github · dsyme · Mar 22, 2026 · Mar 22, 2026 · Mar 22, 2026 · Mar 22, 2026
diff --git a/.github/workflows/glossary-maintainer.md b/.github/workflows/glossary-maintainer.md
@@ -114,9 +114,8 @@ Based on the scope (daily or weekly):
 - List recent commits using `list_commits` for the appropriate timeframe
 - Get detailed commit information using `get_commit` for commits that might introduce new terminology
 - Search for merged pull requests using `search_pull_requests`
-- Review PR descriptions and comments for new terminology
 
-**Look for:**
+**Look for new terminology in `docs/**/*.{md,mdx}` (and nowhere else)**
 - New configuration fields in frontmatter (YAML keys)
 - New CLI commands or flags
 - New tool names or MCP servers
@@ -178,12 +177,14 @@ Based on your scan of recent changes, create a list of:
 - The term requires explanation (not self-evident)
 - The term is specific to GitHub Agentic Workflows
 - The term is likely to confuse users without a definition
+- The term is used somewhere in `docs/**/*.{md,mdx}` files
 
 **Do NOT add:**
 - Generic programming terms (unless used in a specific way)
 - Self-evident terms
 - Internal implementation details
 - Terms only used in code comments
+- Terms not used in documentation
 
 ### 7. Update the Glossary
 

diff --git a/docs/astro.config.mjs b/docs/astro.config.mjs
@@ -295,26 +295,30 @@ export default defineConfig({
 						{ label: 'Compilation Process', link: '/reference/compilation-process/' },
 						{ label: 'Concurrency', link: '/reference/concurrency/' },
 						{ label: 'Cost Management', link: '/reference/cost-management/' },
-						{ label: 'Copilot Agent Files', link: '/reference/copilot-custom-agents/' },
-						{ label: 'Cross-Repository', link: '/reference/cross-repository/' },
 						{ label: 'Custom Safe Outputs', link: '/reference/custom-safe-outputs/' },
-						{ label: 'Dependabot', link: '/reference/dependabot/' },
 						{ label: 'Environment Variables', link: '/reference/environment-variables/' },
 						{ label: 'FAQ', link: '/reference/faq/' },
 						{ label: 'Footers', link: '/reference/footers/' },
 						{ label: 'Frontmatter', link: '/reference/frontmatter/' },
 						{ label: 'Frontmatter (Full)', link: '/reference/frontmatter-full/' },
 						{ label: 'GH-AW Agent', link: '/reference/custom-agent-for-aw/' },
 						{ label: 'GH-AW as MCP Server', link: '/reference/gh-aw-as-mcp-server/' },
-						{ label: 'GitHub Lockdown Mode', link: '/reference/lockdown-mode/' },
-						{ label: 'GitHub Tools', link: '/reference/github-tools/' },
+						{ label: 'GitHub (Checkout)', link: '/reference/checkout/' },
+						{ label: 'GitHub (Read Tools)', link: '/reference/github-tools/' },
+						{ label: 'GitHub (Read Permissions)', link: '/reference/permissions/' },
+						{ label: 'GitHub (Integrity Filtering)', link: '/reference/integrity/' },
+						{ label: 'GitHub (Cross-Repository)', link: '/reference/cross-repository/' },
+						{ label: 'GitHub (Fork Support)', link: '/reference/fork-support/' },
 						{ label: 'Glossary', link: '/reference/glossary/' },
 						{ label: 'Imports', link: '/reference/imports/' },
+						{ label: 'Imports (APM)', link: '/reference/dependencies/' },
+						{ label: 'Imports (Copilot Agent Files)', link: '/reference/copilot-custom-agents/' },
+						{ label: 'Imports (Dependabot)', link: '/reference/dependabot/' },
 						{ label: 'Markdown', link: '/reference/markdown/' },
 						{ label: 'MCP Gateway', link: '/reference/mcp-gateway/' },
 						{ label: 'Network Access', link: '/reference/network/' },
-						{ label: 'Permissions', link: '/reference/permissions/' },
-						{ label: 'Rate Limiting Controls', link: '/reference/rate-limiting-controls/' },
+						{ label: 'Playwright', link: '/reference/playwright/' },
+						{ label: 'Rate Limiting', link: '/reference/rate-limiting-controls/' },
 						{ label: 'Repo Memory', link: '/reference/repo-memory/' },
 						{ label: 'MCP Scripts', link: '/reference/mcp-scripts/' },
 						{ label: 'MCP Scripts (Spec)', link: '/reference/mcp-scripts-specification/' },
@@ -329,9 +333,7 @@ export default defineConfig({
 						{ label: 'Tools', link: '/reference/tools/' },
 						{ label: 'Triggering CI', link: '/reference/triggering-ci/' },
 						{ label: 'Triggers', link: '/reference/triggers/' },
-						{ label: 'WASM Compilation', link: '/reference/wasm-compilation/' },
 						{ label: 'Workflow Structure', link: '/reference/workflow-structure/' },
-						{ label: 'Fork Support', link: '/reference/fork-support/' },
 					],
 				},
 				{

diff --git a/docs/interactive-run-mode.md b/docs/interactive-run-mode.md
@@ -51,7 +51,6 @@ All standard `run` command flags work in interactive mode:
 - `--repo owner/repo` - Target a different repository
 - `--ref branch` - Run on a specific branch
 - `--engine copilot` - Override AI engine
-- `--auto-merge-prs` - Auto-merge created PRs
 - `--push` - Push changes before running
 
 ## Limitations

diff --git a/docs/slides/index.md b/docs/slides/index.md
@@ -538,7 +538,7 @@ External services accessed only through proxies — multiple controls before rea
 | **Network** | Proxy/firewall at every layer, domain allowlisting |
 | **Permissions** | Read-only default, safe outputs for writes |
 | **Supply Chain** | Pinned action SHAs, protected CI/CD files |
-| **GitHub Guard** | `min-integrity`, secrecy & integrity metadata |
+| **Integrity** | `min-integrity`, access & integrity metadata |
 | **Monitoring** | Threat detection, audit logs, run analysis |
 
 ---

diff --git a/docs/src/content/docs/agent-factory-status.mdx b/docs/src/content/docs/agent-factory-status.mdx
@@ -51,6 +51,7 @@ These are experimental agentic workflows used by the GitHub Next team to learn,
 | [Daily CLI Performance Agent](https://github.com/github/gh-aw/blob/main/.github/workflows/daily-cli-performance.md) | copilot | [![Daily CLI Performance Agent](https://github.com/github/gh-aw/actions/workflows/daily-cli-performance.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/daily-cli-performance.lock.yml) | - | - |
 | [Daily CLI Tools Exploratory Tester](https://github.com/github/gh-aw/blob/main/.github/workflows/daily-cli-tools-tester.md) | copilot | [![Daily CLI Tools Exploratory Tester](https://github.com/github/gh-aw/actions/workflows/daily-cli-tools-tester.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/daily-cli-tools-tester.lock.yml) | - | - |
 | [Daily Code Metrics and Trend Tracking Agent](https://github.com/github/gh-aw/blob/main/.github/workflows/daily-code-metrics.md) | claude | [![Daily Code Metrics and Trend Tracking Agent](https://github.com/github/gh-aw/actions/workflows/daily-code-metrics.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/daily-code-metrics.lock.yml) | - | - |
+| [Daily Community Attribution Updater](https://github.com/github/gh-aw/blob/main/.github/workflows/daily-community-attribution.md) | copilot | [![Daily Community Attribution Updater](https://github.com/github/gh-aw/actions/workflows/daily-community-attribution.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/daily-community-attribution.lock.yml) | - | - |
 | [Daily Compiler Quality Check](https://github.com/github/gh-aw/blob/main/.github/workflows/daily-compiler-quality.md) | copilot | [![Daily Compiler Quality Check](https://github.com/github/gh-aw/actions/workflows/daily-compiler-quality.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/daily-compiler-quality.lock.yml) | - | - |
 | [Daily Copilot PR Merged Report](https://github.com/github/gh-aw/blob/main/.github/workflows/copilot-pr-merged-report.md) | copilot | [![Daily Copilot PR Merged Report](https://github.com/github/gh-aw/actions/workflows/copilot-pr-merged-report.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/copilot-pr-merged-report.lock.yml) | `0 15 * * 1-5` | - |
 | [Daily Copilot Token Consumption Report](https://github.com/github/gh-aw/blob/main/.github/workflows/daily-copilot-token-report.md) | copilot | [![Daily Copilot Token Consumption Report](https://github.com/github/gh-aw/actions/workflows/daily-copilot-token-report.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/daily-copilot-token-report.lock.yml) | `0 11 * * 1-5` | - |
@@ -105,7 +106,7 @@ These are experimental agentic workflows used by the GitHub Next team to learn,
 | [Go Logger Enhancement](https://github.com/github/gh-aw/blob/main/.github/workflows/go-logger.md) | claude | [![Go Logger Enhancement](https://github.com/github/gh-aw/actions/workflows/go-logger.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/go-logger.lock.yml) | - | - |
 | [Go Pattern Detector](https://github.com/github/gh-aw/blob/main/.github/workflows/go-pattern-detector.md) | claude | [![Go Pattern Detector](https://github.com/github/gh-aw/actions/workflows/go-pattern-detector.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/go-pattern-detector.lock.yml) | `0 14 * * 1-5` | - |
 | [GPL Dependency Cleaner (gpclean)](https://github.com/github/gh-aw/blob/main/.github/workflows/gpclean.md) | copilot | [![GPL Dependency Cleaner (gpclean)](https://github.com/github/gh-aw/actions/workflows/gpclean.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/gpclean.lock.yml) | - | - |
-| [Grumpy Code Reviewer 🔥](https://github.com/github/gh-aw/blob/main/.github/workflows/grumpy-reviewer.md) | copilot | [![Grumpy Code Reviewer 🔥](https://github.com/github/gh-aw/actions/workflows/grumpy-reviewer.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/grumpy-reviewer.lock.yml) | - | `/grumpy` |
+| [Grumpy Code Reviewer 🔥](https://github.com/github/gh-aw/blob/main/.github/workflows/grumpy-reviewer.md) | codex | [![Grumpy Code Reviewer 🔥](https://github.com/github/gh-aw/actions/workflows/grumpy-reviewer.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/grumpy-reviewer.lock.yml) | - | `/grumpy` |
 | [Instructions Janitor](https://github.com/github/gh-aw/blob/main/.github/workflows/instructions-janitor.md) | claude | [![Instructions Janitor](https://github.com/github/gh-aw/actions/workflows/instructions-janitor.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/instructions-janitor.lock.yml) | - | - |
 | [Issue Arborist](https://github.com/github/gh-aw/blob/main/.github/workflows/issue-arborist.md) | codex | [![Issue Arborist](https://github.com/github/gh-aw/actions/workflows/issue-arborist.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/issue-arborist.lock.yml) | - | - |
 | [Issue Monster](https://github.com/github/gh-aw/blob/main/.github/workflows/issue-monster.md) | copilot | [![Issue Monster](https://github.com/github/gh-aw/actions/workflows/issue-monster.lock.yml/badge.svg)](https://github.com/github/gh-aw/actions/workflows/issue-monster.lock.yml) | - | - |

diff --git a/docs/src/content/docs/blog/2026-01-13-meet-the-workflows.md b/docs/src/content/docs/blog/2026-01-13-meet-the-workflows.md
@@ -76,7 +76,7 @@ Note how concise this is - it's like reading a to-do list for the agent. The wor
 
 In the frontmatter, we define [permissions](/gh-aw/reference/frontmatter/#permissions-permissions), [tools](/gh-aw/reference/tools/), and [safe outputs](/gh-aw/reference/safe-outputs/). This ensures the agent only has access to what it needs and can't perform any unsafe actions. The natural language instructions in the body guide the agent's behavior in a clear, human-readable way.
 
-Issue triage workflows in public repositories are one of the [rare cases where you might disable lockdown mode](/gh-aw/reference/faq/#what-is-github-lockdown-mode-and-when-is-it-enabled) to process issues from all contributors. If you are a maintainer in a public repository and need your triage agent to see and label issues from users without push access, configure `lockdown: false` in your GitHub tools configuration. See [Lockdown Mode](/gh-aw/reference/lockdown-mode/) for security considerations and best practices.
+Issue triage workflows in public repositories may need to process issues from all contributors. By default, `min-integrity: approved` restricts agent visibility to owners, members, and collaborators. If you are a maintainer in a public repository and need your triage agent to see and label issues from users without push access, set `min-integrity: none` in your GitHub tools configuration. See [Integrity Filtering](/gh-aw/reference/integrity/) for security considerations and best practices.
 
 We've deliberately kept this workflow ultra-simple. In practice, in your own repo, **customization** is key. Triage differs in every repository. Tailoring workflows to your specific context will make them more effective. Generic agents are okay, but customized ones are often a better fit.
 

diff --git a/docs/src/content/docs/blog/2026-01-24-design-patterns.md b/docs/src/content/docs/blog/2026-01-24-design-patterns.md
@@ -182,7 +182,7 @@ Some key characteristics are:
 - Often includes intelligent classification
 - Maintains issue relationships
 - Respects user intent and context
-- **For public repo triage**: May need [lockdown mode disabled](/gh-aw/reference/lockdown-mode/) to process issues from all users
+- **For public repo triage**: Set `min-integrity: none` to process issues from all users (default is `approved`, which restricts to trusted contributors) — see [Integrity Filtering](/gh-aw/reference/integrity/)
 
 ---
 

diff --git a/docs/src/content/docs/blog/2026-01-27-operational-patterns.md b/docs/src/content/docs/blog/2026-01-27-operational-patterns.md
@@ -173,7 +173,7 @@ Here are our tips!
 - Allow manual override
 - Track triage accuracy
 - Update classification rules based on feedback
-- **For public repos**: Consider if you need to [disable lockdown mode](/gh-aw/reference/faq/#what-is-github-lockdown-mode-and-when-is-it-enabled) to process issues from all users (this is one of the rare safe use cases - see [Lockdown Mode](/gh-aw/reference/lockdown-mode/) for security guidance)
+- **For public repos**: By default, `min-integrity: approved` restricts agent visibility to owners, members, and collaborators. For triage workflows that need to process issues from all users, set `min-integrity: none` explicitly — see [Integrity Filtering](/gh-aw/reference/integrity/) for guidance.
 
 **Learn more**: [IssueOps Examples](https://github.github.com/gh-aw/patterns/issue-ops/)
 

diff --git a/docs/src/content/docs/guides/getting-started-mcp.md b/docs/src/content/docs/guides/getting-started-mcp.md
@@ -101,7 +101,7 @@ The `default` toolset includes: `context`, `repos`, `issues`, `pull_requests`. W
 
 ### Operating Modes
 
-Remote mode (`mode: remote`) connects to a hosted server for faster startup with no Docker required. Local mode (`mode: local`) runs in Docker, enabling version pinning for offline or restricted environments. See [Remote vs Local Mode](/gh-aw/reference/github-tools/#remote-vs-local-mode).
+Remote mode (`mode: remote`) connects to a hosted server for faster startup with no Docker required. Local mode (`mode: local`) runs in Docker, enabling version pinning for offline or restricted environments. See [Remote vs Local Mode](/gh-aw/reference/github-tools/#github-tools-remote-mode).
 
 The GitHub MCP server always operates read-only. Write operations are handled through [safe outputs](/gh-aw/reference/safe-outputs/), which run in a separate permission-controlled job.
 

diff --git a/docs/src/content/docs/introduction/architecture.mdx b/docs/src/content/docs/introduction/architecture.mdx
@@ -554,17 +554,14 @@ XML and HTML tags are converted to a safe parentheses format to prevent injectio
 Workflows should use `${{ needs.activation.outputs.text }}` instead of raw `github.event` fields to ensure proper sanitization of user-provided content.
 </Aside>
 
-## GitHub Lockdown Mode
+## Integrity Filtering
 
-GitHub lockdown mode is a security feature of the GitHub MCP server that filters content in public repositories to only surface items from users with push access. This protects workflows from processing potentially malicious or misleading input from untrusted users.
+Integrity filtering controls which GitHub content an agent can access during a workflow run, based on **author trust** and **merge status** rather than push access alone. The MCP gateway intercepts tool calls and filters content below the configured `min-integrity` threshold before the AI engine sees it — items from blocked users or below the minimum trust level are removed transparently.
 
-When **lockdown mode is enabled**, the GitHub MCP server:
-- Only returns issues, PRs, comments, and discussions from users with push, maintain, or admin access
-- Blocks coding agent from seeing content from other users
-- Has no particular effect for private or internal repos
+For public repositories, `min-integrity: approved` is applied automatically — restricting content to owners, members, and collaborators — even without additional authentication. The four configurable levels (`merged`, `approved`, `unapproved`, `none`) are cumulative from most to least restrictive. Individual users can be blocked unconditionally, and trusted reviewers can promote specific items via approval labels.
 
 <Aside type="tip">
-See [Lockdown Mode Reference](/gh-aw/reference/lockdown-mode/) for complete configuration guidance, use cases, and security considerations.
+See [Integrity Filtering Reference](/gh-aw/reference/integrity/) for configuration options, integrity levels, and examples.
 </Aside>
 
 ## Secret Redaction
@@ -797,7 +794,7 @@ gh aw status
 | **Configuration** | Action SHA pinning | Supply chain attacks, tag hijacking |
 | **Configuration** | Security scanners (actionlint, zizmor, poutine) | Privilege escalation, misconfigurations, supply chain risks |
 | **Configuration** | Pre-activation checks (role/permission) | Unauthorized users, expired workflows |
-| **Plan** | GitHub lockdown mode | Untrusted user input, context poisoning, social engineering |
+| **Plan** | Integrity filtering (`min-integrity`) | Untrusted user input, context poisoning, social engineering |
 | **Plan** | Content sanitization | @mention abuse, bot triggers |
 | **Plan** | Secret redaction | Credential leakage in logs/artifacts |
 | **Plan** | Threat detection | Malicious patches, secret leaks |
@@ -807,7 +804,7 @@ gh aw status
 
 ## Related Documentation
 
-- [Lockdown Mode](/gh-aw/reference/lockdown-mode/) - GitHub content filtering for public repositories
+- [Integrity Filtering](/gh-aw/reference/integrity/) - Author-trust and merge-status content filtering
 - [Threat Detection Guide](/gh-aw/reference/threat-detection/) - Configuring threat analysis
 - [Network Permissions](/gh-aw/reference/network/) - Network access control
 - [Safe Outputs Reference](/gh-aw/reference/safe-outputs/) - Output processing configuration

diff --git a/docs/src/content/docs/patterns/multi-repo-ops.md b/docs/src/content/docs/patterns/multi-repo-ops.md
@@ -143,7 +143,7 @@ tools:
 ```
 
 > [!IMPORTANT]
-> When reading from repositories other than the workflow's repository, you must configure additional authentication. The default `GITHUB_TOKEN` only has access to the current repository. Use a PAT, GitHub App token, or the magic secret `GH_AW_GITHUB_MCP_SERVER_TOKEN`. See [GitHub Tools Reference](/gh-aw/reference/github-tools/#cross-repository-reading) for details.
+> When reading from repositories other than the workflow's repository, you must configure additional authentication. The default `GITHUB_TOKEN` only has access to the current repository. Use a PAT, GitHub App token, or the magic secret `GH_AW_GITHUB_MCP_SERVER_TOKEN`. See [GitHub Tools Reference](/gh-aw/reference/cross-repository/#cross-repository-reading) for details.
 
 Agent instructions can reference remote repositories: