perf: optimize security-guard token usage (#1648)

* perf: optimize security-guard token usage

- Restrict GitHub toolsets from [default] (52 tools) to
  [pull_requests, repos] (only tools actually used)
- Add pre-compute step to fetch PR diff before agent starts,
  reducing tool calls needed for initial PR analysis
- Add max-turns: 15 to prevent runaway token consumption
- Add explicit network: allowed: [github] to restrict egress
- Update prompt to reference pre-fetched diff data

Closes #1647

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address review feedback on pre-compute step

- Fix GITHUB_OUTPUT redirect: wrap gh api + delimiters in block
  redirect so output actually reaches the step output variable
- Add if: guard for workflow_dispatch where PR number is absent
- Network groups: kept as github-only since compiler auto-adds
  Claude API domains; api-proxy is not a standard network group

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: use jq string concatenation to avoid YAML escaping issue

The jq string interpolation with escaped quotes (\"") gets
double-escaped by the gh-aw compiler's YAML quoting, producing
invalid jq at runtime. Switch to string concatenation (+) which
avoids nested quotes entirely.

Also simplifies the binary fallback from '"(binary)"' to '""'
since binary files with no patch data aren't useful for review.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: use unique heredoc delimiter to avoid EOF collision

The PR diff content can contain literal 'EOF' strings (e.g., from
heredoc usage in shell scripts), which prematurely closes the
GITHUB_OUTPUT delimiter. Use a timestamp-based unique delimiter
(GHAW_PR_FILES_<epoch>) that won't collide with diff content.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: handle SIGPIPE in Fetch PR changed files step to prevent missing delimiter error (#1651)

When the PR diff exceeds 8000 bytes, `gh api ... | head -c 8000` causes
SIGPIPE (exit 141) on the gh api process. GitHub Actions bash uses
`-eo pipefail`, so the pipeline failure aborts the subshell before
writing the closing heredoc delimiter to GITHUB_OUTPUT, resulting in:

  ##[error]Invalid value. Matching delimiter not found 'GHAW_PR_FILES_...'

Fix: add `|| true` after `head -c 8000` to swallow the SIGPIPE/pipefail
error, ensuring the closing delimiter is always written to GITHUB_OUTPUT.

Fixes failing job: https://github.com/github/gh-aw-firewall/actions/runs/23964770751/job/69902358339

Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/c8b8f958-f52e-4390-af7d-f094e20e68da

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* fix: recompile security-guard.lock.yml to fix frontmatter hash mismatch (#1652)

Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/0e4673e6-6f23-4e2d-8cc7-ccb922b81091

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* fix: ensure newline before heredoc closing delimiter

head -c 8000 can truncate mid-line, leaving no trailing newline.
The closing delimiter then appears on the same line as content
and GitHub Actions fails to recognize it. Add an explicit echo
to guarantee the delimiter is on its own line.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: increase smoke-claude max-turns and fix playwright log dir permissions (#1653)

Root cause: Claude exceeded max-turns (9 > 8) because mcp__playwright__browser_navigate
failed 3 times with EACCES on /tmp/gh-aw/mcp-logs/playwright/*.yml, consuming extra turns.

Fixes:
1. Add pre-step to create /tmp/gh-aw/mcp-logs/playwright with chmod 777 before MCP
   Gateway starts - this ensures the playwright container can write page snapshot YAML files
2. Increase max-turns from 8 to 12 to handle transient playwright retries more robustly

Recompile smoke-claude.lock.yml and run post-processing scripts.

Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/7c6a8e3c-9a33-488d-a2a7-d54bdaed44a2

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

Author: 3 people

.github/aw/actions-lock.json

@@ -50,6 +50,11 @@
       "version": "v0.65.3",
       "sha": "6b4da262b8f7e0e253d1ae84f400a843b918a4ab"
     },
+    "github/gh-aw-actions/setup@v0.65.5": {
+      "repo": "github/gh-aw-actions/setup",
+      "version": "v0.65.5",
+      "sha": "15b2fa31e9a1b771c9773c162273924d8f5ea516"
+    },
     "github/gh-aw/actions/setup@v0.42.0": {
       "repo": "github/gh-aw/actions/setup",
       "version": "v0.42.0",