From f5caa8420aa8e9511ded7fd5197a87ccb06fedba Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 29 Apr 2026 05:17:33 +0000 Subject: [PATCH 1/2] Initial plan From 77b33633c471f2253478aac371897f37b50adb93 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 29 Apr 2026 05:24:21 +0000 Subject: [PATCH 2/2] docs: document add-labels safe-output capability in create-agentic-workflow.md - Add `add-labels` to the safe-outputs list in security best practices (line 548) - Add anti-pattern note for `gh issue edit --add-label` direct CLI usage (line 549) - Add `add-labels` entry in Step 2 Safe Outputs quick-reference with YAML example showing `allowed:` restriction and note on `issues: write` / `pull-requests: write` - Clarify that `update-issue` with labels array is NOT the recommended pattern - Note `gh issue edit --add-label` in bash as anti-pattern in two locations Closes #add-label-safe-output-documentation Agent-Logs-Url: https://github.com/github/gh-aw/sessions/66da9063-2a8a-48e1-a77e-89feb2ed37f4 Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com> --- .github/aw/create-agentic-workflow.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/aw/create-agentic-workflow.md b/.github/aw/create-agentic-workflow.md index 8b9b2327732..4135fb00291 100644 --- a/.github/aw/create-agentic-workflow.md +++ b/.github/aw/create-agentic-workflow.md @@ -545,7 +545,8 @@ These resources contain workflow patterns, best practices, safe outputs, and per - 📋 **DO NOT include other fields with good defaults** - Let the compiler use sensible defaults unless customization is needed. - Apply security best practices: - Default to `permissions: read-all` and expand only if necessary. - - Prefer `safe-outputs` (`create-issue`, `add-comment`, `create-pull-request`, `create-pull-request-review-comment`, `update-issue` for editing, `close-issue` for closing, `dispatch-workflow`) over granting write perms. + - Prefer `safe-outputs` (`create-issue`, `add-comment`, `create-pull-request`, `create-pull-request-review-comment`, `update-issue` for editing, `close-issue` for closing, `add-labels` for labeling, `dispatch-workflow`) over granting write perms. + - ❌ **Anti-pattern**: Do NOT use `gh issue edit --add-label` or `gh label` CLI commands directly in bash — these bypass safe-output controls (rate limiting, audit trails, allow-lists). Use `safe-outputs: add-labels:` instead. - For custom write operations to external services (email, Slack, webhooks), use `safe-outputs.jobs:` to create custom safe output jobs. - Constrain `network:` to the minimum required ecosystems/domains. - Use sanitized expressions (`${{ steps.sanitized.outputs.text }}`) instead of raw event text. @@ -825,6 +826,14 @@ Based on the parsed requirements, determine: - Creating issues → `safe-outputs: create-issue:` - Commenting → `safe-outputs: add-comment:` - Creating PRs → `safe-outputs: create-pull-request:` + - **Applying labels** → `safe-outputs: add-labels:` — use a dedicated `add-labels` safe output, **not** `update-issue` with a `labels` array and **not** `gh issue edit --add-label` in bash (both bypass allow-list enforcement and audit trails). Example: + ```yaml + safe-outputs: + add-labels: + allowed: [bug, enhancement, needs-triage] # restrict to safe labels + max: 3 + ``` + The agent calls `add_labels` with a `labels` array; the safe-output job applies them with `issues: write` / `pull-requests: write` permissions. ❌ Anti-pattern: `gh issue edit --add-label