Skip to content

Fix strict mode isolation between workflows and add script to priority fields#1308

Merged
pelikhan merged 3 commits intomainfrom
copilot/add-strict-flag-handling
Oct 7, 2025
Merged

Fix strict mode isolation between workflows and add script to priority fields#1308
pelikhan merged 3 commits intomainfrom
copilot/add-strict-flag-handling

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Oct 7, 2025
edited
Loading

Problem

When compiling multiple workflows, the strict: true flag in one workflow's frontmatter would affect all subsequent workflow compilations. This happened because the compiler instance is reused across multiple workflows, and setting c.strictMode = true for one workflow would persist for all following workflows.

Additionally, the script field was missing from the step field priority ordering.

Example of the Issue

# workflow1.md - has strict: true
---
on: push
strict: true
permissions:
  contents: read
engine: claude
network:
  allowed:
    - "api.example.com"
---
# This workflow enables strict mode

# workflow2.md - no strict flag
---
on: push
permissions:
  contents: write
engine: claude
---
# This workflow should NOT be in strict mode
# But it was incorrectly validated with strict rules!

When compiling both workflows sequentially using gh aw compile, workflow2 would fail strict mode validation even though it didn't have strict: true, because the strict mode state leaked from workflow1.

Solution

1. Strict Mode Isolation

Modified ParseWorkflowFile in pkg/workflow/compiler.go to:

  • Save the initial strictMode state before processing each workflow
  • Apply workflow-specific strict mode from frontmatter if present
  • Restore the initial state immediately after validation
  • Handle error cases by restoring state before returning

This ensures strict mode is isolated per-workflow and doesn't affect other compilations.

2. Script Field Priority

Added "script" as the first field in PriorityStepFields in pkg/constants/constants.go, ensuring proper field ordering in generated workflow steps.

Testing

Added TestStrictModeIsolation that validates:

  • A strict workflow with missing required fields fails validation
  • A subsequent non-strict workflow compiles successfully without being affected
  • Multiple workflows can be compiled in any order without strict mode leaking

All existing tests continue to pass, and all 59 workflows in the repository recompile successfully.

Original prompt

when a workflow has the "strict: true" flag enabled, it should not affect the compilation "strictness" of other workflows (+ add script in field priority list as first field)

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@pelikhan
Fix strict mode isolation and add script to priority fields
ba08c65 
- Save and restore strict mode state per workflow to prevent leakage
- Add 'script' as first field in PriorityStepFields
- Add test for strict mode isolation between workflows

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add handling for strict flag in workflows Fix strict mode isolation between workflows and add script to priority fields Oct 7, 2025
Copilot AI requested a review from pelikhan October 7, 2025 15:37
@pelikhan pelikhan marked this pull request as ready for review October 7, 2025 16:15
@pelikhan pelikhan merged commit 80f184c into main Oct 7, 2025
12 checks passed
@pelikhan pelikhan deleted the copilot/add-strict-flag-handling branch October 7, 2025 16:15
Copilot AI added a commit that referenced this pull request May 4, 2026
@gh-aw-bot
Fix spec audit: add Public API, Usage Examples, and Dependencies to 1…
67f0c1b 
…7 packages

- Renamed ## Functions/## Types/## Core Components to ## Public API in 17 packages
- Added ## Usage Examples (or renamed ## Usage) in 17 packages
- Added ## Dependencies to 10 packages with internal deps
- Updated ## Dependencies in cli (9 missing pkgs), parser (wrong/missing external), workflow (missing external)

Closes #1308

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/0eb250f6-a1e9-4e26-a498-f96203f95352

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan