Safe-outputs issues smoke test: update-issue target, assign-milestone, and title_prefix findings #23282
Description
Context
The smoke-safeoutputs-issues workflow (run #23670081731) exercises create-issue, update-issue, close-issue, link-sub-issue, and assign-milestone safe-outputs in a workflow_dispatch context.
The agent produced 16 messages; ingestion correctly filtered down to 7 based on max limits. Of those 7, 4 succeeded and 3 failed.
Findings
1. update-issue fails under workflow_dispatch — target: triggering has no issue context
Config: update_issue: { allow_body: true, max: 1 }
The handler defaults to target: "triggering", which requires the workflow to be triggered by an issue event. When triggered via workflow_dispatch, the handler rejects with:
Target is "triggering" but not running in issue context, skipping update_issue
Suggested fix: Support target: "created" (or target: "last_created") so the handler updates the most recently created issue from the same run. Alternatively, allow an explicit issue_number field that accepts temporary IDs (e.g., aw_parent1) resolved at processing time.
2. close-issue label enforcement works correctly ✅
Config: close_issue: { max: 1, required_labels: ["smoke-test"], required_title_prefix: "[smoke-safeoutputs]" }
The agent targeted a pre-existing issue (#2690) that lacked the smoke-test label. The enforcement correctly rejected this. The test prompt needs improvement to instruct the agent to close its own created issue (which has the smoke-test label) rather than arbitrary pre-existing issues.
3. assign-milestone fails because no milestones exist in the repo
Config: assign_milestone: { allowed: ["v1.0"], max: 1 }
The handler fetched 0 milestones and rejected with "Milestone #1 not found in repository".
Suggested fix: Either:
- Document that
assign-milestonerequires pre-existing milestones - Or allow the
allowedlist to auto-create milestones if they don't exist
4. title_prefix auto-prepends rather than gating
Issue #2696 was created with title "No prefix issue — should be rejected" despite title_prefix: "[smoke-safeoutputs] " config. The handler auto-prepended the prefix instead of rejecting the issue.
Question: Is this intentional? If so, it should be documented that title_prefix is auto-prepend behavior. If enforcement is desired, a separate required_title_prefix option (reject if missing) would be useful — similar to how close-issue has required_title_prefix for gating.
5. Ingestion max filtering works correctly ✅
The ingestion layer correctly filtered 16 agent messages down to 7 based on per-type max limits. All per-type caps enforced as expected.
Artifacts
- Run: https://github.com/github/gh-aw-mcpg/actions/runs/23670081731
- Created issues: [smoke-safeoutputs] Parent Issue 23670081731 gh-aw-mcpg#2694, [smoke-safeoutputs] Sub Issue 23670081731 gh-aw-mcpg#2695, [smoke-safeoutputs] No prefix issue — should be rejected 23670081731 gh-aw-mcpg#2696
- Workflow source:
gh-aw-mcpg:.github/workflows/smoke-safeoutputs-issues.md - Related: Comprehensive safe-outputs configuration enforcement tests gh-aw-mcpg#2684 (comprehensive safe-outputs test plan)
- Related: Ensure safe discussion updates #23278 / Fix update_discussion safe outputs: label-only config must not modify title/body #23279 (update-discussion field filtering fix)