Safe-outputs discussions smoke test: update-discussion API error and close-discussion label enforcement #23283
Description
Context
The smoke-safeoutputs-discussions workflow (run #23670080887) exercises create-discussion, update-discussion, close-discussion, and add-comment safe-outputs in a workflow_dispatch context.
The agent produced 6 messages; ingestion correctly filtered down to 4 based on max limits. Of those 4, 2 succeeded and 2 failed.
Findings
1. update-discussion API error on discussion #45
Config: update_discussion: { max: 1 }
The handler has target: "triggering" by default, but in a workflow_dispatch context there is no triggering discussion. The agent worked around this by hardcoding discussion_number: 45 (a pre-existing discussion). The API call then failed:
ERR_API: update discussion #45 failed (attempt 1)
This is the same class of issue as update-issue with target: triggering (#23282) — the handler needs a way to target discussions created in the same run, not just the triggering event.
Suggested fix: Same as #23282 — support target: "created" or allow explicit discussion_number with temporary ID resolution. This would let the agent update the discussion it just created (e.g., the one created by create-discussion in the same run).
2. close-discussion label enforcement works correctly ✅
Config: close_discussion: { max: 1, required_labels: ["smoke-test"] }
The agent attempted to close discussion #45, which does not have the smoke-test label. The handler correctly rejected this:
Missing required labels: smoke-test
The enforcement is working as designed. The test prompt needs improvement to instruct the agent to close the discussion it created (which was auto-labeled with smoke-test by create-discussion).
3. create-discussion works correctly ✅
Config: create_discussion: { category: "general", max: 1, title_prefix: "[smoke-safeoutputs] ", labels: ["smoke-test"], ... }
Successfully created discussion #2692 with correct category, prefix, and labels. The second create_discussion message was correctly filtered by the ingestion layer (max:1).
4. add-comment was not tested
The agent did not produce any add_comment messages. The add-comment handler has target: "triggering", which has no context in workflow_dispatch. Future test improvements should either:
- Run via issue/discussion trigger to test
add-comment - Or support
target: "created"foradd-commenttoo
5. Ingestion max filtering works correctly ✅
6 agent messages filtered to 4:
create_discussionmax:1 → 1 passed, 1 filteredupdate_discussionmax:1 → 1 passedclose_discussionmax:1 → 1 passed, 1 filteredcreate_issue(summary) → 1 passed
6. Relationship to #23278 / #23279
The update-discussion handler currently does not support field-level controls (title, body, labels). PR #23279 adds filterToolSchemaFields() to hide unconfigured fields from the tool schema. Once that ships, the smoke test should be updated to test field-level enforcement (e.g., update-discussion with only allowed-labels should not allow body modification).
Artifacts
- Run: https://github.com/github/gh-aw-mcpg/actions/runs/23670080887
- Created discussion: [smoke-safeoutputs] Enforcement Test 23670080887 gh-aw-mcpg#2692
- Created summary issue: [smoke-safeoutputs] Smoke Safe-Outputs Discussions: 23670080887 gh-aw-mcpg#2693
- Workflow source:
gh-aw-mcpg:.github/workflows/smoke-safeoutputs-discussions.md - Related: Comprehensive safe-outputs configuration enforcement tests gh-aw-mcpg#2684 (comprehensive safe-outputs test plan)
- Related: Ensure safe discussion updates #23278 / Fix update_discussion safe outputs: label-only config must not modify title/body #23279 (update-discussion field filtering fix)
- Related: Safe-outputs issues smoke test: update-issue target, assign-milestone, and title_prefix findings #23282 (issues smoke test findings — same
target: triggeringproblem)