## Problem PR #24997 introduced the `cli-proxy-writable` feature flag alongside `cli-proxy`. The `cli-proxy-writable` flag injects `--cli-proxy-writable` into the AWF command, enabling write operations (create issue, merge PR, etc.) via the gh CLI proxy sidecar. **Decision**: The gh CLI in the agent container should only support **read-only** operations. The `cli-proxy-writable` flag should be removed entirely from the frontmatter schema and compiler. ## What to remove ### `pkg/constants/feature_constants.go` - Remove `CliProxyWritableFeatureFlag` constant and its doc comment ### `pkg/workflow/awf_helpers.go` - Remove the `cli-proxy-writable` injection block: ```go // Allow write operations when cli-proxy-writable feature flag is also set if isFeatureEnabled(constants.CliProxyWritableFeatureFlag, config.WorkflowData) { awfArgs = append(awfArgs, "--cli-proxy-writable") ... } ``` ### `pkg/workflow/awf_helpers_test.go` - Remove test case: `"includes --cli-proxy-writable when cli-proxy-writable feature flag is enabled"` - Remove test case: `"does not include --cli-proxy-writable without --enable-cli-proxy"` - Remove `--cli-proxy-writable` assertions from remaining test cases (e.g., the old-version skip test) - Update test case descriptions that reference writable ### `.changeset/minor-add-cli-proxy-feature-flag.md` - Update description to remove mention of `cli-proxy-writable` ### PR description / docs - Update any documentation referencing `cli-proxy-writable: true` in frontmatter examples ## Context The gh CLI proxy sidecar gives agents secure `gh` access without exposing `GITHUB_TOKEN`. Restricting it to read-only ensures agents cannot make unintended mutations through the CLI path. Write operations should continue to go through the existing safe-outputs / GitHub MCP tool path which has proper guard policies and audit logging.