From f16ac3201820cf1595ed9080f7b78638a0573c28 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Fri, 10 Apr 2026 10:58:12 +0000
Subject: [PATCH] Sync github-agentic-workflows.md with v0.67.4

- Add `allowed-events` filter to `submit-pull-request-review` safe-output
- Add `--runner-guard` static analysis scanner to compile options

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/aw/github-agentic-workflows.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/aw/github-agentic-workflows.md b/.github/aw/github-agentic-workflows.md
index adf44a1e44..65afbbe840 100644
--- a/.github/aw/github-agentic-workflows.md
+++ b/.github/aw/github-agentic-workflows.md
@@ -63,9 +63,10 @@ gh aw compile --purge
 gh aw compile --actionlint  # Includes shellcheck
 gh aw compile --zizmor      # Security vulnerability scanner
 gh aw compile --poutine     # Supply chain security analyzer
+gh aw compile --runner-guard  # Runner constraint scanner (requires Docker)
 
 # Strict mode with all scanners
-gh aw compile --actionlint --zizmor --poutine
+gh aw compile --actionlint --zizmor --poutine --runner-guard
 
 # Output validation results as JSON (includes labels referenced in safe-outputs)
 gh aw compile --json --no-emit
@@ -648,6 +649,7 @@ The YAML frontmatter supports these fields:
       submit-pull-request-review:
         max: 1                          # Optional: maximum number of reviews to submit (default: 1)
         footer: "if-body"               # Optional: footer control ("always", "none", "if-body", default: "always")
+        allowed-events: [COMMENT, REQUEST_CHANGES]  # Optional: restrict allowed review event types; omit to allow all (APPROVE, COMMENT, REQUEST_CHANGES)
     ```
 
     **Footer Control**: The `footer` field on `submit-pull-request-review` controls when AI-generated footers appear in the PR review body. Values: `"always"` (default, always include footer), `"none"` (never include footer), `"if-body"` (only include footer when review body is non-empty). Boolean values are also supported: `true` maps to `"always"`, `false` maps to `"none"`. This is useful for clean approval reviews — with `"if-body"`, approvals without explanatory text appear without a footer.