fix: allow wildcard target-repo: "*" in safe-output handlers

[Copilot]

When target-repo: "*" was set in a safe-outputs handler, the compiled GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG silently omitted that handler entirely, making the tool unavailable to the agent at runtime.

Root cause

Multiple handler parsers called validateTargetRepoSlug which unconditionally rejects "*", returning nil. This caused the affected handler entry to never appear in the handler registry output. Wildcard "*" is already valid for target-repo in update-issue, update-discussion, and other handlers via ParseTargetConfig, and the JavaScript runtime (repo_helpers.cjs) already supports target-repo: "*" for all handler types via resolveTargetRepoConfig / resolveAndValidateRepo.

Affected handlers

The same bug was present in all handlers using validateTargetRepoSlug:

• add-comment
• create-issue
• create-discussion
• close-issue, close-discussion, close-pull-request (via shared helper)
• add-reviewer
• create-pull-request

PR-specific handlers (create-pull-request-review-comment, submit-pull-request-review, reply-to-pull-request-review-comment) use a separate parseTargetRepoWithValidation that intentionally rejects wildcards and were left unchanged.

Changes

Go (compiler)

• add_comment.go: Remove validateTargetRepoSlug call from parseCommentsConfig
• create_issue.go: Remove validateTargetRepoSlug call
• create_discussion.go: Remove validateTargetRepoSlug call
• close_entity_helpers.go: Remove validateTargetRepoSlug call from shared close entity parser
• add_reviewer.go: Remove validateTargetRepoSlug call
• create_pull_request.go: Remove validateTargetRepoSlug call
• validation_helpers.go: Remove now-dead validateTargetRepoSlug function
• add_comment_target_repo_test.go: Update test case that expected nil on wildcard to assert correct non-nil config
• add_comment_target_repo_integration_test.go: Add test case verifying target-repo: "*" appears in compiled handler config JSON
• config_parsing_helpers_test.go: Update wildcard target-repo tests for add-comment, create-issue, create-discussion, and create-pull-request to expect valid configs rather than nil

JavaScript (runtime)

The JS handlers already supported target-repo: "*" via validateRepo's defaultRepo === "*" branch. New tests confirm end-to-end behavior:

• repo_helpers.test.cjs: resolveTargetRepoConfig wildcard passthrough + resolveAndValidateRepo wildcard behavior
• create_issue.test.cjs: wildcard target-repo issue creation and invalid slug rejection
• close_issue.test.cjs: wildcard target-repo issue closing
• create_pull_request.test.cjs: wildcard target-repo PR creation and invalid slug rejection
• create_discussion_labels.test.cjs: wildcard target-repo discussion creation
• add_comment.test.cjs: wildcard target-repo comment posting to cross-repo

Example

safe-outputs:
  add-comment:
    max: 1
    target: "*"
    target-repo: "*"  # previously dropped the entire add-comment handler
  create-issue:
    target-repo: "*"  # previously dropped the entire create-issue handler

Now correctly produces each handler entry in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG, and the JS handlers accept any valid owner/repo slug in messages at runtime.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

---

✨ PR Review Safe Output Test - Run 23324229844

Note

🔒 Integrity filtering filtered 2 items

Integrity filtering activated and filtered the following items during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:fix: allow wildcard target-repo: "*" in safe-output handlers #21877 (pull_request_read: Resource 'pr:fix: allow wildcard target-repo: "*" in safe-output handlers #21877' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)
• pr:[docs] docs: remove redundant content from templating.md #21876 (pull_request_read: Resource 'pr:[docs] docs: remove redundant content from templating.md #21876' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)

💥 [THE END] — Illustrated by Smoke Claude · ◷

---

---

✨ PR Review Safe Output Test - Run 23326704978

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:fix: allow wildcard target-repo: "*" in safe-output handlers #21877 (pull_request_read: Resource 'pr:fix: allow wildcard target-repo: "*" in safe-output handlers #21877' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

💥 Automated smoke test review - all systems nominal!

Note

🔒 Integrity filtering filtered 2 items

Integrity filtering activated and filtered the following items during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:#21877 (pull_request_read: Resource 'pr:#21877' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)
• pr:#21876 (pull_request_read: Resource 'pr:#21876' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Good change — the test name update from "should be rejected" to "is allowed" correctly reflects the new intended behavior that wildcard * is a valid target-repo value for add-comment safe-outputs.

[github-actions]

Nice improvement to the test assertions — checking TargetRepoSlug == "*" is much more precise than just checking for non-nil. This ensures the wildcard value is correctly preserved through config parsing.

[pelikhan]

@copilot look for other instances of this bug

[Copilot]

Pull request overview

Fixes safe-outputs config compilation so safe-outputs.add-comment.target-repo: "*" is preserved (instead of dropping the entire add_comment handler), making the tool available to the agent at runtime.

Changes:

• Removed add-comment’s wildcard rejection for target-repo: "*" so the handler is still registered.
• Updated unit tests to treat wildcard target-repo as valid for add-comment.
• Added an integration test to ensure the compiled GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG JSON includes target-repo: "*".

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
pkg/workflow/add_comment.go	Stops rejecting target-repo: "*" during add-comment config parsing.
pkg/workflow/add_comment_target_repo_test.go	Updates unit coverage to assert wildcard target-repo is accepted.
pkg/workflow/add_comment_target_repo_integration_test.go	Adds integration coverage to ensure compiled handler config contains wildcard target-repo.
pkg/workflow/config_parsing_helpers_test.go	Updates helper-level parsing test to expect non-nil config for wildcard add-comment.target-repo.

Comments suppressed due to low confidence (1)

pkg/workflow/add_comment.go:74

• Now that add-comment allows wildcard target-repo values (""), the field comment/docstring for TargetRepoSlug should be updated to mention that "" is also valid (meaning any repository). Otherwise the struct documentation is misleading for users and future maintainers.

	// Validate discussion field - must be true if present
	if config.Discussion != nil && !*config.Discussion {
		addCommentLog.Print("Invalid discussion: must be true if present")
		return nil // Invalid configuration, return nil to cause validation error
	}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The section header comment says these are wildcard validation tests that should return nil for invalid config, but add-comment wildcard is now expected to be valid. Please update or narrow that comment so it doesn’t contradict the updated add-comment test case.

[Copilot]

@copilot look for other instances of this bug

Found 5 more instances of the same bug — all handlers using validateTargetRepoSlug had the same silent-drop behavior when target-repo: "*" was specified:

• create-issue
• create-discussion
• close-issue, close-discussion, close-pull-request (via shared helper)
• add-reviewer
• create-pull-request

Fixed in 6937e72 by removing all validateTargetRepoSlug calls and deleting the now-dead function. PR-specific handlers (create-pr-review-comment, submit-pr-review, reply-to-pr-review-comment) use a separate parseTargetRepoWithValidation that intentionally rejects wildcards for PR-context operations — those were left unchanged.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -unreachable=false /tmp/go-build2051683359/b051/vet.cfg 1683359/b353/vet.cfg (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --local .cfg n-dir/bash (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git rev-�� --show-toplevel -tests /usr/bin/git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha WildcardTargetRepo\|wildcard.*target.repo\|target.repo.*wildcard\|target-repo.*\*\|shouldBeNil.*git /home/REDACTED/work/gh-aw/gh-aw/pkg/workflow/action_cache.go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /home/REDACTED/worgit /home/REDACTED/worrev-parse /home/REDACTED/wor--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2051683359/b093/vet.cfg 1683359/b318/vet.cfg /home/REDACTED/worgit /home/REDACTED/worrev-parse /home/REDACTED/wor--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -t security /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet OUTPUT -d 168.63.129.16 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags 1683359/b247/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -t security /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet OUTPUT -d 168.63.129.16 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build2051683359/b194/vet.cfg 1683359/b316/vet.cfg 0 -j ACCEPT /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -t security /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -nxv (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -t security /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet OUTPUT -d 168.63.129.16 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags 1683359/b317/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -t security /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet OUTPUT -d 168.63.129.16 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags 1683359/b315/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --get-regexp .cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha get --local 64/pkg/tool/linux_amd64/vet http.https://gitgit (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha get --local 64/pkg/tool/linux_amd64/vet http.https://gitgit (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	v4.52.4
curl	✅	8.5.0
gh	✅	2.87.3
node	✅	20.20.1
python3	✅	3.12.3
go	✅	1.24.13
java	✅	21.0.10 (Temurin)
dotnet	✅	10.0.102

Result: 12/12 tools available ✅ — PASS

🔧 Tool validation by Agent Container Smoke Test · ◷

[github-actions]

🎭 The smoke test agent was here!

Run §23326705010 results:

• ✅ GitHub MCP
• ✅ mcpscripts-gh
• ❌ Serena MCP (not configured)
• ✅ Playwright
• ✅ Web Fetch
• ✅ File Writing
• ✅ Bash Tool
• ✅ Build gh-aw
• ✅ Create Discussion
• ✅ PR Review

Overall: ⚠️ PARTIAL PASS

PR Author: @copilot-swe-agent | Assignees: @pelikhan, @Copilot

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:fix: allow wildcard target-repo: "*" in safe-output handlers #21877 (pull_request_read: Resource 'pr:fix: allow wildcard target-repo: "*" in safe-output handlers #21877' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions]

This PR correctly removes the validateTargetRepoSlug validation that was unnecessarily blocking wildcard * for target-repo. The change is well-tested with updated unit and integration tests. Smoke test approved! 🤖

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:#21877 (pull_request_read: Resource 'pr:#21877' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

The removal of validateTargetRepoSlug is intentional here — the wildcard * is now a valid value for target-repo. The validation that was preventing this is correctly removed, and the wildcard handling is now deferred to the runtime handler config. Good change! 🎯

[github-actions]

Now that the target-repo: "*" wildcard is allowed, the handler config correctly receives and passes the wildcard value. The existing discussion field validation below still works correctly. ✅

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Commit pushed: f1caca2

Generated by Changeset Generator

[github-actions]

Smoke Test Results

Merged PRs: #21893 Fix MCP Gateway failure: default repos to "all" when only min-integrity is set; #21876 [docs] docs: remove redundant content from templating.md
GitHub MCP (2 merged PRs): ✅
Serena activate_project + find_symbol (>=3 symbols): ✅
Playwright navigate/title contains "GitHub": ✅
Web-fetch contains "GitHub": ✅
File write (/tmp/gh-aw/agent/smoke-test-codex-23326704982.txt): ✅
Bash cat verification: ✅
Build (GOCACHE=/tmp/go-cache GOMODCACHE=/tmp/go-mod make build): ✅
Overall status: PASS

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• ab.chatgpt.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "ab.chatgpt.com"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex · ◷

[github-actions]

Smoke Test Run 23326704978 — PARTIAL ✅

Core (#1–11): ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅
PR review (#12–18): ✅ ✅ ✅ ⚠️ ✅ ✅ ⚠️

⚠️ #15: no review threads via MCP | ⚠️ #18: no test PR to close

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:fix: allow wildcard target-repo: "*" in safe-output handlers #21877 (pull_request_read: Resource 'pr:fix: allow wildcard target-repo: "*" in safe-output handlers #21877' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

💥 Automated smoke test review - all systems nominal! Reviewed wildcard target-repo changes in add_comment, add_reviewer, create_issue, create_pull_request, create_discussion, and close_entity_helpers. The removal of validateTargetRepoSlug is well-tested across both unit and integration levels.

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:#21877 (pull_request_read: Resource 'pr:#21877' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Good addition of a test case for the wildcard target-repo: "*" scenario. This ensures the change is properly validated at the integration level. Consider also testing with an actual mock comment to verify the end-to-end flow works with the wildcard target.

[github-actions]

The removal of validateTargetRepoSlug is clean. Since wildcard "*" is now a valid value for target-repo, this validation was preventing a legitimate use case. The unit tests in config_parsing_helpers_test.go properly cover the new behavior.

[github-actions]

Hey @Copilot 👋 — great work tracking down and squashing this bug! The fix to allow target-repo: "*" in safe-output handlers is a clean, well-scoped change that unblocks a legitimate and previously silently-broken configuration pattern.

The PR is in excellent shape — focused on a single root cause, thoroughly documented with root-cause analysis and affected-handler enumeration, comprehensive test coverage (unit + integration), and a proper changeset entry. This looks ready for maintainer review. 🚀

Generated by Contribution Check · ◷

[pelikhan]

@copilot review the JavaScript handlers and make sure they can handle * keyword, add tests

[Copilot]

@copilot review the JavaScript handlers and make sure they can handle * keyword, add tests

Reviewed the JavaScript handlers. All handlers that accept target-repo (including add_comment, create_issue, create_discussion, close_issue, create_pull_request) already route through resolveTargetRepoConfig → resolveAndValidateRepo in repo_helpers.cjs, which has had wildcard support (if (defaultRepo === "*")) from before this PR.

Added tests in d645442 to confirm end-to-end behavior:

• repo_helpers.test.cjs: resolveTargetRepoConfig passes "*" through as defaultTargetRepo, and resolveAndValidateRepo allows any valid owner/repo slug when defaultTargetRepo is "*"
• create_issue.test.cjs, close_issue.test.cjs, create_pull_request.test.cjs, create_discussion_labels.test.cjs, add_comment.test.cjs: handler-level tests verifying operations succeed in arbitrary repos when target-repo: "*" is configured