Schema: reject unknown keys in workflow_call/dispatch input definitions

[Copilot]

Three input-definition subschemas in main_workflow_schema.json accepted misspelled keys silently because they defined properties without additionalProperties: false. This updates those subschemas so typos (for example requird) fail schema validation instead of compiling through.

• Schema hardening

  • Added additionalProperties: false to:
    • on.workflow_call.inputs.<id>
    • on.workflow_call.secrets.<id>
    • safe-outputs.dispatch_repository.<tool>.inputs.<id>

• Regression coverage

  • Added a schema-structure test asserting all three paths explicitly set additionalProperties: false.
  • Extended location/validation tests with typo cases (requird) for each affected path and one valid control case to preserve expected success behavior.

• Example of the enforced shape

  "additionalProperties": {
    "type": "object",
    "properties": {
      "type": { "type": "string" },
      "description": { "type": "string" },
      "required": { "type": "boolean" },
      "default": {}
    },
    "additionalProperties": false
  }

[github-actions]

Hey @copilot-swe-agent 👋 — thanks for opening this PR to tighten up schema validation by adding additionalProperties: false to the user-input subschemas in pkg/parser/schemas/main_workflow_schema.json! That's a valuable hardening change.

A few things to address before this is ready for review:

• No diff yet — the PR currently has 0 additions and 0 deletions. The task checklist in the body is a great plan, but the actual code changes still need to land.
• No tests — the body mentions adding a regression test for typoed keys, which is exactly right. Make sure those land alongside the schema changes.
• Description — the PR body reads as a task list rather than a description of what is changing and why. A short prose summary of the problem being solved (e.g., "typos in input keys are silently ignored today") would help reviewers.

When you're ready to move forward, you can use this prompt with your coding agent:

Complete the following tasks for PR #35788 in github/gh-aw:

1. Open `pkg/parser/schemas/main_workflow_schema.json` and add `"additionalProperties": false` to the three user-input subschemas.
2. Add a focused regression test that verifies a workflow with a typoed input key (e.g. `naem` instead of `name`) is rejected by the parser with a clear validation error.
3. Verify that all existing valid-workflow tests still pass.
4. Update the PR body with a short prose summary: what the change does, why it matters (silent typo acceptance), and how it was tested.

Generated by ✅ Contribution Check · sonnet46 2.5M · ◷

[Copilot]

Pull request overview

Hardens three input/secret subschemas in main_workflow_schema.json to reject unknown keys (e.g., typos like requird) by setting additionalProperties: false, aligning them with the strict pattern already used by workflow_dispatch inputs.

Changes:

• Add additionalProperties: false to on.workflow_call.inputs.<id>, on.workflow_call.secrets.<id>, and safe-outputs.dispatch_repository.<tool>.inputs.<id>.
• Add a schema-structure test verifying all three paths set additionalProperties: false.
• Extend location/validation tests with typo cases and a valid control case.

Show a summary per file

File	Description
pkg/parser/schemas/main_workflow_schema.json	Adds additionalProperties: false to the three input/secret definition subschemas.
pkg/parser/schema_test.go	New structural test asserting the strict flag at each path.
pkg/parser/schema_location_test.go	New validation cases for typos and a valid control case.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 0