From 2e9855ffce90b3723a76ce94f8186825b7582190 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 23 Jan 2026 01:44:33 +0000 Subject: [PATCH 01/10] Initial plan From 5cb2f90fdb4c5478aef69e9ee87cc7f62420cff0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 23 Jan 2026 01:49:52 +0000 Subject: [PATCH 02/10] Initial exploration: reviewed remove-label feature implementation Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../templates/upgrade-agentic-workflows.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/pkg/cli/templates/upgrade-agentic-workflows.md b/pkg/cli/templates/upgrade-agentic-workflows.md index b05cb67671..b278e47797 100644 --- a/pkg/cli/templates/upgrade-agentic-workflows.md +++ b/pkg/cli/templates/upgrade-agentic-workflows.md @@ -23,15 +23,16 @@ Read the ENTIRE content of this file carefully before proceeding. Follow the ins - `compile` → compile all workflows - `compile ` → compile a specific workflow -:::note[Command Execution] -When running in GitHub Copilot Cloud, you don't have direct access to `gh aw` CLI commands. Instead, use the **agentic-workflows** MCP tool: -- `fix` tool → apply automatic codemods to fix deprecated fields -- `compile` tool → compile workflows - -When running in other environments with `gh aw` CLI access, prefix commands with `gh aw` (e.g., `gh aw compile`). - -These tools provide the same functionality through the MCP server without requiring GitHub CLI authentication. -::: +> [!NOTE] +> **Command Execution** +> +> When running in GitHub Copilot Cloud, you don't have direct access to `gh aw` CLI commands. Instead, use the **agentic-workflows** MCP tool: +> - `fix` tool → apply automatic codemods to fix deprecated fields +> - `compile` tool → compile workflows +> +> When running in other environments with `gh aw` CLI access, prefix commands with `gh aw` (e.g., `gh aw compile`). +> +> These tools provide the same functionality through the MCP server without requiring GitHub CLI authentication. ## Instructions From 43af63f0eef66323e3b8a4c10fa4fea2be72c75e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 23 Jan 2026 01:53:20 +0000 Subject: [PATCH 03/10] Complete comprehensive review of remove-label feature Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- specs/artifacts.md | 57 +++++++--------------------------------------- 1 file changed, 8 insertions(+), 49 deletions(-) diff --git a/specs/artifacts.md b/specs/artifacts.md index f6dd95ef77..0f2beaa3f7 100644 --- a/specs/artifacts.md +++ b/specs/artifacts.md @@ -27,7 +27,7 @@ This section provides an overview of artifacts organized by job name, with dupli - **Used in**: 71 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, codex-github-remote-mcp-test.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, example-custom-error-patterns.md, example-permissions-warning.md, firewall.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, metrics-collector.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md - `agent-output` - **Paths**: `${{ env.GH_AW_AGENT_OUTPUT }}` - - **Used in**: 66 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md + - **Used in**: 65 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md - `agent_outputs` - **Paths**: `/tmp/gh-aw/mcp-config/logs/`, `/tmp/gh-aw/redacted-urls.log`, `/tmp/gh-aw/sandbox/agent/logs/` - **Used in**: 60 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, code-scanning-fixer.md, codex-github-remote-mcp-test.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, example-custom-error-patterns.md, example-permissions-warning.md, firewall.md, glossary-maintainer.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, metrics-collector.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, tidy.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md @@ -54,7 +54,7 @@ This section provides an overview of artifacts organized by job name, with dupli - **Used in**: 8 workflow(s) - agent-performance-analyzer.md, copilot-pr-nlp-analysis.md, daily-copilot-token-report.md, daily-news.md, deep-report.md, metrics-collector.md, security-compliance.md, workflow-health-manager.md - `safe-output` - **Paths**: `${{ env.GH_AW_SAFE_OUTPUTS }}` - - **Used in**: 66 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md + - **Used in**: 65 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md - `safe-outputs-assets` - **Paths**: `/tmp/gh-aw/safeoutputs/assets/` - **Used in**: 12 workflow(s) - copilot-pr-nlp-analysis.md, daily-copilot-token-report.md, daily-issues-report.md, daily-news.md, daily-repo-chronicle.md, deep-report.md, github-mcp-structural-analysis.md, poem-bot.md, python-data-charts.md, stale-repo-identifier.md, technical-doc-writer.md, weekly-issue-summary.md @@ -77,7 +77,7 @@ This section provides an overview of artifacts organized by job name, with dupli - `agent-output` - **Download paths**: `/tmp/gh-aw/safeoutputs/` - - **Used in**: 66 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md + - **Used in**: 65 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md ### Job: `detection` @@ -85,16 +85,16 @@ This section provides an overview of artifacts organized by job name, with dupli - `threat-detection.log` - **Paths**: `/tmp/gh-aw/threat-detection/detection.log` - - **Used in**: 65 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md + - **Used in**: 64 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md **Artifacts Downloaded:** - `agent-artifacts` - **Download paths**: `/tmp/gh-aw/threat-detection/` - - **Used in**: 65 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md + - **Used in**: 64 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md - `agent-output` - **Download paths**: `/tmp/gh-aw/threat-detection/` - - **Used in**: 65 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md + - **Used in**: 64 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md ### Job: `notion_add_comment` @@ -132,7 +132,7 @@ This section provides an overview of artifacts organized by job name, with dupli - **Used in**: 16 workflow(s) - changeset.md, ci-coach.md, cloclo.md, code-scanning-fixer.md, craft.md, dictation-prompt.md, glossary-maintainer.md, hourly-ci-cleaner.md, layout-spec-maintainer.md, mergefest.md, poem-bot.md, q.md, slide-deck-maintainer.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md - `agent-output` - **Download paths**: `/tmp/gh-aw/safeoutputs/` - - **Used in**: 66 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dev.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md + - **Used in**: 65 workflow(s) - agent-performance-analyzer.md, agent-persona-explorer.md, agentic-campaign-generator.md, ai-moderator.md, archie.md, brave.md, breaking-change-checker.md, changeset.md, ci-coach.md, ci-doctor.md, cli-consistency-checker.md, cloclo.md, code-scanning-fixer.md, commit-changes-analyzer.md, copilot-pr-merged-report.md, copilot-pr-nlp-analysis.md, craft.md, daily-choice-test.md, daily-copilot-token-report.md, daily-fact.md, daily-file-diet.md, daily-issues-report.md, daily-news.md, daily-observability-report.md, daily-repo-chronicle.md, daily-team-status.md, deep-report.md, dependabot-go-checker.md, dev-hawk.md, dictation-prompt.md, github-mcp-structural-analysis.md, glossary-maintainer.md, go-fan.md, go-pattern-detector.md, grumpy-reviewer.md, hourly-ci-cleaner.md, issue-classifier.md, issue-triage-agent.md, layout-spec-maintainer.md, mergefest.md, notion-issue-summary.md, pdf-summary.md, plan.md, poem-bot.md, pr-nitpick-reviewer.md, python-data-charts.md, q.md, release.md, repo-audit-analyzer.md, repository-quality-improver.md, research.md, scout.md, security-compliance.md, security-review.md, slide-deck-maintainer.md, stale-repo-identifier.md, super-linter.md, technical-doc-writer.md, test-create-pr-error-handling.md, tidy.md, typist.md, video-analyzer.md, weekly-issue-summary.md, workflow-generator.md, workflow-health-manager.md ### Job: `super_linter` @@ -2312,14 +2312,6 @@ This section provides an overview of artifacts organized by job name, with dupli **Uploads:** -- **Artifact**: `safe-output` - - **Upload paths**: - - `${{ env.GH_AW_SAFE_OUTPUTS }}` - -- **Artifact**: `agent-output` - - **Upload paths**: - - `${{ env.GH_AW_AGENT_OUTPUT }}` - - **Artifact**: `agent_outputs` - **Upload paths**: - `/tmp/gh-aw/sandbox/agent/logs/` @@ -2330,42 +2322,9 @@ This section provides an overview of artifacts organized by job name, with dupli - `/tmp/gh-aw/aw-prompts/prompt.txt` - `/tmp/gh-aw/aw_info.json` - `/tmp/gh-aw/mcp-logs/` + - `/tmp/gh-aw/sandbox/firewall/logs/` - `/tmp/gh-aw/agent-stdio.log` -#### Job: `conclusion` - -**Downloads:** - -- **Artifact**: `agent-output` (by name) - - **Download path**: `/tmp/gh-aw/safeoutputs/` - - **Depends on jobs**: [activation agent detection safe_outputs] - -#### Job: `detection` - -**Uploads:** - -- **Artifact**: `threat-detection.log` - - **Upload paths**: - - `/tmp/gh-aw/threat-detection/detection.log` - -**Downloads:** - -- **Artifact**: `agent-artifacts` (by name) - - **Download path**: `/tmp/gh-aw/threat-detection/` - - **Depends on jobs**: [agent] - -- **Artifact**: `agent-output` (by name) - - **Download path**: `/tmp/gh-aw/threat-detection/` - - **Depends on jobs**: [agent] - -#### Job: `safe_outputs` - -**Downloads:** - -- **Artifact**: `agent-output` (by name) - - **Download path**: `/tmp/gh-aw/safeoutputs/` - - **Depends on jobs**: [agent detection] - ### dictation-prompt.md #### Job: `agent` From f6b40f813cb32d986b7a0a6c348d47809a935d08 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 23 Jan 2026 01:54:14 +0000 Subject: [PATCH 04/10] docs: Add remove-labels safe output documentation - Add comprehensive documentation section for remove-labels - Include configuration options and examples - Add to table of contents in Labels, Assignments & Reviews - Show integration with add-labels for label lifecycle - Document allowed field behavior and target options Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../content/docs/reference/safe-outputs.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/docs/src/content/docs/reference/safe-outputs.md b/docs/src/content/docs/reference/safe-outputs.md index b6d963231b..47a0c0f1ed 100644 --- a/docs/src/content/docs/reference/safe-outputs.md +++ b/docs/src/content/docs/reference/safe-outputs.md @@ -47,6 +47,7 @@ The agent requests issue creation; a separate job with `issues: write` creates i - [**Add Comment**](#comment-creation-add-comment) (`add-comment`) — Post comments on issues, PRs, or discussions (max: 1) - [**Hide Comment**](#hide-comment-hide-comment) (`hide-comment`) — Hide comments on issues, PRs, or discussions (max: 5) - [**Add Labels**](#add-labels-add-labels) (`add-labels`) — Add labels to issues or PRs (max: 3) +- [**Remove Labels**](#remove-labels-remove-labels) (`remove-labels`) — Remove labels from issues or PRs (max: 3) - [**Add Reviewer**](#add-reviewer-add-reviewer) (`add-reviewer`) — Add reviewers to pull requests (max: 3) - [**Assign Milestone**](#assign-milestone-assign-milestone) (`assign-milestone`) — Assign issues to milestones (max: 1) - [**Assign to Agent**](#assign-to-agent-assign-to-agent) (`assign-to-agent`) — Assign Copilot agents to issues or PRs (max: 1) @@ -211,6 +212,33 @@ safe-outputs: target-repo: "owner/repo" # cross-repository ``` +### Remove Labels (`remove-labels:`) + +Removes labels from issues or PRs. Specify `allowed` to restrict which labels can be removed. If a label is not present on the item, it will be silently skipped. + +```yaml wrap +safe-outputs: + remove-labels: + allowed: [automated, stale] # restrict to specific labels (optional) + max: 3 # max operations (default: 3) + target: "*" # "triggering" (default), "*", or number + target-repo: "owner/repo" # cross-repository +``` + +**Target**: `"triggering"` (requires issue/PR event), `"*"` (any issue/PR), or number (specific issue/PR). + +When `allowed` is omitted or set to `null`, any labels can be removed. Use `allowed` to restrict removal to specific labels only, providing control over which labels agents can manipulate. + +**Example use case**: Label lifecycle management where agents add temporary labels during triage and remove them once processed. + +```yaml wrap +safe-outputs: + add-labels: + allowed: [needs-triage, automation] + remove-labels: + allowed: [needs-triage] # agents can remove triage label after processing +``` + ### Add Reviewer (`add-reviewer:`) Adds reviewers to pull requests. Specify `reviewers` to restrict to specific GitHub usernames. From b87c400c5739587bd4038c0f63078a75307436a0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 23 Jan 2026 02:00:27 +0000 Subject: [PATCH 05/10] Add changeset [skip-ci] --- .changeset/patch-docs-remove-labels-safe-output.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/patch-docs-remove-labels-safe-output.md diff --git a/.changeset/patch-docs-remove-labels-safe-output.md b/.changeset/patch-docs-remove-labels-safe-output.md new file mode 100644 index 0000000000..44480bc5db --- /dev/null +++ b/.changeset/patch-docs-remove-labels-safe-output.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Document the `remove-labels` safe output type and add examples and a table-of-contents entry. From a54960a766ffcd1abf1878e54df392b45fdc0c36 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Thu, 22 Jan 2026 18:26:45 -0800 Subject: [PATCH 06/10] Fix smoke test workflows not removing `smoke` label (#11429) --- .github/workflows/smoke-codex.lock.yml | 4 +++- .github/workflows/smoke-codex.md | 4 +++- .github/workflows/smoke-copilot.lock.yml | 4 ++-- .github/workflows/smoke-copilot.md | 4 ++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index a3c8f2f16e..1347ff9a40 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1047,7 +1047,9 @@ jobs: - ✅ or ❌ for each test result - Overall status: PASS or FAIL - If all tests pass, add the label `smoke-codex` to the pull request. + If all tests pass: + - Use the `add_labels` safe-output tool to add the label `smoke-codex` to the pull request + - Use the `remove_labels` safe-output tool to remove the label `smoke` from the pull request PROMPT_EOF - name: Substitute placeholders diff --git a/.github/workflows/smoke-codex.md b/.github/workflows/smoke-codex.md index b6c21ab088..2a48c21da4 100644 --- a/.github/workflows/smoke-codex.md +++ b/.github/workflows/smoke-codex.md @@ -81,4 +81,6 @@ Add a **very brief** comment (max 5-10 lines) to the current pull request with: - ✅ or ❌ for each test result - Overall status: PASS or FAIL -If all tests pass, add the label `smoke-codex` to the pull request. +If all tests pass: +- Use the `add_labels` safe-output tool to add the label `smoke-codex` to the pull request +- Use the `remove_labels` safe-output tool to remove the label `smoke` from the pull request diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 69356f38d0..21b5868d02 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -966,8 +966,8 @@ jobs: - Mention the pull request author and any assignees If all tests pass: - - Add the label `smoke-copilot` to the pull request - - Remove the label `smoke` from the pull request + - Use the `add_labels` safe-output tool to add the label `smoke-copilot` to the pull request + - Use the `remove_labels` safe-output tool to remove the label `smoke` from the pull request PROMPT_EOF - name: Substitute placeholders diff --git a/.github/workflows/smoke-copilot.md b/.github/workflows/smoke-copilot.md index 07a2d35b82..34b82c9d6f 100644 --- a/.github/workflows/smoke-copilot.md +++ b/.github/workflows/smoke-copilot.md @@ -95,5 +95,5 @@ strict: true - Mention the pull request author and any assignees If all tests pass: -- Add the label `smoke-copilot` to the pull request -- Remove the label `smoke` from the pull request +- Use the `add_labels` safe-output tool to add the label `smoke-copilot` to the pull request +- Use the `remove_labels` safe-output tool to remove the label `smoke` from the pull request From 69175022387ec48b5782e6ad77bd285ed7b13b90 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 23 Jan 2026 02:36:25 +0000 Subject: [PATCH 07/10] Merge main and recompile workflows - Merged main branch into feature branch - Resolved conflicts in smoke-codex workflow - Recompiled all workflows (137 out of 138 compiled successfully) - Updated smoke-codex.lock.yml with discussion interaction and remove-labels functionality Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/smoke-codex.lock.yml | 411 ++++++++++++++++++++++++- 1 file changed, 407 insertions(+), 4 deletions(-) diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 1347ff9a40..fc223cbaa5 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -24,6 +24,7 @@ # Resolved workflow manifest: # Imports: # - shared/gh.md +# - shared/github-queries-safe-input.md # - shared/mcp/tavily.md # - shared/reporting.md @@ -102,6 +103,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + discussions: read issues: read pull-requests: read env: @@ -208,7 +210,7 @@ jobs: mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs cat > /opt/gh-aw/safeoutputs/config.json << 'EOF' - {"add_comment":{"max":1},"add_labels":{"allowed":["smoke-codex"],"max":3},"create_issue":{"max":1},"hide_comment":{"max":5},"missing_data":{},"missing_tool":{},"noop":{"max":1},"remove_labels":{"allowed":["smoke"],"max":3}} + {"add_comment":{"max":2},"add_labels":{"allowed":["smoke-codex"],"max":3},"create_issue":{"max":1},"hide_comment":{"max":5},"missing_data":{},"missing_tool":{},"noop":{"max":1},"remove_labels":{"allowed":["smoke"],"max":3}} EOF cat > /opt/gh-aw/safeoutputs/tools.json << 'EOF' [ @@ -253,7 +255,7 @@ jobs: "name": "create_issue" }, { - "description": "Add a comment to an existing GitHub issue, pull request, or discussion. Use this to provide feedback, answer questions, or add information to an existing conversation. For creating new items, use create_issue, create_discussion, or create_pull_request instead. CONSTRAINTS: Maximum 1 comment(s) can be added.", + "description": "Add a comment to an existing GitHub issue, pull request, or discussion. Use this to provide feedback, answer questions, or add information to an existing conversation. For creating new items, use create_issue, create_discussion, or create_pull_request instead. CONSTRAINTS: Maximum 2 comment(s) can be added.", "inputSchema": { "additionalProperties": false, "properties": { @@ -559,6 +561,92 @@ jobs: "GH_DEBUG": "GH_DEBUG" }, "timeout": 60 + }, + { + "name": "github-discussion-query", + "description": "Query GitHub discussions with jq filtering support. Without --jq, returns schema and data size info. Use --jq '.' to get all data, or specific jq expressions to filter.", + "inputSchema": { + "properties": { + "jq": { + "description": "jq filter expression to apply to output. If not provided, returns schema info instead of full data.", + "type": "string" + }, + "limit": { + "description": "Maximum number of discussions to fetch (default: 30)", + "type": "number" + }, + "repo": { + "description": "Repository in owner/repo format (defaults to current repository)", + "type": "string" + } + }, + "type": "object" + }, + "handler": "github-discussion-query.sh", + "env": { + "GH_TOKEN": "GH_TOKEN" + }, + "timeout": 60 + }, + { + "name": "github-issue-query", + "description": "Query GitHub issues with jq filtering support. Without --jq, returns schema and data size info. Use --jq '.' to get all data, or specific jq expressions to filter.", + "inputSchema": { + "properties": { + "jq": { + "description": "jq filter expression to apply to output. If not provided, returns schema info instead of full data.", + "type": "string" + }, + "limit": { + "description": "Maximum number of issues to fetch (default: 30)", + "type": "number" + }, + "repo": { + "description": "Repository in owner/repo format (defaults to current repository)", + "type": "string" + }, + "state": { + "description": "Issue state: open, closed, all (default: open)", + "type": "string" + } + }, + "type": "object" + }, + "handler": "github-issue-query.sh", + "env": { + "GH_TOKEN": "GH_TOKEN" + }, + "timeout": 60 + }, + { + "name": "github-pr-query", + "description": "Query GitHub pull requests with jq filtering support. Without --jq, returns schema and data size info. Use --jq '.' to get all data, or specific jq expressions to filter.", + "inputSchema": { + "properties": { + "jq": { + "description": "jq filter expression to apply to output. If not provided, returns schema info instead of full data.", + "type": "string" + }, + "limit": { + "description": "Maximum number of PRs to fetch (default: 30)", + "type": "number" + }, + "repo": { + "description": "Repository in owner/repo format (defaults to current repository)", + "type": "string" + }, + "state": { + "description": "PR state: open, closed, merged, all (default: open)", + "type": "string" + } + }, + "type": "object" + }, + "handler": "github-pr-query.sh", + "env": { + "GH_TOKEN": "GH_TOKEN" + }, + "timeout": 60 } ] } @@ -595,6 +683,311 @@ jobs: EOFSH_gh chmod +x /opt/gh-aw/safe-inputs/gh.sh + cat > /opt/gh-aw/safe-inputs/github-discussion-query.sh << 'EOFSH_github-discussion-query' + #!/bin/bash + # Auto-generated safe-input tool: github-discussion-query + # Query GitHub discussions with jq filtering support. Without --jq, returns schema and data size info. Use --jq '.' to get all data, or specific jq expressions to filter. + + set -euo pipefail + + set -e + + # Default values + REPO="${INPUT_REPO:-}" + LIMIT="${INPUT_LIMIT:-30}" + JQ_FILTER="${INPUT_JQ:-}" + + # Parse repository owner and name + if [[ -n "$REPO" ]]; then + OWNER=$(echo "$REPO" | cut -d'/' -f1) + NAME=$(echo "$REPO" | cut -d'/' -f2) + else + # Get current repository from GitHub context + OWNER="${GITHUB_REPOSITORY_OWNER:-}" + NAME=$(echo "${GITHUB_REPOSITORY:-}" | cut -d'/' -f2) + fi + + # Validate owner and name + if [[ -z "$OWNER" || -z "$NAME" ]]; then + echo "Error: Could not determine repository owner and name" >&2 + exit 1 + fi + + # Build GraphQL query for discussions + GRAPHQL_QUERY=$(cat < /opt/gh-aw/safe-inputs/github-issue-query.sh << 'EOFSH_github-issue-query' + #!/bin/bash + # Auto-generated safe-input tool: github-issue-query + # Query GitHub issues with jq filtering support. Without --jq, returns schema and data size info. Use --jq '.' to get all data, or specific jq expressions to filter. + + set -euo pipefail + + set -e + + # Default values + REPO="${INPUT_REPO:-}" + STATE="${INPUT_STATE:-open}" + LIMIT="${INPUT_LIMIT:-30}" + JQ_FILTER="${INPUT_JQ:-}" + + # JSON fields to fetch + JSON_FIELDS="number,title,state,author,createdAt,updatedAt,closedAt,body,labels,assignees,comments,milestone,url" + + # Build and execute gh command + if [[ -n "$REPO" ]]; then + OUTPUT=$(gh issue list --state "$STATE" --limit "$LIMIT" --json "$JSON_FIELDS" --repo "$REPO") + else + OUTPUT=$(gh issue list --state "$STATE" --limit "$LIMIT" --json "$JSON_FIELDS") + fi + + # Apply jq filter if specified + if [[ -n "$JQ_FILTER" ]]; then + jq "$JQ_FILTER" <<< "$OUTPUT" + else + # Return schema and size instead of full data + ITEM_COUNT=$(jq 'length' <<< "$OUTPUT") + DATA_SIZE=${#OUTPUT} + + # Validate values are numeric + if ! [[ "$ITEM_COUNT" =~ ^[0-9]+$ ]]; then + ITEM_COUNT=0 + fi + if ! [[ "$DATA_SIZE" =~ ^[0-9]+$ ]]; then + DATA_SIZE=0 + fi + + cat << EOF + { + "message": "No --jq filter provided. Use --jq to filter and retrieve data.", + "item_count": $ITEM_COUNT, + "data_size_bytes": $DATA_SIZE, + "schema": { + "type": "array", + "description": "Array of issue objects", + "item_fields": { + "number": "integer - Issue number", + "title": "string - Issue title", + "state": "string - Issue state (OPEN, CLOSED)", + "author": "object - Author info with login field", + "createdAt": "string - ISO timestamp of creation", + "updatedAt": "string - ISO timestamp of last update", + "closedAt": "string|null - ISO timestamp of close", + "body": "string - Issue body content", + "labels": "array - Array of label objects with name field", + "assignees": "array - Array of assignee objects with login field", + "comments": "object - Comments info with totalCount field", + "milestone": "object|null - Milestone info with title field", + "url": "string - Issue URL" + } + }, + "suggested_queries": [ + {"description": "Get all data", "query": "."}, + {"description": "Get issue numbers and titles", "query": ".[] | {number, title}"}, + {"description": "Get open issues only", "query": ".[] | select(.state == \"OPEN\")"}, + {"description": "Get issues by author", "query": ".[] | select(.author.login == \"USERNAME\")"}, + {"description": "Get issues with label", "query": ".[] | select(.labels | map(.name) | index(\"bug\"))"}, + {"description": "Get issues with many comments", "query": ".[] | select(.comments.totalCount > 5) | {number, title, comments: .comments.totalCount}"}, + {"description": "Count by state", "query": "group_by(.state) | map({state: .[0].state, count: length})"} + ] + } + EOF + fi + + + EOFSH_github-issue-query + chmod +x /opt/gh-aw/safe-inputs/github-issue-query.sh + cat > /opt/gh-aw/safe-inputs/github-pr-query.sh << 'EOFSH_github-pr-query' + #!/bin/bash + # Auto-generated safe-input tool: github-pr-query + # Query GitHub pull requests with jq filtering support. Without --jq, returns schema and data size info. Use --jq '.' to get all data, or specific jq expressions to filter. + + set -euo pipefail + + set -e + + # Default values + REPO="${INPUT_REPO:-}" + STATE="${INPUT_STATE:-open}" + LIMIT="${INPUT_LIMIT:-30}" + JQ_FILTER="${INPUT_JQ:-}" + + # JSON fields to fetch + JSON_FIELDS="number,title,state,author,createdAt,updatedAt,mergedAt,closedAt,headRefName,baseRefName,isDraft,reviewDecision,additions,deletions,changedFiles,labels,assignees,reviewRequests,url" + + # Build and execute gh command + if [[ -n "$REPO" ]]; then + OUTPUT=$(gh pr list --state "$STATE" --limit "$LIMIT" --json "$JSON_FIELDS" --repo "$REPO") + else + OUTPUT=$(gh pr list --state "$STATE" --limit "$LIMIT" --json "$JSON_FIELDS") + fi + + # Apply jq filter if specified + if [[ -n "$JQ_FILTER" ]]; then + jq "$JQ_FILTER" <<< "$OUTPUT" + else + # Return schema and size instead of full data + ITEM_COUNT=$(jq 'length' <<< "$OUTPUT") + DATA_SIZE=${#OUTPUT} + + # Validate values are numeric + if ! [[ "$ITEM_COUNT" =~ ^[0-9]+$ ]]; then + ITEM_COUNT=0 + fi + if ! [[ "$DATA_SIZE" =~ ^[0-9]+$ ]]; then + DATA_SIZE=0 + fi + + cat << EOF + { + "message": "No --jq filter provided. Use --jq to filter and retrieve data.", + "item_count": $ITEM_COUNT, + "data_size_bytes": $DATA_SIZE, + "schema": { + "type": "array", + "description": "Array of pull request objects", + "item_fields": { + "number": "integer - PR number", + "title": "string - PR title", + "state": "string - PR state (OPEN, CLOSED, MERGED)", + "author": "object - Author info with login field", + "createdAt": "string - ISO timestamp of creation", + "updatedAt": "string - ISO timestamp of last update", + "mergedAt": "string|null - ISO timestamp of merge", + "closedAt": "string|null - ISO timestamp of close", + "headRefName": "string - Source branch name", + "baseRefName": "string - Target branch name", + "isDraft": "boolean - Whether PR is a draft", + "reviewDecision": "string|null - Review decision (APPROVED, CHANGES_REQUESTED, REVIEW_REQUIRED)", + "additions": "integer - Lines added", + "deletions": "integer - Lines deleted", + "changedFiles": "integer - Number of files changed", + "labels": "array - Array of label objects with name field", + "assignees": "array - Array of assignee objects with login field", + "reviewRequests": "array - Array of review request objects", + "url": "string - PR URL" + } + }, + "suggested_queries": [ + {"description": "Get all data", "query": "."}, + {"description": "Get PR numbers and titles", "query": ".[] | {number, title}"}, + {"description": "Get open PRs only", "query": ".[] | select(.state == \"OPEN\")"}, + {"description": "Get merged PRs", "query": ".[] | select(.mergedAt != null)"}, + {"description": "Get PRs by author", "query": ".[] | select(.author.login == \"USERNAME\")"}, + {"description": "Get large PRs", "query": ".[] | select(.changedFiles > 10) | {number, title, changedFiles}"}, + {"description": "Count by state", "query": "group_by(.state) | map({state: .[0].state, count: length})"} + ] + } + EOF + fi + + + EOFSH_github-pr-query + chmod +x /opt/gh-aw/safe-inputs/github-pr-query.sh - name: Generate Safe Inputs MCP Server Config id: safe-inputs-config @@ -622,6 +1015,7 @@ jobs: GH_AW_SAFE_INPUTS_API_KEY: ${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_DEBUG: 1 + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | # Environment variables are set above to prevent template injection export GH_AW_SAFE_INPUTS_PORT @@ -639,6 +1033,7 @@ jobs: GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }} GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }} GH_DEBUG: 1 + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }} @@ -656,7 +1051,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="codex" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_INPUTS_PORT -e GH_AW_SAFE_INPUTS_API_KEY -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e GH_AW_GH_TOKEN -e GH_DEBUG -e TAVILY_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.76' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_INPUTS_PORT -e GH_AW_SAFE_INPUTS_API_KEY -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e GH_AW_GH_TOKEN -e GH_DEBUG -e GH_TOKEN -e TAVILY_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.76' cat > /tmp/gh-aw/mcp-config/config.toml << EOF [history] @@ -1026,6 +1421,8 @@ jobs: - Include up to 3 most relevant run URLs at end under `**References:**` - Do NOT add footer attribution (system adds automatically) + + # Smoke Test: Codex Engine Validation **IMPORTANT: Keep all outputs extremely short and concise. Use single-line responses where possible. No verbose explanations.** @@ -1039,6 +1436,10 @@ jobs: 5. **Tavily Web Search Testing**: Use the Tavily MCP server to perform a web search for "GitHub Agentic Workflows" and verify that results are returned with at least one item 6. **File Writing Testing**: Create a test file `/tmp/gh-aw/agent/smoke-test-codex-__GH_AW_GITHUB_RUN_ID__.txt` with content "Smoke test passed for Codex at $(date)" (create the directory if it doesn't exist) 7. **Bash Tool Testing**: Execute bash commands to verify file creation was successful (use `cat` to read the file back) + 8. **Discussion Interaction Testing**: + - Use the `github-discussion-query` safe-input tool with params: `limit=1, jq=".[0]"` to get the latest discussion from __GH_AW_GITHUB_REPOSITORY__ + - Extract the discussion number from the result (e.g., if the result is `{"number": 123, "title": "...", ...}`, extract 123) + - Use the `add_comment` tool with `discussion_number: ` to add a mystical, oracle-themed comment stating that the smoke test agent was here ## Output @@ -1047,6 +1448,8 @@ jobs: - ✅ or ❌ for each test result - Overall status: PASS or FAIL + Use the `add_comment` tool to add a **mystical oracle-themed comment** to the latest discussion (using the `discussion_number` you extracted in step 8) - be creative and use mystical language like "🔮 The ancient spirits stir..." + If all tests pass: - Use the `add_labels` safe-output tool to add the label `smoke-codex` to the pull request - Use the `remove_labels` safe-output tool to remove the label `smoke` from the pull request @@ -1594,7 +1997,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} - GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"hide_older_comments\":true,\"max\":1},\"add_labels\":{\"allowed\":[\"smoke-codex\"]},\"create_issue\":{\"close_older_issues\":true,\"expires\":2,\"max\":1},\"hide_comment\":{\"max\":5},\"missing_data\":{},\"missing_tool\":{},\"remove_labels\":{\"allowed\":[\"smoke\"]}}" + GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"hide_older_comments\":true,\"max\":2},\"add_labels\":{\"allowed\":[\"smoke-codex\"]},\"create_issue\":{\"close_older_issues\":true,\"expires\":2,\"max\":1},\"hide_comment\":{\"max\":5},\"missing_data\":{},\"missing_tool\":{},\"remove_labels\":{\"allowed\":[\"smoke\"]}}" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | From 8b9e9f388d3d387b1361124a9edaf17bfd6bfa06 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 23 Jan 2026 03:05:55 +0000 Subject: [PATCH 08/10] Add changeset [skip-ci] --- .changeset/patch-document-remove-labels-safe-output.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .changeset/patch-document-remove-labels-safe-output.md diff --git a/.changeset/patch-document-remove-labels-safe-output.md b/.changeset/patch-document-remove-labels-safe-output.md new file mode 100644 index 0000000000..9d8f1a3279 --- /dev/null +++ b/.changeset/patch-document-remove-labels-safe-output.md @@ -0,0 +1,6 @@ +--- +"gh-aw": patch +--- + +Documented the `remove-labels` safe output type: added reference documentation, examples, and a table-of-contents entry. + From c2e51dff97a3b9dcc154355d31c22cfee94f8edb Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Thu, 22 Jan 2026 21:48:37 -0800 Subject: [PATCH 09/10] Add missing remove_labels tool definition to safe-outputs MCP server (#11450) --- .github/workflows/smoke-copilot.lock.yml | 24 ++++++++++++++++++++++ pkg/workflow/js/safe_outputs_tools.json | 26 +++++++++++++++++++++++- 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 2148a832cb..d4d7e2e262 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -314,6 +314,30 @@ jobs: }, "name": "add_labels" }, + { + "description": "Remove labels from an existing GitHub issue or pull request. Silently skips labels that don't exist on the item. Use this to clean up labels or manage label lifecycles (e.g., removing 'needs-review' after review is complete). CONSTRAINTS: Only these labels can be removed: [smoke].", + "inputSchema": { + "additionalProperties": false, + "properties": { + "item_number": { + "description": "Issue or PR number to remove labels from. This is the numeric ID from the GitHub URL (e.g., 456 in github.com/owner/repo/issues/456). If omitted, removes labels from the item that triggered this workflow.", + "type": "number" + }, + "labels": { + "description": "Label names to remove (e.g., ['smoke', 'needs-triage']). Non-existent labels are silently skipped.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "labels" + ], + "type": "object" + }, + "name": "remove_labels" + }, { "description": "Report that a tool or capability needed to complete the task is not available, or share any information you deem important about missing functionality or limitations. Use this when you cannot accomplish what was requested because the required functionality is missing or access is restricted.", "inputSchema": { diff --git a/pkg/workflow/js/safe_outputs_tools.json b/pkg/workflow/js/safe_outputs_tools.json index 95257396cc..ec19b0f2d5 100644 --- a/pkg/workflow/js/safe_outputs_tools.json +++ b/pkg/workflow/js/safe_outputs_tools.json @@ -361,6 +361,30 @@ "additionalProperties": false } }, + { + "name": "remove_labels", + "description": "Remove labels from an existing GitHub issue or pull request. Silently skips labels that don't exist on the item. Use this to clean up labels or manage label lifecycles (e.g., removing 'needs-review' after review is complete).", + "inputSchema": { + "type": "object", + "properties": { + "labels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Label names to remove (e.g., ['smoke', 'needs-triage']). Non-existent labels are silently skipped." + }, + "item_number": { + "type": "number", + "description": "Issue or PR number to remove labels from. This is the numeric ID from the GitHub URL (e.g., 456 in github.com/owner/repo/issues/456). If omitted, removes labels from the item that triggered this workflow." + } + }, + "required": [ + "labels" + ], + "additionalProperties": false + } + }, { "name": "add_reviewer", "description": "Add reviewers to a GitHub pull request. Reviewers receive notifications and can approve or request changes. Use 'copilot' as a reviewer name to request the Copilot PR review bot.", @@ -1062,4 +1086,4 @@ "additionalProperties": false } } -] \ No newline at end of file +] From 0ec77d5c8a8c365f03bccd7e8eb6343d05ae102f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 23 Jan 2026 05:51:43 +0000 Subject: [PATCH 10/10] Add changeset: document remove-labels safe output type [skip-ci] --- .changeset/patch-document-remove-labels.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .changeset/patch-document-remove-labels.md diff --git a/.changeset/patch-document-remove-labels.md b/.changeset/patch-document-remove-labels.md new file mode 100644 index 0000000000..db913591a6 --- /dev/null +++ b/.changeset/patch-document-remove-labels.md @@ -0,0 +1,6 @@ +--- +"gh-aw": patch +--- + +Documented the `remove-labels` safe output type, added examples and a table-of-contents entry. +