[Code Quality] Add dispatch-workflow safe-output to JSON schema

[github-actions]

Description

The dispatch-workflow safe-output feature is fully implemented with comprehensive validation (203 lines in dispatch_workflow_validation.go) but is completely missing from the JSON schema. This makes the feature undiscoverable via schema validation, IDE autocomplete, and documentation generation.

Evidence from Analysis

Code References: 35 references to DispatchWorkflow across pkg/workflow/*.go
Validation File: pkg/workflow/dispatch_workflow_validation.go (203 lines)
Schema Status: NOT PRESENT in safe-outputs properties (checked all 45 operations)

Features Implemented (Not in Schema)

1. ✅ Validates at least one workflow specified (minItems: 1)
2. ✅ Prevents self-reference (infinite loop protection)
3. ✅ Path traversal prevention (security)
4. ✅ Supports .md, .lock.yml, or .yml workflow files
5. ✅ Validates target workflow has workflow_dispatch trigger
6. ✅ Checks max concurrent dispatches limit

Impact

• Discoverability: Feature is hidden from schema-based tools
• IDE Support: Autocomplete will not suggest dispatch-workflow
• Validation: Schema validation rejects valid configurations
• Documentation: Schema-generated docs don't show this feature
• User Experience: Users must discover feature through code reading

Suggested Schema Addition

"dispatch-workflow": {
  "description": "Enable dispatching other workflows from this workflow. Allows workflows to trigger other workflows via workflow_dispatch events. Includes self-reference prevention and path traversal protection.",
  "oneOf": [
    {
      "type": "boolean",
      "description": "Enable dispatch-workflow with default settings"
    },
    {
      "type": "object",
      "properties": {
        "workflows": {
          "type": "array",
          "minItems": 1,
          "items": {"type": "string"},
          "description": "List of workflow names to dispatch (without .md extension). Workflows must exist in same directory and support workflow_dispatch trigger. Self-reference not allowed."
        },
        "max": {
          "type": "integer",
          "minimum": 1,
          "description": "Maximum number of concurrent workflow dispatches"
        }
      },
      "required": ["workflows"],
      "additionalProperties": false
    }
  ],
  "$comment": "Self-reference prevention: workflow cannot dispatch itself (prevents infinite loops). Path traversal protection: all paths validated with isPathWithinDir(). Validation: pkg/workflow/dispatch_workflow_validation.go"
}

Files Affected

• pkg/parser/schemas/safe-outputs.json (or equivalent schema file)
• Potentially pkg/workflow/frontmatter_types.go if TypeScript types need updates

Success Criteria

• dispatch-workflow added to safe-outputs schema properties
• Schema validation accepts valid dispatch-workflow configurations
• IDE autocomplete suggests dispatch-workflow in safe-outputs context
• All validation rules documented in schema (minItems, self-reference, etc.)
• $comment field documents security constraints
• Schema validation tests pass
• make build and make recompile complete successfully
• Documentation generation includes dispatch-workflow

Source

Extracted from Schema Consistency & Behavioral Constraints discussion #10924

Priority

High - Feature is production-ready but completely hidden from schema-based tooling and validation. This affects discoverability and creates a poor developer experience.

AI generated by Discussion Task Miner - Code Quality Improvement Agent

• expires on Feb 11, 2026, 1:34 AM UTC

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster