close-pull-request safe-output not registered as tool — missing from config.json despite being in handler config
Summary
The close-pull-request safe-output is configured in workflow frontmatter and correctly compiled into the lock file's GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG env var, but it is NOT written to /opt/gh-aw/safeoutputs/config.json. The safe-outputs MCP server reads config.json to determine which tools to register, finds close_pull_request missing, and skips it:
[safeoutputs] Skipping tool close_pull_request - not enabled in config (tool has 3 properties: description, inputSchema, name)
The agent cannot close PRs even though the frontmatter explicitly configures it.
Repro
-
Add close-pull-request to a workflow's safe-outputs frontmatter:
safe-outputs:
close-pull-request:
max: 3
target: "*"
required-title-prefix: "[my-prefix]"
github-token: ${{ secrets.MY_TOKEN }}
-
Compile with gh aw compile (v0.58.0)
-
Verify the compiled lock file — close_pull_request appears in:
- The tool list comment:
Tools: add_comment, create_pull_request, close_pull_request, ...
- The
GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG env var JSON
- The tool schema definitions
-
Dispatch the workflow
-
Check safeoutputs/server.log:
Successfully parsed config from file with 6 configuration keys
Final processed config: {"add_comment":...,"create_pull_request":...,"dispatch_workflow":...,"missing_data":{},"missing_tool":{}}
Skipping tool close_pull_request - not enabled in config
close_pull_request is absent from config.json despite being in the handler config.
Root Cause
The compiled lock file has two separate config paths:
GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG — contains close_pull_request ✅/opt/gh-aw/safeoutputs/config.json (written by the "Write Safe Outputs Config" step) — does NOT contain close_pull_request ❌
The MCP server uses config.json to decide which tools to register. Since close_pull_request is missing there, the tool is never exposed to the agent.
Impact
The agent sees close_pull_request listed in the prompt's tool list but cannot call it. The agent reports it via missing_tool.
Environment
close-pull-requestsafe-output not registered as tool — missing fromconfig.jsondespite being in handler configSummary
The
close-pull-requestsafe-output is configured in workflow frontmatter and correctly compiled into the lock file'sGH_AW_SAFE_OUTPUTS_HANDLER_CONFIGenv var, but it is NOT written to/opt/gh-aw/safeoutputs/config.json. The safe-outputs MCP server readsconfig.jsonto determine which tools to register, findsclose_pull_requestmissing, and skips it:The agent cannot close PRs even though the frontmatter explicitly configures it.
Repro
Add
close-pull-requestto a workflow's safe-outputs frontmatter:Compile with
gh aw compile(v0.58.0)Verify the compiled lock file —
close_pull_requestappears in:Tools: add_comment, create_pull_request, close_pull_request, ...GH_AW_SAFE_OUTPUTS_HANDLER_CONFIGenv var JSONDispatch the workflow
Check
safeoutputs/server.log:close_pull_requestis absent fromconfig.jsondespite being in the handler config.Root Cause
The compiled lock file has two separate config paths:
GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG— containsclose_pull_request✅/opt/gh-aw/safeoutputs/config.json(written by the "Write Safe Outputs Config" step) — does NOT containclose_pull_request❌The MCP server uses
config.jsonto decide which tools to register. Sinceclose_pull_requestis missing there, the tool is never exposed to the agent.Impact
The agent sees
close_pull_requestlisted in the prompt's tool list but cannot call it. The agent reports it viamissing_tool.Environment