From 5d933892aad00fafec9b564c674014e491fbbee9 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 11 May 2026 05:55:00 +0000
Subject: [PATCH] =?UTF-8?q?docs:=20fix=20documentation=20drift=20=E2=80=94?=
 =?UTF-8?q?=20undocumented=20create-pr=20config=20fields=20and=20missing?=
 =?UTF-8?q?=20MCP=20container=20fields?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- docs/safe-outputs.md: add 7 undocumented create-pull-request configuration
  options: title-prefix, if-no-changes, max-files, protected-files,
  excluded-files, allowed-labels, fallback-record-branch
- prompts/create-ado-agentic-workflow.md: add args: and mounts: fields to
  MCP container config example (both are valid, documented in README and
  docs/mcp.md but missing from the primary workflow authoring guide)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 docs/safe-outputs.md                   | 7 +++++++
 prompts/create-ado-agentic-workflow.md | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/docs/safe-outputs.md b/docs/safe-outputs.md
index c1d81767..d5751c66 100644
--- a/docs/safe-outputs.md
+++ b/docs/safe-outputs.md
@@ -173,9 +173,16 @@ Note: The source branch name is auto-generated from a sanitized version of the P
 - `auto-complete` - Set auto-complete on the PR (default: false). Requires `draft: false` to take effect.
 - `delete-source-branch` - Delete source branch after merge (default: true)
 - `squash-merge` - Squash commits on merge (default: true)
+- `title-prefix` - Optional string prepended to all PR titles created by this agent (e.g., `"[Bot] "`)
+- `if-no-changes` - Behavior when the agent's patch produces no file changes: `"warn"` (default, succeed with a warning), `"error"` (fail the step), `"ignore"` (succeed silently)
+- `max-files` - Maximum number of files allowed in a single PR (default: 100). PRs exceeding this limit are rejected.
+- `protected-files` - Controls whether manifest/CI files (e.g., `package-lock.json`, `.github/`, `*.lock`) can be modified: `"blocked"` (default, reject changes to these files) or `"allowed"` (permit all files)
+- `excluded-files` - Glob patterns for files to strip from the patch before applying (e.g., `["*.lock", "dist/**"]`)
+- `allowed-labels` - Allowlist of labels the agent is permitted to apply. If empty (default), any labels are accepted.
 - `reviewers` - List of reviewer emails to add
 - `labels` - List of labels to apply
 - `work-items` - List of work item IDs to link
+- `fallback-record-branch` - When PR creation fails, record the pushed branch name and target branch in the failure response so operators can manually create the PR (default: true)
 - `max` - Maximum number of create-pull-request outputs allowed per run (default: 1)
 - `include-stats` - Whether to append agent execution stats (token usage, duration, model) to the PR description (default: true)
 
diff --git a/prompts/create-ado-agentic-workflow.md b/prompts/create-ado-agentic-workflow.md
index 458b30ba..6c4906d5 100644
--- a/prompts/create-ado-agentic-workflow.md
+++ b/prompts/create-ado-agentic-workflow.md
@@ -201,6 +201,10 @@ mcp-servers:
     entrypoint: "node"
     entrypoint-args: ["path/to/server.js"]
     enabled: false             # Set to false to temporarily disable without removing
+    args: ["--memory", "512m"] # Additional Docker runtime args (inserted before image name).
+                               # Dangerous flags like --privileged trigger compile-time warnings.
+    mounts:
+      - "/host/data:/app/data:ro"  # Volume mounts in "source:dest:mode" format
     env:
       API_KEY: "$(MY_SECRET)"
     allowed: