From d73772bf2b64b1080b7969c5b3efb25219787766 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Fri, 20 Mar 2026 23:56:43 +0000
Subject: [PATCH] docs: document safe-outputs actions field in
 github-agentic-workflows.md

Add documentation for the `actions:` field under `safe-outputs:`, which
allows custom GitHub Actions to be mounted as MCP tools for the AI agent.
This field is implemented in code (safe_outputs_config.go, compiler_types.go)
but was missing from the instructions file.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/aw/github-agentic-workflows.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/aw/github-agentic-workflows.md b/.github/aw/github-agentic-workflows.md
index b250f2327ee..2436dbdc20b 100644
--- a/.github/aw/github-agentic-workflows.md
+++ b/.github/aw/github-agentic-workflows.md
@@ -1044,6 +1044,18 @@ The YAML frontmatter supports these fields:
     ```
     Unlike `jobs:` (which create separate GitHub Actions jobs), scripts execute in-process alongside built-in handlers. Write only the handler body — the compiler generates the outer wrapper with config input destructuring and `async function handleX(item, resolvedTemporaryIds) { ... }`. Script names with dashes are normalized to underscores (e.g., `post-slack-message` → `post_slack_message`). The handler receives `item` (runtime message with input values) and `resolvedTemporaryIds` (map of temporary IDs).
 
+  - `actions:` - Custom GitHub Actions mounted as MCP tools for the AI agent (resolved at compile time)
+    ```yaml
+    safe-outputs:
+      actions:
+        my-action:
+          uses: owner/repo/path@ref         # Required: GitHub Action reference (tag, SHA, or branch)
+          description: "Custom description" # Optional: override action's description from action.yml
+          env:
+            API_KEY: ${{ secrets.API_KEY }} # Optional: environment variables for the injected step
+    ```
+    Actions are resolved at compile time — the compiler fetches `action.yml` and parses inputs automatically, exposing them as MCP tool parameters. The agent calls the action by its normalized name (dashes converted to underscores). Each action runs as an injected step in the safe-outputs job. Local actions (`./path/to/action`) are also supported.
+
   **Global Safe Output Configuration:**
   - `github-token:` - Custom GitHub token for all safe output jobs
     ```yaml