Merge origin/main to resolve conflicts

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>

Author: Copilot

.github/aw/actions-lock.json

@@ -247,11 +247,21 @@
       "digest": "sha256:0f54fa48dd1a03ef6d171574eecf9a9edbf0406cea011a534cd12ed1fcb46715",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/agent:0.25.67@sha256:0f54fa48dd1a03ef6d171574eecf9a9edbf0406cea011a534cd12ed1fcb46715"
     },
+    "ghcr.io/github/gh-aw-firewall/agent:0.27.0": {
+      "image": "ghcr.io/github/gh-aw-firewall/agent:0.27.0",
+      "digest": "sha256:3816d1692e6d96887b27f1e4f1d64b8d7edb43ed9d7506b8f203913cbb81c248",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/agent:0.27.0@sha256:3816d1692e6d96887b27f1e4f1d64b8d7edb43ed9d7506b8f203913cbb81c248"
+    },
     "ghcr.io/github/gh-aw-firewall/agent:0.27.1": {
       "image": "ghcr.io/github/gh-aw-firewall/agent:0.27.1",
       "digest": "sha256:55149fa2daf8fa8afa2803f2ac1a3534591a7c96f173ee2aec9545fbe67305df",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/agent:0.27.1@sha256:55149fa2daf8fa8afa2803f2ac1a3534591a7c96f173ee2aec9545fbe67305df"
     },
+    "ghcr.io/github/gh-aw-firewall/agent:0.27.2": {
+      "image": "ghcr.io/github/gh-aw-firewall/agent:0.27.2",
+      "digest": "sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/agent:0.27.2@sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6"
+    },
     "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.18": {
       "image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.18",
       "digest": "sha256:d16a40a3ca6e989896d0cef9f31b9412bb1fcc8755bafcafb95012ae1078539b",
@@ -292,11 +302,21 @@
       "digest": "sha256:d3f51df1869bda0e1f71ae31a81450641c6ae67404e0769469aae34c2738aeb5",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.67@sha256:d3f51df1869bda0e1f71ae31a81450641c6ae67404e0769469aae34c2738aeb5"
     },
+    "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.0": {
+      "image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.0",
+      "digest": "sha256:f28d2bd3197fb6ef9ec40ef345bbf2bb33e50151a8e72e89abb618fc3d0066eb",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.0@sha256:f28d2bd3197fb6ef9ec40ef345bbf2bb33e50151a8e72e89abb618fc3d0066eb"
+    },
     "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.1": {
       "image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.1",
       "digest": "sha256:2802437f05830336ea3ae8639f628776608d14d95b5b3cf30f161eb505e29752",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.1@sha256:2802437f05830336ea3ae8639f628776608d14d95b5b3cf30f161eb505e29752"
     },
+    "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2": {
+      "image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2",
+      "digest": "sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2@sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4"
+    },
     "ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.28": {
       "image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.28",
       "digest": "sha256:fdf310e4678ce58d248c466b89399e9680a3003038fd19322c388559016aaac7",
@@ -327,11 +347,21 @@
       "digest": "sha256:97387002ec54c8ab9f255d5aaf3d435071642e058f528c8268ca0e80b201609a",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.67@sha256:97387002ec54c8ab9f255d5aaf3d435071642e058f528c8268ca0e80b201609a"
     },
+    "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.0": {
+      "image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.0",
+      "digest": "sha256:42529ecb9f90da5adb00593d268dfdbd35d14bb1dc92dd897286b27ce1e3d58d",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.0@sha256:42529ecb9f90da5adb00593d268dfdbd35d14bb1dc92dd897286b27ce1e3d58d"
+    },
     "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.1": {
       "image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.1",
       "digest": "sha256:2e6dc98321dbf82840f83ec0ef8b198506149255a15d3a7854d59c0d34063e27",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.1@sha256:2e6dc98321dbf82840f83ec0ef8b198506149255a15d3a7854d59c0d34063e27"
     },
+    "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2": {
+      "image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2",
+      "digest": "sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2@sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0"
+    },
     "ghcr.io/github/gh-aw-firewall/squid:0.25.18": {
       "image": "ghcr.io/github/gh-aw-firewall/squid:0.25.18",
       "digest": "sha256:eb102afcfbae26ffcec016adebb74d3be7b0a5bf376ba306599cdf3effbe288e",
@@ -372,11 +402,21 @@
       "digest": "sha256:9a05085db054f41bd67c772bcfc25cabc15bc33ee993b051a31e30669dd2031f",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/squid:0.25.67@sha256:9a05085db054f41bd67c772bcfc25cabc15bc33ee993b051a31e30669dd2031f"
     },
+    "ghcr.io/github/gh-aw-firewall/squid:0.27.0": {
+      "image": "ghcr.io/github/gh-aw-firewall/squid:0.27.0",
+      "digest": "sha256:d6a01d4cf3d928e6a7fc42e34afef228e753dce87646edc91d8a5cd0b612d9a6",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/squid:0.27.0@sha256:d6a01d4cf3d928e6a7fc42e34afef228e753dce87646edc91d8a5cd0b612d9a6"
+    },
     "ghcr.io/github/gh-aw-firewall/squid:0.27.1": {
       "image": "ghcr.io/github/gh-aw-firewall/squid:0.27.1",
       "digest": "sha256:1f3df3207dc9faa9080088115ca50a5ab0d7a692c61dffa8c8898d0b7b750413",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/squid:0.27.1@sha256:1f3df3207dc9faa9080088115ca50a5ab0d7a692c61dffa8c8898d0b7b750413"
     },
+    "ghcr.io/github/gh-aw-firewall/squid:0.27.2": {
+      "image": "ghcr.io/github/gh-aw-firewall/squid:0.27.2",
+      "digest": "sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591"
+    },
     "ghcr.io/github/gh-aw-mcpg:v0.2.19": {
       "image": "ghcr.io/github/gh-aw-mcpg:v0.2.19",
       "digest": "sha256:44d4d8de7e6c37aaea484eba489940c52df6a0b54078ddcbc9327592d5b3c3dd",

.github/aw/create-agentic-workflow.md

@@ -89,6 +89,7 @@ The main agent job must stay read-only.
 
 - Do not grant `issues: write`, `pull-requests: write`, or `contents: write` to the agent job.
 - Route GitHub writes through `safe-outputs:`.
+- When targeting the Copilot coding agent, recommend `permissions: { copilot-requests: write }` so Copilot can authenticate with `${{ github.token }}`.
 - If the user asks for direct writes, explain why the safe-output pattern is required.
 
 ### 4. Select tools

.github/aw/safe-outputs-runtime.md

@@ -189,6 +189,8 @@ safe-outputs:
 
 Fields that influence permission computation (`add-comment.discussions`, `create-pull-request.fallback-as-issue`) remain literal booleans.
 
+- `timeout-minutes:` - Timeout for the safe-outputs job in minutes (integer, default: `45`)
+  - Increase for workflows with many sequential safe-output operations (e.g. `push-to-pull-request-branch` against large repositories)
 - `max-patch-size:` - Maximum allowed git patch size in kilobytes (integer, default: 1024 KB = 1 MB)
   - Patches exceeding this size are rejected to prevent accidental large changes
 - `max-patch-files:` - Maximum allowed number of unique files in a create-pull-request patch (integer, default: 100)
@@ -235,10 +237,14 @@ Fields that influence permission computation (`add-comment.discussions`, `create
 - `threat-detection:` - Threat detection configuration (auto-enabled for all safe-outputs workflows)
   - Automatically enabled by default; customizable via explicit configuration
   - Fields:
-    - `enabled:` - Enable/disable threat detection (boolean, default: `true`)
+    - `enabled:` - Enable/disable threat detection (boolean or expression, default: `true`)
     - `prompt:` - Additional instructions appended to threat detection analysis (string)
     - `engine:` - AI engine for threat detection (engine config or `false` to disable AI detection)
-    - `steps:` - Extra job steps to run after detection (array)
+    - `steps:` - Extra job steps to run before engine execution (array)
+    - `post-steps:` - Extra job steps to run after engine execution (array)
+    - `max-ai-credits:` - Per-run AIC budget for the detection engine (numeric only, no expressions; default `${{ vars.GH_AW_DEFAULT_DETECTION_MAX_AI_CREDITS || '400' }}`)
+    - `runs-on:` - Runner override for the detection job (defaults to `agent.runs-on`)
+    - `continue-on-error:` - When `true` (default), detection failures emit a warning and proceed with a `needs-review` label; when `false`, failures block safe outputs (boolean or expression)
   - Example to disable AI-based detection (use custom steps only):
 
     ```yaml

.github/aw/syntax-core.md

@@ -99,10 +99,10 @@ The YAML frontmatter supports these fields:
     - When `"full"`, checks both the frontmatter hash and body hash; use when prompt-body edits should also trigger recompilation detection
 
 - **`permissions:`** - GitHub token permissions
-  - Object with permission levels: `read`, `none`
-  - Available permissions: `contents`, `issues`, `pull-requests`, `discussions`, `actions`, `checks`, `statuses`, `models`, `deployments`, `security-events`
+  - Object with permission levels: `read`, `none` (and limited `write` for specific scopes)
+  - Available permissions: `contents`, `issues`, `pull-requests`, `discussions`, `actions`, `checks`, `statuses`, `models`, `deployments`, `security-events`, `copilot-requests`
   - Write permissions are not allowed for security reasons; use `safe-outputs` for write operations instead
-  - Exception: `id-token: write` is allowed to enable OIDC token minting for external authentication, but use with caution and follow security best practices
+  - Exceptions: `id-token: write` is allowed to enable OIDC token minting; `copilot-requests: write` is recommended when targeting the Copilot coding agent so it can authenticate with `${{ github.token }}`
 - **`runs-on:`** - Runner type for the main agent job (string, array, or object)
 - **`runs-on-slim:`** - Runner type for all framework/generated jobs (activation, safe-outputs, unlock, etc.). Defaults to `ubuntu-slim`. `safe-outputs.runs-on` takes precedence for safe-output jobs specifically.
 - **`timeout-minutes:`** - Agent execution step timeout in minutes (integer or GitHub Actions expression, defaults to 20 minutes; custom and safe-output jobs use the GitHub Actions platform default of 360 minutes unless explicitly set). Expressions are useful in compiled workflows that define `workflow_call` inputs, for example `timeout-minutes: ${{ inputs.timeout }}`. This setting applies to the workflow being compiled, not to plain GitHub Actions caller jobs that use job-level `uses:` (GitHub does not allow `timeout-minutes` on those caller jobs).

.github/aw/update-agentic-workflow.md

@@ -45,6 +45,7 @@ Use [workflow-editing.md](workflow-editing.md) as the source of truth.
 - preserve existing style and structure unless reorganization is required
 - do not rewrite unrelated frontmatter sections
 - keep the agent job read-only
+- when targeting the Copilot coding agent, recommend `permissions: { copilot-requests: write }` for Copilot authentication
 - use `safe-outputs:` for writes
 - prefer `toolsets:` for GitHub tools