Enforce non-empty dispatch_workflow names across safe-output schema and MCP registration (#40315)

* Plan dispatch workflow name validation fix

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

* Enforce non-empty dispatch workflow names in schema and MCP handlers

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: Peli de Halleux <pelikhan@users.noreply.github.com>

Author: Copilot

.github/workflows/smoke-copilot-aoai-apikey.lock.yml

@@ -144,7 +144,7 @@ async function main(config = {}) {
 
     processedCount++;
 
-    const workflowName = message.workflow_name;
+    const workflowName = typeof message.workflow_name === "string" ? message.workflow_name.trim() : "";
 
     if (!workflowName || workflowName.trim() === "") {
       core.warning("Workflow name is empty, skipping");

.github/workflows/smoke-copilot-aoai-entra.lock.yml

@@ -217,6 +217,22 @@ describe("dispatch_workflow handler factory", () => {
     expect(github.rest.actions.createWorkflowDispatch).not.toHaveBeenCalled();
   });
 
+  it("should handle whitespace-only workflow name", async () => {
+    const handler = await main({});
+
+    const message = {
+      type: "dispatch_workflow",
+      workflow_name: "   ",
+      inputs: {},
+    };
+
+    const result = await handler(message, {});
+
+    expect(result.success).toBe(false);
+    expect(result.error).toContain("empty");
+    expect(github.rest.actions.createWorkflowDispatch).not.toHaveBeenCalled();
+  });
+
   it("should handle dispatch errors", async () => {
     const handler = await main({
       workflows: ["missing-workflow"],

.github/workflows/smoke-copilot-arm.lock.yml

@@ -149,6 +149,21 @@ const SAMPLE_VALIDATION_CONFIG = {
       body: { required: true, type: "string", sanitize: true, maxLength: 65000, minLength: 20 },
     },
   },
+  dispatch_workflow: {
+    defaultMax: 1,
+    fields: {
+      workflow_name: {
+        required: true,
+        type: "string",
+        sanitize: true,
+        minLength: 1,
+        maxLength: 256,
+        pattern: ".*\\S.*",
+        patternError: "must not be empty",
+      },
+      inputs: { type: "object" },
+    },
+  },
 };
 
 const ISSUE_CLOSING_KEYWORDS = ["fix", "fixes", "fixed", "close", "closes", "closed", "resolve", "resolves", "resolved"];
@@ -210,6 +225,23 @@ describe("safe_output_type_validator", () => {
       expect(result.normalizedItem).toBeDefined();
     });
 
+    it("should validate dispatch_workflow with non-empty workflow_name", async () => {
+      const { validateItem } = await import("./safe_output_type_validator.cjs");
+
+      const result = validateItem({ type: "dispatch_workflow", workflow_name: "haiku-printer", inputs: {} }, "dispatch_workflow", 1);
+
+      expect(result.isValid).toBe(true);
+    });
+
+    it("should fail dispatch_workflow when workflow_name is whitespace-only", async () => {
+      const { validateItem } = await import("./safe_output_type_validator.cjs");
+
+      const result = validateItem({ type: "dispatch_workflow", workflow_name: "   ", inputs: {} }, "dispatch_workflow", 1);
+
+      expect(result.isValid).toBe(false);
+      expect(result.error).toContain("workflow_name");
+    });
+
     it("should fail validation when required title is missing", async () => {
       const { validateItem } = await import("./safe_output_type_validator.cjs");
 

.github/workflows/smoke-copilot.lock.yml

@@ -63,6 +63,15 @@ function normalizeMcpToolResult(result) {
   return { content, isError };
 }
 
+/**
+ * Check whether workflow metadata name is a non-empty string after trimming.
+ * @param {any} workflowName
+ * @returns {boolean}
+ */
+function hasValidWorkflowMetadataName(workflowName) {
+  return typeof workflowName === "string" && workflowName.trim().length > 0;
+}
+
 /**
  * Create and configure the MCP server with tools
  * @param {Object} [options] - Additional options
@@ -135,7 +144,7 @@ function createMCPServer(options = {}) {
     // Check if this is a dispatch_workflow tool (has _workflow_name metadata)
     // These tools are dynamically generated with workflow-specific names
     // The _workflow_name should be a non-empty string
-    const isDispatchWorkflowTool = tool._workflow_name && typeof tool._workflow_name === "string" && tool._workflow_name.length > 0;
+    const isDispatchWorkflowTool = hasValidWorkflowMetadataName(tool._workflow_name);
 
     // Check if this is a dispatch_repository tool (has _dispatch_repository_tool metadata)
     // These tools are dynamically generated with tool-specific names
@@ -144,7 +153,7 @@ function createMCPServer(options = {}) {
     // Check if this is a call_workflow tool (has _call_workflow_name metadata)
     // These tools are dynamically generated with workflow-specific names
     // The _call_workflow_name should be a non-empty string
-    const isCallWorkflowTool = tool._call_workflow_name && typeof tool._call_workflow_name === "string" && tool._call_workflow_name.length > 0;
+    const isCallWorkflowTool = hasValidWorkflowMetadataName(tool._call_workflow_name);
 
     if (isDispatchWorkflowTool) {
       logger.debug(`Found dispatch_workflow tool: ${tool.name} (_workflow_name: ${tool._workflow_name})`);

.github/workflows/test-dispatcher.lock.yml

@@ -54,7 +54,7 @@ describe("safe_outputs_mcp_server_http dispatch_workflow registration", () => {
     }
 
     // Test the registration logic (extracted from safe_outputs_mcp_server_http.cjs)
-    const isDispatchWorkflowTool = !!tool._workflow_name;
+    const isDispatchWorkflowTool = typeof tool._workflow_name === "string" && tool._workflow_name.trim().length > 0;
     let shouldRegister = false;
 
     if (isDispatchWorkflowTool) {
@@ -98,7 +98,7 @@ describe("safe_outputs_mcp_server_http dispatch_workflow registration", () => {
       }
     }
 
-    const isDispatchWorkflowTool = !!tool._workflow_name;
+    const isDispatchWorkflowTool = typeof tool._workflow_name === "string" && tool._workflow_name.trim().length > 0;
     let shouldRegister = false;
 
     if (isDispatchWorkflowTool) {
@@ -117,6 +117,42 @@ describe("safe_outputs_mcp_server_http dispatch_workflow registration", () => {
     expect(config.dispatch_workflow).toBeFalsy();
   });
 
+  it("should NOT treat whitespace-only _workflow_name as dispatch_workflow metadata", () => {
+    const tool = {
+      name: "test_workflow",
+      _workflow_name: "   ",
+      description: "Dispatch workflow",
+      inputSchema: { type: "object", properties: {} },
+    };
+
+    const config = {
+      dispatch_workflow: {
+        max: 1,
+      },
+    };
+
+    const enabledTools = new Set();
+    for (const [toolName, enabled] of Object.entries(config)) {
+      if (enabled) {
+        enabledTools.add(toolName);
+      }
+    }
+
+    const isDispatchWorkflowTool = typeof tool._workflow_name === "string" && tool._workflow_name.trim().length > 0;
+    let shouldRegister = false;
+
+    if (isDispatchWorkflowTool) {
+      if (config.dispatch_workflow) {
+        shouldRegister = true;
+      }
+    } else if (enabledTools.has(tool.name)) {
+      shouldRegister = true;
+    }
+
+    expect(isDispatchWorkflowTool).toBe(false);
+    expect(shouldRegister).toBe(false);
+  });
+
   it("should register regular tools when their name is in config", () => {
     // Regular tool (no _workflow_name)
     const tool = {
@@ -137,7 +173,7 @@ describe("safe_outputs_mcp_server_http dispatch_workflow registration", () => {
       }
     }
 
-    const isDispatchWorkflowTool = !!tool._workflow_name;
+    const isDispatchWorkflowTool = typeof tool._workflow_name === "string" && tool._workflow_name.trim().length > 0;
     let shouldRegister = false;
 
     if (isDispatchWorkflowTool) {
@@ -175,7 +211,7 @@ describe("safe_outputs_mcp_server_http dispatch_workflow registration", () => {
       }
     }
 
-    const isDispatchWorkflowTool = !!tool._workflow_name;
+    const isDispatchWorkflowTool = typeof tool._workflow_name === "string" && tool._workflow_name.trim().length > 0;
     let shouldRegister = false;
 
     if (isDispatchWorkflowTool) {