Add assign-to-user safe output type

[Copilot]

• Add assign-to-user safe output type (analogous to assign-to-agent)
  • Add JSON schema definition in pkg/parser/schemas/main_workflow_schema.json
  • Add Go struct AssignToUserConfig in pkg/workflow/assign_to_user.go
  • Add parsing logic in pkg/workflow/safe_outputs.go
  • Create pkg/workflow/assign_to_user.go for job builder
  • Create pkg/workflow/js/assign_to_user.cjs JavaScript implementation
  • Add to safe_outputs_tools.json tool definition
  • Register script in pkg/workflow/scripts.go
  • Add embed directive in pkg/workflow/scripts.go
  • Add to generateFilteredToolsJSON() and generateSafeOutputsConfig() in safe_outputs.go
  • Add to HasSafeOutputsEnabled() check
  • Add to compiler_jobs.go for job building
  • Add to safe_output_validation_config.go for validation
  • Update tests
  • Update documentation in docs/src/content/docs/reference/safe-outputs.md
• Run tests and validate
• Run make agent-finish for final validation
• Fix code review feedback (default max value)
• Refactor to use ParseListJobConfig for consistency
• Add test workflow pkg/cli/workflows/test-assign-to-user.md
• Update dev.md to use assign-to-user for mrjf
• Fix assign-to-user job not invoked on workflow_dispatch (add target: "*")
• Fix resolveTarget to handle issue_number field for target="*"
• Update dev.md to pick any open unassigned issue

Original prompt

add-safe-output-type

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Add assign-to-user safe output type with schema, Go structs, job builder, JavaScript runner script, tests, and documentation.

AI generated by Changeset Generator

---

---

Smoke Test Summary

• Timestamp: 2025-12-03T00:57:55Z
• Status: PASS
• All Copilot engine tests passed (GitHub MCP, file I/O, bash, Playwright)

AI generated by Smoke Copilot No Firewall

[pelikhan]

@copilot add a test agentic workflow (with the other test files) that uses this safe output type.

[Copilot]

@copilot add a test agentic workflow (with the other test files) that uses this safe output type.

Added pkg/cli/workflows/test-assign-to-user.md in commit 996a78a.

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

🤖 SYSTEM_INIT: Smoke Copilot No Firewall ACTIVATED. PROCESSING pull request. ALL SUBSYSTEMS ONLINE.

[github-actions]

📰 BREAKING: Smoke Copilot Playwright is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Convert embedded custom agents to prompt file format #5337: Convert embedded custom agents to prompt file format
• refactor: rename to firewall-escape.md, add 80% novelty requirement, and increase timeout #4789: refactor: rename to firewall-escape.md, add 80% novelty requirement, and increase timeout

Test Results:

• ✅ GitHub MCP Testing
• ✅ File Writing Testing
• ✅ Bash Tool Testing

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot fer issue #5340 🗺️

[github-actions]

Smoke Test: Claude Engine Validation (Run 19878593872)

Recent PRs:

• Migrate workflow commands (run, status, logs, audit) to RunE #5329: Migrate workflow commands to RunE
• feat: enable firewall on claude and remove hooks" #4792: Enable firewall on claude

Test Results:
✅ GitHub MCP: Retrieved last 2 merged PRs
✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-claude-19878593872.txt
✅ Bash Tool: Verified file contents
✅ Playwright MCP: Navigated to GitHub, title contains "GitHub"

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #5340 🗺️

[github-actions]

Convert embedded custom agents to prompt file format
Migrate workflow commands (run, status, logs, audit) to RunE
GitHub MCP testing: ✅
File writing testing: ✅
Bash tool testing: ✅
Playwright MCP testing: ✅
Overall status: PASS

🔮 The oracle has spoken through Smoke Codex fer issue #5340 🗺️

[pelikhan]

@copilot update dev.md to assign an issue to mrjf on workflow dispatch

[Copilot]

@copilot update dev.md to assign an issue to mrjf on workflow dispatch

Updated .github/workflows/dev.md to use assign-to-user with mrjf as the allowed assignee in commit 4e070e1.

[github-actions]

✅ Dev Hawk Report - Success

Workflow Run: #3030

• Status: ✅ success
• Commit: 4e070e1
• Branch: copilot/add-safe-output-type
• Duration: 1m 49s
• Triggered by: @pelikhan

Summary

The Dev workflow completed successfully! 🎉

This run validated the changes from commit 4e070e1 which updates the dev.md workflow to use assign-to-user for mrjf on workflow dispatch.

---

🦅 Automated report by Dev Hawk

🦅 Observed from above by Dev Hawk

[pelikhan]

The assign to user safe output job was not invoked in this run https://github.com/githubnext/gh-aw/actions/runs/19882156439/job/56982274706#step:32:1. Investigate why.

[pelikhan]

@copilot execute comment above

[Copilot]

The assign to user safe output job was not invoked in this run https://github.com/githubnext/gh-aw/actions/runs/19882156439/job/56982274706#step:32:1. Investigate why.

The assign_to_user job was skipped because the job condition included (github.event.issue.number) which evaluates to falsy on workflow_dispatch events (no issue context).

Fixed by adding target: "*" to the assign-to-user config in dev.md, which tells the compiler that the issue number comes from the agent's output rather than the event context. This removes the issue context requirement from the job condition.

Fixed in c28b405.

[pelikhan]

@copilot handle the case where target="*" in the javascript. See failed job at https://github.com/githubnext/gh-aw/actions/runs/19882573193/job/56983535857

[github-actions]

⚠️ Dev Hawk Report - Failure Analysis

Workflow Run: #3031

• Status: failure
• Commit: c28b405
• Duration: ~104 seconds
• Failed Job: assign_to_user

Root Cause Analysis

The assign-to-user job failed during target resolution when processing a safe output with target: "*". The error indicates a mismatch between the configuration and the runtime context:

Error Message:

Target is "*" but no item_number specified in user assignment item

Issue Details

When target: "*" is configured (which means "apply to any issue/PR"), the safe output processing expects the agent's output to include an item_number field to specify which issue to target. However, when triggered via workflow_dispatch (manual trigger), there's no associated issue context, and the agent output doesn't contain an item_number.

The Configuration:

• target: "*" was added to make the job work with workflow_dispatch
• This allows the job to run without requiring github.event.issue.number
• But the JavaScript implementation expects item_number in the agent output when target is "*"

What happened:

1. Workflow was triggered via workflow_dispatch (no issue context)
2. Job ran with target: "*" configuration
3. Agent produced output without item_number field
4. Target resolution failed because "*" requires explicit item_number

Recommended Actions

Choose one of the following approaches:

• Option 1: Make item_number optional when there's a current issue context

  • Update the target resolution logic in assign_to_user.cjs to fall back to context.issue.number when item_number is not provided
  • This would match the behavior of other safe outputs

• Option 2: Skip the job on workflow_dispatch when there's no issue

  • Update the job condition to include github.event.issue.number check
  • Remove target: "*" since it won't work without an issue context anyway

• Option 3: Make the target resolution more flexible

  • When target: "*" and no item_number is provided, check if there's a current issue/PR from the workflow trigger context
  • Use that as the implicit target if available

Context

This is a test of the new assign-to-user safe output feature. The fix in commit c28b405 attempted to make the job work with workflow_dispatch by adding target: "*", but this exposed a gap in how the target resolution handles the wildcard case without an explicit item number.

🦅 Observed from above by Dev Hawk

[pelikhan]

@copilot update dev.md to pick an issue if none is specified in context.

[Copilot]

@copilot handle the case where target="*" in the javascript. See failed job at https://github.com/githubnext/gh-aw/actions/runs/19882573193/job/56983535857

The resolveTarget function in safe_output_helpers.cjs was only checking for item_number and pull_request_number when target="*", but the agent output uses issue_number.

Fixed by adding issue_number to the list of fields checked when target="*" and supportsPR is true.

Fixed in b90b51a.

[Copilot]

@copilot update dev.md to pick an issue if none is specified in context.

Updated dev.md to search for any open unassigned issue in the repository instead of only "[deps]" issues. The workflow now finds the first open issue not already assigned to mrjf.

Fixed in 5835830.

[github-actions]

✅ Dev Hawk Report - Success

Workflow Run: #3032

• Status: ✅ success
• Commit: f1161df
• Duration: ~1m 48s
• Branch: copilot/add-safe-output-type

The Dev workflow completed successfully! 🎉

Summary

The workflow executed the following commit:

Fix: Update setup-node action version and streamline numberField assignment in safe_output_helpers

All checks passed without issues.

🦅 Observed from above by Dev Hawk