Skip to content

docs: document automatic minimum-integrity-approved guard policy for public repos#21298

Merged
pelikhan merged 2 commits intomainfrom
copilot/update-lockdown-documentation
Mar 16, 2026
Merged

docs: document automatic minimum-integrity-approved guard policy for public repos#21298
pelikhan merged 2 commits intomainfrom
copilot/update-lockdown-documentation

Conversation

Copy link
Contributor

Copilot AI commented Mar 16, 2026
edited
Loading

Public repositories using GitHub MCP without explicit lockdown or min-integrity configuration now automatically receive min-integrity: approved at runtime — but this behavior was undocumented.

Changes

  • reference/lockdown-mode.md: Added "Automatic Minimum-Integrity Protection" section covering the new default, which repos it applies to, exclusions (explicit config, GitHub App token), and how to opt out.

  • reference/github-tools.md: Added callout in the Guard Policies section noting the automatic behavior for public repos with a link to the new section.

  • reference/faq.md: Extended the lockdown FAQ answer to distinguish between traditional lockdown mode (requires custom token) and the new automatic min-integrity: approved (no additional auth needed).

Key behavior documented

Repository visibility Explicit config? Applied guard policy
Public No min-integrity: approved (automatic)
Public Yes Explicit value (no override)
Private/Internal No min-integrity: none
Any GitHub App token No automatic policy

To disable the automatic guard policy on a public repo workflow that intentionally processes all user input:

tools:
  github:
    min-integrity: none

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • telemetry.astro.build
    • Triggering command: /opt/hostedtoolcache/node/24.14.0/x64/bin/node node /home/REDACTED/work/gh-aw/gh-aw/docs/node_modules/.bin/astro build (dns block)
    • Triggering command: /opt/hostedtoolcache/node/24.14.0/x64/bin/node node /home/REDACTED/work/gh-aw/gh-aw/docs/node_modules/.bin/astro build tion instructio (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Update the automatic lockdown documentation to describe the new behavior:

For public repositories where the GitHub MCP server is not configured with lockdown or minimum-integrity, we automatically apply minimum-integrity-approved so that the guardrail is installed.

Custom agent used: technical-doc-writer
AI technical documentation writer for GitHub Actions library using GitHub Docs voice

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

@pelikhan
docs: update automatic lockdown docs with min-integrity-approved beha…
adf5454 
…vior for public repos

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update automatic lockdown documentation for public repositories docs: document automatic minimum-integrity-approved guard policy for public repos Mar 16, 2026
Copilot AI requested a review from pelikhan March 16, 2026 22:49
@pelikhan pelikhan marked this pull request as ready for review March 16, 2026 22:53
Copilot AI review requested due to automatic review settings March 16, 2026 22:53
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Documents the new runtime default guard behavior where public repositories using the GitHub MCP server receive an automatic min-integrity: approved policy when no explicit lockdown/min-integrity is configured.

Changes:

  • Added an “Automatic Minimum-Integrity Protection” section explaining when min-integrity: approved is auto-applied and how to override it.
  • Added a guard policy callout in the GitHub tools reference linking to the new lockdown-mode documentation.
  • Updated the lockdown-mode FAQ to distinguish automatic min-integrity: approved behavior from traditional lockdown mode behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
docs/src/content/docs/reference/lockdown-mode.md Adds primary documentation for the automatic min-integrity: approved default and opt-out guidance.
docs/src/content/docs/reference/github-tools.md Adds a guard policy note pointing readers to the new automatic behavior documentation.
docs/src/content/docs/reference/faq.md Extends the FAQ answer to mention the new automatic min-integrity: approved behavior.
docs/src/content/docs/agent-factory-status.mdx Updates the agent factory workflow list (Smoke Agent entries and removal of a removed workflow).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

docs/src/content/docs/reference/lockdown-mode.md

The automatic guard policy does **not** apply when:
- An explicit `lockdown` or `min-integrity` value is set in the workflow frontmatter.
- A GitHub App token is configured (`tools.github.app`).
docs/src/content/docs/reference/github-tools.md

Restrict which repositories and integrity levels the GitHub MCP server can access during agent execution. Guard policies apply fine-grained access control at the MCP gateway level.

For **public repositories** without explicit guard policy configuration, `min-integrity: approved` is applied automatically at runtime, ensuring content is filtered to owners, members, and collaborators even without additional authentication. See [Automatic Minimum-Integrity Protection](/gh-aw/reference/lockdown-mode/#automatic-minimum-integrity-protection) for details.
docs/src/content/docs/reference/faq.md
Comment on lines 206 to +208
Lockdown mode is **automatically enabled** for public repositories if [Additional Authentication for GitHub Tools](/gh-aw/reference/github-tools/#additional-authentication-for-github-tools) is configured. It is not in effect for private or internal repositories.

In addition, for **public repositories** where the GitHub MCP server is not explicitly configured with `lockdown` or `min-integrity`, `min-integrity: approved` is automatically applied at runtime. This provides equivalent protection — restricting content to owners, members, and collaborators — even without additional authentication.
docs/src/content/docs/reference/lockdown-mode.md
Comment on lines +15 to +16
For **public repositories** where the GitHub MCP server is configured **without** explicit `lockdown` or `min-integrity` guard policy settings, `min-integrity: approved` is automatically applied at runtime. This ensures the guardrail is always in place — even when additional authentication has not been configured.

@pelikhan pelikhan merged commit 2b74d96 into main Mar 16, 2026
64 checks passed
@pelikhan pelikhan deleted the copilot/update-lockdown-documentation branch March 16, 2026 23:03
@github-actions github-actions bot mentioned this pull request Mar 17, 2026
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan