Move setup action files to /opt/gh-aw for readonly access

[Copilot]

Changeset

• Type: patch
• Description: Move action setup and compiler paths from /tmp/gh-aw to /opt/gh-aw so agent access is read-only; updates setup action, compiler constants, tests, and AWF mounts.

All Changes Completed ✅

Successfully updated the codebase to use /opt/gh-aw for readonly files and /tmp/gh-aw for writable files:

Readonly files in /opt/gh-aw/:

• JavaScript and shell script locations in /opt/gh-aw/actions
• Safe-inputs server files and configuration in /opt/gh-aw/safe-inputs
• Safe-outputs configuration files (config.json, tools.json)
• Prompt files in /opt/gh-aw/prompts
• All require() statements for script loading
• MCP server entry points

Writable files in /tmp/gh-aw/:

• Safe-outputs output file: /tmp/gh-aw/safeoutputs/outputs.jsonl
• Agent output artifact downloads: /tmp/gh-aw/safeoutputs/
• Safe-inputs logs: /tmp/gh-aw/safe-inputs/logs/
• MCP logs: /tmp/gh-aw/mcp-logs/
• Sandbox logs and artifacts

Final validation:

• ✅ Code formatted successfully
• ✅ All linting checks passed
• ✅ Merged with latest main branch (multiple times for latest updates)
• ✅ All 123 workflows recompiled successfully with latest changes
• ✅ Readonly mount --mount /opt/gh-aw:/opt/gh-aw:ro applied to all engines (Copilot, Claude, Codex)

The /opt/gh-aw directory is now mounted as readonly in the firewall container, ensuring the agent cannot modify script files, prompt files, or configuration files during execution. All writable data (output files, logs, downloaded artifacts) is in /tmp/gh-aw.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

---

Changeset

• Type: patch
• Description: Move action setup and compiler paths from /tmp/gh-aw to /opt/gh-aw so agent access is read-only; updates setup action, compiler constants, tests, and AWF mounts.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[pelikhan]

@copilot the /opt/gh-aw/ should be mounted as readonly in the firewall/sandbox

[Copilot]

@copilot the /opt/gh-aw/ should be mounted as readonly in the firewall/sandbox

Added readonly mount configuration for /opt/gh-aw in the AWF firewall container across all three engines (Copilot, Claude, and Codex). The mount is configured as --mount /opt/gh-aw:/opt/gh-aw:ro ensuring script files cannot be modified by the agent during execution. Changes in commit cea73fe.

[pelikhan]

@copilot merge main, recompile

[Copilot]

@copilot merge main, recompile

Merged main branch and recompiled all 123 workflows successfully. Changes in commit 1985d22.

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot Playwright reports failed. Our correspondents are investigating the incident...

[Copilot]

@copilot merge main and recompile

Merged latest main branch and recompiled all 123 workflows successfully. Resolved merge conflicts in 12 lock files by accepting main branch versions and then recompiling to apply our readonly mount changes. All workflows now have the updated paths with /opt/gh-aw for readonly files and /tmp/gh-aw for writable files. Changes in commit 2518a52.

[pelikhan]

@copilot merge main recompile

[Copilot]

@copilot merge main recompile

Merged latest main branch and recompiled all 123 workflows successfully. Resolved 11 merge conflicts in lock files by accepting main branch versions and recompiling to apply our readonly mount changes. All workflows now include the updated paths with /opt/gh-aw for readonly files and /tmp/gh-aw for writable files. Changes in commit 3553982.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Smoke Test Results

✅ File Writing: Created and verified test file
✅ Bash Tool: File operations successful
❌ Safe Input gh Tool: Tool not available in environment

Status: FAIL (safeinputs-gh tool missing)

Note: The safeinputs-gh tool is not present in the workflow environment. This may indicate the safe-inputs feature is not properly configured or installed.

AI generated by Smoke Copilot Safe Inputs

[github-actions]

Smoke Test Results ✅

All tests passed successfully:

• ✅ Last 2 merged PRs reviewed (Upgrade upload-artifact to v6.0.0 #9302, Clarify MCP Gateway only supports containerized stdio and HTTP servers #9295)
• ✅ Test file created at /tmp/gh-aw/agent/smoke-test-copilot-20804236696.txt
• ✅ GitHub homepage navigated (title verified)
• ✅ 3 open issues listed (Workflows need recompilation #9296, [ca] Update Copilot CLI to 0.0.375 and Codex to 0.79.0 #9268, Daily Test Improver: The action is not allowed #9260)

AI generated by Smoke Copilot No Firewall

[github-actions]

Smoke Test Results

✅ Cache Memory: File created successfully
❌ Playwright MCP: Not available (no MCP tools detected)
❌ safeinputs-gh Tool: Not available in this workflow

Overall Status: FAIL (2/3 tests failed - missing tools)

Note: This appears to be a standard copilot workflow without Playwright MCP or safeinputs-gh tool configured.

AI generated by Smoke Copilot Playwright

[github-actions]

PRs: Upgrade upload-artifact to v6.0.0; Clarify MCP Gateway only supports containerized stdio and HTTP servers
OpenAI curl blocked ✅
MCP merged PR fetch ✅
File write/read ✅
Blocked domain curl ✅
Protocol allow-domains keeps https://api.github.com ✅
Network: SANDBOXED
Overall: PASS

AI generated by Smoke Codex Firewall

[github-actions]

PRs: Upgrade upload-artifact to v6.0.0 | [WIP] Update mcp server configuration for safe-output
GitHub MCP: ✅
File write/read: ✅
Playwright github.com title: ✅
Cache memory: ✅
safeinputs-gh issues list: ❌ (tool unavailable)
Overall: FAIL

AI generated by Smoke Codex