chore: bump awf to v0.25.57, mcpg to v0.3.21#35782
Conversation
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
|
✅ PR Code Quality Reviewer completed the code quality review. |
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅ |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
🧪 Test Quality Sentinel completed test quality analysis. No test files were added or modified in this PR. PR #35782 ('chore: bump awf to v0.25.57, mcpg to v0.3.21') contains only changes to compiled .lock.yml workflow files. Test Quality Sentinel skipped. |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
|
✅ Design Decision Gate 🏗️ completed the design decision gate check. No ADR enforcement needed: PR #35782 is a routine dependency version bump (AWF v0.25.56→v0.25.57, MCPG v0.3.20→v0.3.21). The >100-line volume trigger fired only because additions are dominated by non-hand-authored artifacts: an upstream-synced JSON schema (pkg/workflow/schemas/awf-config.schema.json) and regenerated WASM golden test fixtures (pkg/workflow/testdata/.../*.golden). The only other business-logic change is version-pin constants (pkg/constants/version_constants.go). No genuine architectural decision is present, so no ADR is warranted — version bumps are explicitly excluded from ADR requirements, and a fabricated draft ADR would introduce strawman alternatives and noise into the ADR record. |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
There was a problem hiding this comment.
Pull request overview
This PR bumps the default AWF and MCP Gateway versions and regenerates the schema, lock files, and WASM golden fixtures that depend on those pins.
Changes:
- Updated
DefaultFirewallVersiontov0.25.57andDefaultMCPGatewayVersiontov0.3.21. - Synced the AWF config schema with upstream additions while preserving the gh-aw-specific
modelFallback.enabledexpression support. - Regenerated lock files and golden fixtures so embedded image tags, install commands, schema URLs, and version metadata match the new pins.
Show a summary per file
| File | Description |
|---|---|
pkg/constants/version_constants.go |
Updates the default AWF and MCP Gateway version constants. |
pkg/workflow/schemas/awf-config.schema.json |
Adds upstream schema fields for fallback exclusions, Anthropic auth, and API proxy logging. |
.github/workflows/*.lock.yml |
Regenerates workflow locks with updated AWF/MCPG image tags, metadata, and schema URLs. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/*.golden |
Updates compile fixture goldens to reflect regenerated workflow output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/*.golden |
Updates all-engine WASM goldens for the new AWF/MCPG pins. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 42/247 changed files
- Comments generated: 0
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Commit pushed:
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Skills-Based Review 🧠
Applied /zoom-out — this is a clean, well-scoped routine version bump. Approving.
📋 Review Notes
What was reviewed
pkg/constants/constants.go— version pin updates (DefaultFirewallVersion,DefaultMCPGatewayVersion)pkg/workflow/schemas/awf-config.schema.json— schema sync with upstream v0.25.57- 236
.lock.ymlfiles — auto-generated, skipped per scope rules
⚠️ Diff truncation note
The pre-fetched diff is capped at 3 000 lines. Only .lock.yml entries appear in the patch; constants.go, the schema, and WASM golden fixtures are beyond the cap. The review is based on the PR description and the current state of files in the working tree.
Positive Highlights
- ✅ PR description is thorough: lists exact version transitions, schema net-additions, and explicitly calls out the gh-aw-specific
modelFallback.enabledoneOfoverride preserved against an upstream regression - ✅ Lock files regenerated via
make build && make recompile && make recompile— correct procedure followed - ✅ WASM golden fixtures updated alongside the version bump, keeping tests honest
- ✅ No unrelated changes bundled with the bump
One thing to watch
The manual divergence on modelFallback.enabled (gh-aw retains oneOf: [boolean | GA expression string] while upstream regressed to plain boolean) creates a recurring reconciliation burden. Consider adding a comment in the schema file near that property noting the intentional override, so future bump authors know not to blindly sync it.
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · sonnet46 1.6M
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
Schema sync is correct; one high and two low issues to address
Version bumps and lock-file regeneration look mechanical and consistent. The schema additions for Anthropic WIF and the logging block are structurally sound but have a high-severity regex gap and two low-severity schema-quality gaps in the new fields.
Findings summary
High — fix before merge
tokenLogDirpattern^/var/log/api-proxy(?:/.*)?$allows..traversal. Token-usage logs (which may contain model invocation data) can be redirected outside the intended/var/log/api-proxybind-mount. See inline comment.
Low — non-blocking but worth fixing
anthropicWorkspaceIddescription says "Required when ..." but noif/thenin the schema enforces it; multi-workspace setups fail at runtime, not at validation time. See inline comment.excludeEnginesarray lacksuniqueItems: true; duplicates pass silently. See inline comment.
Not flagged (intentional changes)
geminideprecation notice removed — acceptable if the two aliases are now co-equal and the migration window has closed.authHeaderdescription rewrite — clearer than before.
🔎 Code quality review by PR Code Quality Reviewer · sonnet46 2.9M
| "tokenLogDir": { | ||
| "type": "string", | ||
| "description": "Directory for token-usage.jsonl and token-diag.jsonl files. Must be /var/log/api-proxy (or a subdirectory) so logs are captured by AWF's bind mount.", | ||
| "pattern": "^/var/log/api-proxy(?:/.*)?$", |
There was a problem hiding this comment.
Path traversal not prevented by tokenLogDir regex: ^/var/log/api-proxy(?:/.*)?$ matches /var/log/api-proxy/../../../etc/passwd because (?:/.*) accepts .. segments, defeating the stated "must be /var/log/api-proxy (or a subdirectory)" constraint.
💡 Suggested fix
Reject .. components explicitly:
"pattern": "^/var/log/api-proxy(?:/(?!\.\.)(?:[^/])+)*/?$"Alternatively, normalize the value in AWF with filepath.Clean before use and assert the cleaned path still has the expected prefix. As written, a misconfigured or injected value can silently redirect log writes (including token data) outside the intended bind-mount.
| }, | ||
| "anthropicWorkspaceId": { | ||
| "type": "string", | ||
| "description": "Anthropic workspace ID. Required when the federation rule covers multiple workspaces. Maps to AWF_AUTH_ANTHROPIC_WORKSPACE_ID." |
There was a problem hiding this comment.
anthropicWorkspaceId described as required (in multi-workspace setups) but absent from every required array: The description says "Required when the federation rule covers multiple workspaces" but no if/then branch enforces it. Mis-configured multi-workspace Anthropic WIF setups will pass schema validation and fail silently at runtime.
💡 Suggested fix
Either accept the runtime-only enforcement (and say so explicitly in the description: "not schema-enforced"), or add a nested conditional to the anthropic then block:
"then": {
"required": [
"anthropicFederationRuleId",
"anthropicOrganizationId",
"anthropicServiceAccountId"
]
}If anthropicWorkspaceId is required whenever the rule covers multiple workspaces, that condition is not knowable from the schema alone — the description should be updated to clarify it is "recommended when ..." or "validated at runtime".
| "items": { | ||
| "type": "string" | ||
| }, | ||
| "description": "List of engine/provider names for which middle-power fallback is suppressed. Use this to let specific providers handle model-unavailable errors natively instead of rewriting to a fallback model." |
There was a problem hiding this comment.
excludeEngines array missing uniqueItems: true: Duplicate engine names pass validation; AWF code iterating the list would suppress fallback for those engines more times than intended (or trigger redundant processing depending on implementation).
💡 Suggested fix
"excludeEngines": {
"type": "array",
"uniqueItems": true,
"items": { "type": "string" },
"description": "..."
}A maxItems bound (e.g. 20) would also make the schema self-documenting about expected scale.
🤖 Smoke Test: Claude — Run 26662945808Core #1-13: 1✅ 2 Overall: ❌ FAIL — Serena symbol search crashes (EOF); Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · opus48 1.1M
| @@ -0,0 +1,5 @@ | |||
| --- | |||
| "gh-aw": patch | |||
There was a problem hiding this comment.
Nit: confirm the gh-aw-firewall version pin matches the AWF schema bump referenced below.
| "gh-aw": patch | ||
| --- | ||
|
|
||
| Bump the default gh-aw-firewall version to v0.25.57, update gh-aw-mcpg to v0.3.21, and sync the embedded AWF config schema. |
There was a problem hiding this comment.
Consider noting the embedded schema regeneration command in the changeset for traceability.
There was a problem hiding this comment.
Good catch. Smoke bot agree.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · gpt54 19.3M
|
PR: chore: bump awf to v0.25.57, mcpg to v0.3.21 Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
Smoke review done. Version bumps look consistent in sampled spots.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · gpt54 19.3M
| GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/ab-testing-advisor.lock.yml@${{ github.ref }} | ||
| GH_AW_INFO_VERSION: "1.0.55" | ||
| GH_AW_INFO_AWF_VERSION: "v0.25.56" | ||
| GH_AW_INFO_AWF_VERSION: "v0.25.57" |
There was a problem hiding this comment.
Tiny note: this version bump looks right. Shared source or automated sync check helps keep many repeated AWF pins from drifting.
| GITHUB_SERVER_URL: ${{ github.server_url }} | ||
| CLI_PROXY_POLICY: '{"allow-only":{"repos":"all","min-integrity":"none"}}' | ||
| CLI_PROXY_IMAGE: 'ghcr.io/github/gh-aw-mcpg:v0.3.20' | ||
| CLI_PROXY_IMAGE: 'ghcr.io/github/gh-aw-mcpg:v0.3.21' |
There was a problem hiding this comment.
Tiny note: nice mcpg image bump. One smoke check that reads this image tag from one source would make future bumps easier to trust.
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
@copilot make merge-main |
…02557-mcpg-to-v0321 # Conflicts: # .github/workflows/ab-testing-advisor.lock.yml # .github/workflows/ace-editor.lock.yml # .github/workflows/agent-performance-analyzer.lock.yml # .github/workflows/agent-persona-explorer.lock.yml # .github/workflows/agentic-token-audit.lock.yml # .github/workflows/agentic-token-optimizer.lock.yml # .github/workflows/ai-moderator.lock.yml # .github/workflows/api-consumption-report.lock.yml # .github/workflows/approach-validator.lock.yml # .github/workflows/archie.lock.yml # .github/workflows/architecture-guardian.lock.yml # .github/workflows/artifacts-summary.lock.yml # .github/workflows/audit-workflows.lock.yml # .github/workflows/auto-triage-issues.lock.yml # .github/workflows/avenger.lock.yml # .github/workflows/aw-failure-investigator.lock.yml # .github/workflows/blog-auditor.lock.yml # .github/workflows/bot-detection.lock.yml # .github/workflows/brave.lock.yml # .github/workflows/breaking-change-checker.lock.yml # .github/workflows/changeset.lock.yml # .github/workflows/chaos-pr-bundle-fuzzer.lock.yml # .github/workflows/ci-coach.lock.yml # .github/workflows/ci-doctor.lock.yml # .github/workflows/claude-code-user-docs-review.lock.yml # .github/workflows/cli-consistency-checker.lock.yml # .github/workflows/cli-version-checker.lock.yml # .github/workflows/cloclo.lock.yml # .github/workflows/code-scanning-fixer.lock.yml # .github/workflows/code-simplifier.lock.yml # .github/workflows/codex-github-remote-mcp-test.lock.yml # .github/workflows/commit-changes-analyzer.lock.yml # .github/workflows/constraint-solving-potd.lock.yml # .github/workflows/contribution-check.lock.yml # .github/workflows/copilot-agent-analysis.lock.yml # .github/workflows/copilot-cli-deep-research.lock.yml # .github/workflows/copilot-opt.lock.yml # .github/workflows/copilot-pr-merged-report.lock.yml # .github/workflows/copilot-pr-nlp-analysis.lock.yml # .github/workflows/copilot-pr-prompt-analysis.lock.yml # .github/workflows/copilot-session-insights.lock.yml # .github/workflows/craft.lock.yml # .github/workflows/daily-agent-of-the-day-blog-writer.lock.yml # .github/workflows/daily-agentrx-trace-optimizer.lock.yml # .github/workflows/daily-architecture-diagram.lock.yml # .github/workflows/daily-assign-issue-to-user.lock.yml # .github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml # .github/workflows/daily-aw-cross-repo-compile-check.lock.yml # .github/workflows/daily-byok-ollama-test.lock.yml # .github/workflows/daily-cache-strategy-analyzer.lock.yml # .github/workflows/daily-caveman-optimizer.lock.yml # .github/workflows/daily-choice-test.lock.yml # .github/workflows/daily-cli-performance.lock.yml # .github/workflows/daily-cli-tools-tester.lock.yml # .github/workflows/daily-code-metrics.lock.yml # .github/workflows/daily-community-attribution.lock.yml # .github/workflows/daily-compiler-quality.lock.yml # .github/workflows/daily-compiler-threat-spec-optimizer.lock.yml # .github/workflows/daily-doc-healer.lock.yml # .github/workflows/daily-doc-updater.lock.yml # .github/workflows/daily-experiment-report.lock.yml # .github/workflows/daily-fact.lock.yml # .github/workflows/daily-file-diet.lock.yml # .github/workflows/daily-firewall-report.lock.yml # .github/workflows/daily-function-namer.lock.yml # .github/workflows/daily-geo-optimizer.lock.yml # .github/workflows/daily-grafana-otel-instrumentation-advisor.lock.yml # .github/workflows/daily-hippo-learn.lock.yml # .github/workflows/daily-issues-report.lock.yml # .github/workflows/daily-malicious-code-scan.lock.yml # .github/workflows/daily-mcp-concurrency-analysis.lock.yml # .github/workflows/daily-model-inventory.lock.yml # .github/workflows/daily-multi-device-docs-tester.lock.yml # .github/workflows/daily-news.lock.yml # .github/workflows/daily-observability-report.lock.yml # .github/workflows/daily-otel-instrumentation-advisor.lock.yml # .github/workflows/daily-performance-summary.lock.yml # .github/workflows/daily-regulatory.lock.yml # .github/workflows/daily-reliability-review.lock.yml # .github/workflows/daily-rendering-scripts-verifier.lock.yml # .github/workflows/daily-repo-chronicle.lock.yml # .github/workflows/daily-safe-output-integrator.lock.yml # .github/workflows/daily-safe-output-optimizer.lock.yml # .github/workflows/daily-safe-outputs-conformance.lock.yml # .github/workflows/daily-secrets-analysis.lock.yml # .github/workflows/daily-security-observability.lock.yml # .github/workflows/daily-security-red-team.lock.yml # .github/workflows/daily-semgrep-scan.lock.yml # .github/workflows/daily-sentrux-report.lock.yml # .github/workflows/daily-skill-optimizer.lock.yml # .github/workflows/daily-spdd-spec-planner.lock.yml # .github/workflows/daily-subagent-optimizer.lock.yml # .github/workflows/daily-syntax-error-quality.lock.yml # .github/workflows/daily-team-evolution-insights.lock.yml # .github/workflows/daily-team-status.lock.yml # .github/workflows/daily-testify-uber-super-expert.lock.yml # .github/workflows/daily-token-consumption-report.lock.yml # .github/workflows/daily-workflow-updater.lock.yml # .github/workflows/dataflow-pr-discussion-dataset.lock.yml # .github/workflows/dead-code-remover.lock.yml # .github/workflows/deep-report.lock.yml # .github/workflows/delight.lock.yml # .github/workflows/dependabot-burner.lock.yml # .github/workflows/dependabot-campaign.lock.yml # .github/workflows/dependabot-go-checker.lock.yml # .github/workflows/dependabot-repair.lock.yml # .github/workflows/dependabot-worker.lock.yml # .github/workflows/deployment-incident-monitor.lock.yml # .github/workflows/design-decision-gate.lock.yml # .github/workflows/dev-hawk.lock.yml # .github/workflows/dev.lock.yml # .github/workflows/developer-docs-consolidator.lock.yml # .github/workflows/dictation-prompt.lock.yml # .github/workflows/discussion-task-miner.lock.yml # .github/workflows/docs-noob-tester.lock.yml # .github/workflows/draft-pr-cleanup.lock.yml # .github/workflows/duplicate-code-detector.lock.yml # .github/workflows/example-permissions-warning.lock.yml # .github/workflows/example-workflow-analyzer.lock.yml # .github/workflows/firewall-escape.lock.yml # .github/workflows/firewall.lock.yml # .github/workflows/functional-pragmatist.lock.yml # .github/workflows/github-mcp-structural-analysis.lock.yml # .github/workflows/github-mcp-tools-report.lock.yml # .github/workflows/github-remote-mcp-auth-test.lock.yml # .github/workflows/glossary-maintainer.lock.yml # .github/workflows/go-fan.lock.yml # .github/workflows/go-logger.lock.yml # .github/workflows/go-pattern-detector.lock.yml # .github/workflows/gpclean.lock.yml # .github/workflows/grumpy-reviewer.lock.yml # .github/workflows/hippo-embed.lock.yml # .github/workflows/hourly-ci-cleaner.lock.yml # .github/workflows/instructions-janitor.lock.yml # .github/workflows/issue-arborist.lock.yml # .github/workflows/issue-monster.lock.yml # .github/workflows/issue-triage-agent.lock.yml # .github/workflows/jsweep.lock.yml # .github/workflows/layout-spec-maintainer.lock.yml # .github/workflows/lint-monster.lock.yml # .github/workflows/linter-miner.lock.yml # .github/workflows/lockfile-stats.lock.yml # .github/workflows/mattpocock-skills-reviewer.lock.yml # .github/workflows/mcp-inspector.lock.yml # .github/workflows/mergefest.lock.yml # .github/workflows/metrics-collector.lock.yml # .github/workflows/necromancer.lock.yml # .github/workflows/notion-issue-summary.lock.yml # .github/workflows/org-health-report.lock.yml # .github/workflows/otlp-data-quality-validator.lock.yml # .github/workflows/outcome-collector.lock.yml # .github/workflows/pdf-summary.lock.yml # .github/workflows/plan.lock.yml # .github/workflows/poem-bot.lock.yml # .github/workflows/pr-code-quality-reviewer.lock.yml # .github/workflows/pr-description-caveman.lock.yml # .github/workflows/pr-nitpick-reviewer.lock.yml # .github/workflows/pr-sous-chef.lock.yml # .github/workflows/pr-triage-agent.lock.yml # .github/workflows/prompt-clustering-analysis.lock.yml # .github/workflows/python-data-charts.lock.yml # .github/workflows/q.lock.yml # .github/workflows/refactoring-cadence.lock.yml # .github/workflows/refiner.lock.yml # .github/workflows/release.lock.yml # .github/workflows/repo-audit-analyzer.lock.yml # .github/workflows/repo-tree-map.lock.yml # .github/workflows/repository-quality-improver.lock.yml # .github/workflows/research.lock.yml # .github/workflows/safe-output-health.lock.yml # .github/workflows/schema-consistency-checker.lock.yml # .github/workflows/schema-feature-coverage.lock.yml # .github/workflows/scout.lock.yml # .github/workflows/security-compliance.lock.yml # .github/workflows/security-review.lock.yml # .github/workflows/semantic-function-refactor.lock.yml # .github/workflows/sergo.lock.yml # .github/workflows/slide-deck-maintainer.lock.yml # .github/workflows/smoke-agent-all-merged.lock.yml # .github/workflows/smoke-agent-all-none.lock.yml # .github/workflows/smoke-agent-public-approved.lock.yml # .github/workflows/smoke-agent-public-none.lock.yml # .github/workflows/smoke-agent-scoped-approved.lock.yml # .github/workflows/smoke-antigravity.lock.yml # .github/workflows/smoke-call-workflow.lock.yml # .github/workflows/smoke-ci.lock.yml # .github/workflows/smoke-claude.lock.yml # .github/workflows/smoke-codex.lock.yml # .github/workflows/smoke-copilot-arm.lock.yml # .github/workflows/smoke-copilot.lock.yml # .github/workflows/smoke-create-cross-repo-pr.lock.yml # .github/workflows/smoke-crush.lock.yml # .github/workflows/smoke-gemini.lock.yml # .github/workflows/smoke-multi-pr.lock.yml # .github/workflows/smoke-opencode.lock.yml # .github/workflows/smoke-otel-backends.lock.yml # .github/workflows/smoke-pi.lock.yml # .github/workflows/smoke-project.lock.yml # .github/workflows/smoke-service-ports.lock.yml # .github/workflows/smoke-temporary-id.lock.yml # .github/workflows/smoke-test-tools.lock.yml # .github/workflows/smoke-update-cross-repo-pr.lock.yml # .github/workflows/smoke-workflow-call-with-inputs.lock.yml # .github/workflows/smoke-workflow-call.lock.yml # .github/workflows/spec-enforcer.lock.yml # .github/workflows/spec-extractor.lock.yml # .github/workflows/spec-librarian.lock.yml # .github/workflows/stale-pr-cleanup.lock.yml # .github/workflows/stale-repo-identifier.lock.yml # .github/workflows/static-analysis-report.lock.yml # .github/workflows/step-name-alignment.lock.yml # .github/workflows/sub-issue-closer.lock.yml # .github/workflows/super-linter.lock.yml # .github/workflows/technical-doc-writer.lock.yml # .github/workflows/terminal-stylist.lock.yml # .github/workflows/test-create-pr-error-handling.lock.yml # .github/workflows/test-dispatcher.lock.yml # .github/workflows/test-project-url-default.lock.yml # .github/workflows/test-quality-sentinel.lock.yml # .github/workflows/test-workflow.lock.yml # .github/workflows/tidy.lock.yml # .github/workflows/typist.lock.yml # .github/workflows/ubuntu-image-analyzer.lock.yml # .github/workflows/uk-ai-operational-resilience.lock.yml # .github/workflows/unbloat-docs.lock.yml # .github/workflows/update-astro.lock.yml # .github/workflows/video-analyzer.lock.yml # .github/workflows/visual-regression-checker.lock.yml # .github/workflows/weekly-blog-post-writer.lock.yml # .github/workflows/weekly-editors-health-check.lock.yml # .github/workflows/weekly-issue-summary.lock.yml # .github/workflows/weekly-safe-outputs-spec-review.lock.yml # .github/workflows/workflow-generator.lock.yml # .github/workflows/workflow-health-manager.lock.yml # .github/workflows/workflow-normalizer.lock.yml # .github/workflows/workflow-skill-extractor.lock.yml # pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden # pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden # pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden # pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden # pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden # pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden # pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden # pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden # pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done — merged |
Routine version bump for AWF (v0.25.56 → v0.25.57) and MCPG (v0.3.20 → v0.3.21), with lock file regeneration and schema sync.
Version pins
DefaultFirewallVersion:v0.25.56→v0.25.57DefaultMCPGatewayVersion:v0.3.20→v0.3.21AWF config schema (
pkg/workflow/schemas/awf-config.schema.json)Synced to v0.25.57 upstream schema. Net additions:
apiProxy.modelFallback.excludeEngines— suppress middle-power fallback per-providerapiProxy.auth.provider: "anthropic"+ Anthropic WIF fields (anthropicFederationRuleId,anthropicOrganizationId,anthropicServiceAccountId,anthropicWorkspaceId)apiProxy.logging—debugTokens/tokenLogDirfor API proxy diagnosticsgh-aw-specific extension preserved:
modelFallback.enabledretains itsoneOf: [boolean | GA expression string]shape (upstream regressed this to plainboolean).Regenerated artifacts
.lock.ymlfiles rebuilt viamake build && make recompile && make recompileChangeset
✨ PR Review Safe Output Test - Run 26662945808
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.