From 12f1c59b3ef4ec311171bc68b6876954114b39d9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 28 May 2026 22:15:31 +0000
Subject: [PATCH 1/2] Initial plan


From 71ebd7ea9fb91c68042f1cad3b316c91f14a60d6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 28 May 2026 22:27:13 +0000
Subject: [PATCH 2/2] fix(safeoutputs): clarify parameter names in prompt and
 tool descriptions

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
---
 actions/setup/md/mcp_cli_tools_prompt.md | 4 ++--
 pkg/workflow/js/safe_outputs_tools.json  | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/actions/setup/md/mcp_cli_tools_prompt.md b/actions/setup/md/mcp_cli_tools_prompt.md
index c78a617c53f..fa454e813cc 100644
--- a/actions/setup/md/mcp_cli_tools_prompt.md
+++ b/actions/setup/md/mcp_cli_tools_prompt.md
@@ -29,7 +29,7 @@ playwright browser_snapshot                        # capture page accessibility
 
 **Example** — using the `safeoutputs` CLI (safe outputs) when you are ready to emit the final real action:
 ```bash
-safeoutputs add_comment --issue_number 42 --body "Analysis complete"
+safeoutputs add_comment --item_number 42 --body "Analysis complete"
 ```
 
 **Example** — using the `mcpscripts` CLI (mcp-scripts):
@@ -44,7 +44,7 @@ mcpscripts mcpscripts-gh --args "pr list --repo owner/repo --limit 5"
 
 ```bash
 # Full argument payload as JSON via printf pipe
-printf '{"issue_number":42,"body":"### Title\n\nBody paragraph one.\n\nBody paragraph two."}' \
+printf '{"item_number":42,"body":"### Title\n\nBody paragraph one.\n\nBody paragraph two."}' \
   | safeoutputs add_comment .
 
 # Works with any tool — just match the parameter names from <server> <tool> --help
diff --git a/pkg/workflow/js/safe_outputs_tools.json b/pkg/workflow/js/safe_outputs_tools.json
index 06971d98703..267b4d44f50 100644
--- a/pkg/workflow/js/safe_outputs_tools.json
+++ b/pkg/workflow/js/safe_outputs_tools.json
@@ -118,7 +118,7 @@
         },
         "category": {
           "type": "string",
-          "description": "Discussion category by name (e.g., 'General'), slug (e.g., 'general'), or ID. If omitted, uses the first available category. Category must exist in the repository."
+          "description": "Discussion category by name (e.g., 'General'), slug (e.g., 'general'), or ID. If omitted, uses the first available category. Category must exist in the repository. NOTE: the field is named category (not categoryId or category_id as in the GitHub GraphQL API) \u2014 alternate spellings are silently stripped."
         },
         "secrecy": {
           "type": "string",
@@ -297,7 +297,7 @@
             "number",
             "string"
           ],
-          "description": "The issue, pull request, or discussion number to comment on. This is the numeric ID from the GitHub URL (e.g., 123 in github.com/owner/repo/issues/123). Can also be a temporary_id from a previously created issue in the same workflow run \u2014 use the '#aw_abc123' form; the bare 'aw_abc123' form is also accepted and normalised to '#aw_abc123'. If omitted, the tool auto-targets the issue, PR, or discussion that triggered this workflow. Auto-targeting only works for issue, pull_request, discussion, and comment event triggers \u2014 it does NOT work for schedule, workflow_dispatch, push, or workflow_run triggers. For those trigger types, always provide item_number explicitly, or the tool call will fail with an error."
+          "description": "The issue, pull request, or discussion number to comment on. This is the numeric ID from the GitHub URL (e.g., 123 in github.com/owner/repo/issues/123). Can also be a temporary_id from a previously created issue in the same workflow run \u2014 use the '#aw_abc123' form; the bare 'aw_abc123' form is also accepted and normalised to '#aw_abc123'. If omitted, the tool auto-targets the issue, PR, or discussion that triggered this workflow. Auto-targeting only works for issue, pull_request, discussion, and comment event triggers \u2014 it does NOT work for schedule, workflow_dispatch, push, or workflow_run triggers. For those trigger types, always provide item_number explicitly, or the tool call will fail with an error. NOTE: this field is named item_number, NOT issue_number \u2014 issue_number is silently stripped."
         },
         "pr_number": {
           "type": [
@@ -467,7 +467,7 @@
   },
   {
     "name": "submit_pull_request_review",
-    "description": "Submit a pull request review with a status decision. REQUIRED: every call must include either a non-empty body or be preceded by at least one create_pull_request_review_comment call; calling with no body and no prior comments is rejected with ERR_VALIDATION. All preceding create_pull_request_review_comment outputs are automatically attached as inline comments. If this tool is not called, buffered review comments are submitted as a COMMENT review at workflow end. Use COMMENT for non-blocking feedback; use REQUEST_CHANGES only for merge-blocking. Example (inline-only review): call create_pull_request_review_comment one or more times, then call this tool with event: COMMENT and no body.",
+    "description": "Submit a pull request review with a status decision. This tool auto-targets the pull request that triggered the workflow \u2014 do NOT pass pull_request_number (unlike create_pull_request_review_comment and reply_to_pull_request_review_comment, which accept it; this tool will silently strip it). REQUIRED: every call must include either a non-empty body or be preceded by at least one create_pull_request_review_comment call; calling with no body and no prior comments is rejected with ERR_VALIDATION. All preceding create_pull_request_review_comment outputs are automatically attached as inline comments. If this tool is not called, buffered review comments are submitted as a COMMENT review at workflow end. Use COMMENT for non-blocking feedback; use REQUEST_CHANGES only for merge-blocking. Example (inline-only review): call create_pull_request_review_comment one or more times, then call this tool with event: COMMENT and no body.",
     "inputSchema": {
       "type": "object",
       "properties": {
@@ -1835,7 +1835,7 @@
   },
   {
     "name": "create_check_run",
-    "description": "Create a GitHub Check Run to report agent analysis results on a commit or pull request. Check Runs appear in the PR checks UI and on commits with a pass/fail status. Use this to surface structured analysis results as a first-class GitHub check. The check run name is configured in the workflow frontmatter.",
+    "description": "Create a GitHub Check Run to report agent analysis results on a commit or pull request. Check Runs appear in the PR checks UI and on commits with a pass/fail status. Use this to surface structured analysis results as a first-class GitHub check. The check run name is configured in the workflow frontmatter and is NOT accepted as a parameter \u2014 do not pass name, it will be silently stripped.",
     "inputSchema": {
       "type": "object",
       "required": [