fix(update_pull_request): strengthen validation and schema constraints per review feedback

- Use typeof/=== true checks in handler (rejects null title/body, null/false update_branch)
- Add anyOf JSON Schema constraint to both safe_outputs_tools.json copies so {} is rejected at schema level
- Add tests for null title, null body, null update_branch inputs

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Author: Copilot

.github/workflows/mcp-inspector.lock.yml

@@ -1369,12 +1369,12 @@ function createHandlers(server, appendSafeOutput, config = {}) {
    */
   const updatePullRequestHandler = args => {
     const safeArgs = args || {};
-    const hasTitle = safeArgs.title !== undefined;
-    const hasBody = safeArgs.body !== undefined;
-    // update_branch: false is treated as not provided because it carries no update intent
-    // (it's the default behaviour). This mirrors the downstream requiresOneOf validator in
-    // safe_output_type_validator.cjs which also excludes field === false from the count.
-    const hasUpdateBranch = safeArgs.update_branch !== undefined && safeArgs.update_branch !== false;
+    const hasTitle = typeof safeArgs.title === "string";
+    const hasBody = typeof safeArgs.body === "string";
+    // update_branch must be exactly true to carry update intent; false/null/undefined do not.
+    // This mirrors the downstream requiresOneOf validator in safe_output_type_validator.cjs
+    // which also excludes field === false from the count.
+    const hasUpdateBranch = safeArgs.update_branch === true;
 
     if (!hasTitle && !hasBody && !hasUpdateBranch) {
       throw {

.github/workflows/pr-sous-chef.lock.yml

@@ -1790,6 +1790,24 @@ describe("safe_outputs_handlers", () => {
       );
     });
 
+    it("should throw MCP error when title is null", () => {
+      expect(() => handlers.updatePullRequestHandler({ title: null })).toThrow(
+        expect.objectContaining({ code: -32602 })
+      );
+    });
+
+    it("should throw MCP error when body is null", () => {
+      expect(() => handlers.updatePullRequestHandler({ body: null })).toThrow(
+        expect.objectContaining({ code: -32602 })
+      );
+    });
+
+    it("should throw MCP error when update_branch is null", () => {
+      expect(() => handlers.updatePullRequestHandler({ update_branch: null })).toThrow(
+        expect.objectContaining({ code: -32602 })
+      );
+    });
+
     it("should write entry and return success when title is provided", () => {
       const result = handlers.updatePullRequestHandler({ title: "New Title" });
       expect(result).toHaveProperty("content");

.github/workflows/smoke-otel-backends.lock.yml

@@ -799,6 +799,7 @@
   },
   {
     "name": "update_pull_request",
+
     "description": "Update an existing GitHub pull request's title or body. Supports replacing, appending to, or prepending content to the body. Title is always replaced. Only the fields you specify will be updated; other fields remain unchanged. IMPORTANT: At least one of 'title', 'body', or 'update_branch' must be provided; calling this tool with no fields will return an error.",
     "inputSchema": {
       "type": "object",
@@ -845,6 +846,14 @@
           "description": "Trustworthiness level of the message source (e.g., \"low\", \"medium\", \"high\")."
         }
       },
+      "anyOf": [
+        { "required": ["title"] },
+        { "required": ["body"] },
+        {
+          "required": ["update_branch"],
+          "properties": { "update_branch": { "const": true } }
+        }
+      ],
       "additionalProperties": false
     }
   },

actions/setup/js/safe_outputs_handlers.cjs

@@ -1002,6 +1002,14 @@
           "description": "Trustworthiness level of the message source (e.g., \"low\", \"medium\", \"high\")."
         }
       },
+      "anyOf": [
+        { "required": ["title"] },
+        { "required": ["body"] },
+        {
+          "required": ["update_branch"],
+          "properties": { "update_branch": { "const": true } }
+        }
+      ],
       "additionalProperties": false
     }
   },