[docs] Update glossary - weekly full scan#20191
Conversation
Add three new terms from recent changes: - Guard Policy: experimental GitHub MCP server access control (repos + min-integrity fields, PR #20096 terminology update) - Protected Files: security mechanism for PR safe outputs (blocks sensitive file changes, PR #20051) - Allowed Files: strict scope filter for PR safe outputs (allowlist of permitted file patterns, PR #20051) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR adds three new glossary entries as part of a weekly full scan performed by the Glossary Maintainer automated workflow. The entries document features recently introduced in PRs #20096 (Guard Policy), #20051 (Protected Files and Allowed Files).
Changes:
- Added Guard Policy glossary entry under "Tools and Integration" documenting the experimental MCP server access control with integrity levels (
merged,approved,unapproved,none). - Added Protected Files and Allowed Files glossary entries under "Security and Outputs" documenting file protection mechanisms for PR-related safe outputs.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
|
|
||
| ### Protected Files | ||
|
|
||
| A security mechanism on `create-pull-request` and `push-to-pull-request-branch` safe outputs that prevents AI agents from modifying sensitive repository files. By default, protects dependency manifests (e.g., `package.json`, `go.mod`), GitHub Actions workflow files, and lock files. Configured via `protected-files:` with three policies: `blocked` (default — fails with error), `allowed` (no restriction), or `fallback-to-issue` (creates a review issue for human inspection instead of applying changes). See [Safe Outputs (Pull Requests)](/gh-aw/reference/safe-outputs-pull-requests/#protected-files). |
There was a problem hiding this comment.
The description of what's protected by default is inaccurate. The actual protection covers:
- Package manifest files by basename (e.g.,
package.json,go.mod,Gemfile,pyproject.toml, etc.) - All files under
.github/(not just "GitHub Actions workflow files" — this also includes CODEOWNERS, Dependabot config, etc.) - All files under
.agents/(engine instruction files like AGENTS.md, CLAUDE.md)
The glossary says "GitHub Actions workflow files, and lock files" which is both too narrow (.github/ covers much more than just workflow files) and misleading (it omits the .agents/ directory entirely). The frontmatter-full.md reference document more accurately describes these as "package manifests (e.g. package.json, go.mod), engine instruction files (e.g. AGENTS.md, CLAUDE.md) or .github/ files."
Consider aligning this description with the existing documentation in frontmatter-full.md and the implementation in pkg/workflow/runtime_definitions.go.
Glossary Updates — 2026-03-09
Scan Type
Terms Added
reader/writerterminology toapproved/unapproved). Documents thetools.github.reposandtools.github.min-integrityfields and the four integrity levels (merged,approved,unapproved,none).create-pull-requestandpush-to-pull-request-branchsafe outputs that blocks AI agents from modifying sensitive files (dependency manifests, Actions workflows, lock files). Added in PR Addallowed-filesstrict allowlist for protected-file protection on PR safe outputs #20051.allowed-filesstrict allowlist for protected-file protection on PR safe outputs #20051.Changes Analyzed
allowed-filesstrict allowlist for protected-file protection on PR safe outputs #20051, Update MCP gateway GitHub guard terminology #20096, Renamesafe-inputstomcp-scripts#20115, fix(safe-outputs): emit created_issue_* outputs from handler manager #20130, [instructions] Sync github-agentic-workflows.md with v0.40.1 — document safe-outputs step action outputs #20134, [docs] Update documentation for features from 2026-03-09 #20159Related Changes
allowed-filesstrict allowlist for protected-file protection on PR safe outputs #20051 — Addallowed-filesstrict allowlist for protected-file protection on PR safe outputsreader→unapproved,writer→approved)safe-inputstomcp-scripts#20115 — Renamesafe-inputstomcp-scripts(MCP Scripts definition already up-to-date in glossary)Notes
safe-outputs step action outputs(created_issue_number, etc.) from PR fix(safe-outputs): emit created_issue_* outputs from handler manager #20130 are implementation details, not user-facing glossary termssafe-inputs-to-mcp-scriptscodemod terminology is covered by existing "Codemod" usage in docs (no new glossary entry needed)