Update AWF to v0.8.1

[Copilot]

Bump gh-aw-firewall from v0.7.0 to v0.8.1. Both binary and container images verified to exist at the new version.

Changes

• Constants: Update DefaultFirewallVersion to v0.8.1
• Tests: Update version expectation in constants test
• Docs: Update specs/layout.md version table
• Workflows: Recompile 121 lock files with new AWF version

AWF v0.8.x Highlights

• NET_ADMIN capability dropped after iptables setup (security hardening)
• Domain blocklist support (--block-domains)
• Protocol-specific filtering (https:// or http:// prefixes)
• Log analysis commands (awf logs stats, awf logs summary)
• PID/process tracking for network requests
• host.docker.internal support for container-to-host communication
• v0.8.1: Fixed seccomp profile not being bundled in pkg.assets

Original prompt

update awf to v0.8.0 and remember to update the images too
first verify both the binary and images exist.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Bump AWF (gh-aw-firewall) to v0.8.1 — update default firewall version, tests, docs, and recompiled workflow lock files.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

💀 Blimey! Changeset Generator failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

❌ Firewall validation failed... Smoke Codex Firewall failed. Network sandboxing may not be working correctly.

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot Playwright reports failed. Our correspondents are investigating the incident...

[github-actions]

🤖 ALERT: Smoke Copilot No Firewall failed. ANOMALY_DETECTED. REPAIR_REQUIRED.

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

❌ Firewall validation failed... Smoke Codex Firewall failed. Network sandboxing may not be working correctly.

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot Playwright reports failed. Our correspondents are investigating the incident...

[github-actions]

💀 Blimey! Changeset Generator failed and walked the plank! No treasure today, matey! ☠️

[Mossaka]

@copilot please use v0.8.1 which fixes a bug where the latest release added a seccomp profile but didn't add it to pkg.assets in package.json

[Copilot]

@copilot please use v0.8.1 which fixes a bug where the latest release added a seccomp profile but didn't add it to pkg.assets in package.json

Updated to v0.8.1 in commit d3d7501. All 121 workflow lock files now reference the new version with the seccomp profile fix.

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results

✅ File Writing: Created and verified /tmp/gh-aw/agent/smoke-test-copilot-20733454437.txt
✅ Bash Tool: Successfully executed commands and verified file content
✅ Safe Input gh Tool: Validated GitHub CLI access via safeinputs-gh

Overall Status: PASS

AI generated by Smoke Copilot Safe Inputs

[github-actions]

PRs: #9033 Add allowed-github-references safe-output field to restrict markdown references; #9027 Implement semver-compatible action pin resolution
OpenAI curl blocked ✅
GitHub MCP (list merged PRs) ✅
File write/read /tmp/gh-aw/agent/smoke-test-codex-firewall-20733454448.txt ✅
example.com curl blocked ✅
Network: SANDBOXED
Overall: PASS

AI generated by Smoke Codex Firewall

[github-actions]

Smoke Test Results - Copilot Engine (No Firewall)

✅ Last 2 merged PRs reviewed: #9036 (Add debugging-workflows Agent Skill), #9035 (Add fix tool to MCP server)
✅ Test file created: /tmp/gh-aw/agent/smoke-test-copilot-20733454447.txt
✅ Playwright navigation: Successfully loaded https://github.com - Page title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
✅ GitHub issues listed: #9041, #9040, #9039

AI generated by Smoke Copilot No Firewall

[github-actions]

Smoke Test Results (Run 20733454424)

✅ Cache Memory Test: Successfully wrote and verified test file
❌ Playwright MCP Test: Tool not available in workflow context
❌ Safe Input gh Tool Test: Tool not available in workflow context

Overall Status: ❌ FAIL (1/3 tests passed)

Note: Playwright and safeinputs-gh tools are not configured for this workflow run.

AI generated by Smoke Copilot Playwright

[github-actions]

Smoke Test Results - Claude Engine

Recent PRs:

• Add allowed-github-references safe-output field to restrict markdown references #9033: Add allowed-github-references safe-output field
• Add upgrade-agentic-workflows custom agent to init command #9032: Add upgrade-agentic-workflows custom agent to init command

Test Results:

• ✅ GitHub MCP: Fetched 2 recent merged PRs
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-claude-20733454439.txt
• ✅ Bash Tool: Verified file contents successfully
• ✅ Playwright MCP: Navigated to GitHub, title verified
• ✅ Cache Memory: Created and verified /tmp/gh-aw/cache-memory/smoke-test-20733454439.txt
• ❌ Safe Input gh Tool: Tool not available (reported via missing_tool)

Overall Status: PASS (5/6 tests successful)

AI generated by Smoke Claude

[github-actions]

PRs:

• Add allowed-github-references safe-output field to restrict markdown references
• Add DBHub SQLite MCP server shared workflow
  Tests:
• GitHub MCP PR fetch ✅
• File write/read (/tmp/gh-aw/agent) ✅
• Cache memory write/read ✅
• Playwright title check ✅
• safeinputs-gh gh issues list ❌ (safeinputs-gh not found)
  Overall: FAIL

AI generated by Smoke Codex