docs: document GHES audit auto-detection and write-sink guard policy expansion

github-actions[bot] · claude · github-actions[bot] · commit acac0a64f291 · 2026-03-15T04:28:43.000Z
- cli.md: note that gh aw audit and add-wizard auto-detect the GHES host from the git remote (from #20973), so GH_HOST is not required manually - github-tools.md: update Safe Outputs Integration section to reflect that write-sink guard policies are now derived for ALL non-GitHub MCP servers (playwright, serena, mcp-scripts, agentic-workflows, web-fetch, custom tools), not only safe-outputs (from #21005) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
diff --git a/docs/src/content/docs/reference/github-tools.md b/docs/src/content/docs/reference/github-tools.md
@@ -144,17 +144,19 @@ tools:
     min-integrity: approved
 ```
 
-### Safe Outputs Integration
+### Non-GitHub MCP Server Integration
 
-When you configure `repos` in the GitHub guard policy, the compiler automatically derives a linked guard-policy for the [safe outputs](/gh-aw/reference/safe-outputs/) MCP server:
+When you configure `repos` in the GitHub guard policy, the compiler automatically derives a linked write-sink guard-policy for **all non-GitHub MCP servers** — including [safe outputs](/gh-aw/reference/safe-outputs/), playwright, serena, mcp-scripts, agentic-workflows, web-fetch, and any custom tools. This ensures that as guard policies are applied to GitHub inputs, the corresponding write operations to non-GitHub servers are permitted.
 
-- **`repos: "all"` or `repos: "public"`**: Creates a write-sink policy with `accept: ["*"]` to allow all safe output operations
-- **`repos: [patterns]`**: Each entry in the `repos` list is transformed and added as an accept entry in the safeoutputs policy:
+The transformation rules are:
+
+- **`repos: "all"` or `repos: "public"`**: Creates a write-sink policy with `accept: ["*"]` to allow all write operations
+- **`repos: [patterns]`**: Each entry is transformed and added as an accept entry:
   - `"owner/*"` → `"private:owner"` (owner wildcard → strip wildcard)
   - `"owner/prefix*"` → `"private:owner/prefix*"` (prefix wildcard → keep as-is)
   - `"owner/repo"` → `"private:owner/repo"` (specific repo → keep as-is)
 
-This derivation happens at compile time and requires no additional configuration, allowing the MCP gateway to read repository data through the GitHub tools and still write outputs via safeoutputs.
+This derivation happens at compile time and requires no additional configuration, allowing the MCP gateway to read repository data through the GitHub tools and write outputs to any configured non-GitHub MCP server.
 
 ```yaml wrap
 tools:
diff --git a/docs/src/content/docs/setup/cli.md b/docs/src/content/docs/setup/cli.md
@@ -77,6 +77,8 @@ gh aw logs workflow --repo github.enterprise.com/owner/repo      # Use with comm
 
 Commands that support `--create-pull-request` (such as `gh aw add`, `gh aw add-wizard`, `gh aw init`, `gh aw update`, and `gh aw upgrade`) automatically detect the enterprise host from the git remote and route PR creation to the correct GHES instance. No extra flags are needed.
 
+`gh aw audit` and `gh aw add-wizard` also auto-detect the GHES host from the git remote, so running them inside a GHES repository works without setting `GH_HOST` manually.
+
 #### Configuring `gh` CLI in workflow steps on GHES
 
 When agentic workflows run on GitHub Enterprise Server and use custom `steps:` that invoke `gh` CLI commands, source the bundled helper script to configure `gh` for the enterprise host:
