update_project safe output: add content_repo for cross-repo project item resolution #21334
Description
Problem
The update_project safe output resolves content_number (issue/PR number) to a project item by querying the workflow's host repository (context.repo). This means workflows cannot update project fields for items that originate from other repositories.
This is a significant limitation for organization-level projects that aggregate issues from multiple repos — a very common pattern. For example, a triage workflow in github/authentication cannot update custom fields on project items that link to issues in github/docs, github/github, etc., even though the project fields have nothing to do with the issue's source repo.
Current behavior
update_project.cjshardcodesconst { owner, repo } = context.repo(line ~473) and uses it in the GraphQL resolution query (line ~1017)- The tool schema has
additionalProperties: falsewith nocontent_repofield - Issues from repos other than the workflow's host repo fail with:
Could not resolve to an Issue
Proposed solution
Add an optional content_repo field (e.g., "github/docs") to the update_project tool schema. When provided, use it instead of context.repo for resolving content_number to a node ID.
This would be consistent with how other safe outputs like create-issue, add-comment, and add-labels support allowed-repos / target-repo for cross-repo operations.
Workaround
Currently, the only workaround is to instruct the agent to skip items from other repos, which means those project items never get their fields updated by the workflow.
Use case
We have an org project (github/orgs/projects/3589) tracking support escalations across multiple repos. A scheduled triage workflow in github/authentication iterates all board items and classifies them, but ~6 items from other repos are silently skipped because update_project cannot resolve their issue numbers.
cc @github/gh-aw-team