tool does not require discussions:write permission. Set 'discussions: true' in the workflow's safe-outputs.add-comment configuration to enable discussion comments and request this permission.", "inputSchema": { "type": "object", - "required": [ - "body" - ], + "required": ["body"], "properties": { "body": { "type": "string", @@ -324,63 +270,38 @@ "description": "The comment text in Markdown format. Must be the final intended comment \u2014 not a placeholder or test value. This is the 'body' field - do not use 'comment_body' or other variations. Provide helpful, relevant information that adds value to the conversation. CONSTRAINTS: The complete comment (your body text + automatically added footer) must not exceed 65536 characters total. Maximum 10 mentions (@username), maximum 50 links (http/https URLs). A footer (~200-500 characters) is automatically appended with workflow attribution, so leave adequate space. If these limits are exceeded, the tool call will fail with a detailed error message indicating which constraint was violated." }, "item_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "The issue, pull request, or discussion number to comment on. This is the numeric ID from the GitHub URL (e.g., 123 in github.com/owner/repo/issues/123). Can also be a temporary_id from a previously created issue in the same workflow run \u2014 use the '#aw_abc123' form; the bare 'aw_abc123' form is also accepted and normalised to '#aw_abc123'. If omitted, the tool auto-targets the issue, PR, or discussion that triggered this workflow. Auto-targeting only works for issue, pull_request, discussion, and comment event triggers \u2014 it does NOT work for schedule, workflow_dispatch, push, or workflow_run triggers. For those trigger types, always provide item_number explicitly, or the tool call will fail with an error. Required when safe-outputs.add-comment.target is '*' (any item): calls without item_number (or pr_number/pr alias) are rejected. NOTE: this field is named item_number, NOT issue_number.", - "x-synonyms": [ - "issue_number", - "itemNumber" - ] + "x-synonyms": ["issue_number", "itemNumber"] }, "pr_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Alias for item_number when targeting a pull request. Prefer item_number in new calls.", - "x-synonyms": [ - "prNumber" - ] + "x-synonyms": ["prNumber"] }, "pr": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Alias for item_number when targeting a pull request. Prefer item_number in new calls." }, "temporary_id": { "type": "string", "pattern": "^#?aw_[A-Za-z0-9_]{3,12}$", "description": "Unique temporary identifier for this comment. Canonical form: '#aw_' followed by 3 to 12 alphanumeric or underscore characters (A-Za-z0-9_) \u2014 e.g., '#aw_abc1', '#aw_pr_fix'. The bare 'aw_abc1' form is also accepted and normalised to '#aw_abc1'. Auto-generated if not provided. The temporary ID is returned in the tool response so you can reference this comment later.", - "x-synonyms": [ - "temporaryId" - ] + "x-synonyms": ["temporaryId"] }, "reply_to_id": { "type": "string", "description": "Node ID of the discussion comment to reply to, enabling threaded discussion comments. When provided, the new comment is posted as a reply to the specified top-level discussion comment. If the given node ID belongs to a nested reply, the handler automatically resolves it to the top-level parent. Only applicable for discussion comments \u2014 ignored for issue and pull request comments.", - "x-synonyms": [ - "replyToId" - ] + "x-synonyms": ["replyToId"] }, "comment_id": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Existing issue or pull request comment ID to update instead of creating a new comment.", - "x-synonyms": [ - "commentId" - ] + "x-synonyms": ["commentId"] }, "target": { "type": "string", - "enum": [ - "status" - ], + "enum": ["status"], "description": "When set to 'status', updates the activation status comment for this run (if available) instead of creating a new comment." }, "secrecy": { @@ -397,11 +318,7 @@ "x-safe-outputs-target-requirements": { "*": { "primary": "item_number", - "anyOf": [ - "item_number", - "pr_number", - "pr" - ] + "anyOf": ["item_number", "pr_number", "pr"] } } }, @@ -410,10 +327,7 @@ "description": "Create a new GitHub pull request to propose code changes. Use this after making file edits to submit them for review and merging. The PR will be created from the current branch with your committed changes. This is a write-once declaration for a real intended PR, not a sandbox or probe: do not call it with placeholder content, test titles/bodies, or auth experiments. If you are not ready to open the real PR, use noop or report_incomplete instead. For code review comments on an existing PR, use create_pull_request_review_comment instead.", "inputSchema": { "type": "object", - "required": [ - "title", - "body" - ], + "required": ["title", "body"], "properties": { "title": { "type": "string", @@ -450,9 +364,7 @@ "type": "string", "pattern": "^#?aw_[A-Za-z0-9_]{3,12}$", "description": "Unique temporary identifier for this pull request. Canonical form: '#aw_' followed by 3 to 12 alphanumeric or underscore characters (A-Za-z0-9_) \u2014 e.g., '#aw_pr1', '#aw_fix_123'. The bare 'aw_pr1' form is also accepted and normalised to '#aw_pr1'. Use this same '#aw_ID' form in body text to cross-reference this PR; these references are replaced with the real pull request number after creation.", - "x-synonyms": [ - "temporaryId" - ] + "x-synonyms": ["temporaryId"] }, "secrecy": { "type": "string", @@ -471,21 +383,14 @@ "description": "Create a review comment on a specific line of code in a pull request. Use this for inline code review feedback, suggestions, or questions about specific code changes. For general PR comments not tied to specific lines, use add_comment instead. When the workflow is configured with `target: \"*\"`, you must specify `pull_request_number` to indicate which PR to target.", "inputSchema": { "type": "object", - "required": [ - "path", - "line", - "body" - ], + "required": ["path", "line", "body"], "properties": { "path": { "type": "string", "description": "File path relative to the repository root (e.g., 'src/auth/login.js'). Must be a file that was changed in the PR." }, "line": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Line number for the comment. For single-line comments, this is the target line. For multi-line comments, this is the ending line." }, "body": { @@ -493,31 +398,18 @@ "description": "Review comment content in Markdown. Provide specific, actionable feedback about the code at this location." }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to add the review comment to. This is the numeric ID from the GitHub URL (e.g., 876 in github.com/owner/repo/pull/876). If omitted, adds the comment to the PR that triggered this workflow. Required when the workflow target is '*' (any PR) \u2014 omitting it will cause the comment to fail.", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "start_line": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Starting line number for multi-line comments. When set, the comment spans from start_line to line. Omit for single-line comments.", - "x-synonyms": [ - "startLine" - ] + "x-synonyms": ["startLine"] }, "side": { "type": "string", - "enum": [ - "LEFT", - "RIGHT" - ], + "enum": ["LEFT", "RIGHT"], "description": "Side of the diff to comment on: RIGHT for the new version (additions), LEFT for the old version (deletions). Defaults to RIGHT." }, "repo": { @@ -538,9 +430,7 @@ "x-safe-outputs-target-requirements": { "*": { "primary": "pull_request_number", - "anyOf": [ - "pull_request_number" - ] + "anyOf": ["pull_request_number"] } } }, @@ -556,22 +446,13 @@ }, "event": { "type": "string", - "enum": [ - "APPROVE", - "REQUEST_CHANGES", - "COMMENT" - ], + "enum": ["APPROVE", "REQUEST_CHANGES", "COMMENT"], "description": "Review decision: APPROVE to approve the pull request, REQUEST_CHANGES to formally request changes before merging, or COMMENT for general feedback without a formal decision. Defaults to COMMENT when omitted." }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to submit the review on. This is the numeric ID from the GitHub URL (e.g., 876 in github.com/owner/repo/pull/876). If omitted, submits the review on the PR that triggered this workflow. Required when the workflow target is '*' (any PR) \u2014 omitting it will cause the review to fail.", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "repo": { "type": "string", @@ -591,9 +472,7 @@ "x-safe-outputs-target-requirements": { "*": { "primary": "pull_request_number", - "anyOf": [ - "pull_request_number" - ] + "anyOf": ["pull_request_number"] } } }, @@ -602,34 +481,21 @@ "description": "Reply to an existing review comment on a pull request. Use this to respond to feedback, answer questions, or acknowledge review comments. The comment_id must be the numeric ID of an existing review comment.", "inputSchema": { "type": "object", - "required": [ - "comment_id", - "body" - ], + "required": ["comment_id", "body"], "properties": { "comment_id": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "The numeric ID of the review comment to reply to (e.g., 42853901 from the comment URL or API response).", - "x-synonyms": [ - "commentId" - ] + "x-synonyms": ["commentId"] }, "body": { "type": "string", "description": "The reply text in Markdown format. Provide a clear response to the review comment." }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to reply on. This is the numeric ID from the GitHub URL (e.g., 876 in github.com/owner/repo/pull/876). If omitted, replies on the PR that triggered this workflow.", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "secrecy": { "type": "string", @@ -648,16 +514,12 @@ "description": "Resolve a review thread on a pull request. Use this to mark a review conversation as resolved after addressing the feedback. The thread_id must be the node ID of the review thread (e.g., PRRT_kwDO...).", "inputSchema": { "type": "object", - "required": [ - "thread_id" - ], + "required": ["thread_id"], "properties": { "thread_id": { "type": "string", "description": "The node ID of the review thread to resolve (e.g., 'PRRT_kwDOABCD...'). This is the GraphQL node ID, not a numeric ID.", - "x-synonyms": [ - "threadId" - ] + "x-synonyms": ["threadId"] }, "secrecy": { "type": "string", @@ -676,46 +538,28 @@ "description": "Create a code scanning alert for security vulnerabilities, code quality issues, or other findings. Alerts appear in the repository's Security tab and integrate with GitHub's security features. Use this for automated security analysis results.", "inputSchema": { "type": "object", - "required": [ - "file", - "line", - "severity", - "message" - ], + "required": ["file", "line", "severity", "message"], "properties": { "file": { "type": "string", "description": "File path relative to the repository root where the issue was found (e.g., 'src/auth/password.js')." }, "line": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Line number where the issue was found in the file." }, "severity": { "type": "string", - "enum": [ - "error", - "warning", - "info", - "note" - ], + "enum": ["error", "warning", "info", "note"], "description": "Alert severity level: 'error' (critical security issues), 'warning' (potential problems), 'info' (informational), or 'note' (minor observations). This field is named severity, NOT level.", - "x-synonyms": [ - "level" - ] + "x-synonyms": ["level"] }, "message": { "type": "string", "description": "Clear description of the security issue or finding. Include what's wrong and ideally how to fix it." }, "column": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Column number for more precise location of the issue within the line." }, "ruleIdSuffix": { @@ -748,15 +592,10 @@ "description": "Label names to add (e.g., ['bug', 'priority-high']). Labels must exist in the repository. This field is required \u2014 omitting it will cause a validation error." }, "item_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "pattern": "^(\\d+|#?aw_[A-Za-z0-9_]{3,12})$", "description": "Issue or PR number to add labels to. This is the numeric ID from the GitHub URL (e.g., 456 in github.com/owner/repo/issues/456). Can also be a temporary_id from a previously created issue in the same workflow run \u2014 use the '#aw_abc123' form; the bare 'aw_abc123' form is also accepted and normalised to '#aw_abc123'. If omitted, adds labels to the issue or PR that triggered this workflow. Only works for issue or pull_request event triggers. For schedule, workflow_dispatch, or other triggers, item_number is required \u2014 omitting it will silently skip the label operation.", - "x-synonyms": [ - "itemNumber" - ] + "x-synonyms": ["itemNumber"] }, "secrecy": { "type": "string", @@ -767,9 +606,7 @@ "description": "Trustworthiness level of the message source (e.g., \"low\", \"medium\", \"high\")." } }, - "required": [ - "labels" - ], + "required": ["labels"], "additionalProperties": false } }, @@ -787,15 +624,10 @@ "description": "Label names to remove (e.g., ['smoke', 'needs-triage']). Non-existent labels are silently skipped." }, "item_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "pattern": "^(\\d+|#?aw_[A-Za-z0-9_]{3,12})$", "description": "Issue or PR number to remove labels from. This is the numeric ID from the GitHub URL (e.g., 456 in github.com/owner/repo/issues/456). Can also be a temporary_id from a previously created issue in the same workflow run \u2014 use the '#aw_abc123' form; the bare 'aw_abc123' form is also accepted and normalised to '#aw_abc123'. If omitted, removes labels from the item that triggered this workflow.", - "x-synonyms": [ - "itemNumber" - ] + "x-synonyms": ["itemNumber"] }, "secrecy": { "type": "string", @@ -806,9 +638,7 @@ "description": "Trustworthiness level of the message source (e.g., \"low\", \"medium\", \"high\")." } }, - "required": [ - "labels" - ], + "required": ["labels"], "additionalProperties": false } }, @@ -831,19 +661,12 @@ "type": "string" }, "description": "GitHub team slugs to add as team reviewers (e.g., ['platform-team', 'security-reviewers']). Teams must have access to the repository.", - "x-synonyms": [ - "teamReviewers" - ] + "x-synonyms": ["teamReviewers"] }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to add reviewers to. This is the numeric ID from the GitHub URL (e.g., 876 in github.com/owner/repo/pull/876). If omitted, adds reviewers to the PR that triggered this workflow. Only works for pull_request event triggers. For workflow_dispatch, schedule, or other triggers, pull_request_number is required \u2014 omitting it will silently skip the reviewer assignment.", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "secrecy": { "type": "string", @@ -862,36 +685,22 @@ "description": "Assign an issue to a milestone for release planning and progress tracking. Milestones can be specified by number or title. When auto_create is configured, missing milestones are created automatically.", "inputSchema": { "type": "object", - "required": [ - "issue_number" - ], + "required": ["issue_number"], "properties": { "issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue number to assign to the milestone. This is the numeric ID from the GitHub URL (e.g., 567 in github.com/owner/repo/issues/567). Can also be a temporary_id from a previously created issue in the same workflow run \u2014 use the '#aw_abc123' form; the bare 'aw_abc123' form is also accepted and normalised to '#aw_abc123'.", - "x-synonyms": [ - "issueNumber" - ] + "x-synonyms": ["issueNumber"] }, "milestone_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Milestone number to assign the issue to. This is the numeric ID from the milestone URL (e.g., 12 in github.com/owner/repo/milestone/12). Either milestone_number or milestone_title must be provided.", - "x-synonyms": [ - "milestoneNumber" - ] + "x-synonyms": ["milestoneNumber"] }, "milestone_title": { "type": "string", "description": "Milestone title to assign the issue to (e.g., \"v1.0\"). Used as an alternative to milestone_number \u2014 the handler looks up the milestone by title. Either milestone_number or milestone_title must be provided.", - "x-synonyms": [ - "milestoneTitle" - ] + "x-synonyms": ["milestoneTitle"] }, "secrecy": { "type": "string", @@ -912,24 +721,14 @@ "type": "object", "properties": { "issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue number to assign the Copilot coding agent to. This is the numeric ID from the GitHub URL (e.g., 234 in github.com/owner/repo/issues/234). Can also be a temporary_id from an issue created earlier in the same workflow run \u2014 use the '#aw_abc123' form (e.g., '#aw_Test123'); the bare 'aw_abc123' form is also accepted and normalised to '#aw_abc123'. The issue should contain clear, actionable requirements. Either issue_number or pull_number must be provided, but not both.", - "x-synonyms": [ - "issueNumber" - ] + "x-synonyms": ["issueNumber"] }, "pull_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to assign the Copilot coding agent to. This is the numeric ID from the GitHub URL (e.g., 456 in github.com/owner/repo/pull/456). Either issue_number or pull_number must be provided, but not both.", - "x-synonyms": [ - "pullNumber" - ] + "x-synonyms": ["pullNumber"] }, "agent": { "type": "string", @@ -938,9 +737,7 @@ "pull_request_repo": { "type": "string", "description": "Target repository where the pull request should be created, in 'owner/repo' format. If omitted, the PR will be created in the same repository as the issue. This allows issues and code to live in different repositories. The global pull-request-repo configuration (if set) is automatically allowed; additional repositories must be listed in allowed-pull-request-repos.", - "x-synonyms": [ - "pullRequestRepo" - ] + "x-synonyms": ["pullRequestRepo"] }, "secrecy": { "type": "string", @@ -959,19 +756,12 @@ "description": "Assign one or more GitHub users to an issue. Use this to delegate work to specific team members. Users must have access to the repository.", "inputSchema": { "type": "object", - "required": [ - "issue_number" - ], + "required": ["issue_number"], "properties": { "issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue number to assign users to. This is the numeric ID from the GitHub URL (e.g., 543 in github.com/owner/repo/issues/543). If omitted, assigns to the issue that triggered this workflow.", - "x-synonyms": [ - "issueNumber" - ] + "x-synonyms": ["issueNumber"] }, "assignees": { "type": "array", @@ -1003,14 +793,9 @@ "type": "object", "properties": { "issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue number to unassign users from. This is the numeric ID from the GitHub URL (e.g., 543 in github.com/owner/repo/issues/543). If omitted, uses the issue that triggered this workflow.", - "x-synonyms": [ - "issueNumber" - ] + "x-synonyms": ["issueNumber"] }, "assignees": { "type": "array", @@ -1047,10 +832,7 @@ "properties": { "status": { "type": "string", - "enum": [ - "open", - "closed" - ], + "enum": ["open", "closed"], "description": "New issue status: 'open' to reopen a closed issue, 'closed' to close an open issue." }, "title": { @@ -1063,12 +845,7 @@ }, "operation": { "type": "string", - "enum": [ - "replace", - "append", - "prepend", - "replace-island" - ], + "enum": ["replace", "append", "prepend", "replace-island"], "description": "How to update the issue body: 'append' (default - add to end with separator), 'prepend' (add to start with separator), 'replace' (overwrite entire body), or 'replace-island' (update a run-specific section)." }, "labels": { @@ -1086,21 +863,13 @@ "description": "Replace the issue assignees with this list of GitHub usernames (e.g., ['octocat', 'mona'])." }, "milestone": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Milestone number to assign (e.g., 1). Use null to clear." }, "issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue number to update. This is the numeric ID from the GitHub URL (e.g., 789 in github.com/owner/repo/issues/789). ONLY effective when the workflow is configured with `update-issue: target: '*'` in the frontmatter. When the workflow uses `target: triggering` (the default), this field is ignored and the tool updates the issue that triggered the workflow instead. If you need to update a specific issue in a scheduled or workflow_dispatch workflow, the workflow frontmatter must include `update-issue: target: '*'`.", - "x-synonyms": [ - "issueNumber" - ] + "x-synonyms": ["issueNumber"] }, "secrecy": { "type": "string", @@ -1130,45 +899,26 @@ }, "operation": { "type": "string", - "enum": [ - "replace", - "append", - "prepend" - ], + "enum": ["replace", "append", "prepend"], "description": "How to update the PR body: 'replace' (default - completely overwrite), 'append' (add to end with separator), or 'prepend' (add to start with separator). Title is always replaced." }, "update_branch": { "type": "boolean", "description": "When true, update the pull request branch with the latest base branch changes before applying other updates. Defaults to false. Note: only true counts as a meaningful update; passing false is the same as omitting this field.", - "x-synonyms": [ - "updateBranch" - ] + "x-synonyms": ["updateBranch"] }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to update. This is the numeric ID from the GitHub URL (e.g., 234 in github.com/owner/repo/pull/234). Required when the workflow target is '*' (any PR).", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "pr_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Alias for pull_request_number. Prefer pull_request_number in new calls.", - "x-synonyms": [ - "prNumber" - ] + "x-synonyms": ["prNumber"] }, "pr": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Alias for pull_request_number. Prefer pull_request_number in new calls." }, "draft": { @@ -1189,11 +939,7 @@ "x-safe-outputs-target-requirements": { "*": { "primary": "pull_request_number", - "anyOf": [ - "pull_request_number", - "pr_number", - "pr" - ] + "anyOf": ["pull_request_number", "pr_number", "pr"] } } }, @@ -1204,40 +950,25 @@ "type": "object", "properties": { "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to merge. This is the numeric ID from the GitHub URL (e.g., 321 in github.com/owner/repo/pull/321). If omitted, uses the triggering pull request context.", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "merge_method": { "type": "string", - "enum": [ - "merge", - "squash", - "rebase" - ], + "enum": ["merge", "squash", "rebase"], "description": "Merge strategy to use: 'merge', 'squash', or 'rebase'. Defaults to 'merge'.", - "x-synonyms": [ - "mergeMethod" - ] + "x-synonyms": ["mergeMethod"] }, "commit_title": { "type": "string", "description": "Optional custom commit title to use for the merge commit/squash commit.", - "x-synonyms": [ - "commitTitle" - ] + "x-synonyms": ["commitTitle"] }, "commit_message": { "type": "string", "description": "Optional custom commit message body for the merge.", - "x-synonyms": [ - "commitMessage" - ] + "x-synonyms": ["commitMessage"] }, "repo": { "type": "string", @@ -1260,26 +991,17 @@ "description": "Push committed changes to a pull request's branch. APPEND-ONLY: this tool adds new commits on top of the existing PR branch \u2014 force-push is NOT supported and will be rejected. Use this to add follow-up commits to an existing PR, such as addressing review feedback or fixing issues. This is a write-once declaration for a real intended PR branch update, not a sandbox or probe: do not call it with probe branches, placeholder commit messages, or auth experiments. If you are not ready to push the real update, use noop or report_incomplete instead. Changes must be committed locally before calling this tool. The destination branch is always derived from the pull request's head ref \u2014 you do not specify it. IMPORTANT: do NOT use 'git merge' to update the branch against another branch \u2014 merge commits cannot be signed; the action will attempt to squash them into a single linear commit before pushing, but this rewrites history. Use 'git rebase' instead to avoid the rewrite.", "inputSchema": { "type": "object", - "required": [ - "message" - ], + "required": ["message"], "properties": { "message": { "type": "string", "description": "Commit message describing the changes. Follow repository commit message conventions (e.g., conventional commits). This field is named message, NOT commit_message.", - "x-synonyms": [ - "commit_message" - ] + "x-synonyms": ["commit_message"] }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to push changes to. This is the numeric ID from the GitHub URL (e.g., 654 in github.com/owner/repo/pull/654). Required when the workflow target is '*' (any PR).", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "secrecy": { "type": "string", @@ -1291,6 +1013,12 @@ } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": ["pull_request_number"] + } } }, { @@ -1298,9 +1026,7 @@ "description": "Upload a file as a URL-addressable asset that can be referenced in issues, PRs, or comments. The file is stored on an orphaned git branch and returns a permanent URL. Use this for images, diagrams, or other files that need to be embedded in GitHub content.", "inputSchema": { "type": "object", - "required": [ - "path" - ], + "required": ["path"], "properties": { "path": { "type": "string", @@ -1353,9 +1079,7 @@ "type": "string", "pattern": "^#?aw_[A-Za-z0-9_]{3,12}$", "description": "Optional temporary identifier for this artifact upload. Canonical form: '#aw_' followed by 3 to 12 alphanumeric or underscore characters (A-Za-z0-9_) \u2014 e.g., '#aw_chart1', '#aw_img_out'. The bare 'aw_chart1' form is also accepted. Declare this ID here if you plan to embed the artifact URL in a subsequent message body using '#aw_ID' \u2014 for example '![chart](#aw_chart1)' in a create_discussion body. The safe-outputs processor replaces '#aw_ID' references with the actual artifact download URL after upload. When skip-archive is true the URL points directly to the file and is suitable for inline images.", - "x-synonyms": [ - "temporaryId" - ] + "x-synonyms": ["temporaryId"] }, "secrecy": { "type": "string", @@ -1374,11 +1098,7 @@ "description": "Update a GitHub release description by replacing, appending to, or prepending to the existing content. Use this to add release notes, changelogs, or additional information to an existing release.", "inputSchema": { "type": "object", - "required": [ - "tag", - "operation", - "body" - ], + "required": ["tag", "operation", "body"], "properties": { "tag": { "type": "string", @@ -1386,11 +1106,7 @@ }, "operation": { "type": "string", - "enum": [ - "replace", - "append", - "prepend" - ], + "enum": ["replace", "append", "prepend"], "description": "How to update the release body: 'replace' (completely overwrite), 'append' (add to end with separator), or 'prepend' (add to start with separator)." }, "body": { @@ -1414,9 +1130,7 @@ "description": "Report that a tool or capability needed to complete the task is not available, or share any information you deem important about missing functionality or limitations. Use this when you cannot accomplish what was requested because the required functionality is missing or access is restricted. When a bash command is blocked by security policy, call this tool with reason set to \"security\".", "inputSchema": { "type": "object", - "required": [ - "reason" - ], + "required": ["reason"], "properties": { "tool": { "type": "string", @@ -1447,9 +1161,7 @@ "description": "Log a transparency message when no significant actions are needed. Use this to confirm workflow completion and provide visibility when analysis is complete but no changes or outputs are required (e.g., 'No issues found', 'All checks passed'). This ensures the workflow produces human-visible output even when no other actions are taken.", "inputSchema": { "type": "object", - "required": [ - "message" - ], + "required": ["message"], "properties": { "message": { "type": "string", @@ -1472,30 +1184,17 @@ "description": "Link an issue as a sub-issue of a parent issue. Use this to establish parent-child relationships between issues for better organization and tracking of related work items.", "inputSchema": { "type": "object", - "required": [ - "parent_issue_number", - "sub_issue_number" - ], + "required": ["parent_issue_number", "sub_issue_number"], "properties": { "parent_issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "The parent issue number to link the sub-issue to. This is the numeric ID from the GitHub URL (e.g., 100 in github.com/owner/repo/issues/100).", - "x-synonyms": [ - "parentIssueNumber" - ] + "x-synonyms": ["parentIssueNumber"] }, "sub_issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "The issue number to link as a sub-issue of the parent. This is the numeric ID from the GitHub URL (e.g., 101 in github.com/owner/repo/issues/101).", - "x-synonyms": [ - "subIssueNumber" - ] + "x-synonyms": ["subIssueNumber"] }, "secrecy": { "type": "string", @@ -1514,27 +1213,16 @@ "description": "Hide a comment on a GitHub issue, pull request, or discussion. This collapses the comment and marks it as spam, abuse, off-topic, outdated, resolved, or low-quality. Use this for inappropriate, off-topic, or outdated comments. The comment_id must be a GraphQL node ID (string like 'IC_kwDOABCD123456'), not a numeric REST API comment ID. NOTE: By default, this tool requires discussions:write permission. If your GitHub App lacks Discussions permission, set 'discussions: false' in the workflow's safe-outputs.hide-comment configuration to exclude this permission.", "inputSchema": { "type": "object", - "required": [ - "comment_id" - ], + "required": ["comment_id"], "properties": { "comment_id": { "type": "string", "description": "GraphQL node ID of the comment to hide (e.g., 'IC_kwDOABCD123456'). This is the GraphQL node ID, not the numeric comment ID from REST API. Can be obtained from GraphQL queries or comment API responses.", - "x-synonyms": [ - "commentId" - ] + "x-synonyms": ["commentId"] }, "reason": { "type": "string", - "enum": [ - "SPAM", - "ABUSE", - "OFF_TOPIC", - "OUTDATED", - "RESOLVED", - "LOW_QUALITY" - ], + "enum": ["SPAM", "ABUSE", "OFF_TOPIC", "OUTDATED", "RESOLVED", "LOW_QUALITY"], "description": "Optional reason for hiding the comment. Defaults to SPAM if not provided. Valid values: SPAM (spam content), ABUSE (abusive/harassment content), OFF_TOPIC (not relevant to discussion), OUTDATED (no longer applicable), RESOLVED (issue/question has been resolved), LOW_QUALITY (low-quality content)." }, "secrecy": { @@ -1554,26 +1242,17 @@ "description": "Set the type of a GitHub issue. Pass an empty string \"\" to clear the issue type. Issue types must be configured in the repository or organization settings before they can be assigned.", "inputSchema": { "type": "object", - "required": [ - "issue_type" - ], + "required": ["issue_type"], "properties": { "issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue number to set the type for. If omitted, sets the type on the issue that triggered this workflow.", - "x-synonyms": [ - "issueNumber" - ] + "x-synonyms": ["issueNumber"] }, "issue_type": { "type": "string", "description": "Issue type name to set (e.g., \"Bug\", \"Feature\", \"Task\"). Use an empty string \"\" to clear the current issue type.", - "x-synonyms": [ - "issueType" - ] + "x-synonyms": ["issueType"] }, "secrecy": { "type": "string", @@ -1592,33 +1271,22 @@ "description": "Set a single GitHub issue field by name and value. Use field_name for discovery by field label (for example, \"Priority\"), or provide field_node_id to skip discovery. Supports text, number, date (YYYY-MM-DD), and single-select fields (value must match an option name).", "inputSchema": { "type": "object", - "required": [ - "value" - ], + "required": ["value"], "properties": { "issue_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue number to set the field on. If omitted, targets the issue that triggered this workflow.", - "x-synonyms": [ - "issueNumber" - ] + "x-synonyms": ["issueNumber"] }, "field_name": { "type": "string", "description": "Issue field name to set (e.g., \"Priority\", \"Severity\", \"Customer Impact\").", - "x-synonyms": [ - "fieldName" - ] + "x-synonyms": ["fieldName"] }, "field_node_id": { "type": "string", "description": "Optional GraphQL node ID of the issue field. Provide this to skip field-name discovery and set a field directly.", - "x-synonyms": [ - "fieldNodeId" - ] + "x-synonyms": ["fieldNodeId"] }, "value": { "type": "string", @@ -1641,9 +1309,7 @@ "description": "Manage GitHub Projects: add issues/pull requests/draft issues, update item fields (status, priority, effort, dates), manage custom fields, and create project views. Use this to organize work by adding items to projects, updating field values, creating custom fields up-front, and setting up project views (table, board, roadmap).\n\nThree modes: (1) Add or update project items with custom field values; (2) Create project fields; (3) Create project views. This is the primary tool for ProjectOps automation - add items to projects, set custom fields for tracking, and organize project boards.", "inputSchema": { "type": "object", - "required": [ - "project" - ], + "required": ["project"], "properties": { "project": { "type": "string", @@ -1652,71 +1318,47 @@ }, "operation": { "type": "string", - "enum": [ - "create_fields", - "create_view" - ], + "enum": ["create_fields", "create_view"], "description": "Optional operation mode. Use create_fields to create required fields up-front, or create_view to add a project view. When omitted, the tool adds/updates project items." }, "content_type": { "type": "string", - "enum": [ - "issue", - "pull_request", - "draft_issue" - ], + "enum": ["issue", "pull_request", "draft_issue"], "description": "Type of item to add to the project. Use 'issue' or 'pull_request' to add existing repo content, or 'draft_issue' to create a draft item inside the project. Required when operation is not specified.", - "x-synonyms": [ - "contentType" - ] + "x-synonyms": ["contentType"] }, "content_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Issue or pull request number to add to the project. This is the numeric ID from the GitHub URL (e.g., 123 in github.com/owner/repo/issues/123 for issue #123, or 456 in github.com/owner/repo/pull/456 for PR #456), or a temporary ID from a recent create_issue call \u2014 use '#aw_abc123' (canonical); bare 'aw_abc123' is also accepted. Required when content_type is 'issue' or 'pull_request'.", - "x-synonyms": [ - "contentNumber" - ] + "x-synonyms": ["contentNumber"] }, "target_repo": { "type": "string", "pattern": "^[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+$", "description": "Repository containing the issue or pull request, in \"owner/repo\" format (e.g., \"github/docs\"). Use this when the issue or PR belongs to a different repository than the one running the workflow. The repository must be permitted by either safe-outputs.update-project.target-repo (including the default host repository) or safe-outputs.update-project.allowed-repos.", - "x-synonyms": [ - "targetRepo" - ] + "x-synonyms": ["targetRepo"] }, "draft_title": { "type": "string", "description": "Title for a Projects v2 draft issue. Required when content_type is 'draft_issue'.", - "x-synonyms": [ - "draftTitle" - ] + "x-synonyms": ["draftTitle"] }, "draft_body": { "type": "string", "description": "Optional body for a Projects v2 draft issue (markdown). Only used when content_type is 'draft_issue'.", - "x-synonyms": [ - "draftBody" - ] + "x-synonyms": ["draftBody"] }, "draft_issue_id": { "type": "string", "pattern": "^#?aw_[A-Za-z0-9_]{3,12}$", "description": "Temporary ID of an existing draft issue to update \u2014 use '#aw_abc1' (canonical); bare 'aw_abc1' is also accepted. Use this to reference a draft created earlier with a matching temporary_id. When provided, draft_title is not required for updates.", - "x-synonyms": [ - "draftIssueId" - ] + "x-synonyms": ["draftIssueId"] }, "temporary_id": { "type": "string", "pattern": "^#?aw_[A-Za-z0-9_]{3,12}$", "description": "Unique temporary identifier for this draft issue. Canonical form: '#aw_' followed by 3 to 12 alphanumeric or underscore characters (A-Za-z0-9_) \u2014 e.g., '#aw_abc1', '#aw_pr_fix'. The bare 'aw_abc1' form is also accepted. Provide this when creating a new draft to enable future updates via draft_issue_id.", - "x-synonyms": [ - "temporaryId" - ] + "x-synonyms": ["temporaryId"] }, "fields": { "type": "object", @@ -1727,10 +1369,7 @@ "description": "Field definitions to create when operation is create_fields. Required when operation='create_fields'.", "items": { "type": "object", - "required": [ - "name", - "data_type" - ], + "required": ["name", "data_type"], "properties": { "name": { "type": "string", @@ -1738,13 +1377,7 @@ }, "data_type": { "type": "string", - "enum": [ - "TEXT", - "NUMBER", - "DATE", - "SINGLE_SELECT", - "ITERATION" - ], + "enum": ["TEXT", "NUMBER", "DATE", "SINGLE_SELECT", "ITERATION"], "description": "Field type. Use SINGLE_SELECT with options for enumerated values." }, "options": { @@ -1757,28 +1390,19 @@ }, "additionalProperties": false }, - "x-synonyms": [ - "fieldDefinitions" - ] + "x-synonyms": ["fieldDefinitions"] }, "view": { "type": "object", "description": "View definition to create when operation is create_view. Required when operation='create_view'.", - "required": [ - "name", - "layout" - ], + "required": ["name", "layout"], "properties": { "name": { "type": "string" }, "layout": { "type": "string", - "enum": [ - "table", - "board", - "roadmap" - ] + "enum": ["table", "board", "roadmap"] }, "filter": { "type": "string" @@ -1796,9 +1420,7 @@ "create_if_missing": { "type": "boolean", "description": "Whether to create the project if it doesn't exist. Defaults to false. Requires projects:write permission when true.", - "x-synonyms": [ - "createIfMissing" - ] + "x-synonyms": ["createIfMissing"] }, "secrecy": { "type": "string", @@ -1822,9 +1444,7 @@ "data_type": { "type": "string", "description": "Type or description of the missing data or information (max 128 characters). Be specific about what data is needed.", - "x-synonyms": [ - "dataType" - ] + "x-synonyms": ["dataType"] }, "reason": { "type": "string", @@ -1855,9 +1475,7 @@ "description": "Signal that the task could not be completed due to an infrastructure or tool failure (e.g., MCP server crash, missing authentication, inaccessible repository). Use this when required tools or data are unavailable and the task cannot be meaningfully performed. This is distinct from noop (no action needed) \u2014 it indicates an active failure that prevented the task from running. The workflow framework will treat this as a failure signal even when the agent exits successfully.", "inputSchema": { "type": "object", - "required": [ - "reason" - ], + "required": ["reason"], "properties": { "reason": { "type": "string", @@ -1888,30 +1506,21 @@ }, "owner_type": { "type": "string", - "enum": [ - "org", - "user" - ], + "enum": ["org", "user"], "description": "Type of owner: 'org' for organization or 'user' for user account. Default: 'org'.", - "x-synonyms": [ - "ownerType" - ] + "x-synonyms": ["ownerType"] }, "item_url": { "type": "string", "pattern": "^(https://github\\\\.com/[^/]+/[^/]+/issues/(\\\\d+|#?aw_[A-Za-z0-9_]{3,12})|#?aw_[A-Za-z0-9_]{3,12})$", "description": "Optional GitHub issue URL or temporary ID to add as the first item to the project. Accepts either a full URL (e.g., 'https://github.com/owner/repo/issues/123'), a URL with temporary ID (e.g., 'https://github.com/owner/repo/issues/#aw_abc1'), or a plain temporary ID \u2014 use '#aw_abc1' (canonical); bare 'aw_abc1' is also accepted.", - "x-synonyms": [ - "itemUrl" - ] + "x-synonyms": ["itemUrl"] }, "temporary_id": { "type": "string", "pattern": "^#?aw_[A-Za-z0-9_]{3,12}$", "description": "Optional temporary identifier for this project. Canonical form: '#aw_' followed by 3 to 12 alphanumeric or underscore characters (A-Za-z0-9_) \u2014 e.g., '#aw_abc1', '#aw_pr_fix'. The bare 'aw_abc1' form is also accepted. If not provided, one will be auto-generated and returned in the response. Use this same '#aw_ID' form in add_project_item to reference this project.", - "x-synonyms": [ - "temporaryId" - ] + "x-synonyms": ["temporaryId"] }, "secrecy": { "type": "string", @@ -1930,10 +1539,7 @@ "description": "Post a status update to a GitHub Project to communicate progress and health. Use this to provide stakeholders with regular updates on project status (on-track, at-risk, off-track, complete, inactive), timeline information, and progress summaries. Status updates create a historical record of project progress, enabling tracking over time and informed decision-making.", "inputSchema": { "type": "object", - "required": [ - "project", - "body" - ], + "required": ["project", "body"], "properties": { "project": { "type": "string", @@ -1942,30 +1548,20 @@ }, "status": { "type": "string", - "enum": [ - "ON_TRACK", - "AT_RISK", - "OFF_TRACK", - "COMPLETE", - "INACTIVE" - ], + "enum": ["ON_TRACK", "AT_RISK", "OFF_TRACK", "COMPLETE", "INACTIVE"], "description": "Status indicator for the project. Defaults to ON_TRACK. Values: ON_TRACK (progressing well), AT_RISK (has issues/blockers), OFF_TRACK (significantly behind), COMPLETE (finished), INACTIVE (paused/cancelled)." }, "start_date": { "type": "string", "pattern": "^\\\\d{4}-\\\\d{2}-\\\\d{2}$", "description": "Optional project start date in YYYY-MM-DD format (e.g., '2026-01-06').", - "x-synonyms": [ - "startDate" - ] + "x-synonyms": ["startDate"] }, "target_date": { "type": "string", "pattern": "^\\\\d{4}-\\\\d{2}-\\\\d{2}$", "description": "Optional project target/end date in YYYY-MM-DD format (e.g., '2026-12-31').", - "x-synonyms": [ - "targetDate" - ] + "x-synonyms": ["targetDate"] }, "body": { "type": "string", @@ -1988,35 +1584,22 @@ "description": "Create an autofix for a code scanning alert. Use this to provide automated fixes for security vulnerabilities detected by code scanning tools. The fix should contain the corrected code that resolves the security issue.", "inputSchema": { "type": "object", - "required": [ - "alert_number", - "fix_description", - "fix_code" - ], + "required": ["alert_number", "fix_description", "fix_code"], "properties": { "alert_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "The security alert number to create an autofix for. This is the numeric ID from the code scanning alert (e.g., 42 in github.com/owner/repo/security/code-scanning/42).", - "x-synonyms": [ - "alertNumber" - ] + "x-synonyms": ["alertNumber"] }, "fix_description": { "type": "string", "description": "Clear description of the fix being applied. Explain what security issue is being resolved and how the fix addresses it. Example: 'Sanitize user input to prevent SQL injection by using parameterized queries instead of string concatenation.'", - "x-synonyms": [ - "fixDescription" - ] + "x-synonyms": ["fixDescription"] }, "fix_code": { "type": "string", "description": "The code changes to apply as the autofix. This should be the corrected code that resolves the security vulnerability. Example for SQL injection fix: 'query = db.prepare(\"SELECT * FROM users WHERE id = ?\").bind(userId)'", - "x-synonyms": [ - "fixCode" - ] + "x-synonyms": ["fixCode"] }, "secrecy": { "type": "string", @@ -2035,23 +1618,16 @@ "description": "Mark a draft pull request as ready for review by setting draft=false and adding a comment. Use this when a draft PR has reached a state where it's ready for team review. The comment should explain what was completed and why the PR is now ready.", "inputSchema": { "type": "object", - "required": [ - "reason" - ], + "required": ["reason"], "properties": { "reason": { "type": "string", "description": "Comment explaining why the PR is ready for review (e.g., 'All tests passing and documentation updated', 'Feature implementation complete and ready for feedback')." }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to mark as ready. This is the numeric ID from the GitHub URL (e.g., 432 in github.com/owner/repo/pull/432). If omitted, marks the PR that triggered this workflow (requires a pull_request event trigger).", - "x-synonyms": [ - "pullRequestNumber" - ] + "x-synonyms": ["pullRequestNumber"] }, "secrecy": { "type": "string", @@ -2075,9 +1651,7 @@ "memory_id": { "type": "string", "description": "Memory identifier to validate. Defaults to 'default' if not specified.", - "x-synonyms": [ - "memoryId" - ] + "x-synonyms": ["memoryId"] } }, "additionalProperties": false @@ -2088,23 +1662,11 @@ "description": "Create a GitHub Check Run to report agent analysis results on a commit or pull request. Check Runs appear in the PR checks UI and on commits with a pass/fail status. Use this to surface structured analysis results as a first-class GitHub check. The check run name is configured in the workflow frontmatter and is NOT accepted as a parameter \u2014 do not pass name. When `safe-outputs.create-check-run.target` is configured, pull request targeting follows standard PR target rules. With `target: \"*\"`, include `pull_request_number` (or `pr_number`/`pr`/`pull_number`) in each call.", "inputSchema": { "type": "object", - "required": [ - "conclusion", - "title", - "summary" - ], + "required": ["conclusion", "title", "summary"], "properties": { "conclusion": { "type": "string", - "enum": [ - "success", - "failure", - "neutral", - "cancelled", - "skipped", - "timed_out", - "action_required" - ], + "enum": ["success", "failure", "neutral", "cancelled", "skipped", "timed_out", "action_required"], "description": "The final conclusion of the check run. Use \"success\" when the check passes, \"failure\" when issues are found that must be fixed, \"neutral\" for informational results with no required action." }, "title": { @@ -2120,50 +1682,33 @@ "description": "Optional detailed Markdown content shown in the check run details. Use this for longer output such as full analysis reports, line-by-line findings, or remediation steps. Maximum 65535 characters." }, "pull_request_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Pull request number to attach the check run to when the workflow uses `create-check-run: target: \"*\"` (or equivalent explicit PR targeting). This is the numeric ID from the GitHub URL (e.g., 876 in github.com/owner/repo/pull/876).", - "x-synonyms": [ - "pr_number", - "pr", - "pull_number" - ] + "x-synonyms": ["pr_number", "pr", "pull_number"] }, "pr_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Alias for pull_request_number. Prefer pull_request_number in new calls.", - "x-synonyms": [ - "prNumber" - ] + "x-synonyms": ["prNumber"] }, "pr": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Alias for pull_request_number. Prefer pull_request_number in new calls.", - "x-synonyms": [ - "pullRequest", - "pull" - ] + "x-synonyms": ["pullRequest", "pull"] }, "pull_number": { - "type": [ - "number", - "string" - ], + "type": ["number", "string"], "description": "Alias for pull_request_number. Prefer pull_request_number in new calls.", - "x-synonyms": [ - "pullNumber" - ] + "x-synonyms": ["pullNumber"] } }, "additionalProperties": false + }, + "x-safe-outputs-target-requirements": { + "*": { + "primary": "pull_request_number", + "anyOf": ["pull_request_number", "pr_number", "pr", "pull_number"] + } } } ] From f333d9e4db0d3be4d62bfd2774e087bc07f0f0ae Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 14:55:44 +0000 Subject: [PATCH 08/10] Document wildcard target requirements in safe-outputs specification Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../docs/specs/safe-outputs-specification.md | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/docs/src/content/docs/specs/safe-outputs-specification.md b/docs/src/content/docs/specs/safe-outputs-specification.md index 2fa4a8b4b27..2158d41c06b 100644 --- a/docs/src/content/docs/specs/safe-outputs-specification.md +++ b/docs/src/content/docs/specs/safe-outputs-specification.md @@ -1978,6 +1978,19 @@ When a safe-output MCP tool schema changes (new required field, removed field, r Schema-only updates without matching agent/runtime sync updates **MUST NOT** be considered conformant. +### 7.0.1 Wildcard Target Requirements Metadata + +Safe-outputs MCP tool schemas MAY declare `x-safe-outputs-target-requirements` in the tool JSON schema definition to define required runtime identifiers when workflow configuration uses wildcard targeting. + +When a safe-output type is configured with `target: "*"`, the MCP gateway MUST validate requests against `x-safe-outputs-target-requirements["*"]` before recording or executing intent. + +For `x-safe-outputs-target-requirements["*"]`: + +- `primary` SHALL identify the canonical target identifier field used in diagnostics and documentation; validation still requires at least one non-empty field listed in `anyOf`. +- `anyOf` SHALL enumerate accepted input field names; at least one listed field MUST be present with a non-empty value. +- If no listed `anyOf` field is present, the request MUST be rejected with an MCP validation error. +- When `target` is not `"*"`, implementations MUST follow each type's normal **Operational Semantics** context resolution behavior; this metadata MUST NOT add additional required runtime identifier fields. + ### 7.1 Core Issue Operations #### Type: create_issue @@ -2189,6 +2202,7 @@ safe-outputs: - Discussion-related safe outputs (`create-discussion`, `close-discussion`, `update-discussion`) independently add `discussions:write` permission when configured - Cross-repository commenting requires appropriate permissions in target repository - The `contents: read` permission is always included for repository context access +- When `safe-outputs.add-comment.target` is `"*"`, requests MUST include at least one of `item_number`, `pr_number`, or `pr`; `item_number` is the canonical field. --- @@ -2756,6 +2770,7 @@ This section provides complete definitions for all remaining safe output types. 2. **Context Resolution**: When `discussion_number` is omitted, resolves from the workflow trigger context. 3. **Cross-Repository**: When `target-repo` is configured, operates on that repository (must be in `allowed-repos`). 4. **GraphQL-Based**: Uses GitHub GraphQL API for discussion updates as the REST API does not support discussion modification. +5. **Wildcard Target Requirement**: When `safe-outputs.update-discussion.target` is `"*"`, requests MUST include `discussion_number`. **Configuration Parameters**: @@ -2884,6 +2899,7 @@ This section provides complete definitions for all remaining safe output types. - Only specified fields are updated; unspecified fields remain unchanged - Base branch changes are validated for safety +- When `safe-outputs.update-pull-request.target` is `"*"`, requests MUST include at least one of `pull_request_number`, `pr_number`, or `pr`; `pull_request_number` is the canonical field. --- @@ -2911,6 +2927,7 @@ This section provides complete definitions for all remaining safe output types. - Higher default max (10) enables bulk PR cleanup operations - Does NOT merge changes - use GitHub's merge functionality for that +- When `safe-outputs.close-pull-request.target` is `"*"`, requests MUST include `pull_request_number`. --- @@ -3049,6 +3066,7 @@ This section provides complete definitions for all remaining safe output types. - Enforces maximum patch size limit (default: 10 KB, range: 1–100 KB) - Validates changes don't exceed size limits before pushing - Base-branch resolution MUST NOT depend on interactive credential prompts; git operations issued by the handler MUST run with `GIT_TERMINAL_PROMPT=0` and an enforced timeout so credential-less environments fail fast rather than hanging +- When `safe-outputs.push-to-pull-request-branch.target` is `"*"`, requests MUST include `pull_request_number`. --- @@ -3076,6 +3094,7 @@ This section provides complete definitions for all remaining safe output types. - Comments buffered via PR review buffer for batch submission - Higher default max (10) enables comprehensive code review +- When `safe-outputs.create-pull-request-review-comment.target` is `"*"`, requests MUST include `pull_request_number`. --- @@ -3103,7 +3122,7 @@ This section provides complete definitions for all remaining safe output types. - Submits all buffered review comments from `create_pull_request_review_comment` - Review status affects PR merge requirements -- **Target**: `target` accepts `"triggering"` (default), `"*"` (use `pull_request_number` from message), or an explicit PR number (e.g. `${{ github.event.inputs.pr_number }}`). Required when the workflow is not triggered by a pull request (e.g. `workflow_dispatch`). +- **Target**: `target` accepts `"triggering"` (default), `"*"` (request MUST include `pull_request_number`), or an explicit PR number (e.g. `${{ github.event.inputs.pr_number }}`). Required when the workflow is not triggered by a pull request (e.g. `workflow_dispatch`). - **Cross-Repository**: `target-repo` specifies a repository in `owner/repo` format to submit reviews on PRs in another repo. Use `allowed-repos` to permit additional repositories. - Footer control: `footer` accepts `"always"` (default), `"none"`, or `"if-body"` (only when review body has text); boolean `true`/`false` maps to `"always"`/`"none"` @@ -3765,7 +3784,7 @@ safe-outputs: - The check run `name` is configured in workflow frontmatter, NOT accepted as an agent-provided parameter. Agents MUST NOT pass `name` in the tool call. - `conclusion` is required and MUST be one of: `success`, `failure`, `neutral`, `cancelled`, `skipped`, `timed_out`, `action_required`. - `title` and `summary` are required. Both may be supplied as static fallbacks in frontmatter (`output.title`, `output.summary`) when the agent does not produce them. -- `pull_request_number` (aliases: `pr_number`, `pr`, `pull_number`) is only meaningful when `target: "*"` is configured. +- When `target: "*"` is configured, requests MUST include at least one of `pull_request_number`, `pr_number`, `pr`, or `pull_number`; `pull_request_number` is the canonical field. - The `pull-requests: read` permission is automatically added to the compiled workflow only when `target` is configured; workflows without a `target` are not affected. **Example Frontmatter**: From 3edf762e81f329cbac252d6a87aa5f8045d18f9c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 15 Jun 2026 15:35:07 +0000 Subject: [PATCH 09/10] Copy safe_outputs_tools.json into safeoutputs setup destination Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/js/setup_sh_file_lists.test.cjs | 5 +++++ actions/setup/setup.sh | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/actions/setup/js/setup_sh_file_lists.test.cjs b/actions/setup/js/setup_sh_file_lists.test.cjs index 20271cc53f2..970582725f2 100644 --- a/actions/setup/js/setup_sh_file_lists.test.cjs +++ b/actions/setup/js/setup_sh_file_lists.test.cjs @@ -92,4 +92,9 @@ describe("setup.sh SAFE_OUTPUTS_FILES", () => { const missing = safeOutputsFiles.filter(f => !existsSync(resolve(__dirname, f))); expect(missing).toEqual([]); }); + + it("copies safe_outputs_tools.json to both safe_outputs_tools.json and tools.json", () => { + expect(setupShContent).toContain('cp "${JS_SOURCE_DIR}/safe_outputs_tools.json" "${SAFE_OUTPUTS_DEST}/safe_outputs_tools.json"'); + expect(setupShContent).toContain('cp "${JS_SOURCE_DIR}/safe_outputs_tools.json" "${SAFE_OUTPUTS_DEST}/tools.json"'); + }); }); diff --git a/actions/setup/setup.sh b/actions/setup/setup.sh index e13caa6fffa..b176581372c 100755 --- a/actions/setup/setup.sh +++ b/actions/setup/setup.sh @@ -374,8 +374,12 @@ else echo "::warning::Safe-outputs MCP entry point not found: safe-outputs-mcp-server.cjs" fi -# Copy safe_outputs_tools.json to tools.json (required by safe-outputs server) +# Copy safe_outputs_tools.json to both canonical and runtime names if [ -f "${JS_SOURCE_DIR}/safe_outputs_tools.json" ]; then + cp "${JS_SOURCE_DIR}/safe_outputs_tools.json" "${SAFE_OUTPUTS_DEST}/safe_outputs_tools.json" + debug_log "Copied safe-outputs tools definition: safe_outputs_tools.json" + SAFE_OUTPUTS_COUNT=$((SAFE_OUTPUTS_COUNT + 1)) + cp "${JS_SOURCE_DIR}/safe_outputs_tools.json" "${SAFE_OUTPUTS_DEST}/tools.json" debug_log "Copied safe-outputs tools definition: tools.json" SAFE_OUTPUTS_COUNT=$((SAFE_OUTPUTS_COUNT + 1)) From 3ad28b3a874834a784c7c0134cc95c9e4a579252 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 16 Jun 2026 14:28:54 +0000 Subject: [PATCH 10/10] Add changeset --- .changeset/patch-generalize-wildcard-target-validation.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/patch-generalize-wildcard-target-validation.md diff --git a/.changeset/patch-generalize-wildcard-target-validation.md b/.changeset/patch-generalize-wildcard-target-validation.md new file mode 100644 index 00000000000..8a97549e963 --- /dev/null +++ b/.changeset/patch-generalize-wildcard-target-validation.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Generalized wildcard-target safe-outputs validation so missing target identifiers fail immediately with tool-specific errors instead of deferring to apply time.