github · pelikhan · Mar 10, 2026 · Mar 10, 2026 · Copilot · Mar 10, 2026
diff --git a/docs/src/content/docs/reference/environment-variables.md b/docs/src/content/docs/reference/environment-variables.md
@@ -98,6 +98,29 @@ echo "Found 3 issues across 12 files." >> "$GITHUB_STEP_SUMMARY"
 
 The output appears in the **Summary** tab of the GitHub Actions workflow run.
 
+## System-Injected Runtime Variables
+
+GitHub Agentic Workflows automatically injects the following environment variables into every agentic engine execution step (both the main agent run and the threat detection run). These variables are read-only from the agent's perspective and are useful for writing workflows or agents that need to detect their execution context.
-GitHub Agentic Workflows automatically injects the following environment variables into every agentic engine execution step (both the main agent run and the threat detection run). These variables are read-only from the agent's perspective and are useful for writing workflows or agents that need to detect their execution context.
+GitHub Agentic Workflows automatically inject the following environment variables into every agentic engine execution step (both the main agent run and the threat detection run). These variables are read-only from the agent's perspective and are useful for writing workflows or agents that need to detect their execution context.
-GitHub Agentic Workflows automatically injects the following environment variables into every agentic engine execution step (both the main agent run and the threat detection run). These variables are read-only from the agent's perspective and are useful for writing workflows or agents that need to detect their execution context.
+GitHub Agentic Workflows automatically inject the following environment variables into every agentic engine execution step (both the main agent run and the threat detection run). These variables are read-only from the agent's perspective and are useful for writing workflows or agents that need to detect their execution context.
+
+| Variable | Value | Description |
+|----------|-------|-------------|
+| `GITHUB_AW` | `"true"` | Present in every gh-aw engine execution step. Agents can check for this variable to confirm they are running inside a GitHub Agentic Workflow. |
+| `GH_AW_PHASE` | `"agent"` or `"detection"` | Identifies which execution phase is active. `"agent"` for the main run; `"detection"` for the threat-detection safety check run that precedes the main run. |
+| `GH_AW_VERSION` | e.g. `"0.40.1"` | The gh-aw compiler version that generated the workflow. Useful for conditional logic that depends on a minimum feature version. |
+
+These variables appear alongside other `GH_AW_*` context variables in the compiled workflow:
+
+```yaml
+env:
+  GITHUB_AW: "true"
+  GH_AW_PHASE: agent        # or "detection"
+  GH_AW_VERSION: "0.40.1"
-| `GITHUB_AW` | `"true"` | Present in every gh-aw engine execution step. Agents can check for this variable to confirm they are running inside a GitHub Agentic Workflow. |
-| `GH_AW_PHASE` | `"agent"` or `"detection"` | Identifies which execution phase is active. `"agent"` for the main run; `"detection"` for the threat-detection safety check run that precedes the main run. |
-| `GH_AW_VERSION` | e.g. `"0.40.1"` | The gh-aw compiler version that generated the workflow. Useful for conditional logic that depends on a minimum feature version. |
-
-These variables appear alongside other `GH_AW_*` context variables in the compiled workflow:
-
-```yaml
-env:
-  GITHUB_AW: "true"
-  GH_AW_PHASE: agent        # or "detection"
-  GH_AW_VERSION: "0.40.1"
+| `GITHUB_AW` | `true` | Present in every gh-aw engine execution step. Agents can check for this variable to confirm they are running inside a GitHub Agentic Workflow. |
+| `GH_AW_PHASE` | `"agent"` or `"detection"` | Identifies which execution phase is active. `"agent"` for the main run; `"detection"` for the threat-detection safety check run that precedes the main run. |
+| `GH_AW_VERSION` | e.g. `"3f30e4d"` | The gh-aw compiler version that generated the workflow (often a short commit SHA, `dev`, or a release version). Useful for conditional logic that depends on a minimum feature version. |
+
+These variables appear alongside other `GH_AW_*` context variables in the compiled workflow:
+
+```yaml
+env:
+  GITHUB_AW: true
+  GH_AW_PHASE: agent        # or "detection"
+  GH_AW_VERSION: "3f30e4d"  # e.g. short commit SHA, dev, or release version
-| `GITHUB_AW` | `"true"` | Present in every gh-aw engine execution step. Agents can check for this variable to confirm they are running inside a GitHub Agentic Workflow. |
-| `GH_AW_PHASE` | `"agent"` or `"detection"` | Identifies which execution phase is active. `"agent"` for the main run; `"detection"` for the threat-detection safety check run that precedes the main run. |
-| `GH_AW_VERSION` | e.g. `"0.40.1"` | The gh-aw compiler version that generated the workflow. Useful for conditional logic that depends on a minimum feature version. |
-
-These variables appear alongside other `GH_AW_*` context variables in the compiled workflow:
-
-```yaml
-env:
-  GITHUB_AW: "true"
-  GH_AW_PHASE: agent        # or "detection"
-  GH_AW_VERSION: "0.40.1"
+| `GITHUB_AW` | `true` | Present in every gh-aw engine execution step. Agents can check for this variable to confirm they are running inside a GitHub Agentic Workflow. |
+| `GH_AW_PHASE` | `"agent"` or `"detection"` | Identifies which execution phase is active. `"agent"` for the main run; `"detection"` for the threat-detection safety check run that precedes the main run. |
+| `GH_AW_VERSION` | e.g. `"3f30e4d"` | The gh-aw compiler version that generated the workflow (often a short commit SHA, `dev`, or a release version). Useful for conditional logic that depends on a minimum feature version. |
+
+These variables appear alongside other `GH_AW_*` context variables in the compiled workflow:
+
+```yaml
+env:
+  GITHUB_AW: true
+  GH_AW_PHASE: agent        # or "detection"
+  GH_AW_VERSION: "3f30e4d"  # e.g. short commit SHA, dev, or release version
+  GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt
+```
+
+> [!NOTE]
+> These variables are injected by the compiler and cannot be overridden by user-defined `env:` blocks in the workflow frontmatter.
-> These variables are injected by the compiler and cannot be overridden by user-defined `env:` blocks in the workflow frontmatter.
+> These variables are injected by the compiler as defaults for the engine execution context. They can be overridden by user-defined `engine.env` or agent-specific `env` blocks in the workflow frontmatter, but are not affected by workflow-, job-, or step-level `env:` scopes.
-> These variables are injected by the compiler and cannot be overridden by user-defined `env:` blocks in the workflow frontmatter.
+> These variables are injected by the compiler as defaults for the engine execution context. They can be overridden by user-defined `engine.env` or agent-specific `env` blocks in the workflow frontmatter, but are not affected by workflow-, job-, or step-level `env:` scopes.
+
 ## Precedence Rules
 
 Environment variables follow a **most-specific-wins** model, consistent with GitHub Actions. Variables at more specific scopes completely override variables with the same name at less specific scopes.