From 79773ad732eb24dd581365f8fa500aa322957a7a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 20 Dec 2025 00:03:21 +0000 Subject: [PATCH 1/3] Initial plan From ed9d9c8e98ef12917a977f63bb6a0e1e6a0ce068 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 20 Dec 2025 00:12:39 +0000 Subject: [PATCH 2/3] Investigation: smoke-copilot-safe-inputs workflow 3 missing tools Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- .github/workflows/audit-workflows.lock.yml | 6 ++---- .github/workflows/blog-auditor.lock.yml | 6 ++---- .github/workflows/changeset.lock.yml | 6 ++---- .github/workflows/cli-version-checker.lock.yml | 6 ++---- .github/workflows/cloclo.lock.yml | 6 ++---- .github/workflows/close-old-discussions.lock.yml | 6 ++---- .github/workflows/commit-changes-analyzer.lock.yml | 6 ++---- .github/workflows/copilot-agent-analysis.lock.yml | 6 ++---- .github/workflows/copilot-session-insights.lock.yml | 6 ++---- .github/workflows/daily-code-metrics.lock.yml | 6 ++---- .github/workflows/daily-doc-updater.lock.yml | 6 ++---- .github/workflows/daily-fact.lock.yml | 6 ++---- .github/workflows/daily-issues-report.lock.yml | 6 ++---- .github/workflows/daily-multi-device-docs-tester.lock.yml | 6 ++---- .github/workflows/daily-performance-summary.lock.yml | 6 ++---- .github/workflows/deep-report.lock.yml | 6 ++---- .github/workflows/developer-docs-consolidator.lock.yml | 6 ++---- .github/workflows/duplicate-code-detector.lock.yml | 6 ++---- .github/workflows/example-workflow-analyzer.lock.yml | 6 ++---- .github/workflows/github-mcp-structural-analysis.lock.yml | 6 ++---- .github/workflows/github-mcp-tools-report.lock.yml | 6 ++---- .github/workflows/go-fan.lock.yml | 6 ++---- .github/workflows/go-logger.lock.yml | 6 ++---- .github/workflows/go-pattern-detector.lock.yml | 6 ++---- .github/workflows/instructions-janitor.lock.yml | 6 ++---- .github/workflows/issue-arborist.lock.yml | 6 ++---- .github/workflows/lockfile-stats.lock.yml | 6 ++---- .github/workflows/prompt-clustering-analysis.lock.yml | 6 ++---- .github/workflows/safe-output-health.lock.yml | 6 ++---- .github/workflows/schema-consistency-checker.lock.yml | 6 ++---- .github/workflows/scout.lock.yml | 6 ++---- .github/workflows/security-fix-pr.lock.yml | 6 ++---- .github/workflows/semantic-function-refactor.lock.yml | 6 ++---- .github/workflows/smoke-claude.lock.yml | 6 ++---- .github/workflows/smoke-codex-firewall.lock.yml | 6 ++---- .github/workflows/smoke-codex.lock.yml | 6 ++---- .github/workflows/smoke-detector.lock.yml | 6 ++---- .github/workflows/static-analysis-report.lock.yml | 6 ++---- .github/workflows/typist.lock.yml | 6 ++---- .github/workflows/unbloat-docs.lock.yml | 6 ++---- .github/workflows/workflow-generator.lock.yml | 6 ++---- 41 files changed, 82 insertions(+), 164 deletions(-) diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index d9f5f1e19e..72f3b7f81e 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -315,10 +315,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 85e3ecac1d..4034a8fc1a 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -248,10 +248,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 0993dbd152..e6c624a7a7 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -991,10 +991,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 97567db202..0e98dfdfb3 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -266,10 +266,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 3c1e892a22..03ca647679 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -1057,10 +1057,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/close-old-discussions.lock.yml b/.github/workflows/close-old-discussions.lock.yml index aab970964a..89ce6c9e3b 100644 --- a/.github/workflows/close-old-discussions.lock.yml +++ b/.github/workflows/close-old-discussions.lock.yml @@ -282,10 +282,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index 3370366425..0734d19f80 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -250,10 +250,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index 6f25ece959..c78e007145 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -275,10 +275,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 395b9236e7..659048f644 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -301,10 +301,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index ef1f8f397c..685f265411 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -288,10 +288,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index dc022e7a49..6a0ff57d99 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -259,10 +259,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 0621a54545..9deb4ce82a 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -247,10 +247,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 8b36305819..7826c28450 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -304,10 +304,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 83fb769d91..dcf16e8f04 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -252,10 +252,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 5d09c3ea7b..4ae5485953 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -296,10 +296,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index e70cc18f89..45ea5047ea 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -326,10 +326,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 96741703c5..b936acecba 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -277,10 +277,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 46aece0fda..558a7d6246 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -258,10 +258,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 2b2d3d8735..4609dd9652 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -249,10 +249,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 02a94bf073..eb4361617e 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -292,10 +292,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 6c88477907..19493c8ee4 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -266,10 +266,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index b8580010ac..043b07caf4 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -275,10 +275,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index b5b7f21f4a..ca084c7108 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -275,10 +275,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index d1298f0c25..07c6b166ee 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -250,10 +250,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index c593b90958..ba86f06bb9 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -259,10 +259,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index fe76909399..3a9ca66dcc 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -257,10 +257,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index 58804996dd..1392eabd4d 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -263,10 +263,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index f3b1398ee6..2e09e37fa8 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -336,10 +336,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 3f39e4b75d..1693529143 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -288,10 +288,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 111f714b2e..1ebe4481d0 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -266,10 +266,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index 6d9cbef6b3..167f139ec5 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -1048,10 +1048,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/security-fix-pr.lock.yml b/.github/workflows/security-fix-pr.lock.yml index 2dde2170f9..4df40ce1e4 100644 --- a/.github/workflows/security-fix-pr.lock.yml +++ b/.github/workflows/security-fix-pr.lock.yml @@ -267,10 +267,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index eae41e8b38..6ae4aa3836 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -248,10 +248,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index b752acbc73..d5307d9e2e 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -687,10 +687,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/smoke-codex-firewall.lock.yml b/.github/workflows/smoke-codex-firewall.lock.yml index ade1ca7052..475e65e463 100644 --- a/.github/workflows/smoke-codex-firewall.lock.yml +++ b/.github/workflows/smoke-codex-firewall.lock.yml @@ -658,10 +658,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 1b4b483a6a..b9175e3c1f 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -685,10 +685,8 @@ jobs: run: npm install -g @openai/codex@0.75.0 - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images diff --git a/.github/workflows/smoke-detector.lock.yml b/.github/workflows/smoke-detector.lock.yml index 2884b16e34..8ec1ab7f8f 100644 --- a/.github/workflows/smoke-detector.lock.yml +++ b/.github/workflows/smoke-detector.lock.yml @@ -710,10 +710,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 3df98376ed..218268ba47 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -281,10 +281,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index 94af3201ba..ab1b89f7c3 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -259,10 +259,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index aea8b04294..50af4ff1da 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -694,10 +694,8 @@ jobs: package-manager-cache: false - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Install Claude Code CLI diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 730f37980c..16d5dfb7cf 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -296,10 +296,8 @@ jobs: copilot --version - name: Install awf binary run: | - echo "Installing awf from release: v0.7.0" - curl -L https://github.com/githubnext/gh-aw-firewall/releases/download/v0.7.0/awf-linux-x64 -o awf - chmod +x awf - sudo mv awf /usr/local/bin/ + echo "Installing awf via installer script (requested version: v0.7.0)" + curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash which awf awf --version - name: Downloading container images From 2054007767ee8aae03c9cd17c25ca0e4204d231f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 20 Dec 2025 00:22:50 +0000 Subject: [PATCH 3/3] Fix smoke-copilot-safe-inputs workflow - remove invalid tests for disabled tools Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- .../smoke-copilot-safe-inputs.lock.yml | 35 ++++--------------- .../workflows/smoke-copilot-safe-inputs.md | 14 ++++---- 2 files changed, 12 insertions(+), 37 deletions(-) diff --git a/.github/workflows/smoke-copilot-safe-inputs.lock.yml b/.github/workflows/smoke-copilot-safe-inputs.lock.yml index d41bec694d..049dadaf37 100644 --- a/.github/workflows/smoke-copilot-safe-inputs.lock.yml +++ b/.github/workflows/smoke-copilot-safe-inputs.lock.yml @@ -569,18 +569,6 @@ jobs: uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: persist-credentials: false - - name: Setup Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 - with: - go-version: '1.25' - - name: Setup Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 - with: - python-version: '3.12' - - name: Setup uv - uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5 - - name: Install Go language service (gopls) - run: go install golang.org/x/tools/gopls@latest - name: Create gh-aw temp directory run: | mkdir -p /tmp/gh-aw/agent @@ -3621,12 +3609,6 @@ jobs: "GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}", "DEFAULT_BRANCH": "\${DEFAULT_BRANCH}" } - }, - "serena": { - "type": "local", - "command": "uvx", - "args": ["--from", "git+https://github.com/oraios/serena", "serena", "start-mcp-server", "--context", "codex", "--project", "${{ github.workspace }}"], - "tools": ["*"] } } } @@ -3725,7 +3707,6 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} - GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} run: | PROMPT_DIR="$(dirname "$GH_AW_PROMPT")" @@ -3748,22 +3729,21 @@ jobs: - # Smoke Test: Copilot Engine Validation + # Smoke Test: Copilot Safe Inputs Validation **IMPORTANT: Keep all outputs extremely short and concise. Use single-line responses where possible. No verbose explanations.** + This smoke test validates safe-inputs functionality. GitHub MCP is intentionally disabled (`github: false`) to test that the `safeinputs-gh` tool provides an alternative way to access GitHub data. + ## Test Requirements - 1. **GitHub MCP Testing**: Review the last 2 merged pull requests in __GH_AW_GITHUB_REPOSITORY__ - 2. **File Writing Testing**: Create a test file `/tmp/gh-aw/agent/smoke-test-copilot-__GH_AW_GITHUB_RUN_ID__.txt` with content "Smoke test passed for Copilot at $(date)" (create the directory if it doesn't exist) - 3. **Bash Tool Testing**: Execute bash commands to verify file creation was successful (use `cat` to read the file back) - 4. **Serena MCP Testing**: Use Serena to list classes in the project - 5. **Safe Input gh Tool Testing**: Use the `safeinputs-gh` tool to run "gh issues list --limit 3" to verify the tool can access GitHub issues + 1. **File Writing Testing**: Create a test file `/tmp/gh-aw/agent/smoke-test-copilot-__GH_AW_GITHUB_RUN_ID__.txt` with content "Smoke test passed for Copilot at $(date)" (create the directory if it doesn't exist) + 2. **Bash Tool Testing**: Execute bash commands to verify file creation was successful (use `cat` to read the file back) + 3. **Safe Input gh Tool Testing**: Use the `safeinputs-gh` tool to run "gh pr list --state merged --limit 2" to verify the tool can access GitHub data. This tests that safe-inputs can replace GitHub MCP for CLI-based GitHub access. ## Output Add a **very brief** comment (max 5-10 lines) to the current pull request with: - - PR titles only (no descriptions) - ✅ or ❌ for each test result - Overall status: PASS or FAIL @@ -3774,7 +3754,6 @@ jobs: uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt - GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} with: script: | @@ -3805,7 +3784,6 @@ jobs: return await substitutePlaceholders({ file: process.env.GH_AW_PROMPT, substitutions: { - GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, GH_AW_GITHUB_RUN_ID: process.env.GH_AW_GITHUB_RUN_ID } }); @@ -3880,7 +3858,6 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt - GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} with: script: | diff --git a/.github/workflows/smoke-copilot-safe-inputs.md b/.github/workflows/smoke-copilot-safe-inputs.md index ddb8e47862..85b5c117aa 100644 --- a/.github/workflows/smoke-copilot-safe-inputs.md +++ b/.github/workflows/smoke-copilot-safe-inputs.md @@ -25,7 +25,6 @@ tools: bash: - "*" github: false - serena: ["go"] safe-outputs: add-comment: hide-older-comments: true @@ -34,22 +33,21 @@ safe-outputs: strict: true --- -# Smoke Test: Copilot Engine Validation +# Smoke Test: Copilot Safe Inputs Validation **IMPORTANT: Keep all outputs extremely short and concise. Use single-line responses where possible. No verbose explanations.** +This smoke test validates safe-inputs functionality. GitHub MCP is intentionally disabled (`github: false`) to test that the `safeinputs-gh` tool provides an alternative way to access GitHub data. + ## Test Requirements -1. **GitHub MCP Testing**: Review the last 2 merged pull requests in ${{ github.repository }} -2. **File Writing Testing**: Create a test file `/tmp/gh-aw/agent/smoke-test-copilot-${{ github.run_id }}.txt` with content "Smoke test passed for Copilot at $(date)" (create the directory if it doesn't exist) -3. **Bash Tool Testing**: Execute bash commands to verify file creation was successful (use `cat` to read the file back) -4. **Serena MCP Testing**: Use Serena to list classes in the project -5. **Safe Input gh Tool Testing**: Use the `safeinputs-gh` tool to run "gh issues list --limit 3" to verify the tool can access GitHub issues +1. **File Writing Testing**: Create a test file `/tmp/gh-aw/agent/smoke-test-copilot-${{ github.run_id }}.txt` with content "Smoke test passed for Copilot at $(date)" (create the directory if it doesn't exist) +2. **Bash Tool Testing**: Execute bash commands to verify file creation was successful (use `cat` to read the file back) +3. **Safe Input gh Tool Testing**: Use the `safeinputs-gh` tool to run "gh pr list --state merged --limit 2" to verify the tool can access GitHub data. This tests that safe-inputs can replace GitHub MCP for CLI-based GitHub access. ## Output Add a **very brief** comment (max 5-10 lines) to the current pull request with: -- PR titles only (no descriptions) - ✅ or ❌ for each test result - Overall status: PASS or FAIL