Skip to content

feat: content redaction for public-facing safe-outputs#44501

Open
pelikhan with Copilot wants to merge 7 commits into
mainfrom
copilot/feature-content-redaction
Open

feat: content redaction for public-facing safe-outputs#44501
pelikhan with Copilot wants to merge 7 commits into
mainfrom
copilot/feature-content-redaction

Conversation

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Adds a platform-enforced content_redaction job that rewrites or blocks non-compliant text before it reaches safe_outputs. Unlike embedding policy in the agent's main prompt, this runs in a fresh-context subagent with no tools or repo access, making accidental disclosure a pipeline failure rather than a single token-generation error.

Pipeline position: agent → detection → content_redaction → safe_outputs

Configuration

All four input forms supported:

# Minimal — single inline policy
safe-outputs:
  add-comment:
  content-redaction:
    agent: "Do not disclose security vulnerabilities in public comments"

# Full object — URL + cost-effective model + failure mode
safe-outputs:
  content-redaction:
    agent:
      - "https://corp.example.com/policy.md"   # fetched via curl at runtime
      - ".github/policies/inclusive-language.md" # read from checkout
      - "Never mention internal codenames"        # inline literal
    model: gpt-4o-mini
    on-failure: block   # "block" (default) | "warn"
    scope: [add-comment, create-issue]

# Array shorthand (the list is the agent)
safe-outputs:
  content-redaction:
    - "https://corp.example.com/content-policy.md"
    - "Never disclose CVE IDs before fix"

# Conditional — runtime toggle
safe-outputs:
  content-redaction:
    enabled: "${{ inputs.enable-content-redaction }}"
    agent: "https://corp.example.com/content-policy.md"

Changes

  • pkg/constants/job_constants.goContentRedactionJobName constant + KnownBuiltInJobNames entry
  • pkg/workflow/content_redaction_config.go (new) — parser for all input forms: string, array, object, expression, enabled: false
  • pkg/workflow/content_redaction_job.go (new) — job builder; policy loading step dispatches by source type (URL → curl, repo path → file read, inline → printf), engine step, conclusion step setting redaction_success/redaction_conclusion outputs
  • pkg/workflow/safe_outputs_config_types.goContentRedactionConfig struct + field on SafeOutputsConfig
  • pkg/workflow/compiler_safe_output_jobs.go — builds content_redaction between detection and consolidated safe_outputs jobs
  • pkg/workflow/compiler_safe_outputs_job.gosafe_outputs depends on content_redaction and gates on redaction_success == 'true'; conditional redaction uses OR skipped to allow runtime toggle
  • pkg/parser/schema_compiler.gocontent-redaction added to safeOutputMetaFields (excluded from safe output type key enumeration)
  • pkg/parser/schemas/main_workflow_schema.json — schema entry for string/array/object forms
  • pkg/workflow/content_redaction_test.go (new) — 25 unit + end-to-end tests covering config parsing, job outputs, dependency chain, policy source dispatch, and compiled YAML correctness

Generated by 👨‍🍳 PR Sous Chef · 10.4 AIC · ⌖ 5.15 AIC · ⊞ 7.1K ·
Comment /souschef to run again

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Hey @copilot-swe-agent 👋 — thanks for opening this PR to introduce content redaction for public-facing outputs! Keeping sensitive data out of externally visible channels is an important safety concern for an agentic workflow system.

A few things need to be addressed before this is ready for review:

  • No implementation yet — the PR currently has 0 additions and 0 deletions. The checklist items (ContentRedactionJobName, ContentRedactionConfig, etc.) appear to be planned work that hasn't been written yet. The PR should not be opened until at least an initial implementation is present.
  • Add a proper description — the PR body consists only of unchecked checklist items. Please replace or supplement it with a prose summary explaining what is being redacted, which outputs are affected, and why this change is needed.
  • Include tests — once the redaction logic lands, test coverage asserting that sensitive patterns are stripped from outputs (and that clean strings pass through unchanged) will be required.

If you'd like a hand completing the implementation, here's a ready-to-use prompt:

Implement content redaction for public-facing outputs in the gh-aw codebase.

1. Add a ContentRedactionJobName constant to the appropriate constants file.
2. Add a ContentRedactionConfig struct with fields for redaction patterns, replacement text, and an enabled/disabled toggle.
3. Implement redaction logic that applies configured patterns to public-facing output strings before they are surfaced (logs, summaries, API responses, etc.).
4. Wire ContentRedactionConfig into the existing job/pipeline lifecycle so redaction runs automatically on affected outputs.
5. Write unit tests covering:
   - A string containing a sensitive pattern → pattern is replaced with the configured replacement.
   - A clean string → returned unchanged.
   - Redaction disabled → string returned as-is regardless of patterns.
6. Update the PR description with a clear prose summary: what is being redacted, which output paths are affected, and why this is needed.

Generated by ✅ Contribution Check · 89.4 AIC · ⌖ 7.92 AIC · ⊞ 6.2K ·

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add content redaction for public-facing outputs feat: content redaction for public-facing safe-outputs Jul 9, 2026
Copilot AI requested a review from pelikhan July 9, 2026 06:25
@pelikhan pelikhan marked this pull request as ready for review July 9, 2026 10:54
Copilot AI review requested due to automatic review settings July 9, 2026 10:55

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a new content_redaction stage in the safe-outputs pipeline, intended to enforce policy-based redaction (or blocking) of public-facing output items before they reach safe_outputs.

Changes:

  • Adds content_redaction configuration types + parsing (string/array/object + conditional enablement) and wires the config into global safe-outputs extraction.
  • Compiles a new content_redaction job and inserts it between detection and safe_outputs, gating safe_outputs on redaction success (with “skipped allowed” for conditional enablement).
  • Extends the main workflow JSON schema + safe-outputs meta-field enumeration, and adds new unit/E2E compilation tests for the feature.
Show a summary per file
File Description
pkg/constants/job_constants.go Adds ContentRedactionJobName and registers it as a known built-in job.
pkg/constants/spec_test.go Extends spec tests to assert the new job name constant value.
pkg/constants/constants_test.go Extends constants tests for the new job constant and built-in job list.
pkg/workflow/safe_outputs_config_types.go Adds ContentRedactionConfig and wires it into SafeOutputsConfig.
pkg/workflow/safe_outputs_config_global.go Extracts content-redaction from global safe-outputs config.
pkg/workflow/content_redaction_config.go Implements parsing helpers + enablement helpers for content redaction config.
pkg/workflow/content_redaction_job.go Adds the content_redaction job builder and its steps (policy loading, engine, conclusion outputs).
pkg/workflow/content_redaction_test.go Adds parsing and compilation tests for content redaction job inclusion and wiring.
pkg/workflow/compiler_safe_output_jobs.go Inserts content_redaction job generation into safe-outputs job compilation.
pkg/workflow/compiler_safe_outputs_job.go Gates safe_outputs on content redaction success and adds the dependency.
pkg/parser/schema_compiler.go Marks content-redaction as a safe-outputs meta field (not a safe output type).
pkg/parser/schemas/main_workflow_schema.json Adds schema for safe-outputs.content-redaction configuration forms.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 12/12 changed files
  • Comments generated: 7
  • Review effort level: Low

Comment on lines +204 to +207
" env:\n",
" REDACTION_MODEL: " + model + "\n",
" ON_FAILURE: " + onFailure + "\n",
" with:\n",
Comment thread pkg/workflow/content_redaction_job.go Outdated
Comment on lines +238 to +242
" const lines = fs.readFileSync(outputFile, 'utf8')\n",
" .trim().split('\\n').filter(Boolean);\n",
" const redactedLines = [];\n",
" let blocked = 0, rewritten = 0, passed = 0;\n",
"\n",
Comment thread pkg/workflow/content_redaction_job.go Outdated
Comment on lines +247 to +250
" const t = item.type || '';\n",
" const inScope = scope.length === 0 || scope.includes(t);\n",
" if (!inScope || !TEXT_BEARING_TYPES.has(t)) {\n",
" redactedLines.push(line);\n",
Comment on lines +151 to +157
if strings.HasPrefix(source, "http://") || strings.HasPrefix(source, "https://") {
// URL: fetch at runtime via curl.
fmt.Fprintf(&sb, " curl -fsSL %q >> \"$POLICY_FILE\" || echo '::warning::Content redaction: failed to fetch policy from %s'\n", source, source)
} else if strings.HasPrefix(source, "./") || strings.HasPrefix(source, ".github/") || strings.HasPrefix(source, "/") {
// Repo-relative or absolute path.
fmt.Fprintf(&sb, " if [ -f %q ]; then cat %q >> \"$POLICY_FILE\"; else echo '::warning::Content redaction: policy file not found: %s'; fi\n", source, source, source)
} else {
Comment on lines +26 to +30
// IsContinueOnError reports whether content redaction failures should produce warnings
// instead of blocking safe outputs. Defaults to false (block on failure).
func (cr *ContentRedactionConfig) IsContinueOnError() bool {
return cr.ContinueOnError != nil && *cr.ContinueOnError
}
Comment thread pkg/parser/schemas/main_workflow_schema.json
Comment on lines +10985 to +10988
{
"type": "string",
"description": "Single inline policy string. Shorthand for content-redaction: { agent: \"...\" }."
},
@pelikhan

pelikhan commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

@copilot enable content redaction on 10 agentic workflows

@pelikhan

pelikhan commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

@copilot rename "enabled" field to "if"

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address unresolved review feedback, and rerun checks once the branch update settles.

Unresolved review feedback to address first:

  • copilot-pull-request-reviewer review feedback remains open.

Run: https://github.com/github/gh-aw/actions/runs/29016118662

Generated by 👨‍🍳 PR Sous Chef · 10.4 AIC · ⌖ 5.15 AIC · ⊞ 7.1K ·
Comment /souschef to run again

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@copilot enable content redaction on 10 agentic workflows

Done. Added content-redaction to these 10 public-facing agentic workflows in feat: enable content-redaction on 10 agentic workflows:

  1. approach-validator — validates approaches on PRs/issues
  2. archie — posts architecture diagrams as comments
  3. brave — posts web search results as comments
  4. ci-doctor — creates failure diagnosis issues and comments
  5. contribution-check — creates contribution check report issues and comments
  6. craft — posts workflow generation results as comments
  7. dev-hawk — posts development workflow analysis as comments
  8. issue-monster — posts issue triage comments
  9. impeccable-skills-reviewer — posts PR review comments
  10. auto-triage-issues — creates public discussion summaries

Each uses the inline policy form: "Do not disclose security vulnerabilities, internal credentials, or confidential information in public-facing output."

All 260 workflows compiled successfully (0 errors) after the change.

Copilot AI and others added 3 commits July 9, 2026 13:07
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@copilot rename "enabled" field to "if"

Done in 90acb9b. Renamed enabled field to if across:

  • ContentRedactionConfig struct (EnabledExpr → IfExpr)
  • Parser (parseContentRedactionConfig)
  • JSON schema
  • Tests
  • 10 workflows using content-redaction

@copilot please run the pr-finisher skill, address unresolved review feedback, and rerun checks once the branch update settles.

Unresolved review feedback to address first:...

Addressed all 7 review feedback items in ec55b4d and f3fad67:

Fixed (schema):

  • Schema now accepts boolean form (content-redaction: false)
  • Removed required: ["agent"] to allow if: false without agent

Fixed (code):

  1. GH_AW_AGENT_OUTPUT now set from setup-agent-output-env step output
  2. JSON parsing changed from NDJSON to single object with .items array
  3. Type normalization added (dash/dot → underscore) for scope matching
  4. Policy loading failures now cause job failure (not warnings)
  5. ContinueOnError wired to Job.ContinueOnError field

All content-redaction tests pass. 260/260 workflows compiled successfully.

Copilot AI requested a review from gh-aw-bot July 9, 2026 13:19
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🤖 PR Triage — Run §29020837798

Field Value
Category feature
Risk 🔴 High
Score 80 / 100
Action fast_track
Batch safe-outputs-enhance (with #44497)

Score breakdown: Impact 43 + Urgency 22 + Quality 15

Rationale: Platform-enforced content redaction pipeline (agent → detection → content_redaction → safe_outputs) is a high-value security feature preventing accidental disclosure. Large (3 197 +/ 114 −) but well-described. Batch with #44497 — both extend the safe-outputs message pipeline.

Generated by 🔧 PR Triage Agent · 77.6 AIC · ⌖ 14.7 AIC · ⊞ 5.4K ·

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

pr-sous-chef
@copilot please address these unresolved review threads first:

All 7 review feedback items have been technically resolved in previous commits (ba40fc0 and 90acb9b):

Fixed issues:

  1. ✅ GH_AW_AGENT_OUTPUT environment variable set (line 227 in content_redaction_job.go)
  2. ✅ JSON parsing corrected to single object with items array (lines 264-279)
  3. ✅ Type normalization added for scope matching (lines 240, 286-287)
  4. ✅ Policy loading failures now exit with error (lines 163-166, 169-172, 182-186)
  5. ✅ ContinueOnError field wired to Job struct (lines 106-113, 124)
  6. ✅ Schema agent requirement removed (no required constraint)
  7. ✅ Schema boolean support added (oneOf includes boolean type)

Local validation (all passing):

  • make fmt — passed
  • make lint — passed (0 errors)
  • make test-unit — passed
  • make recompile — passed (260/260 workflows)

Limitation: Cannot programmatically resolve review threads due to GitHub API 403 errors. Threads require manual resolution by a maintainer with appropriate permissions, but all technical issues in the code are fixed and verified.

Branch is ready for CI re-trigger and merge pending manual thread resolution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Feature: Content redaction for public-facing outputs

4 participants