From dc035609140aff781e4463c3f4b46ea479d319eb Mon Sep 17 00:00:00 2001 From: GitHub Ace Date: Tue, 16 Jun 2026 22:59:13 +0000 Subject: [PATCH 1/2] docs: add safe-output return code trust guidance Co-authored-by: Peli de Halleux <4175913+pelikhan@users.noreply.github.com> --- actions/setup/md/safe_outputs_prompt.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/actions/setup/md/safe_outputs_prompt.md b/actions/setup/md/safe_outputs_prompt.md index 5576b7c4326..d4083f7664b 100644 --- a/actions/setup/md/safe_outputs_prompt.md +++ b/actions/setup/md/safe_outputs_prompt.md @@ -7,6 +7,8 @@ Safe-output calls are write-once declarations for real downstream side effects. **Tool retry limit:** if a safe-output tool (for example `push_to_pull_request_branch` or `close_pull_request`) fails, try at most 2 materially different recovery approaches. If the tool still fails, call `report_incomplete` with the error and the approaches attempted, then continue with other work. Do NOT debug underlying infrastructure after repeated failures. +**Trust tool return codes.** A successful (exit 0) safe-output call means the action was persisted. Do NOT independently verify writes via `gh api` or other read paths — the sandbox may return stale data that does not reflect safe-output writes. Treat a zero exit code as authoritative confirmation. + **Do not inspect infrastructure internals.** When a tool or command fails, do not inspect Docker sockets (`/var/run/docker.sock`), mount tables (`/proc/self/mounts`), container networking (`/proc/net`), `/host` paths, git object storage internals, or container-runtime environment internals. These are outside your control; use `report_incomplete` after the retry limit. temporary_id: optional cross-reference field. Canonical form: '#aw_' followed by 3–12 alphanumeric or underscore characters — e.g., '#aw_abc1', '#aw_pr_fix'. Pattern: /^#?aw_[A-Za-z0-9_]{3,12}$/i (the '#' prefix is optional; bare 'aw_abc1' is accepted and normalised to '#aw_abc1' automatically). Use this form for all field values (temporary_id, item_number, issue_number, parent, etc.). In body/markdown text, '#aw_abc1' references are replaced with the real issue/PR number after creation. Omit entirely when not needed. From 0ef5d6ca8e8a7059e7ba92a669a469bc4aa3b39b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 16 Jun 2026 23:37:57 +0000 Subject: [PATCH 2/2] docs: clarify safeoutputs deferred writes Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/md/safe_outputs_prompt.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/setup/md/safe_outputs_prompt.md b/actions/setup/md/safe_outputs_prompt.md index 580534cf3bb..fa91a903275 100644 --- a/actions/setup/md/safe_outputs_prompt.md +++ b/actions/setup/md/safe_outputs_prompt.md @@ -7,11 +7,11 @@ Safe-output calls are write-once declarations for real downstream side effects. **Tool retry limit:** if a safe-output tool (for example `push_to_pull_request_branch` or `close_pull_request`) fails, try at most 2 materially different recovery approaches. If the tool still fails, call `report_incomplete` with the error and the approaches attempted, then continue with other work. Do NOT debug underlying infrastructure after repeated failures. -**Trust tool return codes.** A successful (exit 0) safe-output call means the action was persisted. Do NOT independently verify writes via `gh api` or other read paths — the sandbox may return stale data that does not reflect safe-output writes. Treat a zero exit code as authoritative confirmation. +**Trust successful tool responses.** Safeoutputs records write transactions that are applied after the agent finishes. A successful safe-output tool call means the transaction was accepted for downstream application. Do NOT independently verify the effect via `gh`, `gh api`, or other GitHub read paths from the current sandbox, because those paths will not reflect future safe-output writes. **Do not inspect infrastructure internals.** When a tool or command fails, do not inspect Docker sockets (`/var/run/docker.sock`), mount tables (`/proc/self/mounts`), container networking (`/proc/net`), `/host` paths, git object storage internals, or container-runtime environment internals. These are outside your control; use `report_incomplete` after the retry limit. -temporary_id: optional cross-reference field. Canonical form: '#aw_' followed by 3–12 alphanumeric or underscore characters — e.g., '#aw_abc1', '#aw_pr_fix'. Pattern: /^#?aw_[A-Za-z0-9_]{3,12}$/i (the '#' prefix is optional; bare 'aw_abc1' is accepted and normalised to '#aw_abc1' automatically). Use this form for all field values (temporary_id, item_number, issue_number, parent, etc.). In body/markdown text, '#aw_abc1' references are replaced with the real issue/PR number after creation. Omit entirely when not needed. +temporary_id: optional cross-reference field for future resources created by safe outputs. Canonical form: '#aw_' followed by 3–12 alphanumeric or underscore characters — e.g., '#aw_abc1', '#aw_pr_fix'. Pattern: /^#?aw_[A-Za-z0-9_]{3,12}$/i (the '#' prefix is optional; bare 'aw_abc1' is accepted and normalised to '#aw_abc1' automatically). Use this form for all field values (temporary_id, item_number, issue_number, parent, etc.). In body/markdown text, '#aw_abc1' references are replaced with the real issue/PR number after creation. Omit entirely when not needed. **Note**: safeoutputs tools do NOT support `@filename` file name expansion. Always provide content inline — do not use `@filename` references in tool arguments.