Fix missing cross-repo and auth properties in safe output schemas

.github/smoke-test-claude-22526414043.md

@@ -0,0 +1,3 @@
+# Smoke Test File
+
+Created by smoke test run 22526414043 for Claude engine validation.

actions/setup/js/add_comment.cjs

@@ -13,6 +13,7 @@ const { getErrorMessage } = require("./error_helpers.cjs");
 const { parseBoolTemplatable } = require("./templatable.cjs");
 const { resolveTarget } = require("./safe_output_helpers.cjs");
 const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs");
+const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs");
 const { getMissingInfoSections } = require("./missing_messages_helper.cjs");
 const { getMessages } = require("./messages_core.cjs");
 const { sanitizeContent } = require("./sanitize_content.cjs");
@@ -302,6 +303,10 @@ async function main(config = {}) {
   const maxCount = config.max || 20;
   const { defaultTargetRepo, allowedRepos } = resolveTargetRepoConfig(config);
 
+  // Create an authenticated GitHub client. Uses config["github-token"] when set
+  // (for cross-repository operations), otherwise falls back to the step-level github.
+  const authClient = await createAuthenticatedGitHubClient(config);
+
   // Check if we're in staged mode
   const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true";
 
@@ -453,7 +458,7 @@ async function main(config = {}) {
       if (item.item_number !== undefined && item.item_number !== null) {
         // Explicit item_number: fetch the issue/PR to get its author
         try {
-          const { data: issueData } = await github.rest.issues.get({
+          const { data: issueData } = await authClient.rest.issues.get({
             owner: repoParts.owner,
             repo: repoParts.repo,
             issue_number: itemNumber,
@@ -556,7 +561,7 @@ async function main(config = {}) {
       // Hide older comments if enabled AND append-only-comments is not enabled
       // When append-only-comments is true, we want to keep all comments visible
       if (hideOlderCommentsEnabled && !appendOnlyComments && workflowId) {
-        await hideOlderComments(github, repoParts.owner, repoParts.repo, itemNumber, workflowId, isDiscussion);
+        await hideOlderComments(authClient, repoParts.owner, repoParts.repo, itemNumber, workflowId, isDiscussion);
       } else if (hideOlderCommentsEnabled && appendOnlyComments) {
         core.info("Skipping hide-older-comments because append-only-comments is enabled");
       }
@@ -574,7 +579,7 @@ async function main(config = {}) {
             }
           }
         `;
-        const queryResult = await github.graphql(discussionQuery, {
+        const queryResult = await authClient.graphql(discussionQuery, {
           owner: repoParts.owner,
           repo: repoParts.repo,
           number: itemNumber,
@@ -585,10 +590,10 @@ async function main(config = {}) {
           throw new Error(`${ERR_NOT_FOUND}: Discussion #${itemNumber} not found in ${itemRepo}`);
         }
 
-        comment = await commentOnDiscussion(github, repoParts.owner, repoParts.repo, itemNumber, processedBody, null);
+        comment = await commentOnDiscussion(authClient, repoParts.owner, repoParts.repo, itemNumber, processedBody, null);
       } else {
         // Use REST API for issues/PRs
-        const { data } = await github.rest.issues.createComment({
+        const { data } = await authClient.rest.issues.createComment({
           owner: repoParts.owner,
           repo: repoParts.repo,
           issue_number: itemNumber,
@@ -644,7 +649,7 @@ async function main(config = {}) {
               }
             }
           `;
-          const queryResult = await github.graphql(discussionQuery, {
+          const queryResult = await authClient.graphql(discussionQuery, {
             owner: repoParts.owner,
             repo: repoParts.repo,
             number: itemNumber,
@@ -656,7 +661,7 @@ async function main(config = {}) {
           }
 
           core.info(`Found discussion #${itemNumber}, adding comment...`);
-          const comment = await commentOnDiscussion(github, repoParts.owner, repoParts.repo, itemNumber, processedBody, null);
+          const comment = await commentOnDiscussion(authClient, repoParts.owner, repoParts.repo, itemNumber, processedBody, null);
 
           core.info(`Created comment on discussion: ${comment.html_url}`);
 

actions/setup/js/add_labels.cjs

@@ -13,6 +13,7 @@ const { getErrorMessage } = require("./error_helpers.cjs");
 const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs");
 const { tryEnforceArrayLimit } = require("./limit_enforcement_helpers.cjs");
 const { logStagedPreviewInfo } = require("./staged_preview.cjs");
+const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs");
 
 /**
  * Maximum limits for label parameters to prevent resource exhaustion.
@@ -32,6 +33,7 @@ async function main(config = {}) {
   const blockedPatterns = config.blocked || [];
   const maxCount = config.max || 10;
   const { defaultTargetRepo, allowedRepos } = resolveTargetRepoConfig(config);
+  const authClient = await createAuthenticatedGitHubClient(config);
 
   // Check if we're in staged mode
   const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true";
@@ -161,7 +163,7 @@ async function main(config = {}) {
     }
 
     try {
-      await github.rest.issues.addLabels({
+      await authClient.rest.issues.addLabels({
         owner: repoParts.owner,
         repo: repoParts.repo,
         issue_number: itemNumber,

actions/setup/js/add_reviewer.cjs

@@ -9,6 +9,7 @@ const { processItems } = require("./safe_output_processor.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { getPullRequestNumber } = require("./pr_helpers.cjs");
 const { logStagedPreviewInfo } = require("./staged_preview.cjs");
+const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs");
 
 // GitHub Copilot reviewer bot username
 const COPILOT_REVIEWER_BOT = "copilot-pull-request-reviewer[bot]";
@@ -25,6 +26,7 @@ async function main(config = {}) {
   // Extract configuration
   const allowedReviewers = config.allowed || [];
   const maxCount = config.max || 10;
+  const authClient = await createAuthenticatedGitHubClient(config);
 
   // Check if we're in staged mode
   const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true";
@@ -106,7 +108,7 @@ async function main(config = {}) {
 
       // Add non-copilot reviewers first
       if (otherReviewers.length > 0) {
-        await github.rest.pulls.requestReviewers({
+        await authClient.rest.pulls.requestReviewers({
           owner: context.repo.owner,
           repo: context.repo.repo,
           pull_number: prNumber,
@@ -118,7 +120,7 @@ async function main(config = {}) {
       // Add copilot reviewer separately if requested
       if (hasCopilot) {
         try {
-          await github.rest.pulls.requestReviewers({
+          await authClient.rest.pulls.requestReviewers({
             owner: context.repo.owner,
             repo: context.repo.repo,
             pull_number: prNumber,

actions/setup/js/assign_milestone.cjs

@@ -7,6 +7,7 @@
 
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { logStagedPreviewInfo } = require("./staged_preview.cjs");
+const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs");
 
 /** @type {string} Safe output type handled by this module */
 const HANDLER_TYPE = "assign_milestone";
@@ -20,6 +21,7 @@ async function main(config = {}) {
   // Extract configuration
   const allowedMilestones = config.allowed || [];
   const maxCount = config.max || 10;
+  const authClient = await createAuthenticatedGitHubClient(config);
 
   // Check if we're in staged mode
   const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true";
@@ -77,7 +79,7 @@ async function main(config = {}) {
     // Fetch milestones if needed and not already cached
     if (allowedMilestones.length > 0 && allMilestones === null) {
       try {
-        const milestonesResponse = await github.rest.issues.listMilestones({
+        const milestonesResponse = await authClient.rest.issues.listMilestones({
           owner: context.repo.owner,
           repo: context.repo.repo,
           state: "all",
@@ -133,7 +135,7 @@ async function main(config = {}) {
         };
       }
 
-      await github.rest.issues.update({
+      await authClient.rest.issues.update({
         owner: context.repo.owner,
         repo: context.repo.repo,
         issue_number: issueNumber,

actions/setup/js/assign_to_user.cjs

@@ -11,6 +11,7 @@ const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_help
 const { resolveIssueNumber, extractAssignees } = require("./safe_output_helpers.cjs");
 const { logStagedPreviewInfo } = require("./staged_preview.cjs");
 const { parseBoolTemplatable } = require("./templatable.cjs");
+const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs");
 
 /** @type {string} Safe output type handled by this module */
 const HANDLER_TYPE = "assign_to_user";
@@ -27,6 +28,7 @@ async function main(config = {}) {
   const maxCount = config.max || 10;
   const unassignFirst = parseBoolTemplatable(config.unassign_first, false);
   const { defaultTargetRepo, allowedRepos } = resolveTargetRepoConfig(config);
+  const authClient = await createAuthenticatedGitHubClient(config);
 
   // Check if we're in staged mode
   const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true";
@@ -131,7 +133,7 @@ async function main(config = {}) {
       // If unassign_first is enabled, get current assignees and remove them first
       if (unassignFirst) {
         core.info(`Fetching current assignees for issue #${issueNumber} to unassign them first`);
-        const issue = await github.rest.issues.get({
+        const issue = await authClient.rest.issues.get({
           owner: repoParts.owner,
           repo: repoParts.repo,
           issue_number: issueNumber,
@@ -140,7 +142,7 @@ async function main(config = {}) {
         const currentAssignees = issue.data.assignees?.map(a => a.login) || [];
         if (currentAssignees.length > 0) {
           core.info(`Unassigning ${currentAssignees.length} current assignee(s): ${JSON.stringify(currentAssignees)}`);
-          await github.rest.issues.removeAssignees({
+          await authClient.rest.issues.removeAssignees({
             owner: repoParts.owner,
             repo: repoParts.repo,
             issue_number: issueNumber,
@@ -153,7 +155,7 @@ async function main(config = {}) {
       }
 
       // Add assignees to the issue
-      await github.rest.issues.addAssignees({
+      await authClient.rest.issues.addAssignees({
         owner: repoParts.owner,
         repo: repoParts.repo,
         issue_number: issueNumber,

actions/setup/js/close_discussion.cjs

@@ -8,6 +8,7 @@
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { sanitizeContent } = require("./sanitize_content.cjs");
 const { logStagedPreviewInfo } = require("./staged_preview.cjs");
+const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs");
 const { ERR_NOT_FOUND } = require("./error_codes.cjs");
 
 /**
@@ -159,6 +160,7 @@ async function main(config = {}) {
   const requiredLabels = config.required_labels || [];
   const requiredTitlePrefix = config.required_title_prefix || "";
   const maxCount = config.max || 10;
+  const authClient = await createAuthenticatedGitHubClient(config);
 
   // Check if we're in staged mode
   const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true";
@@ -218,7 +220,7 @@ async function main(config = {}) {
 
     try {
       // Fetch discussion details
-      const discussion = await getDiscussionDetails(github, context.repo.owner, context.repo.repo, discussionNumber);
+      const discussion = await getDiscussionDetails(authClient, context.repo.owner, context.repo.repo, discussionNumber);
 
       // Validate required labels if configured
       if (requiredLabels.length > 0) {
@@ -266,7 +268,7 @@ async function main(config = {}) {
       let commentUrl;
       if (item.body) {
         const sanitizedBody = sanitizeContent(item.body);
-        const comment = await addDiscussionComment(github, discussion.id, sanitizedBody);
+        const comment = await addDiscussionComment(authClient, discussion.id, sanitizedBody);
         core.info(`Added comment to discussion #${discussionNumber}: ${comment.url}`);
         commentUrl = comment.url;
       }
@@ -277,7 +279,7 @@ async function main(config = {}) {
       } else {
         const reason = item.reason || undefined;
         core.info(`Closing discussion #${discussionNumber} with reason: ${reason || "none"}`);
-        const closedDiscussion = await closeDiscussion(github, discussion.id, reason);
+        const closedDiscussion = await closeDiscussion(authClient, discussion.id, reason);
         core.info(`Closed discussion #${discussionNumber}: ${closedDiscussion.url}`);
       }
 

actions/setup/js/close_issue.cjs

@@ -9,6 +9,7 @@ const { getErrorMessage } = require("./error_helpers.cjs");
 const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs");
 const { sanitizeContent } = require("./sanitize_content.cjs");
 const { logStagedPreviewInfo } = require("./staged_preview.cjs");
+const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs");
 const { ERR_NOT_FOUND } = require("./error_codes.cjs");
 
 /**
@@ -87,6 +88,7 @@ async function main(config = {}) {
   const comment = config.comment || "";
   const configStateReason = config.state_reason || "COMPLETED";
   const { defaultTargetRepo, allowedRepos } = resolveTargetRepoConfig(config);
+  const authClient = await createAuthenticatedGitHubClient(config);
 
   // Check if we're in staged mode
   const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true";
@@ -200,7 +202,7 @@ async function main(config = {}) {
     try {
       // Fetch issue details
       core.info(`Fetching issue details for #${issueNumber} in ${repoParts.owner}/${repoParts.repo}`);
-      const issue = await getIssueDetails(github, repoParts.owner, repoParts.repo, issueNumber);
+      const issue = await getIssueDetails(authClient, repoParts.owner, repoParts.repo, issueNumber);
       core.info(`Issue #${issueNumber} fetched: state=${issue.state}, title="${issue.title}", labels=[${issue.labels.map(l => l.name || l).join(", ")}]`);
 
       // Check if already closed - but still add comment
@@ -252,7 +254,7 @@ async function main(config = {}) {
 
       // Add comment with the body from the message
       core.info(`Adding comment to issue #${issueNumber}: length=${commentToPost.length}`);
-      const commentResult = await addIssueComment(github, repoParts.owner, repoParts.repo, issueNumber, commentToPost);
+      const commentResult = await addIssueComment(authClient, repoParts.owner, repoParts.repo, issueNumber, commentToPost);
       core.info(`✓ Comment posted to issue #${issueNumber}: ${commentResult.html_url}`);
       core.info(`Comment details: id=${commentResult.id}, body_length=${commentToPost.length}`);
 
@@ -265,7 +267,7 @@ async function main(config = {}) {
         // Use item-level state_reason if provided, otherwise fall back to config-level default
         const stateReason = item.state_reason || configStateReason;
         core.info(`Closing issue #${issueNumber} in ${itemRepo} with state_reason=${stateReason}`);
-        closedIssue = await closeIssue(github, repoParts.owner, repoParts.repo, issueNumber, stateReason);
+        closedIssue = await closeIssue(authClient, repoParts.owner, repoParts.repo, issueNumber, stateReason);
         core.info(`✓ Issue #${issueNumber} closed successfully: ${closedIssue.html_url}`);
       }
 

actions/setup/js/close_pull_request.cjs

@@ -6,6 +6,7 @@ const { getTrackerID } = require("./get_tracker_id.cjs");
 const { generateFooterWithMessages } = require("./messages_footer.cjs");
 const { sanitizeContent } = require("./sanitize_content.cjs");
 const { logStagedPreviewInfo } = require("./staged_preview.cjs");
+const { createAuthenticatedGitHubClient } = require("./handler_auth.cjs");
 const { ERR_NOT_FOUND } = require("./error_codes.cjs");
 
 /**
@@ -85,6 +86,7 @@ async function main(config = {}) {
   const requiredTitlePrefix = config.required_title_prefix || "";
   const maxCount = config.max || 10;
   const comment = config.comment || "";
+  const authClient = await createAuthenticatedGitHubClient(config);
 
   // Check if we're in staged mode
   const isStaged = process.env.GH_AW_SAFE_OUTPUTS_STAGED === "true";
@@ -185,7 +187,7 @@ async function main(config = {}) {
     let pr;
     try {
       core.info(`Fetching PR details for #${prNumber} in ${owner}/${repo}`);
-      pr = await getPullRequestDetails(github, owner, repo, prNumber);
+      pr = await getPullRequestDetails(authClient, owner, repo, prNumber);
       core.info(`PR #${prNumber} fetched: state=${pr.state}, title="${pr.title}", labels=[${pr.labels.map(l => l.name || l).join(", ")}]`);
     } catch (error) {
       const errorMsg = getErrorMessage(error);
@@ -247,7 +249,7 @@ async function main(config = {}) {
       const triggeringIssueNumber = context.payload?.issue?.number;
       const commentBody = buildCommentBody(commentToPost, triggeringIssueNumber, triggeringPRNumber);
       core.info(`Adding comment to PR #${prNumber}: length=${commentBody.length}`);
-      await addPullRequestComment(github, owner, repo, prNumber, commentBody);
+      await addPullRequestComment(authClient, owner, repo, prNumber, commentBody);
       commentPosted = true;
       core.info(`✓ Comment posted to PR #${prNumber}`);
       core.info(`Comment details: body_length=${commentBody.length}`);
@@ -273,7 +275,7 @@ async function main(config = {}) {
     } else {
       try {
         core.info(`Closing PR #${prNumber}`);
-        closedPR = await closePullRequest(github, owner, repo, prNumber);
+        closedPR = await closePullRequest(authClient, owner, repo, prNumber);
         core.info(`✓ PR #${prNumber} closed successfully: ${closedPR.title}`);
       } catch (error) {
         const errorMsg = getErrorMessage(error);