docs: comprehensive guide for maintaining repos with agentic workflows at scale

[Copilot]

Summary

Adds docs/src/content/docs/guides/maintaining-repos.md — a comprehensive how-to guide for repository maintainers running agentic workflows at scale. The guide is structured around a two-mechanism safety model and uses repo-assist as the primary entry point.

Closes #26072

Key Design Decisions

1. Two-mechanism safety model — The guide frames the entire maintainer experience around two complementary controls:

   • Safe-outputs control what the agent can do (outputs) — principle of least privilege for actions like labeling, commenting, creating PRs
   • Integrity filtering controls what content the agent sees (inputs) — filtering by author trust level and merge status

2. Repo-assist first — Rather than covering features in isolation, the guide leads with repo-assist as the recommended triage layer, then layers on safe-outputs and integrity as the maintainer scales

3. Debugging as a first-class section — Covers AI-assisted debugging via /agent agentic-workflows and Copilot CLI commands (gh aw audit, gh aw logs), plus six common failure patterns with targeted fixes

Content Outline

• Repo-Assist as Your Triage Layer — What it does, minimal workflow example, routing to downstream agents
• Controlling Workflow Outputs with Safe-Outputs — Output types table, paired examples (repo-assist vs code-fix agent), principle of least privilege
• Controlling Workflow Inputs with Integrity Filtering — Decision guidance by workflow type (merged/approved/unapproved/none), trusted-users, approval-labels, blocked-users, centralized management via GitHub variables
• Reactions as Trust Signals — MCPG ≥ v0.2.18 opt-in, endorsement/disapproval reactions, proxy-only limitation
• Scaling Strategies — Token budget impact, rate-limit, concurrency controls, allowed-repos scoping
• Debugging Failed Workflows — /agent agentic-workflows for AI-assisted debugging, gh aw audit/gh aw logs CLI commands, common failure patterns (missing tools, auth failures, integrity filtering, safe-output violations, token exhaustion, MCP server issues)
• Worked Examples — Public open-source repo (repo-assist → approval-labels → code fix), inner-source (trusted-users via org variable), high-security (min-integrity: merged + blocked-users)

Files Changed

File	Description
docs/src/content/docs/guides/maintaining-repos.md	New comprehensive maintainer guide
.github/aw/actions-lock.json	Updated from main merge
pkg/workflow/data/action_pins.json	Updated from main merge

[lpcox]

@copilot make sure that repo-assist is the primary entry point and that guidance framed as making repo-assist work for a (primarily open-source) maintainer

[lpcox]

@copilot resolve the merge conflicts in this pull request also make sure that safeoutputs is presented as the primary safety mechanism for regulating workflow outputs whereas integrity filtering is the primary safety mechanism for regulating workflow inputs.

[github-actions]

Hey @Copilot and @lpcox 👋 — great work getting the maintaining-repos guide drafted! This is a comprehensive piece covering integrity filtering decision guidance, reactions as trust signals, scaling strategies, debugging workflows, and three well-structured worked examples (public, inner-source, high-security). It fills a clear gap in the docs and cross-links cleanly to the existing reference pages.

A few things to tidy up before marking this ready for review:

• Checklist items are still unchecked — docs/src/content/docs/guides/maintaining-repos.md exists on the branch and appears fully written (covers all seven checklist items), but the PR description still shows every task as [ ]. Review each item against the actual content and check them off once confirmed.
• Remove the [WIP] prefix and promote from draft — once the checklist is verified, rename the title and mark the PR ready so maintainers can merge.
• Diff discrepancy — GitHub's PR diff API currently reports only a 10-line actions-lock.json reordering (moving the ghcr.io/github/gh-aw-mcpg:v0.2.19 entry to its alphabetically correct position). The new guide file doesn't appear in the reported diff view, even though it exists on the branch in commit 7f9e493e. This may cause automated review tooling to miss the primary change — worth double-checking that the commit history is structured as expected and the file addition is properly attributed.

If you'd like a hand finishing this off, here's a ready-to-use agent prompt:

In the PR branch `copilot/add-comprehensive-guide-agentic-workflows` of `github/gh-aw`:

1. Open `docs/src/content/docs/guides/maintaining-repos.md` and verify it covers each of the following items:
   - Integrity filtering deep dive with decision guidance
   - Reactions as trust signals (MCPG >= v0.2.18)
   - Scaling strategies (repo-assist triage layer, token budgets, rate limiting)
   - Debugging failed workflows (CLI commands and `/agent agentic-workflows`)
   - Common failure patterns with diagnostic steps
   - At least 3 worked examples (public, inner-source, high-security)
   - Cross-links to existing reference pages

2. For each section that is complete, update the corresponding checkbox in the PR description from `[ ]` to `[x]`.

3. If any sections are incomplete or missing, add the missing content following the Markdown + frontmatter style used by sibling guides such as `docs/src/content/docs/guides/audit-with-agents.md` and `docs/src/content/docs/guides/getting-started-mcp.md`.

4. Verify the `actions-lock.json` change (reordering of `ghcr.io/github/gh-aw-mcpg:v0.2.19`) is intentional and not an artifact of the agent session.

5. Once all checklist items are verified and checked off, remove the `[WIP]` prefix from the PR title and mark the PR as ready for review.

Generated by Contribution Check · ● 2.6M · ◷

[Copilot]

@copilot make sure that repo-assist is the primary entry point and that guidance framed as making repo-assist work for a (primarily open-source) maintainer

Done in 73645f8. The guide now opens with repo-assist as the primary entry point — the intro frames the problem from an open-source maintainer's perspective, repo-assist is the first concrete thing shown (with a full workflow example), and integrity filtering is explained afterward as the mechanism that makes repo-assist route work safely. The worked examples section also leads with the public OSS scenario (repo-assist → code fix agent) rather than the more generic examples.

[Copilot]

@copilot resolve the merge conflicts in this pull request also make sure that safeoutputs is presented as the primary safety mechanism for regulating workflow outputs whereas integrity filtering is th...

Done in e012958. Merge conflicts resolved (stale gh-aw-mcpg:v0.2.17 pin removed from both actions-lock.json and action_pins.json). The guide now opens with an explicit two-mechanism safety model — safe-outputs as the primary mechanism for controlling what the agent can do (outputs), and integrity filtering as the primary mechanism for controlling what content the agent sees (inputs). A dedicated "Controlling Workflow Outputs with Safe-Outputs" section was added before the integrity filtering section, covering the principle of least privilege, the full output type table, and paired examples. The "Related Documentation" section also lists Safe Outputs Reference first.

[Copilot]

Pull request overview

Adds a new maintainer-focused documentation guide for operating agentic workflows safely at scale (repo-assist + safe-outputs + integrity filtering), along with updated action pin/lock data from a main-branch merge.

Changes:

• Introduces maintaining-repos.md guide structured around a two-mechanism safety model and maintainer workflows (triage, scaling, debugging, worked examples).
• Updates action pin/lock JSON to include the gh-aw-mcpg:v0.2.19 image entry in the expected location.
• Documents integrity reactions and operational debugging patterns (/agent agentic-workflows, gh aw audit, gh aw logs).

Show a summary per file

File	Description
docs/src/content/docs/guides/maintaining-repos.md	New comprehensive maintainer guide covering repo-assist, safe-outputs, integrity filtering, scaling, and debugging.
.github/aw/actions-lock.json	Syncs pinned MCPG image entry (gh-aw-mcpg:v0.2.19) position/content.
pkg/workflow/data/action_pins.json	Syncs pinned MCPG image entry (gh-aw-mcpg:v0.2.19) position/content.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (4)

docs/src/content/docs/guides/maintaining-repos.md:110

• The safe-outputs list/table uses non-existent output types (e.g., label-issue, comment-issue, comment-pull-request). Please align the names with the actual safe output types (e.g., add-labels/remove-labels, add-comment, etc.) from the Safe Outputs reference so readers don’t copy invalid config.

| Safe-output | What it allows |
|------------|---------------|
| `label-issue` | Apply or remove labels on an issue |
| `comment-issue` | Post a comment on an issue |
| `comment-pull-request` | Post a comment on a pull request |

docs/src/content/docs/guides/maintaining-repos.md:145

• The integrity-level descriptions here don’t match the reference definitions (notably, unapproved is CONTRIBUTOR/FIRST_TIME_CONTRIBUTOR, while none is the only level that includes NONE/FIRST_TIMER). Update this table (and any dependent guidance) to match the Integrity Filtering reference to avoid misconfiguration.

| Level | Who qualifies |
|-------|--------------|
| `merged` | PRs merged into the default branch; commits reachable from main |
| `approved` | Owners, members, collaborators; non-fork PRs on public repos; recognized bots (`dependabot`, `github-actions`) |
| `unapproved` | Contributors who have had a PR merged before; first-time contributors |

docs/src/content/docs/guides/maintaining-repos.md:53

• This paragraph says min-integrity: unapproved allows repo-assist to see “external users, everyone”, but unapproved still filters out NONE/FIRST_TIMER authors. Either change the setting to none or update the description so it matches the actual integrity semantics.

`min-integrity: unapproved` allows repo-assist to see all community content — first-time contributors, external users, everyone. The `safe-outputs` block limits what repo-assist can do in response: it can only apply labels and post comments. Any other GitHub mutation (opening PRs, merging, closing issues) is blocked by the runtime, regardless of what the agent attempts.

docs/src/content/docs/guides/maintaining-repos.md:49

• This prompt instructs the workflow to “consider assigning the Copilot coding agent”, but the workflow’s safe-outputs (even once renamed) only allow labeling/commenting. Either add the assign-to-agent safe output (and describe its limits), or remove the assignment instruction to keep the example internally consistent.

2. If the issue is a quality bug report with a clear reproduction, add the label `needs-investigation`.
3. If the issue is from a maintainer or collaborator, add `trusted-contributor` and consider assigning the Copilot coding agent to investigate.
4. If the issue appears to be spam or off-topic, add `invalid` and post a brief explanation comment.

• Files reviewed: 3/3 changed files
• Comments generated: 7

[Copilot]

rate-limit fields here (max-runs and window: 1h) don’t match the documented schema (max as an integer/expression, window as minutes). Update this example to the supported keys/formats to prevent copy/paste configs that fail validation.

Suggested change

	max-runs: 5
	window: 1h
	max: 5
	window: 60

[Copilot]

The concurrency example uses concurrency: max-parallel: 3, but max-parallel isn’t a supported concurrency field in this repo’s frontmatter (concurrency is expressed via standard group/cancel-in-progress plus concurrency.job-discriminator, and engine isolation is configured under engine.concurrency). Please revise this section to show a valid way to increase parallelism without introducing invalid keys.

Suggested change

	Workflows automatically use dual concurrency control (per-workflow and per-engine). For repo-assist, you may want higher concurrency so multiple issues are triaged in parallel rather than queued:
	```aw wrap
	concurrency:
	max-parallel: 3
	Workflows automatically use dual concurrency control (per-workflow and per-engine). For repo-assist, if you want multiple issues to be triaged in parallel rather than queued behind a single workflow slot, give each issue its own job discriminator and raise engine concurrency:
	```aw wrap
	concurrency:
	job-discriminator: ${{ github.event.issue.number }}
	engine:
	concurrency: 3

[Copilot]

The reactions example uses a top-level mcp-gateway: block, but MCP gateway configuration is defined under sandbox.mcp (and typically requires features.mcp-gateway: true). As written, this snippet likely won’t validate/compile; switch to the correct frontmatter structure for pinning the MCP gateway/container version.

Suggested change

	mcp-gateway:
	version: "v0.2.18"
	mcp-gateway: true
	sandbox:
	mcp:
	version: "v0.2.18"

[Copilot]

In the Copilot CLI flow, this guide shows running /agent agentic-workflows directly. The existing Debugging Workflows doc instructs /agent first, then selecting agentic-workflows from the list. Align these instructions to the documented CLI UX to avoid confusing users when the direct subcommand isn’t supported.

Suggested change

	/agent agentic-workflows
	/agent
	# Select `agentic-workflows` from the list

[Copilot]

min-integrity: unapproved won’t include authors with association NONE / FIRST_TIMER, so it won’t let repo-assist see all incoming public issues/PRs. If the goal is full community intake, use min-integrity: none; otherwise adjust the prose to clarify that unapproved is limited to contributors + first-time contributors.

This issue also appears in the following locations of the same file:

• line 53
• line 141

Suggested change

	min-integrity: unapproved
	min-integrity: none

[Copilot]

These examples grant write permissions in permissions: (e.g., issues: write). In this repo, permissions: is meant for the agentic step’s read access; writes should be performed via safe outputs + compiler-generated jobs, and strict mode rejects write perms on the agent job. Please switch these permission blocks to read-only and rely on safe outputs for mutations (and apply the same fix to the other examples below).

This issue also appears on line 47 of the same file.

Suggested change

	issues: write
	issues: read

[Copilot]

The example uses safe-outputs: label-issue: and comment-issue:, but these aren’t valid safe output types in this repo (the documented types are add-labels/remove-labels and add-comment). Update the example to use the correct safe output names (and targets), otherwise readers will copy a workflow that won’t compile.

This issue also appears on line 106 of the same file.

Suggested change

	label-issue:
	comment-issue:
	add-labels:
	issue:
	add-comment:
	issue: