Configure smoke-agent workflow with GitHub guard policies for public repos

.github/aw/actions-lock.json

@@ -10,11 +10,21 @@
       "version": "v4.1.0",
       "sha": "a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32"
     },
+    "actions/cache/restore@v4": {
+      "repo": "actions/cache/restore",
+      "version": "v4",
+      "sha": "0057852bfaa89a56745cba8c7296529d2fc39830"
+    },
     "actions/cache/restore@v5.0.3": {
       "repo": "actions/cache/restore",
       "version": "v5.0.3",
       "sha": "cdf6c1fa76f9f475f3d7449005a359c84ca0f306"
     },
+    "actions/cache/save@v4": {
+      "repo": "actions/cache/save",
+      "version": "v4",
+      "sha": "0057852bfaa89a56745cba8c7296529d2fc39830"
+    },
     "actions/cache/save@v5.0.3": {
       "repo": "actions/cache/save",
       "version": "v5.0.3",
@@ -60,6 +70,11 @@
       "version": "v5.2.0",
       "sha": "be666c2fcd27ec809703dec50e508c2fdc7f6654"
     },
+    "actions/setup-node@v4": {
+      "repo": "actions/setup-node",
+      "version": "v4",
+      "sha": "49933ea5288caeca8642d1e84afbd3f7d6820020"
+    },
     "actions/setup-node@v6.3.0": {
       "repo": "actions/setup-node",
       "version": "v6.3.0",

.github/workflows/smoke-agent-all-merged.md

@@ -0,0 +1,88 @@
+---
+description: "Guard policy smoke test: repos=all, min-integrity=merged (most restrictive)"
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [labeled]
+    names: ["metal"]
+  status-comment: true
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
+name: "Smoke Agent: all/merged"
+engine: codex
+strict: true
+tools:
+  github:
+    mode: local
+    repos: "all"
+    min-integrity: merged
+network:
+  allowed:
+    - defaults
+    - github
+safe-outputs:
+  add-comment:
+    hide-older-comments: true
+    max: 2
+  messages:
+    footer: "> 🤖 *Guard policy smoke test by [{workflow_name}]({run_url})*{history_link}"
+    run-started: "🔍 [{workflow_name}]({run_url}) testing guard policy: `repos=all, min-integrity=merged`..."
+    run-success: "✅ [{workflow_name}]({run_url}) completed guard policy test."
+    run-failure: "❌ [{workflow_name}]({run_url}) {status}. Check the logs for details."
+timeout-minutes: 10
+---
+
+# Guard Policy Smoke Test: all/merged (most restrictive)
+
+This workflow tests the most restrictive guard policy (`repos: all`, `min-integrity: merged`).
+Only merged/committed content should be accessible. Unmerged PRs and draft content should be filtered.
+
+## Instructions
+
+Test GitHub MCP tool access under this guard policy by performing these operations and reporting results.
+
+### Step 1: Search public repositories
+
+Use `search_repositories` to search for `topic:actions` and return the top 3 results. Record:
+- Repository full name (owner/repo)
+- Star count
+- Whether access was allowed or denied
+
+### Step 2: Search repositories in the github org
+
+Use `search_repositories` to search for `org:github gh-aw` to find repositories in the github org. Record:
+- Repository full name
+- Whether access was allowed or denied
+
+### Step 3: List issues from this repository
+
+Use `list_issues` on `${{ github.repository }}` with `state: open` and `per_page: 3`. Record:
+- Issue number and title
+- Whether access was allowed or denied
+
+### Step 4: List issues from a different public repository
+
+Use `list_issues` on `github/docs` with `state: open` and `per_page: 3`. Record:
+- Issue number and title
+- Whether access was allowed or denied
+
+### Step 5: Search code across repositories
+
+Use `search_code` to search for `guard-policies language:go org:github` and return the top 3 results. Record:
+- File path and repository
+- Whether access was allowed or denied
+
+### Step 6: Report results
+
+Use the `add_comment` safe-output tool to post a summary to the current PR:
+
+```json
+{
+  "type": "add_comment",
+  "body": "## Guard Policy Test Results: `all/merged`\n\n### Policy\n- repos: `all`\n- min-integrity: `merged`\n\n### Results\n<results from each step>\n\n### Expected\nAccess should be restricted to merged content only. Unmerged PR content should be blocked."
+}
+```
+
+If there is no PR context, use the `noop` tool to report the results summary.