Replace automatic lockdown with automatic guard policy for public and private repositories

[Copilot]

The determine_automatic_lockdown.cjs runtime check previously auto-emitted lockdown=true for public repos. This switches it to instead auto-configure min_integrity and repos guard policy fields on the GitHub MCP server for all repositories, and stops emitting the lockdown field automatically.

Behavior changes

determine_automatic_lockdown.cjs

• For public repos: outputs min_integrity=approved if not already configured; outputs repos=all if not already configured
• For private/internal repos: outputs min_integrity=none if not already configured; outputs repos=all if not already configured
• Always emits min_integrity and repos outputs so the guard-policies block in the GitHub MCP config is never populated with empty values
• Pre-configured values are always passed through via setOutput (never overridden)
• No longer emits lockdown output
• Configured values are passed via GH_AW_GITHUB_MIN_INTEGRITY / GH_AW_GITHUB_REPOS env vars (set at compile time from tools.github guard policy config), so the step won't override explicit configuration
• Writes a step summary table showing the resolved repos and min-integrity values, with a Source column indicating whether each came from the workflow config or was automatically applied (automatic (public repo) / automatic (private repo))

Step generation condition (mcp_github_config.go)

• Step is now skipped when guard policy is fully configured (both repos + min-integrity set), rather than when lockdown is explicitly set

MCP config rendering (mcp_renderer_github.go, mcp_environment.go)

• Replaces GITHUB_MCP_LOCKDOWN → GITHUB_MCP_GUARD_MIN_INTEGRITY + GITHUB_MCP_GUARD_REPOS env vars sourced from step outputs
• When step is active, guard-policies section is rendered with bash variable refs that resolve at runtime:

"guard-policies": {
  "allow-only": {
    "min-integrity": "$GITHUB_MCP_GUARD_MIN_INTEGRITY",
    "repos": "$GITHUB_MCP_GUARD_REPOS"
  }
}

For private repos, min-integrity resolves to none and repos to all, ensuring a valid (permissive) guard policy is always applied. Explicit lockdown: true in workflow config continues to work unchanged.

Original prompt

Update the runtime check for public repositories to enable lockdown.

There is a JavaScript file called detects-lockdown (or similar) where this check currently runs for public repositories. Keep using the same condition for detecting public repos, but change the behavior as follows:

• , check whether it has min_integrity configured on the GitHub MCP server.
• If min_integrity is not configured, automatically set mi_integrity to approved on the GitHub MCP server.
• If repos is not configured, automatically set repos to all.
• Do not emit the lockdown field automatically anymore.

---

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

[github-actions]

Hey @pelikhan 👋 — thanks for kicking off this work on the lockdown autodetect refactor! Changing the public-repo branch of determine_automatic_lockdown.cjs to emit min_integrity/repos instead of lockdown — and threading those values through mcp_github_config.go, mcp_environment.go, and the renderer stack — is a well-scoped, impactful change.

Right now, though, the PR is still in pure planning state: the only commit is "Initial plan" with zero file changes and all 10 checklist items remain unchecked. Here's what needs to happen before this is ready for review:

• Complete all checklist items — the implementation across the six source files hasn't started yet.
• Add/update tests — both determine_automatic_lockdown.test.cjs (Vitest) and github_lockdown_autodetect_test.go (Go table-driven tests in pkg/workflow/) need to cover the new min_integrity/repos output paths and the removed lockdown emission.
• Run make agent-finish — required before the PR is ready for review; this runs build, test, lint, recompile, fmt, and lint-errors.

If you'd like to hand this off to a coding agent, here's a ready-to-use prompt:

Implement the lockdown autodetect refactor described in PR #21287.

Work through each checklist item in the PR body:

1. **`actions/setup/js/determine_automatic_lockdown.cjs`** — for public repos, output `min_integrity` (value: `approved`) and `repos` (value: `all`) as step outputs instead of emitting `lockdown`. Keep the same condition for detecting public repos.

2. **`pkg/workflow/mcp_github_config.go`** — in `generateGitHubMCPLockdownDetectionStep()`, pass the configured guard policy values (min_integrity, repos) as env vars to the step; update the skip condition accordingly.

3. **`pkg/workflow/mcp_environment.go`** — reference the new step outputs (`min_integrity`, `repos`) instead of `lockdown` when collecting MCP environment variables.

4. **`pkg/workflow/mcp_renderer_types.go`** — add a `GuardPoliciesFromStep` field to the relevant options structs.

5. **`pkg/workflow/mcp_renderer_github.go`** — render guard policies using env var refs when the autodetect step is used; remove the auto-lockdown rendering path.

6. **`pkg/workflow/mcp_setup_generator.go`** — pass the new guard policy env vars (`min_integrity`, `repos`) to the gateway container setup.

7. **`actions/setup/js/determine_automatic_lockdown.test.cjs`** — update Vitest tests to cover the new output paths.

8. **`pkg/workflow/github_lockdown_autodetect_test.go`** — update Go table-driven tests to reflect the new step output field names.

9. Run `make recompile` to regenerate lock files.

10. Run `make agent-finish` and fix any failures before marking the PR ready for review.

Generated by Contribution Check · ◷

[pelikhan]

@copilot render resolved repos/min-integrity to the step summary.

[Copilot]

Done in 5646c57. The step now writes a summary table with the resolved repos and min-integrity values, showing whether each came from the workflow config or was automatically set for a public repository:

Field	Value	Source
min-integrity	approved	automatic (public repo)
repos	all	automatic (public repo)

[Copilot]

Pull request overview

Updates the GitHub MCP “automatic lockdown” behavior for public repositories to instead auto-apply GitHub MCP guard policy defaults (min-integrity=approved, repos=all) via step outputs and runtime env var wiring, while stopping automatic emission of the lockdown output.

Changes:

• Replace GITHUB_MCP_LOCKDOWN plumbing with GITHUB_MCP_GUARD_MIN_INTEGRITY / GITHUB_MCP_GUARD_REPOS env vars sourced from the determine step.
• Render GitHub MCP guard-policies.allow-only in generated MCP configs using runtime-resolved env var references.
• Update wasm golden fixtures, Codex MCP config rendering test expectations, and regenerate many workflow lockfiles accordingly.

Reviewed changes

Copilot reviewed 184 out of 184 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden	Updates golden output to use guard policy env vars and render guard-policies instead of lockdown.
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden	Updates golden output to use guard policy env vars and render guard-policies instead of lockdown.
pkg/workflow/mcp_setup_generator.go	Passes guard policy env vars into MCP gateway container environment passthrough list.
pkg/workflow/mcp_renderer_types.go	Extends GitHub MCP renderer option structs with GuardPoliciesFromStep.
pkg/workflow/mcp_environment.go	Collects new guard policy env vars from determine-step outputs when applicable.
pkg/workflow/codex_engine_test.go	Updates expected rendered MCP config to include guard-policies section in JSON gateway config.
.github/workflows/video-analyzer.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/typist.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/tidy.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/test-workflow.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/test-project-url-default.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/test-dispatcher.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/test-create-pr-error-handling.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/terminal-stylist.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/super-linter.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/step-name-alignment.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/static-analysis-report.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/smoke-call-workflow.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/sergo.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/semantic-function-refactor.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/security-review.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/security-compliance.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/schema-consistency-checker.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/safe-output-health.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/repo-tree-map.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/release.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/q.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/prompt-clustering-analysis.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/pdf-summary.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/metrics-collector.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/mergefest.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/lockfile-stats.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/layout-spec-maintainer.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/jsweep.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/instructions-janitor.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/gpclean.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/go-pattern-detector.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/go-fan.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/github-mcp-tools-report.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/github-mcp-structural-analysis.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/firewall.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/example-workflow-analyzer.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/example-permissions-warning.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/duplicate-code-detector.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/dev.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/dev-hawk.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/delight.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/deep-report.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/daily-security-red-team.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/daily-safe-outputs-conformance.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/daily-function-namer.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/daily-fact.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/daily-code-metrics.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/daily-choice-test.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/craft.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/copilot-session-insights.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/copilot-agent-analysis.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/commit-changes-analyzer.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/codex-github-remote-mcp-test.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/cloclo.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/cli-version-checker.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/changeset.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/blog-auditor.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/audit-workflows.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/artifacts-summary.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/archie.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/ai-moderator.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.
.github/workflows/ace-editor.lock.yml	Replaces lockdown env/header wiring with guard policy env vars and guard-policies config.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[pelikhan]

@copilot apply comment and use repos: all and min-integrity: none for private repos.

[Copilot]

@copilot apply comment and use repos: all and min-integrity: none for private repos.

Done in 34f5df7. Private/internal repositories now always emit min_integrity=none and repos=all (as defaults), so the guard-policies block is never populated with empty values. Pre-configured values are always passed through via setOutput in both cases. The step summary also shows the correct source label (automatic (private repo) vs automatic (public repo)).

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	4.52.4
curl	✅	8.5.0
gh	✅	2.87.3
node	✅	20.20.1
python3	✅	3.12.3
go	✅	1.24.13
java	✅	21.0.10
dotnet	✅	10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test · ◷

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤