[Safe Outputs] Add max limit enforcement to 7 core handlers (SEC-003)

[Copilot]

• Review safe outputs specification and conformance checker
• Analyze 7 core handlers for max limit enforcement needs
• Implement max limits for create_issue.cjs (labels, assignees)
• Implement max limits for create_discussion.cjs (labels)
• Implement max limits for create_pull_request.cjs (files)
• Implement max limits for update_issue.cjs (labels, assignees)
• Implement max limits for update_discussion.cjs (no arrays)
• Implement max limits for add_labels.cjs (explicit E003 enforcement)
• Implement max limits for assign_issue.cjs (single assignee per call)
• Add tests for max limit enforcement
• Run conformance checker to verify fixes
• Run make agent-finish before completion
• Refactor to use reusable limit enforcement helpers

Summary: All 7 core handlers now enforce max limits with E003 errors per SEC-003 specification using reusable helpers. Conformance check passes for all target handlers.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Safe Outputs Conformance] SEC-003: Core safe output handlers missing max limit enforcement</issue_title>
<issue_description>### Conformance Check Failure

Check ID: SEC-003
Severity: MEDIUM
Category: Security
Date: 2026-02-14
Run ID: §22025666977

Problem Description

The conformance checker identified that several core safe output handlers do not enforce maximum limits on array/collection parameters. This violates the Safe Outputs specification requirement that handlers must enforce configured maximum limits to prevent resource exhaustion and abuse.

Impact: Without max limit enforcement:

• Agents could create excessive issues, labels, or assignments in a single operation
• Potential for resource exhaustion attacks
• Difficult to control agent behavior and costs
• Risk of accidental or malicious spam

Affected Core Handlers

The following critical safe output handlers lack max limit enforcement:

• create_issue.cjs - Could create unlimited sub-issues
• create_discussion.cjs - No limit on batch operations
• create_pull_request.cjs - No validation on file counts
• update_issue.cjs - No limits on updates
• update_discussion.cjs - No limits on updates
• add_labels.cjs - Could add unlimited labels
• assign_issue.cjs - Could assign to unlimited users

Note: 185 total handlers were flagged, but these 7 core handlers are the highest priority for remediation.

Current Behavior

These handlers accept array parameters (e.g., labels, assignees) or support batch operations without validating against configured maximum limits. Operations proceed regardless of size.

Expected Behavior

Per the Safe Outputs specification, all handlers MUST:

1. Define maximum limits for collection/array parameters in their configuration
2. Validate input lengths against these limits before processing
3. Reject operations exceeding limits with clear error messages (E003: limit exceeded)
4. Document the limits in their MCP tool schema

Remediation Steps

For each affected handler:

1. Define max limits in handler configuration:

   const MAX_LABELS = 10;
   const MAX_ASSIGNEES = 5;
   const MAX_ISSUES = 10;

2. Add validation before API calls:

   if (labels && labels.length > MAX_LABELS) {
     throw new Error(`E003: Cannot add more than ${MAX_LABELS} labels (received ${labels.length})`);
   }

3. Update MCP schemas to document limits in tool definitions

4. Add tests to verify limit enforcement

Verification

After remediation, verify the fix by running:

bash scripts/check-safe-outputs-conformance.sh

The check SEC-003 should pass for the remediated handlers.

References

• Safe Outputs Specification: docs/src/content/docs/reference/safe-outputs-specification.md (Section: "Security Requirements")
• Conformance Checker: scripts/check-safe-outputs-conformance.sh
• Related: 185 total handlers need limit enforcement (this issue focuses on 7 core handlers)

Generated by Daily Safe Outputs Conformance Checker

• expires on Feb 15, 2026, 11:01 PM UTC

Comments on the Issue (you are @copilot in this section)

• Fixes [Safe Outputs Conformance] SEC-003: Core safe output handlers missing max limit enforcement #15804

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[pelikhan]

@copilot create functional helper to check limits.

Use helper to extract exception limits

[pelikhan]

@copilot use getErrorMessage

[Copilot]

Replaced manual error message extraction (error instanceof Error ? error.message : String(error)) with getErrorMessage() helper across all handlers.

Commit: 6bacee9

[Copilot]

@copilot create functional helper to check limits.

Use helper to extract exception limits

Created reusable helper in limit_enforcement_helpers.cjs with tryEnforceArrayLimit() function that:

• Validates array limits and returns result objects
• Uses getErrorMessage() for consistent error extraction
• Applied across all 5 handlers with array parameters

Commit: 6bacee9

[pelikhan]

@copilot add tests