Move mention filtering from incoming text to agent output collector and modularize sanitization

pkg/workflow/js.go

@@ -279,6 +279,15 @@ var safeOutputsToolsLoaderScript string
 //go:embed js/safe_outputs_bootstrap.cjs
 var safeOutputsBootstrapScript string
 
+//go:embed js/resolve_mentions_from_payload.cjs
+var resolveMentionsFromPayloadScript string
+
+//go:embed js/sanitize_incoming_text.cjs
+var sanitizeIncomingTextScript string
+
+//go:embed js/sanitize_content_core.cjs
+var sanitizeContentCoreScript string
+
 // GetJavaScriptSources returns a map of all embedded JavaScript sources
 // The keys are the relative paths from the js directory
 func GetJavaScriptSources() map[string]string {
@@ -344,6 +353,9 @@ func GetJavaScriptSources() map[string]string {
 		"safe_outputs_tools.json":           safeOutputsToolsJSON,
 		"safe_outputs_bootstrap.cjs":        safeOutputsBootstrapScript,
 		"safe_outputs_mcp_server.cjs":       safeOutputsMCPServerScriptSource,
+		"resolve_mentions_from_payload.cjs": resolveMentionsFromPayloadScript,
+		"sanitize_incoming_text.cjs":        sanitizeIncomingTextScript,
+		"sanitize_content_core.cjs":         sanitizeContentCoreScript,
 		"add_copilot_reviewer.cjs":          addCopilotReviewerScriptSource,
 		"add_reaction_and_edit_comment.cjs": addReactionAndEditCommentScriptSource,
 		"assign_issue.cjs":                  assignIssueScriptSource,

pkg/workflow/js/collect_ndjson_output.cjs

@@ -12,6 +12,11 @@ async function main() {
     MAX_BODY_LENGTH: maxBodyLength,
     resetValidationConfigCache,
   } = require("./safe_output_type_validator.cjs");
+  const { resolveAllowedMentionsFromPayload } = require("./resolve_mentions_from_payload.cjs");
+
+  // Resolve allowed mentions for the output collector
+  // This determines which @mentions are allowed in the agent output
+  const allowedMentions = await resolveAllowedMentionsFromPayload(context, github, core);
 
   // Load validation config from file and set it in environment for the validator to read
   const validationConfigPath = process.env.GH_AW_VALIDATION_CONFIG_PATH || "/tmp/gh-aw/safeoutputs/validation.json";
@@ -87,7 +92,7 @@ async function main() {
             error: `Line ${lineNum}: ${fieldName} must be a string`,
           };
         }
-        normalizedValue = sanitizeContent(value);
+        normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions });
         break;
       case "boolean":
         if (typeof value !== "boolean") {
@@ -118,11 +123,11 @@ async function main() {
             error: `Line ${lineNum}: ${fieldName} must be one of: ${inputSchema.options.join(", ")}`,
           };
         }
-        normalizedValue = sanitizeContent(value);
+        normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions });
         break;
       default:
         if (typeof value === "string") {
-          normalizedValue = sanitizeContent(value);
+          normalizedValue = sanitizeContent(value, { allowedAliases: allowedMentions });
         }
         break;
     }
@@ -263,7 +268,7 @@ async function main() {
 
       // Use the validation engine to validate the item
       if (hasValidationConfig(itemType)) {
-        const validationResult = validateItem(item, itemType, i + 1);
+        const validationResult = validateItem(item, itemType, i + 1, { allowedAliases: allowedMentions });
         if (!validationResult.isValid) {
           if (validationResult.error) {
             errors.push(validationResult.error);

pkg/workflow/js/collect_ndjson_output.test.cjs

@@ -66,6 +66,28 @@ describe("collect_ndjson_output.cjs", () => {
     };
     global.core = mockCore;
 
+    // Mock context and github for the helper function
+    global.context = {
+      eventName: "issues",
+      actor: "test-actor",
+      repo: {
+        owner: "test-owner",
+        repo: "test-repo",
+      },
+      payload: {},
+    };
+
+    global.github = {
+      rest: {
+        repos: {
+          listCollaborators: vi.fn().mockResolvedValue({ data: [] }),
+        },
+        users: {
+          getByUsername: vi.fn(),
+        },
+      },
+    };
+
     // Read the script file
     const scriptPath = path.join(__dirname, "collect_ndjson_output.cjs");
     collectScript = fs.readFileSync(scriptPath, "utf8");

pkg/workflow/js/compute_text.cjs

@@ -6,8 +6,8 @@
  * @param {string} content - The content to sanitize
  * @returns {string} The sanitized content
  */
-const { sanitizeContent, writeRedactedDomainsLog } = require("./sanitize_content.cjs");
-const { isPayloadUserBot, resolveMentionsLazily } = require("./resolve_mentions.cjs");
+const { sanitizeIncomingText, writeRedactedDomainsLog } = require("./sanitize_incoming_text.cjs");
+const { isPayloadUserBot } = require("./resolve_mentions.cjs");
 
 async function main() {
   let text = "";
@@ -267,23 +267,10 @@ async function main() {
       break;
   }
 
-  // Resolve mentions lazily using the new helper
-  const mentionResult = await resolveMentionsLazily(text, knownAuthors, owner, repo, github, core);
-
-  // Log known authors for debugging
-  if (knownAuthors.length > 0) {
-    core.info(`Known authors (from payload): ${knownAuthors.join(", ")}`);
-  }
-
-  // Log allowed mentions for documentation
-  if (mentionResult.allowedMentions.length > 0) {
-    core.info(`Allowed mentions (will not be escaped): ${mentionResult.allowedMentions.join(", ")}`);
-  } else {
-    core.info("No allowed mentions configured - all mentions will be escaped");
-  }
-
-  // Sanitize the text before output, passing the known authors
-  const sanitizedText = sanitizeContent(text, { allowedAliases: mentionResult.allowedMentions });
+  // Sanitize the text before output using slimmed-down sanitizer
+  // Note: Mention filtering is NOT applied here - all mentions are escaped
+  // Mention filtering will be applied by the agent output collector
+  const sanitizedText = sanitizeIncomingText(text);
 
   // Display sanitized text in logs
   core.info(`text: ${sanitizedText}`);