github · pelikhan · May 23, 2026 · May 23, 2026
diff --git a/.github/aw/safe-outputs.md b/.github/aw/safe-outputs.md
@@ -136,6 +136,21 @@ Safe outputs are the primary mechanism for write operations in agentic workflows
   {"type": "add_comment", "body": "Thread reply text", "reply_to_id": 12345}
   ```
 
+- `comment-memory:` - Persist and update a managed memory comment on the triggering issue/PR
+
+  ```yaml
+  safe-outputs:
+    comment-memory:
+      max: 1                          # Optional: max comment_memory updates (default: 1, range: 1-100)
+      target: "triggering"            # Optional: "triggering" (default), "*", or explicit issue/PR number
+      memory-id: "default"            # Optional: default memory identifier when items omit memory_id (default: "default")
+      footer: true                    # Optional: include AI footer in the managed comment (default: true)
+      target-repo: "owner/repo"       # Optional: cross-repository
+      allowed-repos: [owner/other]    # Optional: additional repos agent can target
+  ```
+
+  Boolean shorthand: `comment-memory: true` enables defaults; `false` or `null` disables. The handler materializes memory content to files before agent execution and synchronizes edits back to a single managed comment on the issue/PR after execution, providing durable cross-run state without external storage.
+
 - `create-pull-request:` - Safe pull request creation with git patches
 
   ```yaml
@@ -647,6 +662,20 @@ Safe outputs are the primary mechanism for write operations in agentic workflows
   ```
 
   Provides automated fixes for code scanning alerts.
+- `create-check-run:` - Create GitHub Check Runs to surface agent analysis results in the PR Checks UI
+
+  ```yaml
+  safe-outputs:
+    create-check-run:
+      name: "Security Analysis"       # Optional: check run name (defaults to workflow name)
+      max: 1                          # Optional: max check runs per workflow run (default: 1)
+      output:                         # Optional: static fallback values used when the agent omits the field
+        title: "Pending analysis"     # Fallback title (max 256 chars)
+        summary: "Awaiting agent output"  # Fallback summary (max 65535 chars)
+  ```
+
+  Requires `checks: write` permission, which is added automatically. Agents call `create_check_run` with `conclusion` (e.g., `success`, `failure`, `neutral`), `title`, `summary`, and optional `annotations`. Useful for reporting structured analysis results (security findings, code quality, test outcomes) directly on commits and pull requests.
+
 - `create-agent-session:` - Create GitHub Copilot coding agent sessions
 
   ```yaml