fix: emit model aliases under apiProxy.models instead of top-level config.models#30367
fix: emit model aliases under apiProxy.models instead of top-level config.models#30367
apiProxy.models instead of top-level config.models#30367Conversation
…nfig.models Agent-Logs-Url: https://github.com/github/gh-aw/sessions/d9f00ef6-097c-4d7f-9735-f073aed282c3 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This pull request fixes AWF config generation so model alias mappings are emitted under apiProxy.models (per AWF v0.25.38+ schema expectations) instead of as unsupported top-level keys, and adds local schema validation for generated AWF config JSON.
Changes:
- Embedded the AWF config JSON schema and added schema validation for generated config JSON (cached via
sync.Once). - Moved model alias emission to
apiProxy.modelsand updated tests to assert the new shape. - Regenerated golden/lock fixtures to reflect the updated
awf-config.jsonoutput.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/awf_config.go | Emits model aliases under apiProxy.models and validates generated config JSON against an embedded schema. |
| pkg/workflow/schemas/awf-config.schema.json | Embedded AWF config schema used for local validation. |
| pkg/workflow/model_aliases_test.go | Updates tests to assert apiProxy.models via typed JSON parsing. |
| pkg/workflow/model_aliases_import_test.go | Updates import-related test expectations for apiProxy.models. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden | Regenerated golden fixture with apiProxy.models in emitted config JSON. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden | Regenerated golden fixture with apiProxy.models in emitted config JSON. |
| .github/workflows/ace-editor.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/agent-performance-analyzer.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/agent-persona-explorer.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/ai-moderator.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/archie.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/bot-detection.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/brave.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/code-simplifier.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/codex-github-remote-mcp-test.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/contribution-check.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/constraint-solving-potd.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/copilot-token-optimizer.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/craft.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/daily-architecture-diagram.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/daily-cli-tools-tester.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/daily-malicious-code-scan.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/daily-regulatory.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/daily-secrets-analysis.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/daily-semgrep-scan.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/daily-skill-optimizer.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/daily-team-status.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/dependabot-burner.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/deployment-incident-monitor.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/dev.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/dictation-prompt.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/example-permissions-warning.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/github-remote-mcp-auth-test.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/gpclean.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/issue-triage-agent.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/jsweep.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/mattpocock-skills-reviewer.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/metrics-collector.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/notion-issue-summary.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/pdf-summary.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/plan.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/poem-bot.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/pr-nitpick-reviewer.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/q.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/refiner.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/repo-audit-analyzer.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/repo-tree-map.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/security-compliance.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/security-review.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/smoke-ci.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/smoke-crush.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/smoke-gemini.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/smoke-opencode.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/super-linter.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/terminal-stylist.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/test-dispatcher.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/test-project-url-default.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/test-workflow.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/video-analyzer.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/workflow-generator.lock.yml | Regenerated locked workflow output with apiProxy.models. |
| .github/workflows/workflow-health-manager.lock.yml | Regenerated locked workflow output with apiProxy.models. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 161/222 changed files
- Comments generated: 3
| loader := jsonschema.NewCompiler() | ||
| schemaURL := fmt.Sprintf("https://github.com/github/gh-aw-firewall/releases/download/%s/awf-config.schema.json", constants.DefaultFirewallVersion) | ||
| if err := loader.AddResource(schemaURL, schemaDoc); err != nil { | ||
| awfConfigSchemaCompileError = fmt.Errorf("failed to add AWF config schema resource: %w", err) | ||
| return |
| { | ||
| "$schema": "https://json-schema.org/draft/2020-12/schema", | ||
| "$id": "https://github.com/github/gh-aw-firewall/releases/download/v0.25.38/awf-config.schema.json", | ||
| "title": "AWF Configuration", | ||
| "description": "JSON/YAML configuration for awf CLI. CLI flags override config file values. See https://github.com/github/gh-aw-firewall for documentation.", |
| // models must appear nested under apiProxy | ||
| assert.Contains(t, jsonStr, `"models"`, "models section must be present under apiProxy in AWF config JSON") |
There was a problem hiding this comment.
Good catch! The assert.Contains check for "models" is indeed a weak assertion. Unmarshalling into a typed struct and asserting apiProxy.models is populated (while verifying no top-level models key exists) would make this test much more robust against regressions.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · ● 1.3M
|
|
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
Agent Container Tool Check
Result: 11/12 tools available
|
🧪 Test Quality Sentinel ReportTest Quality Score: 100/100✅ Excellent test quality
Test Classification DetailsView all 7 tests
Flagged Tests — Requires ReviewNo tests flagged. All tests enforce behavioral contracts with adequate edge-case coverage. Language SupportTests analyzed:
Test Inflation Check
No inflation detected (threshold: 2:1). Verdict
📖 Understanding Test ClassificationsDesign Tests (High Value) verify what the system does:
Implementation Tests (Low Value) verify how the system does it:
Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators. References:
|
|
Smoke Codex: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
|
👋 The smoke test agent was here! 🤖✨ Just passing through to confirm the agentic plumbing is working — models talking to APIs, APIs writing to GitHub, tests passing in the matrix. If you can read this, it means everything worked! 🎉 Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
|
Smoke Test Run §25383635363 PR: fix: emit model aliases under
Overall: ✅ PASS Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
|
💨 Smoke test §25383635321 — Claude engine Core tests #1–12: ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ ✅ Status: PARTIAL (all non-skipped tests passed) Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Smoke test agent reviewed PR #30367. The fix correctly moves model aliases under apiProxy.models per AWF schema. Two minor observations: (1) schema compilation is pinned to DefaultFirewallVersion rather than the per-workflow version; (2) the embedded schema $id is v0.25.38 but the default is v0.25.39. Both are minor but could cause version drift in schema validation.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · ● 1.3M
| @@ -0,0 +1,325 @@ | |||
| { | |||
| "$schema": "https://json-schema.org/draft/2020-12/schema", | |||
| "$id": "https://github.com/github/gh-aw-firewall/releases/download/v0.25.38/awf-config.schema.json", | |||
There was a problem hiding this comment.
The embedded schema $id references v0.25.38 while constants.DefaultFirewallVersion is v0.25.39. This version mismatch may cause confusing validation errors. Update the embedded schema to match the current default firewall version.
| schemaURL := fmt.Sprintf("https://github.com/github/gh-aw-firewall/releases/download/%s/awf-config.schema.json", constants.DefaultFirewallVersion) | ||
| if err := loader.AddResource(schemaURL, schemaDoc); err != nil { | ||
| awfConfigSchemaCompileError = fmt.Errorf("failed to add AWF config schema resource: %w", err) | ||
| return |
There was a problem hiding this comment.
The schema compilation uses constants.DefaultFirewallVersion as the resource URL, but workflows may specify different firewall versions. This means validation always runs against the default schema rather than the configured version. Consider using buildAWFConfigSchemaURL to derive the schema URL from the actual firewall version in use.
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal! Run §25383635321
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · ● 242.6K
| export GH_AW_NODE_BIN | ||
| (umask 177 && touch /tmp/gh-aw/agent-stdio.log) | ||
| printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.39/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true},"container":{"imageTag":"0.25.39"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json | ||
| printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.39/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","google/deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.39"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json |
There was a problem hiding this comment.
✅ Smoke test review comment #1 — The apiProxy.models aliases are now correctly emitted under apiProxy.models rather than top-level config.models. This aligns with the expected schema structure for model routing.
| export GH_AW_NODE_BIN | ||
| (umask 177 && touch /tmp/gh-aw/agent-stdio.log) | ||
| printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.39/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true},"container":{"imageTag":"0.25.39"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json | ||
| printf '%s\n' '{"$schema":"https://github.com/github/gh-aw-firewall/releases/download/v0.25.39/awf-config.schema.json","network":{"allowDomains":["api.business.githubcopilot.com","api.enterprise.githubcopilot.com","api.github.com","api.githubcopilot.com","api.individual.githubcopilot.com","api.snapcraft.io","archive.ubuntu.com","azure.archive.ubuntu.com","crl.geotrust.com","crl.globalsign.com","crl.identrust.com","crl.sectigo.com","crl.thawte.com","crl.usertrust.com","crl.verisign.com","crl3.digicert.com","crl4.digicert.com","crls.ssl.com","github.com","host.docker.internal","json-schema.org","json.schemastore.org","keyserver.ubuntu.com","ocsp.digicert.com","ocsp.geotrust.com","ocsp.globalsign.com","ocsp.identrust.com","ocsp.sectigo.com","ocsp.ssl.com","ocsp.thawte.com","ocsp.usertrust.com","ocsp.verisign.com","packagecloud.io","packages.cloud.google.com","packages.microsoft.com","ppa.launchpad.net","raw.githubusercontent.com","registry.npmjs.org","s.symcb.com","s.symcd.com","security.ubuntu.com","telemetry.enterprise.githubcopilot.com","ts-crl.ws.symantec.com","ts-ocsp.ws.symantec.com","www.googleapis.com"]},"apiProxy":{"enabled":true,"models":{"auto":["large"],"deep-research":["copilot/deep-research*","google/deep-research*"],"gemini-flash":["copilot/gemini-*flash*","google/gemini-*flash*"],"gemini-pro":["copilot/gemini-*pro*","google/gemini-*pro*"],"gpt-4.1":["copilot/gpt-4.1*","openai/gpt-4.1*"],"gpt-5":["copilot/gpt-5*","openai/gpt-5*"],"gpt-5-codex":["copilot/gpt-5*codex*","openai/gpt-5*codex*"],"gpt-5-mini":["copilot/gpt-5*mini*","openai/gpt-5*mini*"],"gpt-5-nano":["copilot/gpt-5*nano*","openai/gpt-5*nano*"],"gpt-5-pro":["copilot/gpt-5*pro*","openai/gpt-5*pro*"],"haiku":["copilot/*haiku*","anthropic/*haiku*"],"large":["sonnet","gpt-5-pro","gpt-5","gemini-pro"],"mini":["haiku","gpt-5-mini","gpt-5-nano","gemini-flash"],"opus":["copilot/*opus*","anthropic/*opus*"],"reasoning":["copilot/o1*","copilot/o3*","copilot/o4*","openai/o1*","openai/o3*","openai/o4*"],"small":["mini"],"sonnet":["copilot/*sonnet*","anthropic/*sonnet*"]}},"container":{"imageTag":"0.25.39"}}' > "${RUNNER_TEMP}/gh-aw/awf-config.json" && cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json |
There was a problem hiding this comment.
✅ Smoke test review comment #2 — Model alias configuration consistently applied across all lock files. Good pattern to have a single recompile surface so all workflows stay in sync.
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
AWF firewall v0.25.38 performs strict schema validation and rejects unknown top-level keys. Placing model aliases at
config.modelscaused all smoke runs to fail at startup withconfig.models is not supported— 0 turns, 0 tokens per run.Changes
pkg/workflow/schemas/awf-config.schema.json— Embed the AWF v0.25.38 config schema. The schema definesapiProxy.modelsas the correct location for model alias maps.pkg/workflow/awf_config.go— MoveModelsfromAWFConfigFile(top-level, was taggedjson:"-") toAWFAPIProxyConfig.Models(nested underapiProxy, taggedjson:"models,omitempty"). Add schema validation using the embedded JSON schema withsync.Oncecaching so every generated config is validated before use.pkg/workflow/model_aliases_test.go— Update tests to expect models nested underapiProxy.models; addawfConfigModelsResulthelper type for typed JSON assertion.pkg/workflow/model_aliases_import_test.go— Update test to expect models underapiProxy.models.apiProxy.modelsoutput.Rebuild of #30315
✨ PR Review Safe Output Test - Run 25383635321
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.