refactor: move create-agent-session into main safe-outputs handler loop#24951
Merged
refactor: move create-agent-session into main safe-outputs handler loop#24951
Conversation
Like assign-to-agent, create-agent-session now runs as a handler inside the unified safe_output_handler_manager step instead of as a standalone step. This removes the separate "Create Agent Session" step from compiled workflows. Changes: - create_agent_session.cjs: refactored to handler factory pattern; main() now takes config and returns a message handler function; added getCreateAgentSessionNumber/Url/writeCreateAgentSessionSummary getters - safe_output_handler_manager.cjs: added create_agent_session to HANDLER_MAP, removed from STANDALONE_STEP_TYPES, imports and exports create_agent_session outputs - compiler_safe_outputs_config.go: added github-token to existing create_agent_session handler registry entry - compiler_safe_outputs_job.go: added CreateAgentSessions to hasHandlerManagerTypes, removed standalone step (section 3), exposes outputs from process_safe_outputs step - compiler_safe_outputs_steps.go: adds GH_AW_AGENT_SESSION_TOKEN env var to handler manager step when create-agent-session is configured - compiler_safe_outputs_specialized.go: removed buildCreateAgentSessionStepConfig (no longer needed) - safe_outputs_env.go: removed unused buildStepLevelSafeOutputEnvVars and buildAllowedReposEnvVar (only used by removed specialized step builder) - Updated tests: create_agent_session.test.cjs, safe_output_handler_manager.test.cjs - Recompiled all 181 lock files Agent-Logs-Url: https://github.com/github/gh-aw/sessions/289eab50-4ad7-4419-8a45-03f7c285c1e9 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
pelikhan
April 6, 2026 20:59
View session
Copilot stopped work on behalf of
pelikhan due to an error
April 6, 2026 20:59
Contributor
|
Hey This PR looks ready for maintainer review. A few things that stand out positively:
One thing to keep an eye on: no CI check runs have been recorded yet on this PR — this may be expected since it's currently a draft. When you're ready, marking it as ready for review should kick off the full CI suite ( Great contribution! 🎉
|
Contributor
There was a problem hiding this comment.
Pull request overview
Refactors create_agent_session safe-output handling so agent session creation runs inside the unified safe-output handler loop (via safe_output_handler_manager) rather than as a standalone workflow step, aligning it with the earlier assign_to_agent refactor.
Changes:
- Converts
create_agent_session.cjsto a handler-factory model with module-level getters and summary writing, and wires it intosafe_output_handler_manager.cjs. - Updates the Go workflow compiler to treat
create_agent_sessionas a handler-manager type, injectsGH_AW_AGENT_SESSION_TOKEN, and rewires exported outputs to come fromsteps.process_safe_outputs. - Updates tests and re-locks workflows to remove the standalone “Create Agent Session” step.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/safe_outputs_env.go | Removes env-var helper functions made obsolete by dropping the specialized step builder. |
| pkg/workflow/compiler_safe_outputs_steps.go | Injects GH_AW_AGENT_SESSION_TOKEN into the handler manager step when configured. |
| pkg/workflow/compiler_safe_outputs_specialized.go | Removes the specialized create-agent-session step config builder (file now empty). |
| pkg/workflow/compiler_safe_outputs_job.go | Moves create-agent-session output wiring to handler manager outputs; removes standalone step. |
| pkg/workflow/compiler_safe_outputs_config.go | Adds github-token into the create-agent-session handler config payload. |
| actions/setup/js/safe_output_handler_manager.cjs | Loads create_agent_session handler and exports its outputs from the handler manager step. |
| actions/setup/js/safe_output_handler_manager.test.cjs | Updates “standalone types” tests to reflect create-agent-session no longer being standalone. |
| actions/setup/js/create_agent_session.cjs | Refactors into handler factory + module getters + summary writer; uses GH_AW_AGENT_SESSION_TOKEN fallback. |
| actions/setup/js/create_agent_session.test.cjs | Rewrites tests for the handler-factory design and new token / allowlist behavior. |
| .github/workflows/poem-bot.lock.yml | Removes standalone create-agent-session step; rewires outputs and injects GH_AW_AGENT_SESSION_TOKEN. |
| .github/workflows/daily-mcp-concurrency-analysis.lock.yml | Removes standalone create-agent-session step; rewires outputs and injects GH_AW_AGENT_SESSION_TOKEN. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 11/11 changed files
- Comments generated: 3
Comment on lines
+72
to
+76
| if (isStaged) { | ||
| core.info(`[Staged] Would create agent session in ${effectiveRepo} on branch ${baseBranch}`); | ||
| core.info(`[Staged] Task description:\n${taskDescription}`); | ||
| _allResults.push({ number: "", url: "", success: true }); | ||
| return { success: true, staged: true }; |
There was a problem hiding this comment.
In staged mode, this handler records each message as a successful result and returns { success: true, staged: true }, but it doesn’t generate a staged preview summary (unlike other handlers such as assign_to_agent). As a result, the generic safe-output summary will report these as successful operations, and writeCreateAgentSessionSummary() will later say “Successfully created …” even though no sessions were created. Consider treating staged-mode results as skipped/preview (so they don’t look like real creations) and emitting a staged preview summary similar to other handlers (or make the summary text explicitly staged).
Comment on lines
118
to
123
| // Check for authentication/permission errors | ||
| if (errorMessage.includes("authentication") || errorMessage.includes("permission") || errorMessage.includes("forbidden") || errorMessage.includes("401") || errorMessage.includes("403")) { | ||
| core.error(`Task ${index + 1}: Failed to create agent session due to authentication/permission error.`); | ||
| core.error(`Task ${taskIndex}: Failed to create agent session due to authentication/permission error.`); | ||
| core.error(`The default GITHUB_TOKEN does not have permission to create agent sessions.`); | ||
| core.error(`You must configure a Personal Access Token (PAT) as COPILOT_GITHUB_TOKEN or GH_AW_GITHUB_TOKEN.`); | ||
| core.error(`You must configure a Personal Access Token (PAT) as GH_AW_AGENT_TOKEN or GH_AW_GITHUB_TOKEN.`); | ||
| core.error(`See documentation: https://github.github.com/gh-aw/reference/safe-outputs/#agent-task-creation-create-agent-session`); |
There was a problem hiding this comment.
The auth/permission error guidance mentions configuring a PAT via GH_AW_AGENT_TOKEN / GH_AW_GITHUB_TOKEN, but this handler actually reads config["github-token"] first and then GH_AW_AGENT_SESSION_TOKEN (and only then GITHUB_TOKEN). To avoid confusing users (especially when running the handler outside the compiler-generated workflow), update the message to mention the token sources this code actually honors (e.g., per-handler github-token and/or GH_AW_AGENT_SESSION_TOKEN).
See below for a potential fix:
core.error(`The default GITHUB_TOKEN may not have permission to create agent sessions.`);
core.error(`Configure a Personal Access Token (PAT) using the handler's github-token setting or GH_AW_AGENT_SESSION_TOKEN.`);
core.error(`This handler falls back to GITHUB_TOKEN only if no per-handler token or GH_AW_AGENT_SESSION_TOKEN is provided.`);
| @@ -1,29 +1 @@ | |||
| package workflow | |||
There was a problem hiding this comment.
This file is now effectively empty (package declaration only). It’s clearer to delete the file entirely (or move remaining relevant logic here) to avoid dead/placeholder files accumulating in the codebase.
Suggested change
| package workflow |
Collaborator
|
@copilot review comments |
- Use generateStagedPreview() in staged mode instead of logging inline,
returning { success: true, skipped: true } to avoid counting staged
results as real creations in the summary
- Fix auth error messages to reference the actual token sources
(github-token config and GH_AW_AGENT_SESSION_TOKEN) instead of the
old standalone step env vars
- Delete empty compiler_safe_outputs_specialized.go file
- Update tests to match new staged mode behavior (skipped + preview summary)
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/88fdc785-15a4-425f-9777-52906cdf1e06
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Addressed all three review comments in 13b36ae:
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
pelikhan
approved these changes
Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Refactors the
create-agent-sessionsafe-outputs logic to run within the main safe-outputs handler loop instead of as a separate standalone step, mirroring the prior refactor that movedassign-to-agentinto the handler loop.Changes
JavaScript
create_agent_session.cjs: Refactored from standalone script to handler factory pattern.main(config)now returns a message handler function (called once per message by the handler manager), with module-level state and getter functions (getCreateAgentSessionNumber,getCreateAgentSessionUrl,writeCreateAgentSessionSummary). Token is read fromconfig["github-token"]orGH_AW_AGENT_SESSION_TOKENenv var.safe_output_handler_manager.cjs: Addedcreate_agent_sessiontoHANDLER_MAP, removed fromSTANDALONE_STEP_TYPES, imported getters, added output export block forsession_numberandsession_url.Go Compiler
compiler_safe_outputs_config.go: Addedgithub-tokento existingcreate_agent_sessionhandler registry entry.compiler_safe_outputs_job.go: AddedCreateAgentSessionstohasHandlerManagerTypes; removed standalone "Create Agent Session" step (section 3); outputs now referencesteps.process_safe_outputs.outputs.session_number/session_url.compiler_safe_outputs_steps.go: AddsGH_AW_AGENT_SESSION_TOKENenv var to the handler manager step whencreate-agent-sessionis configured (same token preference chain asassign-to-agent).compiler_safe_outputs_specialized.go: Removed now-unusedbuildCreateAgentSessionStepConfig.safe_outputs_env.go: Removed unusedbuildStepLevelSafeOutputEnvVarsandbuildAllowedReposEnvVar(previously only used by the removed specialized step builder).Tests
create_agent_session.test.cjs: Fully rewritten with 26 tests covering handler factory, staged mode, session creation, error handling, getters, and cross-repo validation.safe_output_handler_manager.test.cjs: Updated standalone step tests to removecreate_agent_session(now handled by handler manager).Lock Files
poem-bot,daily-mcp-concurrency-analysis) no longer have a standalone "Create Agent Session" step —create_agent_sessionis now processed inside theProcess Safe Outputsstep.