feat: add doc-maintainer workflow for daily documentation sync

[Copilot]

Creates a daily agentic workflow that reviews git commits from the past 7 days and creates PRs to synchronize documentation with code changes.

Workflow Configuration

• Schedule: Daily with fuzzy scheduling (scattered to reduce load spikes)
• Timeout: 15 minutes
• Skip-if-match: Prevents duplicate PRs when one is already open
• Safe-outputs: create-pull-request with labels [documentation, ai-generated], reviewer copilot

Tools

• github toolset for API access
• edit for documentation changes
• bash with all commands allowed for flexible commit analysis

Documentation Scope

The agent autonomously explores all documentation files in /docs/ and *.md files in the repository root to identify what needs updating.

Agent Task Flow

1. Gather recent changes from past 7 days
2. Identify documentation gaps
3. Review current documentation
4. Verify code examples still work
5. Create PR with changes

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Implement Documentation Maintainer workflow</issue_title>
<issue_description>## Objective

Create a daily workflow that reviews documentation files (16+ docs) and creates PRs to keep them synchronized with code changes.

Context

The repository has 16+ documentation files (/docs/, README.md, AGENTS.md) that drift out of sync with code. Recent examples:

• PR feat: remove Docker-in-Docker support #205 removed Docker-in-Docker but MCP configuration docs still referenced it
• Architecture changes to iptables rules aren't reflected in security documentation
• CLI flag additions aren't consistently documented

As a security-critical tool, accurate documentation is essential for safe usage.

Approach

1. Create workflow file: .github/workflows/doc-maintainer.md
2. Configure triggers:
   • Daily schedule
   • Manual workflow_dispatch
3. Review recent changes: Analyze git commits from past 7 days
4. Identify documentation gaps:
   • Architecture changes (Docker, containers, networking)
   • API changes (CLI flags, env vars, configuration options)
   • Usage examples (MCP setup, firewall rules, domain whitelisting)
   • Security guidance (capabilities, iptables, Squid config)
5. Create PR with updates:
   • Focus on critical docs first: /docs/mcp-config.md, README.md, AGENTS.md
   • Ensure code examples execute correctly
   • Update version numbers when applicable
   • Keep examples minimal and focused

Files to Create/Modify

• Create: .github/workflows/doc-maintainer.md
• Reference: daily-doc-updater template

Priority Documentation Files

1. /docs/mcp-config.md - MCP server configuration (CRITICAL - frequently outdated)
2. /docs/architecture.md - Container and network architecture
3. /docs/usage.md - CLI usage and examples
4. README.md - Overview and quick start
5. AGENTS.md - Agent development guidelines
6. /docs/logging.md - Logging configuration

Acceptance Criteria

• Workflow runs daily at scheduled time
• Reviews git commits from past 7 days
• Identifies documentation that needs updates
• Creates PR with synchronized documentation
• Verifies code examples are valid
• Completes within 15 minutes timeout
• Labels PRs with documentation, ai-generated

Success Metrics

• Reduce documentation drift to <7 days
• Zero broken code examples in docs
• All new CLI flags documented within 48 hours
  Related to [plan] Enhance agentic workflow maturity to Level 4 (Optimized) #332

AI generated by Plan Command for discussion #328

Comments on the Issue (you are @copilot in this section)

Custom agent used: create-agentic-workflow
Design agentic workflows using GitHub Agentic Workflows (gh-aw) extension with interactive guidance on triggers, tools, and security best practices.

• Fixes [plan] Implement Documentation Maintainer workflow #334

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	77.88%	77.88%	➡️ +0.00%
Statements	77.94%	77.94%	➡️ +0.00%
Functions	77.29%	77.29%	➡️ +0.00%
Branches	71.00%	71.00%	➡️ +0.00%

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Mossaka]

@copilot please allow all tools in bash

[Copilot]

Done in 7942811 - removed all bash command restrictions, now allows all tools.

[Mossaka]

@copilot just tell the agent to read all the files in /docs and all the *.md files no need to be specific. the agent can epxlore it by itself.

[Copilot]

Done in 7942811 - simplified to tell the agent to explore /docs/ and *.md files on its own.

[Mossaka]

@copilot delete those details

[Copilot]

Done in 7942811 - removed the detailed bash command examples.

[Mossaka]

@copilot delete those details

[Copilot]

Done in 7942811 - removed the detailed documentation gaps mapping.

[Mossaka]

@copilot delete those details

[Copilot]

Done in 7942811 - removed the detailed review documentation section with bash examples.

[github-actions]

🔒 Security Review: Unrestricted Bash Access Concern

I've reviewed this PR and identified a security concern related to the bash tool configuration.

Issue: Unrestricted Bash Command Access

Severity: Medium-High
Location: .github/workflows/doc-maintainer.md, lines 18-19

Finding: The workflow grants unrestricted bash access to the AI agent:

tools:
  bash:

While the PR description explicitly states this is intentional ("bash with all commands allowed for flexible commit analysis"), this creates security risks for a daily automated workflow with repository write access.

Why This is Concerning

What the agent needs for documentation maintenance:

• git log - to see recent commits
• grep, cat, head, tail - to read files and search
• find, ls - to locate files
• wc - to count changes

What unrestricted bash also allows:

• curl - fetch and execute arbitrary content from allowed domains (github.com, raw.githubusercontent.com, registry.npmjs.org)
• chmod/chown - modify file permissions
• rm -rf - delete files before PR creation
• Complex shell pipelines that could obfuscate malicious behavior
• Git configuration manipulation

Attack Scenarios

While the firewall restricts network access to approved domains, the combination of:

1. Unrestricted bash + Repository write access (edit tool) + PR creation (create-pull-request) + Daily automated execution

Creates potential attack vectors:

• Agent could download malicious scripts from allowed domains and execute them
• Agent could modify security-critical files (iptables rules, Squid config, seccomp profiles) before creating a PR
• Agent could use bash to manipulate documentation in ways that mislead users about security features
• Agent could exfiltrate data through network requests to allowed domains

Recommendations

Option 1 (Recommended): Restrict bash to specific safe commands:

tools:
  bash:
    - "git"
    - "grep"
    - "find"
    - "cat"
    - "head"
    - "tail"
    - "wc"
    - "ls"

This provides all the functionality needed for commit analysis and documentation review without the security risks.

Option 2: Keep unrestricted access but add safeguards:

• Require manual review before merging any PRs created by this workflow
• Add security scanning of generated PRs (check for changes to security-critical files)
• Limit edit tool scope to /docs/ and *.md files only
• Add audit logging of all bash commands executed

Option 3: Accept the risk with documentation:

• Document why unrestricted bash is necessary (what specific commands are needed that aren't in the restricted list?)
• Document security controls in place
• Document monitoring for misuse

Question for Maintainers

What specific bash commands beyond the basic set (git, grep, cat, find, ls, wc) are required for this workflow?

If the answer is "none" or only a few additional commands, Option 1 (restricted allowlist) is the safest approach for a security-critical tool like AWF.

---

Note: This is not a false alarm about code style - this is a genuine security boundary concern for a tool whose purpose is to provide security isolation for AI agents.

AI generated by Security Guard