Bump default AWF firewall to v0.25.26, merge main, and recompile lock outputs

[Copilot]

This updates the default AWF firewall version from v0.25.25 to v0.25.26 and propagates the new tag through compiled workflow artifacts that pin firewall containers.

• Default version update

  • Changed DefaultFirewallVersion in:
    • pkg/constants/version_constants.go

• Compiled workflow lockfile refresh

  • Recompiled lockfiles so generated manifests and runtime steps now reference 0.25.26 for:
    • ghcr.io/github/gh-aw-firewall/agent
    • ghcr.io/github/gh-aw-firewall/api-proxy
    • ghcr.io/github/gh-aw-firewall/squid

• Golden fixture alignment

  • Updated WASM compile golden outputs that assert emitted AWF versioned content:
    • pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden
    • pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden

• Follow-up from review feedback

  • Merged latest main into this branch.
  • Recompiled lock outputs again after merge to keep generated files aligned with current sources (including design-decision-gate.lock.yml updates from merged workflow changes).

// pkg/constants/version_constants.go
const DefaultFirewallVersion Version = "v0.25.26"

[!WARNING]

---

---

✨ PR Review Safe Output Test - Run 24704312312

💥 [THE END] — Illustrated by Smoke Claude · ● 230K · ◷

[pelikhan]

@copilot merge main and recompile

[Copilot]

Pull request overview

Updates the default gh-aw firewall (AWF) version to v0.25.26 and refreshes generated workflow lock artifacts / WASM compile golden fixtures so pinned runtime steps and container image tags consistently reference the new version.

Changes:

• Bumped DefaultFirewallVersion from v0.25.25 to v0.25.26.
• Recompiled workflow lockfiles to pin ghcr.io/github/gh-aw-firewall/* images and AWF install steps to 0.25.26 / v0.25.26.
• Updated WASM compile golden fixtures to assert the new AWF version in emitted workflow content.

Show a summary per file

File	Description
pkg/constants/version_constants.go	Bumps the default AWF version constant to v0.25.26.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden	Updates golden output to expect AWF v0.25.26 and image-tag 0.25.26.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden	Updates golden output to expect AWF v0.25.26 and image-tag 0.25.26.
.github/workflows/video-analyzer.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/test-workflow.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/smoke-opencode.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/smoke-crush.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/smoke-ci.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/security-compliance.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/refiner.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/plan.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/metrics-collector.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/gpclean.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/github-remote-mcp-auth-test.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/firewall.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/example-permissions-warning.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/dev.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/daily-malicious-code-scan.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/copilot-token-optimizer.lock.yml	Re-pins AWF install + firewall images (including cli-proxy where used) to 0.25.26 / v0.25.26.
.github/workflows/contribution-check.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/codex-github-remote-mcp-test.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/code-simplifier.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/changeset.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/bot-detection.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/ai-moderator.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.
.github/workflows/ace-editor.lock.yml	Re-pins AWF install + firewall images to 0.25.26 / v0.25.26.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 75/201 changed files
• Comments generated: 0

[lpcox]

@copilot merge main and recompile

[Copilot]

@copilot merge main and recompile

Merged origin/main into this branch and recompiled lock outputs. Addressed in commit 51a129d.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh repo view owner/repo env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c "prettier" --cheGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git -json GO111MODULE e4b68e421d17c53b--show-toplevel git -C /tmp/gh-aw-test-runs/20260421-033931-27791/test-900095431 rev-parse /usr/bin/git -json GO111MODULE 64/pkg/tool/linuinstall git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv /tmp/gh-aw-test-runs/20260421-033931-27791/test-919563417/.github/workflows config /usr/bin/git remote.origin.urgit log 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv y488ALeM- GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go ortc�� -json d/gh-aw-wasm/main.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linutest@example.com (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel aw.test /usr/bin/git -json GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.8/x--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git -bool -buildtags /usr/lib/git-cor--show-toplevel git rev-�� --show-toplevel /usr/lib/git-core/git /usr/bin/git --pack_header=2,git -q /usr/bin/git git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 config bject.type] | @tsv remote.origin.urgit GOPROXY 64/bin/go git rev-�� --show-toplevel sh om/owner/repo.git "prettier" --chegit sh 64/bin/go node (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git Onlymin-integritgit GO111MODULE /opt/hostedtoolcHEAD git rev-�� --show-toplevel go /usr/bin/git i/install.sh GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� prettier --check ache/go/1.25.8/xGOMODCACHE **/*.ts **/*.json --ignore-path go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv prettier --check 64/bin/go --ignore-path .prettierignore 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv "prettier" --cheGOINSECURE sh 64/bin/go tierignore git 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json GO111MODULE 64/bin/go /opt/hostedtoolcache/node/24.14.1/x64/bin/node /tmp�� No expressions here go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json GO111MODULE 64/bin/go /opt/hostedtoolcache/node/24.14.1/x64/bin/node /tmp�� Secret: ${{ secrets.TOKEN }} go /usr/bin/git -json GO111MODULE x_amd64/compile git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv 64/bin/go l 3691613/b453/vet.cfg -json GO111MODULE 64/bin/go git -C runs/20260421-033931-27791/test-1457190137 remote /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --check **/*.cjs 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --git-dir go /usr/bin/git cli/install.sh..git GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv sistency_WithImports1117836205/001/main.md go /usr/bin/git -json GO111MODULE 64/bin/go git conf�� user.email l /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile --check **/*.cjs 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv ErrorFormatting1492134938/001 my-default /usr/bin/git plate-expressiongit GO111MODULE 64/bin/go git -C /tmp/TestGuardPolicyTrustedUsersRequiresMinIntegrity1976076182/001 remote /usr/bin/git --check **/*.cjs 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sed -ne s/^session\.save_path=\(.*;\)\?\go1.25.8 GOPROXY 64/pkg/tool/linux_amd64/compile GOSUMDB GOWORK 64/bin/go 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 1352545828 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name itbranch_with_hyphen4258522665/002/work 64/bin/go GOINSECURE GOMOD GOMODCACHE go env edOutput106231401/001 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sed -e s,@VERSION@,8.3, GOPROXY x_amd64/compile GOSUMDB GOWORK 64/bin/go x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name LsRemoteWithRealGitbranch_with_hyphen4258522665/001' 64/bin/go GOINSECURE GOMOD GOMODCACHE go env edOutput106231401/001 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sed -ne s/^session\.gc_maxlifetime=\(.*\)$/\1/p GOPROXY 64/pkg/tool/linux_amd64/compile GOSUMDB GOWORK 64/bin/go 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE gh-aw.opt.wasm gh-aw.wasm; \ AF-buildtags env -json GO111MODULE sole.test GOINSECURE GOMOD GOMODCACHE sole.test (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sed -e ions-build/main.go GOPROXY 64/pkg/tool/linux_amd64/link GOSUMDB GOWORK 64/bin/go 64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 1352545828 GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE /usr/bin/php8.3 -c /etc/php/8.3/cli/php.ini -d 64/pkg/tool/linux_amd64/compile -r foreach(ini_get_rev-parse 64/bin/go 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 1352545828 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sed -ne erate-action-metadata/main.go GOPROXY 64/pkg/tool/linux_amd64/vet GOSUMDB GOWORK 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE .test GOINSECURE GOMOD GOMODCACHE .test (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path if ! cd actions/GOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh -c "prettier" --cheGOINSECURE node 64/bin/go prettier --write 64/bin/go go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE QqQx3T_/AukKNLXaconfig (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE sort -rn ut1219569738/001 -k2,2 ache/go/1.25.8/x64/bin/go GOSUMDB GOWORK x_amd64/compile go (http block)
• https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
  • Triggering command: /tmp/go-build2673691613/b403/cli.test /tmp/go-build2673691613/b403/cli.test -test.testlogfile=/tmp/go-build2673691613/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --cGOINSECURE GOPROXY 64/bin/go lk-memory gh-aw.wasm -o gh-aw.opt.wasm && \ mv gh-aw.opt.wasm gh-aw.wasm; \ AFTER=$(wc -c < g GOWORK 64/bin/go sh (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 1/x64/bin/node git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env DefaultBranchFromLsRemoteWithRealGitmain_branch2086802950/001' DefaultBranchFromLsRemoteWithRealGitmain_branch2086802950/001' ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go 6802�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 6802950/001 6802950/002/work 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go wc -c < gh-aw.wainfocmp GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go sh -c "prettier" --cheGOINSECURE sh 64/bin/go "prettier" --wri/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet git 64/bin/go go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env l 2>&1; then \ echo "Running wasm-opt -Oz (size--thin GO111MODULE k GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build2673691613/b070/importcfg -pack /tmp/go-build2673691613/b070/_testmain.go /opt�� prettier --check 64/bin/go --ignore-path .prettierignore 64/bin/go go (http block)
• https://api.github.com/repos/test/repo
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch 1352545828 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 10/001/test-frontmatter-with-arrays.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• invalid.example.invalid
  • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git git conf�� --local --get ode_modules/.bin/git cal/bin/git git /git git add . git tions/setup/node_modules/.bin/git -M main bin/git git (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

@copilot merge main and recompile

Merged latest origin/main and recompiled outputs. Addressed in commit 5dacf13.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh repo view owner/repo env rity1083667284/001 GO111MODULE 64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/asm env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/tmp/go-build811949625/b392/_pkg_.a go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --paginate repos/{owner}/{repo}/actions/runs/3/artifacts /usr/bin/infocmp .artifacts[].namgit GO111MODULE 64/bin/go infocmp -1 xterm-color go /usr/bin/git erate-action-metnode GO111MODULE 64/pkg/tool/linuinstall git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv ansitiveImports306563162/001 l ache/node/24.14.1/x64/bin/node 01 sh 64/bin/go git t-38�� k/gh-aw/gh-aw/.github/workflows/approach-validator.md remote.origin.url ache/node/24.14.1/x64/bin/node -json GO111MODULE 64/bin/go ache/node/24.14.1/x64/bin/node (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv 34/001/stability-test.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE ache/go/1.25.8/x: git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE cfg git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git /tmp/go-build235git -importcfg ache/node/24.14.--show-toplevel git rev-�� --show-toplevel /bin/sh /usr/bin/git bility_SameInputgit git-upload-pack rev-parse 949625/b460/vet.--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ons-test4086203290 --json /usr/bin/git l owner/repo 64/bin/go git remo�� GOMODCACHE node /opt/hostedtoolcache/node/24.14.1/x64/bin/node --check **/*.cjs layTitle node (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git 5608-27803/test-git GO111MODULE 64/pkg/tool/linu-b git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE e/git git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --cGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/tmp/go-build811949625/b390/_pkg_.a go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/tmp/go-build811949625/b409/console.test go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /opt/hostedtoolcache/node/24.14.1/x64/bin/node cli/install.sh..git GO111MODULE 64/bin/go /opt/hostedtoolcache/node/24.14.1/x64/bin/node /tmp�� github.repository go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git cp .github/aw/acgit GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git LsRemoteWithRealgit LsRemoteWithRealrev-parse 64/bin/go git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv for-each-ref --format=%(objectname) /usr/bin/git -json GO111MODULE 64/bin/go git -C /tmp/TestGuardPolicyMinIntegrityOnlyrepos_only_wremote.origin.url s/1/artifacts /usr/bin/git "prettier" --chegit GOPROXY 64/bin/go git (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv :latest --format=%(objectname) /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link go1.25.8 -c=4 -nolocalimports /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link -o /tmp/go-build811949625/b430/parser.test -importcfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -s -w -buildmode=exe /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv --pack_header=2,3 -q 949625/b453/vet.cfg OilS/wUfHpVXx3MHgit GO111MODULE 64/bin/go git -C /tmp/TestGuardPolicyBlockedUsersCommaSeparatedCompiledOutput625467600/001 config /usr/bin/git remote.origin.urgit GOPROXY 64/bin/go /usr/bin/git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name LsRemoteWithRealGitbranch_with_hyphen3685326975/001' 64/bin/go GOINSECURE GOMOD GOMODCACHE go env edOutput4288253501/001 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env edOutput4288253501/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ions-build/main.go GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 1567875639 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env erate-action-metadata/main.go GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE gh-aw.opt.wasm gh-aw.wasm; \ AFTER=$(wc -c < g env -json GO111MODULE ole.test GOINSECURE GOMOD GOMODCACHE ole.test (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE test GOINSECURE GOMOD GOMODCACHE test (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 338563867 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti-bool go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 main -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE go env mpiledOutput3882795760/001 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
  • Triggering command: /tmp/go-build811949625/b403/cli.test /tmp/go-build811949625/b403/cli.test -test.testlogfile=/tmp/go-build811949625/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go lk-memory gh-aw.wasm -o gh-aw.opt.wasm && \ mv gh-aw.opt.wasm gh-aw.wasm; \ AFTER=$(wc -c < g GOMOD GOMODCACHE node (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv it/ref/tags/v4 go sv -json GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git Onlyrepos_only_wls GO111MODULE ache/go/1.25.8/x/tmp/gh-aw/aw-feature-branch.patch git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 8363259/001 8363259/002/work 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti-bool go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build811949625/b070/importcfg -pack /tmp/go-build811949625/b070/_testmain.go /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/tmp/go-build811949625/b390/_pkg_.a go (http block)
• https://api.github.com/repos/test/repo
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch 1567875639 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 5/001/test-inlined-imports-enabled-with-body-content.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• invalid.example.invalid
  • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git git conf�� --local --get ode_modules/.bin/git cal/bin/git git /git git add . git tions/setup/node_modules/.bin/git -M main bin/git git (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

🚀 Smoke OpenCode MISSION COMPLETE! OpenCode delivered. 🔥

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

⚠️ Smoke Gemini failed. Gemini encountered unexpected challenges...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

⚠️ Smoke Crush failed. Crush encountered unexpected challenges...

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	v4.52.5
curl	✅	8.5.0
gh	✅	2.89.0
node	✅	v20.20.2
python3	✅	3.12.3
go	✅	1.24.13
java	✅	openjdk 21.0.10
dotnet	✅	10.0.201

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test · ● 115.7K · ◷

[github-actions]

Smoke Test Results — Run §24704312319\n\n| Test | Status |\n|------|--------|\n| GitHub MCP | ✅ |\n| MCP Scripts GH CLI | ✅ |\n| Serena CLI | ✅ |\n| Playwright | ✅ |\n| Web Fetch | ✅ |\n| File Writing | ✅ |\n| Bash Tool | ✅ |\n| Discussion Interaction | ✅ |\n| Build gh-aw | ✅ |\n| Upload artifact | ✅ |\n| Discussion Creation | ✅ |\n| Workflow Dispatch | ✅ |\n| PR Review | ✅ |\n\nOverall: ✅ PASS\n\nPR by @Copilot · Assignees: @pelikhan, @Copilot

📰 BREAKING: Report filed by Smoke Copilot · ● 900.9K · ◷

[github-actions]

This PR correctly bumps DefaultFirewallVersion from v0.25.25 to v0.25.26 and propagates the change through compiled lock files and golden test fixtures. The change is minimal and well-scoped. No logic changes — purely a version constant update with appropriate artifact regeneration.

📰 BREAKING: Report filed by Smoke Copilot · ● 900.9K

[github-actions]

Version bump from v0.25.25 → v0.25.26 looks correct. Consider adding a brief inline comment here referencing the changelog or release notes for v0.25.26 so future readers can quickly understand the motivation for the bump.

[github-actions]

The golden fixture files are correctly updated to reference v0.25.26. This is a good practice — keeping test fixtures in sync with version bumps ensures CI catches regressions if the version constant ever drifts from the compiled output.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results — Run 24704312312 (Claude engine)

Test	Status
1 GitHub MCP	✅
2 mcpscripts-gh	✅
3 Serena MCP	✅
4 Make Build	✅
5 Playwright	✅
6 Tavily Search	✅
7 File Writing	✅
8 Bash Tool	✅
9 Discussion	✅
10 Agentic Workflows MCP	❌
11 Slack Safe Output	✅
12 Code Scanning Alert	✅
13 Update PR	✅
14 PR Review Comments	✅
15 Submit PR Review	✅
16 Resolve Thread	⚠️
17 Add Reviewer	✅
18 Push to PR Branch	✅
19 Close PR	⚠️

Overall: PARTIAL — 16 passed, 1 failed (#10 MCP status error), 2 skipped (#16, #19)

💥 [THE END] — Illustrated by Smoke Claude · ● 230K · ◷

[github-actions]

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude · ● 230K

[github-actions]

🔍 Firewall version bump detected: Updated from ghcr.io/github/gh-aw-firewall/*:0.25.25 → :0.25.26. Looks like a clean version bump to the AWF container images. The manifest hash and all action SHAs remain pinned — good hygiene.

[github-actions]

✅ Consistent version bump: Same 0.25.25 → 0.25.26 update applied here for the agent, api-proxy, and squid firewall container images. The awf binary install script and --image-tag flag are also updated consistently throughout the file.