From e49fe65d6d289e9f15da62ef5b90f9be9e962484 Mon Sep 17 00:00:00 2001 From: Dima Birenbaum Date: Thu, 19 Feb 2026 10:33:11 +0200 Subject: [PATCH 1/3] fix(ci): disable lockdown mode in agentic workflow for org token compatibility --- .github/workflows/msdo-issue-assistant.lock.yml | 14 +------------- .github/workflows/msdo-issue-assistant.md | 2 +- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/.github/workflows/msdo-issue-assistant.lock.yml b/.github/workflows/msdo-issue-assistant.lock.yml index 22c2888..0b2d69c 100644 --- a/.github/workflows/msdo-issue-assistant.lock.yml +++ b/.github/workflows/msdo-issue-assistant.lock.yml @@ -22,7 +22,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# frontmatter-hash: 4bf03e9e11bd04bb55e99ee33e0b0ce4c4adbb6c7f0056ec467744cfbeb23175 +# frontmatter-hash: 4328471ec936d196d8e3cd83c860cc670827d9b785cf7e2faac6827c1f4c9dd0 name: "MSDO Issue Triage Assistant" "on": @@ -181,17 +181,6 @@ jobs: run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.409 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.17.0 - - name: Validate lockdown mode requirements - id: validate-lockdown-requirements - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - env: - GITHUB_MCP_LOCKDOWN_EXPLICIT: "true" - GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} - GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} - with: - script: | - const validateLockdownRequirements = require('/opt/gh-aw/actions/validate_lockdown_requirements.cjs'); - validateLockdownRequirements(core); - name: Download container images run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.17.0 ghcr.io/github/gh-aw-firewall/squid:0.17.0 ghcr.io/github/gh-aw-mcpg:v0.1.4 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config @@ -452,7 +441,6 @@ jobs: "type": "stdio", "container": "ghcr.io/github/github-mcp-server:v0.30.3", "env": { - "GITHUB_LOCKDOWN_MODE": "1", "GITHUB_PERSONAL_ACCESS_TOKEN": "\${GITHUB_MCP_SERVER_TOKEN}", "GITHUB_READ_ONLY": "1", "GITHUB_TOOLSETS": "issues" diff --git a/.github/workflows/msdo-issue-assistant.md b/.github/workflows/msdo-issue-assistant.md index aa1adfa..c3c0dbd 100644 --- a/.github/workflows/msdo-issue-assistant.md +++ b/.github/workflows/msdo-issue-assistant.md @@ -22,7 +22,7 @@ network: tools: github: - lockdown: true + lockdown: false toolsets: [issues] fetch: allowed-domains: From dfe290eef390f323ab0192eaee97cd2018e5feef Mon Sep 17 00:00:00 2001 From: Dima Birenbaum Date: Fri, 20 Feb 2026 11:11:28 +0200 Subject: [PATCH 2/3] Fix formatting in MSDO Issue Assistant workflow file Signed-off-by: Dima Birenbaum --- .github/workflows/msdo-issue-assistant.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/msdo-issue-assistant.md b/.github/workflows/msdo-issue-assistant.md index c3c0dbd..9736e6d 100644 --- a/.github/workflows/msdo-issue-assistant.md +++ b/.github/workflows/msdo-issue-assistant.md @@ -1,5 +1,5 @@ --- -# MSDO Issue Assistant - GitHub Agentic Workflow +# MSDO Issue Assistant - GitHub Agentic Workflow # Automatically triage and respond to issues using wiki knowledge on: @@ -132,4 +132,4 @@ Keep responses: → Do not respond. No new technical information to act on. **Non-author comment on existing issue:** A third party comments "I have the same problem." -→ Do not respond. The commenter is not the issue author. \ No newline at end of file +→ Do not respond. The commenter is not the issue author. From 785f593fee1fe623d46dbe1081adeb46ce86f8b1 Mon Sep 17 00:00:00 2001 From: Dima Birenbaum Date: Fri, 20 Feb 2026 11:11:50 +0200 Subject: [PATCH 3/3] Fix formatting in MSDO Issue Assistant workflow file Signed-off-by: Dima Birenbaum --- .github/workflows/msdo-issue-assistant.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/msdo-issue-assistant.md b/.github/workflows/msdo-issue-assistant.md index 9736e6d..33dc53f 100644 --- a/.github/workflows/msdo-issue-assistant.md +++ b/.github/workflows/msdo-issue-assistant.md @@ -1,5 +1,5 @@ --- -# MSDO Issue Assistant - GitHub Agentic Workflow +# MSDO Issue Assistant - GitHub Agentic Workflow # Automatically triage and respond to issues using wiki knowledge on: