[docs] Update documentation for features from 2026-02-22#17741
Conversation
- Add `max-bot-mentions` global safe-outputs option (from #17689) - Add Templatable Fields section covering expression support for max, expires, max-bot-mentions, and boolean fields (from #17653, #17667) - Update expires field description to note preferred string format - Document expires-integer-to-string codemod in gh aw fix (from #17695) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
github-actions
bot
added
automation
documentation
|
✅ Pull request created: #17741 |
There was a problem hiding this comment.
Pull request overview
Updates end-user documentation to reflect recently merged safe-output enhancements (templatable integer/bool fields, bot-trigger neutralization limits, and the new expires codemod).
Changes:
- Documented
safe-outputs.max-bot-mentionsand added a “Templatable Fields” section in the safe-outputs reference. - Clarified
expiresformatting guidance and migration path viagh aw fix. - Added a note about the
expires-integer-to-stringcodemod to the CLI docs.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| docs/src/content/docs/setup/cli.md | Adds a note calling out the new expires-integer-to-string codemod under gh aw fix. |
| docs/src/content/docs/reference/safe-outputs.md | Updates expires description; documents max-bot-mentions and templatable numeric/bool fields. |
Comments suppressed due to low confidence (1)
docs/src/content/docs/reference/safe-outputs.md:1256
- This section says "Set to
0to escape all bot trigger phrases", but the current safe-outputs config parsing only appliesmax-bot-mentionswhen the parsed value is > 0 (seeactions/setup/js/collect_ndjson_output.cjs), so0will fall back to the default instead of escaping all. Either update the docs to reflect the actual supported range/behavior, or adjust the implementation to allow explicitly setting0.
Accepts a literal integer or a GitHub Actions expression string (e.g., `${{ inputs.max-mentions }}`). Set to `0` to escape all bot trigger phrases. Default: 10.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Agent output is automatically scanned for bot trigger phrases (e.g., `@copilot`, `@github-actions`) to prevent accidental automation triggering. By default, the first 10 occurrences are left unchanged and any excess are escaped with backticks. Entries already wrapped in backticks are skipped. | ||
|
|
There was a problem hiding this comment.
The examples here describe bot trigger phrases as @copilot / @github-actions, but the current sanitization logic neutralizes issue/PR auto-close keywords like fixes #123 / closes #123 / resolves #123 (see actions/setup/js/sanitize_content_core.cjs). Please update the examples to match what is actually being escaped so users know what max-bot-mentions affects.
This issue also appears on line 1256 of the same file.
| draft: ${{ inputs.create-draft }} | ||
| ``` | ||
|
|
||
| Most boolean configuration fields also accept expression strings. Fields that influence permission computation (such as `add-comment.discussion` and `create-pull-request.fallback-as-issue`) remain literal booleans. |
There was a problem hiding this comment.
The field name in this example appears to be incorrect. In the current config/types, the add-comment permission-affecting flag is add-comment.discussions (plural) (see pkg/workflow/add_comment.go). Using add-comment.discussion here will confuse readers and may not match schema validation.
| Most boolean configuration fields also accept expression strings. Fields that influence permission computation (such as `add-comment.discussion` and `create-pull-request.fallback-as-issue`) remain literal booleans. | |
| Most boolean configuration fields also accept expression strings. Fields that influence permission computation (such as `add-comment.discussions` and `create-pull-request.fallback-as-issue`) remain literal booleans. |
| #### Auto-Expiration | ||
|
|
||
| The `expires` field auto-closes issues after a time period. Supports integers (days), relative formats (`2h`, `7d`, `2w`, `1m`, `1y`), or `false` to disable expiration. Generates `agentics-maintenance.yml` workflow that runs at the minimum required frequency based on the shortest expiration time across all workflows: | ||
| The `expires` field auto-closes issues after a time period. Supports day-string format (`7d`, `2w`, `1m`, `1y`, `2h`) or `false` to disable expiration. Integer values (e.g., `expires: 7`) are also accepted as shorthand for days and can be migrated to string format with `gh aw fix --write`. Generates `agentics-maintenance.yml` workflow that runs at the minimum required frequency based on the shortest expiration time across all workflows: |
There was a problem hiding this comment.
Wording: this calls the preferred format "day-string" but the examples include 2h, which isn’t a day-string. Consider describing the preferred values as a duration string (e.g., 2h, 7d, 2w, 1m, 1y) to avoid implying only day-based suffixes are supported.
| The `expires` field auto-closes issues after a time period. Supports day-string format (`7d`, `2w`, `1m`, `1y`, `2h`) or `false` to disable expiration. Integer values (e.g., `expires: 7`) are also accepted as shorthand for days and can be migrated to string format with `gh aw fix --write`. Generates `agentics-maintenance.yml` workflow that runs at the minimum required frequency based on the shortest expiration time across all workflows: | |
| The `expires` field auto-closes issues after a time period. Supports duration string format (`2h`, `7d`, `2w`, `1m`, `1y`) or `false` to disable expiration. Integer values (e.g., `expires: 7`) are also accepted as shorthand for days and can be migrated to string format with `gh aw fix --write`. Generates `agentics-maintenance.yml` workflow that runs at the minimum required frequency based on the shortest expiration time across all workflows: |
2 participants
Documentation Updates - 2026-02-22
This PR updates the documentation based on features merged in the last 24 hours.
Features Documented
max,expires, andmax-bot-mentionsin safe outputs (from Add templatable integer support for safe output max fields #17667)max-bot-mentionsglobal option — controls how many bot trigger phrases pass through unescaped before excess are escaped (from neutralizeBotTriggers: allow first n references unchanged then escape excess, skip already-quoted entries, configurable via safe-outputs.max-bot-mentions #17689)expires-integer-to-stringcodemod — newgh aw fixcodemod migrates integerexpiresvalues to the preferred day-string format (from Add codemod to migrate expires integer values to day-string format #17695)Changes Made
docs/src/content/docs/reference/safe-outputs.md:max-bot-mentions:) section under Global Configuration Optionsexpiresfield description to clarify day-string format is preferred, with migration path viagh aw fix --writedocs/src/content/docs/setup/cli.md:expires-integer-to-stringcodemod in thegh aw fixcommand sectionMerged PRs Referenced
neutralizeBotTriggers: configurable viasafe-outputs.max-bot-mentionsexpiresinteger values to day-string formatNotes
The following PRs from today were reviewed but required no documentation updates (internal/security fixes):
base64executable not found on Windows ingh aw update#17720 — Fixbase64not found on Windows ingh aw update(bug fix; resolved in latest release)modernizeandintrangelinters and fix all issues #17705 — Go linter additions (internal code quality)