feat: port plan workflow from gh-aw repository

[Copilot]

Ports the /plan slash command workflow from gh-aw. This workflow generates project plans and task breakdowns when invoked in issues or discussions, creating actionable sub-issues for Copilot agents.

Changes

• .github/workflows/plan.md - Agentic workflow that:

  • Responds to /plan in issue/discussion comments
  • For issues: creates up to 5 sub-issues as children of the triggering issue
  • For discussions: creates a parent tracking issue + up to 5 sub-issues
  • Labels with [plan] prefix and plan, ai-generated labels
  • Uses AWF v0.10.0 (addresses critical security vulnerability CVSS 8.2 HIGH in v0.8.2)

• .github/workflows/plan.lock.yml - Compiled GitHub Actions YAML

Usage

/plan

In an issue comment, this breaks down the issue into sub-tasks. In a discussion, it creates a tracking issue with linked sub-issues.

Custom agent used: create-agentic-workflow
Design agentic workflows using GitHub Agentic Workflows (gh-aw) extension with interactive guidance on triggers, tools, and security best practices.

Original prompt

port this planning agentic workflow to this repo https://github.com/githubnext/gh-aw/blob/main/.github/workflows/plan.md

Custom agent used: create-agentic-workflow
Design agentic workflows using GitHub Agentic Workflows (gh-aw) extension with interactive guidance on triggers, tools, and security best practices.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	77.19%	77.19%	➡️ +0.00%
Statements	77.27%	77.27%	➡️ +0.00%
Functions	77.17%	77.17%	➡️ +0.00%
Branches	69.76%	69.76%	➡️ +0.00%

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Security Review: Critical Vulnerability Found ⚠️

This PR introduces a critical security issue by using an outdated version of AWF that contains a known vulnerability.

🔴 Critical Issue: Vulnerable AWF Version

File: .github/workflows/plan.lock.yml
Lines: 177, 869

# Line 177
curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.8.2 bash

# Line 869
--image-tag 0.8.2

Problem: The workflow uses AWF v0.8.2, which is vulnerable to a critical firewall bypass (CVSS 8.2 HIGH) that was fixed in v0.9.1.

Vulnerability Details (from commit ddb2172):

• CVSS Score: 8.2 HIGH
• Impact: Complete bypass of domain allowlist on non-standard ports
• Attack Vector: Agents could access services like PostgreSQL (port 5432), MySQL (port 3306), Redis (port 6379), etc., completely bypassing the firewall's domain filtering
• Root Cause: iptables only redirected ports 80 and 443 to Squid proxy in v0.8.2
• Fix Applied: v0.9.1 (January 14, 2026) implemented defense-in-depth with targeted port redirection

📊 Version Timeline

• ❌ v0.8.2 (used in this PR) - Contains critical vulnerability
• ✅ v0.9.1 (Jan 14, 2026) - Security fix applied
• ✅ v0.10.0 (Current) - Latest stable version

✅ Positive Findings

• No changes to core security implementation files
• Proper domain allowlist configuration
• MCP server uses read-only mode (GITHUB_READ_ONLY=1)

🔧 Required Fix

Update both version references to use the latest stable version:

# Line 177
curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.10.0 bash

# Line 869
--image-tag 0.10.0

Alternative: At minimum, update to v0.9.1 to include the critical security fix, though v0.10.0 is recommended for the latest improvements.

Suggested Action

Please update the AWF version references before merging this PR to ensure the workflow is protected against the known firewall bypass vulnerability.

Ahoy! This treasure was crafted by 🏴‍☠️ Security Guard fer issue #230 🗺️

[Mossaka]

@copilot read the comments and address the concerns

[Copilot]

@copilot read the comments and address the concerns

Updated AWF version from v0.8.2 to v0.10.0 in commit a51e7bd to address the critical security vulnerability (CVSS 8.2 HIGH) identified by Security Guard.

The unpinned action warnings for githubnext/gh-aw/actions/setup@v0.36.0 are expected - these are first-party gh-aw actions that the compiler couldn't pin due to network constraints during compilation.

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• chore: delete existing firewall tests and migrate smoke tests #229: chore: delete existing firewall tests and migrate smoke tests
• feat(ci): add coverage regression detection #244: feat(ci): add coverage regression detection

Test Results:

• ✅ GitHub MCP: Retrieved PR data successfully
• ❌ Playwright: MCP server not available
• ✅ File Writing: Created test file
• ✅ Bash Tool: Verified file contents

Overall Status: PARTIAL PASS

cc: @Mossaka (assignee)

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results (Claude)

Last 2 Merged PRs:

• chore: delete existing firewall tests and migrate smoke tests #229: chore: delete existing firewall tests and migrate smoke tests
• feat(ci): add coverage regression detection #244: feat(ci): add coverage regression detection

Test Results:

• ✅ GitHub MCP: Retrieved PR data successfully
• ✅ Playwright: Loaded github.com, title contains "GitHub"
• ✅ File Write: Created test file at /tmp/gh-aw/agent/smoke-test-claude-21092103109.txt
• ✅ Bash: Verified file contents

Status: PASS

AI generated by Smoke Claude