fix: allow package.json/lock in dep security monitor PRs

[lpcox]

The Dependency Security Monitor workflow failed because create-pull-request safe-outputs tried to modify package-lock.json, which is in the compiler's default protected_files list.

Changes:

• Add allowed-files: [package.json, package-lock.json] to create-pull-request config — these files are legitimately modified when bundling dependency updates
• Add protected-files: fallback-to-issue as safety net — if the agent tries to modify other protected files (e.g., .github/ paths, CODEOWNERS), it creates a review issue instead of hard-failing

Root cause: Run 24530903368 failed at safe_outputs with:

Cannot create pull request: patch modifies protected files (package-lock.json).

Recompiled lock file and ran post-processing.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	84.33%	84.41%	📈 +0.08%
Statements	83.56%	83.64%	📈 +0.08%
Functions	87.39%	87.39%	➡️ +0.00%
Branches	74.78%	74.82%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	86.8% → 87.1% (+0.30%)	86.4% → 86.7% (+0.29%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Smoke Test Results

• ✅ GitHub MCP: fix: make smoke-claude safe outputs trigger-aware for workflow_dispatch #2036 "fix: make smoke-claude safe outputs trigger-aware for workflow_dispatch", chore: recompile workflows for gh-aw v0.68.5 #2034 "chore: recompile workflows for gh-aw v0.68.5"
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File write: /tmp/gh-aw/agent/smoke-test-claude-24539423992.txt created
• ✅ Bash verify: file contents confirmed

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🔥 Smoke Test: Copilot BYOK (Offline) — PASS ✅

Test	Result
GitHub MCP (list merged PRs)	✅ PR #2041: "fix: allow package.json/lock in dep security monitor PRs"
GitHub.com connectivity	✅
File write/read	✅
BYOK inference (agent → api-proxy → api.githubcopilot.com)	✅

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

cc @lpcox

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

🔥 Smoke Test: OpenCode — PASS

• ✅ GitHub MCP: reviewed last 2 merged PRs (#2036, #2018)
• ✅ File write: /tmp/gh-aw/agent/smoke-test-opencode-24539424021.txt created and verified
• ✅ Bash tool: file read back successfully
• ✅ Build AWF: npm ci && npm run build succeeded

Overall: PASS

🌐 Transmitted by Smoke OpenCode

[github-actions]

✅ Copilot Smoke Test: PASS

• ✅ MCP GitHub connectivity: Retrieved merged PR "fix: make smoke-claude safe outputs trigger-aware for workflow_dispatch"
• ✅ GitHub.com connectivity: HTTP 200
• ✅ File write/read: Verified at /tmp/gh-aw/agent/smoke-test-copilot-24539423991.txt

All tests passed. cc @lpcox

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke test summary:
PR titles:

• fix: make smoke-claude safe outputs trigger-aware for workflow_dispatch
• feat: add AWF JSON/YAML config ingestion with schema validation and CLI precedence

1. GitHub MCP merged PR review: ✅
2. safeinputs-gh PR query: ❌
3. Playwright GitHub title contains "GitHub": ✅
4. Tavily search returned results: ❌
5. File write test: ✅
6. Bash cat verification: ✅
7. Discussion query + oracle comment: ❌
8. npm ci && npm run build: ✅
   Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Smoke Test: GitHub Actions Services Connectivity

Check	Status	Detail
Redis PING (host.docker.internal:6379)	✅ Pass	+PONG
PostgreSQL ready (host.docker.internal:5432)	✅ Pass	accepting connections
PostgreSQL SELECT 1 (smoketest db)	✅ Pass	returned 1

All 3 checks passed.

Note: redis-cli was unavailable (apt not functional in this environment), so Redis was tested via raw TCP using Node.js — response was +PONG confirming the server is up.

🔌 Service connectivity validated by Smoke Services

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	passed	✅ PASS
Go	env	✅	passed	✅ PASS
Go	uuid	✅	passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	all passed	✅ PASS
Node.js	execa	✅	all passed	✅ PASS
Node.js	p-limit	✅	all passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #2041 · ● 702.5K · ◷

[Copilot]

Pull request overview

Updates the Dependency Security Monitor agentic workflow so dependency update PRs can include package.json and package-lock.json changes without failing safe-outputs, while adding a fallback policy for attempts to modify other protected files.

Changes:

• Allow package.json and package-lock.json in safe-outputs.create-pull-request.
• Configure protected-file handling to fallback-to-issue instead of hard-failing.
• Recompile/regenerate the workflow lock file to reflect the new safe-outputs configuration (and updated generated tooling metadata).

Show a summary per file

File	Description
.github/workflows/dependency-security-monitor.md	Adds allowed-files and sets protected-files handling policy for safe-outputs PR creation.
.github/workflows/dependency-security-monitor.lock.yml	Regenerates the compiled workflow, embedding the updated safe-outputs config and refreshed generated pins/metadata.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 2

[Copilot]

The generated lock workflow changes the scheduled cron time ("33 19" -> "18 23"). Even if this is a side-effect of recompilation, it changes when dependency monitoring runs and could affect vulnerability detection latency; consider keeping the previous cron value stable (or explicitly documenting that schedule time will shift on recompiles).

Suggested change

	- cron: "18 23 * * *"
	- cron: "33 19 * * *"

[Copilot]

This lock file recompilation bumps the gh-aw compiler/actions/tooling versions (e.g., compiler_version v0.68.1 -> v0.68.4, new container image tags, updated action SHAs), which is a functional workflow change beyond the safe-outputs allowlist tweak. If the version bump isn’t required for allowed-files support, consider keeping the previous compiler/tooling versions and doing upgrades in a separate PR to reduce rollout risk.