diff --git a/.github/aw/create-agentic-workflow.md b/.github/aw/create-agentic-workflow.md
index 5eb4d6dfad5..2c95efb798c 100644
--- a/.github/aw/create-agentic-workflow.md
+++ b/.github/aw/create-agentic-workflow.md
@@ -425,6 +425,25 @@ These resources contain workflow patterns, best practices, safe outputs, and per
- **Always use `safe-outputs` instead** for any GitHub write operations (creating issues, adding comments, etc.)
- **Mode configuration** - Both `mode: local` (Docker-based, default) and `mode: remote` (hosted) are supported. Remote mode offers faster startup and no Docker requirement.
+ **GitHub lockdown Mode (Security Feature)**:
+
+ GitHub lockdown mode is a security feature that filters content in public repositories to only show issues, PRs, and comments from users with push access. This protects workflows from processing potentially malicious input from untrusted users.
+
+ - **Automatic by default** - Lockdown is automatically enabled for public repositories, and has no impact for for private repositories (where all collaborators are trusted)
+ - **When to disable**: Only disable lockdown (`lockdown: false`) for specific safe use cases:
+ - Issue triage/labeling workflows with restricted safe outputs
+ - Spam detection systems designed to handle untrusted content
+ - Public status dashboards with read-only operations
+ - Command workflows that explicitly verify user permissions before acting
+ - **How to disable**:
+ ```yaml
+ tools:
+ github:
+ lockdown: false # Only for workflows designed to safely process all user input
+ ```
+ - **Security considerations**: Workflows with `lockdown: false` should have read-only operations, restrictive safe outputs with specific allowed values, no bash/web-fetch/playwright tools, and explicit input validation
+ - **Documentation**: See https://github.github.com/gh-aw/reference/lockdown-mode/ for complete guidance
+
**Advanced static analysis tools**:
For advanced code analysis tasks, see `.github/aw/serena-tool.md` for when and how to use Serena language server.
For coordinator-style workflows, see `.github/aw/orchestration.md` for orchestration patterns.
diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml
index 919f79d5af6..f3639974551 100644
--- a/.github/workflows/agent-performance-analyzer.lock.yml
+++ b/.github/workflows/agent-performance-analyzer.lock.yml
@@ -237,9 +237,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml
index e032dd57fea..49b0d796356 100644
--- a/.github/workflows/agent-persona-explorer.lock.yml
+++ b/.github/workflows/agent-persona-explorer.lock.yml
@@ -238,9 +238,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml
index ab3ef6d0bdb..a5c1658e623 100644
--- a/.github/workflows/ai-moderator.lock.yml
+++ b/.github/workflows/ai-moderator.lock.yml
@@ -217,9 +217,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml
index 85d66f8616d..d0331f3f9e1 100644
--- a/.github/workflows/archie.lock.yml
+++ b/.github/workflows/archie.lock.yml
@@ -240,9 +240,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml
index 3b4c40ae3d7..34a29bc6c79 100644
--- a/.github/workflows/artifacts-summary.lock.yml
+++ b/.github/workflows/artifacts-summary.lock.yml
@@ -194,9 +194,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml
index af3e846b55a..d53266df5d4 100644
--- a/.github/workflows/audit-workflows.lock.yml
+++ b/.github/workflows/audit-workflows.lock.yml
@@ -277,9 +277,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml
index aaf4459c716..bc55c4ea508 100644
--- a/.github/workflows/auto-triage-issues.lock.yml
+++ b/.github/workflows/auto-triage-issues.lock.yml
@@ -197,9 +197,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml
index a7c06b90a7f..6a9daad4852 100644
--- a/.github/workflows/blog-auditor.lock.yml
+++ b/.github/workflows/blog-auditor.lock.yml
@@ -200,9 +200,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml
index 37601bc58e5..8a2912cfebd 100644
--- a/.github/workflows/brave.lock.yml
+++ b/.github/workflows/brave.lock.yml
@@ -226,9 +226,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml
index 7358a56238d..65059bd5d29 100644
--- a/.github/workflows/breaking-change-checker.lock.yml
+++ b/.github/workflows/breaking-change-checker.lock.yml
@@ -195,9 +195,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml
index b9a5bdda534..be6d8021df6 100644
--- a/.github/workflows/changeset.lock.yml
+++ b/.github/workflows/changeset.lock.yml
@@ -241,9 +241,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/chroma-issue-indexer.lock.yml b/.github/workflows/chroma-issue-indexer.lock.yml
index ee5a7d1ed6e..8fe1b4a39e3 100644
--- a/.github/workflows/chroma-issue-indexer.lock.yml
+++ b/.github/workflows/chroma-issue-indexer.lock.yml
@@ -190,9 +190,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml
index 71fb0ae24dc..43a96b5791b 100644
--- a/.github/workflows/ci-coach.lock.yml
+++ b/.github/workflows/ci-coach.lock.yml
@@ -246,9 +246,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml
index 6223088d631..90b2c5ede02 100644
--- a/.github/workflows/ci-doctor.lock.yml
+++ b/.github/workflows/ci-doctor.lock.yml
@@ -218,9 +218,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml
index 53273e1ee2d..4ff7e97cf5a 100644
--- a/.github/workflows/claude-code-user-docs-review.lock.yml
+++ b/.github/workflows/claude-code-user-docs-review.lock.yml
@@ -210,9 +210,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml
index 04a345213a2..4b75a59ab0e 100644
--- a/.github/workflows/cli-consistency-checker.lock.yml
+++ b/.github/workflows/cli-consistency-checker.lock.yml
@@ -193,9 +193,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml
index 7af448b1daf..0f433a3d492 100644
--- a/.github/workflows/cli-version-checker.lock.yml
+++ b/.github/workflows/cli-version-checker.lock.yml
@@ -214,9 +214,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml
index 28d19dd583a..8b5bd38d98d 100644
--- a/.github/workflows/cloclo.lock.yml
+++ b/.github/workflows/cloclo.lock.yml
@@ -313,9 +313,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml
index 5ac31dd3a36..b7cd8879165 100644
--- a/.github/workflows/code-scanning-fixer.lock.yml
+++ b/.github/workflows/code-scanning-fixer.lock.yml
@@ -212,9 +212,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml
index 367b40adb74..1fd174ee035 100644
--- a/.github/workflows/code-simplifier.lock.yml
+++ b/.github/workflows/code-simplifier.lock.yml
@@ -197,9 +197,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml
index 6a1fc45c135..f03e60b34bc 100644
--- a/.github/workflows/codex-github-remote-mcp-test.lock.yml
+++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml
@@ -183,9 +183,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml
index cd110bc85b3..92603da9a3f 100644
--- a/.github/workflows/commit-changes-analyzer.lock.yml
+++ b/.github/workflows/commit-changes-analyzer.lock.yml
@@ -202,9 +202,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml
index 302132e6df3..900a441cfd5 100644
--- a/.github/workflows/copilot-agent-analysis.lock.yml
+++ b/.github/workflows/copilot-agent-analysis.lock.yml
@@ -230,9 +230,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml
index 99b3276e852..cc24ccd5476 100644
--- a/.github/workflows/copilot-cli-deep-research.lock.yml
+++ b/.github/workflows/copilot-cli-deep-research.lock.yml
@@ -205,9 +205,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml
index b8d219743ce..10250155af3 100644
--- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml
+++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml
@@ -253,9 +253,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml
index af16f80476e..b2822788acf 100644
--- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml
+++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml
@@ -224,9 +224,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml
index feea9c7ee1e..4c4533988d5 100644
--- a/.github/workflows/copilot-session-insights.lock.yml
+++ b/.github/workflows/copilot-session-insights.lock.yml
@@ -255,9 +255,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml
index 43b7a3ad231..0999a8b1545 100644
--- a/.github/workflows/craft.lock.yml
+++ b/.github/workflows/craft.lock.yml
@@ -231,9 +231,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml
index eb5fd8ad225..69b29927cf6 100644
--- a/.github/workflows/daily-assign-issue-to-user.lock.yml
+++ b/.github/workflows/daily-assign-issue-to-user.lock.yml
@@ -192,9 +192,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml
index e774b7b72b5..1da17bb5661 100644
--- a/.github/workflows/daily-choice-test.lock.yml
+++ b/.github/workflows/daily-choice-test.lock.yml
@@ -198,9 +198,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml
index 028856b282b..43f1048bbad 100644
--- a/.github/workflows/daily-cli-performance.lock.yml
+++ b/.github/workflows/daily-cli-performance.lock.yml
@@ -204,9 +204,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml
index 152f241918f..409d00e441e 100644
--- a/.github/workflows/daily-cli-tools-tester.lock.yml
+++ b/.github/workflows/daily-cli-tools-tester.lock.yml
@@ -224,9 +224,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml
index c4c1be207b6..c3be8c85636 100644
--- a/.github/workflows/daily-code-metrics.lock.yml
+++ b/.github/workflows/daily-code-metrics.lock.yml
@@ -244,9 +244,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml
index 5ecdb9a3dc7..6220ec98914 100644
--- a/.github/workflows/daily-compiler-quality.lock.yml
+++ b/.github/workflows/daily-compiler-quality.lock.yml
@@ -204,9 +204,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml
index e532a2b6264..8a1d027703e 100644
--- a/.github/workflows/daily-copilot-token-report.lock.yml
+++ b/.github/workflows/daily-copilot-token-report.lock.yml
@@ -271,9 +271,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml
index bdc2925bf23..0978dbdf931 100644
--- a/.github/workflows/daily-doc-updater.lock.yml
+++ b/.github/workflows/daily-doc-updater.lock.yml
@@ -209,9 +209,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml
index fb22f6ee194..22482c2af40 100644
--- a/.github/workflows/daily-fact.lock.yml
+++ b/.github/workflows/daily-fact.lock.yml
@@ -188,9 +188,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml
index be835a89183..2cff6fb1184 100644
--- a/.github/workflows/daily-file-diet.lock.yml
+++ b/.github/workflows/daily-file-diet.lock.yml
@@ -197,9 +197,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml
index 45c08e70ce0..a6c82672988 100644
--- a/.github/workflows/daily-firewall-report.lock.yml
+++ b/.github/workflows/daily-firewall-report.lock.yml
@@ -261,9 +261,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml
index 7a9fde10c24..a347397e673 100644
--- a/.github/workflows/daily-malicious-code-scan.lock.yml
+++ b/.github/workflows/daily-malicious-code-scan.lock.yml
@@ -194,9 +194,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
index 8f97e4e130d..e9dcc1f5b76 100644
--- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
+++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml
@@ -204,9 +204,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml
index b52405236ec..66dc23fd420 100644
--- a/.github/workflows/daily-multi-device-docs-tester.lock.yml
+++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml
@@ -206,9 +206,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml
index 088e914634a..7608be91da1 100644
--- a/.github/workflows/daily-news.lock.yml
+++ b/.github/workflows/daily-news.lock.yml
@@ -309,9 +309,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml
index d3e7b84c2d7..00911526e9c 100644
--- a/.github/workflows/daily-observability-report.lock.yml
+++ b/.github/workflows/daily-observability-report.lock.yml
@@ -234,9 +234,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml
index b4448b9807b..2ae9721e901 100644
--- a/.github/workflows/daily-performance-summary.lock.yml
+++ b/.github/workflows/daily-performance-summary.lock.yml
@@ -237,9 +237,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml
index 4da7ae9f8f9..4bc1aef3165 100644
--- a/.github/workflows/daily-regulatory.lock.yml
+++ b/.github/workflows/daily-regulatory.lock.yml
@@ -197,9 +197,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml
index 467daf207ca..38ecd43322f 100644
--- a/.github/workflows/daily-repo-chronicle.lock.yml
+++ b/.github/workflows/daily-repo-chronicle.lock.yml
@@ -229,9 +229,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml
index f34fda27f47..5c7e400b356 100644
--- a/.github/workflows/daily-safe-output-optimizer.lock.yml
+++ b/.github/workflows/daily-safe-output-optimizer.lock.yml
@@ -252,9 +252,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml
index 4cc6e9ea32e..77ab125c9c0 100644
--- a/.github/workflows/daily-secrets-analysis.lock.yml
+++ b/.github/workflows/daily-secrets-analysis.lock.yml
@@ -195,9 +195,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml
index 22648bfc917..dd1eb07ad83 100644
--- a/.github/workflows/daily-semgrep-scan.lock.yml
+++ b/.github/workflows/daily-semgrep-scan.lock.yml
@@ -195,9 +195,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml
index 64130258348..bb0724fd8cf 100644
--- a/.github/workflows/daily-syntax-error-quality.lock.yml
+++ b/.github/workflows/daily-syntax-error-quality.lock.yml
@@ -207,9 +207,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml
index 356d19222f2..e16836864b5 100644
--- a/.github/workflows/daily-team-evolution-insights.lock.yml
+++ b/.github/workflows/daily-team-evolution-insights.lock.yml
@@ -202,9 +202,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml
index 8046432b621..026e50accfd 100644
--- a/.github/workflows/daily-team-status.lock.yml
+++ b/.github/workflows/daily-team-status.lock.yml
@@ -203,9 +203,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml
index 7041e584fff..c44a308d975 100644
--- a/.github/workflows/daily-testify-uber-super-expert.lock.yml
+++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml
@@ -207,9 +207,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml
index f1e0a04342e..c89aef0772c 100644
--- a/.github/workflows/daily-workflow-updater.lock.yml
+++ b/.github/workflows/daily-workflow-updater.lock.yml
@@ -193,9 +193,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml
index 861b5226848..9f73f9e8060 100644
--- a/.github/workflows/deep-report.lock.yml
+++ b/.github/workflows/deep-report.lock.yml
@@ -261,9 +261,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml
index be156233fca..8f4cb06a4b4 100644
--- a/.github/workflows/delight.lock.yml
+++ b/.github/workflows/delight.lock.yml
@@ -208,9 +208,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml
index 6363057b575..a9ecaa78b70 100644
--- a/.github/workflows/dependabot-burner.lock.yml
+++ b/.github/workflows/dependabot-burner.lock.yml
@@ -190,9 +190,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml
index 1e45e9a56e9..0eec0029c9d 100644
--- a/.github/workflows/dependabot-go-checker.lock.yml
+++ b/.github/workflows/dependabot-go-checker.lock.yml
@@ -194,9 +194,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml
index 57d2945c420..4582a728ab4 100644
--- a/.github/workflows/dev-hawk.lock.yml
+++ b/.github/workflows/dev-hawk.lock.yml
@@ -233,9 +233,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml
index 265aa23a746..c10e148b2cc 100644
--- a/.github/workflows/dev.lock.yml
+++ b/.github/workflows/dev.lock.yml
@@ -190,9 +190,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml
index 0379f056ca3..14f96bf29c5 100644
--- a/.github/workflows/developer-docs-consolidator.lock.yml
+++ b/.github/workflows/developer-docs-consolidator.lock.yml
@@ -211,9 +211,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml
index ea345606c8a..1438242b5ee 100644
--- a/.github/workflows/dictation-prompt.lock.yml
+++ b/.github/workflows/dictation-prompt.lock.yml
@@ -193,9 +193,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml
index 0f88d944477..16eafb6676d 100644
--- a/.github/workflows/docs-noob-tester.lock.yml
+++ b/.github/workflows/docs-noob-tester.lock.yml
@@ -194,9 +194,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml
index ee2d4798c55..6e238ed8516 100644
--- a/.github/workflows/draft-pr-cleanup.lock.yml
+++ b/.github/workflows/draft-pr-cleanup.lock.yml
@@ -192,9 +192,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml
index 39366d8e206..d0328072dcd 100644
--- a/.github/workflows/duplicate-code-detector.lock.yml
+++ b/.github/workflows/duplicate-code-detector.lock.yml
@@ -199,9 +199,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/example-custom-error-patterns.lock.yml b/.github/workflows/example-custom-error-patterns.lock.yml
index 13f23f16606..fc171b999fc 100644
--- a/.github/workflows/example-custom-error-patterns.lock.yml
+++ b/.github/workflows/example-custom-error-patterns.lock.yml
@@ -179,9 +179,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml
index 46a731bb90b..7f8777bbe0c 100644
--- a/.github/workflows/example-permissions-warning.lock.yml
+++ b/.github/workflows/example-permissions-warning.lock.yml
@@ -178,9 +178,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml
index d52f18f23cd..b7fa9b745e5 100644
--- a/.github/workflows/example-workflow-analyzer.lock.yml
+++ b/.github/workflows/example-workflow-analyzer.lock.yml
@@ -231,9 +231,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml
index 6a518fd4b7e..edf264f0cce 100644
--- a/.github/workflows/firewall-escape.lock.yml
+++ b/.github/workflows/firewall-escape.lock.yml
@@ -222,9 +222,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml
index 3dcdf1851a4..66fb30c7727 100644
--- a/.github/workflows/firewall.lock.yml
+++ b/.github/workflows/firewall.lock.yml
@@ -178,9 +178,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml
index 1e30fa76c71..74c7e71a049 100644
--- a/.github/workflows/functional-pragmatist.lock.yml
+++ b/.github/workflows/functional-pragmatist.lock.yml
@@ -193,9 +193,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml
index 2fe709e260a..62afce40e40 100644
--- a/.github/workflows/github-mcp-structural-analysis.lock.yml
+++ b/.github/workflows/github-mcp-structural-analysis.lock.yml
@@ -236,9 +236,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml
index 09bab739327..0e3a4340150 100644
--- a/.github/workflows/github-mcp-tools-report.lock.yml
+++ b/.github/workflows/github-mcp-tools-report.lock.yml
@@ -213,9 +213,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml
index 33c1894ed16..933992e695b 100644
--- a/.github/workflows/github-remote-mcp-auth-test.lock.yml
+++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml
@@ -193,9 +193,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml
index b65434a2351..5ced39f7169 100644
--- a/.github/workflows/glossary-maintainer.lock.yml
+++ b/.github/workflows/glossary-maintainer.lock.yml
@@ -216,9 +216,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml
index 9eb51dafe26..fae8e703cf4 100644
--- a/.github/workflows/go-fan.lock.yml
+++ b/.github/workflows/go-fan.lock.yml
@@ -210,9 +210,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml
index 08214c9f94c..2d46d4516a3 100644
--- a/.github/workflows/go-logger.lock.yml
+++ b/.github/workflows/go-logger.lock.yml
@@ -226,9 +226,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml
index 61b76b80a52..18b41b5c1fd 100644
--- a/.github/workflows/go-pattern-detector.lock.yml
+++ b/.github/workflows/go-pattern-detector.lock.yml
@@ -202,9 +202,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml
index 91a328018c9..7f738dd0814 100644
--- a/.github/workflows/gpclean.lock.yml
+++ b/.github/workflows/gpclean.lock.yml
@@ -209,9 +209,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml
index d5065e4782b..ec95096d507 100644
--- a/.github/workflows/hourly-ci-cleaner.lock.yml
+++ b/.github/workflows/hourly-ci-cleaner.lock.yml
@@ -230,9 +230,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml
index 1cfb63fc120..9a82d457213 100644
--- a/.github/workflows/instructions-janitor.lock.yml
+++ b/.github/workflows/instructions-janitor.lock.yml
@@ -209,9 +209,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/issue-classifier.lock.yml b/.github/workflows/issue-classifier.lock.yml
index c986b5411fa..5b224e15694 100644
--- a/.github/workflows/issue-classifier.lock.yml
+++ b/.github/workflows/issue-classifier.lock.yml
@@ -211,9 +211,6 @@ jobs:
core.setOutput('model', awInfo.model);
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml
index a6b65000f7b..ff5f58924aa 100644
--- a/.github/workflows/issue-triage-agent.lock.yml
+++ b/.github/workflows/issue-triage-agent.lock.yml
@@ -25,7 +25,7 @@
# - shared/mood.md
# - shared/reporting.md
#
-# frontmatter-hash: 52fe2e53ca1466eaa957a915afde5dba915890e57f983dde6e72ddc99997e7e2
+# frontmatter-hash: 9dbd3ff61f5a92eac5a99a5c46b452bfe4d91bbca94dc325cc4a4bfc969e005e
name: "Issue Triage Agent"
"on":
diff --git a/.github/workflows/issue-triage-agent.md b/.github/workflows/issue-triage-agent.md
index 0d40bcdddab..1405ea43738 100644
--- a/.github/workflows/issue-triage-agent.md
+++ b/.github/workflows/issue-triage-agent.md
@@ -8,6 +8,7 @@ permissions:
issues: read
tools:
github:
+ # For now we are enabling lockdown mode for this workflow since it processes issues from the public repo and we want to ensure it only processes trusted input from maintainers.
lockdown: true
toolsets: [issues, labels]
safe-outputs:
diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml
index bbe2ac2e482..6198af24237 100644
--- a/.github/workflows/jsweep.lock.yml
+++ b/.github/workflows/jsweep.lock.yml
@@ -213,9 +213,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml
index 6a5184be403..807849d62d2 100644
--- a/.github/workflows/layout-spec-maintainer.lock.yml
+++ b/.github/workflows/layout-spec-maintainer.lock.yml
@@ -201,9 +201,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml
index 9ad11e53d24..f39d9cf821e 100644
--- a/.github/workflows/lockfile-stats.lock.yml
+++ b/.github/workflows/lockfile-stats.lock.yml
@@ -210,9 +210,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml
index f69b161dcc9..509ddfdf71b 100644
--- a/.github/workflows/mcp-inspector.lock.yml
+++ b/.github/workflows/mcp-inspector.lock.yml
@@ -260,9 +260,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml
index d67135e0faa..91cc6cc9163 100644
--- a/.github/workflows/mergefest.lock.yml
+++ b/.github/workflows/mergefest.lock.yml
@@ -215,9 +215,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml
index a0b1f11f5fe..d6ba9d77375 100644
--- a/.github/workflows/metrics-collector.lock.yml
+++ b/.github/workflows/metrics-collector.lock.yml
@@ -224,9 +224,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml
index 55d87d9c425..cdcb9a759a4 100644
--- a/.github/workflows/notion-issue-summary.lock.yml
+++ b/.github/workflows/notion-issue-summary.lock.yml
@@ -196,9 +196,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml
index eb3601156c9..e478345776d 100644
--- a/.github/workflows/pdf-summary.lock.yml
+++ b/.github/workflows/pdf-summary.lock.yml
@@ -256,9 +256,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml
index a4888be5b5d..5ae5f5f17e5 100644
--- a/.github/workflows/plan.lock.yml
+++ b/.github/workflows/plan.lock.yml
@@ -25,7 +25,7 @@
# Imports:
# - shared/mood.md
#
-# frontmatter-hash: 46466ddd218d6b59039bb1195a8546bb6b3e19d7f6640ae77e2351cae4cbe60f
+# frontmatter-hash: c708e2e5820dca7c69da7bdc46db153754c7db5eff5ad659c01dc46a14f311d7
name: "Plan Command"
"on":
@@ -547,7 +547,6 @@ jobs:
"type": "stdio",
"container": "ghcr.io/github/github-mcp-server:v0.30.3",
"env": {
- "GITHUB_LOCKDOWN_MODE": "1",
"GITHUB_PERSONAL_ACCESS_TOKEN": "\${GITHUB_MCP_SERVER_TOKEN}",
"GITHUB_READ_ONLY": "1",
"GITHUB_TOOLSETS": "context,repos,issues,pull_requests,discussions"
diff --git a/.github/workflows/plan.md b/.github/workflows/plan.md
index cf9bc8cabd1..88cd3f526ac 100644
--- a/.github/workflows/plan.md
+++ b/.github/workflows/plan.md
@@ -13,7 +13,7 @@ permissions:
engine: copilot
tools:
github:
- lockdown: true
+ lockdown: false
toolsets: [default, discussions]
safe-outputs:
create-issue:
diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml
index 1e4d4dddd15..9fda151b985 100644
--- a/.github/workflows/poem-bot.lock.yml
+++ b/.github/workflows/poem-bot.lock.yml
@@ -244,9 +244,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml
index 821a7a9340e..9d00138d86a 100644
--- a/.github/workflows/portfolio-analyst.lock.yml
+++ b/.github/workflows/portfolio-analyst.lock.yml
@@ -268,9 +268,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml
index 4e752488bc6..73d529440a5 100644
--- a/.github/workflows/pr-nitpick-reviewer.lock.yml
+++ b/.github/workflows/pr-nitpick-reviewer.lock.yml
@@ -253,9 +253,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml
index aa32ede6f93..4be154bedbf 100644
--- a/.github/workflows/prompt-clustering-analysis.lock.yml
+++ b/.github/workflows/prompt-clustering-analysis.lock.yml
@@ -296,9 +296,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml
index f8ade8a329c..0b5cfa7e146 100644
--- a/.github/workflows/python-data-charts.lock.yml
+++ b/.github/workflows/python-data-charts.lock.yml
@@ -257,9 +257,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml
index a87003d4dd9..b05cddd1ea3 100644
--- a/.github/workflows/q.lock.yml
+++ b/.github/workflows/q.lock.yml
@@ -296,9 +296,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml
index ba51ed4c73f..89ef546cbc7 100644
--- a/.github/workflows/release.lock.yml
+++ b/.github/workflows/release.lock.yml
@@ -212,9 +212,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml
index 63bf3cfda02..c3fb1ff070d 100644
--- a/.github/workflows/repo-audit-analyzer.lock.yml
+++ b/.github/workflows/repo-audit-analyzer.lock.yml
@@ -209,9 +209,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml
index b2ae49b163e..b089b62db62 100644
--- a/.github/workflows/repo-tree-map.lock.yml
+++ b/.github/workflows/repo-tree-map.lock.yml
@@ -194,9 +194,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml
index 4a8d4671f13..4896cce3cdd 100644
--- a/.github/workflows/repository-quality-improver.lock.yml
+++ b/.github/workflows/repository-quality-improver.lock.yml
@@ -205,9 +205,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml
index 25a5e0070a6..0a06eb53013 100644
--- a/.github/workflows/research.lock.yml
+++ b/.github/workflows/research.lock.yml
@@ -197,9 +197,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml
index 5f16828eed1..820e72a5862 100644
--- a/.github/workflows/safe-output-health.lock.yml
+++ b/.github/workflows/safe-output-health.lock.yml
@@ -249,9 +249,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml
index ec4b31811cd..0bb0f0d9e97 100644
--- a/.github/workflows/schema-consistency-checker.lock.yml
+++ b/.github/workflows/schema-consistency-checker.lock.yml
@@ -211,9 +211,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml
index fa64cff960a..03a015f365b 100644
--- a/.github/workflows/scout.lock.yml
+++ b/.github/workflows/scout.lock.yml
@@ -32,7 +32,7 @@
# - shared/mood.md
# - shared/reporting.md
#
-# frontmatter-hash: d720039ca3cf1be5054a58eb02146900a08426a0a5997cb88f87e0a937e2ec2b
+# frontmatter-hash: ae44dc4724a0c27395d2fd53a627dad1084871f40b1c2c1d74bef76c77d3a872
name: "Scout"
"on":
@@ -287,16 +287,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Install Claude Code CLI
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- - name: Determine automatic lockdown mode for GitHub MCP server
- id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
- with:
- script: |
- const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
- await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.16.1 ghcr.io/github/gh-aw-firewall/squid:0.16.1 ghcr.io/github/gh-aw-mcpg:v0.1.4 ghcr.io/github/github-mcp-server:v0.30.3 mcp/arxiv-mcp-server mcp/markitdown node:lts-alpine
- name: Write Safe Outputs Config
@@ -495,7 +485,6 @@ jobs:
GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }}
GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }}
GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }}
- GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}
GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }}
run: |
@@ -529,7 +518,6 @@ jobs:
"github": {
"container": "ghcr.io/github/github-mcp-server:v0.30.3",
"env": {
- "GITHUB_LOCKDOWN_MODE": "$GITHUB_MCP_LOCKDOWN",
"GITHUB_PERSONAL_ACCESS_TOKEN": "$GITHUB_MCP_SERVER_TOKEN",
"GITHUB_READ_ONLY": "1",
"GITHUB_TOOLSETS": "context,repos,issues,pull_requests"
diff --git a/.github/workflows/scout.md b/.github/workflows/scout.md
index 736f76c119f..e1e113cf4ce 100644
--- a/.github/workflows/scout.md
+++ b/.github/workflows/scout.md
@@ -27,6 +27,8 @@ imports:
tools:
edit:
cache-memory: true
+ github:
+ lockdown: false
safe-outputs:
add-comment:
max: 1
diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml
index 33846dd5e61..567d0f86354 100644
--- a/.github/workflows/security-compliance.lock.yml
+++ b/.github/workflows/security-compliance.lock.yml
@@ -208,9 +208,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml
index f7980c20e42..a9752ba61b4 100644
--- a/.github/workflows/security-review.lock.yml
+++ b/.github/workflows/security-review.lock.yml
@@ -273,9 +273,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml
index cb02d528af7..702da9a7def 100644
--- a/.github/workflows/semantic-function-refactor.lock.yml
+++ b/.github/workflows/semantic-function-refactor.lock.yml
@@ -200,9 +200,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml
index d46ade6bdf3..5a067253b09 100644
--- a/.github/workflows/sergo.lock.yml
+++ b/.github/workflows/sergo.lock.yml
@@ -211,9 +211,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml
index 1ea0ac4d24d..683dafe4963 100644
--- a/.github/workflows/slide-deck-maintainer.lock.yml
+++ b/.github/workflows/slide-deck-maintainer.lock.yml
@@ -221,9 +221,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml
index 99577b56044..f93b090329e 100644
--- a/.github/workflows/smoke-claude.lock.yml
+++ b/.github/workflows/smoke-claude.lock.yml
@@ -277,9 +277,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml
index 340727214a4..628a773d90a 100644
--- a/.github/workflows/smoke-codex.lock.yml
+++ b/.github/workflows/smoke-codex.lock.yml
@@ -240,9 +240,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml
index 1c0abf6b54a..bf6a31a3461 100644
--- a/.github/workflows/smoke-copilot.lock.yml
+++ b/.github/workflows/smoke-copilot.lock.yml
@@ -267,9 +267,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/smoke-opencode.lock.yml b/.github/workflows/smoke-opencode.lock.yml
index 12bd011dbec..0ffbed8c9a5 100644
--- a/.github/workflows/smoke-opencode.lock.yml
+++ b/.github/workflows/smoke-opencode.lock.yml
@@ -221,9 +221,6 @@ jobs:
core.setOutput('model', awInfo.model);
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml
index 473e78e0a8c..fe2bed95c98 100644
--- a/.github/workflows/smoke-project.lock.yml
+++ b/.github/workflows/smoke-project.lock.yml
@@ -212,9 +212,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml
index b2bfa45f8b8..3e428413f5c 100644
--- a/.github/workflows/smoke-test-tools.lock.yml
+++ b/.github/workflows/smoke-test-tools.lock.yml
@@ -221,9 +221,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml
index 8826d1c9cc2..f8f8621542f 100644
--- a/.github/workflows/static-analysis-report.lock.yml
+++ b/.github/workflows/static-analysis-report.lock.yml
@@ -248,9 +248,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml
index 815bf0ba124..107350e0181 100644
--- a/.github/workflows/step-name-alignment.lock.yml
+++ b/.github/workflows/step-name-alignment.lock.yml
@@ -209,9 +209,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml
index 5d2c0a1d98a..a83bcfa2fd7 100644
--- a/.github/workflows/sub-issue-closer.lock.yml
+++ b/.github/workflows/sub-issue-closer.lock.yml
@@ -192,9 +192,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml
index 2ba48f88c19..0fd379b241a 100644
--- a/.github/workflows/super-linter.lock.yml
+++ b/.github/workflows/super-linter.lock.yml
@@ -212,9 +212,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml
index 3b835396ffa..7421df73f87 100644
--- a/.github/workflows/technical-doc-writer.lock.yml
+++ b/.github/workflows/technical-doc-writer.lock.yml
@@ -235,9 +235,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml
index 6e4f203c62d..2a97cb8754f 100644
--- a/.github/workflows/terminal-stylist.lock.yml
+++ b/.github/workflows/terminal-stylist.lock.yml
@@ -191,9 +191,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml
index 8881b17e38b..86226654477 100644
--- a/.github/workflows/test-create-pr-error-handling.lock.yml
+++ b/.github/workflows/test-create-pr-error-handling.lock.yml
@@ -206,9 +206,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml
index a90ba9231e9..ce596c96051 100644
--- a/.github/workflows/test-dispatcher.lock.yml
+++ b/.github/workflows/test-dispatcher.lock.yml
@@ -188,9 +188,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml
index 8e541946846..c13f139807b 100644
--- a/.github/workflows/test-project-url-default.lock.yml
+++ b/.github/workflows/test-project-url-default.lock.yml
@@ -187,9 +187,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml
index 3cd26d115e2..e4e44a6332e 100644
--- a/.github/workflows/test-workflow.lock.yml
+++ b/.github/workflows/test-workflow.lock.yml
@@ -180,9 +180,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml
index f23d34b37f7..9253caf8850 100644
--- a/.github/workflows/tidy.lock.yml
+++ b/.github/workflows/tidy.lock.yml
@@ -239,9 +239,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml
index c9be59b95cc..2833580481a 100644
--- a/.github/workflows/typist.lock.yml
+++ b/.github/workflows/typist.lock.yml
@@ -199,9 +199,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml
index f1b8f3699d3..ffdd31b921d 100644
--- a/.github/workflows/ubuntu-image-analyzer.lock.yml
+++ b/.github/workflows/ubuntu-image-analyzer.lock.yml
@@ -197,9 +197,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml
index 6a1bc157bd8..2d4d219f6c6 100644
--- a/.github/workflows/unbloat-docs.lock.yml
+++ b/.github/workflows/unbloat-docs.lock.yml
@@ -251,9 +251,6 @@ jobs:
run: npm install -g --silent @anthropic-ai/claude-code@2.1.39
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml
index d5e3069d2b1..72a66144612 100644
--- a/.github/workflows/video-analyzer.lock.yml
+++ b/.github/workflows/video-analyzer.lock.yml
@@ -204,9 +204,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml
index 36cf1b0e9bf..062b94aebf9 100644
--- a/.github/workflows/workflow-health-manager.lock.yml
+++ b/.github/workflows/workflow-health-manager.lock.yml
@@ -206,9 +206,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml
index 0da39643b0d..beda9773528 100644
--- a/.github/workflows/workflow-normalizer.lock.yml
+++ b/.github/workflows/workflow-normalizer.lock.yml
@@ -225,9 +225,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml
index 3832ae44139..894482d136b 100644
--- a/.github/workflows/workflow-skill-extractor.lock.yml
+++ b/.github/workflows/workflow-skill-extractor.lock.yml
@@ -195,9 +195,6 @@ jobs:
run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.1
- name: Determine automatic lockdown mode for GitHub MCP server
id: determine-automatic-lockdown
- env:
- TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
- if: env.TOKEN_CHECK != ''
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
diff --git a/docs/src/content/docs/blog/2026-01-13-meet-the-workflows.md b/docs/src/content/docs/blog/2026-01-13-meet-the-workflows.md
index 36861350fe7..87b68c27466 100644
--- a/docs/src/content/docs/blog/2026-01-13-meet-the-workflows.md
+++ b/docs/src/content/docs/blog/2026-01-13-meet-the-workflows.md
@@ -76,6 +76,8 @@ Note how concise this is - it's like reading a to-do list for the agent. The wor
In the frontmatter, we define [permissions](/gh-aw/reference/frontmatter/#permissions-permissions), [tools](/gh-aw/reference/tools/), and [safe outputs](/gh-aw/reference/safe-outputs/). This ensures the agent only has access to what it needs and can't perform any unsafe actions. The natural language instructions in the body guide the agent's behavior in a clear, human-readable way.
+Issue triage workflows in public repositories are one of the [rare cases where you might disable lockdown mode](/gh-aw/reference/faq/#what-is-github-lockdown-mode-and-when-is-it-enabled) to process issues from all contributors. If you are a maintainer in a public repository and need your triage agent to see and label issues from users without push access, configure `lockdown: false` in your GitHub tools configuration. See [Lockdown Mode](/gh-aw/reference/lockdown-mode/) for security considerations and best practices.
+
We've deliberately kept this workflow ultra-simple. In practice, in your own repo, **customization** is key. Triage differs in every repository. Tailoring workflows to your specific context will make them more effective. Generic agents are okay, but customized ones are often a better fit.
## Using These Workflows
diff --git a/docs/src/content/docs/blog/2026-01-24-design-patterns.md b/docs/src/content/docs/blog/2026-01-24-design-patterns.md
index d0629d43585..3c7cf135a21 100644
--- a/docs/src/content/docs/blog/2026-01-24-design-patterns.md
+++ b/docs/src/content/docs/blog/2026-01-24-design-patterns.md
@@ -182,6 +182,7 @@ Some key characteristics are:
- Often includes intelligent classification
- Maintains issue relationships
- Respects user intent and context
+- **For public repo triage**: May need [lockdown mode disabled](/gh-aw/reference/lockdown-mode/) to process issues from all users
---
diff --git a/docs/src/content/docs/blog/2026-01-27-operational-patterns.md b/docs/src/content/docs/blog/2026-01-27-operational-patterns.md
index af6aa500ea7..eb1398080be 100644
--- a/docs/src/content/docs/blog/2026-01-27-operational-patterns.md
+++ b/docs/src/content/docs/blog/2026-01-27-operational-patterns.md
@@ -173,6 +173,7 @@ Here are our tips!
- Allow manual override
- Track triage accuracy
- Update classification rules based on feedback
+- **For public repos**: Consider if you need to [disable lockdown mode](/gh-aw/reference/faq/#what-is-github-lockdown-mode-and-when-is-it-enabled) to process issues from all users (this is one of the rare safe use cases - see [Lockdown Mode](/gh-aw/reference/lockdown-mode/) for security guidance)
**Learn more**: [IssueOps Examples](https://github.github.com/gh-aw/patterns/issueops/)
diff --git a/docs/src/content/docs/introduction/architecture.mdx b/docs/src/content/docs/introduction/architecture.mdx
index 29b6c52a0e6..bb0d7dce694 100644
--- a/docs/src/content/docs/introduction/architecture.mdx
+++ b/docs/src/content/docs/introduction/architecture.mdx
@@ -553,6 +553,19 @@ XML and HTML tags are converted to a safe parentheses format to prevent injectio
Workflows should use `${{ needs.activation.outputs.text }}` instead of raw `github.event` fields to ensure proper sanitization of user-provided content.
+## GitHub Lockdown Mode
+
+GitHub lockdown mode is a security feature of the GitHub MCP server that filters content in public repositories to only surface items from users with push access. This protects workflows from processing potentially malicious or misleading input from untrusted users.
+
+When **lockdown mode is enabled** (automatically the default for public repositories with custom tokens), the GitHub MCP server:
+- Only returns issues, PRs, comments, and discussions from users with push, maintain, or admin access
+- Blocks coding agent from seeing content from other users
+- Has no particular effect for private or internal repos
+
+
+
## Secret Redaction
Before workflow artifacts are uploaded, all files in the `/tmp/gh-aw` directory are scanned for secret values and redacted. This mechanism prevents accidental credential leakage through logs, outputs, or artifacts. Secret redaction executes unconditionally (with `if: always()`), ensuring that secrets are protected even if the workflow fails at an earlier stage.
@@ -783,6 +796,7 @@ gh aw status
| **Configuration** | Action SHA pinning | Supply chain attacks, tag hijacking |
| **Configuration** | Security scanners (actionlint, zizmor, poutine) | Privilege escalation, misconfigurations, supply chain risks |
| **Configuration** | Pre-activation checks (role/permission) | Unauthorized users, expired workflows |
+| **Plan** | GitHub lockdown mode | Untrusted user input, context poisoning, social engineering |
| **Plan** | Content sanitization | @mention abuse, bot triggers |
| **Plan** | Secret redaction | Credential leakage in logs/artifacts |
| **Plan** | Threat detection | Malicious patches, secret leaks |
@@ -792,6 +806,7 @@ gh aw status
## Related Documentation
+- [Lockdown Mode](/gh-aw/reference/lockdown-mode/) - GitHub content filtering for public repositories
- [Threat Detection Guide](/gh-aw/reference/threat-detection/) - Configuring threat analysis
- [Network Permissions](/gh-aw/reference/network/) - Network access control
- [Safe Outputs Reference](/gh-aw/reference/safe-outputs/) - Output processing configuration
diff --git a/docs/src/content/docs/reference/faq.md b/docs/src/content/docs/reference/faq.md
index a960226b834..45e70e5ae33 100644
--- a/docs/src/content/docs/reference/faq.md
+++ b/docs/src/content/docs/reference/faq.md
@@ -179,6 +179,19 @@ network:
See [Network Permissions](/gh-aw/reference/network/) for complete configuration options.
+### What is GitHub lockdown mode and when is it enabled?
+
+**GitHub lockdown mode** is a security feature that filters content in public repositories to only show issues, pull requests, and comments from users with push access. This protects workflows from processing potentially malicious input from untrusted users.
+
+Lockdown is **automatically enabled** for public repositories. It has no particular effect in private or internal repositories. You can disable lockdown for specific workflows designed to safely process all user input:
+
+- Issue triage and organization workflows
+- Spam detection systems
+- Public status dashboards
+- Command workflows (like `/plan`) that maintainers can use
+
+See [Lockdown Mode](/gh-aw/reference/lockdown-mode/) for detailed configuration guidance and security considerations.
+
## Configuration & Setup
### What is a workflow lock file?
diff --git a/docs/src/content/docs/reference/lockdown-mode.md b/docs/src/content/docs/reference/lockdown-mode.md
new file mode 100644
index 00000000000..b12ba3a65ce
--- /dev/null
+++ b/docs/src/content/docs/reference/lockdown-mode.md
@@ -0,0 +1,94 @@
+---
+title: GitHub Lockdown Mode
+description: Security feature of GitHub that filters public repository content to only show items from users with push access, protecting workflows from unauthorized input manipulation.
+sidebar:
+ order: 660
+---
+
+**GitHub lockdown mode** is [a security feature of the GitHub MCP server](https://github.com/github/github-mcp-server/blob/main/docs/server-configuration.md#lockdown-mode) that filters content in public repositories to only surface items (issues, pull requests, comments, discussions, etc.) from users with **push access** to the repository. This protects agentic workflows from processing potentially malicious or misleading content from untrusted users.
+
+> [!TIP]
+> **Automatic Protection**: GitHub lockdown mode is **automatically enabled** for public repositories. This provides secure defaults without manual configuration.
+
+## Security Benefits
+
+GitHub lockdown mode protects against several attack vectors:
+
+### Input Manipulation
+
+Without lockdown, an attacker could:
+
+1. Create an issue with malicious code snippets or links
+2. Trigger an agentic workflow (e.g., issue triage, planning assistant)
+3. Attempt to hijack the workflow through prompt-injection
+
+**With lockdown**: Only trusted contributors' issues are visible to workflows.
+
+### Context Poisoning
+
+Attackers could flood public repositories with spam issues to:
+- Overwhelm the AI context window with noise
+- Manipulate AI decisions through volume of malicious suggestions
+- Exhaust rate limits or credits
+
+**With lockdown**: Only legitimate contributor content consumes workflow resources.
+
+### Social Engineering
+
+Malicious users could craft issues that:
+- Impersonate maintainers
+- Request sensitive information
+- Trick AI into revealing secrets or internal data
+
+**With lockdown**: Only verified contributors can interact with workflows.
+
+## Configuration
+
+### Automatic Mode (Recommended)
+
+Lockdown is automatically determined based on repository visibility:
+
+```yaml wrap
+tools:
+ github:
+ mode: remote
+ toolsets: [repos, issues, pull_requests]
+ # Lockdown automatically enabled for public repos
+ # Automatically disabled for private/internal repos
+```
+
+### Manual Override
+
+Explicitly enable or disable lockdown for specific workflows:
+
+```yaml wrap
+tools:
+ github:
+ lockdown: true # Force enable (use in public repos to ensure protection)
+ # or
+ lockdown: false # Explicitly disable (see "When to Disable" below)
+```
+
+> [!WARNING]
+> **Security Consideration**: Setting `lockdown: false` in public repositories allows workflows to process content from any GitHub user. Only use this for workflows specifically designed to handle untrusted input safely.
+
+## When to Disable Lockdown
+
+Some workflows are **designed** to process content from all users and include appropriate safety controls. Safe use cases for `lockdown: false` in public repositories:
+
+- **Issue Triage**: Workflows that label, categorize, or route issues from all users
+- **Issue Organization**: Workflows that add issues to projects or milestones based on labels or content
+- **Issue Planning**: Workflows that estimate complexity, suggest related issues, or draft implementation plans based on issue content
+- **Spam Detection**: Workflows that identify and flag spam issues or comments
+- **Public Dashboards**: Workflows that generate public reports or metrics based on all repository activity
+- **Command Workflows**: Workflows that respond to specific commands in issue comments (e.g., `/plan`, `/analyze`) and verify user permissions before taking action
+
+## Related Documentation
+
+- [GitHub Tokens](/gh-aw/reference/tokens/) - Token configuration and security
+- [Tools](/gh-aw/reference/tools/) - GitHub tools configuration
+- [Safe Outputs](/gh-aw/reference/safe-outputs/) - Write operation controls
+- [Permissions](/gh-aw/reference/permissions/) - GitHub Actions permissions
+- [FAQ: Lockdown Mode](/gh-aw/reference/faq/#what-is-github-lockdown-mode-and-when-is-it-enabled) - Common questions
+- [Troubleshooting: Access Issues](/gh-aw/troubleshooting/common-issues/#github-lockdown-mode-blocking-expected-content) - Resolving access problems
+- [GitHub MCP Server Documentation](https://github.com/github/github-mcp-server/blob/main/docs/server-configuration.md#lockdown-mode) - Upstream reference
diff --git a/docs/src/content/docs/reference/tools.md b/docs/src/content/docs/reference/tools.md
index a51eba18b73..4a3c8b626d4 100644
--- a/docs/src/content/docs/reference/tools.md
+++ b/docs/src/content/docs/reference/tools.md
@@ -109,21 +109,13 @@ Setup: `gh aw secrets set GH_AW_GITHUB_TOKEN --value ""`
**Read-Only**: Default behavior; restricts to read operations unless write operations configured.
-**Lockdown**: Automatically determined based on repository visibility when using a custom token (`GH_AW_GITHUB_MCP_SERVER_TOKEN`). Filters public repository content to items from users with push access. Private repositories are unaffected.
-
-- **Automatic (default)**: When `GH_AW_GITHUB_MCP_SERVER_TOKEN` is defined, lockdown is automatically enabled for public repositories and disabled for private/internal repositories
-- **Manual override**: Explicitly set `lockdown: true` or `lockdown: false` to override automatic determination
+**Lockdown Mode**: Security feature that filters public repository content to only show issues, PRs, and comments from users with push access. Automatically enabled for public repositories when using custom tokens. See [Lockdown Mode](/gh-aw/reference/lockdown-mode/) for complete documentation.
```yaml wrap
tools:
github:
- # Option 1: Automatic (recommended) - determined at runtime
- # Lockdown automatically enabled for public repos when GH_AW_GITHUB_MCP_SERVER_TOKEN is set
-
- # Option 2: Explicit override
- lockdown: true # Force enable
- # or
- lockdown: false # Explicitly disable (use with caution in public repos)
+ lockdown: true # Force enable (automatic for public repos)
+ lockdown: false # Disable (for workflows processing all user input)
```
See [GitHub Tokens](/gh-aw/reference/tokens/) for security implications and authentication options.
diff --git a/docs/src/content/docs/troubleshooting/common-issues.md b/docs/src/content/docs/troubleshooting/common-issues.md
index 0606d5f229d..81514a5cf89 100644
--- a/docs/src/content/docs/troubleshooting/common-issues.md
+++ b/docs/src/content/docs/troubleshooting/common-issues.md
@@ -322,6 +322,56 @@ tools:
key: memory-${{ github.workflow }}-${{ github.run_id }}
```
+## GitHub Lockdown Mode Blocking Expected Content
+
+**GitHub lockdown mode** filters public repository content to only show items from users with push access. This protects workflows from untrusted input but can block legitimate use cases.
+
+### Symptoms
+
+- Workflow cannot see newly created issues or pull requests
+- Comments from external contributors are invisible
+- Status reports missing recent activity
+- Triage workflows not processing community contributions
+
+### Cause
+
+GitHub lockdown mode is automatically enabled by default for public repositories. The workflow only sees content from users with push, maintain, or admin access.
+
+This means that, by default, your workflow will not see issues, PRs, or comments from external contributors in a public repository. This is a security measure to prevent untrusted input from influencing the workflow, but it can interfere with workflows that need to process community contributions.
+
+### Solution
+
+Evaluate if your workflow needs to process content from all users:
+
+**Option 1: Keep Lockdown Enabled (Recommended for most workflows)**
+
+If your workflow performs sensitive operations (code generation, repository updates, web access), keep lockdown enabled. Consider alternative approaches:
+
+- Use separate workflows: One with lockdown for sensitive operations, another without for public processing
+- Manual triggers: Let maintainers trigger workflows after reviewing external content
+- Approval workflows: Create a two-stage workflow where maintainers approve content before processing
+
+**Option 2: Disable Lockdown (For Safe Public Workflows)**
+
+If your workflow is **specifically designed** to handle untrusted input safely, disable lockdown:
+
+```yaml wrap
+tools:
+ github:
+ lockdown: false
+```
+
+**Only use `lockdown: false` if your workflow**:
+
+- Uses restrictive safe outputs with specific allowed values
+- Doesn't generate code or create pull requests
+- Validates/sanitizes all input before processing
+- Does not access secrets or perform sensitive operations
+
+**Safe use cases**: Issue triage/labeling, spam detection, public dashboards, command workflows that verify permissions.
+
+See [Lockdown Mode](/gh-aw/reference/lockdown-mode/) for complete configuration guidance and security considerations.
+
## Workflow Failures and Debugging
### Why Did My Workflow Fail?
diff --git a/pkg/workflow/github_lockdown_autodetect_test.go b/pkg/workflow/github_lockdown_autodetect_test.go
index c201f849470..c60769580e5 100644
--- a/pkg/workflow/github_lockdown_autodetect_test.go
+++ b/pkg/workflow/github_lockdown_autodetect_test.go
@@ -37,8 +37,8 @@ Test automatic lockdown determination.
`,
expectedDetectStep: true,
expectedLockdown: "auto",
- expectIfCondition: true,
- description: "When lockdown is not specified, determination step should be added with if condition",
+ expectIfCondition: false,
+ description: "When lockdown is not specified, determination step should be added",
},
{
name: "No auto-determination when lockdown explicitly set to true",
@@ -99,7 +99,7 @@ Test auto-determination with remote GitHub MCP.
`,
expectedDetectStep: true,
expectedLockdown: "auto",
- expectIfCondition: true,
+ expectIfCondition: false,
description: "Auto-determination should work with remote mode",
},
}
@@ -142,16 +142,6 @@ Test auto-determination with remote GitHub MCP.
t.Errorf("%s: Detection step presence = %v, want %v", tt.description, detectStepPresent, tt.expectedDetectStep)
}
- // Check if the step has the if condition when expected
- if tt.expectIfCondition && detectStepPresent {
- if !strings.Contains(yaml, "TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}") {
- t.Errorf("%s: Expected env var for GH_AW_GITHUB_MCP_SERVER_TOKEN", tt.description)
- }
- if !strings.Contains(yaml, "if: env.TOKEN_CHECK != ''") {
- t.Errorf("%s: Expected if condition checking TOKEN_CHECK env var", tt.description)
- }
- }
-
// Check lockdown configuration based on expected value
switch tt.expectedLockdown {
case "auto":
@@ -226,14 +216,6 @@ Test automatic lockdown determination with Claude.
t.Error("Determination step should be present for Claude engine")
}
- // Check if the step has the if condition
- if !strings.Contains(yaml, "TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}") {
- t.Error("Expected env var for GH_AW_GITHUB_MCP_SERVER_TOKEN in determination step")
- }
- if !strings.Contains(yaml, "if: env.TOKEN_CHECK != ''") {
- t.Error("Expected if condition checking TOKEN_CHECK env var in determination step")
- }
-
// Check if lockdown uses step output expression
if !strings.Contains(yaml, "steps.determine-automatic-lockdown.outputs.lockdown") {
t.Error("Expected lockdown to use step output expression for Claude engine")
diff --git a/pkg/workflow/mcp_github_config.go b/pkg/workflow/mcp_github_config.go
index 6c24156fc11..8d4906f798b 100644
--- a/pkg/workflow/mcp_github_config.go
+++ b/pkg/workflow/mcp_github_config.go
@@ -23,7 +23,7 @@
//
// Security features:
// - Read-only mode: Prevents write operations (default: true)
-// - Lockdown mode: Restricts access to current repository only
+// - GitHub lockdown mode: Restricts access to current repository only
// - Automatic lockdown: Enables lockdown for private repositories
// - Allowed tools: Restricts available GitHub API operations
//
@@ -261,7 +261,7 @@ func getGitHubDockerImageVersion(githubTool any) string {
// for GitHub MCP server based on repository visibility. This step is added when:
// - GitHub tool is enabled AND
// - lockdown field is not explicitly specified in the workflow configuration
-// The step includes a runtime condition that only executes if GH_AW_GITHUB_MCP_SERVER_TOKEN is defined
+// The step always runs to determine lockdown mode based on repository visibility
func (c *Compiler) generateGitHubMCPLockdownDetectionStep(yaml *strings.Builder, data *WorkflowData) {
// Check if GitHub tool is present
githubTool, hasGitHub := data.Tools["github"]
@@ -289,12 +289,8 @@ func (c *Compiler) generateGitHubMCPLockdownDetectionStep(yaml *strings.Builder,
}
// Generate the step using the determine_automatic_lockdown.cjs action
- // The step only runs if GH_AW_GITHUB_MCP_SERVER_TOKEN secret is defined
yaml.WriteString(" - name: Determine automatic lockdown mode for GitHub MCP server\n")
yaml.WriteString(" id: determine-automatic-lockdown\n")
- yaml.WriteString(" env:\n")
- yaml.WriteString(" TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}\n")
- yaml.WriteString(" if: env.TOKEN_CHECK != ''\n")
fmt.Fprintf(yaml, " uses: %s\n", pinnedAction)
yaml.WriteString(" with:\n")
yaml.WriteString(" script: |\n")
diff --git a/pkg/workflow/mcp_renderer.go b/pkg/workflow/mcp_renderer.go
index d74bb15adfc..ced9fdfb98b 100644
--- a/pkg/workflow/mcp_renderer.go
+++ b/pkg/workflow/mcp_renderer.go
@@ -743,7 +743,7 @@ func RenderGitHubMCPDockerConfig(yaml *strings.Builder, options GitHubMCPDockerO
envVars["GITHUB_READ_ONLY"] = "1"
}
- // Lockdown mode
+ // GitHub lockdown mode
if options.LockdownFromStep {
// Security: Use environment variable instead of template expression to prevent template injection
// The GITHUB_MCP_LOCKDOWN env var is set in Start MCP gateway step from step output