Update AWF firewall to v0.9.1

[Copilot]

• Understand the AWF v0.9.1 security changes
  • v0.9.1 restricts --enable-host-access to ports 80 and 443 only (secure by default)
  • New --allow-host-ports flag required for non-standard ports
  • MCP Gateway uses port 80 by default, so existing workflows don't need migration
• Update DefaultFirewallVersion from v0.9.0 to v0.9.1
• Update test expectation from v0.8.2 to v0.9.1
• Merge main branch and resolve conflicts
• Regenerate all lock files with v0.9.1

Summary

Updated the AWF firewall version to v0.9.1 which includes a security fix that restricts --enable-host-access to ports 80 and 443 only (previously allowed all ports). No migration needed for existing workflows since the MCP Gateway uses port 80 by default.

Original prompt

Update the awf firewall to v0.9.1

It comes with a security fix, please read below carefully and you should determine for most workflows like smoke-copilot whether or not they need migration:

What Changed:

Before v0.9.1: --enable-host-access allowed access to ALL ports on the host (security vulnerability)
After v0.9.1: --enable-host-access restricts access to ports 80 and 443 only (secure by default)
If you need non-standard ports (e.g., MCP Gateway on port 3000):

New flag: --allow-host-ports

sudo awf --enable-host-access --allow-host-ports 3000
--allow-domains host.docker.internal --
curl http://host.docker.internal:3000/

Multiple ports and ranges supported

sudo awf --enable-host-access --allow-host-ports 3000,8080,9000
--allow-domains host.docker.internal -- command

sudo awf --enable-host-access --allow-host-ports 8000-8090
--allow-domains host.docker.internal -- command
Security improvements:

Defense-in-depth architecture (iptables + Squid filtering)
Dangerous ports (SSH:22, MySQL:3306, PostgreSQL:5432, etc.) are permanently blocked
Explicit port allowlist with default deny policy

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Mossaka]

@copilot merge main and regenerate

[Copilot]

@copilot merge main and regenerate

Merged main and regenerated lock files in commit 3ffcd2c.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results (Claude Engine)

Last 2 Merged PRs:

• PR Add workflow: githubnext/agentics/weekly-research #8: Add workflow: githubnext/agentics/weekly-research
• PR Remove ai-inference, opencode, genaiscript agentic engines for now #10: Remove ai-inference, opencode, genaiscript agentic engines for now

Test Results:

• ✅ GitHub MCP: Retrieved 2 merged PRs
• ❌ Serena Go: Tool not tested (not available)
• ✅ Playwright: Navigated to github.com, title contains "GitHub"
• ✅ Tavily Web Search: Retrieved 5 results for "GitHub Agentic Workflows"
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-claude-21040474364.txt
• ✅ Bash: Verified file contents

Overall Status: PARTIAL PASS (5/6 tests passed; Serena Go not available)

AI generated by Smoke Claude

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Document Smoke Claude workflow failure resolution (already fixed in main)
• Investigation: Copilot Agent PR Analysis workflow failure (transient)

Test Results:

• ✅ GitHub MCP: 2 PRs retrieved
• ❌ Serena Go: go command not available
• ✅ Playwright: Page title contains "GitHub"
• ✅ File Writing: Test file created successfully
• ✅ Bash Tool: File verified

Overall Status: PARTIAL PASS (4/5 tests passed)

Author: @Mossaka

AI generated by Smoke Copilot