AGENTS.md in protected_files list blocks legitimate modifications #20514
Description
Severity: Major — common for workflows that need to update project documentation
Reproduction: The agent modifies AGENTS.md (e.g., updating build instructions as part of a CI fix) and calls push_to_pull_request_branch or create_pull_request.
Expected: The push/PR succeeds because AGENTS.md is a documentation file, not a security-sensitive config.
Actual: The push fails with: Cannot push to pull request branch: patch modifies protected files (AGENTS.md). The compiler hardcodes AGENTS.md into the protected_files list alongside lockfiles and package manifests.
Impact: Any issue that touches AGENTS.md (which is common — it's the project's own documentation) will fail.
Workaround: Remove ,"AGENTS.md" from the protected_files list in the lock file's GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG JSON. Must be reapplied after every recompile.
Suggestion: Either remove AGENTS.md from the default protected_files list, or provide a frontmatter option like protected-files: { exclude: ["AGENTS.md"] } to override it.