[aw-failures] Targetless add_comment fails safe_outputs for Contribution Check & PR Sous Chef

[github-actions]

Recommendation

Make the add_comment safe-output non-fatal when its target is unresolved (mirror the existing add_labels deferral behavior), and fix the Contribution Check / PR Sous Chef prompts so every add_comment carries an explicit target. Today a single targetless comment marks the whole run failed even though the agent completed its real work.

Problem statement

In both workflows the agent phase succeeds, but the post-agent safe_outputs job hard-fails on an add_comment item that has no resolvable target. The handler substitutes "*" and then rejects it:

✗ Message N (add_comment) failed: Target is "*" but no item_number/issue_number/pull_request_number/pr_number/pr/pull_number specified in add_comment item
✗ 1 safe output(s) failed

Because the run is marked failure, the intended comment is never posted and the genuine agent output is discarded.

Affected workflows and run IDs

Workflow	Pattern	Representative run	Comparator
Contribution Check	Recurring (intermittent) — failed again at 01:32Z	26980232370	success 26969111193
PR Sous Chef	One-off among successes	26979726834	success 26987313741

Contribution Check 8-run conclusion sequence: failure failure success failure failure failure success failure — the targetless-comment failure recurs whenever the agent emits a comment without a target.

Probable root cause

1. The agent emits an add_comment item without an item_number/issue_number/pull_request_number. The handler defaults the target to "*" and then fails closed.
2. Related fragility: in Contribution Check an add_labels item (temporary id #aw_summary) stayed permanently deferred because its referenced create_issue temp-id never resolved — same temp-id resolution weakness tracked in Temp-ID resolution is structurally fragile #36969.
3. Secondary (non-fatal) in PR Sous Chef: update_pull_request on PR Fix AWF tool-cache mounting so Daily News Copilot can start in chroot #36900 returned HTTP 403 ("refusing to allow a GitHub App to create or update workflow .github/workflows/daily-news.lock.yml without workflows permission"). Logged as a warning; not the cause of the run failure but worth noting.

Evidence detail

• Contribution Check run 26980232370: agent phase 8.2m / 68 turns / ~2.31M tokens succeeded; failure isolated to safe_outputs job, message 3 (add_comment).
• PR Sous Chef run 26979726834: agent phase 6.7m / ~573K tokens succeeded; failure isolated to safe_outputs job, message 2 (add_comment, temporary_id aw_ca3R8oxw).
• Source: agenticworkflows audit artifact logs (1_safe_outputs.txt); the audit JSON errors field did not surface these.

Proposed remediation

• Handler: when an add_comment target resolves to "*" with no concrete number, skip with a warning (defer) instead of failing the run — match add_labels behavior so partial safe-output sets don't fail the whole run.
• Workflows: update the Contribution Check and PR Sous Chef prompts/config so add_comment always specifies an explicit issue_number/pull_request_number (or the triggering target).
• Track the temp-id non-resolution under Temp-ID resolution is structurally fragile #36969.

Success criteria / verification

• Contribution Check and PR Sous Chef complete with conclusion success across consecutive scheduled runs.
• Intended comments post to the correct PR/issue.
• No Target is "*" errors in safe_outputs logs.
• A targetless add_comment produces a warning, not a run failure.

---

Parent: #37005 · Analyzed run IDs: 26980232370, 26979726834, 26989937917 · Window: last 6h ending ~2026-06-05T01:34Z.
Related to #37005

Generated by 🔍 [aw] Failure Investigator (6h) · opus48 20.2M · 1.3K AIC · ◷

• expires on Jun 12, 2026, 2:35 AM UTC