safe_output_handler_manager ignores allowed-domains, redacts URLs from allowlisted domains #18465
Description
Description
The allowed-domains configuration under safe-outputs: in the workflow frontmatter does not prevent URL redaction by the safe_output_handler_manager.cjs. URLs from explicitly allowed domains are still replaced with (domain/redacted) in comments.
Reproduction
Frontmatter:
safe-outputs:
allowed-domains:
- docs.example.com
- api.example.com
add-comment:Compiled output shows two different behaviors:
-
collect_ndjson_output.cjs(agent job, ingestion step) — correctly receivesGH_AW_ALLOWED_DOMAINS: "docs.example.com,api.example.com"as an env var and passes URLs through without redaction. ✅ -
safe_output_handler_manager.cjs(safe_outputs job) — does NOT receiveGH_AW_ALLOWED_DOMAINS. ItsGH_AW_SAFE_OUTPUTS_HANDLER_CONFIGonly contains{"add_comment":{"max":1},...}with no domain allowlist. It redacts all non-GitHub URLs:
Redacted URL: docs.example....
Redacted URL: docs.example....
The allowed-domains config only populates GH_AW_ALLOWED_DOMAINS in the agent job's collect_ndjson_output step. The safe_outputs job's Process Safe Outputs step has no access to this configuration.
Expected behavior
URLs from domains listed in safe-outputs.allowed-domains should pass through to the final comment unredacted. The allowed domains should be propagated to the safe_output_handler_manager.cjs — either via the GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG JSON, a separate env var, or the agent output artifact.
Environment
- gh-aw compiler: v0.50.4 (also reproduced on v0.49.4)
- Engine: Copilot CLI
- Trigger:
issue_comment,issues: labeled
Workaround
Instruct the agent to output doc site paths (e.g. /docs/product/page-name) instead of full URLs to avoid triggering the URL sanitizer.