fix: safe-output-items.jsonl always empty and SafeItemsCount always 0#20899
fix: safe-output-items.jsonl always empty and SafeItemsCount always 0#20899
Conversation
Expand LOGGED_TYPES in safe_output_manifest.cjs to include all handler types (add_labels, close_issue, update_issue, etc.), not just creation types. Update extractCreatedItemFromResult to use LOGGED_TYPES and make URL optional for modification types. Fix extractCreatedItemsFromManifest in audit_report.go to skip entries without type instead of without URL. Add formatManifestLogMessage helper. Update tests accordingly. Fixes #(issue number) Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
@copilot review code and be generic and also support safe jobs |
There was a problem hiding this comment.
Pull request overview
Fixes safe output manifest logging so modification-type handlers (e.g., add_labels, close_issue, update_issue) are included in safe-output-items.jsonl, allowing SafeItemsCount to reflect all executed safe outputs rather than only creation types.
Changes:
- Broaden manifest logging from
CREATE_ITEM_TYPEStoLOGGED_TYPESand makeurloptional in manifest entries. - Improve manifest log output formatting to avoid logging
→ undefinedwhen no URL exists. - Update Go audit parsing and tests to accept manifest entries without
urland to skip only truly malformed entries (missingtype).
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
actions/setup/js/safe_output_manifest.cjs |
Adds LOGGED_TYPES and updates manifest extraction/logging to allow URL-less modification entries. |
actions/setup/js/safe_output_manifest.test.cjs |
Expands unit tests to cover LOGGED_TYPES behavior and URL-less entries. |
actions/setup/js/safe_output_handler_manager.cjs |
Adds formatManifestLogMessage() to produce clean logs for entries with/without URL. |
pkg/cli/audit_report.go |
Parses manifest entries even when url is absent; makes URL JSON field omitempty. |
pkg/cli/audit_report_test.go |
Updates/extends tests to assert inclusion of modification entries and skipping entries missing type. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…e jobs Replace hardcoded LOGGED_TYPES (30+ types) with NOT_LOGGED_TYPES exclusion set (noop, missing_tool, missing_data). Any type not in NOT_LOGGED_TYPES is automatically logged — new handlers and custom safe job types included without needing to update any list. Log custom safe output job dispatches to manifest so SafeItemsCount counts operations handled by user-defined safe jobs. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in 84aa8a2. Generic: Replaced the 30+ hardcoded Safe jobs: When the handler manager routes a message to a custom safe output job, it now logs the dispatch to the manifest (using |
safe-output-items.jsonlwas always empty andSafeItemsCountalways0for workflows executing modification-type safe outputs (e.g.add_labels,close_issue,update_issue). Only the 11 types inCREATE_ITEM_TYPESwere ever logged; everything else was silently dropped.Root cause
extractCreatedItemFromResultgated onCREATE_ITEM_TYPESmembership and a non-empty URL. Modification handlers (e.g.add_labels) return{ success, number, labelsAdded }— no URL, not inCREATE_ITEM_TYPES— so every call returnednull. The Go side compounded this by skipping manifest entries with an emptyurlfield.Changes
safe_output_manifest.cjs— Replaced the 30+ typeLOGGED_TYPESallowlist with a smallNOT_LOGGED_TYPESexclusion set (noop,missing_tool,missing_data).extractCreatedItemFromResultnow accepts any type not explicitly excluded — built-in handlers, custom safe job types, and future types are all logged automatically without needing to update any list. URL is treated as optional so modification types are logged as{type, number, timestamp}without a URL.createManifestLoggerno longer drops URL-less entries.safe_output_handler_manager.cjs— ExtractedformatManifestLogMessage()helper to cleanly log both URL-bearing and URL-less manifest entries. When the handler manager routes a message to a custom safe output job, it now logs the dispatch to the manifest (usingitem_number/issue_number/pull_request_numberfrom the message) so those operations are counted inSafeItemsCount.audit_report.go—extractCreatedItemsFromManifestnow skips entries with an emptytype(truly malformed) rather than emptyurl.CreatedItemReport.URLmarkedomitempty.After this fix, an executed
add_labelsproduces a manifest entry like:{"type":"add_labels","number":20875,"timestamp":"2026-03-14T01:00:00.000Z"}and
SafeItemsCountcorrectly reflects all executed safe output operations, including those handled by custom safe jobs.🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.