diff --git a/.changeset/patch-refactor-safe-outputs-prompt.md b/.changeset/patch-refactor-safe-outputs-prompt.md
new file mode 100644
index 00000000000..5a6d3e8bdc9
--- /dev/null
+++ b/.changeset/patch-refactor-safe-outputs-prompt.md
@@ -0,0 +1,4 @@
+---
+"gh-aw": patch
+---
+Refactor the safe outputs prompt to source the intro and per-tool guidance from markdown templates so it is easier to maintain and uses fewer tokens.
diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml
index 1cbba0d554a..1353e85d5bb 100644
--- a/.github/workflows/agent-performance-analyzer.lock.yml
+++ b/.github/workflows/agent-performance-analyzer.lock.yml
@@ -112,62 +112,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml
index 59561ee7b6b..91bc9cd3dff 100644
--- a/.github/workflows/agent-persona-explorer.lock.yml
+++ b/.github/workflows/agent-persona-explorer.lock.yml
@@ -112,54 +112,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml
index f95b11e8f9e..fd2d6e85415 100644
--- a/.github/workflows/ai-moderator.lock.yml
+++ b/.github/workflows/ai-moderator.lock.yml
@@ -149,58 +149,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding Labels to Issues or Pull Requests, Hiding a Comment, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Hiding a Comment**
-
- To hide a comment, use the hide_comment tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_labels, hide_comment, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml
index 72cbc8f272b..374124d46a8 100644
--- a/.github/workflows/archie.lock.yml
+++ b/.github/workflows/archie.lock.yml
@@ -142,54 +142,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml
index e828d915b13..01a8a2298d4 100644
--- a/.github/workflows/artifacts-summary.lock.yml
+++ b/.github/workflows/artifacts-summary.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml
index de99c2482fe..f2966f1e22f 100644
--- a/.github/workflows/audit-workflows.lock.yml
+++ b/.github/workflows/audit-workflows.lock.yml
@@ -113,62 +113,13 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml
index 2217e3f3e44..2c317e8da8b 100644
--- a/.github/workflows/auto-triage-issues.lock.yml
+++ b/.github/workflows/auto-triage-issues.lock.yml
@@ -127,58 +127,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Adding Labels to Issues or Pull Requests, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, add_labels, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml
index c69e66ebf75..0f2dbbede30 100644
--- a/.github/workflows/blog-auditor.lock.yml
+++ b/.github/workflows/blog-auditor.lock.yml
@@ -111,54 +111,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/bot-detection.lock.yml b/.github/workflows/bot-detection.lock.yml
index 0adf3901c3a..9ecb5318519 100644
--- a/.github/workflows/bot-detection.lock.yml
+++ b/.github/workflows/bot-detection.lock.yml
@@ -110,58 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Updating Issues, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Updating an Issue**
-
- To update an issue, use the update_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, update_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml
index 6d8b32edc58..2468fac61ff 100644
--- a/.github/workflows/brave.lock.yml
+++ b/.github/workflows/brave.lock.yml
@@ -132,54 +132,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml
index 2ae11155f35..ba541b172ea 100644
--- a/.github/workflows/breaking-change-checker.lock.yml
+++ b/.github/workflows/breaking-change-checker.lock.yml
@@ -111,54 +111,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml
index ac60d52f0da..b7d1b401f14 100644
--- a/.github/workflows/changeset.lock.yml
+++ b/.github/workflows/changeset.lock.yml
@@ -138,61 +138,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Updating a Pull Request, Pushing Changes to Branch, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Updating a Pull Request**
-
- To update a pull request title or body, use the update_pull_request tool from safeoutputs.
-
- **Pushing Changes to a Pull Request Branch**
-
- To push changes to the branch of a pull request:
- 1. Make any file changes directly in the working directory.
- 2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.
- 3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: update_pull_request, push_to_pull_request_branch, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml
index acc75bdd580..fd2a7d72b96 100644
--- a/.github/workflows/ci-coach.lock.yml
+++ b/.github/workflows/ci-coach.lock.yml
@@ -113,59 +113,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml
index ad347362f2a..b16f8ef6ea1 100644
--- a/.github/workflows/ci-doctor.lock.yml
+++ b/.github/workflows/ci-doctor.lock.yml
@@ -126,62 +126,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Updating Issues, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Updating an Issue**
-
- To update an issue, use the update_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, update_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml
index a39ab152a55..925a7636463 100644
--- a/.github/workflows/claude-code-user-docs-review.lock.yml
+++ b/.github/workflows/claude-code-user-docs-review.lock.yml
@@ -106,54 +106,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml
index 2973ecdab6d..54e6edd8867 100644
--- a/.github/workflows/cli-consistency-checker.lock.yml
+++ b/.github/workflows/cli-consistency-checker.lock.yml
@@ -104,54 +104,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml
index 75be3ea998a..a22333df7f4 100644
--- a/.github/workflows/cli-version-checker.lock.yml
+++ b/.github/workflows/cli-version-checker.lock.yml
@@ -111,54 +111,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml
index 1923766583e..14e31470502 100644
--- a/.github/workflows/cloclo.lock.yml
+++ b/.github/workflows/cloclo.lock.yml
@@ -173,63 +173,14 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml
index f5c5d6dfb5e..ed4b6e01db6 100644
--- a/.github/workflows/code-scanning-fixer.lock.yml
+++ b/.github/workflows/code-scanning-fixer.lock.yml
@@ -107,63 +107,14 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt_multi.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Adding Labels to Issues or Pull Requests, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, add_labels, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml
index 04f752960be..c30567f096f 100644
--- a/.github/workflows/code-simplifier.lock.yml
+++ b/.github/workflows/code-simplifier.lock.yml
@@ -112,59 +112,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml
index bb3adb103f3..fb9cc527f7d 100644
--- a/.github/workflows/commit-changes-analyzer.lock.yml
+++ b/.github/workflows/commit-changes-analyzer.lock.yml
@@ -112,54 +112,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml
index 2f8a1e94c2e..d18d3d8d200 100644
--- a/.github/workflows/contribution-check.lock.yml
+++ b/.github/workflows/contribution-check.lock.yml
@@ -108,62 +108,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Adding Labels to Issues or Pull Requests, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, add_labels, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml
index 3395849f5b5..cc3b9cffe88 100644
--- a/.github/workflows/copilot-agent-analysis.lock.yml
+++ b/.github/workflows/copilot-agent-analysis.lock.yml
@@ -113,54 +113,11 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml
index 82cd84b59e3..bc83264a5a4 100644
--- a/.github/workflows/copilot-cli-deep-research.lock.yml
+++ b/.github/workflows/copilot-cli-deep-research.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml
index 5e09fae1adc..fb2284154bc 100644
--- a/.github/workflows/copilot-pr-merged-report.lock.yml
+++ b/.github/workflows/copilot-pr-merged-report.lock.yml
@@ -103,54 +103,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
GH_AW_PROMPT_EOF
cat << 'GH_AW_PROMPT_EOF'
diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml
index 1a3f9bb2325..ddc1e67648b 100644
--- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml
+++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml
@@ -113,62 +113,13 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml
index 6801543023b..0aae6cef765 100644
--- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml
+++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml
@@ -113,54 +113,11 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml
index ba14338f71e..67e95691c0c 100644
--- a/.github/workflows/copilot-session-insights.lock.yml
+++ b/.github/workflows/copilot-session-insights.lock.yml
@@ -117,62 +117,13 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml
index 0e65af1f7e8..4ff1a3d405f 100644
--- a/.github/workflows/craft.lock.yml
+++ b/.github/workflows/craft.lock.yml
@@ -128,61 +128,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Pushing Changes to Branch, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Pushing Changes to a Pull Request Branch**
-
- To push changes to the branch of a pull request:
- 1. Make any file changes directly in the working directory.
- 2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.
- 3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, push_to_pull_request_branch, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml
index aacdc869935..c25320f386d 100644
--- a/.github/workflows/daily-assign-issue-to-user.lock.yml
+++ b/.github/workflows/daily-assign-issue-to-user.lock.yml
@@ -104,58 +104,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Assigning to a User, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Assigning to a User**
-
- To assign an issue or pull request to a user, use the assign_to_user tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, assign_to_user, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml
index 43d0f17befd..501480402fe 100644
--- a/.github/workflows/daily-choice-test.lock.yml
+++ b/.github/workflows/daily-choice-test.lock.yml
@@ -104,50 +104,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml
index 03b126d9596..af6fc255a02 100644
--- a/.github/workflows/daily-cli-performance.lock.yml
+++ b/.github/workflows/daily-cli-performance.lock.yml
@@ -112,58 +112,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml
index 0c6c325313d..4762936698f 100644
--- a/.github/workflows/daily-cli-tools-tester.lock.yml
+++ b/.github/workflows/daily-cli-tools-tester.lock.yml
@@ -105,54 +105,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml
index c20f92a8a05..435df4738f4 100644
--- a/.github/workflows/daily-code-metrics.lock.yml
+++ b/.github/workflows/daily-code-metrics.lock.yml
@@ -113,62 +113,13 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml
index c57ccafeb45..a176576a56d 100644
--- a/.github/workflows/daily-compiler-quality.lock.yml
+++ b/.github/workflows/daily-compiler-quality.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml
index 01e6a49e37d..7f244d60caf 100644
--- a/.github/workflows/daily-copilot-token-report.lock.yml
+++ b/.github/workflows/daily-copilot-token-report.lock.yml
@@ -112,62 +112,13 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml
index 8d1278c8cde..0c94fc81111 100644
--- a/.github/workflows/daily-doc-updater.lock.yml
+++ b/.github/workflows/daily-doc-updater.lock.yml
@@ -106,59 +106,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml
index f44a2db98e1..c6ac95fad9d 100644
--- a/.github/workflows/daily-fact.lock.yml
+++ b/.github/workflows/daily-fact.lock.yml
@@ -90,54 +90,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml
index 964ff893f0a..0028663ec54 100644
--- a/.github/workflows/daily-file-diet.lock.yml
+++ b/.github/workflows/daily-file-diet.lock.yml
@@ -112,54 +112,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml
index d53f8e5009b..3288450e1a4 100644
--- a/.github/workflows/daily-firewall-report.lock.yml
+++ b/.github/workflows/daily-firewall-report.lock.yml
@@ -111,62 +111,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml
index 6237e4cc73c..52ed8fde5e1 100644
--- a/.github/workflows/daily-issues-report.lock.yml
+++ b/.github/workflows/daily-issues-report.lock.yml
@@ -116,66 +116,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, close_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Closing a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Closing a Discussion**
-
- To close a discussion, use the close_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml
index 8a4d0ae9b4a..3ccaba1af88 100644
--- a/.github/workflows/daily-malicious-code-scan.lock.yml
+++ b/.github/workflows/daily-malicious-code-scan.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Code Scanning Alert, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Code Scanning Alert**
-
- To create a code scanning alert, use the create_code_scanning_alert tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_code_scanning_alert, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
index cfeabea8a3b..c210e22b5b8 100644
--- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
+++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
@@ -110,58 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Creating an Agent Session, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating an Agent Session**
-
- To create a GitHub Copilot agent session, use the create_agent_session tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, create_agent_session, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml
index 3905b5cae3e..e26509a833f 100644
--- a/.github/workflows/daily-multi-device-docs-tester.lock.yml
+++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml
@@ -117,62 +117,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_issue, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml
index a1920cca4d8..3b2c961d9ae 100644
--- a/.github/workflows/daily-news.lock.yml
+++ b/.github/workflows/daily-news.lock.yml
@@ -114,62 +114,13 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml
index ee4654ec8f7..7d5dc7e0e71 100644
--- a/.github/workflows/daily-observability-report.lock.yml
+++ b/.github/workflows/daily-observability-report.lock.yml
@@ -111,58 +111,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Closing a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Closing a Discussion**
-
- To close a discussion, use the close_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, close_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml
index a60e997c93c..6531607fb3b 100644
--- a/.github/workflows/daily-performance-summary.lock.yml
+++ b/.github/workflows/daily-performance-summary.lock.yml
@@ -112,66 +112,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, close_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Closing a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Closing a Discussion**
-
- To close a discussion, use the close_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml
index e1612462fd5..e70c95f528b 100644
--- a/.github/workflows/daily-regulatory.lock.yml
+++ b/.github/workflows/daily-regulatory.lock.yml
@@ -110,58 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Closing a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Closing a Discussion**
-
- To close a discussion, use the close_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, close_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml
index 43cfc8640ab..eced6d180f9 100644
--- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml
+++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml
@@ -113,59 +113,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml
index f0bb446b3c4..87e7cb40a64 100644
--- a/.github/workflows/daily-repo-chronicle.lock.yml
+++ b/.github/workflows/daily-repo-chronicle.lock.yml
@@ -111,62 +111,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml
index cd9adfef461..2cecdd8ac41 100644
--- a/.github/workflows/daily-safe-output-optimizer.lock.yml
+++ b/.github/workflows/daily-safe-output-optimizer.lock.yml
@@ -114,54 +114,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml
index 1b1725766d7..7732e2e8356 100644
--- a/.github/workflows/daily-safe-outputs-conformance.lock.yml
+++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml
index dc645baec21..c48ceddab01 100644
--- a/.github/workflows/daily-secrets-analysis.lock.yml
+++ b/.github/workflows/daily-secrets-analysis.lock.yml
@@ -109,58 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Closing a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Closing a Discussion**
-
- To close a discussion, use the close_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, close_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml
index 8bd44358c16..0da09079bc5 100644
--- a/.github/workflows/daily-security-red-team.lock.yml
+++ b/.github/workflows/daily-security-red-team.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml
index 7138e5fbede..7d1b06aded6 100644
--- a/.github/workflows/daily-semgrep-scan.lock.yml
+++ b/.github/workflows/daily-semgrep-scan.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Code Scanning Alert, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Code Scanning Alert**
-
- To create a code scanning alert, use the create_code_scanning_alert tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_code_scanning_alert, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml
index 1fcdec162f0..01cfabc6270 100644
--- a/.github/workflows/daily-syntax-error-quality.lock.yml
+++ b/.github/workflows/daily-syntax-error-quality.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml
index ef47f6f5d89..1554d58fbc3 100644
--- a/.github/workflows/daily-team-evolution-insights.lock.yml
+++ b/.github/workflows/daily-team-evolution-insights.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml
index c46c463d564..4a732eb9dbf 100644
--- a/.github/workflows/daily-team-status.lock.yml
+++ b/.github/workflows/daily-team-status.lock.yml
@@ -118,54 +118,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml
index d625206769f..61d93c2ff23 100644
--- a/.github/workflows/daily-testify-uber-super-expert.lock.yml
+++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml
@@ -114,54 +114,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml
index de664d63cff..5d9435719f6 100644
--- a/.github/workflows/daily-workflow-updater.lock.yml
+++ b/.github/workflows/daily-workflow-updater.lock.yml
@@ -105,59 +105,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml
index 77e8e746733..cb470679d63 100644
--- a/.github/workflows/deep-report.lock.yml
+++ b/.github/workflows/deep-report.lock.yml
@@ -112,66 +112,13 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_issue, create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml
index f195cf346cb..ad1224df7c3 100644
--- a/.github/workflows/delight.lock.yml
+++ b/.github/workflows/delight.lock.yml
@@ -111,58 +111,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml
index 6832290da4a..6210c917211 100644
--- a/.github/workflows/dependabot-burner.lock.yml
+++ b/.github/workflows/dependabot-burner.lock.yml
@@ -106,54 +106,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml
index 9a896407103..0054d7ff586 100644
--- a/.github/workflows/dependabot-go-checker.lock.yml
+++ b/.github/workflows/dependabot-go-checker.lock.yml
@@ -104,58 +104,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Closing an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Closing an Issue**
-
- To close an issue, use the close_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, close_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml
index f7b791d914c..079e02f07ba 100644
--- a/.github/workflows/dev-hawk.lock.yml
+++ b/.github/workflows/dev-hawk.lock.yml
@@ -121,54 +121,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml
index 2f1919afdd3..7797ff87ad1 100644
--- a/.github/workflows/dev.lock.yml
+++ b/.github/workflows/dev.lock.yml
@@ -104,54 +104,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml
index e5dd673fec6..1cd0de05f97 100644
--- a/.github/workflows/developer-docs-consolidator.lock.yml
+++ b/.github/workflows/developer-docs-consolidator.lock.yml
@@ -110,63 +110,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml
index 846e28884fd..a5f7e2a1200 100644
--- a/.github/workflows/dictation-prompt.lock.yml
+++ b/.github/workflows/dictation-prompt.lock.yml
@@ -108,59 +108,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml
index f37d2e677c3..2bedbbc94cf 100644
--- a/.github/workflows/discussion-task-miner.lock.yml
+++ b/.github/workflows/discussion-task-miner.lock.yml
@@ -111,58 +111,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml
index f24005d31aa..f4f1bcd8e38 100644
--- a/.github/workflows/docs-noob-tester.lock.yml
+++ b/.github/workflows/docs-noob-tester.lock.yml
@@ -110,62 +110,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml
index da66739b438..d9cc3621cbf 100644
--- a/.github/workflows/draft-pr-cleanup.lock.yml
+++ b/.github/workflows/draft-pr-cleanup.lock.yml
@@ -105,62 +105,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Closing a Pull Request, Adding Labels to Issues or Pull Requests, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Closing a Pull Request**
-
- To close a pull request, use the close_pull_request tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, close_pull_request, add_labels, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml
index 68179ec4453..b206f968780 100644
--- a/.github/workflows/duplicate-code-detector.lock.yml
+++ b/.github/workflows/duplicate-code-detector.lock.yml
@@ -106,54 +106,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml
index 53e5f42f48a..5fc415e46fd 100644
--- a/.github/workflows/example-workflow-analyzer.lock.yml
+++ b/.github/workflows/example-workflow-analyzer.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml
index 7b815fe4713..9612a9955ae 100644
--- a/.github/workflows/firewall-escape.lock.yml
+++ b/.github/workflows/firewall-escape.lock.yml
@@ -129,54 +129,11 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml
index ea9682228ae..65bf9aec941 100644
--- a/.github/workflows/functional-pragmatist.lock.yml
+++ b/.github/workflows/functional-pragmatist.lock.yml
@@ -108,59 +108,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml
index 198f909bcf1..efe6d290ffa 100644
--- a/.github/workflows/github-mcp-structural-analysis.lock.yml
+++ b/.github/workflows/github-mcp-structural-analysis.lock.yml
@@ -110,62 +110,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml
index 816855513a2..755ec3d332d 100644
--- a/.github/workflows/github-mcp-tools-report.lock.yml
+++ b/.github/workflows/github-mcp-tools-report.lock.yml
@@ -110,63 +110,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml
index 0519e6a9d47..85f1a187bd0 100644
--- a/.github/workflows/github-remote-mcp-auth-test.lock.yml
+++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml
@@ -106,54 +106,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml
index 39ead29eb07..0173c9179b1 100644
--- a/.github/workflows/glossary-maintainer.lock.yml
+++ b/.github/workflows/glossary-maintainer.lock.yml
@@ -110,59 +110,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml
index 6367d6ff567..0c201e33bbe 100644
--- a/.github/workflows/go-fan.lock.yml
+++ b/.github/workflows/go-fan.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml
index 5ace94e96af..3df49002133 100644
--- a/.github/workflows/go-logger.lock.yml
+++ b/.github/workflows/go-logger.lock.yml
@@ -110,59 +110,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml
index d8769ac96d9..9a19cde1b09 100644
--- a/.github/workflows/go-pattern-detector.lock.yml
+++ b/.github/workflows/go-pattern-detector.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml
index b9696321c1f..610b758677e 100644
--- a/.github/workflows/gpclean.lock.yml
+++ b/.github/workflows/gpclean.lock.yml
@@ -106,54 +106,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml
index 656c25263ce..0cea6525885 100644
--- a/.github/workflows/grumpy-reviewer.lock.yml
+++ b/.github/workflows/grumpy-reviewer.lock.yml
@@ -133,58 +133,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request Review Comment, Submitting a Pull Request Review, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request Review Comment**
-
- To create a pull request review comment, use the create_pull_request_review_comment tool from safeoutputs.
-
- **Submitting a Pull Request Review**
-
- To submit a pull request review (APPROVE, REQUEST_CHANGES, or COMMENT), use the submit_pull_request_review tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request_review_comment, submit_pull_request_review, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml
index 5c39ab1cd00..4a49fe00be4 100644
--- a/.github/workflows/hourly-ci-cleaner.lock.yml
+++ b/.github/workflows/hourly-ci-cleaner.lock.yml
@@ -113,59 +113,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml
index 12c71ca3650..76081134fd3 100644
--- a/.github/workflows/instructions-janitor.lock.yml
+++ b/.github/workflows/instructions-janitor.lock.yml
@@ -106,59 +106,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml
index dae0d23b020..22e82231f26 100644
--- a/.github/workflows/issue-arborist.lock.yml
+++ b/.github/workflows/issue-arborist.lock.yml
@@ -109,62 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Creating a Discussion, Linking a Sub-Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Linking a Sub-Issue**
-
- To link an issue as a sub-issue of another issue, use the link_sub_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, create_discussion, link_sub_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml
index 42fd6174e8f..7269e79a563 100644
--- a/.github/workflows/issue-monster.lock.yml
+++ b/.github/workflows/issue-monster.lock.yml
@@ -116,58 +116,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Assigning to an Agent, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Assigning to an Agent**
-
- To assign an issue or pull request to a GitHub Copilot agent, use the assign_to_agent tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, assign_to_agent, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml
index e219618902a..ece93e20403 100644
--- a/.github/workflows/issue-triage-agent.lock.yml
+++ b/.github/workflows/issue-triage-agent.lock.yml
@@ -99,58 +99,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Adding Labels to Issues or Pull Requests, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, add_labels, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml
index 5bdc33729af..b13d4f5c14e 100644
--- a/.github/workflows/jsweep.lock.yml
+++ b/.github/workflows/jsweep.lock.yml
@@ -106,59 +106,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml
index b40a3a42c18..028b1036d60 100644
--- a/.github/workflows/layout-spec-maintainer.lock.yml
+++ b/.github/workflows/layout-spec-maintainer.lock.yml
@@ -106,59 +106,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml
index 3cb118cd47f..4fbd8b07fd2 100644
--- a/.github/workflows/lockfile-stats.lock.yml
+++ b/.github/workflows/lockfile-stats.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml
index ab368b87180..23b51efff4b 100644
--- a/.github/workflows/mcp-inspector.lock.yml
+++ b/.github/workflows/mcp-inspector.lock.yml
@@ -124,54 +124,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml
index 3b3280e17cc..1a5067515cf 100644
--- a/.github/workflows/mergefest.lock.yml
+++ b/.github/workflows/mergefest.lock.yml
@@ -126,57 +126,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Pushing Changes to Branch, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Pushing Changes to a Pull Request Branch**
-
- To push changes to the branch of a pull request:
- 1. Make any file changes directly in the working directory.
- 2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.
- 3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: push_to_pull_request_branch, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml
index 4a5357024a6..8e7803d8a59 100644
--- a/.github/workflows/notion-issue-summary.lock.yml
+++ b/.github/workflows/notion-issue-summary.lock.yml
@@ -112,50 +112,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml
index 5f57a5db7ed..e8e0c26108d 100644
--- a/.github/workflows/org-health-report.lock.yml
+++ b/.github/workflows/org-health-report.lock.yml
@@ -112,62 +112,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml
index d5d6d9cf99b..3e496254f26 100644
--- a/.github/workflows/pdf-summary.lock.yml
+++ b/.github/workflows/pdf-summary.lock.yml
@@ -154,58 +154,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml
index 0bbc0283fe6..8075785c646 100644
--- a/.github/workflows/plan.lock.yml
+++ b/.github/workflows/plan.lock.yml
@@ -132,58 +132,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Closing a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Closing a Discussion**
-
- To close a discussion, use the close_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, close_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml
index 8af78487048..17d29959fa1 100644
--- a/.github/workflows/poem-bot.lock.yml
+++ b/.github/workflows/poem-bot.lock.yml
@@ -144,110 +144,17 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
+ Tools: add_comment, create_issue, update_issue, create_discussion, create_agent_session, create_pull_request, close_pull_request, create_pull_request_review_comment, add_labels, push_to_pull_request_branch, upload_asset, link_sub_issue, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Updating Issues, Creating a Discussion, Creating an Agent Session, Creating a Pull Request, Closing a Pull Request, Creating a Pull Request Review Comment, Adding Labels to Issues or Pull Requests, Pushing Changes to Branch, Uploading Assets, Linking a Sub-Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Updating an Issue**
-
- To update an issue, use the update_issue tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Creating an Agent Session**
-
- To create a GitHub Copilot agent session, use the create_agent_session tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Closing a Pull Request**
-
- To close a pull request, use the close_pull_request tool from safeoutputs.
-
- **Creating a Pull Request Review Comment**
-
- To create a pull request review comment, use the create_pull_request_review_comment tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Pushing Changes to a Pull Request Branch**
-
- To push changes to the branch of a pull request:
- 1. Make any file changes directly in the working directory.
- 2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.
- 3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Linking a Sub-Issue**
-
- To link an issue as a sub-issue of another issue, use the link_sub_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml
index 23ccd48c84d..266741e5bce 100644
--- a/.github/workflows/portfolio-analyst.lock.yml
+++ b/.github/workflows/portfolio-analyst.lock.yml
@@ -112,62 +112,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml
index a1cdc5b64af..138e40b66cc 100644
--- a/.github/workflows/pr-nitpick-reviewer.lock.yml
+++ b/.github/workflows/pr-nitpick-reviewer.lock.yml
@@ -161,62 +161,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Creating a Pull Request Review Comment, Submitting a Pull Request Review, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Creating a Pull Request Review Comment**
-
- To create a pull request review comment, use the create_pull_request_review_comment tool from safeoutputs.
-
- **Submitting a Pull Request Review**
-
- To submit a pull request review (APPROVE, REQUEST_CHANGES, or COMMENT), use the submit_pull_request_review tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, create_pull_request_review_comment, submit_pull_request_review, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml
index f23e37a2638..600807c8346 100644
--- a/.github/workflows/pr-triage-agent.lock.yml
+++ b/.github/workflows/pr-triage-agent.lock.yml
@@ -105,62 +105,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Adding Labels to Issues or Pull Requests, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, add_labels, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml
index 40f7f0963ea..78c335282f6 100644
--- a/.github/workflows/prompt-clustering-analysis.lock.yml
+++ b/.github/workflows/prompt-clustering-analysis.lock.yml
@@ -115,54 +115,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml
index 6c934a54f3f..1237c21e430 100644
--- a/.github/workflows/python-data-charts.lock.yml
+++ b/.github/workflows/python-data-charts.lock.yml
@@ -109,62 +109,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml
index 4f5bfa197de..b59eefeb5cf 100644
--- a/.github/workflows/q.lock.yml
+++ b/.github/workflows/q.lock.yml
@@ -166,63 +166,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml
index 1e5cf3603ec..0b77b88977d 100644
--- a/.github/workflows/refiner.lock.yml
+++ b/.github/workflows/refiner.lock.yml
@@ -130,63 +130,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml
index b195ae24bbf..6cea878780c 100644
--- a/.github/workflows/release.lock.yml
+++ b/.github/workflows/release.lock.yml
@@ -116,54 +116,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Updating a Release, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Updating a Release**
-
- To update a GitHub release description, use the update_release tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: update_release, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml
index 492a2160cb4..b2fa646020b 100644
--- a/.github/workflows/repo-audit-analyzer.lock.yml
+++ b/.github/workflows/repo-audit-analyzer.lock.yml
@@ -114,54 +114,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt_multi.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml
index aaa65eea5f4..1c64bf71979 100644
--- a/.github/workflows/repo-tree-map.lock.yml
+++ b/.github/workflows/repo-tree-map.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml
index 459a8a5cb6b..87da8ce96db 100644
--- a/.github/workflows/repository-quality-improver.lock.yml
+++ b/.github/workflows/repository-quality-improver.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt_multi.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml
index 5d8326c1743..2930f19c51f 100644
--- a/.github/workflows/research.lock.yml
+++ b/.github/workflows/research.lock.yml
@@ -113,54 +113,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml
index ad25a4c850f..ddb84839172 100644
--- a/.github/workflows/safe-output-health.lock.yml
+++ b/.github/workflows/safe-output-health.lock.yml
@@ -111,54 +111,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml
index d4e40dbe2f1..0b64762e1b4 100644
--- a/.github/workflows/schema-consistency-checker.lock.yml
+++ b/.github/workflows/schema-consistency-checker.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml
index 7978b798381..d34e3ad9efa 100644
--- a/.github/workflows/scout.lock.yml
+++ b/.github/workflows/scout.lock.yml
@@ -191,54 +191,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml
index 5a4120fddb8..f0da7968557 100644
--- a/.github/workflows/security-compliance.lock.yml
+++ b/.github/workflows/security-compliance.lock.yml
@@ -130,54 +130,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml
index b72c049cf9c..13390c05b03 100644
--- a/.github/workflows/security-review.lock.yml
+++ b/.github/workflows/security-review.lock.yml
@@ -133,58 +133,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request Review Comment, Submitting a Pull Request Review, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request Review Comment**
-
- To create a pull request review comment, use the create_pull_request_review_comment tool from safeoutputs.
-
- **Submitting a Pull Request Review**
-
- To submit a pull request review (APPROVE, REQUEST_CHANGES, or COMMENT), use the submit_pull_request_review tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request_review_comment, submit_pull_request_review, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml
index 82ac6974b95..0c06bd4f6a2 100644
--- a/.github/workflows/semantic-function-refactor.lock.yml
+++ b/.github/workflows/semantic-function-refactor.lock.yml
@@ -109,58 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Closing an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Closing an Issue**
-
- To close an issue, use the close_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, close_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml
index 7c7db5e5c8f..2271fc52848 100644
--- a/.github/workflows/sergo.lock.yml
+++ b/.github/workflows/sergo.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml
index 37f38755ce5..721d318b4dc 100644
--- a/.github/workflows/slide-deck-maintainer.lock.yml
+++ b/.github/workflows/slide-deck-maintainer.lock.yml
@@ -116,59 +116,14 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-agent.lock.yml b/.github/workflows/smoke-agent.lock.yml
index 34e9b6a7d74..ef49687400a 100644
--- a/.github/workflows/smoke-agent.lock.yml
+++ b/.github/workflows/smoke-agent.lock.yml
@@ -138,58 +138,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Assigning to an Agent, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Assigning to an Agent**
-
- To assign an issue or pull request to a GitHub Copilot agent, use the assign_to_agent tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, assign_to_agent, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml
index 7fa032d7966..95c1a9e3c01 100644
--- a/.github/workflows/smoke-claude.lock.yml
+++ b/.github/workflows/smoke-claude.lock.yml
@@ -158,93 +158,14 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Closing a Pull Request, Updating a Pull Request, Creating a Pull Request Review Comment, Submitting a Pull Request Review, Resolving a Pull Request Review Thread, Adding Labels to Issues or Pull Requests, Adding a Reviewer to a Pull Request, Pushing Changes to Branch, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Closing a Pull Request**
-
- To close a pull request, use the close_pull_request tool from safeoutputs.
-
- **Updating a Pull Request**
-
- To update a pull request title or body, use the update_pull_request tool from safeoutputs.
-
- **Creating a Pull Request Review Comment**
-
- To create a pull request review comment, use the create_pull_request_review_comment tool from safeoutputs.
-
- **Submitting a Pull Request Review**
-
- To submit a pull request review (APPROVE, REQUEST_CHANGES, or COMMENT), use the submit_pull_request_review tool from safeoutputs.
-
- **Resolving a Pull Request Review Thread**
-
- To resolve a review thread on a pull request, use the resolve_pull_request_review_thread tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Adding a Reviewer to a Pull Request**
-
- To add a reviewer to a pull request, use the add_reviewer tool from safeoutputs.
-
- **Pushing Changes to a Pull Request Branch**
-
- To push changes to the branch of a pull request:
- 1. Make any file changes directly in the working directory.
- 2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.
- 3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, close_pull_request, update_pull_request, create_pull_request_review_comment, submit_pull_request_review, resolve_pull_request_review_thread, add_labels, add_reviewer, push_to_pull_request_branch, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml
index d564eb37c9b..88d322a1ef7 100644
--- a/.github/workflows/smoke-codex.lock.yml
+++ b/.github/workflows/smoke-codex.lock.yml
@@ -150,74 +150,11 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Adding Labels to Issues or Pull Requests, Removing Labels from Issues or Pull Requests, Unassigning from a User, Hiding a Comment, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Removing Labels from Issues or Pull Requests**
-
- To remove labels from an issue or pull request, use the remove_labels tool from safeoutputs.
-
- **Unassigning from a User**
-
- To remove a user assignee from an issue or pull request, use the unassign_from_user tool from safeoutputs.
-
- **Hiding a Comment**
-
- To hide a comment, use the hide_comment tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, add_labels, remove_labels, unassign_from_user, hide_comment, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml
index b86005293de..5ac4e2faddf 100644
--- a/.github/workflows/smoke-copilot-arm.lock.yml
+++ b/.github/workflows/smoke-copilot-arm.lock.yml
@@ -150,82 +150,11 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Creating a Discussion, Creating a Pull Request Review Comment, Submitting a Pull Request Review, Adding Labels to Issues or Pull Requests, Removing Labels from Issues or Pull Requests, Dispatching a Workflow, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Creating a Pull Request Review Comment**
-
- To create a pull request review comment, use the create_pull_request_review_comment tool from safeoutputs.
-
- **Submitting a Pull Request Review**
-
- To submit a pull request review (APPROVE, REQUEST_CHANGES, or COMMENT), use the submit_pull_request_review tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Removing Labels from Issues or Pull Requests**
-
- To remove labels from an issue or pull request, use the remove_labels tool from safeoutputs.
-
- **Dispatching a Workflow**
-
- To dispatch a workflow_dispatch event to another workflow, use the dispatch_workflow tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, create_discussion, create_pull_request_review_comment, submit_pull_request_review, add_labels, remove_labels, dispatch_workflow, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml
index 09b53eb0497..f65d4b342d2 100644
--- a/.github/workflows/smoke-copilot.lock.yml
+++ b/.github/workflows/smoke-copilot.lock.yml
@@ -152,82 +152,11 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Creating a Discussion, Creating a Pull Request Review Comment, Submitting a Pull Request Review, Adding Labels to Issues or Pull Requests, Removing Labels from Issues or Pull Requests, Dispatching a Workflow, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Creating a Pull Request Review Comment**
-
- To create a pull request review comment, use the create_pull_request_review_comment tool from safeoutputs.
-
- **Submitting a Pull Request Review**
-
- To submit a pull request review (APPROVE, REQUEST_CHANGES, or COMMENT), use the submit_pull_request_review tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Removing Labels from Issues or Pull Requests**
-
- To remove labels from an issue or pull request, use the remove_labels tool from safeoutputs.
-
- **Dispatching a Workflow**
-
- To dispatch a workflow_dispatch event to another workflow, use the dispatch_workflow tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, create_discussion, create_pull_request_review_comment, submit_pull_request_review, add_labels, remove_labels, dispatch_workflow, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml
index f7c0b15316b..a8e8042f250 100644
--- a/.github/workflows/smoke-gemini.lock.yml
+++ b/.github/workflows/smoke-gemini.lock.yml
@@ -149,62 +149,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Adding Labels to Issues or Pull Requests, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, add_labels, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml
index 4263854a277..5e1e770c114 100644
--- a/.github/workflows/smoke-multi-pr.lock.yml
+++ b/.github/workflows/smoke-multi-pr.lock.yml
@@ -143,63 +143,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml
index 0dd84510677..3b0b40b9996 100644
--- a/.github/workflows/smoke-project.lock.yml
+++ b/.github/workflows/smoke-project.lock.yml
@@ -141,83 +141,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Creating a Pull Request, Adding Labels to Issues or Pull Requests, Removing Labels from Issues or Pull Requests, Updating a Project, Creating a Project Status Update, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Adding Labels to Issues or Pull Requests**
-
- To add labels to an issue or pull request, use the add_labels tool from safeoutputs.
-
- **Removing Labels from Issues or Pull Requests**
-
- To remove labels from an issue or pull request, use the remove_labels tool from safeoutputs.
-
- **Updating a Project**
-
- To create, add items to, or update a project board, use the update_project tool from safeoutputs.
-
- **Creating a Project Status Update**
-
- To create a project status update, use the create_project_status_update tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, create_pull_request, add_labels, remove_labels, update_project, create_project_status_update, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml
index 373a57ce1bd..f3b81ea1078 100644
--- a/.github/workflows/smoke-temporary-id.lock.yml
+++ b/.github/workflows/smoke-temporary-id.lock.yml
@@ -141,62 +141,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Linking a Sub-Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Linking a Sub-Issue**
-
- To link an issue as a sub-issue of another issue, use the link_sub_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, link_sub_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml
index c11e412d776..863eb7addac 100644
--- a/.github/workflows/smoke-test-tools.lock.yml
+++ b/.github/workflows/smoke-test-tools.lock.yml
@@ -140,54 +140,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml
index ec47008f536..3859476ced7 100644
--- a/.github/workflows/stale-repo-identifier.lock.yml
+++ b/.github/workflows/stale-repo-identifier.lock.yml
@@ -121,62 +121,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_issue, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml
index f439ba818a3..27b37b614c2 100644
--- a/.github/workflows/static-analysis-report.lock.yml
+++ b/.github/workflows/static-analysis-report.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml
index c489e900e2d..1f1e4bbd552 100644
--- a/.github/workflows/step-name-alignment.lock.yml
+++ b/.github/workflows/step-name-alignment.lock.yml
@@ -106,54 +106,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml
index c04a33c5ce1..dd50cf0f98d 100644
--- a/.github/workflows/sub-issue-closer.lock.yml
+++ b/.github/workflows/sub-issue-closer.lock.yml
@@ -105,58 +105,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Updating Issues, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Updating an Issue**
-
- To update an issue, use the update_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, update_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml
index 6017f0ea1e5..5009a8da9e5 100644
--- a/.github/workflows/super-linter.lock.yml
+++ b/.github/workflows/super-linter.lock.yml
@@ -110,54 +110,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml
index be3871aa223..72ad03e729a 100644
--- a/.github/workflows/technical-doc-writer.lock.yml
+++ b/.github/workflows/technical-doc-writer.lock.yml
@@ -114,71 +114,16 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
+ Tools: add_comment, create_pull_request, upload_asset, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating a Pull Request, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml
index 89c2393a1c5..0e2c34d38b8 100644
--- a/.github/workflows/terminal-stylist.lock.yml
+++ b/.github/workflows/terminal-stylist.lock.yml
@@ -105,54 +105,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml
index e325dfb22e7..d098197d066 100644
--- a/.github/workflows/test-create-pr-error-handling.lock.yml
+++ b/.github/workflows/test-create-pr-error-handling.lock.yml
@@ -103,59 +103,14 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml
index f3fd586e02f..e75b9f4ce65 100644
--- a/.github/workflows/test-dispatcher.lock.yml
+++ b/.github/workflows/test-dispatcher.lock.yml
@@ -101,54 +101,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Dispatching a Workflow, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Dispatching a Workflow**
-
- To dispatch a workflow_dispatch event to another workflow, use the dispatch_workflow tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: dispatch_workflow, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml
index b36ee30fa93..48382e98718 100644
--- a/.github/workflows/test-project-url-default.lock.yml
+++ b/.github/workflows/test-project-url-default.lock.yml
@@ -101,58 +101,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Updating a Project, Creating a Project Status Update, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Updating a Project**
-
- To create, add items to, or update a project board, use the update_project tool from safeoutputs.
-
- **Creating a Project Status Update**
-
- To create a project status update, use the create_project_status_update tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: update_project, create_project_status_update, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml
index 01625a76dd8..29ad1a4ad4e 100644
--- a/.github/workflows/tidy.lock.yml
+++ b/.github/workflows/tidy.lock.yml
@@ -139,66 +139,15 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Pushing Changes to Branch, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Pushing Changes to a Pull Request Branch**
-
- To push changes to the branch of a pull request:
- 1. Make any file changes directly in the working directory.
- 2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.
- 3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, push_to_pull_request_branch, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_push_to_pr_branch.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml
index 022437a9dae..c09e96aded7 100644
--- a/.github/workflows/typist.lock.yml
+++ b/.github/workflows/typist.lock.yml
@@ -108,54 +108,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml
index 04c363ed7a0..58e58b312f5 100644
--- a/.github/workflows/ubuntu-image-analyzer.lock.yml
+++ b/.github/workflows/ubuntu-image-analyzer.lock.yml
@@ -108,59 +108,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml
index e9d1888d045..a86eb254342 100644
--- a/.github/workflows/unbloat-docs.lock.yml
+++ b/.github/workflows/unbloat-docs.lock.yml
@@ -136,71 +136,16 @@ jobs:
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
+ Tools: add_comment, create_pull_request, upload_asset, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating a Pull Request, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml
index f47263596eb..6aadf7cdbb5 100644
--- a/.github/workflows/video-analyzer.lock.yml
+++ b/.github/workflows/video-analyzer.lock.yml
@@ -112,54 +112,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml
index 048d7bd36f2..4ae90d21099 100644
--- a/.github/workflows/weekly-editors-health-check.lock.yml
+++ b/.github/workflows/weekly-editors-health-check.lock.yml
@@ -106,67 +106,16 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/playwright_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
+ Tools: create_pull_request, upload_asset, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml
index 9fd1b4ea565..1ecb23db615 100644
--- a/.github/workflows/weekly-issue-summary.lock.yml
+++ b/.github/workflows/weekly-issue-summary.lock.yml
@@ -103,62 +103,13 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/cache_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
+
+ Tools: create_discussion, upload_asset, missing_tool, missing_data
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Discussion, Uploading Assets, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Uploading Assets**
-
- To upload files as URL-addressable assets:
- 1. Use the upload_asset tool from safeoutputs.
- 2. Provide the path to the file you want to upload.
- 3. The tool will copy the file to a staging area and return a GitHub raw content URL.
- 4. Assets are uploaded to an orphaned git branch after workflow completion.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+ upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml
index ffe2222c07e..807b28f3d63 100644
--- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml
+++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml
@@ -105,59 +105,14 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating a Pull Request, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating a Pull Request**
-
- To create a pull request:
- 1. Make any file changes directly in the working directory.
- 2. If you haven't done so already, create a local branch using an appropriate unique name.
- 3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
- 4. Do not push your changes. That will be done by the tool.
- 5. Create the pull request with the create_pull_request tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_pull_request, missing_tool, missing_data
+ GH_AW_PROMPT_EOF
+ cat "/opt/gh-aw/prompts/safe_outputs_create_pull_request.md"
+ cat << 'GH_AW_PROMPT_EOF'
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml
index fb4d46c7ddc..757d5fe15f1 100644
--- a/.github/workflows/workflow-generator.lock.yml
+++ b/.github/workflows/workflow-generator.lock.yml
@@ -133,58 +133,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Updating Issues, Assigning to an Agent, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Updating an Issue**
-
- To update an issue, use the update_issue tool from safeoutputs.
-
- **Assigning to an Agent**
-
- To assign an issue or pull request to a GitHub Copilot agent, use the assign_to_agent tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: update_issue, assign_to_agent, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml
index fc75299c739..ed82edb73a7 100644
--- a/.github/workflows/workflow-health-manager.lock.yml
+++ b/.github/workflows/workflow-health-manager.lock.yml
@@ -112,62 +112,11 @@ jobs:
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
cat "/opt/gh-aw/prompts/repo_memory_prompt.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Adding a Comment to an Issue or Pull Request, Creating an Issue, Updating Issues, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Adding a Comment to an Issue or Pull Request**
-
- To add a comment to an issue or pull request, use the add_comment tool from safeoutputs.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Updating an Issue**
-
- To update an issue, use the update_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: add_comment, create_issue, update_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml
index d0a3691e8bf..16f4b3a9daf 100644
--- a/.github/workflows/workflow-normalizer.lock.yml
+++ b/.github/workflows/workflow-normalizer.lock.yml
@@ -109,54 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml
index 87f34cb822b..befbe3fd60e 100644
--- a/.github/workflows/workflow-skill-extractor.lock.yml
+++ b/.github/workflows/workflow-skill-extractor.lock.yml
@@ -109,58 +109,11 @@ jobs:
cat "/opt/gh-aw/prompts/xpia.md"
cat "/opt/gh-aw/prompts/temp_folder_prompt.md"
cat "/opt/gh-aw/prompts/markdown.md"
+ cat "/opt/gh-aw/prompts/safe_outputs_prompt.md"
cat << 'GH_AW_PROMPT_EOF'
-
- GitHub API Access Instructions
-
- The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
- To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
- Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
- **IMPORTANT - temporary_id format rules:**
- - If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
- - If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
- - Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
- - Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
- - INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
- - VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
- - To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
- Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
- Discover available tools from the safeoutputs MCP server.
-
- **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
- **Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-
- ---
-
- ## Creating an Issue, Creating a Discussion, Reporting Missing Tools or Functionality, Reporting Missing Data
-
- **IMPORTANT**: To perform the actions listed above, use the **safeoutputs** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.
-
- **Creating an Issue**
-
- To create an issue, use the create_issue tool from safeoutputs.
-
- **Creating a Discussion**
-
- To create a discussion, use the create_discussion tool from safeoutputs.
-
- **Reporting Missing Tools or Functionality**
-
- To report a missing tool or capability, use the missing_tool tool from safeoutputs.
-
- **Reporting Missing Data**
-
- To report missing data required to achieve a goal, use the missing_data tool from safeoutputs.
-
-
-
+
+ Tools: create_issue, create_discussion, missing_tool, missing_data
+
The following GitHub context information is available for this workflow:
{{#if __GH_AW_GITHUB_ACTOR__ }}
diff --git a/actions/setup/md/safe_outputs_auto_create_issue.md b/actions/setup/md/safe_outputs_auto_create_issue.md
new file mode 100644
index 00000000000..cd28d964e14
--- /dev/null
+++ b/actions/setup/md/safe_outputs_auto_create_issue.md
@@ -0,0 +1,2 @@
+
+**IMPORTANT**: Report your findings or results by creating a GitHub issue using the create_issue tool. If you have no meaningful results to report, call the noop tool instead.
diff --git a/actions/setup/md/safe_outputs_create_pull_request.md b/actions/setup/md/safe_outputs_create_pull_request.md
new file mode 100644
index 00000000000..632c252ef50
--- /dev/null
+++ b/actions/setup/md/safe_outputs_create_pull_request.md
@@ -0,0 +1,9 @@
+
+**Creating a Pull Request**
+
+To create a pull request:
+1. Make any file changes directly in the working directory.
+2. If you haven't done so already, create a local branch using an appropriate unique name.
+3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.
+4. Do not push your changes. That will be done by the tool.
+5. Create the pull request with the create_pull_request tool from safeoutputs.
diff --git a/actions/setup/md/safe_outputs_prompt.md b/actions/setup/md/safe_outputs_prompt.md
new file mode 100644
index 00000000000..fccb9e9d207
--- /dev/null
+++ b/actions/setup/md/safe_outputs_prompt.md
@@ -0,0 +1,6 @@
+
+
+gh CLI is NOT authenticated. Use safeoutputs MCP server tools for all GitHub operations — tool calls required. If no tool was called, use noop.
+temporary_id: optional cross-reference field (e.g. use #aw_abc1 in a body). Format: aw_ + 3–8 alphanumeric chars (/^aw_[A-Za-z0-9]{3,8}$/). Omit when not needed.
+
+
diff --git a/actions/setup/md/safe_outputs_push_to_pr_branch.md b/actions/setup/md/safe_outputs_push_to_pr_branch.md
new file mode 100644
index 00000000000..087b89203e0
--- /dev/null
+++ b/actions/setup/md/safe_outputs_push_to_pr_branch.md
@@ -0,0 +1,7 @@
+
+**Pushing Changes to a Pull Request Branch**
+
+To push changes to the branch of a pull request:
+1. Make any file changes directly in the working directory.
+2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.
+3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
diff --git a/pkg/workflow/prompts_test.go b/pkg/workflow/prompts_test.go
index 1972c518c05..4ac1d6dd687 100644
--- a/pkg/workflow/prompts_test.go
+++ b/pkg/workflow/prompts_test.go
@@ -36,22 +36,14 @@ func TestGenerateSafeOutputsPromptStep_IncludesWhenEnabled(t *testing.T) {
if !strings.Contains(output, "Create prompt with built-in context") {
t.Error("Expected unified prompt step to be generated when safe outputs enabled")
}
- if !strings.Contains(output, "safe output tool") {
- t.Error("Expected prompt to mention safe output tools")
+ // Static intro is now in safe_outputs_prompt.md (referenced by file, not inline)
+ if !strings.Contains(output, "safe_outputs_prompt.md") {
+ t.Error("Expected reference to safe_outputs_prompt.md for static safe outputs intro")
}
- if !strings.Contains(output, "gh CLI is NOT authenticated") {
- t.Error("Expected prompt to warn about gh CLI not being authenticated")
- }
- if !strings.Contains(output, "safeoutputs MCP server") {
- t.Error("Expected prompt to mention safeoutputs MCP server")
- }
- // Verify per-tool instructions are included for create_issue
+ // Per-tool instructions are still inline
if !strings.Contains(output, "create_issue") {
t.Error("Expected prompt to include create_issue tool name")
}
- if !strings.Contains(output, "Creating an Issue") {
- t.Error("Expected prompt to include 'Creating an Issue' heading")
- }
}
func TestGenerateSafeOutputsPromptStep_SkippedWhenDisabled(t *testing.T) {
@@ -68,7 +60,7 @@ func TestGenerateSafeOutputsPromptStep_SkippedWhenDisabled(t *testing.T) {
output := yaml.String()
// Should still have unified step (for temp folder), but not safe outputs
- if strings.Contains(output, "") {
+ if strings.Contains(output, "safe_outputs_prompt.md") {
t.Error("Expected safe outputs section to NOT be in unified prompt when disabled")
}
}
@@ -101,38 +93,24 @@ func TestSafeOutputsPrompt_IncludesPerToolInstructions(t *testing.T) {
compiler.generateUnifiedPromptStep(&yaml, data)
output := yaml.String()
- // Verify safe outputs section exists
- if !strings.Contains(output, "") {
- t.Fatal("Expected safe outputs section in generated prompt")
+ // Static intro is now in safe_outputs_prompt.md (file reference, not inline)
+ if !strings.Contains(output, "safe_outputs_prompt.md") {
+ t.Fatal("Expected safe_outputs_prompt.md file reference in generated prompt")
}
- // Verify per-tool instructions are present for each enabled tool
- toolTests := []struct {
- toolName string
- heading string
- description string
- }{
- {"create_issue", "Creating an Issue", "To create an issue, use the create_issue tool"},
- {"add_comment", "Adding a Comment", "To add a comment to an issue or pull request, use the add_comment tool"},
- {"create_discussion", "Creating a Discussion", "To create a discussion, use the create_discussion tool"},
- {"update_issue", "Updating an Issue", "To update an issue, use the update_issue tool"},
+ // Per-tool instructions are wrapped in
+ if !strings.Contains(output, "") {
+ t.Fatal("Expected section in generated prompt")
}
- for _, tt := range toolTests {
- t.Run(tt.toolName, func(t *testing.T) {
- if !strings.Contains(output, tt.toolName) {
- t.Errorf("Expected per-tool instruction to include tool name %q", tt.toolName)
- }
- if !strings.Contains(output, tt.heading) {
- t.Errorf("Expected per-tool instruction heading %q", tt.heading)
+ // Verify enabled tool names are present
+ for _, toolName := range []string{"create_issue", "add_comment", "create_discussion", "update_issue"} {
+ t.Run(toolName, func(t *testing.T) {
+ if !strings.Contains(output, toolName) {
+ t.Errorf("Expected per-tool instruction to include tool name %q", toolName)
}
})
}
-
- // Verify the MCP server discovery instruction is also present
- if !strings.Contains(output, "Discover available tools from the safeoutputs MCP server") {
- t.Error("Expected prompt to instruct agent to query MCP server for tools")
- }
}
// ============================================================================
diff --git a/pkg/workflow/safe_outputs_default_create_issue_test.go b/pkg/workflow/safe_outputs_default_create_issue_test.go
index 8464afecac2..b2c9ddf11b8 100644
--- a/pkg/workflow/safe_outputs_default_create_issue_test.go
+++ b/pkg/workflow/safe_outputs_default_create_issue_test.go
@@ -261,7 +261,7 @@ func TestAutoInjectedCreateIssuePrompt(t *testing.T) {
tests := []struct {
name string
safeOutputs *SafeOutputsConfig
- expectSpecific bool // expect the "IMPORTANT: Report your findings" instruction
+ expectSpecific bool // expect the auto_create_issue file reference
}{
{
name: "auto-injected create-issue produces specific prompt",
@@ -296,19 +296,21 @@ func TestAutoInjectedCreateIssuePrompt(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- var b strings.Builder
- generateSafeOutputsPromptSection(&b, tt.safeOutputs)
- output := b.String()
+ compiler := &Compiler{}
+ var yaml strings.Builder
+ data := &WorkflowData{
+ ParsedTools: NewTools(map[string]any{}),
+ SafeOutputs: tt.safeOutputs,
+ }
+ compiler.generateUnifiedPromptStep(&yaml, data)
+ output := yaml.String()
- specificInstruction := "**IMPORTANT**: Report your findings or results by creating a GitHub issue"
if tt.expectSpecific {
- assert.Contains(t, output, specificInstruction,
- "Auto-injected create-issue should include specific prompt instruction")
- assert.Contains(t, output, "noop tool instead",
- "Auto-injected create-issue prompt should mention calling noop as alternative")
+ assert.Contains(t, output, safeOutputsAutoCreateIssueFile,
+ "Auto-injected create-issue should include the auto_create_issue file reference")
} else {
- assert.NotContains(t, output, specificInstruction,
- "Non-auto-injected create-issue should not include specific auto-inject instruction")
+ assert.NotContains(t, output, safeOutputsAutoCreateIssueFile,
+ "Non-auto-injected create-issue should not include the auto_create_issue file reference")
}
})
}
diff --git a/pkg/workflow/sh.go b/pkg/workflow/sh.go
index cc656bbc47b..b79dd0ce7b0 100644
--- a/pkg/workflow/sh.go
+++ b/pkg/workflow/sh.go
@@ -12,16 +12,20 @@ var shLog = logger.New("workflow:sh")
// Prompt file paths at runtime (copied by setup action)
const (
- promptsDir = "/opt/gh-aw/prompts"
- prContextPromptFile = "pr_context_prompt.md"
- tempFolderPromptFile = "temp_folder_prompt.md"
- playwrightPromptFile = "playwright_prompt.md"
- markdownPromptFile = "markdown.md"
- xpiaPromptFile = "xpia.md"
- cacheMemoryPromptFile = "cache_memory_prompt.md"
- cacheMemoryPromptMultiFile = "cache_memory_prompt_multi.md"
- repoMemoryPromptFile = "repo_memory_prompt.md"
- repoMemoryPromptMultiFile = "repo_memory_prompt_multi.md"
+ promptsDir = "/opt/gh-aw/prompts"
+ prContextPromptFile = "pr_context_prompt.md"
+ tempFolderPromptFile = "temp_folder_prompt.md"
+ playwrightPromptFile = "playwright_prompt.md"
+ markdownPromptFile = "markdown.md"
+ xpiaPromptFile = "xpia.md"
+ cacheMemoryPromptFile = "cache_memory_prompt.md"
+ cacheMemoryPromptMultiFile = "cache_memory_prompt_multi.md"
+ repoMemoryPromptFile = "repo_memory_prompt.md"
+ repoMemoryPromptMultiFile = "repo_memory_prompt_multi.md"
+ safeOutputsPromptFile = "safe_outputs_prompt.md"
+ safeOutputsCreatePRFile = "safe_outputs_create_pull_request.md"
+ safeOutputsPushToBranchFile = "safe_outputs_push_to_pr_branch.md"
+ safeOutputsAutoCreateIssueFile = "safe_outputs_auto_create_issue.md"
)
// GitHub context prompt is kept embedded because it contains GitHub Actions expressions
diff --git a/pkg/workflow/unified_prompt_creation_test.go b/pkg/workflow/unified_prompt_creation_test.go
index 5f3369f91a6..cfbecc282bf 100644
--- a/pkg/workflow/unified_prompt_creation_test.go
+++ b/pkg/workflow/unified_prompt_creation_test.go
@@ -44,7 +44,7 @@ func TestGenerateUnifiedPromptCreationStep_OrderingBuiltinFirst(t *testing.T) {
// Find positions of different prompt sections in the output
tempFolderPos := strings.Index(output, "temp_folder_prompt.md")
playwrightPos := strings.Index(output, "playwright_prompt.md")
- safeOutputsPos := strings.Index(output, "")
+ safeOutputsPos := strings.Index(output, "safe_outputs_prompt.md")
userPromptPos := strings.Index(output, "# User Prompt")
// Verify all sections are present
@@ -398,7 +398,7 @@ func TestGenerateUnifiedPromptCreationStep_SystemTags(t *testing.T) {
// Find positions of built-in content
tempFolderPos := strings.Index(output, "temp_folder_prompt.md")
playwrightPos := strings.Index(output, "playwright_prompt.md")
- safeOutputsPos := strings.Index(output, "")
+ safeOutputsPos := strings.Index(output, "safe_outputs_prompt.md")
// Find position of user content
userTaskPos := strings.Index(output, "# User Task")
@@ -638,7 +638,7 @@ func TestGenerateUnifiedPromptCreationStep_AllToolsCombined(t *testing.T) {
assert.Contains(t, output, "playwright_prompt.md", "Should have playwright")
assert.Contains(t, output, "cache_memory_prompt.md", "Should have cache memory template")
assert.Contains(t, output, "repo_memory_prompt.md", "Should have repo memory template file")
- assert.Contains(t, output, "", "Should have safe outputs")
+ assert.Contains(t, output, "safe_outputs_prompt.md", "Should have safe outputs file reference")
assert.Contains(t, output, "", "Should have GitHub context")
assert.Contains(t, output, "pr_context_prompt.md", "Should have PR context")
@@ -899,16 +899,16 @@ Manage issues based on comments.`
lockStr := string(lockContent)
- // Verify safe-outputs section is within system tags
+ // Verify safe-outputs file reference is within system tags
systemOpenPos := strings.Index(lockStr, "")
systemClosePos := strings.Index(lockStr, "")
- safeOutputsPos := strings.Index(lockStr, "")
+ safeOutputsPos := strings.Index(lockStr, "safe_outputs_prompt.md")
- require.NotEqual(t, -1, safeOutputsPos, "Should have safe-outputs section")
+ require.NotEqual(t, -1, safeOutputsPos, "Should reference safe_outputs_prompt.md")
assert.Less(t, systemOpenPos, safeOutputsPos, "Safe outputs should be after system tag opens")
assert.Less(t, safeOutputsPos, systemClosePos, "Safe outputs should be before system tag closes")
- // Should mention the specific tools
+ // Should mention the specific tools (per-tool instructions are still inline)
assert.Contains(t, lockStr, "create_issue", "Should reference create_issue tool")
assert.Contains(t, lockStr, "update_issue", "Should reference update_issue tool")
}
diff --git a/pkg/workflow/unified_prompt_step.go b/pkg/workflow/unified_prompt_step.go
index a578e9b1ed3..eeba2334c2b 100644
--- a/pkg/workflow/unified_prompt_step.go
+++ b/pkg/workflow/unified_prompt_step.go
@@ -286,42 +286,14 @@ func (c *Compiler) collectPromptSections(data *WorkflowData) []PromptSection {
// 7. Safe outputs instructions (if enabled)
if HasSafeOutputsEnabled(data.SafeOutputs) {
unifiedPromptLog.Print("Adding safe outputs section")
- var safeOutputsBuilder strings.Builder
- safeOutputsBuilder.WriteString(`
-GitHub API Access Instructions
-
-The gh CLI is NOT authenticated. Do NOT use gh commands for GitHub operations.
-
-
-To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls.
-
-Temporary IDs: Some safe output tools support a temporary ID field (usually named temporary_id) so you can reference newly-created items elsewhere in the SAME agent output (for example, using #aw_abc1 in a later body).
-
-**IMPORTANT - temporary_id format rules:**
-- If you DON'T need to reference the item later, OMIT the temporary_id field entirely (it will be auto-generated if needed)
-- If you DO need cross-references/chaining, you MUST match this EXACT validation regex: /^aw_[A-Za-z0-9]{3,8}$/i
-- Format: aw_ prefix followed by 3 to 8 alphanumeric characters (A-Z, a-z, 0-9, case-insensitive)
-- Valid alphanumeric characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
-- INVALID examples: aw_ab (too short), aw_123456789 (too long), aw_test-id (contains hyphen), aw_id_123 (contains underscore)
-- VALID examples: aw_abc, aw_abc1, aw_Test123, aw_A1B2C3D4, aw_12345678
-- To generate valid IDs: use 3-8 random alphanumeric characters or omit the field to let the system auto-generate
-
-Do NOT invent other aw_* formats — downstream steps will reject them with validation errors matching against /^aw_[A-Za-z0-9]{3,8}$/i.
-
-Discover available tools from the safeoutputs MCP server.
-
-**Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped.
-
-**Note**: If you made no other safe output tool calls during this workflow execution, call the "noop" tool to provide a status message indicating completion or that no actions were needed.
-`)
- generateSafeOutputsPromptSection(&safeOutputsBuilder, data.SafeOutputs)
- safeOutputsBuilder.WriteString("\n")
+ // Static intro from file (gh CLI warning, temporary ID rules, noop note)
sections = append(sections, PromptSection{
- Content: safeOutputsBuilder.String(),
- IsFile: false,
+ Content: safeOutputsPromptFile,
+ IsFile: true,
})
+ // Per-tool sections: opening tag + tools list (inline), tool instruction files, closing tag
+ sections = append(sections, buildSafeOutputsSections(data.SafeOutputs)...)
}
-
// 8. GitHub context (if GitHub tool is enabled)
if hasGitHubTool(data.ParsedTools) {
unifiedPromptLog.Print("Adding GitHub context section")
@@ -607,338 +579,170 @@ func (c *Compiler) generateUnifiedPromptCreationStep(yaml *strings.Builder, buil
var safeOutputsPromptLog = logger.New("workflow:safe_outputs_prompt")
-// generateSafeOutputsPromptSection appends per-tool usage instructions for each
-// configured safe-output capability. It is called from collectPromptSections to
-// inject detailed guidance inside the XML block.
-func generateSafeOutputsPromptSection(b *strings.Builder, safeOutputs *SafeOutputsConfig) {
+// buildSafeOutputsSections returns the PromptSections that form the block.
+// The block contains:
+// 1. An inline opening tag with a compact Tools list (dynamic, depends on which tools are enabled).
+// 2. File references for tools that require multi-step instructions (create_pull_request,
+// push_to_pull_request_branch, auto-injected create_issue notice).
+// 3. An inline closing tag.
+//
+// The static intro (gh CLI warning, temporary ID rules, noop note) lives in
+// actions/setup/md/safe_outputs_prompt.md and is included by the caller before these sections.
+func buildSafeOutputsSections(safeOutputs *SafeOutputsConfig) []PromptSection {
if safeOutputs == nil {
- return
+ return nil
}
- safeOutputsPromptLog.Print("Generating safe outputs prompt section")
-
- // Build heading that lists every enabled capability
- b.WriteString("\n---\n\n## ")
- written := false
- write := func(label string) {
- if written {
- b.WriteString(", ")
- }
- b.WriteString(label)
- written = true
- }
+ safeOutputsPromptLog.Print("Building safe outputs sections")
+ // Build compact list of enabled tool names
+ var tools []string
if safeOutputs.AddComments != nil {
- write("Adding a Comment to an Issue or Pull Request")
+ tools = append(tools, "add_comment")
}
if safeOutputs.CreateIssues != nil {
- write("Creating an Issue")
+ tools = append(tools, "create_issue")
}
if safeOutputs.CloseIssues != nil {
- write("Closing an Issue")
+ tools = append(tools, "close_issue")
}
if safeOutputs.UpdateIssues != nil {
- write("Updating Issues")
+ tools = append(tools, "update_issue")
}
if safeOutputs.CreateDiscussions != nil {
- write("Creating a Discussion")
+ tools = append(tools, "create_discussion")
}
if safeOutputs.UpdateDiscussions != nil {
- write("Updating a Discussion")
+ tools = append(tools, "update_discussion")
}
if safeOutputs.CloseDiscussions != nil {
- write("Closing a Discussion")
+ tools = append(tools, "close_discussion")
}
if safeOutputs.CreateAgentSessions != nil {
- write("Creating an Agent Session")
+ tools = append(tools, "create_agent_session")
}
if safeOutputs.CreatePullRequests != nil {
- write("Creating a Pull Request")
+ tools = append(tools, "create_pull_request")
}
if safeOutputs.ClosePullRequests != nil {
- write("Closing a Pull Request")
+ tools = append(tools, "close_pull_request")
}
if safeOutputs.UpdatePullRequests != nil {
- write("Updating a Pull Request")
+ tools = append(tools, "update_pull_request")
}
if safeOutputs.MarkPullRequestAsReadyForReview != nil {
- write("Marking a Pull Request as Ready for Review")
+ tools = append(tools, "mark_pull_request_as_ready_for_review")
}
if safeOutputs.CreatePullRequestReviewComments != nil {
- write("Creating a Pull Request Review Comment")
+ tools = append(tools, "create_pull_request_review_comment")
}
if safeOutputs.SubmitPullRequestReview != nil {
- write("Submitting a Pull Request Review")
+ tools = append(tools, "submit_pull_request_review")
}
if safeOutputs.ReplyToPullRequestReviewComment != nil {
- write("Replying to a Pull Request Review Comment")
+ tools = append(tools, "reply_to_pull_request_review_comment")
}
if safeOutputs.ResolvePullRequestReviewThread != nil {
- write("Resolving a Pull Request Review Thread")
+ tools = append(tools, "resolve_pull_request_review_thread")
}
if safeOutputs.AddLabels != nil {
- write("Adding Labels to Issues or Pull Requests")
+ tools = append(tools, "add_labels")
}
if safeOutputs.RemoveLabels != nil {
- write("Removing Labels from Issues or Pull Requests")
+ tools = append(tools, "remove_labels")
}
if safeOutputs.AddReviewer != nil {
- write("Adding a Reviewer to a Pull Request")
+ tools = append(tools, "add_reviewer")
}
if safeOutputs.AssignMilestone != nil {
- write("Assigning a Milestone")
+ tools = append(tools, "assign_milestone")
}
if safeOutputs.AssignToAgent != nil {
- write("Assigning to an Agent")
+ tools = append(tools, "assign_to_agent")
}
if safeOutputs.AssignToUser != nil {
- write("Assigning to a User")
+ tools = append(tools, "assign_to_user")
}
if safeOutputs.UnassignFromUser != nil {
- write("Unassigning from a User")
+ tools = append(tools, "unassign_from_user")
}
if safeOutputs.PushToPullRequestBranch != nil {
- write("Pushing Changes to Branch")
+ tools = append(tools, "push_to_pull_request_branch")
}
if safeOutputs.CreateCodeScanningAlerts != nil {
- write("Creating a Code Scanning Alert")
+ tools = append(tools, "create_code_scanning_alert")
}
if safeOutputs.AutofixCodeScanningAlert != nil {
- write("Autofixing a Code Scanning Alert")
+ tools = append(tools, "autofix_code_scanning_alert")
}
if safeOutputs.UploadAssets != nil {
- write("Uploading Assets")
+ tools = append(tools, "upload_asset")
}
if safeOutputs.UpdateRelease != nil {
- write("Updating a Release")
+ tools = append(tools, "update_release")
}
if safeOutputs.UpdateProjects != nil {
- write("Updating a Project")
+ tools = append(tools, "update_project")
}
if safeOutputs.CreateProjects != nil {
- write("Creating a Project")
+ tools = append(tools, "create_project")
}
if safeOutputs.CreateProjectStatusUpdates != nil {
- write("Creating a Project Status Update")
+ tools = append(tools, "create_project_status_update")
}
if safeOutputs.LinkSubIssue != nil {
- write("Linking a Sub-Issue")
+ tools = append(tools, "link_sub_issue")
}
if safeOutputs.HideComment != nil {
- write("Hiding a Comment")
+ tools = append(tools, "hide_comment")
}
if safeOutputs.DispatchWorkflow != nil {
- write("Dispatching a Workflow")
+ tools = append(tools, "dispatch_workflow")
}
if safeOutputs.MissingTool != nil {
- write("Reporting Missing Tools or Functionality")
+ tools = append(tools, "missing_tool")
}
if safeOutputs.MissingData != nil {
- write("Reporting Missing Data")
- }
-
- if !written {
- // No specific capabilities listed – nothing more to add.
- return
- }
-
- b.WriteString("\n\n")
- fmt.Fprintf(b, "**IMPORTANT**: To perform the actions listed above, use the **%s** tools. Do NOT use `gh`, do NOT call the GitHub API directly. You do not have write access to the GitHub repository.\n\n", constants.SafeOutputsMCPServerID)
-
- if safeOutputs.AddComments != nil {
- b.WriteString("**Adding a Comment to an Issue or Pull Request**\n\n")
- fmt.Fprintf(b, "To add a comment to an issue or pull request, use the add_comment tool from %s.\n\n", constants.SafeOutputsMCPServerID)
+ tools = append(tools, "missing_data")
}
- if safeOutputs.CreateIssues != nil {
- b.WriteString("**Creating an Issue**\n\n")
- fmt.Fprintf(b, "To create an issue, use the create_issue tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- if safeOutputs.AutoInjectedCreateIssue {
- b.WriteString("**IMPORTANT**: Report your findings or results by creating a GitHub issue using the create_issue tool. If you have no meaningful results to report, call the noop tool instead.\n\n")
- }
- }
-
- if safeOutputs.CloseIssues != nil {
- b.WriteString("**Closing an Issue**\n\n")
- fmt.Fprintf(b, "To close an issue, use the close_issue tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.UpdateIssues != nil {
- b.WriteString("**Updating an Issue**\n\n")
- fmt.Fprintf(b, "To update an issue, use the update_issue tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.CreateDiscussions != nil {
- b.WriteString("**Creating a Discussion**\n\n")
- fmt.Fprintf(b, "To create a discussion, use the create_discussion tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.UpdateDiscussions != nil {
- b.WriteString("**Updating a Discussion**\n\n")
- fmt.Fprintf(b, "To update a discussion, use the update_discussion tool from %s.\n\n", constants.SafeOutputsMCPServerID)
+ if len(tools) == 0 {
+ return nil
}
- if safeOutputs.CloseDiscussions != nil {
- b.WriteString("**Closing a Discussion**\n\n")
- fmt.Fprintf(b, "To close a discussion, use the close_discussion tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
+ var sections []PromptSection
- if safeOutputs.CreateAgentSessions != nil {
- b.WriteString("**Creating an Agent Session**\n\n")
- fmt.Fprintf(b, "To create a GitHub Copilot agent session, use the create_agent_session tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
+ // Inline opening: XML tag + compact tools list
+ sections = append(sections, PromptSection{
+ Content: "\nTools: " + strings.Join(tools, ", "),
+ IsFile: false,
+ })
+ // File sections for tools with multi-step instructions
if safeOutputs.CreatePullRequests != nil {
- b.WriteString("**Creating a Pull Request**\n\n")
- b.WriteString("To create a pull request:\n")
- b.WriteString("1. Make any file changes directly in the working directory.\n")
- b.WriteString("2. If you haven't done so already, create a local branch using an appropriate unique name.\n")
- b.WriteString("3. Add and commit your changes to the branch. Be careful to add exactly the files you intend, and check there are no extra files left un-added. Verify you haven't deleted or changed any files you didn't intend to.\n")
- b.WriteString("4. Do not push your changes. That will be done by the tool.\n")
- fmt.Fprintf(b, "5. Create the pull request with the create_pull_request tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.ClosePullRequests != nil {
- b.WriteString("**Closing a Pull Request**\n\n")
- fmt.Fprintf(b, "To close a pull request, use the close_pull_request tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.UpdatePullRequests != nil {
- b.WriteString("**Updating a Pull Request**\n\n")
- fmt.Fprintf(b, "To update a pull request title or body, use the update_pull_request tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.MarkPullRequestAsReadyForReview != nil {
- b.WriteString("**Marking a Pull Request as Ready for Review**\n\n")
- fmt.Fprintf(b, "To mark a pull request as ready for review, use the mark_pull_request_as_ready_for_review tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.CreatePullRequestReviewComments != nil {
- b.WriteString("**Creating a Pull Request Review Comment**\n\n")
- fmt.Fprintf(b, "To create a pull request review comment, use the create_pull_request_review_comment tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.SubmitPullRequestReview != nil {
- b.WriteString("**Submitting a Pull Request Review**\n\n")
- fmt.Fprintf(b, "To submit a pull request review (APPROVE, REQUEST_CHANGES, or COMMENT), use the submit_pull_request_review tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.ReplyToPullRequestReviewComment != nil {
- b.WriteString("**Replying to a Pull Request Review Comment**\n\n")
- fmt.Fprintf(b, "To reply to an existing review comment on a pull request, use the reply_to_pull_request_review_comment tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.ResolvePullRequestReviewThread != nil {
- b.WriteString("**Resolving a Pull Request Review Thread**\n\n")
- fmt.Fprintf(b, "To resolve a review thread on a pull request, use the resolve_pull_request_review_thread tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.AddLabels != nil {
- b.WriteString("**Adding Labels to Issues or Pull Requests**\n\n")
- fmt.Fprintf(b, "To add labels to an issue or pull request, use the add_labels tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.RemoveLabels != nil {
- b.WriteString("**Removing Labels from Issues or Pull Requests**\n\n")
- fmt.Fprintf(b, "To remove labels from an issue or pull request, use the remove_labels tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.AddReviewer != nil {
- b.WriteString("**Adding a Reviewer to a Pull Request**\n\n")
- fmt.Fprintf(b, "To add a reviewer to a pull request, use the add_reviewer tool from %s.\n\n", constants.SafeOutputsMCPServerID)
+ sections = append(sections, PromptSection{Content: safeOutputsCreatePRFile, IsFile: true})
}
-
- if safeOutputs.AssignMilestone != nil {
- b.WriteString("**Assigning a Milestone**\n\n")
- fmt.Fprintf(b, "To assign a milestone to an issue or pull request, use the assign_milestone tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.AssignToAgent != nil {
- b.WriteString("**Assigning to an Agent**\n\n")
- fmt.Fprintf(b, "To assign an issue or pull request to a GitHub Copilot agent, use the assign_to_agent tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.AssignToUser != nil {
- b.WriteString("**Assigning to a User**\n\n")
- fmt.Fprintf(b, "To assign an issue or pull request to a user, use the assign_to_user tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.UnassignFromUser != nil {
- b.WriteString("**Unassigning from a User**\n\n")
- fmt.Fprintf(b, "To remove a user assignee from an issue or pull request, use the unassign_from_user tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
if safeOutputs.PushToPullRequestBranch != nil {
- b.WriteString("**Pushing Changes to a Pull Request Branch**\n\n")
- b.WriteString("To push changes to the branch of a pull request:\n")
- b.WriteString("1. Make any file changes directly in the working directory.\n")
- b.WriteString("2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.\n")
- fmt.Fprintf(b, "3. Push the branch to the repo by using the push_to_pull_request_branch tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.CreateCodeScanningAlerts != nil {
- b.WriteString("**Creating a Code Scanning Alert**\n\n")
- fmt.Fprintf(b, "To create a code scanning alert, use the create_code_scanning_alert tool from %s.\n\n", constants.SafeOutputsMCPServerID)
+ sections = append(sections, PromptSection{Content: safeOutputsPushToBranchFile, IsFile: true})
}
-
- if safeOutputs.AutofixCodeScanningAlert != nil {
- b.WriteString("**Autofixing a Code Scanning Alert**\n\n")
- fmt.Fprintf(b, "To autofix a code scanning alert, use the autofix_code_scanning_alert tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
if safeOutputs.UploadAssets != nil {
- b.WriteString("**Uploading Assets**\n\n")
- b.WriteString("To upload files as URL-addressable assets:\n")
- fmt.Fprintf(b, "1. Use the upload_asset tool from %s.\n", constants.SafeOutputsMCPServerID)
- b.WriteString("2. Provide the path to the file you want to upload.\n")
- b.WriteString("3. The tool will copy the file to a staging area and return a GitHub raw content URL.\n")
- b.WriteString("4. Assets are uploaded to an orphaned git branch after workflow completion.\n\n")
- }
-
- if safeOutputs.UpdateRelease != nil {
- b.WriteString("**Updating a Release**\n\n")
- fmt.Fprintf(b, "To update a GitHub release description, use the update_release tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.UpdateProjects != nil {
- b.WriteString("**Updating a Project**\n\n")
- fmt.Fprintf(b, "To create, add items to, or update a project board, use the update_project tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.CreateProjects != nil {
- b.WriteString("**Creating a Project**\n\n")
- fmt.Fprintf(b, "To create a GitHub Projects V2 project, use the create_project tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.CreateProjectStatusUpdates != nil {
- b.WriteString("**Creating a Project Status Update**\n\n")
- fmt.Fprintf(b, "To create a project status update, use the create_project_status_update tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.LinkSubIssue != nil {
- b.WriteString("**Linking a Sub-Issue**\n\n")
- fmt.Fprintf(b, "To link an issue as a sub-issue of another issue, use the link_sub_issue tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
-
- if safeOutputs.HideComment != nil {
- b.WriteString("**Hiding a Comment**\n\n")
- fmt.Fprintf(b, "To hide a comment, use the hide_comment tool from %s.\n\n", constants.SafeOutputsMCPServerID)
+ sections = append(sections, PromptSection{
+ Content: "\nupload_asset: provide a file path; returns a URL; assets are published after the workflow completes (" + constants.SafeOutputsMCPServerID + ").",
+ IsFile: false,
+ })
}
-
- if safeOutputs.DispatchWorkflow != nil {
- b.WriteString("**Dispatching a Workflow**\n\n")
- fmt.Fprintf(b, "To dispatch a workflow_dispatch event to another workflow, use the dispatch_workflow tool from %s.\n\n", constants.SafeOutputsMCPServerID)
+ // Auto-injected create_issue special notice
+ if safeOutputs.CreateIssues != nil && safeOutputs.AutoInjectedCreateIssue {
+ sections = append(sections, PromptSection{Content: safeOutputsAutoCreateIssueFile, IsFile: true})
}
- if safeOutputs.MissingTool != nil {
- b.WriteString("**Reporting Missing Tools or Functionality**\n\n")
- fmt.Fprintf(b, "To report a missing tool or capability, use the missing_tool tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
+ // Inline closing tag
+ sections = append(sections, PromptSection{
+ Content: "",
+ IsFile: false,
+ })
- if safeOutputs.MissingData != nil {
- b.WriteString("**Reporting Missing Data**\n\n")
- fmt.Fprintf(b, "To report missing data required to achieve a goal, use the missing_data tool from %s.\n\n", constants.SafeOutputsMCPServerID)
- }
+ return sections
}
var promptStepHelperLog = logger.New("workflow:prompt_step_helper")
diff --git a/pkg/workflow/unified_prompt_step_test.go b/pkg/workflow/unified_prompt_step_test.go
index 24fe02dcf91..1fbe992ef61 100644
--- a/pkg/workflow/unified_prompt_step_test.go
+++ b/pkg/workflow/unified_prompt_step_test.go
@@ -52,7 +52,8 @@ func TestGenerateUnifiedPromptStep_AllSections(t *testing.T) {
assert.Contains(t, output, "playwright_prompt.md", "Should include playwright instructions")
assert.Contains(t, output, "cache_memory_prompt.md", "Should include cache memory template file")
assert.Contains(t, output, "repo_memory_prompt.md", "Should include repo memory template file")
- assert.Contains(t, output, "", "Should include safe outputs instructions")
+ assert.Contains(t, output, "safe_outputs_prompt.md", "Should include safe outputs file reference")
+ assert.Contains(t, output, "", "Should include per-tool instructions")
assert.Contains(t, output, "", "Should include GitHub context")
// Verify cache env vars are NOT in the prompt creation step
diff --git a/smoke-test-push-22284918558.md b/smoke-test-push-22284918558.md
new file mode 100644
index 00000000000..6761e8cd39e
--- /dev/null
+++ b/smoke-test-push-22284918558.md
@@ -0,0 +1,3 @@
+# Smoke Test Push
+
+Test file for PR push - smoke test run 22284918558