Migrate security-fix-pr workflow from Claude to Copilot engine

[Copilot]

Workflow run #21019704279 failed because Claude's MCP integration couldn't call list_code_scanning_alerts - the tool consistently returned "missing required parameter" errors, preventing the agent from creating autofixes via safe-outputs.

Changes

Engine Migration

• Changed engine: claude → engine: copilot in .github/workflows/security-fix-pr.md
• Recompiled workflow to generate Copilot-compatible lock file
• Merged latest changes from main branch
• Rebuilt binary and recompiled workflow with updated compiler improvements

Root Cause

Log analysis showed:

1. Agent called mcp__github__list_code_scanning_alerts
2. MCP returned parameter validation errors
3. Agent fell back to bash gh CLI (unavailable in container)
4. Agent called mcp__safeoutputs__missing_tool and exited
5. Never reached autofix_code_scanning_alert safe-output

Copilot's GitHub MCP integration handles the code scanning API correctly.

Lock File Changes

# Before (Claude)
- Install Claude Code CLI
  env:
    CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

# After (Copilot)  
- Install GitHub Copilot CLI
  env:
    COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

Safe-outputs configuration unchanged - autofix_code_scanning_alert tool definition remains identical.

Updates

The PR now includes all latest changes from the main branch, ensuring compatibility with recent compiler improvements and MCP gateway enhancements.

---

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

Original prompt

Reference: https://github.com/githubnext/gh-aw/actions/runs/21019704279/job/60432020743

Migrate this agentic workflow to copilot and debug why it failed to create safe-outputs

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[pelikhan]

@copilot merge main

[Copilot]

@copilot merge main

Merged main branch successfully. Resolved merge conflicts in lock file and recompiled workflow with latest compiler improvements. Changes committed in d451c77.