Remove experimental warning for tools.github guard policy (repos/min-integrity)

docs/src/content/docs/reference/github-tools.md

@@ -57,10 +57,6 @@ tools:
 
 ## Guard Policies
 
-:::caution[Experimental Feature]
-Guard policy fields (`repos` and `min-integrity`) are experimental and may change in future releases. Using either field emits a compilation warning.
-:::
-
 Restrict which repositories and integrity levels the GitHub MCP server can access during agent execution. Guard policies apply fine-grained access control at the MCP gateway level.
 
 For **public repositories** without explicit guard policy configuration, `min-integrity: approved` is applied automatically at runtime, ensuring content is filtered to owners, members, and collaborators even without additional authentication. See [Automatic Minimum-Integrity Protection](/gh-aw/reference/lockdown-mode/#automatic-minimum-integrity-protection) for details.

docs/src/content/docs/reference/glossary.md

@@ -69,10 +69,7 @@ Capabilities that an AI agent can use during workflow execution. Tools are confi
 
 ### Guard Policy
 
-An experimental access control configuration for the GitHub MCP server that restricts which repositories and content integrity levels the agent can read. Configured via `tools.github.repos` (repository scope: `"all"`, `"public"`, or a list of patterns) and `tools.github.min-integrity` (minimum required integrity level). Both fields are required when either is specified. Integrity levels by trust: `merged` (content reachable from the main branch) > `approved` (owners, members, collaborators) > `unapproved` (contributors) > `none` (first-time users). See [GitHub Tools Reference](/gh-aw/reference/github-tools/#guard-policies).
-
-> [!NOTE]
-> Guard policy fields are experimental and may change in future releases. Using either field emits a compilation warning.
+An access control configuration for the GitHub MCP server that restricts which repositories and content integrity levels the agent can read. Configured via `tools.github.repos` (repository scope: `"all"`, `"public"`, or a list of patterns) and `tools.github.min-integrity` (minimum required integrity level). Both fields are required when either is specified. Integrity levels by trust: `merged` (content reachable from the main branch) > `approved` (owners, members, collaborators) > `unapproved` (contributors) > `none` (first-time users). See [GitHub Tools Reference](/gh-aw/reference/github-tools/#guard-policies).
 
 ## Security and Outputs
 

pkg/workflow/compiler.go

@@ -273,15 +273,6 @@ func (c *Compiler) validateWorkflowData(workflowData *WorkflowData, markdownPath
 		c.IncrementWarningCount()
 	}
 
-	// Emit experimental warning for tools.github guard policy (repos/min-integrity)
-	if workflowData.ParsedTools != nil && workflowData.ParsedTools.GitHub != nil {
-		github := workflowData.ParsedTools.GitHub
-		if github.Repos != nil || github.MinIntegrity != "" {
-			fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Using experimental feature: tools.github guard policy (repos/min-integrity)"))
-			c.IncrementWarningCount()
-		}
-	}
-
 	// Validate workflow_run triggers have branch restrictions
 	log.Printf("Validating workflow_run triggers for branch restrictions")
 	if err := c.validateWorkflowRunBranches(workflowData, markdownPath); err != nil {

pkg/workflow/guard_policy_experimental_warning_test.go

@@ -13,16 +13,16 @@ import (
 	"github.com/github/gh-aw/pkg/testutil"
 )
 
-// TestGuardPolicyExperimentalWarning tests that the tools.github guard policy
-// (repos/min-integrity) emits an experimental warning when enabled.
-func TestGuardPolicyExperimentalWarning(t *testing.T) {
+// TestGuardPolicyNoExperimentalWarning tests that the tools.github guard policy
+// (repos/min-integrity) does not emit an experimental warning, as the feature
+// is no longer considered experimental.
+func TestGuardPolicyNoExperimentalWarning(t *testing.T) {
 	tests := []struct {
-		name          string
-		content       string
-		expectWarning bool
+		name    string
+		content string
 	}{
 		{
-			name: "guard policy enabled produces experimental warning",
+			name: "guard policy enabled does not produce experimental warning",
 			content: `---
 on: workflow_dispatch
 engine: copilot
@@ -36,7 +36,6 @@ permissions:
 
 # Test Workflow
 `,
-			expectWarning: true,
 		},
 		{
 			name: "no guard policy does not produce experimental warning",
@@ -49,7 +48,6 @@ permissions:
 
 # Test Workflow
 `,
-			expectWarning: false,
 		},
 		{
 			name: "github tool without guard policy does not produce experimental warning",
@@ -66,10 +64,9 @@ permissions:
 
 # Test Workflow
 `,
-			expectWarning: false,
 		},
 		{
-			name: "guard policy with repos array produces experimental warning",
+			name: "guard policy with repos array does not produce experimental warning",
 			content: `---
 on: workflow_dispatch
 engine: copilot
@@ -84,7 +81,6 @@ permissions:
 
 # Test Workflow
 `,
-			expectWarning: true,
 		},
 	}
 
@@ -118,24 +114,9 @@ permissions:
 				return
 			}
 
-			expectedMessage := "Using experimental feature: tools.github guard policy (repos/min-integrity)"
-
-			if tt.expectWarning {
-				if !strings.Contains(stderrOutput, expectedMessage) {
-					t.Errorf("Expected warning containing '%s', got stderr:\n%s", expectedMessage, stderrOutput)
-				}
-			} else {
-				if strings.Contains(stderrOutput, expectedMessage) {
-					t.Errorf("Did not expect warning '%s', but got stderr:\n%s", expectedMessage, stderrOutput)
-				}
-			}
-
-			// Verify warning count includes guard policy warning
-			if tt.expectWarning {
-				warningCount := compiler.GetWarningCount()
-				if warningCount == 0 {
-					t.Error("Expected warning count > 0 but got 0")
-				}
+			unexpectedMessage := "Using experimental feature: tools.github guard policy (repos/min-integrity)"
+			if strings.Contains(stderrOutput, unexpectedMessage) {
+				t.Errorf("Did not expect experimental warning '%s', but got stderr:\n%s", unexpectedMessage, stderrOutput)
 			}
 		})
 	}