Skip to content

Add disclosure-header message for AI authorship disclosure in safe-outputs#44497

Merged
pelikhan merged 22 commits into
mainfrom
copilot/feature-ai-authorship-footer
Jul 10, 2026
Merged

Add disclosure-header message for AI authorship disclosure in safe-outputs#44497
pelikhan merged 22 commits into
mainfrom
copilot/feature-ai-authorship-footer

Conversation

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Every workflow using safe-outputs under a maintainer PAT currently needs to repeat the same AI authorship boilerplate string across all 20+ workflows. This adds a first-class disclosure-header opt-in that prepends a built-in AI authorship notice to every safe-output body (issues, comments, PRs, discussions).

Changes

  • Go (SafeOutputMessagesConfig): New DisclosureHeader string field with yaml:"disclosure-header" / json:"disclosureHeader" tags. Parser handles both bool (true → sentinel "true") and custom string.
  • JS (messages_header.cjs): New getDisclosureHeader() alongside getBodyHeader(). When value is "true", renders the built-in DEFAULT_DISCLOSURE_HEADER; otherwise renders the value as a template.
  • 4 handlers (create_issue, add_comment, create_discussion, create_pull_request): Inject disclosure header after any threat-detection caution and before body-header.
  • JSON schema (main_workflow_schema.json): disclosure-header as oneOf: [boolean, string] with explicit ordering docs.

Usage

safe-outputs:
  messages:
    disclosure-header: true   # built-in default
    # or
    disclosure-header: "> 🤖 Custom notice by [{workflow_name}]({run_url})."

Default text:

🤖 Automated content — generated by the Workflow workflow. The account owner did not write or review this content personally.

Body ordering (top → bottom): threat-detection caution → disclosure-headerbody-header → agent content → footer.


Generated by 👨‍🍳 PR Sous Chef · 10.4 AIC · ⌖ 5.15 AIC · ⊞ 7.1K ·
Comment /souschef to run again


Generated by 👨‍🍳 PR Sous Chef · 8.9 AIC · ⌖ 5.99 AIC · ⊞ 4.7K ·
Comment /souschef to run again


Generated by 👨‍🍳 PR Sous Chef · 6.57 AIC · ⌖ 6.74 AIC · ⊞ 7.1K ·
Comment /souschef to run again


Generated by 👨‍🍳 PR Sous Chef · 4.36 AIC · ⌖ 7.98 AIC · ⊞ 4.7K ·
Comment /souschef to run again


Generated by 👨‍🍳 PR Sous Chef · 7.94 AIC · ⌖ 6.73 AIC · ⊞ 7.1K ·
Comment /souschef to run again


Generated by 👨‍🍳 PR Sous Chef · 9.71 AIC · ⌖ 6.72 AIC · ⊞ 7.1K ·
Comment /souschef to run again


Generated by 👨‍🍳 PR Sous Chef · 12.5 AIC · ⌖ 6.14 AIC · ⊞ 7.1K ·
Comment /souschef to run again

Copilot AI and others added 2 commits July 9, 2026 05:56
Adds a new `disclosure-header` configuration option to `safe-outputs.messages`
that prepends an AI authorship disclosure to every message body (issues,
comments, pull requests, discussions).

- Set `disclosure-header: true` to use the built-in default text:
  "> 🤖 **Automated content** — generated by the [{workflow_name}]({run_url})
   workflow. The account owner did **not** write or review this content personally."
- Set `disclosure-header: "<template>"` to use a custom template string
- Supports `{workflow_name}` and `{run_url}` placeholders

The disclosure header is inserted after any threat-detection caution alert and
before any `body-header` and the main body content.

Closes #38566

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add built-in AI-authorship disclosure footer for safe-outputs Add disclosure-header message for AI authorship disclosure in safe-outputs Jul 9, 2026
Copilot AI requested a review from pelikhan July 9, 2026 05:59
@pelikhan pelikhan marked this pull request as ready for review July 9, 2026 10:56
Copilot AI review requested due to automatic review settings July 9, 2026 10:56
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🔍 Design Decision Gate 🏗️ is checking for design decision records on this pull request...

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot couldn't run its full agentic review because no GitHub Actions runner was available. Make sure your repository has a runner available to run Copilot's review, or add a copilot-setup-steps.yml file specifying one with the runs-on attribute. See the docs for more details.

Adds an opt-in disclosure-header safe-outputs message that prepends an AI authorship notice (default or custom template) to generated issue/comment/PR/discussion bodies, reducing boilerplate across workflows.

Changes:

  • Extend Go safe-outputs messages config to parse/serialize disclosure-header (bool → sentinel "true" or custom string).
  • Add JavaScript getDisclosureHeader() + default built-in disclosure text, and re-export via messages.cjs.
  • Inject disclosure header into multiple handlers and document the new option in the workflow JSON schema; add unit tests (Go + JS).
Show a summary per file
File Description
pkg/workflow/safe_outputs_messages_test.go Adds Go tests for parsing + JSON serialization of disclosure-header.
pkg/workflow/safe_outputs_messages_config.go Implements Go parsing for disclosure-header (bool/string).
pkg/workflow/safe_outputs_config_types.go Adds DisclosureHeader field + tags to messages config type.
pkg/parser/schemas/main_workflow_schema.json Documents + validates disclosure-header in schema via oneOf boolean/string.
actions/setup/js/messages_header.test.cjs Adds JS tests for getDisclosureHeader() + default template constant.
actions/setup/js/messages_header.cjs Implements DEFAULT_DISCLOSURE_HEADER + getDisclosureHeader().
actions/setup/js/messages.cjs Re-exports getDisclosureHeader.
actions/setup/js/create_pull_request.cjs Injects disclosure header into PR body assembly.
actions/setup/js/create_issue.cjs Injects disclosure header into issue body assembly.
actions/setup/js/create_discussion.cjs Injects disclosure header into discussion body assembly.
actions/setup/js/add_comment.cjs Injects disclosure header into comment prefix assembly.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 11/11 changed files
  • Comments generated: 5
  • Review effort level: Low

Comment thread actions/setup/js/messages_header.test.cjs
Comment thread actions/setup/js/messages_header.cjs
Comment thread actions/setup/js/create_issue.cjs Outdated
Comment thread pkg/parser/schemas/main_workflow_schema.json
Comment thread pkg/workflow/safe_outputs_messages_config.go
@pelikhan

pelikhan commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

/matt

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🧠 Matt Pocock Skills Reviewer failed during the skills-based review.

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address unresolved review feedback, and rerun checks once the branch update settles.

Unresolved review feedback to address first:

  • copilot-pull-request-reviewer review feedback remains open.

Run: https://github.com/github/gh-aw/actions/runs/29016118662

Generated by 👨‍🍳 PR Sous Chef · 10.4 AIC · ⌖ 5.15 AIC · ⊞ 7.1K ·
Comment /souschef to run again

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill, address unresolved review feedback, and rerun checks once the branch update settles.

Unresolved review feedback to address first:...

Addressed the unresolved review feedback in commit 259ec46 (type-safe disclosureHeader handling, sentinel constants, schema false behavior docs, and header-ordering comment clarifications), then reran local checks (make fmt, make lint, make test-unit, make test, make recompile) and parallel validation.

Copilot AI commented Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

@copilot remove source tree path - no fallback

Done in 834f6ab: removed the source-tree path fallback for safe_outputs_disclosure_header.md. The default disclosure header now resolves only via prompt runtime path resolution, with no source fallback.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Comment thread actions/setup/js/messages_header.cjs Outdated
* @returns {string}
*/
function getDefaultDisclosureHeaderTemplate() {
try {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot

  • remove try/catch, getPromptPath never fails
  • remove core check guard, it is guaranteeded to exist

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in 4f3d09c: removed the try/catch and the core.warning guard in getDefaultDisclosureHeaderTemplate(). It now follows the same direct getPromptPath(...) + readFileSync(...) resolution pattern used by other templates.

@pelikhan pelikhan left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan

Copy link
Copy Markdown
Collaborator

@copilot use renderTemplateFile helper, see other place where templates are rendered

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

@copilot use renderTemplateFile helper, see other place where templates are rendered

Updated in 36ff9e0: actions/setup/js/messages_header.cjs now uses the shared renderTemplateFromFile(getPromptPath(...), {}) helper for the default disclosure template path, matching the existing template rendering pattern used elsewhere.

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

pr-sous-chef
@copilot please run the pr-finisher skill, make sure the latest maintainer feedback is fully addressed, and rerun checks once the branch is up to date.

Run: https://github.com/github/gh-aw/actions/runs/29072075004

Generated by 👨‍🍳 PR Sous Chef · 10.3 AIC · ⌖ 7.41 AIC · ⊞ 7.1K ·
Comment /souschef to run again

…thorship-footer

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

pr-sous-chef
@copilot please run the pr-finisher skill, make sure the latest maintainer feedback is fully addressed, and rerun checks once the branch is up to date.
...

Completed in 7850dbc3aa.

  • Branch is up to date with origin/main (merged latest main).
  • Latest maintainer feedback on this PR is fully addressed (including the renderTemplateFromFile update already on head).
  • Re-ran checks: make fmt, make lint, make test-unit, make test, make recompile — all passed.
  • Reviewed run 29072075004: completed success with 0 failed jobs.

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@pelikhan pelikhan merged commit fcb847d into main Jul 10, 2026
30 of 34 checks passed
@pelikhan pelikhan deleted the copilot/feature-ai-authorship-footer branch July 10, 2026 07:14
Copilot stopped work on behalf of gh-aw-bot due to an error July 10, 2026 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Feature: built-in AI-authorship disclosure footer for safe-outputs (or shared snippet support)

4 participants