Add boolean value support for safe-outputs.body configuration

[Copilot]

The update-issue safe-output only supported key-presence semantics (body: enables updates). This adds explicit boolean control: body: true enables, body: false disables.

Changes

Schema & Parser

• JSON schema accepts type: ["boolean", "null"] for body field
• Parser switched from FieldParsingKeyExistence to FieldParsingBoolValue mode
• Config generation uses AddBoolPtrOrDefault with true default

Handler Validation

• JavaScript handler checks config.allow_body before processing body updates
• Logs warning when body update is attempted but blocked
• Other fields (title, status, labels) remain updatable regardless of body setting

Behavior

safe-outputs:
  update-issue:
    body: true    # Explicit enable
    body: false   # Explicit disable (blocks updates, logs warning)
    body:         # Null value → true (backward compat)
    # omitted     # Missing → true (default)

Backward Compatibility

Existing workflows unchanged:

• body: (null) → allow_body: true (maintained key-existence semantics)
• Missing field → allow_body: true (safe default)

Original prompt

Add support for safe-outputs.body: true as a way to allow updating the issue body. Update JSON schema and parser.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[github-actions]

🔍 PR Triage Results

Category: feature | Risk: medium | Priority: 32/100

Scores Breakdown

• Impact: 25/50 - New feature for safe-outputs body update functionality, medium impact on workflow capabilities
• Urgency: 2/30 - WIP status, very new (< 1 hour old), no blocking issues or priority labels
• Quality: 5/20 - CI pending, WIP status indicates incomplete implementation

📋 Recommended Action: defer

Explanation: This WIP PR needs completion before review. The feature adds body update support to safe-outputs which is valuable, but should be revisited when the [WIP] tag is removed and CI validation passes.

Next Steps:

1. Complete implementation and remove [WIP] tag
2. Ensure CI passes
3. Request review

---

Triaged by PR Triage Agent on 2026-02-12

AI generated by PR Triage Agent

[Copilot]

Pull request overview

This PR adds explicit boolean control for the safe-outputs.update-issue.body setting, allowing workflows to enable (true) or disable (false) issue body updates while keeping body: (null) backward-compatible.

Changes:

• Extend the workflow JSON schema and Go parser to accept body: true|false|null for safe-outputs.update-issue.
• Emit allow_body into the handler config using a default-true boolean pointer helper.
• Update the JS update_issue handler to block body updates when allow_body is false, and add JS/Go tests for the new behavior.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
pkg/workflow/update_issue_test.go	Updates existing config test and adds new parsing tests for body: true, body: false, and body: (null).
pkg/workflow/update_issue.go	Switches body parsing from key-presence to boolean-value mode.
pkg/workflow/compiler_safe_outputs_config.go	Always emits allow_body using AddBoolPtrOrDefault(..., default=true).
pkg/parser/schemas/main_workflow_schema.json	Allows body to be `boolean
actions/setup/js/update_issue.cjs	Adds allow_body gating + warning when body updates are blocked.
actions/setup/js/update_issue.test.cjs	Adds tests validating allow_body behavior (true/default/false).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

buildIssueUpdateData now honors config.allow_body, but config.allow_title/config.allow_status (which the Go compiler can emit as allow_title/allow_status in handler config) are still not consulted. This makes safe-outputs field-permission settings for title/status ineffective and can lead to unexpected updates even when the workflow didn’t enable those fields; consider gating title/status updates similarly or removing those config keys from generation/schema if they’re not meant to be enforced here.

[Copilot]

This change makes allow_body always present (defaulting to true when c.Body is nil) and also enables body: false to flow through as allow_body: false. There isn’t currently a Go unit test asserting the emitted handler-config JSON contains allow_body: false when configured, and contains the expected default when body is omitted/null; adding an assertion in compiler_safe_outputs_config_test.go would help prevent regressions.

[Copilot]

Switching body from FieldParsingKeyExistence to FieldParsingBoolValue changes the meaning of body:/"body": nil in frontmatter maps: it will now parse as a nil pointer instead of a non-nil *bool. There are existing tests/fixtures that set "body": nil and assert UpdateIssues.Body is non-nil (e.g., pkg/workflow/safe_outputs_max_test.go); those will fail unless updated to use body: true or to expect nil + defaulting behavior.

Suggested change

	{Name: "body", Mode: FieldParsingBoolValue, Dest: &cfg.Body},
	{Name: "body", Mode: FieldParsingKeyExistence, Dest: &cfg.Body},