Enable strict mode and awf firewall for all agentic workflows

[Copilot]

• Analyze all agentic workflow files in .github/workflows/
• Only change strict: false to strict: true (30 files)
• Do NOT add strict: true or sandbox: agent: awf to files without those settings (they should use defaults)
• Fix daily-multi-device-docs-tester.md permission for strict mode compatibility
• Keep example-permissions-warning.md as strict: false (intentional example file)
• Recompile all workflows
• Update tests to reflect AWF being enabled by default

Summary

Per @pelikhan's feedback: strict: true and sandbox: agent: awf should be defaults.

Changed (30 files): Only workflows that had strict: false → changed to strict: true

Unchanged: Workflows without strict: setting remain unchanged to test the default behavior

Test Updates: Updated tests to verify that AWF sandbox agent is enabled by default for all supported engines (copilot, claude, codex) even without explicit network configuration.

Special cases:

• daily-multi-device-docs-tester.md: Changed issues: write → issues: read (uses safe-outputs for writes)
• example-permissions-warning.md: Kept as strict: false (intentional example for permission testing)

Original prompt

Now that awf is integrated with copilot, codex and claude. can you make sure that all the Agentic Workflows in this repo are running in strict mode, and that awf is enabled for all of them (except the workflow that uses other firewall runtime like srt).

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[pelikhan]

@copilot script: true and sandbox: agent: awf should be the default so do not edit workflows that do not have strict: ... specified so we also test the defaults.

[Copilot]

@copilot script: true and sandbox: agent: awf should be the default so do not edit workflows that do not have strict: ... specified so we also test the defaults.

Addressed in dcbcc58. Now only workflows that explicitly had strict: false are changed to strict: true (30 files). Files without strict: or sandbox: settings remain unchanged to test the defaults.

[pelikhan]

@copilot make sure the awf sandbox agent is enabled by default if not specified

[Copilot]

@copilot make sure the awf sandbox agent is enabled by default if not specified

Verified in e45c54f. AWF sandbox agent is already enabled by default when no sandbox.agent is specified. Updated tests to confirm this behavior - AWF is now enabled by default for all supported engines (copilot, claude, codex) even without explicit network configuration.

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

Smoke Test Results (Run 20385131313)

Last 2 Merged PRs:

• Fix smoke-codex-firewall test to expect OpenAI access blocked #7010: Fix smoke-codex-firewall test to expect OpenAI access blocked
• Make MCP configuration default in init command, add --no-mcp flag #7001: Make MCP configuration default in init command, add --no-mcp flag

✅ GitHub MCP - Retrieved PRs
✅ File Writing - Created test file
✅ Bash Tools - Verified file
✅ get_me Tool - Correctly unavailable (expected behavior with default toolsets)
✅ Cache Memory - Created and verified

Overall: PASS

cc @Mossaka

📰 BREAKING: Report filed by Smoke Copilot fer issue #7009 🗺️

[github-actions]

#7010 Fix smoke-codex-firewall test to expect OpenAI access blocked
#7007 Restructure Agentic campaigns docs into subsections
OpenAI curl blocked: ✅
GitHub MCP PR fetch: ✅
File write/read: ✅
example.com blocked: ✅
Network: SANDBOXED
Overall: PASS

🔥 Firewall tested by Smoke Codex Firewall fer issue #7009 🗺️

[github-actions]

Smoke Test Results: Copilot Engine (No Firewall)

Last 2 Merged PRs:

• Fix smoke-codex-firewall test to expect OpenAI access blocked #7010: Fix smoke-codex-firewall test
• Make MCP configuration default in init command, add --no-mcp flag #7001: Make MCP configuration default in init command

Test Results:

1. GitHub MCP ✅
2. File Writing ✅
3. Bash Tool ✅
4. Playwright MCP ✅ (title contains "GitHub")
5. Safe Input gh Tool ❌ (tool not available)

Overall: PASS (4/5 critical tests passed)

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #7009 🗺️

[github-actions]

Smoke Test Results

Last 2 Merged PRs: Unable to test (GitHub MCP not available)
File Writing: ✅ Created and verified /tmp/gh-aw/agent/smoke-test-copilot-20385131297.txt
Bash Tools: ✅ Successfully executed file operations
Serena MCP: Unable to test (Serena MCP not available)
Safe Input gh: Unable to test (safeinputs-gh tool not available)

Overall Status: PARTIAL PASS (2/5 tests completed)

Ahoy! This treasure was crafted by 🏴‍☠️ Smoke Copilot Safe Inputs fer issue #7009 🗺️

[github-actions]

Recent merged PRs: Fix smoke-codex-firewall test to expect OpenAI access blocked; Make MCP configuration default in init command, add --no-mcp flag
GitHub MCP: ✅
Agent file write/read: ✅
Playwright title contains "GitHub": ✅
Cache memory write/read: ✅
safeinputs-gh gh issues list: ❌ (tool unavailable)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #7009 🗺️

[github-actions]

Smoke Test Results - Claude (Run 20385131306)

Recent PRs:

• Fix smoke-codex-firewall test to expect OpenAI access blocked #7010: Fix smoke-codex-firewall test to expect OpenAI access blocked
• Make MCP configuration default in init command, add --no-mcp flag #7001: Make MCP configuration default in init command, add --no-mcp flag

Test Results:

• ✅ GitHub MCP (last 2 PRs fetched)
• ✅ File Writing (/tmp/gh-aw/agent/)
• ✅ Bash Tool (file verification)
• ✅ Playwright MCP (GitHub page title confirmed)
• ✅ Cache Memory (/tmp/gh-aw/cache-memory/)
• ❌ Safe Input gh Tool (tool not available, alternatives available)

Status: PASS (5/6 tests successful, gh tool missing but alternatives exist)

💥 [THE END] — Illustrated by Smoke Claude fer issue #7009 🗺️