From acac0a64f2916a7c73c6b878b90f80b722b664de Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 15 Mar 2026 04:26:39 +0000 Subject: [PATCH] docs: document GHES audit auto-detection and write-sink guard policy expansion - cli.md: note that gh aw audit and add-wizard auto-detect the GHES host from the git remote (from #20973), so GH_HOST is not required manually - github-tools.md: update Safe Outputs Integration section to reflect that write-sink guard policies are now derived for ALL non-GitHub MCP servers (playwright, serena, mcp-scripts, agentic-workflows, web-fetch, custom tools), not only safe-outputs (from #21005) Co-Authored-By: Claude Sonnet 4.6 --- docs/src/content/docs/reference/github-tools.md | 12 +++++++----- docs/src/content/docs/setup/cli.md | 2 ++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/docs/src/content/docs/reference/github-tools.md b/docs/src/content/docs/reference/github-tools.md index 5ce1e8788f..cacd810147 100644 --- a/docs/src/content/docs/reference/github-tools.md +++ b/docs/src/content/docs/reference/github-tools.md @@ -144,17 +144,19 @@ tools: min-integrity: approved ``` -### Safe Outputs Integration +### Non-GitHub MCP Server Integration -When you configure `repos` in the GitHub guard policy, the compiler automatically derives a linked guard-policy for the [safe outputs](/gh-aw/reference/safe-outputs/) MCP server: +When you configure `repos` in the GitHub guard policy, the compiler automatically derives a linked write-sink guard-policy for **all non-GitHub MCP servers** — including [safe outputs](/gh-aw/reference/safe-outputs/), playwright, serena, mcp-scripts, agentic-workflows, web-fetch, and any custom tools. This ensures that as guard policies are applied to GitHub inputs, the corresponding write operations to non-GitHub servers are permitted. -- **`repos: "all"` or `repos: "public"`**: Creates a write-sink policy with `accept: ["*"]` to allow all safe output operations -- **`repos: [patterns]`**: Each entry in the `repos` list is transformed and added as an accept entry in the safeoutputs policy: +The transformation rules are: + +- **`repos: "all"` or `repos: "public"`**: Creates a write-sink policy with `accept: ["*"]` to allow all write operations +- **`repos: [patterns]`**: Each entry is transformed and added as an accept entry: - `"owner/*"` → `"private:owner"` (owner wildcard → strip wildcard) - `"owner/prefix*"` → `"private:owner/prefix*"` (prefix wildcard → keep as-is) - `"owner/repo"` → `"private:owner/repo"` (specific repo → keep as-is) -This derivation happens at compile time and requires no additional configuration, allowing the MCP gateway to read repository data through the GitHub tools and still write outputs via safeoutputs. +This derivation happens at compile time and requires no additional configuration, allowing the MCP gateway to read repository data through the GitHub tools and write outputs to any configured non-GitHub MCP server. ```yaml wrap tools: diff --git a/docs/src/content/docs/setup/cli.md b/docs/src/content/docs/setup/cli.md index e49abbe536..5b420f69dc 100644 --- a/docs/src/content/docs/setup/cli.md +++ b/docs/src/content/docs/setup/cli.md @@ -77,6 +77,8 @@ gh aw logs workflow --repo github.enterprise.com/owner/repo # Use with comm Commands that support `--create-pull-request` (such as `gh aw add`, `gh aw add-wizard`, `gh aw init`, `gh aw update`, and `gh aw upgrade`) automatically detect the enterprise host from the git remote and route PR creation to the correct GHES instance. No extra flags are needed. +`gh aw audit` and `gh aw add-wizard` also auto-detect the GHES host from the git remote, so running them inside a GHES repository works without setting `GH_HOST` manually. + #### Configuring `gh` CLI in workflow steps on GHES When agentic workflows run on GitHub Enterprise Server and use custom `steps:` that invoke `gh` CLI commands, source the bundled helper script to configure `gh` for the enterprise host: