From 1ba36ba3484684f02bb811e49cc1f011c07f3261 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 16 Mar 2026 22:35:15 +0000 Subject: [PATCH 1/3] Initial plan From 9011f11d485eda83a53a453cdd5bff886da667fc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 16 Mar 2026 22:42:33 +0000 Subject: [PATCH 2/3] Remove lockdown: false from agentic workflows Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/contribution-check.lock.yml | 2 +- .github/workflows/contribution-check.md | 1 - .github/workflows/daily-syntax-error-quality.lock.yml | 2 +- .github/workflows/daily-syntax-error-quality.md | 1 - .github/workflows/plan.lock.yml | 2 +- .github/workflows/plan.md | 1 - .github/workflows/scout.lock.yml | 2 +- .github/workflows/scout.md | 1 - 8 files changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index e99fe5c9d44..0206c813cd7 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -22,7 +22,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"4de9281fdf89dba8197d91de6339b21a8b01ddb1645d17de1f09b3a70fc4cf53","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"73731a23c2022c2d879aa83c7762903c5cf535db7da8f151684d8107d10a1475","strict":true} name: "Contribution Check" "on": diff --git a/.github/workflows/contribution-check.md b/.github/workflows/contribution-check.md index bb821a09563..85f9b11f01b 100644 --- a/.github/workflows/contribution-check.md +++ b/.github/workflows/contribution-check.md @@ -15,7 +15,6 @@ env: tools: github: toolsets: [default] - lockdown: false safe-outputs: create-issue: title-prefix: "[Contribution Check Report]" diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 0aaecde445c..5f4e589ce91 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -27,7 +27,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"c4b7c52a6c58b8c054b75b4e9240efd1b9435789fa1f35652462876451aed8b2","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"617798aaf755b934777aa3c92ed8e6c6c45d1f3b23a20ab7e5b0ff2b8536f2cf","strict":true} name: "Daily Syntax Error Quality Check" "on": diff --git a/.github/workflows/daily-syntax-error-quality.md b/.github/workflows/daily-syntax-error-quality.md index 6e5cacd114f..5f88458dd24 100644 --- a/.github/workflows/daily-syntax-error-quality.md +++ b/.github/workflows/daily-syntax-error-quality.md @@ -12,7 +12,6 @@ tracker-id: daily-syntax-error-quality engine: copilot tools: github: - lockdown: false toolsets: - default bash: diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index d1b635d1b82..cdca5bfe1f7 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -23,7 +23,7 @@ # # Generates project plans and task breakdowns when invoked with /plan command in issues or PRs # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"0557f488754d46db0b535c04267efa16ae72869133b87a4a9a8de87a96067ed3","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"ef15c568ed52f4f6c83a797e5c7c67c79c210cc7ba2bcc35d346df50fd910f72","strict":true} name: "Plan Command" "on": diff --git a/.github/workflows/plan.md b/.github/workflows/plan.md index f7f817565be..e7373bb02d0 100644 --- a/.github/workflows/plan.md +++ b/.github/workflows/plan.md @@ -13,7 +13,6 @@ permissions: engine: copilot tools: github: - lockdown: false toolsets: [default, discussions] safe-outputs: create-issue: diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index 3a792d9c776..a110ff36d22 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -33,7 +33,7 @@ # - shared/mcp/tavily.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"ab1cde07589013cf3883a1da93d56db5e5aa305c3baae6e98dae8954cf10dcdd","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"afb56af2ad7f39657bed5275c2b3eba2fefebbfba9ea4219294dd6f881b012ac","strict":true} name: "Scout" "on": diff --git a/.github/workflows/scout.md b/.github/workflows/scout.md index d240b82251c..1341bf14059 100644 --- a/.github/workflows/scout.md +++ b/.github/workflows/scout.md @@ -35,7 +35,6 @@ tools: edit: cache-memory: true github: - lockdown: false safe-outputs: add-comment: max: 1 From 9e9bb30348aeb40e02ae1eb9fb7961fc1909ecd5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 16 Mar 2026 22:55:14 +0000 Subject: [PATCH 3/3] Add min-integrity: none and repos: all to contribution-check, plan, and scout workflows Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/contribution-check.lock.yml | 25 +++---- .github/workflows/contribution-check.md | 2 + .github/workflows/plan.lock.yml | 25 +++---- .github/workflows/plan.md | 2 + .github/workflows/scout.lock.yml | 70 +++++++++++++------ .github/workflows/scout.md | 2 + 6 files changed, 76 insertions(+), 50 deletions(-) diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index 0206c813cd7..62fb028f1d4 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -22,7 +22,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"73731a23c2022c2d879aa83c7762903c5cf535db7da8f151684d8107d10a1475","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"23a89d50ad95694dbbfba8c7872a41f03697c87526de949a7725c12497d05d1c","strict":true} name: "Contribution Check" "on": @@ -316,16 +316,6 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.2 - - name: Determine automatic lockdown mode for GitHub MCP Server - id: determine-automatic-lockdown - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - env: - GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} - GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} - with: - script: | - const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); - await determineAutomaticLockdown(github, context, core); - name: Download container images run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.24.2 ghcr.io/github/gh-aw-firewall/api-proxy:0.24.2 ghcr.io/github/gh-aw-firewall/squid:0.24.2 ghcr.io/github/gh-aw-mcpg:v0.1.15 ghcr.io/github/github-mcp-server:v0.32.0 node:lts-alpine - name: Write Safe Outputs Config @@ -725,8 +715,6 @@ jobs: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }} GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }} - GITHUB_MCP_GUARD_MIN_INTEGRITY: ${{ steps.determine-automatic-lockdown.outputs.min_integrity }} - GITHUB_MCP_GUARD_REPOS: ${{ steps.determine-automatic-lockdown.outputs.repos }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | set -eo pipefail @@ -761,8 +749,8 @@ jobs: }, "guard-policies": { "allow-only": { - "min-integrity": "$GITHUB_MCP_GUARD_MIN_INTEGRITY", - "repos": "$GITHUB_MCP_GUARD_REPOS" + "min-integrity": "none", + "repos": "all" } } }, @@ -771,6 +759,13 @@ jobs: "url": "http://host.docker.internal:$GH_AW_SAFE_OUTPUTS_PORT", "headers": { "Authorization": "\${GH_AW_SAFE_OUTPUTS_API_KEY}" + }, + "guard-policies": { + "write-sink": { + "accept": [ + "*" + ] + } } } }, diff --git a/.github/workflows/contribution-check.md b/.github/workflows/contribution-check.md index 85f9b11f01b..c26f2c6b529 100644 --- a/.github/workflows/contribution-check.md +++ b/.github/workflows/contribution-check.md @@ -15,6 +15,8 @@ env: tools: github: toolsets: [default] + repos: all + min-integrity: none safe-outputs: create-issue: title-prefix: "[Contribution Check Report]" diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index cdca5bfe1f7..253f9caa49b 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -23,7 +23,7 @@ # # Generates project plans and task breakdowns when invoked with /plan command in issues or PRs # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"ef15c568ed52f4f6c83a797e5c7c67c79c210cc7ba2bcc35d346df50fd910f72","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"84959bfbc2abf6ea65661e0164519d62d375c38bff49f43d702c29cc56f98af0","strict":true} name: "Plan Command" "on": @@ -376,16 +376,6 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.2 - - name: Determine automatic lockdown mode for GitHub MCP Server - id: determine-automatic-lockdown - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - env: - GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} - GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} - with: - script: | - const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); - await determineAutomaticLockdown(github, context, core); - name: Download container images run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.24.2 ghcr.io/github/gh-aw-firewall/api-proxy:0.24.2 ghcr.io/github/gh-aw-firewall/squid:0.24.2 ghcr.io/github/gh-aw-mcpg:v0.1.15 ghcr.io/github/github-mcp-server:v0.32.0 node:lts-alpine - name: Write Safe Outputs Config @@ -751,8 +741,6 @@ jobs: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }} GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }} - GITHUB_MCP_GUARD_MIN_INTEGRITY: ${{ steps.determine-automatic-lockdown.outputs.min_integrity }} - GITHUB_MCP_GUARD_REPOS: ${{ steps.determine-automatic-lockdown.outputs.repos }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | set -eo pipefail @@ -787,8 +775,8 @@ jobs: }, "guard-policies": { "allow-only": { - "min-integrity": "$GITHUB_MCP_GUARD_MIN_INTEGRITY", - "repos": "$GITHUB_MCP_GUARD_REPOS" + "min-integrity": "none", + "repos": "all" } } }, @@ -797,6 +785,13 @@ jobs: "url": "http://host.docker.internal:$GH_AW_SAFE_OUTPUTS_PORT", "headers": { "Authorization": "\${GH_AW_SAFE_OUTPUTS_API_KEY}" + }, + "guard-policies": { + "write-sink": { + "accept": [ + "*" + ] + } } } }, diff --git a/.github/workflows/plan.md b/.github/workflows/plan.md index e7373bb02d0..4ae7615277b 100644 --- a/.github/workflows/plan.md +++ b/.github/workflows/plan.md @@ -14,6 +14,8 @@ engine: copilot tools: github: toolsets: [default, discussions] + repos: all + min-integrity: none safe-outputs: create-issue: expires: 2d diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index a110ff36d22..e1b355a9f08 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -33,7 +33,7 @@ # - shared/mcp/tavily.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"afb56af2ad7f39657bed5275c2b3eba2fefebbfba9ea4219294dd6f881b012ac","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"1257d91a7cbfe146dbfc43fb7b731d709fe84bfc4622da42ad1cf548a7f04428","strict":true} name: "Scout" "on": @@ -485,16 +485,6 @@ jobs: run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.2 - name: Install Claude Code CLI run: npm install -g @anthropic-ai/claude-code@latest - - name: Determine automatic lockdown mode for GitHub MCP Server - id: determine-automatic-lockdown - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - env: - GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} - GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} - with: - script: | - const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); - await determineAutomaticLockdown(github, context, core); - name: Download container images run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.24.2 ghcr.io/github/gh-aw-firewall/api-proxy:0.24.2 ghcr.io/github/gh-aw-firewall/squid:0.24.2 ghcr.io/github/gh-aw-mcpg:v0.1.15 ghcr.io/github/github-mcp-server:v0.32.0 mcp/arxiv-mcp-server mcp/markitdown node:lts-alpine - name: Write Safe Outputs Config @@ -812,8 +802,6 @@ jobs: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }} GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }} - GITHUB_MCP_GUARD_MIN_INTEGRITY: ${{ steps.determine-automatic-lockdown.outputs.min_integrity }} - GITHUB_MCP_GUARD_REPOS: ${{ steps.determine-automatic-lockdown.outputs.repos }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }} run: | @@ -844,7 +832,14 @@ jobs: "search_arxiv", "get_paper_details", "get_paper_pdf" - ] + ], + "guard-policies": { + "write-sink": { + "accept": [ + "*" + ] + } + } }, "deepwiki": { "type": "http", @@ -853,7 +848,14 @@ jobs: "read_wiki_structure", "read_wiki_contents", "ask_question" - ] + ], + "guard-policies": { + "write-sink": { + "accept": [ + "*" + ] + } + } }, "github": { "container": "ghcr.io/github/github-mcp-server:v0.32.0", @@ -865,8 +867,8 @@ jobs: }, "guard-policies": { "allow-only": { - "min-integrity": "$GITHUB_MCP_GUARD_MIN_INTEGRITY", - "repos": "$GITHUB_MCP_GUARD_REPOS" + "min-integrity": "none", + "repos": "all" } } }, @@ -875,20 +877,41 @@ jobs: "container": "mcp/markitdown", "tools": [ "*" - ] + ], + "guard-policies": { + "write-sink": { + "accept": [ + "*" + ] + } + } }, "microsoftdocs": { "type": "http", "url": "https://learn.microsoft.com/api/mcp", "tools": [ "*" - ] + ], + "guard-policies": { + "write-sink": { + "accept": [ + "*" + ] + } + } }, "safeoutputs": { "type": "http", "url": "http://host.docker.internal:$GH_AW_SAFE_OUTPUTS_PORT", "headers": { "Authorization": "$GH_AW_SAFE_OUTPUTS_API_KEY" + }, + "guard-policies": { + "write-sink": { + "accept": [ + "*" + ] + } } }, "tavily": { @@ -899,7 +922,14 @@ jobs: }, "tools": [ "*" - ] + ], + "guard-policies": { + "write-sink": { + "accept": [ + "*" + ] + } + } } }, "gateway": { diff --git a/.github/workflows/scout.md b/.github/workflows/scout.md index 1341bf14059..5e63626e253 100644 --- a/.github/workflows/scout.md +++ b/.github/workflows/scout.md @@ -35,6 +35,8 @@ tools: edit: cache-memory: true github: + repos: all + min-integrity: none safe-outputs: add-comment: max: 1