diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index 4b4fb4da57f..536bd5df44f 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -2689,6 +2689,7 @@ jobs: uses: actions/github-script@v8 env: GITHUB_AW_AGENT_OUTPUT: ${{ needs.agent.outputs.output }} + GITHUB_AW_WORKFLOW_NAME: "Scout Deep Research Agent" with: script: | async function main() { @@ -2798,11 +2799,12 @@ jobs: continue; } let body = commentItem.body.trim(); + const workflowName = process.env.GITHUB_AW_WORKFLOW_NAME || "Workflow"; const runId = context.runId; const runUrl = context.payload.repository ? `${context.payload.repository.html_url}/actions/runs/${runId}` : `https://github.com/actions/runs/${runId}`; - body += `\n\n> Generated by Agentic Workflow [Run](${runUrl})\n`; + body += `\n\n> AI generated by [${workflowName}](${runUrl})\n`; core.info(`Creating comment on ${commentEndpoint} #${issueNumber}`); core.info(`Comment content length: ${body.length}`); try { diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 4d11d800219..8b8cc272ed8 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -2831,6 +2831,7 @@ jobs: uses: actions/github-script@v8 env: GITHUB_AW_AGENT_OUTPUT: ${{ needs.agent.outputs.output }} + GITHUB_AW_WORKFLOW_NAME: "Technical Documentation Writer for GitHub Actions" with: script: | async function main() { @@ -2940,11 +2941,12 @@ jobs: continue; } let body = commentItem.body.trim(); + const workflowName = process.env.GITHUB_AW_WORKFLOW_NAME || "Workflow"; const runId = context.runId; const runUrl = context.payload.repository ? `${context.payload.repository.html_url}/actions/runs/${runId}` : `https://github.com/actions/runs/${runId}`; - body += `\n\n> Generated by Agentic Workflow [Run](${runUrl})\n`; + body += `\n\n> AI generated by [${workflowName}](${runUrl})\n`; core.info(`Creating comment on ${commentEndpoint} #${issueNumber}`); core.info(`Comment content length: ${body.length}`); try { @@ -3017,6 +3019,7 @@ jobs: env: GITHUB_AW_AGENT_OUTPUT: ${{ needs.agent.outputs.output }} GITHUB_AW_WORKFLOW_ID: "agent" + GITHUB_AW_WORKFLOW_NAME: "Technical Documentation Writer for GitHub Actions" GITHUB_AW_BASE_BRANCH: ${{ github.ref_name }} GITHUB_AW_PR_TITLE_PREFIX: "[docs] " GITHUB_AW_PR_LABELS: "documentation" @@ -3176,11 +3179,12 @@ jobs: if (titlePrefix && !title.startsWith(titlePrefix)) { title = titlePrefix + title; } + const workflowName = process.env.GITHUB_AW_WORKFLOW_NAME || "Workflow"; const runId = context.runId; const runUrl = context.payload.repository ? `${context.payload.repository.html_url}/actions/runs/${runId}` : `https://github.com/actions/runs/${runId}`; - bodyLines.push(``, ``, `> Generated by Agentic Workflow [Run](${runUrl})`, ""); + bodyLines.push(``, ``, `> AI generated by [${workflowName}](${runUrl})`, ""); const body = bodyLines.join("\n").trim(); const labelsEnv = process.env.GITHUB_AW_PR_LABELS; const labels = labelsEnv diff --git a/docs/src/content/docs/guides/security.md b/docs/src/content/docs/guides/security.md index 657178e1623..802ce1d9c1d 100644 --- a/docs/src/content/docs/guides/security.md +++ b/docs/src/content/docs/guides/security.md @@ -377,6 +377,31 @@ Body: "${{ github.event.issue.body }}" - **Input sanitization**: Always use sanitized context text for user-controlled content - **Action validation**: Implement a plan-validate-execute flow where policy layers check each tool call against risk thresholds +### Safe Outputs Security Model + +Safe outputs provide a security-first approach to GitHub API interactions by separating AI processing from write operations. The agentic portion of workflows runs with minimal read-only permissions, while separate jobs handle validated GitHub API operations like creating issues, comments, or pull requests. + +This architecture ensures the AI never has direct write access to your repository, preventing unauthorized changes while still enabling automated actions. All agent output is automatically sanitized and validated before processing. + +See the [Safe Outputs Reference](/gh-aw/reference/safe-outputs/) for complete configuration details and available output types. + +### Threat Detection + +GitHub Agentic Workflows includes automatic threat detection to analyze agent output and code changes for potential security issues before they are applied. When safe outputs are configured, a threat detection job automatically runs to identify prompt injection attempts, secret leaks, and malicious code patches. + +The system uses AI-powered analysis with workflow source context to distinguish between legitimate actions and threats, helping reduce false positives while maintaining strong security controls. + +See the [Safe Outputs Reference](/gh-aw/reference/safe-outputs/) for threat detection configuration options. + +### Network Isolation + +Network isolation in GitHub Agentic Workflows operates at two layers to prevent unauthorized network access: + +1. **MCP Tool Network Controls**: Containerized tools with network-level domain allowlisting +2. **AI Engine Network Permissions**: Configurable network access controls for AI engines + +See the [Network Reference](/gh-aw/reference/network/) for detailed configuration options and the [Engine Network Permissions](#engine-network-permissions) section below for engine-specific controls. + ## Engine Network Permissions ### Overview @@ -471,6 +496,8 @@ Copilot and Claude expose richer default tools and optional Bash; Codex relies m ## See also +- [Safe Outputs Reference](/gh-aw/reference/safe-outputs/) +- [Network Configuration](/gh-aw/reference/network/) - [Tools Configuration](/gh-aw/reference/tools/) - [MCPs](/gh-aw/guides/mcps/) - [Workflow Structure](/gh-aw/reference/workflow-structure/)