Conversation
6 tasks
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/61095b45-8f1e-41bc-bef6-3bdbb726530c Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/61095b45-8f1e-41bc-bef6-3bdbb726530c Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add support for issue fields in create-issue safe output
Add May 8, 2026
fields support to create_issue safe output
Collaborator
|
@copilot must support allowed-fields to restrict the list of fields allowed to be modified (default *) |
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6f213357-991d-4068-98d1-1b552a9af2ac Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Collaborator
|
@copilot update smoke-copilot to set an issue type |
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6f213357-991d-4068-98d1-1b552a9af2ac Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6f213357-991d-4068-98d1-1b552a9af2ac Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Implemented in 8a55430. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
Agent-Logs-Url: https://github-U0 /usr/bin/git xterm-color gh /usr/bin/git git` (http block)
Agent-Logs-Url: REDACTED sh xterm-color infocmp e gh tion�� th .prettierignore --log-level=e!../../../pkg/workflow/js/**/*.json --jq bin/sh /ref/tags/v9 --package-lock-oapi sv git` (http block)
|
Copilot
AI
changed the title
Add
Add May 8, 2026
fields support to create_issue safe outputfields + allowed-fields support to create_issue safe output
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/f848b0bd-1983-4215-9b64-743ca330a99c Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
This reverts commit 901ddfd. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/f848b0bd-1983-4215-9b64-743ca330a99c Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Updated in 5ebf116. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
Agent-Logs-Url: REDACTED /debian-sa1 commit.gpgsign` (http block)
Ageremote ache/go/1.25.8/xremove /usr/bin/gh api rity1549585002/001 -f` (http block)
|
Copilot
AI
changed the title
Add
Add May 8, 2026
fields + allowed-fields support to create_issue safe outputfields + allowed-fields support to create_issue safe output and require issue type in smoke-copilot
Contributor
There was a problem hiding this comment.
Pull request overview
Extends the create_issue safe-output/tool to support setting GitHub Issue Fields after issue creation, adds an allowed-fields allowlist to restrict which fields can be modified, and updates the smoke workflow instructions to require setting an issue type on the created smoke issue.
Changes:
- Added optional
fields: [{name, value}]tocreate_issueschemas/types and implemented post-create field application via GraphQL. - Introduced workflow config
safe-outputs.create-issue.allowed-fieldsand propagated it through compiler/handler config, including runtime enforcement. - Updated smoke-copilot workflow guidance/lock to require
set_issue_typefor the created smoke issue.
Show a summary per file
| File | Description |
|---|---|
| schemas/agent-output.json | Adds fields to create_issue safe output schema. |
| pkg/workflow/tool_description_enhancer.go | Renames list formatter and adds allowed-fields constraint text to tool descriptions. |
| pkg/workflow/safe_outputs_validation_config.go | Allows fields key for create_issue in validation config. |
| pkg/workflow/js/safe_outputs_tools.json | Adds fields to JS tool schema for create_issue (workflow package). |
| pkg/workflow/create_issue.go | Adds AllowedFields to CreateIssuesConfig YAML config. |
| pkg/workflow/create_issue_handler_config_test.go | Verifies allowed_fields is included in generated handler config JSON. |
| pkg/workflow/compiler_safe_outputs_handlers.go | Propagates allowed_fields into handler config for create_issue. |
| pkg/parser/schemas/main_workflow_schema.json | Adds allowed-fields to the workflow schema under safe-outputs.create-issue. |
| docs/src/content/docs/reference/safe-outputs.md | Documents allowed-fields usage in safe-outputs config example. |
| docs/src/content/docs/reference/safe-outputs-specification.md | Updates create_issue spec to include fields and field validation semantics. |
| actions/setup/js/types/safe-outputs.d.ts | Adds fields typing to CreateIssueItem. |
| actions/setup/js/safe_outputs_tools.json | Adds fields to JS tool schema for create_issue (action setup). |
| actions/setup/js/create_issue.test.cjs | Adds tests for field application, unknown fields/options, and allowlist behavior. |
| actions/setup/js/create_issue.cjs | Implements normalization, allowlist enforcement, metadata fetch, and GraphQL field mutation application. |
| .github/workflows/smoke-copilot.md | Requires fixed temporary ID aw_smoke1 and makes set_issue_type required. |
| .github/workflows/smoke-copilot.lock.yml | Reflects updated validation config including fields for create_issue. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 15/16 changed files
- Comments generated: 3
Comment on lines
+52
to
54
| if len(config.AllowedFields) > 0 { | ||
| constraints = append(constraints, fmt.Sprintf("Only these issue fields are allowed: %s.", formatStringList(config.AllowedFields))) | ||
| } |
Contributor
There was a problem hiding this comment.
Great catch! Treating * as an explicit wildcard rather than the default makes the semantic clear. Showing 'Any issue field is allowed' when AllowedFields is ["*"] would make the tool description much more readable. 👍
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · ● 11.3M
| TitlePrefix string `yaml:"title-prefix,omitempty"` | ||
| Labels []string `yaml:"labels,omitempty"` | ||
| AllowedLabels []string `yaml:"allowed-labels,omitempty"` // Optional list of allowed labels. If omitted, any labels are allowed (including creating new ones). | ||
| AllowedFields []string `yaml:"allowed-fields,omitempty"` // Optional list of allowed issue field names. If omitted (default '*'), any issue fields are allowed. |
| }, | ||
| "allowed-fields": { | ||
| "type": "array", | ||
| "description": "Optional list of issue field names that can be modified by create-issue field updates. If omitted (default '*'), any issue field may be set.", |
Collaborator
|
@copilot review all comments |
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/05805e30-cf1b-4713-8c7e-1adbe459988a Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Reviewed and addressed the pending review comments in 83b246e: wildcard Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Contributor
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Contributor
|
💫 TO BE CONTINUED... Smoke Claude failed to deliver outputs! Our hero faces unexpected challenges... |
Contributor
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
Contributor
|
|
Contributor
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
Contributor
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
Contributor
|
Smoke Codex 25548595727: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Contributor
|
🤖 Beep boop! The smoke test agent was here! 🚀 Just popping in to say: all systems GO! The agentic workflows machinery is humming along beautifully. If code could smile, it would be grinning ear to ear right now. ✨ Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Contributor
|
🎉 The smoke test has landed! 🎉\n\nAll 14 of 15 tests passed! 🚀 Your gh-aw agentic workflows are in tip-top shape. I'm the Copilot smoke test bot, and I approve this repository! ��✨\n\nP.S. The one test that didn't pass was Comment Memory (no files found at /tmp/gh-aw/comment-memory/) — even robots have off days! 😅 Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Reviewed the fields/allowed-fields additions for create_issue. The feature looks well-structured. Two minor documentation/logic clarifications noted inline.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · ● 11.3M
| } else { | ||
| constraints = append(constraints, fmt.Sprintf("Only these issue fields are allowed: %s.", formatStringList(config.AllowedFields))) | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
The AllowedFields constraint message prints even when the value contains only a wildcard '*'. Consider skipping or replacing the constraint message with 'Any issue field is allowed' in that case to avoid misleading output.
| TitlePrefix string `yaml:"title-prefix,omitempty"` | ||
| Labels []string `yaml:"labels,omitempty"` | ||
| AllowedLabels []string `yaml:"allowed-labels,omitempty"` // Optional list of allowed labels. If omitted, any labels are allowed (including creating new ones). | ||
| AllowedFields []string `yaml:"allowed-fields,omitempty"` // Optional list of allowed issue field names. If omitted or empty, any issue fields are allowed. Use ["*"] to explicitly allow all. |
Contributor
There was a problem hiding this comment.
The struct comment says 'If omitted (default )' but the actual behavior treats omission as unrestricted (no literal default ''). Updating the comment to 'If omitted or empty, any issue fields are allowed' would match the implementation.
Contributor
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
Contributor
|
💥 Smoke Test 25548595703 — Claude Engine
Overall: PARTIAL (close PR skipped — no safe test PR) Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Contributor
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal! This review validates PR review safe outputs for smoke test run 25548595703.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · ● 331.9K
| TitlePrefix string `yaml:"title-prefix,omitempty"` | ||
| Labels []string `yaml:"labels,omitempty"` | ||
| AllowedLabels []string `yaml:"allowed-labels,omitempty"` // Optional list of allowed labels. If omitted, any labels are allowed (including creating new ones). | ||
| AllowedFields []string `yaml:"allowed-fields,omitempty"` // Optional list of allowed issue field names. If omitted or empty, any issue fields are allowed. Use ["*"] to explicitly allow all. |
Contributor
There was a problem hiding this comment.
💡 Consider adding a brief validation note in the struct comment — the existing AllowedLabels comment says "If omitted, any labels are allowed" which matches the runtime behavior. The new AllowedFields comment could similarly state "Use ['*'] to explicitly allow all" to make the wildcard behavior more discoverable at the type definition level.
| } else { | ||
| constraints = append(constraints, fmt.Sprintf("Only these issue fields are allowed: %s.", formatStringList(config.AllowedFields))) | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
✅ Great pattern — checking slices.Contains(config.AllowedFields, "*") before emitting the constraint message correctly handles the wildcard case. One small nit: the constraint message "Any issue field is allowed" could include a parenthetical like "(wildcard)" to make it clearer in tool descriptions that this is intentionally permissive, e.g. "Any issue field is allowed (wildcard \"*\")."
This was referenced May 8, 2026
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue fields (custom issue metadata such as iteration, single-select, date, number) were not supported by
create_issue, so safe outputs could create issues but not set field values. This change extendscreate_issueto accept and apply optional issue fields with actionable validation errors, adds anallowed-fieldsrestriction to control which fields may be modified, and updates smoke-copilot to explicitly require setting an issue type on its created smoke issue.create_issuenow acceptsfieldsfieldspayload to safe output/tool/type schemas.{ name, value }, wherevalueisstring | number.Post-create field application in handler
TEXT→textValueNUMBER→numberValueDATE→dateValue(YYYY-MM-DD)SINGLE_SELECT/ITERATION→ option/iteration IDsetIssueFieldValue.allowed-fieldssupport (default unrestricted)safe-outputs.create-issue.allowed-fieldsto workflow config/schema.allowed_fieldsto the create_issue handler config.fields[].namemust be inallowed-fields.*/ omitted).Actionable validation/error paths
fieldspayloads early.allowed-fieldsis configured.Schema and contract updates
actions/setup/js/safe_outputs_tools.jsonpkg/workflow/js/safe_outputs_tools.jsonschemas/agent-output.jsonactions/setup/js/types/safe-outputs.d.tspkg/workflow/safe_outputs_validation_config.gopkg/parser/schemas/main_workflow_schema.jsonSmoke workflow update (
smoke-copilot).github/workflows/smoke-copilot.mdoutput instructions to require using temporary IDaw_smoke1for the created smoke issue.set_issue_typestep as required (issue_type: "Bug") for that issue..github/workflows/smoke-copilot.lock.ymlto reflect the updated prompt.Focused coverage additions
create_issuetests for:allowed-fieldsis set,allowed-fields: ["*"].allowed_fieldspropagation.{ "type": "create_issue", "title": "Triage regression", "body": "Investigate impact and mitigation.", "fields": [ { "name": "Priority", "value": "High" }, { "name": "Iteration", "value": "Sprint 12" }, { "name": "Start date", "value": "2026-05-08" }, { "name": "Estimate", "value": 3 } ] }> [!WARNING]
>
>
✨ PR Review Safe Output Test - Run 25548595703
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.