elastic · strawgate · Mar 9, 2026 · Mar 9, 2026 · Mar 9, 2026 · Mar 9, 2026
diff --git a/.github/workflows/gh-aw-dependency-review.lock.yml b/.github/workflows/gh-aw-dependency-review.lock.yml
diff --git a/.github/workflows/gh-aw-dependency-review.md b/.github/workflows/gh-aw-dependency-review.md
@@ -44,6 +44,11 @@ on:
         type: string
         required: false
         default: "github-actions[bot]"
+      classification-labels:
+        description: "Comma-separated list of labels the agent may apply (e.g. 'needs-human-review,higher-risk,merge-ready'). If empty, no labels are applied. Define label semantics in additional-instructions."
+        type: string
+        required: false
+        default: ""
       messages-footer:
         description: "Footer appended to all agent comments and reviews"
         type: string
@@ -74,9 +79,56 @@ safe-outputs:
   activation-comments: false
   add-labels:
     max: 3
-    allowed:
-      - "needs-human-review"
-      - "higher-risk"
+  steps:
+    - name: Pre-sanitize labels from input allowlist
+      uses: actions/github-script@v7
-      uses: actions/github-script@v7
+      uses: actions/github-script@v8
-      uses: actions/github-script@v7
+      uses: actions/github-script@v8
+      env:
+        CLASSIFICATION_LABELS: ${{ inputs.classification-labels }}
+      with:
+        script: |
+          const fs = require('fs');
+          const outputPath = process.env.GH_AW_AGENT_OUTPUT;
+          if (!outputPath || !fs.existsSync(outputPath)) {
+            core.info('No GH_AW_AGENT_OUTPUT file found; skipping.');
+            return;
+          }
+          const doc = JSON.parse(fs.readFileSync(outputPath, 'utf8'));
+          if (!Array.isArray(doc.items)) {
+            core.warning('agent output has no items array; skipping.');
+            return;
+          }
+          const allowed = new Set(
+            String(process.env.CLASSIFICATION_LABELS || '')
+              .split(',')
+              .map((s) => s.trim())
+              .filter(Boolean)
+          );
+          if (allowed.size === 0) {
+            const before = doc.items.length;
+            doc.items = doc.items.filter((item) => item?.type !== 'add_labels');
+            fs.writeFileSync(outputPath, JSON.stringify(doc));
+            core.info(`No allowed labels provided; removed ${before - doc.items.length} add_labels operations.`);
+            return;
+          }
+          let removed = 0;
+          let dropped = 0;
+          doc.items = doc.items.filter((item) => {
+            if (item?.type !== 'add_labels' || !Array.isArray(item.labels)) {
+              return true;
+            }
+            const before = item.labels.length;
+            item.labels = item.labels
+              .map((v) => String(v).trim())
+              .filter((v) => v && allowed.has(v));
+            removed += Math.max(0, before - item.labels.length);
+            if (item.labels.length === 0) {
+              dropped++;
+              return false;
+            }
+            return true;
+          });
+          fs.writeFileSync(outputPath, JSON.stringify(doc));
+          core.info(`Sanitized label ops: removed=${removed}, dropped_messages=${dropped}`);
 strict: false
 timeout-minutes: 60
 steps:
@@ -224,19 +276,13 @@ Apply the following additional checks based on the dependency ecosystem:
 
 ### Step 4: Determine Labels
 
-Based on the analysis, determine if labels should be applied:
-
-- **`needs-human-review`**: Apply when ANY of these conditions are met:
-  - A dependency update introduces breaking changes that affect this repo's usage
-  - A GitHub Actions commit SHA is not verified
-  - A Buildkite plugin moves from SHA-pinned to mutable tag, or between mutable tags
-  - The changelog indicates breaking changes
-  - A major version bump in any ecosystem (e.g. v1 → v2 in Go, major semver in npm/Python/Java)
-
-- **`higher-risk`**: Apply when:
-  - The updated dependency is used only in workflows triggered by push-to-main, release, schedule, or workflow_dispatch (cannot be validated in PR context)
+Based on the analysis, determine if any labels from the configured `classification-labels` set should be applied:
 
-Only apply `needs-human-review` and `higher-risk` labels.
+- **Allowed classification labels**: `${{ inputs.classification-labels }}`
+- Parse `${{ inputs.classification-labels }}` as a comma-separated list and treat that list as the only valid labels for this step.
+- If `${{ inputs.classification-labels }}` is empty, skip this step entirely.
+- Use `${{ inputs.additional-instructions }}` to understand what each label means and when to apply it.
+- Never apply a label that is not in the parsed classification label list.
 
 ### Step 5: Post Analysis Comment
 

diff --git a/.github/workflows/trigger-dependency-review.yml b/.github/workflows/trigger-dependency-review.yml
@@ -18,8 +18,14 @@ jobs:
       github.event.pull_request.user.login == 'renovate[bot]' ||
       startsWith(github.head_ref, 'updatecli')
     uses: ./.github/workflows/gh-aw-dependency-review.lock.yml
-    # For updatecli: uncomment and set your repo's updatecli bot actor (it varies per repo).
     # with:
-    #   allowed-bot-users: "github-actions[bot]"
+      # Configure which labels the agent may apply and define their semantics in additional-instructions.
+      # classification-labels: "needs-human-review,higher-risk,merge-ready"
+      # additional-instructions: |
+      #   - `needs-human-review`: Apply when breaking changes are found, a major version bump, unverified SHA, or mutable tag move.
+      #   - `higher-risk`: Apply when the dependency is only used in push/release/schedule/dispatch workflows.
+      #   - `merge-ready`: Apply when all dependency updates are safe to merge without human review.
+      # For updatecli: uncomment and set your repo's updatecli bot actor (it varies per repo).
+      # allowed-bot-users: "github-actions[bot]"
     secrets:
       COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}