Pin Daily Compiler Threat Spec Optimizer to AWF v0.25.46

[Copilot]

The Daily Compiler Threat Spec Optimizer began failing in main with repeated Copilot engine 400 bad request: Authorization header is badly formatted errors. The failure surfaced immediately after the AWF runtime bump and prevented the agent phase from producing output.

• Scope

  • Apply a targeted mitigation to the affected workflow only (daily-compiler-threat-spec-optimizer), without changing global defaults.

• Change made

  • Added an explicit agent sandbox version pin in workflow frontmatter:
    • sandbox.agent.version: v0.25.46
  • Recompiled the lock file so the generated agent job resolves AWF images/schema to 0.25.46 for this workflow path.

• Resulting runtime behavior

  • The workflow now avoids AWF 0.25.48 for this job and runs on the last known-good firewall runtime for Copilot agent execution.

sandbox:
  agent:
    version: v0.25.46