From 4471d8f7b8500ccc50eced3ddcdab242173d42e3 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 25 May 2026 15:21:26 +0000
Subject: [PATCH 1/2] feat: add shared PMG workflow and import in 3 workflows

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .github/workflows/agentic-token-audit.md      |  2 ++
 .../dataflow-pr-discussion-dataset.md         |  1 +
 .github/workflows/hippo-embed.md              |  1 +
 .github/workflows/shared/pmg.md               | 33 +++++++++++++++++++
 4 files changed, 37 insertions(+)
 create mode 100644 .github/workflows/shared/pmg.md

diff --git a/.github/workflows/agentic-token-audit.md b/.github/workflows/agentic-token-audit.md
index 2057c86f61c..0d38a4919ef 100644
--- a/.github/workflows/agentic-token-audit.md
+++ b/.github/workflows/agentic-token-audit.md
@@ -69,6 +69,8 @@ steps:
         echo '{"runs":[],"summary":{}}' > /tmp/gh-aw/agent/token-audit/workflow-logs.json
       fi
 timeout-minutes: 25
+imports:
+  - shared/pmg.md
 source: githubnext/agentic-ops/workflows/agentic-token-audit.md@e10687ae8f19a5b37b061db524be27948568c411
 ---
 
diff --git a/.github/workflows/dataflow-pr-discussion-dataset.md b/.github/workflows/dataflow-pr-discussion-dataset.md
index 007a1b186d3..32a5b50e21c 100644
--- a/.github/workflows/dataflow-pr-discussion-dataset.md
+++ b/.github/workflows/dataflow-pr-discussion-dataset.md
@@ -16,6 +16,7 @@ network:
     - python
     - github-actions
 imports:
+  - shared/pmg.md
   - uses: shared/discussions-data-fetch.md
   - uses: shared/repo-memory-standard.md
     with:
diff --git a/.github/workflows/hippo-embed.md b/.github/workflows/hippo-embed.md
index 9be19ea1158..ec06101ab57 100644
--- a/.github/workflows/hippo-embed.md
+++ b/.github/workflows/hippo-embed.md
@@ -40,6 +40,7 @@ steps:
       npm install -g @xenova/transformers
 
 imports:
+  - shared/pmg.md
   - shared/hippo-memory.md
 
   - shared/otlp.md
diff --git a/.github/workflows/shared/pmg.md b/.github/workflows/shared/pmg.md
new file mode 100644
index 00000000000..db3b2fc2323
--- /dev/null
+++ b/.github/workflows/shared/pmg.md
@@ -0,0 +1,33 @@
+---
+pre-steps:
+  - name: Install PMG (Package Manager Guard)
+    uses: safedep/pmg@v1
+---
+<!--
+# PMG — Package Manager Guard
+
+This shared workflow installs [PMG](https://github.com/safedep/pmg) — a supply chain security
+tool that intercepts `npm`, `pip`, `poetry`, `yarn`, `bun`, `uv`, and other package managers to
+block malicious packages **before** they execute.
+
+PMG provides:
+- **Malware blocking** — checks every package against SafeDep's real-time threat intelligence
+- **Dependency cooldown** — blocks package versions published within a configurable window
+- **Transparent interception** — wraps the package managers you already use (no workflow changes)
+
+## Usage
+
+Add as the **first** `imports:` entry in any workflow that installs third-party packages so
+PMG's shims are in place before any `steps:` package installs run:
+
+```yaml
+imports:
+  - shared/pmg.md       # must be first
+  - shared/other.md
+```
+
+## References
+
+- https://github.com/safedep/pmg
+- https://github.com/safedep/pmg/blob/main/docs/github-action.md
+-->

From 1cb7bace2c55a96186eca76cbdb904e74571e2da Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 25 May 2026 15:43:57 +0000
Subject: [PATCH 2/2] chore: merge main and recompile workflows with PMG import

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .github/aw/actions-lock.json                  |  5 ++
 .../workflows/agentic-token-audit.lock.yml    | 37 ++++++++------
 .../dataflow-pr-discussion-dataset.lock.yml   | 34 +++++++------
 .github/workflows/hippo-embed.lock.yml        | 50 +++++++++++--------
 4 files changed, 76 insertions(+), 50 deletions(-)

diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json
index e32165f654c..a118380bc65 100644
--- a/.github/aw/actions-lock.json
+++ b/.github/aw/actions-lock.json
@@ -198,6 +198,11 @@
       "version": "v1.308.0",
       "sha": "97ecb7b512899eb71ab1bf2310a624c6f1589ac6"
     },
+    "safedep/pmg@v1": {
+      "repo": "safedep/pmg",
+      "version": "v1",
+      "sha": "46cc70db535107183c9e752bb55d1d5c5f1a9290"
+    },
     "super-linter/super-linter@v8.6.0": {
       "repo": "super-linter/super-linter",
       "version": "v8.6.0",
diff --git a/.github/workflows/agentic-token-audit.lock.yml b/.github/workflows/agentic-token-audit.lock.yml
index 573bf282b33..cb587c9fa6e 100644
--- a/.github/workflows/agentic-token-audit.lock.yml
+++ b/.github/workflows/agentic-token-audit.lock.yml
@@ -1,5 +1,5 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"54457d66b74b0db06adb31535d6ec19b4698a575b88d637ac4ba281d989dbd63","strict":true,"agent_id":"copilot"}
-# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"4a3601121dd01d1626a1e23e37211e3254c1c06c","version":"v6.4.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/setup-python","sha":"a309ff8b426b58ec0e2a45f0f869d46889d02405","version":"v6.2.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"docker/build-push-action","sha":"bcafcacb16a39f128d818304e6c9c0c18556b85f","version":"v7.1.0"},{"repo":"docker/setup-buildx-action","sha":"4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd","version":"v4.0.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.54"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.18"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4","digest":"sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.4@sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e090d291cc95eb6472b7fb5e89d8647884bfe44c26f465810b19f1816cb70cf6","strict":true,"agent_id":"copilot"}
+# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"4a3601121dd01d1626a1e23e37211e3254c1c06c","version":"v6.4.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/setup-python","sha":"a309ff8b426b58ec0e2a45f0f869d46889d02405","version":"v6.2.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"docker/build-push-action","sha":"bcafcacb16a39f128d818304e6c9c0c18556b85f","version":"v7.1.0"},{"repo":"docker/setup-buildx-action","sha":"4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd","version":"v4.0.0"},{"repo":"safedep/pmg","sha":"46cc70db535107183c9e752bb55d1d5c5f1a9290","version":"v1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.54"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.18"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4","digest":"sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.4@sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]}
 #    ___                   _   _      
 #   / _ \                 | | (_)     
 #  | |_| | __ _  ___ _ __ | |_ _  ___ 
@@ -26,6 +26,10 @@
 #
 # Source: githubnext/agentic-ops/workflows/agentic-token-audit.md@e10687ae8f19a5b37b061db524be27948568c411
 #
+# Resolved workflow manifest:
+#   Imports:
+#     - shared/pmg.md
+#
 # Secrets used:
 #   - COPILOT_GITHUB_TOKEN
 #   - GH_AW_GITHUB_MCP_SERVER_TOKEN
@@ -43,6 +47,7 @@
 #   - actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
 #   - docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
 #   - docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+#   - safedep/pmg@46cc70db535107183c9e752bb55d1d5c5f1a9290 # v1
 #
 # Container images used:
 #   - ghcr.io/github/gh-aw-firewall/agent:0.25.54
@@ -193,24 +198,24 @@ jobs:
         run: |
           bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
           {
-          cat << 'GH_AW_PROMPT_701a55778e9415c7_EOF'
+          cat << 'GH_AW_PROMPT_9c5b474e88fa8461_EOF'
           <system>
-          GH_AW_PROMPT_701a55778e9415c7_EOF
+          GH_AW_PROMPT_9c5b474e88fa8461_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/agentic_workflows_guide.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
-          cat << 'GH_AW_PROMPT_701a55778e9415c7_EOF'
+          cat << 'GH_AW_PROMPT_9c5b474e88fa8461_EOF'
           <safe-output-tools>
           Tools: create_issue, upload_asset(max:5), missing_tool, missing_data, noop
           
           upload_asset: provide a file path; returns a URL; assets are published after the workflow completes (safeoutputs).
           </safe-output-tools>
-          GH_AW_PROMPT_701a55778e9415c7_EOF
+          GH_AW_PROMPT_9c5b474e88fa8461_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
-          cat << 'GH_AW_PROMPT_701a55778e9415c7_EOF'
+          cat << 'GH_AW_PROMPT_9c5b474e88fa8461_EOF'
           <github-context>
           The following GitHub context information is available for this workflow:
           {{#if github.actor}}
@@ -239,12 +244,13 @@ jobs:
           {{/if}}
           </github-context>
           
-          GH_AW_PROMPT_701a55778e9415c7_EOF
+          GH_AW_PROMPT_9c5b474e88fa8461_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
-          cat << 'GH_AW_PROMPT_701a55778e9415c7_EOF'
+          cat << 'GH_AW_PROMPT_9c5b474e88fa8461_EOF'
           </system>
+          {{#runtime-import .github/workflows/shared/pmg.md}}
           {{#runtime-import .github/workflows/agentic-token-audit.md}}
-          GH_AW_PROMPT_701a55778e9415c7_EOF
+          GH_AW_PROMPT_9c5b474e88fa8461_EOF
           } > "$GH_AW_PROMPT"
       - name: Interpolate variables and render templates
         uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -395,6 +401,9 @@ jobs:
             echo "GH_AW_SAFE_OUTPUTS_CONFIG_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/config.json"
             echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json"
           } >> "$GITHUB_OUTPUT"
+      - name: Install PMG (Package Manager Guard)
+        uses: safedep/pmg@46cc70db535107183c9e752bb55d1d5c5f1a9290 # v1
+
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
@@ -568,9 +577,9 @@ jobs:
           mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
           mkdir -p /tmp/gh-aw/safeoutputs
           mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
-          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << GH_AW_SAFE_OUTPUTS_CONFIG_0d9a89b9753d6d37_EOF
+          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << GH_AW_SAFE_OUTPUTS_CONFIG_f5d283f1660e0a20_EOF
           {"create_issue":{"close_older_issues":true,"expires":72,"max":1,"title_prefix":"[agentic-token-audit] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":51200}]},"report_incomplete":{},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg",".svg"],"branch":"assets/${GITHUB_WORKFLOW}","max":5,"max-size":10240}}
-          GH_AW_SAFE_OUTPUTS_CONFIG_0d9a89b9753d6d37_EOF
+          GH_AW_SAFE_OUTPUTS_CONFIG_f5d283f1660e0a20_EOF
       - name: Generate Safe Outputs Tools
         env:
           GH_AW_TOOLS_META_JSON: |
@@ -792,7 +801,7 @@ jobs:
           
           mkdir -p /home/runner/.copilot
           GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
-          cat << GH_AW_MCP_CONFIG_75512bb0406199f0_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+          cat << GH_AW_MCP_CONFIG_2ff8186f18fbd2a0_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
           {
             "mcpServers": {
               "agenticworkflows": {
@@ -852,7 +861,7 @@ jobs:
               "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
             }
           }
-          GH_AW_MCP_CONFIG_75512bb0406199f0_EOF
+          GH_AW_MCP_CONFIG_2ff8186f18fbd2a0_EOF
       - name: Mount MCP servers as CLIs
         id: mount-mcp-clis
         continue-on-error: true
diff --git a/.github/workflows/dataflow-pr-discussion-dataset.lock.yml b/.github/workflows/dataflow-pr-discussion-dataset.lock.yml
index e55e12dd423..286aad69a28 100644
--- a/.github/workflows/dataflow-pr-discussion-dataset.lock.yml
+++ b/.github/workflows/dataflow-pr-discussion-dataset.lock.yml
@@ -1,5 +1,5 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f75d770945efc8b72b752778714f2e894e9694c80ba71c6bd7c55016f4840548","strict":true,"agent_id":"copilot"}
-# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.54"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.18"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4","digest":"sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.4@sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7c27093dcc4254d174ec4d27b22fba54eb59abf71d961ebb609ed74d6af16f54","strict":true,"agent_id":"copilot"}
+# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"safedep/pmg","sha":"46cc70db535107183c9e752bb55d1d5c5f1a9290","version":"v1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.54"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.18"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4","digest":"sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.4@sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]}
 #    ___                   _   _      
 #   / _ \                 | | (_)     
 #  | |_| | __ _  ___ _ __ | |_ _  ___ 
@@ -28,6 +28,7 @@
 #   Imports:
 #     - shared/discussions-data-fetch.md
 #     - shared/otlp.md
+#     - shared/pmg.md
 #     - shared/repo-memory-standard.md
 #     - shared/reporting.md
 #
@@ -49,6 +50,7 @@
 #   - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
 #   - actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
 #   - actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+#   - safedep/pmg@46cc70db535107183c9e752bb55d1d5c5f1a9290 # v1
 #
 # Container images used:
 #   - ghcr.io/github/gh-aw-firewall/agent:0.25.54
@@ -209,22 +211,22 @@ jobs:
         run: |
           bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
           {
-          cat << 'GH_AW_PROMPT_4419c1645398e116_EOF'
+          cat << 'GH_AW_PROMPT_118d1808beaa0373_EOF'
           <system>
-          GH_AW_PROMPT_4419c1645398e116_EOF
+          GH_AW_PROMPT_118d1808beaa0373_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
-          cat << 'GH_AW_PROMPT_4419c1645398e116_EOF'
+          cat << 'GH_AW_PROMPT_118d1808beaa0373_EOF'
           <safe-output-tools>
           Tools: create_discussion, missing_tool, missing_data, noop
           </safe-output-tools>
-          GH_AW_PROMPT_4419c1645398e116_EOF
+          GH_AW_PROMPT_118d1808beaa0373_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
-          cat << 'GH_AW_PROMPT_4419c1645398e116_EOF'
+          cat << 'GH_AW_PROMPT_118d1808beaa0373_EOF'
           <github-context>
           The following GitHub context information is available for this workflow:
           {{#if github.actor}}
@@ -253,16 +255,17 @@ jobs:
           {{/if}}
           </github-context>
           
-          GH_AW_PROMPT_4419c1645398e116_EOF
+          GH_AW_PROMPT_118d1808beaa0373_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md"
-          cat << 'GH_AW_PROMPT_4419c1645398e116_EOF'
+          cat << 'GH_AW_PROMPT_118d1808beaa0373_EOF'
           </system>
+          {{#runtime-import .github/workflows/shared/pmg.md}}
           {{#runtime-import .github/workflows/shared/discussions-data-fetch.md}}
           {{#runtime-import .github/workflows/shared/reporting.md}}
           {{#runtime-import .github/workflows/shared/otlp.md}}
           {{#runtime-import .github/workflows/shared/noop-reminder.md}}
           {{#runtime-import .github/workflows/dataflow-pr-discussion-dataset.md}}
-          GH_AW_PROMPT_4419c1645398e116_EOF
+          GH_AW_PROMPT_118d1808beaa0373_EOF
           } > "$GH_AW_PROMPT"
       - name: Interpolate variables and render templates
         uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -424,6 +427,9 @@ jobs:
           } >> "$GITHUB_OUTPUT"
       - name: Mask OTLP telemetry headers
         run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh"
+      - name: Install PMG (Package Manager Guard)
+        uses: safedep/pmg@46cc70db535107183c9e752bb55d1d5c5f1a9290 # v1
+
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
@@ -728,9 +734,9 @@ jobs:
           mkdir -p /tmp/gh-aw/safeoutputs
           mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
           mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs/upload-artifacts"
-          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_47e3535beea59853_EOF'
+          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_1453b3fd387e26db_EOF'
           {"create_discussion":{"category":"reports","close_older_discussions":true,"expires":168,"fallback_to_issue":true,"max":1,"title_prefix":"[dataflow-dataset] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":102400,"max_patch_size":10240}]},"report_incomplete":{},"upload_artifact":{"max-size-bytes":104857600,"max-uploads":3,"retention-days":30,"skip-archive":false}}
-          GH_AW_SAFE_OUTPUTS_CONFIG_47e3535beea59853_EOF
+          GH_AW_SAFE_OUTPUTS_CONFIG_1453b3fd387e26db_EOF
       - name: Generate Safe Outputs Tools
         env:
           GH_AW_TOOLS_META_JSON: |
@@ -928,7 +934,7 @@ jobs:
           
           mkdir -p /home/runner/.copilot
           GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
-          cat << GH_AW_MCP_CONFIG_3437ec9d27df495e_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+          cat << GH_AW_MCP_CONFIG_9f189268bd2d980f_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
           {
             "mcpServers": {
               "safeoutputs": {
@@ -958,7 +964,7 @@ jobs:
               }
             }
           }
-          GH_AW_MCP_CONFIG_3437ec9d27df495e_EOF
+          GH_AW_MCP_CONFIG_9f189268bd2d980f_EOF
       - name: Mount MCP servers as CLIs
         id: mount-mcp-clis
         continue-on-error: true
diff --git a/.github/workflows/hippo-embed.lock.yml b/.github/workflows/hippo-embed.lock.yml
index 4dbf647208d..ad080eeed6e 100644
--- a/.github/workflows/hippo-embed.lock.yml
+++ b/.github/workflows/hippo-embed.lock.yml
@@ -1,5 +1,5 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7ca9a2f81265c6f8ee08fde6166cb1225d8b1a341d7258c3ea0e5ceb58aee91d","strict":true,"agent_id":"copilot"}
-# gh-aw-manifest: {"version":1,"secrets":["GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.54"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.18"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4","digest":"sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.4@sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"70595eaf44cf338bf236b8233c9ef45e93a65e5bb458579c76a7dc712b81b0ad","strict":true,"agent_id":"copilot"}
+# gh-aw-manifest: {"version":1,"secrets":["GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"safedep/pmg","sha":"46cc70db535107183c9e752bb55d1d5c5f1a9290","version":"v1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.54"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.54"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.18"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4","digest":"sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.4@sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]}
 #    ___                   _   _      
 #   / _ \                 | | (_)     
 #  | |_| | __ _  ___ _ __ | |_ _  ___ 
@@ -28,6 +28,7 @@
 #   Imports:
 #     - shared/hippo-memory.md
 #     - shared/otlp.md
+#     - shared/pmg.md
 #
 # Secrets used:
 #   - GH_AW_GITHUB_MCP_SERVER_TOKEN
@@ -46,6 +47,7 @@
 #   - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 (source v9)
 #   - actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
 #   - actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+#   - safedep/pmg@46cc70db535107183c9e752bb55d1d5c5f1a9290 # v1
 #
 # Container images used:
 #   - ghcr.io/github/gh-aw-firewall/agent:0.25.54
@@ -194,24 +196,24 @@ jobs:
         run: |
           bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
           {
-          cat << 'GH_AW_PROMPT_45da1d9cf44a935f_EOF'
+          cat << 'GH_AW_PROMPT_85c0440466630dac_EOF'
           <system>
-          GH_AW_PROMPT_45da1d9cf44a935f_EOF
+          GH_AW_PROMPT_85c0440466630dac_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
           cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
-          cat << 'GH_AW_PROMPT_45da1d9cf44a935f_EOF'
+          cat << 'GH_AW_PROMPT_85c0440466630dac_EOF'
           <safe-output-tools>
           Tools: create_issue
-          GH_AW_PROMPT_45da1d9cf44a935f_EOF
+          GH_AW_PROMPT_85c0440466630dac_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_auto_create_issue.md"
-          cat << 'GH_AW_PROMPT_45da1d9cf44a935f_EOF'
+          cat << 'GH_AW_PROMPT_85c0440466630dac_EOF'
           </safe-output-tools>
-          GH_AW_PROMPT_45da1d9cf44a935f_EOF
+          GH_AW_PROMPT_85c0440466630dac_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md"
-          cat << 'GH_AW_PROMPT_45da1d9cf44a935f_EOF'
+          cat << 'GH_AW_PROMPT_85c0440466630dac_EOF'
           <github-context>
           The following GitHub context information is available for this workflow:
           {{#if github.actor}}
@@ -240,14 +242,15 @@ jobs:
           {{/if}}
           </github-context>
           
-          GH_AW_PROMPT_45da1d9cf44a935f_EOF
+          GH_AW_PROMPT_85c0440466630dac_EOF
           cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
-          cat << 'GH_AW_PROMPT_45da1d9cf44a935f_EOF'
+          cat << 'GH_AW_PROMPT_85c0440466630dac_EOF'
           </system>
+          {{#runtime-import .github/workflows/shared/pmg.md}}
           {{#runtime-import .github/workflows/shared/hippo-memory.md}}
           {{#runtime-import .github/workflows/shared/otlp.md}}
           {{#runtime-import .github/workflows/hippo-embed.md}}
-          GH_AW_PROMPT_45da1d9cf44a935f_EOF
+          GH_AW_PROMPT_85c0440466630dac_EOF
           } > "$GH_AW_PROMPT"
       - name: Interpolate variables and render templates
         uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
@@ -389,6 +392,9 @@ jobs:
           } >> "$GITHUB_OUTPUT"
       - name: Mask OTLP telemetry headers
         run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh"
+      - name: Install PMG (Package Manager Guard)
+        uses: safedep/pmg@46cc70db535107183c9e752bb55d1d5c5f1a9290 # v1
+
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
@@ -493,9 +499,9 @@ jobs:
           mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
           mkdir -p /tmp/gh-aw/safeoutputs
           mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
-          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8106b23f6d296a57_EOF'
+          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_e673ce514bcbf751_EOF'
           {"create_issue":{"labels":["hippo-embed"],"max":1,"title_prefix":"[hippo-embed]"}}
-          GH_AW_SAFE_OUTPUTS_CONFIG_8106b23f6d296a57_EOF
+          GH_AW_SAFE_OUTPUTS_CONFIG_e673ce514bcbf751_EOF
       - name: Generate Safe Outputs Tools
         env:
           GH_AW_TOOLS_META_JSON: |
@@ -595,7 +601,7 @@ jobs:
       - name: Write MCP Scripts Config
         run: |
           mkdir -p "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs"
-          cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json" << 'GH_AW_MCP_SCRIPTS_TOOLS_6783e6cd14dd9103_EOF'
+          cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json" << 'GH_AW_MCP_SCRIPTS_TOOLS_4283506230799216_EOF'
           {
             "serverName": "mcpscripts",
             "version": "1.0.0",
@@ -621,8 +627,8 @@ jobs:
               }
             ]
           }
-          GH_AW_MCP_SCRIPTS_TOOLS_6783e6cd14dd9103_EOF
-          cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs" << 'GH_AW_MCP_SCRIPTS_SERVER_40ca5a9e0b55c7ff_EOF'
+          GH_AW_MCP_SCRIPTS_TOOLS_4283506230799216_EOF
+          cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs" << 'GH_AW_MCP_SCRIPTS_SERVER_cdbac96e62f26af6_EOF'
             const path = require("path");
             const { startHttpServer } = require("./mcp_scripts_mcp_server_http.cjs");
             const configPath = path.join(__dirname, "tools.json");
@@ -636,12 +642,12 @@ jobs:
               console.error("Failed to start mcp-scripts HTTP server:", error);
               process.exit(1);
             });
-          GH_AW_MCP_SCRIPTS_SERVER_40ca5a9e0b55c7ff_EOF
+          GH_AW_MCP_SCRIPTS_SERVER_cdbac96e62f26af6_EOF
           chmod +x "${RUNNER_TEMP}/gh-aw/mcp-scripts/mcp-server.cjs"
           
       - name: Write MCP Scripts Tool Files
         run: |
-          cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/hippo.sh" << 'GH_AW_MCP_SCRIPTS_SH_HIPPO_b936dd3e605b92f0_EOF'
+          cat > "${RUNNER_TEMP}/gh-aw/mcp-scripts/hippo.sh" << 'GH_AW_MCP_SCRIPTS_SH_HIPPO_6bee7f3a9acd2a2f_EOF'
           #!/bin/bash
           # Auto-generated mcp-script tool: hippo
           # Execute any hippo-memory CLI command. Accessible as 'mcpscripts-hippo'. Provide arguments after 'hippo'. Examples: args 'learn --git' to extract lessons from git commits, 'sleep' for full consolidation, 'recall "api errors" --budget 2000' to retrieve relevant memories.
@@ -652,7 +658,7 @@ jobs:
           hippo $INPUT_ARGS
           
           
-          GH_AW_MCP_SCRIPTS_SH_HIPPO_b936dd3e605b92f0_EOF
+          GH_AW_MCP_SCRIPTS_SH_HIPPO_6bee7f3a9acd2a2f_EOF
           chmod +x "${RUNNER_TEMP}/gh-aw/mcp-scripts/hippo.sh"
           
       - name: Generate MCP Scripts Server Config
@@ -729,7 +735,7 @@ jobs:
           
           mkdir -p /home/runner/.copilot
           GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
-          cat << GH_AW_MCP_CONFIG_4435ee170f83afb0_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+          cat << GH_AW_MCP_CONFIG_d5a3ebd47f33da0a_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
           {
             "mcpServers": {
               "github": {
@@ -789,7 +795,7 @@ jobs:
               }
             }
           }
-          GH_AW_MCP_CONFIG_4435ee170f83afb0_EOF
+          GH_AW_MCP_CONFIG_d5a3ebd47f33da0a_EOF
       - name: Mount MCP servers as CLIs
         id: mount-mcp-clis
         continue-on-error: true