Reduce duplicate code in safe output JS bootstrapping with shared runner helper

[Copilot]

Every safe-output CommonJS script repeated the same ~20-line bootstrap: load agent output, filter by type, short-circuit on failure, render staged preview. This was duplicated across 20+ files.

Changes

• New safe_output_runner.cjs module - Shared helper with runSafeOutput() that handles common bootstrap logic
• Migrated 10 scripts to use the shared helper:
  • add_labels.cjs, add_reviewer.cjs, assign_milestone.cjs
  • update_issue.cjs, update_release.cjs, noop.cjs
  • close_issue.cjs, create_issue.cjs, add_comment.cjs

Usage

Before (repeated in each file):

const result = loadAgentOutput();
if (!result.success) return;
const items = result.items.filter(item => item.type === "add_labels");
if (items.length === 0) { core.info("No add-labels items..."); return; }
if (process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true") {
  await generateStagedPreview({ title: "...", items, renderItem: ... });
  return;
}
// actual processing

After:

await runSafeOutput({
  itemType: "add_labels",
  itemTypePlural: "add-labels",
  stagedTitle: "Add Labels",
  stagedDescription: "The following labels would be added...",
  renderStagedItem: renderLabelsPreview,
  processItems: processLabelItems,
});

Not migrated (future work)

close_discussion.cjs, create_discussion.cjs, close_pull_request.cjs, create_pr_review_comment.cjs, create_code_scanning_alert.cjs, upload_assets.cjs, update_project.cjs, assign_to_agent.cjs

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login o_main.o (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login 01.o (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[duplicate-code] Duplicate Code: Safe Output JS Bootstrapping</issue_title>
<issue_description># 🔍 Duplicate Code Detected: Safe Output JS Bootstrapping

Analysis of commit 7f52241

Assignee: @copilot

Summary

Every safe-output CommonJS runner (pkg/workflow/js/*.cjs) repeats the same 20+ line bootstrap: load agent output, filter items for a specific type, short-circuit on failure, and render a staged preview when GH_AW_SAFE_OUTPUTS_STAGED is true. This code is copied file-by-file (add_labels, assign_milestone, add_reviewer, create_issue, close_issue, etc.) with only minor differences in the preview title/renderer, creating 20+ near-identical blocks whenever a new safe-output is added.

Duplication Details

Pattern: Repeated loadAgentOutput/preview scaffolding in safe-output scripts

• Severity: Medium
• Occurrences: 20+ CommonJS runners (all newly added/modified in HEAD)
• Locations:
  • pkg/workflow/js/add_labels.cjs:9-39
  • pkg/workflow/js/assign_milestone.cjs:8-34
  • pkg/workflow/js/add_reviewer.cjs:13-44
  • pkg/workflow/js/create_issue.cjs:19-54
  • pkg/workflow/js/close_discussion.cjs:109-141
• Code Sample:

// add_labels.cjs:9-39 (same structure in assign_milestone.cjs, add_reviewer.cjs, create_issue.cjs, etc.)
const result = loadAgentOutput();
if (!result.success) {
  return;
}

const labelsItem = result.items.find(item => item.type === "add_labels");
if (!labelsItem) {
  core.warning("No add-labels item found in agent output");
  return;
}

if (process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true") {
  await generateStagedPreview({
    title: "Add Labels",
    description: "The following labels would be added if staged mode was disabled:",
    items: [labelsItem],
    renderItem: renderLabelsPreview,
  });
  return;
}

Impact Analysis

• Maintainability: Any change to staged-mode behavior or logging must be copied manually across 20+ files, inviting drift and copy/paste bugs.
• Bug Risk: Several scripts already diverge (e.g., some log core.warning, some core.info), so a fix in one runner will likely be missed elsewhere.
• Code Bloat: Adds hundreds of lines of repeated boilerplate in a single commit, making reviewers parse the same pattern repeatedly.

Refactoring Recommendations

1. Introduce a shared runner helper
   • Extract a module (e.g., safe_output_runner.cjs) that handles loadAgentOutput, staged mode summaries, and common logging before handing control to a per-output callback.
   • Estimated effort: 1-2 days to design an options object (item type, preview renderer, max items) and update existing scripts.
   • Benefits: single point to adjust staged behavior or telemetry.
2. Provide reusable staged preview builders
   • Move the Markdown rendering templates (title/description/fields) into small renderer functions that can be passed into the shared helper; keep business logic isolated.
   • Benefits: eliminates 10-15 lines per file while keeping output customization explicit.

Implementation Checklist

• Review duplicated staged-mode/bootstrap logic across pkg/workflow/js/*.cjs
• Design shared helper signature (item selector, renderer, validation hooks)
• Migrate existing scripts to the helper
• Add regression coverage ensuring staged previews/logging still work

Analysis Metadata

• Analyzed Files: ~150 changed .go/.cjs files (focus on safe-output runners)
• Detection Method: Serena semantic code analysis + ripgrep pattern search (loadAgentOutput blocks)
• Commit: 7f52241
• Analysis Date: 2025-11-26T21:06:07Z

AI generated by Duplicate Code Detector</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [duplicate-code] Duplicate Code: Safe Output JS Bootstrapping #4882

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.