github · pelikhan · Dec 14, 2025 · Dec 13, 2025 · Dec 13, 2025 · Dec 13, 2025
diff --git a/.github/aw/github-agentic-workflows.md b/.github/aw/github-agentic-workflows.md
diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml
diff --git a/.github/workflows/artifacts-summary.md b/.github/workflows/artifacts-summary.md
@@ -11,7 +11,8 @@ network:
   allowed:
     - defaults
     - node
-  firewall: true
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 tools:
   edit:
   bash:
@@ -84,4 +85,4 @@ Create an issue with a markdown table like this:
 - Focus on workflows that actually generate artifacts (skip those without any)
 - Convert sizes to human-readable formats (MB, GB)
 - Consider artifact retention policies in your analysis
-- Include both successful and failed runs in the analysis, ignore cancelled runs
+- Include both successful and failed runs in the analysis, ignore cancelled runs
diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml
diff --git a/.github/workflows/copilot-pr-nlp-analysis.md b/.github/workflows/copilot-pr-nlp-analysis.md
@@ -20,8 +20,9 @@ network:
     - defaults
     - python
     - node
-  firewall: true
 
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 safe-outputs:
   create-discussion:
     title-prefix: "[nlp-analysis] "
@@ -492,4 +493,4 @@ Store reusable components and historical data:
 
 ---
 
-**Remember**: Focus on identifying actionable patterns in Copilot PR conversations that can inform prompt improvements, development practices, and collaboration quality.
+**Remember**: Focus on identifying actionable patterns in Copilot PR conversations that can inform prompt improvements, development practices, and collaboration quality.
diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml
diff --git a/.github/workflows/copilot-pr-prompt-analysis.md b/.github/workflows/copilot-pr-prompt-analysis.md
@@ -19,8 +19,9 @@ network:
   allowed:
     - defaults
     - node
-  firewall: true
 
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 safe-outputs:
   create-discussion:
     title-prefix: "[prompt-analysis] "
@@ -303,4 +304,4 @@ A successful analysis:
 - ✅ Creates discussion with clear insights
 - ✅ Includes concrete examples of good and poor prompts
 
-**Remember**: The goal is to help developers write better prompts that lead to more successful PR merges.
+**Remember**: The goal is to help developers write better prompts that lead to more successful PR merges.
diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml
diff --git a/.github/workflows/daily-news.md b/.github/workflows/daily-news.md
@@ -23,8 +23,9 @@ network:
     - defaults
     - python
     - node
-  firewall: true
 
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 safe-outputs:
   upload-assets:
   create-discussion:
@@ -414,4 +415,4 @@ If insufficient data is available (less than 7 days):
 
 Create a new GitHub discussion with a title containing today's date (e.g., "Daily Status - 2024-10-10") containing a markdown report with your findings. Use links where appropriate.
 
-Only a new discussion should be created, do not close or update any existing discussions.
+Only a new discussion should be created, do not close or update any existing discussions.
diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml
diff --git a/.github/workflows/daily-repo-chronicle.md b/.github/workflows/daily-repo-chronicle.md
@@ -19,7 +19,8 @@ network:
     - defaults
     - python
     - node
-  firewall: true
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 tools:
   edit:
   bash:
@@ -198,4 +199,4 @@ End with a brief statistical snapshot, but keep it snappy.
 
 3. If there's no activity, write a "Quiet Day" edition acknowledging the calm.
 
-Remember: You're a newspaper editor, not a bot. Make it engaging! 📰
+Remember: You're a newspaper editor, not a bot. Make it engaging! 📰
diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml
diff --git a/.github/workflows/firewall-escape.md b/.github/workflows/firewall-escape.md
@@ -26,8 +26,9 @@ network:
   allowed:
     - defaults
     - node
-  firewall: true
 
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 tools:
   cache-memory: true
   bash: [":*"]
@@ -61,8 +62,9 @@ jobs:
             - An allowed domain was blocked unexpectedly
             - File operations failed
 
-            ---
-            *Auto-generated by firewall escape test workflow*`,
+---
+
+*Auto-generated by firewall escape test workflow*`,
               labels: ['bug', 'firewall', 'automated']
             });
 ---
@@ -222,4 +224,4 @@ After exhausting your escape attempts, provide:
 4. Your assessment of the sandbox's security posture
 5. Recommendations for hardening based on your analysis
 
-**Remember: This is authorized security testing. Study the implementation, think creatively, and try your absolute best to break out.**
+**Remember: This is authorized security testing. Study the implementation, think creatively, and try your absolute best to break out.**
diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml
diff --git a/.github/workflows/firewall.md b/.github/workflows/firewall.md
@@ -14,8 +14,9 @@ network:
   allowed:
     - defaults
     - node
-  firewall: true
 
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 tools:
   web-fetch:
 
@@ -43,4 +44,4 @@ Since network permissions are set to `defaults` (which does not include example.
 ## Context
 
 - **Repository**: ${{ github.repository }}
-- **Triggered by**: ${{ github.actor }}
+- **Triggered by**: ${{ github.actor }}
diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml
diff --git a/.github/workflows/mcp-inspector.md b/.github/workflows/mcp-inspector.md
@@ -11,14 +11,15 @@ permissions:
   actions: read
 engine: copilot
 network:
-  firewall: true
   allowed:
     - defaults
     - containers
     - node
     - "cdn.jsdelivr.net"        # npm package CDN
     - "fonts.googleapis.com"    # Google Fonts API
     - "fonts.gstatic.com"       # Google Fonts static content
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 safe-outputs:
   create-discussion:
     category: "audits"
@@ -92,4 +93,4 @@ Generate:
 1. [Issue or improvement]
 ```
 
-Save to `/tmp/gh-aw/cache-memory/mcp-inspections/[DATE].json` and create discussion in "audits" category.
+Save to `/tmp/gh-aw/cache-memory/mcp-inspections/[DATE].json` and create discussion in "audits" category.
diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml
diff --git a/.github/workflows/release.md b/.github/workflows/release.md
@@ -19,7 +19,8 @@ network:
   allowed:
     - defaults
     - node
-  firewall: true
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 tools:
   bash:
     - "*"
@@ -319,4 +320,4 @@ update_release({
 - Reference: `https://githubnext.github.io/gh-aw/reference/`
 - Setup: `https://githubnext.github.io/gh-aw/setup/`
 
-Verify paths exist in `docs_files.txt` before linking.
+Verify paths exist in `docs_files.txt` before linking.
diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml
diff --git a/.github/workflows/research.md b/.github/workflows/research.md
@@ -19,8 +19,9 @@ network:
   allowed:
     - defaults
     - node
-  firewall: true
 
+sandbox:
+  agent: awf  # Firewall enabled (migrated from network.firewall)
 imports:
   - shared/mcp/tavily.md
   - shared/reporting.md
@@ -59,4 +60,4 @@ Create a GitHub discussion with your research summary including:
 - Key findings from your research
 - Relevant sources and links
 
-Keep your summary concise and focused on the most important information.
+Keep your summary concise and focused on the most important information.