[oblt-aw][security] Fix SEC-043 docs workflow_run trigger hardening

[github-actions]

Closes #1164

Summary

This PR remediates SEC-043 findings for the distributed Docs workflow-run client template by tightening trigger scope and explicitly documenting the approved split-workflow risk posture.

Changes made

• Updated .github/remote-workflow-template/docs/.github/workflows/trigger-docs-aw-workflow-run.yml
  • Added branches: [main] under on.workflow_run
  • Added inline # zizmor: ignore[dangerous-triggers] rationale at workflow_run:
• Updated docs/workflows/docs-aw-client-template.md
  • Documented that trigger-docs-aw-workflow-run.yml executes for completed collect runs on main only

Plan checklist

• Read and implement the SEC-043 remediation in ordered steps
• Apply least-privilege safeguards in workflow behavior (trigger scope constrained to main; no broad permission expansion)
• Apply env-indirection policy (no secrets interpolated in command strings introduced)
• Validate remediation with security scan and existing tests

Validation evidence

PATH="/tmp/gh-aw/agent/secenv/bin:/tmp/gh-aw/agent/actionlint:$PATH" bash scripts/obs/security-scan.sh . | grep 'SEC-043' || true
# no output

/tmp/gh-aw/agent/testenv/bin/python -m pytest -q tests/test_validate_aw_workflow_prelude.py tests/test_validate_aw_workflow_resolve_apm_assets.py tests/test_workflow_registry.py
# 12 passed

npm test -- --runInBand
# 17 passed

Security notes

• Least-privilege: No permission scope increases were introduced; trigger execution is now constrained to main for the privileged workflow-run handoff.
• Env-indirection: No token/secret interpolation was added to command strings.

Warning

⚠️ Firewall blocked 3 domains

The following domains were blocked by the firewall during workflow execution:

• docs.zizmor.sh
• metrics.semgrep.dev
• semgrep.dev

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "docs.zizmor.sh"
    - "metrics.semgrep.dev"
    - "semgrep.dev"

See Network Configuration for more information.

Note

🔒 Integrity filter blocked 3 items

The following items were blocked because they don't meet the GitHub integrity level.

• #1164 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #1164 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• [oblt-aw][security] SEC-043 — findings (2026-06-09) #1164 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: Observability Agentic Workflow — Issues

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.