From de26940c4e57e8e1749cccb2686d8c357a607f25 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 16 Mar 2026 22:40:46 +0000 Subject: [PATCH 1/2] Initial plan From adf5454df6fae4599056555405ef0c118971b553 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 16 Mar 2026 22:49:05 +0000 Subject: [PATCH 2/2] docs: update automatic lockdown docs with min-integrity-approved behavior for public repos Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../src/content/docs/agent-factory-status.mdx | 8 +++++-- docs/src/content/docs/reference/faq.md | 2 ++ .../content/docs/reference/github-tools.md | 2 ++ .../content/docs/reference/lockdown-mode.md | 23 +++++++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) diff --git a/docs/src/content/docs/agent-factory-status.mdx b/docs/src/content/docs/agent-factory-status.mdx index af5e5655ce7..a0bcff388ce 100644 --- a/docs/src/content/docs/agent-factory-status.mdx +++ b/docs/src/content/docs/agent-factory-status.mdx @@ -28,7 +28,6 @@ These are experimental agentic workflows used by the GitHub Next team to learn, | [Brave Web Search Agent](https://github.com/github/gh-aw/blob/main/.github/workflows/brave.md) | copilot | [![Brave Web Search Agent](https://github.com/github/gh-aw/actions/workflows/brave.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/brave.lock.yml) | - | `/brave` | | [Breaking Change Checker](https://github.com/github/gh-aw/blob/main/.github/workflows/breaking-change-checker.md) | copilot | [![Breaking Change Checker](https://github.com/github/gh-aw/actions/workflows/breaking-change-checker.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/breaking-change-checker.lock.yml) | - | - | | [Changeset Generator](https://github.com/github/gh-aw/blob/main/.github/workflows/changeset.md) | codex | [![Changeset Generator](https://github.com/github/gh-aw/actions/workflows/changeset.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/changeset.lock.yml) | - | - | -| [Chroma Issue Indexer](https://github.com/github/gh-aw/blob/main/.github/workflows/chroma-issue-indexer.md) | copilot | [![Chroma Issue Indexer](https://github.com/github/gh-aw/actions/workflows/chroma-issue-indexer.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/chroma-issue-indexer.lock.yml) | `0 */4 * * *` | - | | [CI Cleaner](https://github.com/github/gh-aw/blob/main/.github/workflows/hourly-ci-cleaner.md) | copilot | [![CI Cleaner](https://github.com/github/gh-aw/actions/workflows/hourly-ci-cleaner.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/hourly-ci-cleaner.lock.yml) | `0 6,18 * * *` | - | | [CI Failure Doctor](https://github.com/github/gh-aw/blob/main/.github/workflows/ci-doctor.md) | copilot | [![CI Failure Doctor](https://github.com/github/gh-aw/actions/workflows/ci-doctor.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/ci-doctor.lock.yml) | - | - | | [CI Optimization Coach](https://github.com/github/gh-aw/blob/main/.github/workflows/ci-coach.md) | copilot | [![CI Optimization Coach](https://github.com/github/gh-aw/actions/workflows/ci-coach.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/ci-coach.lock.yml) | `0 13 * * 1-5` | - | @@ -139,7 +138,12 @@ These are experimental agentic workflows used by the GitHub Next team to learn, | [Semantic Function Refactoring](https://github.com/github/gh-aw/blob/main/.github/workflows/semantic-function-refactor.md) | claude | [![Semantic Function Refactoring](https://github.com/github/gh-aw/actions/workflows/semantic-function-refactor.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/semantic-function-refactor.lock.yml) | - | - | | [Sergo - Serena Go Expert](https://github.com/github/gh-aw/blob/main/.github/workflows/sergo.md) | claude | [![Sergo - Serena Go Expert](https://github.com/github/gh-aw/actions/workflows/sergo.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/sergo.lock.yml) | - | - | | [Slide Deck Maintainer](https://github.com/github/gh-aw/blob/main/.github/workflows/slide-deck-maintainer.md) | copilot | [![Slide Deck Maintainer](https://github.com/github/gh-aw/actions/workflows/slide-deck-maintainer.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/slide-deck-maintainer.lock.yml) | `0 16 * * 1-5` | - | -| [Smoke Agent](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent.md) | codex | [![Smoke Agent](https://github.com/github/gh-aw/actions/workflows/smoke-agent.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent.lock.yml) | - | - | +| [Smoke Agent: all/merged](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-all-merged.md) | codex | [![Smoke Agent: all/merged](https://github.com/github/gh-aw/actions/workflows/smoke-agent-all-merged.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-all-merged.lock.yml) | - | - | +| [Smoke Agent: all/none](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-all-none.md) | codex | [![Smoke Agent: all/none](https://github.com/github/gh-aw/actions/workflows/smoke-agent-all-none.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-all-none.lock.yml) | - | - | +| [Smoke Agent: public/approved](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-public-approved.md) | codex | [![Smoke Agent: public/approved](https://github.com/github/gh-aw/actions/workflows/smoke-agent-public-approved.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-public-approved.lock.yml) | - | - | +| [Smoke Agent: public/none](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-public-none.md) | codex | [![Smoke Agent: public/none](https://github.com/github/gh-aw/actions/workflows/smoke-agent-public-none.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-public-none.lock.yml) | - | - | +| [Smoke Agent: scoped/approved](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-scoped-approved.md) | codex | [![Smoke Agent: scoped/approved](https://github.com/github/gh-aw/actions/workflows/smoke-agent-scoped-approved.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-scoped-approved.lock.yml) | - | - | +| [Smoke Call Workflow](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-call-workflow.md) | codex | [![Smoke Call Workflow](https://github.com/github/gh-aw/actions/workflows/smoke-call-workflow.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-call-workflow.lock.yml) | - | - | | [Smoke Claude](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-claude.md) | claude | [![Smoke Claude](https://github.com/github/gh-aw/actions/workflows/smoke-claude.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-claude.lock.yml) | - | - | | [Smoke Codex](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-codex.md) | codex | [![Smoke Codex](https://github.com/github/gh-aw/actions/workflows/smoke-codex.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-codex.lock.yml) | - | - | | [Smoke Copilot](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-copilot.md) | copilot | [![Smoke Copilot](https://github.com/github/gh-aw/actions/workflows/smoke-copilot.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-copilot.lock.yml) | - | - | diff --git a/docs/src/content/docs/reference/faq.md b/docs/src/content/docs/reference/faq.md index c599dbc754c..b6a1546a381 100644 --- a/docs/src/content/docs/reference/faq.md +++ b/docs/src/content/docs/reference/faq.md @@ -205,6 +205,8 @@ See [Network Permissions](/gh-aw/reference/network/) for complete configuration Lockdown mode is **automatically enabled** for public repositories if [Additional Authentication for GitHub Tools](/gh-aw/reference/github-tools/#additional-authentication-for-github-tools) is configured. It is not in effect for private or internal repositories. +In addition, for **public repositories** where the GitHub MCP server is not explicitly configured with `lockdown` or `min-integrity`, `min-integrity: approved` is automatically applied at runtime. This provides equivalent protection — restricting content to owners, members, and collaborators — even without additional authentication. + ## Configuration & Setup ### What is a workflow lock file? diff --git a/docs/src/content/docs/reference/github-tools.md b/docs/src/content/docs/reference/github-tools.md index cacd810147d..206af5b4a5d 100644 --- a/docs/src/content/docs/reference/github-tools.md +++ b/docs/src/content/docs/reference/github-tools.md @@ -63,6 +63,8 @@ Guard policy fields (`repos` and `min-integrity`) are experimental and may chang Restrict which repositories and integrity levels the GitHub MCP server can access during agent execution. Guard policies apply fine-grained access control at the MCP gateway level. +For **public repositories** without explicit guard policy configuration, `min-integrity: approved` is applied automatically at runtime, ensuring content is filtered to owners, members, and collaborators even without additional authentication. See [Automatic Minimum-Integrity Protection](/gh-aw/reference/lockdown-mode/#automatic-minimum-integrity-protection) for details. + ```yaml wrap tools: github: diff --git a/docs/src/content/docs/reference/lockdown-mode.md b/docs/src/content/docs/reference/lockdown-mode.md index b6f1a66b494..9f3cb44dd9f 100644 --- a/docs/src/content/docs/reference/lockdown-mode.md +++ b/docs/src/content/docs/reference/lockdown-mode.md @@ -10,6 +10,29 @@ sidebar: > [!IMPORTANT] > Workflows running on public repositories must be compiled with strict mode enabled. If `strict: false` is set in the frontmatter, the workflow will fail at runtime on public repositories. See [Strict Mode](/gh-aw/reference/frontmatter/#strict-mode-strict) for details. +## Automatic Minimum-Integrity Protection + +For **public repositories** where the GitHub MCP server is configured **without** explicit `lockdown` or `min-integrity` guard policy settings, `min-integrity: approved` is automatically applied at runtime. This ensures the guardrail is always in place — even when additional authentication has not been configured. + +`min-integrity: approved` restricts content to objects authored by owners, members, and collaborators (users with push access), providing the same level of content filtering as enabling lockdown mode explicitly. + +- **Public repositories**: `min-integrity: approved` is applied automatically (same filtering level as explicit lockdown mode). +- **Private/internal repositories**: No guard policy is applied automatically (`min-integrity: none`). + +The automatic guard policy does **not** apply when: +- An explicit `lockdown` or `min-integrity` value is set in the workflow frontmatter. +- A GitHub App token is configured (`tools.github.app`). + +To override or disable the automatic guard policy, set an explicit value: + +```yaml wrap +tools: + github: + min-integrity: none # Disable automatic guard for public repo workflows that process all users +``` + +## Lockdown Mode (Content Filter) + To enable lockdown mode for your workflow: 1. **Set `lockdown: true` in your workflow frontmatter**