fix: reject create_pull_request/push_to_pull_request_branch when branch equals base_branch after detection

[Copilot]

When getBaseBranch() resolves to the feature branch itself (e.g. GITHUB_BASE_REF set to the feature branch due to a confused event context), the existing auto-detection via getCurrentBranch() also returns the same value — leaving entry.branch === entry.base_branch. The malformed safe output was written silently, and the safe_outputs job then failed with a cryptic git exit code 1 trying to fetch the non-existent remote ref during checkout.

Changes

• safe_outputs_handlers.cjs — both createPullRequestHandler and pushToPullRequestBranchHandler now guard against this after the detection step:

  if (entry.branch === entry.base_branch) {
    return {
      content: [{ type: "text", text: JSON.stringify({
        result: "error",
        error: `Branch '${entry.branch}' equals base_branch '${entry.base_branch}'. ` +
               `Cannot create a pull request from a branch into itself. ...`
      })}],
      isError: true,
    };
  }

  Instead of propagating a self-targeting safe output, the agent receives a clear, actionable error at tool-call time.

• safe_outputs_handlers.test.cjs — two new tests cover the failing scenario for both handlers, simulating GITHUB_BASE_REF incorrectly set to the feature branch.

[Copilot]

Pull request overview

This PR makes safe output branch handling fail fast when the resolved feature branch and base branch are the same, preventing malformed PR/push intents from reaching the safe outputs job.

Changes:

• Adds self-targeting branch rejection to create_pull_request.
• Adds the same rejection to push_to_pull_request_branch.
• Adds regression tests for both handlers using confused GitHub branch env vars.

Show a summary per file

File	Description
actions/setup/js/safe_outputs_handlers.cjs	Adds post-detection validation that rejects branch === base_branch with clear errors.
actions/setup/js/safe_outputs_handlers.test.cjs	Adds coverage for create PR and push-to-PR-branch rejection scenarios.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 0

[github-actions]

⚠️ PR Code Quality Reviewer failed during code quality review.

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #34138 does not have the 'implementation' label and has 0 new lines of code in default business logic directories (src/, lib/, pkg/, internal/, app/, core/, domain/, services/, api/).

[github-actions]

🧪 Test Quality Sentinel completed test quality analysis.

[github-actions]

🧠 Matt Pocock Skills Reviewer failed during the skills-based review.

[github-actions]

🧪 Test Quality Sentinel Report

✅ Test Quality Score: 100/100 — Excellent

Analyzed 2 test(s): 2 design, 0 implementation, 0 guideline violation(s).

📊 Metrics & Test Classification (2 tests analyzed)

Metric	Value
New/modified tests analyzed	2
✅ Design tests (behavioral contracts)	2 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	2 (100%)
Duplicate test clusters	0
Test inflation detected	No
🚨 Coding-guideline violations	0

Test Classification Details

Test	File	Classification	Issues Detected
should reject create_pull_request when branch still equals base_branch after detection (unresolvable base)	actions/setup/js/safe_outputs_handlers.test.cjs:722	✅ Design	None — comprehensive error validation
should reject push_to_pull_request_branch when branch still equals base_branch after detection	actions/setup/js/safe_outputs_handlers.test.cjs:1112	✅ Design	None — comprehensive error validation

Language Support

Tests analyzed:

• 🟨 JavaScript (*.test.cjs, *.test.js): 2 tests (vitest)

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%).

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

Analysis Highlights

Both new tests demonstrate excellent test quality:

1. Strong behavioral coverage: Both tests verify the critical invariant that handlers must reject branch === base_branch conditions with clear error messages, preventing cryptic downstream git failures.

2. Comprehensive error validation: Each test includes 5 assertions covering error flags, error messages (both key phrases and full explanations), and verification that unsafe side effects (writing malformed safe outputs) do NOT occur.

3. Edge case focus: Both tests target the specific edge case where environment variables are misconfigured (GITHUB_BASE_REF incorrectly set to the feature branch), simulating real failure scenarios.

4. Appropriate mocking: Only mocks external side effects (file system writes via mockAppendSafeOutput) — no mocking of internal business logic.

5. Proportional growth: Test code grew 1.55:1 relative to production code (well below the 2:1 inflation threshold).

What makes these design tests?

• They verify observable behavior (error responses, error messages, no side effects)
• They would catch real regressions (missing validation → cryptic failures)
• They remain valid after refactoring (internal detection logic can change)
• They test what users experience (clear error messages vs. cryptic git exit-1)

🧪 Test quality analysis by Test Quality Sentinel · ● 1.2M · ◷

[github-actions]

✅ Test Quality Sentinel: 100/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%).

[github-actions]

@copilot review all comments and summarize any remaining blockers so this PR can move forward.

Generated by 👨‍🍳 PR Sous Chef · ● 4M · ◷