From 0901bc669f6a10e1c3355bc555a6510a3e32c22f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 18 Mar 2026 13:45:20 +0000
Subject: [PATCH 1/3] Initial plan


From 4eb7aa2aeb8274590ab9635f685cba70d4f9b7ae Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 18 Mar 2026 13:57:28 +0000
Subject: [PATCH 2/3] Disable lockdown mode for weekly blog post generator

The workflow was failing because lockdown: true was set but no custom
GitHub token (GH_AW_GITHUB_TOKEN) was configured as a repository secret.
Changed to lockdown: false and recompiled the lock file.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .github/workflows/weekly-blog-post-writer.lock.yml | 6 +-----
 .github/workflows/weekly-blog-post-writer.md       | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/weekly-blog-post-writer.lock.yml b/.github/workflows/weekly-blog-post-writer.lock.yml
index e9162f81bc..a17d88367c 100644
--- a/.github/workflows/weekly-blog-post-writer.lock.yml
+++ b/.github/workflows/weekly-blog-post-writer.lock.yml
@@ -26,7 +26,7 @@
 #   Imports:
 #     - shared/mcp/qmd-docs.md
 #
-# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"394914f5465bdfefb79a2e0ea981b6be025a4e3ee6097fec435765741c63e25c","strict":true}
+# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"561aaeee72a4bfc8d1a205e97017a29c20a90959981121bd24b72b23a507904a","strict":true}
 
 name: "Weekly Blog Post Writer"
 "on":
@@ -82,9 +82,6 @@ jobs:
           GH_AW_INFO_AWMG_VERSION: ""
           GH_AW_INFO_FIREWALL_TYPE: "squid"
           GH_AW_COMPILED_STRICT: "true"
-          GITHUB_MCP_LOCKDOWN_EXPLICIT: "true"
-          GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
-          GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
@@ -754,7 +751,6 @@ jobs:
                 "container": "ghcr.io/github/github-mcp-server:v0.32.0",
                 "env": {
                   "GITHUB_HOST": "\${GITHUB_SERVER_URL}",
-                  "GITHUB_LOCKDOWN_MODE": "1",
                   "GITHUB_PERSONAL_ACCESS_TOKEN": "\${GITHUB_MCP_SERVER_TOKEN}",
                   "GITHUB_READ_ONLY": "1",
                   "GITHUB_TOOLSETS": "repos,pull_requests"
diff --git a/.github/workflows/weekly-blog-post-writer.md b/.github/workflows/weekly-blog-post-writer.md
index 223cdf1fb3..4a6274682e 100644
--- a/.github/workflows/weekly-blog-post-writer.md
+++ b/.github/workflows/weekly-blog-post-writer.md
@@ -18,7 +18,7 @@ tools:
   edit:
   bash: ["*"]
   github:
-    lockdown: true
+    lockdown: false
     toolsets:
       - repos
       - pull_requests

From 121bc7449e9d168c50597e4dbaa233efe7d88c11 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 18 Mar 2026 14:13:53 +0000
Subject: [PATCH 3/3] Add guard policy to weekly-blog-post-writer:
 repos=github/gh-aw, min-integrity=approved

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .../weekly-blog-post-writer.lock.yml          | 26 ++++++-------------
 .github/workflows/weekly-blog-post-writer.md  |  3 +++
 2 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/weekly-blog-post-writer.lock.yml b/.github/workflows/weekly-blog-post-writer.lock.yml
index a17d88367c..16ab25da0a 100644
--- a/.github/workflows/weekly-blog-post-writer.lock.yml
+++ b/.github/workflows/weekly-blog-post-writer.lock.yml
@@ -26,7 +26,7 @@
 #   Imports:
 #     - shared/mcp/qmd-docs.md
 #
-# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"561aaeee72a4bfc8d1a205e97017a29c20a90959981121bd24b72b23a507904a","strict":true}
+# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"bccf86997b5e61ac97e28d9a6979b8c67b2605ba9fe717b26e672688edcf5a15","strict":true}
 
 name: "Weekly Blog Post Writer"
 "on":
@@ -402,16 +402,6 @@ jobs:
           GH_HOST: github.com
       - name: Install AWF binary
         run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.24.2
-      - name: Determine automatic lockdown mode for GitHub MCP Server
-        id: determine-automatic-lockdown
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
-        env:
-          GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
-          GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
-        with:
-          script: |
-            const determineAutomaticLockdown = require('${{ runner.temp }}/gh-aw/actions/determine_automatic_lockdown.cjs');
-            await determineAutomaticLockdown(github, context, core);
       - name: Download container images
         run: bash ${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.24.2 ghcr.io/github/gh-aw-firewall/api-proxy:0.24.2 ghcr.io/github/gh-aw-firewall/squid:0.24.2 ghcr.io/github/gh-aw-mcpg:v0.1.17 ghcr.io/github/github-mcp-server:v0.32.0 node:lts-alpine
       - name: Install gh-aw extension
@@ -701,8 +691,6 @@ jobs:
           GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }}
           GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }}
           GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }}
-          GITHUB_MCP_GUARD_MIN_INTEGRITY: ${{ steps.determine-automatic-lockdown.outputs.min_integrity }}
-          GITHUB_MCP_GUARD_REPOS: ${{ steps.determine-automatic-lockdown.outputs.repos }}
           GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
@@ -741,7 +729,7 @@ jobs:
                 "guard-policies": {
                   "write-sink": {
                     "accept": [
-                      "*"
+                      "private:github/gh-aw"
                     ]
                   }
                 }
@@ -757,8 +745,10 @@ jobs:
                 },
                 "guard-policies": {
                   "allow-only": {
-                    "min-integrity": "$GITHUB_MCP_GUARD_MIN_INTEGRITY",
-                    "repos": "$GITHUB_MCP_GUARD_REPOS"
+                    "min-integrity": "approved",
+                    "repos": [
+                      "github/gh-aw"
+                    ]
                   }
                 }
               },
@@ -771,7 +761,7 @@ jobs:
                 "guard-policies": {
                   "write-sink": {
                     "accept": [
-                      "*"
+                      "private:github/gh-aw"
                     ]
                   }
                 }
@@ -785,7 +775,7 @@ jobs:
                 "guard-policies": {
                   "write-sink": {
                     "accept": [
-                      "*"
+                      "private:github/gh-aw"
                     ]
                   }
                 }
diff --git a/.github/workflows/weekly-blog-post-writer.md b/.github/workflows/weekly-blog-post-writer.md
index 4a6274682e..b30555ed86 100644
--- a/.github/workflows/weekly-blog-post-writer.md
+++ b/.github/workflows/weekly-blog-post-writer.md
@@ -19,6 +19,9 @@ tools:
   bash: ["*"]
   github:
     lockdown: false
+    repos:
+      - github/gh-aw
+    min-integrity: approved
     toolsets:
       - repos
       - pull_requests