chore: bump MCP Gateway v0.2.3→v0.2.4, APM v0.8.4→v0.8.5

[Copilot]

Routine version bumps for two CLI tools. Both are drop-in replacements with no breaking changes.

• MCP Gateway v0.2.4 — fixes malformed response envelopes in proxy mode; adds proxy+github-script smoke tests
• APM v0.8.5 — org-level policy engine for apm audit --ci, SSL cert fix in PyInstaller binary, cross-target path fix in apm pack

Changed: pkg/constants/constants.go + 177 recompiled lock files

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE npm (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha user.name Test User /usr/bin/git ithub/workflows GO111MODULE x_amd64/vet git init�� ed } } x_amd64/vet /usr/bin/infocmp ithub/workflows GO111MODULE x_amd64/vet infocmp (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git rev-�� --show-toplevel -tests /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha xterm-color ache/go/1.25.0/xGO111MODULE 64/pkg/tool/linux_amd64/vet -json GO111MODULE 64/bin/go 64/pkg/tool/linux_amd64/vet -1 k/gh-aw/gh-aw/.github/workflows cfg 64/pkg/tool/linux_amd64/link -json GO111MODULE $name) { has--show-toplevel 64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git -json GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git k/gh-aw/gh-aw/.ggit GOPROXY 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git ace-editor.md rev-parse ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git graphql -f x_amd64/vet git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha uts.version -trimpath /usr/bin/git -p main -lang=go1.25 git chec�� nt/action/git/ref/tags/v999.999.999 -dwarf=false /usr/bin/git go1.25.0 -c=4 -nolocalimports git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha uts.branch go /usr/bin/git -json GO111MODULE x_amd64/vet git init�� GOMODCACHE x_amd64/vet /usr/bin/git ithub/workflows GO111MODULE x_amd64/vet git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git util.test 646845/b039/vet.rev-parse 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git er.test 646845/b212/vet.rev-parse 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE r: $owner, name:-nilfunc GOINSECURE GOMOD GOMODCACHE go env -json 983ee2c1:go.mod ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha from .github/aw to pkg/workflow/-f GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/TestHashStability_SameInputSameOutput366878202/001/stability-test.md go r,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,disp--show-toplevel -json flow-12345 x_amd64/vet git -C /tmp/gh-aw-test-runs/20260324-132156-30314/test-1339388770 status /usr/bin/git .github/workflowgit GO111MODULE x_amd64/vet git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build537646845/b089/vet.cfg 646845/b363/vet.cfg -json GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build537646845/b241/vet.cfg ache/node/24.14.0/x64/bin/node -json GO111MODULE repository(owne--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --cGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility /tmp/go-build116remote.origin.url -trimpath r: $owner, name: $name) { hasDiscussionsEnabled } } -p main -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -unreachable=false /tmp/go-build537646845/b077/vet.cfg 646845/b384/vet.cfg -json GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build537646845/b229/vet.cfg 0/x64/bin/node -json GO111MODULE 64/bin/go 0/x64/bin/node (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 2156-30314/test-1339388770 /tmp/go-build537646845/b108/vet.cfg cfg l GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build537646845/b202/vet.cfg 0/x64/bin/node -json GO111MODULE 64/bin/go 0/x64/bin/node (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 .go 64/pkg/tool/linux_amd64/compile l GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile -V=f�� _.a est 64/pkg/tool/linux_amd64/vet GOSUMDB ole 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet buil�� k/gh-aw/gh-aw/.github/workflows -s -w -X main.version=837136b-dirty 64/pkg/tool/linux_amd64/vet l ./cmd/gh-aw DiscussionsEnabl/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/archie.md 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/vet GOINSECURE GOMOD DiscussionsEnabl--show-toplevel x_amd64/vet stat�� k/gh-aw/gh-aw/.github/workflows GOPROXY 64/pkg/tool/linux_amd64/vet GOSUMDB GOWORK 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet stlo�� GOPATH cfg x_amd64/compile GOSUMDB GOWORK 64/bin/go x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/compile GOINSECURE GOMOD ed } } x_amd64/compile -###�� -x cfg 64/pkg/tool/linux_amd64/vet - GOWORK 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet -o k/gh-aw/gh-aw/.github/workflows cfg 64/pkg/tool/linux_amd64/vet -p main -lang=go1.25 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/compile l GOMOD ed } } x_amd64/compile -V=f�� k/gh-aw/gh-aw/.github/workflows cfg 64/pkg/tool/linux_amd64/vet l GOWORK 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linustatus --no�� k/gh-aw/gh-aw/.g.github/workflows/test.md cfg 64/pkg/tool/linux_amd64/vet l GOWORK 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha k/gh-aw/gh-aw/.g@{u} cfg 64/pkg/tool/linux_amd64/vet l GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet --ve�� k/gh-aw/gh-aw/.github/workflows cfg 64/pkg/tool/linux_amd64/vet GOSUMDB GOWORK 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows GO111MODULE repository(owne-nilfunc GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD ed } } x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE me: String!) { -nilfunc GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE repository(owne-nilfunc GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/link GOINSECURE GOMOD ed } } x_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha ithub/workflows GO111MODULE ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha ithub/workflows GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/home/REDACTED/work/gh-aw/gh-aw/.github/workflows /opt/hostedtoolcrev-parse (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha k/gh-aw/gh-aw/.ggo1.25.0 cfg 64/pkg/tool/linu-nolocalimports l GOMOD ed } } 64/pkg/tool/linutest@example.com /usr�� --version GOPROXY 64/pkg/tool/linux_amd64/vet GOSUMDB GOWORK 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet rev-�� 2713885615/.github/workflows cfg 64/pkg/tool/linux_amd64/vet l GOWORK 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE repository(owner: $owner, name:-f GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build537646845/b402/cli.test /tmp/go-build537646845/b402/cli.test -test.testlogfile=/tmp/go-build537646845/b402/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu-buildtags env -json GO111MODULE repository(owne-nilfunc GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

---

Changeset

• Type: patch
• Description: Update default CLI versions by bumping MCP Gateway from v0.2.3 to v0.2.4 and APM from v0.8.4 to v0.8.5.

Generated by Changeset Generator for issue #22693 · ◷

---

---

✨ PR Review Safe Output Test - Run 23491903291

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• chore: bump MCP Gateway v0.2.3→v0.2.4, APM v0.8.4→v0.8.5 #22693 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[Copilot]

Pull request overview

Updates pinned tool versions used by gh-aw to pick up the latest MCP Gateway and APM releases, and propagates the MCP Gateway bump through regenerated workflow lock files.

Changes:

• Bump DefaultMCPGatewayVersion from v0.2.3 → v0.2.4.
• Bump DefaultAPMVersion from v0.8.4 → v0.8.5.
• Regenerate workflow lock files to pin ghcr.io/github/gh-aw-mcpg to v0.2.4.

Reviewed changes

Copilot reviewed 178 out of 178 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pkg/constants/constants.go	Updates default MCP Gateway and APM versions used by compilers/generators.
.github/workflows/workflow-health-manager.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/workflow-generator.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/video-analyzer.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/update-astro.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/ubuntu-image-analyzer.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/tidy.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/test-workflow.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/test-project-url-default.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/test-dispatcher.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/test-create-pr-error-handling.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/technical-doc-writer.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/super-linter.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/step-name-alignment.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/static-analysis-report.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/smoke-test-tools.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/smoke-project.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/smoke-call-workflow.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/smoke-agent-public-none.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/smoke-agent-public-approved.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/smoke-agent-all-none.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/security-compliance.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/schema-feature-coverage.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/schema-consistency-checker.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/research.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/repo-tree-map.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/release.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/refiner.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/poem-bot.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/plan.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/pdf-summary.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/org-health-report.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/metrics-collector.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/mergefest.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/lockfile-stats.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/layout-spec-maintainer.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/issue-monster.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/instructions-janitor.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/hourly-ci-cleaner.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/grumpy-reviewer.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/gpclean.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/github-mcp-tools-report.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/github-mcp-structural-analysis.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/firewall.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/firewall-escape.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/example-permissions-warning.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/draft-pr-cleanup.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/dictation-prompt.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/dev.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/delight.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/deep-report.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/dead-code-remover.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-team-status.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-team-evolution-insights.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-security-red-team.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-secrets-analysis.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-safe-outputs-conformance.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-fact.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-doc-updater.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-doc-healer.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-community-attribution.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-code-metrics.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/daily-choice-test.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/craft.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/copilot-session-insights.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/copilot-agent-analysis.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/contribution-check.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/constraint-solving-potd.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/commit-changes-analyzer.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/codex-github-remote-mcp-test.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/code-simplifier.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/cli-version-checker.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/ci-doctor.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/ci-coach.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/changeset.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/bot-detection.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/artifacts-summary.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/ai-moderator.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.
.github/workflows/ace-editor.lock.yml	Updates pinned MCP Gateway image tag to v0.2.4 in predownload/run commands.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	v4.52.4
curl	✅	8.5.0
gh	✅	2.87.3
node	✅	v20.20.1
python3	✅	3.12.3
go	✅	1.24.13
java	✅	openjdk 21.0.10
dotnet	✅	10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test · ◷

[github-actions]

Smoke Test: Copilot - 23491903232

Test
GitHub MCP	✅
MCP Scripts GH CLI	✅
Serena MCP	❌
Playwright	✅
Web Fetch	✅
File Writing	✅
Bash Tool	✅
Discussion Interaction	✅
Build gh-aw	✅
Discussion Creation	✅
Workflow Dispatch	✅
PR Review	✅

Status: ⚠️ PARTIAL PASS (11/12)
Author: @app/copilot-swe-agent | Assignees: @pelikhan, @Copilot

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• chore: bump MCP Gateway v0.2.3→v0.2.4, APM v0.8.4→v0.8.5 #22693 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions]

Smoke test review ✅ This PR bumps MCP Gateway v0.2.3→v0.2.4 and APM v0.8.4→v0.8.5 consistently across lock files. Version bump looks clean.

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• #22693 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

MCP Gateway bumped from v0.2.3 → v0.2.4 ✅ Good to see the version updated consistently across all workflows.

[github-actions]

The MCP_GATEWAY_DOCKER_COMMAND export is quite long. Consider whether this could be broken into multiple lines for readability, or extracted into a separate env variable block.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Commit pushed: 8fe93d4

Generated by Changeset Generator

[github-actions]

Smoke Test Run 23491903291 — PARTIAL (2 skipped, 0 failed)

Core tests: ✅✅✅✅✅✅✅✅✅✅✅
PR review tests: ✅✅✅⚠️✅✅⚠️

• rejig docs #1 GitHub MCP ✅ Add workflow: githubnext/agentics/weekly-research #2 GH CLI ✅ Add workflow: githubnext/agentics/weekly-research #3 Serena ✅ Add workflow: githubnext/agentics/weekly-research #4 Build ✅ Add workflow: githubnext/agentics/weekly-research #5 Playwright ✅
• add cli flag to guard dropping a agentic workflow instructinos file #6 Tavily ✅ Weekly Research Report: AI Workflow Automation Landscape and Market Opportunities - August 2025 #7 File Write ✅ Add workflow: githubnext/agentics/weekly-research #8 Bash ✅ Weekly Research Report: AI Workflow Automation Landscape and Strategic Opportunities - August 2025 #9 Discussion ✅ Remove ai-inference, opencode, genaiscript agentic engines for now #10 AW MCP ✅ Fix orphan removal on "gh aw remove" #11 Slack ✅
• Weekly Research Report: AI Workflow Automation Landscape and Strategic Opportunities - August 2025 #12 Update PR ✅ Add codex test action #13 Review Comments ✅ codex naming #14 Submit Review ✅ Revise caution note in README (#674) #15 Resolve Thread ⚠️ Update default model in Codex engine to o4-mini and adjust test expectations #16 Add Reviewer ✅ Enhance timestamp and token usage extraction for Codex format in logs #17 Push Branch ✅ openai codex mcp server #18 Close PR ⚠️

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• chore: bump MCP Gateway v0.2.3→v0.2.4, APM v0.8.4→v0.8.5 #22693 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

💥 Automated smoke test review - all systems nominal!

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• #22693 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

MCP Gateway bumped from v0.2.3 → v0.2.4 ✅ Good to see the container image version is consistently updated across all lock files.

[github-actions]

The MCP_GATEWAY_DOCKER_COMMAND env var correctly references the updated ghcr.io/github/gh-aw-mcpg:v0.2.4 image. Version bump looks consistent with line 348.

[github-actions]

Smoke test (Codex) results:

• Merged PRs (GitHub MCP): fix: surface full error message in agent failure issue comments #22689 fix: surface full error message in agent failure issue comments; feat: add on-demand workflow_dispatch trigger to auto-triage-issues for label backfill #22688 feat: add on-demand workflow_dispatch trigger to auto-triage-issues for label backfill ✅
• Serena MCP (activate_project + find_symbol >=3) ✅
• Playwright (github.com title contains "GitHub") ✅
• Web Fetch (https://github.com contains "GitHub") ✅
• File write (/tmp/gh-aw/agent/smoke-test-codex-23491903229.txt) ✅
• Bash verify (cat readback) ✅
• Build (GOCACHE=/tmp/go-cache GOMODCACHE=/tmp/go-mod make build) ✅
  Overall status: PASS

🔮 The oracle has spoken through Smoke Codex · ◷