Conversation
github-actions
bot
added
documentation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Note
🔒 Integrity filtering filtered 1 item
Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.
💥 [THE END] — Illustrated by Smoke Claude
|
|
||
| ### Trusted Bots (`sandbox.mcp.trusted-bots`) | ||
|
|
||
| A frontmatter field that passes additional GitHub bot identity strings to the [MCP Gateway](#mcp-gateway). The gateway merges these with its built-in trusted identity list to determine which bot identities are permitted. This field is additive — it can only extend the gateway's internal list, not remove built-in entries. Configured under `sandbox.mcp:` and compiled into the `trustedBots` array in the generated gateway configuration. Example entries: `github-actions[bot]`, `copilot-swe-agent[bot]`. See [MCP Gateway Reference](/gh-aw/reference/mcp-gateway/). |
There was a problem hiding this comment.
Good documentation for sandbox.mcp.trusted-bots. It might be helpful to add a note about the security implications — specifically that extending the trusted list increases the attack surface for prompt injection. Consider adding a brief warning or link to a security best-practices section.
|
|
||
| ### Safe Output Actions | ||
|
|
||
| A mechanism for mounting any public GitHub Action as a once-callable MCP tool within the consolidated safe-outputs job. Defined under `safe-outputs.actions:`, each action is specified with a `uses` field (matching GitHub Actions syntax) and an optional `description` override. At compile time, `gh aw compile` fetches the action's `action.yml` to resolve its inputs and pins the reference to a specific SHA. Unlike [Custom Safe Outputs](#custom-safe-outputs) (separate jobs) and [Safe Output Scripts](#safe-output-scripts) (inline JavaScript), actions run as steps inside the safe-outputs job with full secret access via `env:`. Useful for reusing existing marketplace actions as agent tools. See [Custom Safe Outputs](/gh-aw/reference/custom-safe-outputs/#github-action-wrappers-safe-outputsactions). |
There was a problem hiding this comment.
The distinction between Safe Output Actions, Custom Safe Outputs, and Safe Output Scripts is well-explained. A comparison table in the main docs would make it easier for users to choose the right mechanism at a glance.
1 participant
Glossary Updates - 2026-03-20
Scan Type
Terms Added
safe-outputs.actionsfeature (feat: mount custom GitHub Actions as safe output tools viasafe-outputs.actions#21752) — mounts any public GitHub Action as a once-callable MCP tool in the consolidated safe-outputs job, with full secret access viaenv:. Distinct from Custom Safe Outputs (separate jobs) and Safe Output Scripts (inline JS).sandbox.mcp.trusted-bots): New MCP Gateway field (Add trustedBots field to MCP Gateway spec, schema, and frontmatter #21865) — passes additional GitHub bot identity strings to the MCP Gateway, merged additively with the gateway's built-in trusted identity list.Terms Updated
None.
Changes Analyzed
safe-outputs.actions#21752, Add trustedBots field to MCP Gateway spec, schema, and frontmatter #21865, feat: update gh-aw-metadata payload to v3 with agent id/model and detection agent id/model #21899, Skip write permissions for staged safe output handlers #21903, Supportgithub-tokeninupdate-discussionsafe output #21924Related Changes
1ec9a41f:feat: mount custom GitHub Actions as safe output tools via safe-outputs.actions(feat: mount custom GitHub Actions as safe output tools viasafe-outputs.actions#21752)f3c7b792:Add trustedBots field to MCP Gateway spec and schema(Add trustedBots field to MCP Gateway spec, schema, and frontmatter #21865)Notes
Other commits today (recompiles, formatting fixes, CLI consistency, docs redirects, metadata v3, bump firewall version) did not introduce user-facing terminology warranting new glossary entries.
✨ PR Review Safe Output Test - Run 23343277323
Note
🔒 Integrity filtering filtered 1 item
Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.
pull_request_read: Resource 'pr:[docs] Update glossary - daily scan #21948' has lower integrity than agent requires. Agent would need to drop integrity tags [unapproved:all approved:all] to trust this resource.)