Safe-output patch generator uses triggering repo's default branch instead of configured `base_branch`

[Calidus]

Bug: Safe-output patch generator uses triggering repo's default branch instead of configured base_branch

Component: gh-aw safe-output MCP server (safe_outputs_mcp_server_http)
Severity: High — causes every create_pull_request call to include hundreds of unrelated files

---

Summary

When the safe-output server generates a patch for create_pull_request, it uses GITHUB_DEFAULT_BRANCH (inherited from the triggering repo's context) as the base branch ref to diff against — instead of the base_branch value explicitly configured in the create_pull_request safe-output config. When those two names differ and origin/{GITHUB_DEFAULT_BRANCH} doesn't exist in the target repo, the server falls through to a broken cross-repo fallback strategy that picks an arbitrarily old commit as the patch base, producing a massive patch.

---

Setup

• Triggering repo default branch: master
• Target repo (checked out as a sub-path) default branch: main
• create_pull_request safe-output config has base_branch: main explicitly set

{
  "create_pull_request": {
    "base_branch": "main",
    "target-repo": "my-org/target-repo",
    "title_prefix": "feat: "
  }
}

---

What the agent did (correct)

1. Checked out the target repo — local main was at commit <HEAD>
2. git checkout -b feat/my-change from current main HEAD
3. Wrote exactly 1 file, committed it (1 file changed, 5 insertions)
4. Called create_pull_request

The agent's git work was correct. The patch should have contained exactly 1 file.

---

What the safe-output server did (wrong)

From mcp-logs/safeoutputs/server.log:

[safeoutputs] Generating patch for create_pull_request with branch: feat/my-change
  baseBranch: master   ← ❌ should be "main" (from config), not "master" (from GITHUB_DEFAULT_BRANCH)