Conversation
…ation When a GitHub MCP guard-policy is configured with a specific repos array, the compiler (since #20467, gateway v0.1.14) automatically derives a linked write-sink guard-policy for the safeoutputs MCP server. Document this behavior in the Guard Policies section of github-tools.md. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
github-actions
bot
added
automation
documentation
pelikhan
approved these changes
Mar 11, 2026
pelikhan
deleted the
doc-healer/guard-policy-safeoutputs-derivation-2026-03-11-2d32b2011a01a289
branch
Contributor
There was a problem hiding this comment.
Pull request overview
Adds documentation for the recently introduced compiler behavior that auto-derives a safeoutputs MCP guard-policy from GitHub Tools guard-policy configuration.
Changes:
- Added a new “Safe Outputs Integration” subsection under GitHub Tools → Guard Policies.
- Documented how
tools.github.reposguard-policy settings influence safeoutputs MCP configuration.
Comments suppressed due to low confidence (1)
docs/src/content/docs/reference/github-tools.md:164
- The inline comment
# safe outputs can write to the guard-policy reposis misleading: the derived safeoutputs guard-policy is a gateway/MCPwrite-sinkpolicy (accept list), not a GitHub write authorization mechanism for safe output jobs. Consider rewording to reflect that the safeoutputs MCP server is permitted to accept private data for the specified repos/patterns (viaprivate:<pattern>), rather than implying it controls where safe outputs can write.
safe-outputs:
create-issue: # safe outputs can write to the guard-policy repos
</details>
---
💡 <a href="/github/gh-aw/new/main?filename=.github/instructions/*.instructions.md" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Add Copilot custom instructions</a> for smarter, more guided reviews. <a href="https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Learn how to get started</a>.<br><br>You can also share your feedback on Copilot code review. [Take the survey](https://www.surveymonkey.com/r/XP6L3XJ).
Comment on lines
+149
to
+151
| When you configure `repos` as an array of specific repository patterns, the compiler automatically derives a linked guard-policy for the [safe outputs](/gh-aw/reference/safe-outputs/) MCP server. Each entry in the `repos` list is added as a `private` accept entry in the safeoutputs policy, allowing the MCP gateway to read private repository data through the GitHub tools and still write outputs via safeoutputs. | ||
|
|
||
| This derivation happens at compile time and requires no additional configuration. If you use `repos: "all"` or `repos: "public"`, no safeoutputs guard-policy is derived. |
There was a problem hiding this comment.
The Safe Outputs guard-policy derivation described here doesn’t match the compiler behavior. In deriveSafeOutputsGuardPolicyFromGitHub (pkg/workflow/mcp_github_config.go), every GitHub repos value that enables guard-policies results in a safeoutputs write-sink.accept entry prefixed with private: (e.g., private:myorg/private-repo), and repos: "all" / repos: "public" map to accept: ["private:*"] rather than producing no derived policy. Please update this section to describe the private:<pattern>/private:* behavior accurately.
This issue also appears on line 162 of the same file.
This was referenced Mar 11, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Self-Healing Documentation Fixes
This PR was automatically created by the Daily Documentation Healer workflow.
Gaps Fixed
github-tools.md. PR feat: automatically derive safeoutputs guard-policy from GitHub MCP guard-policy and bump gateway to v0.1.14 #20467 (merged 2026-03-11T18:21Z) teaches the compiler to automatically derive awrite-sinkguard-policy for the safeoutputs MCP server whenever the GitHub MCP server is configured with a specificreposarray guard-policy. This behavior — which activates with MCP gateway v0.1.14 — was not documented anywhere in the reference docs.Root Cause
DDUw ran at ~04:50 UTC on 2026-03-11 and produced PR #20468 (documenting
safe-outputs.environment). PR #20467 was merged at 18:21 UTC — over 13 hours after DDUw completed. This is the same late-merge blind-spot pattern documented in the previous two healer runs (#20254, #20412): features merged in the afternoon UTC window fall entirely outside DDUw's single early-morning scan.DDUw Improvement Suggestions
Analyzed Issues (last 7 days, label: documentation, state: closed)
staged-mode.md)docs/research/file, notdocs/The guard-policy auto-derivation gap was discovered by cross-referencing commits merged after DDUw's last run, not from a closed issue.
Files Changed
docs/src/content/docs/reference/github-tools.md— added "Safe Outputs Integration" subsection to the Guard Policies section documenting automatic safeoutputs guard-policy derivationRelated