chore: upgrade gh-aw-firewall from v0.24.2 to v0.24.3

[Copilot]

Summary

Upgrades the default gh-aw-firewall (AWF) version from v0.24.2 to v0.24.3.

What's Changed in v0.24.3

• fix: route GHEC Copilot proxy to copilot-api subdomain (gh-aw-firewall#1331)

Changes

• Updated DefaultFirewallVersion constant in pkg/constants/constants.go
• Updated golden test files in pkg/workflow/testdata/wasm_golden/
• Recompiled all lock files via make recompile

---

---

✨ PR Review Safe Output Test - Run 23271918855

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	v4.52.4
curl	✅	8.5.0
gh	✅	2.87.3
node	✅	v20.20.1
python3	✅	3.12.3
go	✅	1.24.13
java	✅	10.0.102
dotnet	✅	10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test · ◷

[Copilot]

Pull request overview

Upgrades the default gh-aw-firewall (AWF) version from v0.24.2 to v0.24.3 (includes the Copilot proxy routing fix in AWF v0.24.3).

Changes:

• Bumped DefaultFirewallVersion to v0.24.3.
• Regenerated workflow lock files to reference v0.24.3/0.24.3 across installs, image pulls, and --image-tag.
• Updated WASM golden fixtures to match the newly compiled output.

Reviewed changes

Copilot reviewed 129 out of 180 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/constants/constants.go	Updates the default AWF version constant to v0.24.3.
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden	Updates golden output to v0.24.3 references.
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden	Updates golden output to v0.24.3 references.
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden	Updates golden output to v0.24.3 references.
.github/workflows/ace-editor.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/ai-moderator.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/bot-detection.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/brave.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/changeset.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/code-simplifier.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/codex-github-remote-mcp-test.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/contribution-check.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/craft.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/daily-fact.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/daily-malicious-code-scan.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/daily-observability-report.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/daily-secrets-analysis.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/daily-team-status.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/dependabot-burner.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/dependabot-go-checker.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/dev.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/dictation-prompt.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/duplicate-code-detector.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/example-permissions-warning.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/firewall.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/github-remote-mcp-auth-test.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/gpclean.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/issue-triage-agent.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/metrics-collector.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/notion-issue-summary.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/plan.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/poem-bot.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/pr-triage-agent.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/refiner.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/repo-tree-map.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/security-compliance.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/smoke-agent-all-merged.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/smoke-agent-all-none.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/smoke-agent-public-approved.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/smoke-agent-public-none.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/smoke-agent-scoped-approved.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/smoke-call-workflow.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/smoke-gemini.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/sub-issue-closer.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/super-linter.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/test-dispatcher.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/test-project-url-default.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/test-workflow.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/weekly-blog-post-writer.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/workflow-generator.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.
.github/workflows/workflow-health-manager.lock.yml	Recompiled lock file to use AWF v0.24.3 / images 0.24.3.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[github-actions]

Smoke Test (Codex)

PRs: #21661 Fix build-wasm: update golden test files for gh-aw-mcpg v0.1.18; #21660 chore: bump MCP gateway version to v0.1.18
GitHub MCP (2 merged PRs): ✅
Serena MCP (activate + >=3 symbols): ✅
Playwright (github.com title contains GitHub): ✅
Web-fetch (github.com contains GitHub): ✅
File write/read (/tmp/gh-aw/agent/smoke-test-codex-23271918848.txt): ✅
Bash tool (cat verification): ✅
Build (GOCACHE=/tmp/go-cache GOMODCACHE=/tmp/go-mod make build): ✅
Overall status: PASS

🔮 The oracle has spoken through Smoke Codex · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• ab.chatgpt.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "ab.chatgpt.com"

See Network Configuration for more information.

[github-actions]

Commit pushed: 0585f25

Generated by Changeset Generator

[github-actions]

Smoke Test Results — Run §23271918812

Test	Status
GitHub MCP	✅
MCP Scripts GH CLI	✅
Serena MCP	❌
Playwright	✅
Web Fetch	✅
File Writing	✅
Bash Tool	✅
Discussion Interaction	✅
Build gh-aw	✅
Discussion Creation	✅
Workflow Dispatch	✅
PR Review	✅

Overall: ⚠️ PARTIAL PASS (Serena MCP tools unavailable)

PR by @copilot-swe-agent · Assignees: @pelikhan, @Copilot

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions]

Smoke test agent reviewed this firewall version bump (v0.24.2 → v0.24.3). Changes look consistent across all lock files. ✅

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

✅ Version bumped from v0.24.2 to v0.24.3 — looks good!

[github-actions]

🔧 Binary install script updated to v0.24.3 — consistent with the version bump above.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results — Run §23271918855

Core tests: ✅✅✅✅✅✅✅✅✅✅ (1–10 all passed)
PR review tests: ✅ #11 ✅ #12 ✅ #13 ⚠️ #14 ✅ #15 ⚠️ #16 ⚠️ #17

Overall: PARTIAL (3 skipped due to env constraints, 0 failures)

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

✅ Firewall version updated to v0.24.3 — looks good! This is the expected upgrade from v0.24.2.

[github-actions]

🔍 Container image tag updated to 0.24.3 — consistent with the firewall version bump. All looks correct.