chore: upgrade all workflows to gh-aw v0.71.0 (#4443)

## Summary

Upgraded all 31 agentic workflows from gh-aw v0.69.2 to v0.71.0.

## Changes

### gh-aw Version Update
- Previous: v0.69.2
- New: v0.71.0

### Key Changes from Changelog

**v0.71.0:**
- Setup Node.js now included in threat-detection jobs
- OTLP tracing for cancelled runs
- Claude engine: `bypassPermissions` → `acceptEdits`

**v0.70.0:**
- `merge-pull-request` safe output
- Container image digest pinning
- `gh-proxy` mode (`tools.github.mode: gh-proxy`)
- Sticky comments for `add_comment`
- Multi-repo `push_to_pull_request_branch`
- Fixed action pin regression from v0.68.3

### Workflow .md Changes (4 files)
Codemod migrated `features.cli-proxy: true` → `tools.github.mode:
gh-proxy`:
- `issue-monster.md`
- `smoke-copilot.md`
- `test-coverage-improver.md`
- `test-improver.md`

Manually removed empty `features:` keys left by codemod.

### Action Version Bumps
- `gh-aw-actions/setup`: v0.69.2 → v0.71.0
- `gh-aw-actions/copilot-setup-steps`: v0.68.2 → v0.71.0
- `actions/setup-node`: v6.3.0 → v6.4.0
- `astral-sh/setup-uv`: v8.0.0 → v8.1.0
- `github/codeql-action`: v4.35.1 → v4.35.2
- `super-linter/super-linter`: v2.10.4 → v2.11.0
- `getsentry/sentry-cli-action`: v1.301.0 → v1.305.0

### Upgrade Method
- Ran `gh aw upgrade` (v0.71.0)
- Fixed 4 compilation errors (empty `features:` keys)
- Recompiled all 31 workflows successfully

### Testing
- ✅ All 31 workflows compile successfully
- ✅ All `.lock.yml` files generated
- ✅ 0 compilation errors, 2 pre-existing warnings

Author: lpcox

.github/agents/agentic-workflows.agent.md

@@ -30,7 +30,7 @@ Workflows may optionally include:
 - Workflow files: `.github/workflows/*.md` and `.github/workflows/**/*.md`
 - Workflow lock files: `.github/workflows/*.lock.yml`
 - Shared components: `.github/workflows/shared/*.md`
-- Configuration: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/github-agentic-workflows.md
+- Configuration: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/github-agentic-workflows.md
 
 ## Problems This Solves
 
@@ -52,7 +52,7 @@ When you interact with this agent, it will:
 ### Create New Workflow
 **Load when**: User wants to create a new workflow from scratch, add automation, or design a workflow that doesn't exist yet
 
-**Prompt file**: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/create-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/create-agentic-workflow.md
 
 **Use cases**:
 - "Create a workflow that triages issues"
@@ -62,7 +62,7 @@ When you interact with this agent, it will:
 ### Update Existing Workflow  
 **Load when**: User wants to modify, improve, or refactor an existing workflow
 
-**Prompt file**: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/update-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/update-agentic-workflow.md
 
 **Use cases**:
 - "Add web-fetch tool to the issue-classifier workflow"
@@ -72,7 +72,7 @@ When you interact with this agent, it will:
 ### Debug Workflow  
 **Load when**: User needs to investigate, audit, debug, or understand a workflow, troubleshoot issues, analyze logs, or fix errors
 
-**Prompt file**: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/debug-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/debug-agentic-workflow.md
 
 **Use cases**:
 - "Why is this workflow failing?"
@@ -82,7 +82,7 @@ When you interact with this agent, it will:
 ### Upgrade Agentic Workflows
 **Load when**: User wants to upgrade workflows to a new gh-aw version or fix deprecations
 
-**Prompt file**: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/upgrade-agentic-workflows.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/upgrade-agentic-workflows.md
 
 **Use cases**:
 - "Upgrade all workflows to the latest version"
@@ -92,7 +92,7 @@ When you interact with this agent, it will:
 ### Create a Report-Generating Workflow
 **Load when**: The workflow being created or updated produces reports — recurring status updates, audit summaries, analyses, or any structured output posted as a GitHub issue, discussion, or comment
 
-**Prompt file**: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/report.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/report.md
 
 **Use cases**:
 - "Create a weekly CI health report"
@@ -102,7 +102,7 @@ When you interact with this agent, it will:
 ### Create Shared Agentic Workflow
 **Load when**: User wants to create a reusable workflow component or wrap an MCP server
 
-**Prompt file**: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/create-shared-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/create-shared-agentic-workflow.md
 
 **Use cases**:
 - "Create a shared component for Notion integration"
@@ -112,7 +112,7 @@ When you interact with this agent, it will:
 ### Fix Dependabot PRs
 **Load when**: User needs to close or fix open Dependabot PRs that update dependencies in generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`)
 
-**Prompt file**: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/dependabot.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/dependabot.md
 
 **Use cases**:
 - "Fix the open Dependabot PRs for npm dependencies"
@@ -122,7 +122,7 @@ When you interact with this agent, it will:
 ### Analyze Test Coverage
 **Load when**: The workflow reads, analyzes, or reports test coverage — whether triggered by a PR, a schedule, or a slash command. Always consult this prompt before designing the coverage data strategy.
 
-**Prompt file**: https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/test-coverage.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/test-coverage.md
 
 **Use cases**:
 - "Create a workflow that comments coverage on PRs"
@@ -169,10 +169,10 @@ gh aw compile --validate
 
 ## Important Notes
 
-- Always reference the instructions file at https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/github-agentic-workflows.md for complete documentation
+- Always reference the instructions file at https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/github-agentic-workflows.md for complete documentation
 - Use the MCP tool `agentic-workflows` when running in GitHub Copilot Cloud
 - Workflows must be compiled to `.lock.yml` files before running in GitHub Actions
 - **Bash tools are enabled by default** - Don't restrict bash commands unnecessarily since workflows are sandboxed by the AWF
 - Follow security best practices: minimal permissions, explicit network access, no template injection
-- **Network configuration**: Use ecosystem identifiers (`node`, `python`, `go`, etc.) or explicit FQDNs in `network.allowed`. Bare shorthands like `npm` or `pypi` are **not** valid. See https://github.com/github/gh-aw/blob/v0.69.2/.github/aw/network.md for the full list of valid ecosystem identifiers and domain patterns.
+- **Network configuration**: Use ecosystem identifiers (`node`, `python`, `go`, etc.) or explicit FQDNs in `network.allowed`. Bare shorthands like `npm` or `pypi` are **not** valid. See https://github.com/github/gh-aw/blob/v0.71.0/.github/aw/network.md for the full list of valid ecosystem identifiers and domain patterns.
 - **Single-file output**: When creating a workflow, produce exactly **one** workflow `.md` file. Do not create separate documentation files (architecture docs, runbooks, usage guides, etc.). If documentation is needed, add a brief `## Usage` section inside the workflow file itself.

.github/aw/actions-lock.json

@@ -55,15 +55,10 @@
       "version": "v8",
       "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
     },
-    "actions/github-script@v9": {
-      "repo": "actions/github-script",
-      "version": "v9",
-      "sha": "373c709c69115d41ff229c7e5df9f8788daa9553"
-    },
     "actions/github-script@v9.0.0": {
       "repo": "actions/github-script",
       "version": "v9.0.0",
-      "sha": "d746ffe35508b1917358783b479e04febd2b8f71"
+      "sha": "3a2844b7e9c422d3c10d287c895573f7108da1b3"
     },
     "actions/setup-dotnet@v5.2.0": {
       "repo": "actions/setup-dotnet",
@@ -80,10 +75,10 @@
       "version": "v5.2.0",
       "sha": "be666c2fcd27ec809703dec50e508c2fdc7f6654"
     },
-    "actions/setup-node@v6.3.0": {
+    "actions/setup-node@v6.4.0": {
       "repo": "actions/setup-node",
-      "version": "v6.3.0",
-      "sha": "53b83947a5a98c8d113130e565377fae1a50d02f"
+      "version": "v6.4.0",
+      "sha": "48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e"
     },
     "actions/setup-python@v6.2.0": {
       "repo": "actions/setup-python",
@@ -115,10 +110,10 @@
       "version": "v0.24.0",
       "sha": "e22c389904149dbc22b58101806040fa8d37a610"
     },
-    "astral-sh/setup-uv@v8.0.0": {
+    "astral-sh/setup-uv@v8.1.0": {
       "repo": "astral-sh/setup-uv",
-      "version": "v8.0.0",
-      "sha": "cec208311dfd045dd5311c1add060b2062131d57"
+      "version": "v8.1.0",
+      "sha": "08807647e7069bb48b6ef5acd8ec9567f424441b"
     },
     "cli/gh-extension-precompile@v2.1.0": {
       "repo": "cli/gh-extension-precompile",
@@ -178,47 +173,47 @@
     "erlef/setup-beam@v1.24.0": {
       "repo": "erlef/setup-beam",
       "version": "v1.24.0",
-      "sha": "8d44588995e53ce789721e96227122a67826542d"
+      "sha": "fc68ffb90438ef2936bbb3251622353b3dcb2f93"
     },
-    "github/codeql-action/upload-sarif@v4.35.1": {
+    "github/codeql-action/upload-sarif@v4.35.2": {
       "repo": "github/codeql-action/upload-sarif",
-      "version": "v4.35.1",
-      "sha": "0e9f55954318745b37b7933c693bc093f7336125"
+      "version": "v4.35.2",
+      "sha": "95e58e9a2cdfd71adc6e0353d5c52f41a045d225"
     },
-    "github/gh-aw-actions/setup-cli@v0.69.2": {
+    "github/gh-aw-actions/setup-cli@v0.71.0": {
       "repo": "github/gh-aw-actions/setup-cli",
-      "version": "v0.69.2",
-      "sha": "dca90cae5e2ec0ef2275f97efcb832793c86e082"
+      "version": "v0.71.0",
+      "sha": "49157453228f9641824955e35cbeccbca74ee0fd"
     },
-    "github/gh-aw-actions/setup@v0.69.2": {
+    "github/gh-aw-actions/setup@v0.71.0": {
       "repo": "github/gh-aw-actions/setup",
-      "version": "v0.69.2",
-      "sha": "dca90cae5e2ec0ef2275f97efcb832793c86e082"
+      "version": "v0.71.0",
+      "sha": "49157453228f9641824955e35cbeccbca74ee0fd"
     },
-    "github/gh-aw/actions/setup@v0.68.2": {
+    "github/gh-aw/actions/setup@v0.71.0": {
       "repo": "github/gh-aw/actions/setup",
-      "version": "v0.68.2",
-      "sha": "265e150164f303f0ea34d429eecd2d66ebe1d26f"
+      "version": "v0.71.0",
+      "sha": "36e5c36809d74d541861dfe2b5d34a072e019ed1"
     },
     "github/stale-repos@v9.0.8": {
       "repo": "github/stale-repos",
       "version": "v9.0.8",
       "sha": "5f2e18fc5432823f96c1feb69327f665c2acab59"
     },
-    "haskell-actions/setup@v2.10.4": {
+    "haskell-actions/setup@v2.11.0": {
       "repo": "haskell-actions/setup",
-      "version": "v2.10.4",
-      "sha": "77bff5043ea8b8189e09903b6f29125b16c531f9"
+      "version": "v2.11.0",
+      "sha": "cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553"
     },
     "oven-sh/setup-bun@v2.2.0": {
       "repo": "oven-sh/setup-bun",
       "version": "v2.2.0",
       "sha": "0c5077e51419868618aeaa5fe8019c62421857d6"
     },
-    "ruby/setup-ruby@v1.301.0": {
+    "ruby/setup-ruby@v1.305.0": {
       "repo": "ruby/setup-ruby",
-      "version": "v1.301.0",
-      "sha": "4c56a21280b36d862b5fc31348f463d60bdc55d5"
+      "version": "v1.305.0",
+      "sha": "0cb964fd540e0a24c900370abf38a33466142735"
     },
     "super-linter/super-linter@v8.6.0": {
       "repo": "super-linter/super-linter",
@@ -237,21 +232,46 @@
       "digest": "sha256:c77e8c26bab6c39e8568d8e2f8c17015944849a8cbcdfb4bd9725d8893725ca2",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/agent:0.25.18@sha256:c77e8c26bab6c39e8568d8e2f8c17015944849a8cbcdfb4bd9725d8893725ca2"
     },
+    "ghcr.io/github/gh-aw-firewall/agent:0.25.26": {
+      "image": "ghcr.io/github/gh-aw-firewall/agent:0.25.26",
+      "digest": "sha256:1701aa3b61dfaab3e1d24e6413d05db7959aea5b9ba0f82e37550fabed663c58",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/agent:0.25.26@sha256:1701aa3b61dfaab3e1d24e6413d05db7959aea5b9ba0f82e37550fabed663c58"
+    },
     "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.18": {
       "image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.18",
       "digest": "sha256:d16a40a3ca6e989896d0cef9f31b9412bb1fcc8755bafcafb95012ae1078539b",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.18@sha256:d16a40a3ca6e989896d0cef9f31b9412bb1fcc8755bafcafb95012ae1078539b"
     },
+    "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.26": {
+      "image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.26",
+      "digest": "sha256:5c7a717c9ca8933d6900edc66a06dfb4007ed41c3cb19338ec9fe6e370df9af0",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/api-proxy:0.25.26@sha256:5c7a717c9ca8933d6900edc66a06dfb4007ed41c3cb19338ec9fe6e370df9af0"
+    },
+    "ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.26": {
+      "image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.26",
+      "digest": "sha256:fd6c8b67d9d90b028e68c58c6121bc57d66491685a1135a5ab69122179c4cbe6",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.26@sha256:fd6c8b67d9d90b028e68c58c6121bc57d66491685a1135a5ab69122179c4cbe6"
+    },
     "ghcr.io/github/gh-aw-firewall/squid:0.25.18": {
       "image": "ghcr.io/github/gh-aw-firewall/squid:0.25.18",
       "digest": "sha256:eb102afcfbae26ffcec016adebb74d3be7b0a5bf376ba306599cdf3effbe288e",
       "pinned_image": "ghcr.io/github/gh-aw-firewall/squid:0.25.18@sha256:eb102afcfbae26ffcec016adebb74d3be7b0a5bf376ba306599cdf3effbe288e"
     },
+    "ghcr.io/github/gh-aw-firewall/squid:0.25.26": {
+      "image": "ghcr.io/github/gh-aw-firewall/squid:0.25.26",
+      "digest": "sha256:e68b8831945e02194c7a4237179ace0edaf3cecb03044ea8bdaf4f7c435acf34",
+      "pinned_image": "ghcr.io/github/gh-aw-firewall/squid:0.25.26@sha256:e68b8831945e02194c7a4237179ace0edaf3cecb03044ea8bdaf4f7c435acf34"
+    },
     "ghcr.io/github/gh-aw-mcpg:v0.2.17": {
       "image": "ghcr.io/github/gh-aw-mcpg:v0.2.17",
       "digest": "sha256:a6dec6ec535a11c565d982afa2f98589805ed0598862b9ea9d3c751fc71afae8",
       "pinned_image": "ghcr.io/github/gh-aw-mcpg:v0.2.17@sha256:a6dec6ec535a11c565d982afa2f98589805ed0598862b9ea9d3c751fc71afae8"
     },
+    "ghcr.io/github/gh-aw-mcpg:v0.2.26": {
+      "image": "ghcr.io/github/gh-aw-mcpg:v0.2.26",
+      "digest": "sha256:bfb444facad03587ac5021b3fbb89abd4726aac51d5a0cebfcd14202e8119c57",
+      "pinned_image": "ghcr.io/github/gh-aw-mcpg:v0.2.26@sha256:bfb444facad03587ac5021b3fbb89abd4726aac51d5a0cebfcd14202e8119c57"
+    },
     "ghcr.io/github/github-mcp-server:v0.30.2": {
       "image": "ghcr.io/github/github-mcp-server:v0.30.2",
       "digest": "sha256:1687680e9297b465b398c0143a0072bbd96e3d6fd466cc04638943c8a439c0c9",
@@ -262,6 +282,11 @@
       "digest": "sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28",
       "pinned_image": "ghcr.io/github/github-mcp-server:v0.32.0@sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28"
     },
+    "ghcr.io/github/github-mcp-server:v1.0.0": {
+      "image": "ghcr.io/github/github-mcp-server:v1.0.0",
+      "digest": "sha256:d2550953f8050bc5a1c8f80d1678766f66f60bbfbcd953fdeaf661fe4269bd95",
+      "pinned_image": "ghcr.io/github/github-mcp-server:v1.0.0@sha256:d2550953f8050bc5a1c8f80d1678766f66f60bbfbcd953fdeaf661fe4269bd95"
+    },
     "mcp/filesystem": {
       "image": "mcp/filesystem",
       "digest": "sha256:35fcf0217ca0d5bf7b0a5bd68fb3b89e08174676c0e0b4f431604512cf7b3f67",