safe-outputs create_pull_request fails for cross-repo checkouts: uses GITHUB_SHA from workflow repo as merge base

[tore-unumed]

Summary

When using create-pull-request safe output with target-repo to create a PR in a different repository than the workflow, the safe-outputs MCP server fails with "No changes to commit - no commits found" during the agent phase.

Root Cause

The safe-outputs MCP server uses GITHUB_SHA (from context.sha) as the base commit for git format-patch. In a cross-repo scenario:

• GITHUB_SHA is the commit SHA of the workflow repository (e.g., agentic-workflows)
• The workspace contains a checkout of the target repository (e.g., toke-util)
• That SHA does not exist in the target repo, so git merge-base --is-ancestor <GITHUB_SHA> HEAD fails with fatal: Not a valid commit name

Server log from failing run

[debug] Executing git command: git fetch origin main
[error] Git command failed: git fetch origin main
[error] Stderr: fatal: could not read Username for 'https://github.com': No such device or address

[debug] Executing git command: git merge-base --is-ancestor 561a5d1c795d6b12baa23517c675de48ff3e045b HEAD
[error] Git command failed: git merge-base --is-ancestor 561a5d1c...  HEAD
[error] Stderr: fatal: Not a valid commit name 561a5d1c...

[safeoutputs] Patch generation failed: No changes to commit - no commits found

Server log from successful same-repo run (for comparison)

[debug] Executing git command: git merge-base --is-ancestor eec91fe7cc9e4d6abfda41da7742569e843d6e2e HEAD
[debug] Git command completed successfully with no output

[debug] Executing git command: git rev-list --count eec91fe7...HEAD
[debug] Git command output: 1

[debug] Executing git command: git format-patch eec91fe7...HEAD --stdout
[safeoutputs] Patch generated successfully

Additional issue

git fetch origin main also fails because clean_git_credentials.sh strips the git token before the agent runs. Even if the SHA issue were fixed, the server cannot refresh the remote.

Expected Behavior

When target-repo is configured in create-pull-request, the safe-outputs MCP server should use origin/<default_branch> (or the tip of the checked-out base ref) as the merge base instead of GITHUB_SHA, since GITHUB_SHA belongs to a different repository.

Reproduction

1. Create a workflow in repo A with steps: that checks out repo B to workspace root
2. Configure safe-outputs: create-pull-request: target-repo: "org/repo-B"
3. The agent makes changes and commits them
4. safeoutputs-create_pull_request MCP tool call returns error

Workflow configuration

engine:
  id: copilot
  model: gpt-5.3-codex

steps:
  - uses: actions/checkout
    with:
      repository: Unumed/toke-util
      token: $\{\{ secrets.GH_AW_CROSS_REPO_PAT \}\}
      persist-credentials: false

safe-outputs:
  github-token: $\{\{ secrets.GH_AW_CROSS_REPO_PAT \}\}
  create-pull-request:
    max: 1
    target-repo: "Unumed/toke-util"

Environment

• gh-aw CLI: v0.50.0
• awf: v0.20.2
• awmg: v0.1.5
• Engine: copilot / gpt-5.3-codex

[dsyme]

Fixed in #18175 (we hope, testing is hard for theis area)