From 01918e900413ed4a4652b15ae14d83bd060baaef Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 15 Jan 2026 17:16:28 +0000
Subject: [PATCH 1/3] Initial plan


From e24ef746edfb3a053ca614361e2d0b75a4771981 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 15 Jan 2026 17:27:53 +0000
Subject: [PATCH 2/3] Initial plan for fixing campaign generator safe outputs

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
---
 .github/workflows/daily-safe-output-optimizer.lock.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml
index 460e8a45e44..902d0dde57f 100644
--- a/.github/workflows/daily-safe-output-optimizer.lock.yml
+++ b/.github/workflows/daily-safe-output-optimizer.lock.yml
@@ -1041,11 +1041,6 @@ jobs:
                 GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY
               }
             });
-      - name: Append XPIA security instructions to prompt
-        env:
-          GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt
-        run: |
-          cat "/opt/gh-aw/prompts/xpia_prompt.md" >> "$GH_AW_PROMPT"
       - name: Append temporary folder instructions to prompt
         env:
           GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt

From 926dd33aa481f29fddc23e657624e969c9b058d3 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 15 Jan 2026 17:33:52 +0000
Subject: [PATCH 3/3] Add missing safe output tool definitions to
 actions/setup/js

- Add create_project tool definition
- Add create_project_status_update tool definition
- Add copy_project tool definition
- Add autofix_code_scanning_alert tool definition
- Add mark_pull_request_as_ready_for_review tool definition

The actions/setup/js/safe_outputs_tools.json file was out of sync with pkg/workflow/js/safe_outputs_tools.json, causing MCP tools to be unavailable at runtime.

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
---
 actions/setup/js/safe_outputs_tools.json | 134 +++++++++++++++++++++++
 1 file changed, 134 insertions(+)

diff --git a/actions/setup/js/safe_outputs_tools.json b/actions/setup/js/safe_outputs_tools.json
index be96b9081ad..c079ce211a9 100644
--- a/actions/setup/js/safe_outputs_tools.json
+++ b/actions/setup/js/safe_outputs_tools.json
@@ -672,5 +672,139 @@
       },
       "additionalProperties": false
     }
+  },
+  {
+    "name": "create_project",
+    "description": "Create a new empty GitHub Projects v2 board. Use this to create a project board for organizing work. The project is created empty and can be populated with issues and custom fields after creation.",
+    "inputSchema": {
+      "type": "object",
+      "required": [],
+      "properties": {
+        "title": {
+          "type": "string",
+          "description": "Title for the new project. Should be descriptive and unique within the owner's projects. If not provided, will be auto-generated using the title-prefix configuration (default: 'Campaign') as '<title-prefix>: <issue-title>' or '<title-prefix> #<issue-number>' based on the issue context."
+        },
+        "owner": {
+          "type": "string",
+          "description": "Login name of the organization or user that will own the new project (e.g., 'myorg' or 'username'). The token must have access to this owner. Optional if target-owner is configured in the workflow frontmatter."
+        },
+        "owner_type": {
+          "type": "string",
+          "enum": ["org", "user"],
+          "description": "Type of owner: 'org' for organization or 'user' for user account. Default: 'org'."
+        },
+        "item_url": {
+          "type": "string",
+          "pattern": "^https://github\\\\.com/[^/]+/[^/]+/issues/\\\\d+$",
+          "description": "Optional GitHub issue URL to add as the first item to the project (e.g., 'https://github.com/owner/repo/issues/123')."
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  {
+    "name": "create_project_status_update",
+    "description": "Create a status update on a GitHub Projects v2 board. Status updates provide stakeholder communication and historical record of project progress with a timeline. Requires project URL, status indicator, dates, and markdown body describing progress/trends/findings.",
+    "inputSchema": {
+      "type": "object",
+      "required": ["project", "body"],
+      "properties": {
+        "project": {
+          "type": "string",
+          "pattern": "^https://github\\\\.com/(orgs|users)/[^/]+/projects/\\\\d+$",
+          "description": "Full GitHub project URL (e.g., 'https://github.com/orgs/myorg/projects/42' or 'https://github.com/users/username/projects/5'). Project names or numbers alone are NOT accepted."
+        },
+        "status": {
+          "type": "string",
+          "enum": ["ON_TRACK", "AT_RISK", "OFF_TRACK", "COMPLETE", "INACTIVE"],
+          "description": "Status indicator for the project. Defaults to ON_TRACK. Values: ON_TRACK (progressing well), AT_RISK (has issues/blockers), OFF_TRACK (significantly behind), COMPLETE (finished), INACTIVE (paused/cancelled)."
+        },
+        "start_date": {
+          "type": "string",
+          "pattern": "^\\\\d{4}-\\\\d{2}-\\\\d{2}$",
+          "description": "Optional project start date in YYYY-MM-DD format (e.g., '2026-01-06')."
+        },
+        "target_date": {
+          "type": "string",
+          "pattern": "^\\\\d{4}-\\\\d{2}-\\\\d{2}$",
+          "description": "Optional project target/end date in YYYY-MM-DD format (e.g., '2026-12-31')."
+        },
+        "body": {
+          "type": "string",
+          "description": "Status update body in markdown format describing progress, findings, trends, and next steps. Should provide stakeholders with clear understanding of project state."
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  {
+    "name": "copy_project",
+    "description": "Copy a GitHub Projects v2 board to create a new project with the same structure, fields, and views. Useful for duplicating project templates or migrating projects between organizations. By default, draft issues are not copied unless includeDraftIssues is set to true. If the workflow has configured default values for source-project or target-owner, those fields become optional in the tool call.",
+    "inputSchema": {
+      "type": "object",
+      "required": ["title"],
+      "properties": {
+        "sourceProject": {
+          "type": "string",
+          "pattern": "^https://github\\\\.com/(orgs|users)/[^/]+/projects/\\\\d+$",
+          "description": "Full GitHub project URL of the source project to copy (e.g., 'https://github.com/orgs/myorg/projects/42' or 'https://github.com/users/username/projects/5'). Optional if source-project is configured in the workflow frontmatter."
+        },
+        "owner": {
+          "type": "string",
+          "description": "Login name of the organization or user that will own the new project (e.g., 'myorg' or 'username'). The token must have access to this owner. Optional if target-owner is configured in the workflow frontmatter."
+        },
+        "title": {
+          "type": "string",
+          "description": "Title for the new project. Should be descriptive and unique within the owner's projects."
+        },
+        "includeDraftIssues": {
+          "type": "boolean",
+          "description": "Whether to copy draft issues from the source project. Default: false."
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  {
+    "name": "autofix_code_scanning_alert",
+    "description": "Create an autofix for a code scanning alert. Use this to provide automated fixes for security vulnerabilities detected by code scanning tools. The fix should contain the corrected code that resolves the security issue.",
+    "inputSchema": {
+      "type": "object",
+      "required": ["alert_number", "fix_description", "fix_code"],
+      "properties": {
+        "alert_number": {
+          "type": ["number", "string"],
+          "description": "The security alert number to create an autofix for. This is the numeric ID from the code scanning alert (e.g., 42 in github.com/owner/repo/security/code-scanning/42)."
+        },
+        "fix_description": {
+          "type": "string",
+          "description": "Clear description of the fix being applied. Explain what security issue is being resolved and how the fix addresses it."
+        },
+        "fix_code": {
+          "type": "string",
+          "description": "The code changes to apply as the autofix. This should be the corrected code that resolves the security vulnerability."
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  {
+    "name": "mark_pull_request_as_ready_for_review",
+    "description": "Mark a draft pull request as ready for review by setting draft=false and adding a comment. Use this when a draft PR has reached a state where it's ready for team review. The comment should explain what was completed and why the PR is now ready.",
+    "inputSchema": {
+      "type": "object",
+      "required": ["reason"],
+      "properties": {
+        "reason": {
+          "type": "string",
+          "description": "Comment explaining why the PR is ready for review (e.g., 'All tests passing and documentation updated', 'Feature implementation complete and ready for feedback')."
+        },
+        "pull_request_number": {
+          "type": ["number", "string"],
+          "description": "Pull request number to mark as ready. This is the numeric ID from the GitHub URL (e.g., 432 in github.com/owner/repo/pull/432). If omitted, marks the PR that triggered this workflow (requires a pull_request event trigger)."
+        }
+      },
+      "additionalProperties": false
+    }
   }
 ]