github · pelikhan · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026
diff --git a/docs/src/content/docs/agent-factory-status.mdx b/docs/src/content/docs/agent-factory-status.mdx
@@ -28,7 +28,6 @@ These are experimental agentic workflows used by the GitHub Next team to learn,
 | [Brave Web Search Agent](https://github.com/github/gh-aw/blob/main/.github/workflows/brave.md) | copilot | [![Brave Web Search Agent](https://github.com/github/gh-aw/actions/workflows/brave.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/brave.lock.yml) | - | `/brave` |
 | [Breaking Change Checker](https://github.com/github/gh-aw/blob/main/.github/workflows/breaking-change-checker.md) | copilot | [![Breaking Change Checker](https://github.com/github/gh-aw/actions/workflows/breaking-change-checker.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/breaking-change-checker.lock.yml) | - | - |
 | [Changeset Generator](https://github.com/github/gh-aw/blob/main/.github/workflows/changeset.md) | codex | [![Changeset Generator](https://github.com/github/gh-aw/actions/workflows/changeset.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/changeset.lock.yml) | - | - |
-| [Chroma Issue Indexer](https://github.com/github/gh-aw/blob/main/.github/workflows/chroma-issue-indexer.md) | copilot | [![Chroma Issue Indexer](https://github.com/github/gh-aw/actions/workflows/chroma-issue-indexer.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/chroma-issue-indexer.lock.yml) | `0 */4 * * *` | - |
 | [CI Cleaner](https://github.com/github/gh-aw/blob/main/.github/workflows/hourly-ci-cleaner.md) | copilot | [![CI Cleaner](https://github.com/github/gh-aw/actions/workflows/hourly-ci-cleaner.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/hourly-ci-cleaner.lock.yml) | `0 6,18 * * *` | - |
 | [CI Failure Doctor](https://github.com/github/gh-aw/blob/main/.github/workflows/ci-doctor.md) | copilot | [![CI Failure Doctor](https://github.com/github/gh-aw/actions/workflows/ci-doctor.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/ci-doctor.lock.yml) | - | - |
 | [CI Optimization Coach](https://github.com/github/gh-aw/blob/main/.github/workflows/ci-coach.md) | copilot | [![CI Optimization Coach](https://github.com/github/gh-aw/actions/workflows/ci-coach.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/ci-coach.lock.yml) | `0 13 * * 1-5` | - |
@@ -139,7 +138,12 @@ These are experimental agentic workflows used by the GitHub Next team to learn,
 | [Semantic Function Refactoring](https://github.com/github/gh-aw/blob/main/.github/workflows/semantic-function-refactor.md) | claude | [![Semantic Function Refactoring](https://github.com/github/gh-aw/actions/workflows/semantic-function-refactor.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/semantic-function-refactor.lock.yml) | - | - |
 | [Sergo - Serena Go Expert](https://github.com/github/gh-aw/blob/main/.github/workflows/sergo.md) | claude | [![Sergo - Serena Go Expert](https://github.com/github/gh-aw/actions/workflows/sergo.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/sergo.lock.yml) | - | - |
 | [Slide Deck Maintainer](https://github.com/github/gh-aw/blob/main/.github/workflows/slide-deck-maintainer.md) | copilot | [![Slide Deck Maintainer](https://github.com/github/gh-aw/actions/workflows/slide-deck-maintainer.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/slide-deck-maintainer.lock.yml) | `0 16 * * 1-5` | - |
-| [Smoke Agent](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent.md) | codex | [![Smoke Agent](https://github.com/github/gh-aw/actions/workflows/smoke-agent.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent.lock.yml) | - | - |
+| [Smoke Agent: all/merged](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-all-merged.md) | codex | [![Smoke Agent: all/merged](https://github.com/github/gh-aw/actions/workflows/smoke-agent-all-merged.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-all-merged.lock.yml) | - | - |
+| [Smoke Agent: all/none](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-all-none.md) | codex | [![Smoke Agent: all/none](https://github.com/github/gh-aw/actions/workflows/smoke-agent-all-none.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-all-none.lock.yml) | - | - |
+| [Smoke Agent: public/approved](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-public-approved.md) | codex | [![Smoke Agent: public/approved](https://github.com/github/gh-aw/actions/workflows/smoke-agent-public-approved.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-public-approved.lock.yml) | - | - |
+| [Smoke Agent: public/none](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-public-none.md) | codex | [![Smoke Agent: public/none](https://github.com/github/gh-aw/actions/workflows/smoke-agent-public-none.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-public-none.lock.yml) | - | - |
+| [Smoke Agent: scoped/approved](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-agent-scoped-approved.md) | codex | [![Smoke Agent: scoped/approved](https://github.com/github/gh-aw/actions/workflows/smoke-agent-scoped-approved.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-agent-scoped-approved.lock.yml) | - | - |
+| [Smoke Call Workflow](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-call-workflow.md) | codex | [![Smoke Call Workflow](https://github.com/github/gh-aw/actions/workflows/smoke-call-workflow.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-call-workflow.lock.yml) | - | - |
 | [Smoke Claude](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-claude.md) | claude | [![Smoke Claude](https://github.com/github/gh-aw/actions/workflows/smoke-claude.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-claude.lock.yml) | - | - |
 | [Smoke Codex](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-codex.md) | codex | [![Smoke Codex](https://github.com/github/gh-aw/actions/workflows/smoke-codex.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-codex.lock.yml) | - | - |
 | [Smoke Copilot](https://github.com/github/gh-aw/blob/main/.github/workflows/smoke-copilot.md) | copilot | [![Smoke Copilot](https://github.com/github/gh-aw/actions/workflows/smoke-copilot.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/smoke-copilot.lock.yml) | - | - |

diff --git a/docs/src/content/docs/reference/faq.md b/docs/src/content/docs/reference/faq.md
@@ -205,6 +205,8 @@ See [Network Permissions](/gh-aw/reference/network/) for complete configuration
 
 Lockdown mode is **automatically enabled** for public repositories if [Additional Authentication for GitHub Tools](/gh-aw/reference/github-tools/#additional-authentication-for-github-tools) is configured. It is not in effect for private or internal repositories.
 
+In addition, for **public repositories** where the GitHub MCP server is not explicitly configured with `lockdown` or `min-integrity`, `min-integrity: approved` is automatically applied at runtime. This provides equivalent protection — restricting content to owners, members, and collaborators — even without additional authentication.
+
 ## Configuration & Setup
 
 ### What is a workflow lock file?

diff --git a/docs/src/content/docs/reference/github-tools.md b/docs/src/content/docs/reference/github-tools.md
@@ -63,6 +63,8 @@ Guard policy fields (`repos` and `min-integrity`) are experimental and may chang
 
 Restrict which repositories and integrity levels the GitHub MCP server can access during agent execution. Guard policies apply fine-grained access control at the MCP gateway level.
 
+For **public repositories** without explicit guard policy configuration, `min-integrity: approved` is applied automatically at runtime, ensuring content is filtered to owners, members, and collaborators even without additional authentication. See [Automatic Minimum-Integrity Protection](/gh-aw/reference/lockdown-mode/#automatic-minimum-integrity-protection) for details.
+
 ```yaml wrap
 tools:
   github:

diff --git a/docs/src/content/docs/reference/lockdown-mode.md b/docs/src/content/docs/reference/lockdown-mode.md
@@ -10,6 +10,29 @@ sidebar:
 > [!IMPORTANT]
 > Workflows running on public repositories must be compiled with strict mode enabled. If `strict: false` is set in the frontmatter, the workflow will fail at runtime on public repositories. See [Strict Mode](/gh-aw/reference/frontmatter/#strict-mode-strict) for details.
 
+## Automatic Minimum-Integrity Protection
+
+For **public repositories** where the GitHub MCP server is configured **without** explicit `lockdown` or `min-integrity` guard policy settings, `min-integrity: approved` is automatically applied at runtime. This ensures the guardrail is always in place — even when additional authentication has not been configured.
+
+`min-integrity: approved` restricts content to objects authored by owners, members, and collaborators (users with push access), providing the same level of content filtering as enabling lockdown mode explicitly.
+
+- **Public repositories**: `min-integrity: approved` is applied automatically (same filtering level as explicit lockdown mode).
+- **Private/internal repositories**: No guard policy is applied automatically (`min-integrity: none`).
+
+The automatic guard policy does **not** apply when:
+- An explicit `lockdown` or `min-integrity` value is set in the workflow frontmatter.
+- A GitHub App token is configured (`tools.github.app`).
+
+To override or disable the automatic guard policy, set an explicit value:
+
+```yaml wrap
+tools:
+  github:
+    min-integrity: none  # Disable automatic guard for public repo workflows that process all users
+```
+
+## Lockdown Mode (Content Filter)
+
 To enable lockdown mode for your workflow:
 
 1. **Set `lockdown: true` in your workflow frontmatter**
-Original file line number
+Diff line change
@@ Expand Up @@
     Restrict which repositories and integrity levels the GitHub MCP server can access during agent execution. Guard policies apply fine-grained access control at the MCP gateway level.
+    For **public repositories** without explicit guard policy configuration, `min-integrity: approved` is applied automatically at runtime, ensuring content is filtered to owners, members, and collaborators even without additional authentication. See [Automatic Minimum-Integrity Protection](/gh-aw/reference/lockdown-mode/#automatic-minimum-integrity-protection) for details.
     ```yaml wrap
     tools:
       github:
@@ Expand Down @@