Add top-level max-turn-cache-misses support with env-managed default#40388
Conversation
|
Hey
If you'd like a hand getting started, here's a ready-to-use prompt:
|
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
max-cache-misses support with env-managed default
There was a problem hiding this comment.
Pull request overview
This PR adds a new top-level workflow frontmatter guardrail, max-cache-misses, and threads it through compilation so generated AWF config includes apiProxy.maxCacheMisses, with defaults resolved using the documented precedence (frontmatter → GH_AW_DEFAULT_MAX_CACHE_MISSES → built-in 5).
Changes:
- Adds schema + parsing + import-merge support for top-level
max-cache-missesand carries it throughEngineConfig. - Emits
apiProxy.maxCacheMissesin AWF config JSON with an env-managed default override (GH_AW_DEFAULT_MAX_CACHE_MISSES) and built-in default (5). - Extends
gh aw envdefaults YAML support/docs/tests and refreshes wasm golden outputs accordingly.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden | Updates golden output to include apiProxy.maxCacheMisses in emitted AWF config JSON. |
| pkg/workflow/frontmatter_types.go | Adds typed frontmatter field for max-cache-misses. |
| pkg/workflow/engine.go | Threads max-cache-misses into EngineConfig extraction and adds default-resolving accessor. |
| pkg/workflow/engine_config_test.go | Adds coverage for top-level max-cache-misses extraction without an explicit engine. |
| pkg/workflow/engine_config_parser.go | Adds parser helper for max-cache-misses. |
| pkg/workflow/compilerenv/manager.go | Adds env var name + resolution helper for GH_AW_DEFAULT_MAX_CACHE_MISSES. |
| pkg/workflow/compilerenv/manager_test.go | Adds tests for env-based default resolution of max cache misses. |
| pkg/workflow/compiler_orchestrator_engine.go | Preserves/import-merges max-cache-misses using existing first-wins behavior. |
| pkg/workflow/compiler_orchestrator_engine_test.go | Adds test ensuring imported top-level max-cache-misses is applied. |
| pkg/workflow/awf_config.go | Emits apiProxy.maxCacheMisses with precedence-aware defaulting. |
| pkg/workflow/awf_config_test.go | Adds assertions and focused precedence tests for maxCacheMisses emission and schema validation. |
| pkg/parser/schemas/main_workflow_schema.json | Adds schema support for top-level max-cache-misses (integer, min 1, default 5). |
| pkg/parser/schema_test.go | Adds schema validation tests for accepted/rejected max-cache-misses values. |
| pkg/parser/import_processor.go | Extends ImportsResult to carry first-wins merged max-cache-misses. |
| pkg/parser/import_field_extractor.go | Extracts first-wins max-cache-misses across imports. |
| pkg/parser/import_field_extractor_test.go | Adds test coverage for first-wins merge behavior on max-cache-misses. |
| pkg/constants/constants.go | Introduces built-in default constant DefaultMaxCacheMisses = 5. |
| pkg/cli/env_command.go | Adds default_max_cache_misses to defaults YAML bindings + validation. |
| pkg/cli/env_command_test.go | Adds coverage for YAML keys, validation, and update changes list including default_max_cache_misses. |
| docs/src/content/docs/reference/environment-variables.md | Documents the new default_max_cache_misses defaults key alongside other gh aw env defaults. |
| docs/src/content/docs/reference/compiler-enterprise-environment-controls.md | Documents GH_AW_DEFAULT_MAX_CACHE_MISSES and the precedence chain for max cache misses. |
| .github/aw/cli-commands.md | Updates CLI docs to include default_max_cache_misses in the recognized defaults list and example. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 30/30 changed files
- Comments generated: 1
| "type": "integer", | ||
| "minimum": 1, | ||
| "default": 5, | ||
| "description": "Maximum number of consecutive AWF cache misses allowed before the API proxy blocks further requests. Maps to `apiProxy.maxCacheMisses` and defaults to 5 when omitted." |
|
✅ Test Quality Sentinel completed test quality analysis. |
|
✅ PR Code Quality Reviewer completed the code quality review. |
|
🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅ |
|
✅ Design Decision Gate 🏗️ completed the design decision gate check. |
🏗️ Design Decision Gate — ADR RequiredThis PR makes significant changes to core business logic (262 new lines in 📄 Draft ADR committed:
📋 What to do next
Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision. ❓ Why ADRs Matter
ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you. 📋 Michael Nygard ADR Format ReferenceAn ADR must contain these four sections to be considered complete:
All ADRs are stored in
|
🧪 Test Quality Sentinel Report
📊 Metrics & Test Classification (16 tests analyzed)
Go: 16 (
|
There was a problem hiding this comment.
✅ Test Quality Sentinel: 73/100. Test quality is acceptable — 0% of new tests are implementation tests (threshold: 30%). All 16 new test cases verify observable behavioral contracts covering default resolution, env-var override, frontmatter precedence, import propagation, schema validation, and CLI key/validation coverage for the new max-cache-misses field.
There was a problem hiding this comment.
Skills-Based Review 🧠
Applied /zoom-out, /improve-codebase-architecture, /grill-with-docs, and /tdd — no blocking issues, but several maintainability and test-coverage improvements suggested.
📋 Key Themes & Highlights
Key Themes
- Maintainability:
extractEngineBudgetLimitsnow returns a 4-tuple of positionalints that will grow with each new guardrail — a small struct would future-proof this seam. - Redundant resolution:
BuildAWFConfigJSONpre-resolves the env default then immediately overwrites it viaGetMaxCacheMisses(); the nil-safe accessor already handles the fallback. - Intentional asymmetry undocumented:
FrontmatterConfig.MaxCacheMissesuses*int32(not*TemplatableInt32) andGetMaxCacheMisses()embeds env resolution (unlikeGetMaxRuns()) — both correct but uncommented. - Test coverage gaps: negative schema boundary (
-1) and theWorkflowData == nilpath inBuildAWFConfigJSONare not exercised.
Positive Highlights
- ✅ Clean full vertical slice: schema → parser → import accumulator → engine config → AWF JSON, all consistent
- ✅ Three-tier precedence (frontmatter > env var > built-in default) is clearly documented and all three tiers have explicit tests
- ✅ 9 wasm golden files updated correctly — confirms the default is unconditionally emitted
- ✅ Consistent use of
first-winsimport merge pattern, matching all other guardrail fields - ✅
compilerenv.ResolveDefaultMaxCacheMissesfollows the establishedResolveDefaultTimeoutMinutespattern exactly
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 123 AIC · ⌖ 7.78 AIC · ⊞ 6.9K
| } | ||
|
|
||
| func extractEngineBudgetLimits(engineConfig *EngineConfig) (string, int64, int) { | ||
| func extractEngineBudgetLimits(engineConfig *EngineConfig) (string, int64, int, int) { |
There was a problem hiding this comment.
[/zoom-out] extractEngineBudgetLimits now returns a 4-tuple (string, int64, int, int) — the last two ints are indistinguishable at the call site. If another guardrail is added, this signature grows again.
💡 Suggested refactor
A small struct makes the return self-documenting and call sites future-proof:
type preservedBudgetLimits struct {
MaxTurns string
MaxAICredits int64
MaxRuns int
MaxCacheMisses int
}
func extractEngineBudgetLimits(engineConfig *EngineConfig) preservedBudgetLimits {
if engineConfig == nil {
return preservedBudgetLimits{}
}
return preservedBudgetLimits{
MaxTurns: engineConfig.MaxTurns,
MaxAICredits: engineConfig.MaxAICredits,
MaxRuns: engineConfig.MaxRuns,
MaxCacheMisses: engineConfig.MaxCacheMisses,
}
}This avoids the positional ambiguity between the two trailing ints and makes adding future fields a one-liner.
| // BuildAWFCommand (see injectMaxAICreditsExpression in awf_helpers.go). | ||
| maxAICredits := int64(0) | ||
| maxRuns := constants.DefaultMaxRuns | ||
| maxCacheMisses := compilerenv.ResolveDefaultMaxCacheMisses(constants.DefaultMaxCacheMisses) |
There was a problem hiding this comment.
[/improve-codebase-architecture] ResolveDefaultMaxCacheMisses is called unconditionally here, but its result is immediately overwritten by GetMaxCacheMisses() on line 367 whenever EngineConfig != nil. Since GetMaxCacheMisses() already handles a nil receiver, the pre-call is redundant.
💡 Simplification
Replace the pre-call + conditional block with a single nil-safe call:
var ec *EngineConfig
if config.WorkflowData != nil {
ec = config.WorkflowData.EngineConfig
}
maxCacheMisses := ec.GetMaxCacheMisses() // handles nil, env override, and built-in defaultThis matches the single-source-of-truth intent of GetMaxCacheMisses() and removes the double ResolveDefaultMaxCacheMisses call that happens today when EngineConfig != nil && MaxCacheMisses == 0.
|
|
||
| // GetMaxCacheMisses returns the configured AWF max-cache-misses value, falling back | ||
| // to the enterprise override or built-in default. | ||
| func (e *EngineConfig) GetMaxCacheMisses() int { |
There was a problem hiding this comment.
[/improve-codebase-architecture] GetMaxCacheMisses() embeds env-var resolution (ResolveDefaultMaxCacheMisses), but the parallel GetMaxRuns() falls back only to a constant. This asymmetry is intentional but means env-override logic is split: partly in GetMaxCacheMisses(), partly in BuildAWFConfigJSON. A brief comment would make the design choice explicit for future maintainers.
💡 Suggestion
Add a comment explaining why the fallback strategy differs from GetMaxRuns():
// GetMaxCacheMisses returns the configured AWF max-cache-misses value, falling back
// to the enterprise override or built-in default.
// Unlike GetMaxRuns, which falls back to a compile-time constant, this method
// consults GH_AW_DEFAULT_MAX_CACHE_MISSES at call time so enterprise admins can
// override the default without recompiling.
func (e *EngineConfig) GetMaxCacheMisses() int {Also consider adding an explicit test for the nil-receiver path (e.g., (*EngineConfig)(nil).GetMaxCacheMisses() returns the env/default value), since that branch is currently only exercised implicitly via golden tests.
| Version string `json:"version,omitempty"` | ||
| TimeoutMinutes *TemplatableInt32 `json:"timeout-minutes,omitempty"` | ||
| MaxAICredits *TemplatableInt32 `json:"max-ai-credits,omitempty"` | ||
| MaxCacheMisses *int32 `json:"max-cache-misses,omitempty"` |
There was a problem hiding this comment.
[/grill-with-docs] MaxCacheMisses uses *int32 while every neighbouring field (MaxAICredits, TimeoutMinutes, MaxDailyAICredits, MaxToolDenials) uses *TemplatableInt32. The departure is intentional — max-cache-misses is compile-time only and deliberately doesn't support GitHub Actions expressions — but the asymmetry will confuse the next maintainer who adds a field here.
💡 Suggestion
Add a brief comment to make the intent obvious:
// MaxCacheMisses uses plain *int32 (not *TemplatableInt32) because the
// field is resolved at compile time and does not support GitHub Actions expressions.
MaxCacheMisses *int32 `json:"max-cache-misses,omitempty"`| } | ||
| } | ||
|
|
||
| func TestValidateMainWorkflowFrontmatterWithSchemaAndLocation_MaxCacheMissesZeroRejected(t *testing.T) { |
There was a problem hiding this comment.
[/tdd] Tests cover max-cache-misses: 0 (rejected) and max-cache-misses: 5 (accepted), but not negative values. The schema defines minimum: 1, which should also reject -1, and that boundary isn't currently verified.
💡 Suggested test
func TestValidateMainWorkflowFrontmatterWithSchemaAndLocation_MaxCacheMissesNegativeRejected(t *testing.T) {
t.Parallel()
err := ValidateMainWorkflowFrontmatterWithSchemaAndLocation(map[string]any{
"on": "push",
"max-cache-misses": -1,
}, "/tmp/gh-aw/max-cache-misses-negative-test.md")
if err == nil {
t.Fatal("expected max-cache-misses=-1 to fail schema validation")
}
}Completing the three-point boundary coverage (negative / zero / positive) is a spec-readable guarantee that minimum: 1 is wired correctly.
| assert.Contains(t, jsonStr, `"maxCacheMisses":5`, "apiProxy should emit built-in maxCacheMisses default when unset") | ||
| }) | ||
|
|
||
| t.Run("enterprise default max-cache-misses env var overrides built-in default", func(t *testing.T) { |
There was a problem hiding this comment.
[/tdd] All three new max-cache-misses tests in BuildAWFConfigJSON use WorkflowData with a non-nil EngineConfig. The initial compilerenv.ResolveDefaultMaxCacheMisses call in BuildAWFConfigJSON is only the effective value when WorkflowData == nil or EngineConfig == nil — those paths aren't exercised for cache misses.
💡 Suggested test
t.Run("env default max-cache-misses applied when WorkflowData is nil", func(t *testing.T) {
t.Setenv(compilerenv.DefaultMaxCacheMisses, "11")
config := AWFCommandConfig{
EngineName: "copilot",
AllowedDomains: "github.com",
WorkflowData: nil,
}
jsonStr, err := BuildAWFConfigJSON(config)
require.NoError(t, err)
assert.Contains(t, jsonStr, `"maxCacheMisses":11`, "should fall back to env default when WorkflowData is nil")
})This pins the WorkflowData == nil branch and verifies the pre-call at line 361 actually does useful work.
There was a problem hiding this comment.
REQUEST_CHANGES — 3 issues need fixing before merge
The implementation logic is correct and the precedence chain (frontmatter → env var → built-in default) is properly wired. Three issues require attention before this is safe to merge.
### Blocking issues
1. Environment-sensitive tests (awf_config_test.go lines 52 and 165) — HIGH
Two subtests assert "maxCacheMisses":5 (the built-in default) without first calling t.Setenv(compilerenv.DefaultMaxCacheMisses, "") to clear any ambient env override. If GH_AW_DEFAULT_MAX_CACHE_MISSES is set in the CI runner, these tests emit a wrong value and fail with a confusing message. The sibling "env var overrides" test correctly sets the env var; the "built-in default" test must symmetrically clear it.
2. Redundant os.Getenv call in BuildAWFConfigJSON (awf_config.go line 361) — MEDIUM
maxCacheMisses is pre-initialized via ResolveDefaultMaxCacheMisses (an os.Getenv call), then immediately overwritten by GetMaxCacheMisses() when EngineConfig != nil — which itself calls ResolveDefaultMaxCacheMisses again when the field is unset. The pre-init value is dead in every non-nil EngineConfig branch. maxRuns uses constants.DefaultMaxRuns (no syscall) for its pre-init and defers env-lookup to GetMaxRuns(); maxCacheMisses should follow the same pattern.
3. Missing test: frontmatter beats import (compiler_orchestrator_engine_test.go line 243) — MEDIUM
The only end-to-end test for max-cache-misses import merging covers the "import provides value, main has none" path. The inverse — main declares max-cache-misses: 3, import declares max-cache-misses: 7, result must be 3 — is untested through applyEngineImportDefaults. A future refactor of preservedMaxCacheMisses could silently break the documented "frontmatter wins" behavior.
🔎 Code quality review by PR Code Quality Reviewer · 158.8 AIC · ⌖ 7.47 AIC · ⊞ 5.1K
| assert.Contains(t, jsonStr, `"maxAiCredits":333`, "apiProxy should bake in frontmatter maxAiCredits (skipping runtime expression)") | ||
| }) | ||
|
|
||
| t.Run("default max-cache-misses uses built-in default when unset", func(t *testing.T) { |
There was a problem hiding this comment.
Environment-sensitive test will produce a false failure when GH_AW_DEFAULT_MAX_CACHE_MISSES is set in the runner: this subtest is named "default max-cache-misses uses built-in default when unset", but it never calls t.Setenv(compilerenv.DefaultMaxCacheMisses, "") to actually enforce the "unset" condition. If GH_AW_DEFAULT_MAX_CACHE_MISSES is present in the CI environment, ResolveDefaultMaxCacheMisses returns that value, BuildAWFConfigJSON emits it, and the assertion at line 181 ("maxCacheMisses":5) fails with a misleading error. The base fixture assertion at line 52 (fmt.Sprintf("maxCacheMisses:%d", constants.DefaultMaxCacheMisses)) has the same gap.
💡 Suggested fix
Add at the top of this subtest (and at the top of the base fixture subtest):
t.Setenv(compilerenv.DefaultMaxCacheMisses, "") // guarantee the built-in default pathThe sibling test "enterprise default max-cache-misses env var overrides built-in default" already calls t.Setenv(compilerenv.DefaultMaxCacheMisses, "9") correctly. The "unset" case needs the symmetric clearing call to actually test what its name claims.
| // BuildAWFCommand (see injectMaxAICreditsExpression in awf_helpers.go). | ||
| maxAICredits := int64(0) | ||
| maxRuns := constants.DefaultMaxRuns | ||
| maxCacheMisses := compilerenv.ResolveDefaultMaxCacheMisses(constants.DefaultMaxCacheMisses) |
There was a problem hiding this comment.
Redundant os.Getenv call: the pre-init at this line is overwritten immediately when EngineConfig != nil.
maxCacheMisses is assigned via ResolveDefaultMaxCacheMisses (which calls os.Getenv), then unconditionally overwritten by GetMaxCacheMisses() at line 367 — which also calls ResolveDefaultMaxCacheMisses internally when MaxCacheMisses <= 0. In the common non-nil EngineConfig / unset-field path, the env-var is read twice and the first result is thrown away.
Compare maxRuns: its pre-init is constants.DefaultMaxRuns (no syscall), deferring env-lookup entirely to GetMaxRuns(). maxCacheMisses should follow the same pattern.
💡 Suggested fix
// Before:
maxRuns := constants.DefaultMaxRuns
maxCacheMisses := compilerenv.ResolveDefaultMaxCacheMisses(constants.DefaultMaxCacheMisses)
if config.WorkflowData != nil && config.WorkflowData.EngineConfig != nil {
maxRuns = config.WorkflowData.EngineConfig.GetMaxRuns()
maxCacheMisses = config.WorkflowData.EngineConfig.GetMaxCacheMisses()
}
// After — GetMaxCacheMisses already handles the nil-receiver and fallback:
maxRuns := constants.DefaultMaxRuns
maxCacheMisses := 0
if config.WorkflowData != nil && config.WorkflowData.EngineConfig != nil {
maxRuns = config.WorkflowData.EngineConfig.GetMaxRuns()
maxCacheMisses = config.WorkflowData.EngineConfig.GetMaxCacheMisses()
} else {
maxCacheMisses = compilerenv.ResolveDefaultMaxCacheMisses(constants.DefaultMaxCacheMisses)
}Alternatively, since GetMaxCacheMisses() already handles e == nil, you can drop the guard entirely:
maxCacheMisses := (*EngineConfig)(nil).GetMaxCacheMisses() // resolves env/built-in default via nil-safe method
if config.WorkflowData != nil && config.WorkflowData.EngineConfig != nil {
maxCacheMisses = config.WorkflowData.EngineConfig.GetMaxCacheMisses()
}| assert.Equal(t, "9", result.engineConfig.MaxToolDenials) | ||
| } | ||
|
|
||
| func TestSetupEngineAndImports_ImportedTopLevelMaxCacheMisses(t *testing.T) { |
There was a problem hiding this comment.
Missing test: main-workflow max-cache-misses taking precedence over the same field in an imported workflow.
TestSetupEngineAndImports_ImportedTopLevelMaxCacheMisses only exercises the "import provides the value, main workflow has none" path. The inverse — main workflow declares max-cache-misses: 3, import declares max-cache-misses: 7, result must be 3 — is untested through the full applyEngineImportDefaults flow. Without this, a future refactor of preservedMaxCacheMisses handling could silently break the documented "frontmatter wins" precedence and no test would catch it.
💡 Suggested fix — add a second table entry
func TestSetupEngineAndImports_MainMaxCacheMissesTakesPrecedenceOverImport(t *testing.T) {
tmpDir := testutil.TempDir(t, "engine-main-cache-misses-wins")
sharedContent := `---
engine: copilot
max-cache-misses: 7
---
# Shared`
// ... write shared file ...
testContent := `---
on: push
max-cache-misses: 3
imports:
- shared/common.md
---
# Test`
// ... compile and assert result.engineConfig.MaxCacheMisses == 3 ...
}|
@copilot Rename “Max Cash Misses” to “Max Turn Cash Misses.” |
|
@copilot review all comments and address unresolved review feedback.
|
|
Please refresh the branch and rerun checks after resolving the review threads.
|
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 Caution agentic threat detected |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing... |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
Agent Container Tool Check
Result: 12/12 tools available ✅ — PASS
|
|
Commit pushed:
|
Smoke Test Results
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Smoke Test: Codex - 27855089944 Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
💥 Smoke Test: Claude — Run 27855089943Core #1-12: ✅ all passed (MCP, GH CLI, build, Playwright, Tavily, file/bash, discussion #335, AW status, Slack, code-scan alert, check run) Overall: PASS ✅ Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · 83.6 AIC · ⌖ 28.1 AIC · ⊞ 8.5K
|
|
||
| ```yaml | ||
| default_max_ai_credits: "1000" | ||
| default_max_turn_cache_misses: "5" |
There was a problem hiding this comment.
Nice — documenting the new default_max_turn_cache_misses env default here keeps the recognized-keys list discoverable. 👍
| ``` | ||
|
|
||
| Recognized keys include `default_max_ai_credits`, `default_detection_max_ai_credits`, `default_max_daily_ai_credits`, `default_timeout_minutes`, `default_max_turns`, `default_detection_model`, `default_utc`, `default_model_copilot`, `default_model_claude`, `default_model_codex`. The compiler resolves model selection as `GH_AW_MODEL_*` → `GH_AW_DEFAULT_MODEL_*` → built-in engine fallback. | ||
| Recognized keys include `default_max_ai_credits`, `default_max_turn_cache_misses`, `default_detection_max_ai_credits`, `default_max_daily_ai_credits`, `default_timeout_minutes`, `default_max_turns`, `default_detection_model`, `default_utc`, `default_model_copilot`, `default_model_claude`, `default_model_codex`. The compiler resolves model selection as `GH_AW_MODEL_*` → `GH_AW_DEFAULT_MODEL_*` → built-in engine fallback. |
There was a problem hiding this comment.
Consider keeping the recognized-keys ordering consistent with the YAML example above for easier scanning.
|
Smoke Test PASS Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
This adds first-class workflow frontmatter support for the AWF cache-miss guardrail and aligns it with existing compiler-managed defaults.
max-turn-cache-missesnow resolves with the expected precedence: frontmatter value, env-managed default override, then built-in default5.Frontmatter and schema
max-turn-cache-missesapiProxy.maxCacheMissesCompiler and AWF config mapping
max-turn-cache-missesthroughEngineConfig(MaxTurnCacheMisses)apiProxy.maxCacheMissesin generated AWF configDefault resolution
5(DefaultMaxTurnCacheMisses)GH_AW_DEFAULT_MAX_TURN_CACHE_MISSESas the compiler-managed overrideGH_AW_DEFAULT_MAX_TURN_CACHE_MISSES5Environment manager and docs
gh aw envdefaults support withdefault_max_turn_cache_missesTests and golden output
Example:
Compiles to AWF config including:
{ "apiProxy": { "maxCacheMisses": 8 } }✨ PR Review Safe Output Test - Run 27855089943
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.