Add update-discussion safe output type

[Copilot]

Add update-discussion Safe Output Type - COMPLETE ✅

Successfully implemented a new "update-discussion" safe output type that allows updating GitHub discussions similar to update-issue.

Recent Changes

Footer Addition (Latest)

• Added footer generation to update-discussion body updates
• Footer includes workflow name, run URL, and triggering context
• Matches format used by other safe output types for consistency
• Provides traceability showing which workflow run made the update
• All 8 JavaScript tests passing

Bug Fix: GraphQL Mutation Handling

• Fixed GraphQL mutation to properly handle cases when title or body are missing
• Added validation to ensure at least one field is provided for update
• Dynamically builds mutation fields and parameters based on which fields are being updated
• Prevents invalid GraphQL syntax that occurred with conditional field inclusion
• All 8 JavaScript tests passing

Target Configuration Update

• Updated dev.md to set target: "*" for update-discussion
• This allows the agent to update any discussion by specifying discussion_number
• Provides flexibility to target specific discussions rather than only the triggering discussion

Bug Fix: MCP Server Tool Registration

• Fixed YAML tag from update-discussions (plural) to update-discussion (singular) to match schema
• Added UpdateDiscussions to generateSafeOutputsConfig() function
• This ensures config.json includes update_discussion so the MCP server properly registers the tool
• The tool handler now works correctly - tools without explicit handlers use the default handler

Main Branch Merge (2nd merge)

• Merged latest changes from origin/main (second merge)
• Rebuilt binary with updated Go code
• Recompiled all 116 workflows to incorporate latest changes
• Verified update-discussion implementation preserved after merge

Main Branch Merge (First merge)

• Merged latest changes from origin/main
• Rebuilt binary with updated Go code
• Recompiled all 116 workflows
• All tests continue to pass

Permissions Fix

• Fixed permissions in dev.md: changed discussions: write to discussions: read
• Agent job only needs read permission; write operations are handled by safe-outputs job

Dev Workflow Update

• Updated .github/workflows/dev.md to use update-discussion to test the new functionality
• Workflow targets the latest discussion and appends a creative poem
• Uses update-discussion safe output with body updates enabled
• Configured with wildcard target for flexible discussion selection

Bug Fix: Environment Variables

• Fixed buildUpdateDiscussionStepConfig to properly set GH_AW_UPDATE_TITLE and GH_AW_UPDATE_BODY environment variables
• These env vars control which fields can be updated in the JavaScript update_runner

Schema Update

• Added update-discussion to main_workflow_schema.json with proper validation
• Updated safe-outputs operations list in schema comment

Implementation Checklist - All Complete ✅

• Update JSON schema (schemas/agent-output.json)
• Update TypeScript types
• Update safe outputs tools JSON
• Add context helpers
• Create JavaScript implementation
• Create JavaScript tests (8/8 passing)
• Add Go configuration
• Update Go safe outputs compiler
  • Fixed environment variable configuration
  • Fixed YAML tag and config generation
• Create test workflows
• Build and test (all tests passing)
• Add to main_workflow_schema.json
• Update dev.md to test update-discussion functionality
• Fix permissions (discussions: read for agent, write handled by safe-outputs)
• Merge main branch (multiple times)
• Recompile all workflows
• Fix MCP server tool registration
• Configure wildcard target for flexible discussion targeting
• Fix GraphQL mutation handling for missing fields
• Add footer to updated discussion bodies

How It Works

The new safe output type allows AI agents to update existing GitHub discussions by:

• Changing the discussion title
• Updating the discussion body (with automatic footer)
• Targeting either the triggering discussion, a specific discussion number, or using wildcard matching

Example usage in a workflow:

permissions:
  contents: read
  discussions: read  # Agent only needs read permission
  
safe-outputs:
  update-discussion:
    target: "*"      # Allows updating any discussion
    body:            # presence of key enables body updates
    max: 1

When target: "*" is set, the agent must specify the discussion_number when calling the update_discussion tool. This provides flexibility to target specific discussions rather than being limited to the triggering discussion.

The JavaScript implementation uses environment variables (GH_AW_UPDATE_TITLE, GH_AW_UPDATE_BODY, GH_AW_UPDATE_TARGET) to control which fields can be updated and how discussions are targeted, matching the pattern used by other update operations. Write permissions are handled by the safe-outputs job, maintaining proper separation of concerns.

The GraphQL mutation is dynamically constructed based on which fields are being updated, ensuring valid GraphQL syntax and proper type handling.

When updating the discussion body, a footer is automatically appended:

> AI generated by [Workflow Name](run_url) for #123

This provides traceability and matches the footer format used by other safe output types like create_issue and create_discussion.

Custom agent used: create-safe-output-type
Adding a New Safe Output Type to GitHub Agentic Workflows

Original prompt

Add a "update-discussion" safe output type that allows to update a discussion in a similar way to the update-issue safe output.

Custom agent used: create-safe-output-type
Adding a New Safe Output Type to GitHub Agentic Workflows

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[pelikhan]

Update dev.md to add a poem to the latest discussion @copilot

[Copilot]

Update dev.md to add a poem to the latest discussion @copilot

Updated dev.md to add a poem to the latest discussion using the new update-discussion safe output type. The workflow now:

• Uses update-discussion with body updates enabled
• Instructs the agent to find the latest discussion and append a creative poem about GitHub Agentic Workflows
• Successfully compiles with the updated schema

Changes in commit c937d5e.

[pelikhan]

@copilot merge main

[github-actions]

⚠️ Dev Hawk Report - Failure Analysis

Workflow Run: #3140

• Status: failure
• Commit: 6743a79
• Duration: ~1 minute 17 seconds

Root Cause Analysis

The workflow failed during the "Execute GitHub Copilot CLI" step in the agent job. Based on the workflow structure and recent changes in this PR, the failure appears related to the newly added update-discussion safe output functionality.

Key Observations:

1. Recent Changes: This PR adds support for update-discussion safe output, including:

   • Environment variable configuration (GH_AW_UPDATE_TITLE, GH_AW_UPDATE_BODY)
   • JavaScript implementation for updating discussions
   • Integration with the shared update_runner.cjs

2. Workflow Configuration: The dev.md workflow was configured to:

   • Find the latest discussion in the repository
   • Append a poem about GitHub Agentic Workflows
   • Use the update-discussion tool with body updates enabled

3. Failure Location: The agent execution step failed, which suggests:

   • Possible MCP server communication issue
   • GitHub MCP server configuration problem
   • Discussion API access problem

Investigation Notes

The workflow appears to have completed most setup steps successfully:

• ✅ Activation job completed
• ✅ Setup steps (MCPs, safe outputs, safe inputs)
• ✅ Prompt generation
• ❌ Agent execution failed

The agent job shows it attempted to use:

• GitHub MCP server (discussions toolset)
• Safe outputs for update-discussion
• Safe inputs for gh CLI commands

Recommended Actions

• Review agent stdio logs: Download the agent-stdio.log artifact to see the actual error messages from the Copilot CLI
• Check GitHub MCP server connection: Verify the GitHub MCP server (discussions toolset) is properly connected
• Validate discussion permissions: Ensure the workflow has proper permissions to query and update discussions
• Test update-discussion locally: Use gh aw compile and test the dev.md workflow in a controlled environment
• Check environment variables: Verify GH_AW_UPDATE_BODY is being properly passed to the JavaScript update runner

Next Steps

To debug this failure, you can:

1. Download the workflow artifacts (especially agent-stdio.log and mcp-logs)
2. Check the step summary in the workflow run for detailed error messages
3. Re-run the workflow with debug logging enabled if needed

---

AI generated by Dev Hawk

🦅 Observed from above by Dev Hawk

[Copilot]

@copilot merge main

Merged main branch successfully. Resolved conflicts in 4 compiled workflow files and recompiled them to preserve the update-discussion implementation. All tests passing.

Changes in commits 7293e77 and d48a64e.

[pelikhan]

@copilot update dev.md and insist to update an issue with a poem in the body.

[github-actions]

✅ Dev Hawk Report - Success

Workflow Run: #3142

• Status: success ✅
• Commit: d48a64e
• Duration: 100 seconds (1m 40s)
• Branch: copilot/add-update-discussion-output

The Dev workflow completed successfully! 🎉

Workflow Details

This run tested the update-discussion feature after merging the main branch. The workflow execution included:

• Setting up the environment
• Running the compiled workflow (dev.lock.yml)
• Validating the update-discussion safe output type

All steps completed without errors, confirming that the merge and environment variable fixes are working correctly.

🦅 Observed from above by Dev Hawk

[Copilot]

@copilot update dev.md and insist to update an issue with a poem in the body.

Updated dev.md to use update-issue instead of update-discussion. The workflow now:

• Targets an open issue in the repository
• Uses update-issue safe output with body updates enabled
• Includes explicit instruction requiring the use of update_issue tool
• Successfully compiles with the update-issue step

Changes in commit 3935612.

[pelikhan]

Update dev.md to use upda-discussion NOT ISSUE

[Copilot]

@copilot merge main

Merged main branch and recompiled all workflows successfully.

• Merged latest changes from origin/main
• Rebuilt binary with updated Go code
• Recompiled all 116 workflows
• Verified update-discussion implementation preserved with correct environment variables

Changes in commit c2434a7.

[github-actions]

✅ Dev Hawk Report - Success

Workflow Run: #3148

• Status: success
• Commit: c2434a7
• Duration: ~2.5 minutes (04:04:47 - 04:07:23)

The Dev workflow completed successfully! 🎉

This validates the merge from origin/main into the copilot/add-update-discussion-output branch, ensuring that the update-discussion implementation continues to work correctly with the latest changes from main.

🦅 Observed from above by Dev Hawk

[pelikhan]

@copilot the tool handler does not seem to be enabled or handled in the safe output MCP server https://github.com/githubnext/gh-aw/actions/runs/20359439328/job/58501762301#step:37:1

[Copilot]

@copilot the tool handler does not seem to be enabled or handled in the safe output MCP server https://github.com/githubnext/gh-aw/actions/runs/20359439328/job/58501762301#step:37:1

Fixed the tool handler issue. The root cause was:

1. YAML tag mismatch: The Go struct had yaml:"update-discussions" (plural) but should be yaml:"update-discussion" (singular) to match the schema
2. Missing config generation: The generateSafeOutputsConfig() function wasn't generating the config.json entry for update_discussion

Without the config entry, the MCP server never registered the tool, even though it was defined in tools.json. The default handler works correctly for tools without explicit handlers - the issue was the tool wasn't being registered at all.

Changes in commit 5d6b3cd.

[github-actions]

✅ Dev Hawk Report - Success

Workflow Run: #3149

• Status: ✅ success
• Commit: 5d6b3cd
• Duration: ~3m 24s
• Branch: copilot/add-update-discussion-output

The Dev workflow completed successfully! 🎉

Summary

This run validated the latest bug fix for MCP server tool registration:

• Fixed YAML tag from update-discussions (plural) to update-discussion (singular) to match schema
• Added UpdateDiscussions handling to generateSafeOutputsConfig function
• Recompiled dev.lock.yml with correct update_discussion configuration

All checks passed successfully, confirming that the update-discussion tool will now be properly registered by the MCP server.

🦅 Observed from above by Dev Hawk

[pelikhan]

@copilot update dev.md update-discussion to target *

[Copilot]

@copilot update dev.md update-discussion to target *

Updated dev.md to set target: "*" for update-discussion. This allows the agent to update any discussion by specifying the discussion_number in the update_discussion tool call, rather than being limited to the triggering discussion.

The compiled workflow now includes GH_AW_UPDATE_TARGET: "*" environment variable.

Changes in commit 6520930.

[github-actions]

⚠️ Dev Hawk Report - Failure Analysis

Workflow Run: #3150

• Status: failure
• Commit: 6520930
• Duration: ~3.5 minutes
• Failed Job: safe_outputs

Root Cause Analysis

The workflow failed in the safe_outputs job during the "Update Discussion" step (step 5). This is a direct test of the new update-discussion safe output feature with target: "*" configuration that was added in this PR.

What Happened

1. ✅ Agent job succeeded - The AI agent successfully executed and generated update instructions
2. ✅ Detection job succeeded - Threat detection passed
3. ❌ Safe outputs job failed - The update-discussion execution failed

Failure Details

Failed Step: Update Discussion (step 5 of safe_outputs job)
Configuration:

safe-outputs:
  update-discussion:
    target: "*"
    body:

The workflow was testing whether the agent could:

• Find the latest discussion using GitHub MCP tools
• Call update_discussion with a discussion_number parameter
• Update the discussion body with a poem

Likely Issues

Given that this is testing newly implemented functionality, the failure is most likely due to one of:

1. JavaScript execution error - Bug in the update-discussion JavaScript implementation when handling target: "*"
2. Missing discussion_number parameter - Agent may not have correctly specified which discussion to update
3. Permission issue - Although permissions look correct (discussions: read for agent, write handled by safe-outputs)
4. GraphQL mutation error - The actual GitHub API call to update the discussion may have failed

Recommended Actions

• Check the safe_output.jsonl artifact to see what parameters the agent passed to update_discussion
• Review the JavaScript implementation in the update-discussion safe output handler for target: "*" support
• Verify the GraphQL mutation for updating discussions is correctly formed
• Add better error logging to the update-discussion JavaScript to help debug future failures
• Consider adding unit tests for the target: "*" configuration path

Investigation Notes

Unfortunately, the workflow run logs have expired and are no longer accessible via the GitHub API. The artifacts are still available for 28 days and contain:

• safe_output.jsonl - Contains the actual tool call parameters from the agent
• agent_output.json - Contains the full agent output
• mcp-logs - May contain relevant GitHub API call information

To get more details, download and inspect these artifacts from the workflow run page.

🦅 Observed from above by Dev Hawk

[pelikhan]

@copilot update graphql query to handle missing title/body

See https://github.com/githubnext/gh-aw/actions/runs/20360201041/job/58504087589#step:5:1

[Copilot]

@copilot update graphql query to handle missing title/body

See https://github.com/githubnext/gh-aw/actions/runs/20360201041/job/58504087589#step:5:1

Fixed the GraphQL mutation handling. The issue was that the mutation was building invalid GraphQL syntax when fields were conditionally included.

Changes made:

1. Added validation to ensure at least one field (title or body) is provided
2. Dynamically build the mutation fields list instead of using conditional string interpolation
3. Use required types (String!) for fields that are actually being updated
4. Properly construct the mutation parameter list based on which fields are present

The mutation now correctly handles all cases: title only, body only, or both fields.

Changes in commit e4f9122.

[github-actions]

✅ Dev Hawk Report - Success

Workflow Run: #3151

• Status: ✅ success
• Duration: 2m 52s
• Branch: copilot/add-update-discussion-output
• Commit: e4f9122

Summary

The Dev workflow completed successfully! 🎉

This run validated the GraphQL mutation fix for update-discussion, which now properly handles cases when title or body fields are missing by dynamically building the mutation structure.

What Was Tested

• GraphQL mutation with dynamic field construction
• Update-discussion with partial field updates
• All 8 update_discussion JavaScript tests
• Full workflow compilation (116 workflows)

The implementation correctly prevents invalid GraphQL syntax by building mutation fields and parameters based on which fields are actually being updated.

🦅 Observed from above by Dev Hawk

[pelikhan]

@copilot include a footer that points to the workflow run similarly to other generated messages.

[Copilot]

@copilot include a footer that points to the workflow run similarly to other generated messages.

Added footer generation to update-discussion body updates. The footer is automatically appended when updating a discussion body and includes:

• Workflow name with link to run URL
• Triggering issue/PR/discussion number (if available)
• Installation instructions (if workflow source is available)
• XML marker for traceability

Format matches other safe output types:

> AI generated by [Workflow Name](run_url) for #123

Changes in commit 2acbef7.