workflows: replace containers ecosystem with explicit Docker Hub hosts; reword keepalive + cache-memory wording

Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/e50e5946-b981-4724-b90b-e998cbcca156

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>

Author: Copilot

.github/workflows/README.md

@@ -108,13 +108,13 @@ Every news workflow declares the **same** tool & runtime surface for parity, res
 | `runtimes.node.version` | `"25"` | Pinned Node 25 for IMF CLI + render scripts |
 | `tools.github.toolsets` | `[all]` | Full GitHub MCP surface (issues, PRs, repos, code-search, actions, releases, discussions, …); see [`github-tools.md`](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/github-tools.md) |
 | `tools.bash` / `tools.edit` / `tools.web-fetch` / `tools.agentic-workflows` | enabled | Full local tool surface; `web-fetch` reaches non-MCP public sources (`statskontoret.se`, `riksdagsmonitor.com`) through the AWF firewall |
-| `tools.cache-memory` | keyed by `news-${workflow}-${article_date}`, 14-day retention | **Resilience knob** — analysis artifacts persisted at `/tmp/gh-aw/cache-memory/`; restored on the next run if the previous PR failed (see [`07-commit-and-pr.md` §Cache-memory recovery](../prompts/07-commit-and-pr.md)) |
+| `tools.cache-memory` | keyed by `news-${workflow}-${article_date}`; best-effort cache persistence aligned with a 14-day recovery window | **Resilience knob** — analysis artifacts persisted at `/tmp/gh-aw/cache-memory/`; may be restored on the next run if the previous PR failed and the cache entry is still available (see [`07-commit-and-pr.md` §Cache-memory recovery](../prompts/07-commit-and-pr.md)) |
 | `tools.playwright` | enabled in `news-evening-analysis` + `news-realtime-monitor` only | Live HTML validation for tier-C aggregation runs |
 | `features.mcp-gateway` | `true` | Routes all MCP traffic through the gh-aw mcp-gateway (single audit point) |
 | `sandbox.mcp.keepalive-interval` | `300` (5 min) | Compiles to gateway `keepaliveInterval`; overrides upstream default `1500 s (25 min)` so HTTP MCPs (`riksdag-regering`) stay warm for the full 45-minute job budget (see [`02-mcp-access.md` §MCP gateway keepalive](../prompts/02-mcp-access.md)) |
 | `safe-outputs.create-pull-request.fallback-as-issue` | `true` (explicit) | If org disables Actions PR creation, fall back to an issue + branch link instead of failing |
 | `safe-outputs.create-pull-request.if-no-changes` | `warn` | Empty patches emit a warning instead of failing the run (e.g. duplicate-date dispatches) |
-| `network.allowed` | `node`, `containers`, `github`, `defaults` + IMF/SCB/Riksdag/Statskontoret/site domains | Ecosystem identifiers preferred per upstream `network.md`; `containers` is required only for the MCP container images (`node:25-alpine`) used by the SCB and World Bank servers. **Expected egress** for those pulls is Docker Hub resolution: `docker.io`, `registry-1.docker.io`, `auth.docker.io`, and `production.cloudflare.docker.com`. The upstream `containers` ecosystem identifier may resolve to broader registry patterns in compiled locks; that broader capability is accepted in this repo **only** because current MCP images are Docker Hub-hosted `node:25-alpine`. Any switch to `ghcr.io`, `quay.io`, or other registries must be explicitly documented and reviewed against the egress allowlist policy before merge. |
+| `network.allowed` | `node`, `github`, `defaults` + explicit Docker Hub hosts (`docker.io`, `registry-1.docker.io`, `auth.docker.io`, `production.cloudflare.docker.com`) + IMF/SCB/Riksdag/Statskontoret/site domains | Ecosystem identifiers preferred per upstream `network.md`. The broad `containers` ecosystem (which would also permit `ghcr.io`, `quay.io`, `gcr.io`, `mcr.microsoft.com`, `pkgs.k8s.io`, …) is **deliberately omitted** to keep least-privilege egress; only the minimal Docker Hub hosts actually required to resolve `node:25-alpine` for the SCB and World Bank MCP servers are enumerated. Any future switch to `ghcr.io`, `quay.io`, or other registries must add the specific hosts and be reviewed against the egress allowlist policy before merge. |
 | `permissions` | `contents: read`, `issues: read`, `pull-requests: read`, `actions: read`, `discussions: read`, `security-events: read` | Least-privilege agent token; write capabilities live exclusively in the safe-outputs runner job |
 
 ## 🛠️ Automation & Tooling (4)

.github/workflows/news-committee-reports.lock.yml

@@ -51,7 +51,7 @@ features:
 
 sandbox:
   mcp:
-    keepalive-interval: 300 # gh-aw mcp-gateway `keepaliveInterval` — overrides upstream default 1500s (25 min) with a 5-min HTTP MCP ping. Keeps `riksdag-regering` (HTTP) and any other HTTP-backed MCPs warm for the entire 45-min job; lets us run 45-50 min sessions safely. Does NOT keep the local `safeoutputs` Streamable-HTTP idle session alive (Timer C ~25-30 min) — call `safeoutputs___create_pull_request` by minute 28 (hard 30). See prompts/07-commit-and-pr.md §Deadline enforcement and reference: https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/mcp-gateway.md
+    keepalive-interval: 300 # gh-aw mcp-gateway `keepaliveInterval` — overrides the upstream default 1500s (25 min) with a 5-min HTTP MCP ping to reduce idle disconnects for `riksdag-regering` (HTTP) and other HTTP-backed MCPs during this 45-min job. It does NOT extend the workflow `timeout-minutes` budget and does NOT keep the local `safeoutputs` Streamable-HTTP idle session alive (Timer C ~25-30 min) — call `safeoutputs___create_pull_request` by minute 28 (hard 30). See prompts/07-commit-and-pr.md §Deadline enforcement and reference: https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/mcp-gateway.md
 
 runtimes:
   node:
@@ -60,7 +60,12 @@ runtimes:
 network:
   allowed:
     - node
-    - containers # node:25-alpine containers used by SCB + World Bank MCP servers
+    # Minimal Docker Hub hosts for node:25-alpine pulls used by SCB + World Bank MCP servers
+    # (replaces the broader `containers` ecosystem identifier to keep least-privilege egress)
+    - docker.io
+    - registry-1.docker.io
+    - auth.docker.io
+    - production.cloudflare.docker.com
     - github
     - riksdag-regering-ai.onrender.com
     - api.scb.se

.github/workflows/news-committee-reports.md

@@ -59,7 +59,7 @@ features:
 
 sandbox:
   mcp:
-    keepalive-interval: 300 # gh-aw mcp-gateway `keepaliveInterval` — overrides upstream default 1500s (25 min) with a 5-min HTTP MCP ping. Keeps `riksdag-regering` (HTTP) and any other HTTP-backed MCPs warm for the entire 45-min job; lets us run 45-50 min sessions safely. Does NOT keep the local `safeoutputs` Streamable-HTTP idle session alive (Timer C ~25-30 min) — call `safeoutputs___create_pull_request` by minute 28 (hard 30). See prompts/07-commit-and-pr.md §Deadline enforcement and reference: https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/mcp-gateway.md
+    keepalive-interval: 300 # gh-aw mcp-gateway `keepaliveInterval` — overrides the upstream default 1500s (25 min) with a 5-min HTTP MCP ping to reduce idle disconnects for `riksdag-regering` (HTTP) and other HTTP-backed MCPs during this 45-min job. It does NOT extend the workflow `timeout-minutes` budget and does NOT keep the local `safeoutputs` Streamable-HTTP idle session alive (Timer C ~25-30 min) — call `safeoutputs___create_pull_request` by minute 28 (hard 30). See prompts/07-commit-and-pr.md §Deadline enforcement and reference: https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/mcp-gateway.md
 
 runtimes:
   node:
@@ -68,7 +68,12 @@ runtimes:
 network:
   allowed:
     - node
-    - containers # node:25-alpine containers used by SCB + World Bank MCP servers
+    # Minimal Docker Hub hosts for node:25-alpine pulls used by SCB + World Bank MCP servers
+    # (replaces the broader `containers` ecosystem identifier to keep least-privilege egress)
+    - docker.io
+    - registry-1.docker.io
+    - auth.docker.io
+    - production.cloudflare.docker.com
     - github
     - riksdag-regering-ai.onrender.com
     - api.scb.se