fix: recompile smoke-codex workflow with gh-aw v0.64.2 to unblock github.com

[Copilot]

The smoke-codex agent job has been failing consistently because github.com was absent from the AWF firewall allowlist — the lock file was compiled with gh-aw v0.58.2, whose github domain group didn't include github.com. The Codex CLI requires direct access to github.com from within the sandbox, causing Execute Codex to exit non-zero.

Changes

• smoke-codex.md: Remove sandbox.mcp.container — deprecated internal implementation detail rejected by strict mode in v0.64.2+
• smoke-codex.lock.yml: Recompiled with gh-aw v0.64.2
  • Adds github.com, docs.github.com, github.blog, www.googleapis.com to --allow-domains (expanded github group)
  • Updates MCP gateway image: v0.1.15 → v0.2.6
  • Updates AWF container images: 0.24.1 → 0.25.1
  • Adds --audit-dir flag and --mount for $RUNNER_TEMP/gh-aw

The old compiled domain list vs new:

-  ...,github.githubassets.com,host.docker.internal,...
+  ...,docs.github.com,...,github.blog,github.com,github.githubassets.com,host.docker.internal,...,www.googleapis.com'

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.64.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.64.2 --jq .object.sha unsafe-execa.js son tnet/tools/git (http block)
• https://api.github.com/repos/github/gh-aw-firewall/actions/runs/23687387245/artifacts
  • Triggering command: /usr/bin/gh gh run download 23687387245 -R github/gh-aw-firewall --name agent --dir /tmp/agent-artifact t.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Fix the failing GitHub Actions workflow agent
Analyze the workflow logs, identify the root cause of the failure, and implement a fix.
Job ID: 69009721978
Job URL: https://github.com/github/gh-aw-firewall/actions/runs/23687387245/job/69009721978

---

📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.

[Copilot]

Pull request overview

Updates the smoke-codex workflow to a newer gh-aw compiler version to unblock Codex runs inside the AWF sandbox (notably by expanding the firewall allowlist to include github.com and related domains) and to align with newer gh-aw runtime conventions.

Changes:

• Recompiled smoke-codex.lock.yml with gh-aw v0.64.2 (new schema, updated images, expanded allowlist, adds --audit-dir + runner-temp mounts).
• Removed deprecated sandbox.mcp.container frontmatter from smoke-codex.md.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/smoke-codex.md	Removes deprecated sandbox MCP container override from workflow manifest.
.github/workflows/smoke-codex.lock.yml	Regenerates compiled workflow with updated gh-aw/AWF/MCP gateway versions and expanded firewall allowlist.

Comments suppressed due to low confidence (2)

.github/workflows/smoke-codex.lock.yml:623

• set-runtime-paths writes GH_AW_SAFE_OUTPUTS_* values to $GITHUB_OUTPUT, but the Start MCP Gateway step only sets GH_AW_SAFE_OUTPUTS. As a result, MCP_GATEWAY_DOCKER_COMMAND will pass empty GH_AW_SAFE_OUTPUTS_CONFIG_PATH / GH_AW_SAFE_OUTPUTS_TOOLS_PATH env vars into the gateway container. Set these two env vars on the Start MCP Gateway step (or export them via $GITHUB_ENV in set-runtime-paths) so the container receives the correct paths.

      - name: Start MCP Gateway
        id: start-mcp-gateway
        env:
          GH_AW_SAFE_OUTPUTS: ${{ steps.set-runtime-paths.outputs.GH_AW_SAFE_OUTPUTS }}
          GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }}
          GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }}
          GITHUB_MCP_GUARD_MIN_INTEGRITY: ${{ steps.determine-automatic-lockdown.outputs.min_integrity }}
          GITHUB_MCP_GUARD_REPOS: ${{ steps.determine-automatic-lockdown.outputs.repos }}
          GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}

.github/workflows/smoke-codex.lock.yml:603

• Start Safe Outputs MCP HTTP Server sets port/key/tools/config env vars, but it does not set GH_AW_SAFE_OUTPUTS (the output NDJSON path). Since later steps expect safe outputs at ${RUNNER_TEMP}/gh-aw/safeoutputs/outputs.jsonl, consider passing GH_AW_SAFE_OUTPUTS: ${{ steps.set-runtime-paths.outputs.GH_AW_SAFE_OUTPUTS }} here as well so the server writes to the same location.

      - name: Start Safe Outputs MCP HTTP Server
        id: safe-outputs-start
        env:
          DEBUG: '*'
          GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-config.outputs.safe_outputs_port }}
          GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-config.outputs.safe_outputs_api_key }}
          GH_AW_SAFE_OUTPUTS_TOOLS_PATH: ${{ runner.temp }}/gh-aw/safeoutputs/tools.json
          GH_AW_SAFE_OUTPUTS_CONFIG_PATH: ${{ runner.temp }}/gh-aw/safeoutputs/config.json
          GH_AW_MCP_LOG_DIR: /tmp/gh-aw/mcp-logs/safeoutputs

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

set-runtime-paths currently writes GH_AW_SAFE_OUTPUTS (and related paths) only to $GITHUB_OUTPUT. Later shell steps (e.g., the safe-outputs validation post-step) won’t see these values unless they explicitly reference steps.set-runtime-paths.outputs.*, and will fall back to /opt/gh-aw/... paths that are no longer used. Consider also exporting these variables via $GITHUB_ENV so subsequent run: steps reliably pick them up.

This issue also appears in the following locations of the same file:

• line 595
• line 615

Suggested change

	echo "GH_AW_SAFE_OUTPUTS=${RUNNER_TEMP}/gh-aw/safeoutputs/outputs.jsonl" >> "$GITHUB_OUTPUT"
	echo "GH_AW_SAFE_OUTPUTS_CONFIG_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" >> "$GITHUB_OUTPUT"
	echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" >> "$GITHUB_OUTPUT"
	echo "GH_AW_SAFE_OUTPUTS=${RUNNER_TEMP}/gh-aw/safeoutputs/outputs.jsonl" >> "$GITHUB_OUTPUT"
	echo "GH_AW_SAFE_OUTPUTS=${RUNNER_TEMP}/gh-aw/safeoutputs/outputs.jsonl" >> "$GITHUB_ENV"
	echo "GH_AW_SAFE_OUTPUTS_CONFIG_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" >> "$GITHUB_OUTPUT"
	echo "GH_AW_SAFE_OUTPUTS_CONFIG_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" >> "$GITHUB_ENV"
	echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" >> "$GITHUB_OUTPUT"
	echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" >> "$GITHUB_ENV"