Skip to content

[plan] Update safe-outputs schema $comment to include missing operations #17459

New issue
New issue
Closed
#17461
Closed
[plan] Update safe-outputs schema $comment to include missing operations#17459
#17461
Assignees
pelikhancopilot-swe-agent
Labels
ai-generatedcookieIssue Monster Loves Cookies!plan
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 21, 2026

Objective

Update the $comment field in pkg/parser/schemas/main_workflow_schema.json for the safe-outputs property to include four operations that are fully implemented in Go and documented but are missing from the $comment string.

Context

Discussion #17442 identified that the $comment field for safe-outputs is incomplete. Four operations are fully defined in the schema, implemented in Go, and documented, but are not listed in the $comment.

Missing Operations

The following four operations need to be added to the $comment in pkg/parser/schemas/main_workflow_schema.json at line 3923, within the safe-outputs object:

  1. assign-to-user
  2. unassign-from-user
  3. create-project
  4. missing-data

File to Modify

  • File: pkg/parser/schemas/main_workflow_schema.json
  • Line: ~3923 (the $comment field under "safe-outputs")

Current $comment Value

"Required if workflow creates or modifies GitHub resources. Operations requiring safe-outputs: autofix-code-scanning-alert, add-comment, add-labels, add-reviewer, assign-milestone, assign-to-agent, close-discussion, close-issue, close-pull-request, create-agent-session, create-agent-task (deprecated, use create-agent-session), create-code-scanning-alert, create-discussion, create-issue, create-project-status-update, create-pull-request, create-pull-request-review-comment, dispatch-workflow, hide-comment, link-sub-issue, mark-pull-request-as-ready-for-review, missing-tool, noop, push-to-pull-request-branch, remove-labels, reply-to-pull-request-review-comment, resolve-pull-request-review-thread, submit-pull-request-review, threat-detection, update-discussion, update-issue, update-project, update-pull-request, update-release, upload-asset. See documentation for complete details."

Expected Change

Add the four missing operations into the alphabetically-appropriate positions in the comma-separated list:

  • assign-to-user → after assign-to-agent
  • create-project → after create-issue (or near create-project-status-update)
  • missing-data → after mark-pull-request-as-ready-for-review (before missing-tool)
  • unassign-from-user → after update-release / upload-asset or alphabetically near update-*

Steps

  1. Open pkg/parser/schemas/main_workflow_schema.json
  2. Locate the "safe-outputs" object (around line 3921)
  3. Update the $comment string to include all four missing operations in the operations list
  4. Run make build to rebuild the binary (schema is embedded via //go:embed)
  5. Run make agent-finish to validate

Acceptance Criteria

  • All four operations (assign-to-user, unassign-from-user, create-project, missing-data) are present in the $comment field
  • The list remains alphabetically ordered or logically grouped
  • make build succeeds
  • make agent-finish passes

Generated by Plan Command for issue #discussion #17442

  • expires on Feb 23, 2026, 12:10 PM UTC

Metadata

Metadata

Assignees

Labels

ai-generatedcookieIssue Monster Loves Cookies!plan

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions