`allowed-repos` does not work for `add-labels` and `close-issue` safe outputs (works for `add-comment`)

[benvillalobos]

🤖: Bug report submitted by AI

Summary

allowed-repos does not work for add-labels and close-issue safe outputs when imported via a shared workflow file. It works correctly for add-comment.

Additionally, allowed-repos as an inline field on add-labels or close-issue throws a compilation error, but the same field in a shared import file compiles without error — suggesting the compiler accepts it in imports but doesn't properly wire it through at runtime.

Reproduction

Setup

A shared import file at .github/workflows/shared/allowed-repos.md:

---
safe-outputs:
  close-issue:
    allowed-repos:
      - "microsoft/vscode"
  add-labels:
    allowed-repos:
      - "microsoft/vscode"
  add-comment:
    allowed-repos:
      - "microsoft/vscode"
  dispatch-workflow:
    workflows: [issue-hygiene, issue-validator, stale-triage]
    allowed-repos:
      - "microsoft/vscode"
---

A workflow that imports it:

---
imports:
  - shared/allowed-repos.md
safe-outputs:
  add-labels:
    target: "*"
    max: 1
  close-issue:
    target: "*"
    max: 1
  add-comment:
    target: "*"
    max: 1
---

Observed Behavior

1. add-comment with allowed-repos: Works correctly cross-repo ✅ (Note: have not yet confirmed the action is taken, but it does compile)
2. add-labels with allowed-repos: Does NOT work cross-repo ❌
3. close-issue with allowed-repos: Does NOT work cross-repo ❌

Inline vs Import Inconsistency

When allowed-repos is written inline on add-labels, the compiler rejects it:

error: Unknown property: allowed-repos. Valid fields are: allowed, github-token, max, target, target-repo

But when the same allowed-repos is in a shared import file, it compiles without error — yet doesn't function at runtime.

This suggests:

• The compiler's inline schema validation doesn't list allowed-repos as valid for add-labels / close-issue
• The shared import path bypasses this validation
• Either the field should be accepted inline too (and wired through), or the shared import should also reject it with an error instead of silently accepting and not working

Expected Behavior

allowed-repos should work consistently for all safe output types — either:

• Accept it for all safe outputs (inline and import) and wire it through at runtime, OR
• Reject it at compile time if not supported

Environment

• gh-aw version: v0.43.9
• Repository: benvillalobos/gh-aw-test

Related

• close_issue and add_labels safe output handlers do not support target-repo for cross-repository operations #15027 — close_issue and add_labels handler cross-repo fix (resolved, but allowed-repos path may not have been covered)
• remove_labels and assign_to_user safe output handlers do not support target-repo for cross-repository operations #15216 — remove_labels and assign_to_user handlers missing cross-repo support