Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/aw/cli-commands.md
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,10 @@ Upgrade the repository's agentic workflows configuration to the latest gh-aw ver
gh aw upgrade # Upgrade agent files + codemods + compile
gh aw upgrade -v # Verbose output
gh aw upgrade --no-fix # Skip codemods and compilation
gh aw upgrade --create-pull-request # Open a PR with the upgrade changes (alias: --pr)
gh aw upgrade --org my-org # Preview upgrade PRs across an organization
gh aw upgrade --org my-org --repos '*-service' # Limit org mode to matching repos
gh aw upgrade --org my-org --create-issue # Open issues in org repos with agentic workflows (requires --org)
```

**MCP equivalent**: `upgrade` tool
Expand Down
2 changes: 1 addition & 1 deletion .github/aw/safe-outputs-automation.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ description: Safe-output reference for workflow dispatch, code scanning, checks,
max: 10 # Optional: max assets (default: 10)
```

Publishes files to an orphaned git branch for persistent storage and URL-addressable embedding. Default allowed extensions include common non-executable types. Maximum file size is 50MB (51200 KB). **Use this for images, charts, and screenshots that need embeddable URLs in issues/PRs/discussions.**
Publishes files to an orphaned git branch for persistent storage and URL-addressable embedding. Default allowed extensions include common non-executable types. Default max file size is 10MB (10240 KB), configurable via `max-size`. **Use this for images, charts, and screenshots that need embeddable URLs in issues/PRs/discussions.**
- `upload-artifact:` - Upload files as run-scoped GitHub Actions artifacts (recommended for temporary run artifacts and attachment-style outputs)

```yaml
Expand Down
15 changes: 3 additions & 12 deletions .github/aw/syntax-agentic.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ description: Agentic workflow specific frontmatter fields for GitHub Agentic Wor
- **`bots:`** - Bot identifiers allowed to trigger workflow regardless of role permissions (array)
- Example: `bots: [dependabot[bot], renovate[bot], github-actions[bot]]`
- Bot must be active (installed) on repository to trigger workflow
- **`strict:`** - Enable enhanced validation for production workflows (boolean, defaults to `true`)
- Must be `true`
- **`strict:`** - Enable enhanced validation for production workflows (boolean, defaults to `true`; strongly recommended)
- Prefer `strict: true`; `strict: false` is dangerous, should be extremely rare, and must be carefully security reviewed before use
- **`max-turns:`** - AWF turn cap applied consistently across all agentic engines (integer or expression, e.g. `${{ inputs.max-turns }}`). The engine-level `engine.max-turns` is a deprecated alias kept for backward compatibility — prefer this top-level field. Not supported by the `gemini` engine.
- **`max-runs:`** - Deprecated legacy alias for the AWF invocation cap (`apiProxy.maxRuns`, defaults to `500` when omitted). Use `max-turns` instead; run `gh aw fix` to migrate.
- **`max-ai-credits:`** - Per-run AI Credits (AIC) budget enforced by the AWF firewall (integer or `K`/`M` short-form string like `100M`; default `1000`). Set a negative value to disable enforcement and token steering. See [token-optimization.md](token-optimization.md).
Expand Down Expand Up @@ -321,18 +321,9 @@ description: Agentic workflow specific frontmatter fields for GitHub Agentic Wor
- "blocked-domain.com"
- "*.untrusted.com"
- python # Block ecosystem identifiers
firewall: true # Optional: Enable AWF (Agent Workflow Firewall) for Copilot engine
```

- **Firewall configuration** (Copilot engine only):

```yaml
network:
firewall:
version: "v1.0.0" # Optional: AWF version (defaults to latest)
log-level: debug # Optional: debug, info (default), warn, error
args: ["--custom-arg", "value"] # Optional: additional AWF arguments
```
- **Firewall (AWF) configuration** is set under `sandbox.agent`, not `network`. Use `sandbox.agent.version` to pin the AWF version (see below). The legacy `network.firewall` field is deprecated; run `gh aw fix` to migrate.

- **`sandbox:`** - Sandbox configuration for AI engines (string or object)
- String format: `"default"` (default sandbox), `"awf"` (Agent Workflow Firewall)
Expand Down
Loading