Update documentation for automatic lockdown determination

Copilot · pelikhan · Copilot · commit 3b8861f120d8 · 2026-01-04T00:45:46.000Z
Co-authored-by: pelikhan &lt;4175913+pelikhan@users.noreply.github.com&gt;
diff --git a/docs/src/content/docs/guides/security.md b/docs/src/content/docs/guides/security.md
@@ -250,23 +250,25 @@ The compiler generates per-tool Squid proxies; MCP egress is forced through ipta
 
 #### Automatic GitHub Lockdown on Public Repositories
 
-When using the GitHub MCP tool in public repositories, lockdown mode is **automatically enabled by default** to prevent accidental data leakage. This security feature restricts the GitHub token from accessing private repositories, ensuring that workflows running in public repositories cannot inadvertently expose sensitive information.
+When using the GitHub MCP tool with a custom token (`GH_AW_GITHUB_MCP_SERVER_TOKEN`), lockdown mode is **automatically determined based on repository visibility** to prevent accidental data leakage. This security feature restricts the GitHub token from accessing private repositories when running in public repositories.
 
-**How Automatic Detection Works:**
+**How Automatic Determination Works:**
 
-The system automatically detects repository visibility at workflow runtime:
+When `GH_AW_GITHUB_MCP_SERVER_TOKEN` is defined, the system automatically determines lockdown mode at workflow runtime based on repository visibility:
 
 - **Public repositories**: Lockdown mode is automatically enabled. The GitHub MCP server limits surfaced content to items authored by users with push access to the repository.
 - **Private/internal repositories**: Lockdown mode is automatically disabled since there's no risk of exposing private repository access.
 - **Detection failure**: If repository visibility cannot be determined, the system defaults to lockdown mode for maximum security.
 
-**No Configuration Required:**
+**When using default `GITHUB_TOKEN`**: Automatic determination is skipped and lockdown defaults to disabled (no restriction).
+
+**Minimal Configuration:**
 
 ```yaml wrap
 tools:
   github:
-    # Lockdown is automatically enabled for public repos
-    # No explicit configuration needed
+    # Lockdown is automatically determined for public repos
+    # when GH_AW_GITHUB_MCP_SERVER_TOKEN is defined
 ```
 
 **Manual Override (Optional):**
@@ -287,10 +289,10 @@ Explicitly setting `lockdown: false` in a public repository disables this securi
 
 **Security Benefits:**
 
-- **Prevents token scope leakage**: Even if a GitHub token has access to private repositories, lockdown mode prevents that access from being used in public repository workflows
+- **Prevents token scope leakage**: When using a custom token with private repository access, lockdown mode prevents that access from being used in public repository workflows
 - **Defense in depth**: Adds an additional layer of protection beyond token scoping
-- **Automatic and transparent**: Works without any configuration changes
-- **Safe by default**: Failures default to the most secure setting
+- **Automatic and transparent**: Works automatically when `GH_AW_GITHUB_MCP_SERVER_TOKEN` is defined
+- **Safe by default**: Detection failures default to the most secure setting
 
 See also: [GitHub MCP Tool Configuration](/gh-aw/reference/tools/#github-tools-github) for complete tool configuration options.
 
diff --git a/docs/src/content/docs/reference/tools.md b/docs/src/content/docs/reference/tools.md
@@ -110,16 +110,16 @@ Setup: `gh aw secrets set GH_AW_GITHUB_TOKEN --value "<your-pat>"`
 
 **Read-Only**: Default behavior; restricts to read operations unless write operations configured.
 
-**Lockdown**: Automatically enabled for public repositories to prevent accidental data leakage. Filters public repository content to items from users with push access. Private repositories are unaffected.
+**Lockdown**: Automatically determined based on repository visibility when using a custom token (`GH_AW_GITHUB_MCP_SERVER_TOKEN`). Filters public repository content to items from users with push access. Private repositories are unaffected.
 
-- **Automatic (default)**: Lockdown is automatically enabled for public repositories and disabled for private/internal repositories
-- **Manual override**: Explicitly set `lockdown: true` or `lockdown: false` to override automatic detection
+- **Automatic (default)**: When `GH_AW_GITHUB_MCP_SERVER_TOKEN` is defined, lockdown is automatically enabled for public repositories and disabled for private/internal repositories
+- **Manual override**: Explicitly set `lockdown: true` or `lockdown: false` to override automatic determination
 
 ```yaml wrap
 tools:
   github:
-    # Option 1: Automatic (recommended) - no configuration needed
-    # Lockdown automatically enabled for public repos
+    # Option 1: Automatic (recommended) - determined at runtime
+    # Lockdown automatically enabled for public repos when GH_AW_GITHUB_MCP_SERVER_TOKEN is set
 
     # Option 2: Explicit override
     lockdown: true   # Force enable
