fix(github-mcp-tools-report): add protected-files: fallback-to-issue to prevent safe_outputs hard failure

[Copilot]

The github-mcp-tools-report workflow was hard-failing in safe_outputs whenever the agent's patch touched .github/aw/github-mcp-server.md (a protected file), wasting ~$1.64 in inference per blocked run.

Changes

• github-mcp-tools-report.md — adds protected-files: fallback-to-issue to the safe-outputs.create-pull-request frontmatter block so the system creates a review issue with the patch attached instead of erroring out
• github-mcp-tools-report.lock.yml — recompiled; now emits "protected_files_policy":"fallback-to-issue" in the safe outputs config

safe-outputs:
  create-pull-request:
    expires: 2d
    title-prefix: "[mcp-tools] "
    labels: [documentation, automation]
    reviewers: copilot
    draft: false
    protected-files: fallback-to-issue  # ← added

[Copilot]

Pull request overview

Updates the github-mcp-tools-report workflow’s Safe Outputs configuration to avoid hard failures when a protected file is touched, falling back to creating an issue with the patch instead.

Changes:

• Add protected-files: fallback-to-issue to the safe-outputs.create-pull-request frontmatter in the workflow source.
• Recompile the workflow lockfile so the generated Safe Outputs JSON includes "protected_files_policy":"fallback-to-issue".

Show a summary per file

File	Description
.github/workflows/github-mcp-tools-report.md	Adds protected-files: fallback-to-issue to Safe Outputs PR creation config.
.github/workflows/github-mcp-tools-report.lock.yml	Regenerated compiled workflow to emit protected_files_policy: fallback-to-issue in Safe Outputs config/handler env.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 0