feat: add edit-wiki safe-output for pushing changes to repository wikis#29626
Open
feat: add edit-wiki safe-output for pushing changes to repository wikis#29626
Conversation
- Add EditWikiConfig struct and parseEditWikiConfig parser - Register edit-wiki in SafeOutputsConfig and safe_outputs_config.go - Extend usesPatchesAndCheckouts to include edit-wiki for patch/auth support - Add usesPRCheckout helper to guard compile-time repo checkout (PR-only) - Update compiler_safe_outputs_job.go to use usesPRCheckout for checkout steps - Add edit_wiki handler config builder in compiler_safe_outputs_handlers.go - Add contents: write permissions for edit-wiki - Add edit_wiki to safe_outputs_tools.json tool definition - Add edit_wiki repo parameter support in safe_outputs_tools_repo_params.go - Add edit-wiki to JSON schema (main_workflow_schema.json) - Create JS handler edit_wiki.cjs that clones wiki, applies patch, pushes - Register edit_wiki in safe_output_handler_manager.cjs - Add comprehensive Go tests for edit-wiki config and compilation Agent-Logs-Url: https://github.com/github/gh-aw/sessions/62d937c5-0490-4dcd-9f26-4bbb6e05442e Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/62d937c5-0490-4dcd-9f26-4bbb6e05442e Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
pelikhan
May 1, 2026 21:03
View session
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new edit-wiki safe-output to allow agent workflows to apply locally committed wiki changes (via patch artifacts) and push them to a repository’s wiki.
Changes:
- Introduces
EditWikiConfigparsing, schema support, and tool definition for the newedit_wikihandler. - Extends safe-outputs compilation/runtime logic to include wiki patch download while avoiding unnecessary source-repo checkout.
- Adds JS handler implementation to clone the wiki repo, apply patch via
git am --3way, and push updates; includes tests.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/edit_wiki.go | Adds edit-wiki config struct + parser and wires base safe-output fields. |
| pkg/workflow/edit_wiki_test.go | Tests parsing/compilation behavior, permissions, and checkout/patch-step selection. |
| pkg/workflow/compiler_types.go | Registers EditWiki in SafeOutputsConfig. |
| pkg/workflow/safe_outputs_config.go | Hooks parseEditWikiConfig into safe-outputs extraction. |
| pkg/workflow/safe_outputs_runtime.go | Updates patch/checkout detection and introduces usesPRCheckout separation. |
| pkg/workflow/compiler_safe_outputs_job.go | Downloads patch artifact for edit-wiki while skipping repo checkout when only wiki edits are enabled. |
| pkg/workflow/compiler_safe_outputs_handlers.go | Builds handler config for edit_wiki (max/limits, repo targeting, token, staged). |
| pkg/workflow/safe_outputs_permissions.go | Adds contents: write when edit-wiki is enabled (non-staged). |
| pkg/workflow/safe_outputs_tools_repo_params.go | Enables conditional repo tool parameter support for edit_wiki. |
| pkg/workflow/js/safe_outputs_tools.json | Adds edit_wiki tool schema entry. |
| pkg/parser/schemas/main_workflow_schema.json | Adds workflow schema support for safe-outputs.edit-wiki. |
| actions/setup/js/safe_output_handler_manager.cjs | Registers the new edit_wiki handler module. |
| actions/setup/js/edit_wiki.cjs | Implements the wiki clone/apply/push handler logic. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 13/13 changed files
- Comments generated: 3
Comment on lines
+67
to
+68
| // Parse common base fields with default max of 0 (no limit) | ||
| c.parseBaseSafeOutputConfig(configMap, &editWikiConfig.BaseSafeOutputConfig, 0) |
There was a problem hiding this comment.
parseBaseSafeOutputConfig(..., defaultMax) is called with 0, which means max is omitted from the handler config when not explicitly set. In the JS handler, that becomes maxCount = config.max || 0 (unlimited), which conflicts with the workflow schema/docs for edit-wiki that describe a default max of 1 and a maximum of 10. Consider setting defaultMax to 1 here (and keeping the JS default aligned) so an omitted max still enforces the intended safety limit.
Suggested change
| // Parse common base fields with default max of 0 (no limit) | |
| c.parseBaseSafeOutputConfig(configMap, &editWikiConfig.BaseSafeOutputConfig, 0) | |
| // Parse common base fields with default max of 1 | |
| c.parseBaseSafeOutputConfig(configMap, &editWikiConfig.BaseSafeOutputConfig, 1) |
Contributor
There was a problem hiding this comment.
Great discussion point! Smoke test agent noticed this too — well-structured code makes automated analysis much easier. 🤖
📰 BREAKING: Report filed by Smoke Copilot · ● 852.3K
Contributor
There was a problem hiding this comment.
Me caveman reviewer also look at this code. Good work! Wiki safe-output very useful for pushing changes. Me approve. 🦴
📰 BREAKING: Report filed by Smoke Copilot · ● 1.2M
| if (commitTitleSuffix) { | ||
| core.info(`Appending commit title suffix: "${commitTitleSuffix}"`); | ||
| let patchFileContent = fs.readFileSync(patchFilePath, "utf8"); | ||
| patchFileContent = patchFileContent.replace(/^Subject: (?:\[PATCH\] )?(.*)$/gm, (match, title) => `Subject: [PATCH] ${title}${commitTitleSuffix}`); |
There was a problem hiding this comment.
The commitTitleSuffix logic rewrites Subject: headers using ^Subject: (?:\[PATCH\] )?(.*)$, which does not match common git format-patch subjects like Subject: [PATCH 1/3] ... or Subject: [PATCH v2 1/3] .... When those occur, this rewrite produces duplicated prefixes like Subject: [PATCH] [PATCH 1/3] ...<suffix>. Adjust the pattern to handle the full [PATCH ...] prefix (or avoid normalizing the [PATCH] prefix and just append the suffix to the existing subject).
Suggested change
| patchFileContent = patchFileContent.replace(/^Subject: (?:\[PATCH\] )?(.*)$/gm, (match, title) => `Subject: [PATCH] ${title}${commitTitleSuffix}`); | |
| patchFileContent = patchFileContent.replace( | |
| /^Subject: (\[PATCH[^\]]*\] )?(.*)$/gm, | |
| (match, patchPrefix, title) => `Subject: ${patchPrefix || "[PATCH] "}${title}${commitTitleSuffix}`, | |
| ); |
| const { isStagedMode } = require("./safe_output_helpers.cjs"); | ||
| const { getErrorMessage } = require("./error_helpers.cjs"); | ||
| const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs"); | ||
| const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs"); |
There was a problem hiding this comment.
createAuthenticatedGitHubClient is imported but never used in this handler. If the wiki handler doesn't need an API client, removing the unused import will keep the dependency surface and intent clearer.
Suggested change
| const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs"); |
Contributor
There was a problem hiding this comment.
Ugh! Me also notice! Unused import bad. Cave code keep clean. Good find!
📰 BREAKING: Report filed by Smoke Copilot · ● 1.4M
Collaborator
|
@copilot update smoke-codex to create a new wiki page with a haiku and link it from the main wiki page using edit-wiki |
- Add editWikiHandler to safe_outputs_handlers.cjs: generates incremental patch from a wiki clone directory committed by the agent - Register edit_wiki in safe_outputs_tools_loader.cjs handler map - Add wiki_dir parameter to edit_wiki tool schema (safe_outputs_tools.json) - Fix unused createAuthenticatedGitHubClient import in edit_wiki.cjs - Fix commitTitleSuffix regex to handle [PATCH N/M] and [PATCH vN] prefixes - Fix edit_wiki.go default max from 0 to 1 (aligns with schema constraint) - Update smoke-codex.md: add edit-wiki to safe-outputs and test #10 that clones the wiki, creates a haiku page, links it from Home.md, commits, and calls the edit_wiki safe-output tool Agent-Logs-Url: https://github.com/github/gh-aw/sessions/125b6501-1921-46a1-a885-289ae2df5adc Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in cb9dd49. The smoke-codex workflow now has an Edit Wiki test (#10) that:
The commit also wires up the missing MCP server-side handler ( Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Collaborator
|
@copilot merge main and recompile |
…-support # Conflicts: # pkg/parser/schemas/main_workflow_schema.json Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 950437d. Merged origin/main (resolved a conflict in Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Contributor
|
🚀 Smoke OpenCode MISSION COMPLETE! OpenCode delivered. 🔥 |
Contributor
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
Contributor
|
|
Contributor
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
Contributor
|
|
Collaborator
|
@copilot merge main and recompile |
…-support # Conflicts: # .github/workflows/smoke-codex.lock.yml Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/ad634f1c-5c55-4f62-bd25-917f3de41bfe Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 5e6f65e. Merged origin/main (one conflict in Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Collaborator
|
@copilot merge main and recompile Add edit-wiki testing in dev.md |
…-support # Conflicts: # .github/workflows/smoke-codex.lock.yml Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/68909dbe-445b-4ac4-9d3e-6c3aac9389dd Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 7a31cf0. Merged origin/main (one conflict in
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Contributor
|
✅ Dev completed successfully! |
Collaborator
|
@copilot update dev.md to use copilot |
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/48d1a57e-07de-47c2-accf-ff40bcf95b62 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in d366009. Changed Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Contributor
|
✅ Dev completed successfully! |
Collaborator
|
@copilot review run and ensure edit-wiki changes were pushed. https://github.com/github/gh-aw/actions/runs/25292144360/job/74145665780 |
Contributor
Author
The run (25292144360) is the dev.md workflow (just converted to The edit-wiki code changes are all still in place: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
edit-wikias a new safe-output that allows agentic workflows to push committed changes to a repository's wiki.How it works
/tmp/gh-aw/wiki), creates or edits wiki page files, and commits the changesedit_wikiMCP tool, which generates an incremental git patch from the wiki clone's committed changessafe_outputsjob, theedit_wikihandler:owner/repo.wiki.gitto a temp directorygit am --3waymasterby default)Configuration
Agent usage pattern
Key design decisions
usesPatchesAndCheckoutsextended to includeedit-wikiso that:GITHUB_TOKEN, CI trigger token) are set in the safe-outputs jobusesPRCheckouthelper separates the compile-time repo checkout (needed forcreate-pull-requestandpush-to-pull-request-branch) fromedit-wiki(which clones the wiki at runtime and does not need a pre-checkout of the source repo)contents: writeis required (nopull-requests: write)editWikiHandlerinsafe_outputs_handlers.cjs) generates an incremental patch from the agent's wiki clone usingmode: incremental— captures only commits made by the agent on top of the cloned statesafe_outputs_tools.jsonwithwiki_dirandrepoparametersFiles changed
pkg/workflow/edit_wiki.goEditWikiConfigstruct and parser (default max: 1)pkg/workflow/edit_wiki_test.gopkg/workflow/compiler_types.goEditWikitoSafeOutputsConfigpkg/workflow/safe_outputs_config.gopkg/workflow/safe_outputs_runtime.gousesPatchesAndCheckouts, addedusesPRCheckoutpkg/workflow/compiler_safe_outputs_job.gousesPRCheckoutfor checkout step guardpkg/workflow/compiler_safe_outputs_handlers.goedit_wikipkg/workflow/safe_outputs_permissions.gocontents: writepermissionspkg/workflow/safe_outputs_tools_repo_params.gorepoparameter supportpkg/workflow/js/safe_outputs_tools.jsonwiki_dirparam)pkg/parser/schemas/main_workflow_schema.jsonedit-wikiconfigactions/setup/js/edit_wiki.cjsactions/setup/js/safe_outputs_handlers.cjseditWikiHandler(patch generation)actions/setup/js/safe_outputs_tools_loader.cjsedit_wikiin handler mapactions/setup/js/safe_output_handler_manager.cjs.github/workflows/smoke-codex.mdedit-wikisafe-output + test #10 (haiku wiki page)✨ PR Review Safe Output Test - Run 25236550777
Changeset
edit-wikisafe-output for pushing committed agent changes to repository wikis.Warning
Firewall blocked 2 domains
The following domains were blocked by the firewall during workflow execution:
ab.chatgpt.comchatgpt.comSee Network Configuration for more information.
✨ PR Review Safe Output Test - Run 25239718599
✨ PR Review Safe Output Test - Run 25250657000