github · pelikhan · Jun 2, 2026 · Jun 2, 2026 · Jun 2, 2026 · Jun 2, 2026
diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml
diff --git a/pkg/parser/import_field_extractor.go b/pkg/parser/import_field_extractor.go
@@ -53,7 +53,7 @@ type importAccumulator struct {
 	caches                   []string
 	features                 []map[string]any
 	models                   []map[string][]string // model alias maps from each imported file (appended in import order)
-	runInstallScripts        bool                  // true if any imported workflow sets run-install-scripts: true (global or node-level)
+	runInstallScripts        bool                  // true if any imported workflow sets runtimes.node.run-install-scripts: true
 	agentFile                string
 	agentImportSpec          string
 	repositoryImports        []string

diff --git a/pkg/parser/import_processor.go b/pkg/parser/import_processor.go
@@ -29,7 +29,7 @@ type ImportsResult struct {
 	MergedPreSteps                string                // Merged pre-steps configuration from all imports (prepended in order)
 	MergedPreAgentSteps           string                // Merged pre-agent-steps configuration from all imports (prepended in order)
 	MergedRuntimes                string                // Merged runtimes configuration from all imports
-	MergedRunInstallScripts       bool                  // true if any imported workflow sets run-install-scripts: true (global or node-level)
+	MergedRunInstallScripts       bool                  // true if any imported workflow sets runtimes.node.run-install-scripts: true
 	MergedServices                string                // Merged services configuration from all imports
 	MergedNetwork                 string                // Merged network configuration from all imports
 	MergedPermissions             string                // Merged permissions configuration from all imports

diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json
@@ -9906,12 +9906,6 @@
       "description": "Control whether the compile-agentic version update check runs in the activation job. When true (default), the activation job downloads config.json from the gh-aw repository and verifies the compiled version is not blocked and meets the minimum supported version. Set to false to disable the check (not allowed in strict mode). See: https://github.github.com/gh-aw/reference/frontmatter/#check-for-updates",
       "examples": [true, false]
     },
-    "run-install-scripts": {
-      "type": "boolean",
-      "default": false,
-      "description": "Allow npm pre/post install scripts to execute during package installation. By default, --ignore-scripts is added to all generated npm install commands to prevent supply chain attacks via malicious install hooks. Setting run-install-scripts: true disables this protection globally (all runtimes). A supply chain security warning is emitted at compile time; in strict mode this is an error. Per-runtime control is also available via runtimes.<runtime>.run-install-scripts. See: https://github.github.com/gh-aw/reference/frontmatter/#run-install-scripts",
-      "examples": [false, true]
-    },
     "mcp-scripts": {
       "type": "object",
       "description": "MCP Scripts configuration for defining custom lightweight MCP tools as JavaScript, shell scripts, or Python scripts. Tools are mounted in an MCP server and have access to secrets specified by the user. Only one of 'script' (JavaScript), 'run' (shell), or 'py' (Python) must be specified per tool.",
@@ -10135,7 +10129,7 @@
             "run-install-scripts": {
               "type": "boolean",
               "default": false,
-              "description": "Allow npm pre/post install scripts to execute for this runtime during package installation. Overrides the global run-install-scripts setting for this specific runtime. Only affects runtimes that generate npm install commands (node). A supply chain security warning is emitted at compile time; in strict mode this is an error. See: https://github.github.com/gh-aw/reference/frontmatter/#run-install-scripts",
+              "description": "Allow npm pre/post install scripts to execute during package installation. A supply chain security warning is emitted at compile time; in strict mode this is an error. See: https://github.github.com/gh-aw/reference/frontmatter/#run-install-scripts",
               "examples": [false, true]
             }
           },

diff --git a/pkg/workflow/compiler_orchestrator_tools.go b/pkg/workflow/compiler_orchestrator_tools.go
@@ -18,7 +18,7 @@ type toolsProcessingResult struct {
 	tools                 map[string]any
 	resolvedMCPServers    map[string]any // fully merged mcp-servers from main workflow and all imports
 	runtimes              map[string]any
-	runInstallScripts     bool // true when run-install-scripts: true is set (globally or per node runtime, from main + imports)
+	runInstallScripts     bool // true when runtimes.node.run-install-scripts: true is set (from main + imports)
 	toolsTimeout          string
 	toolsStartupTimeout   string
 	markdownContent       string

diff --git a/pkg/workflow/compiler_types.go b/pkg/workflow/compiler_types.go
@@ -571,7 +571,7 @@ type WorkflowData struct {
 	StaleCheckFull                 bool                            // true when on.stale-check: full is set in frontmatter (enables body hash check alongside frontmatter hash check)
 	EngineConfigSteps              []map[string]any                // steps returned by engine.RenderConfig — prepended before execution steps
 	ServicePortExpressions         string                          // comma-separated ${{ job.services['<id>'].ports['<port>'] }} expressions for AWF --allow-host-service-ports
-	RunInstallScripts              bool                            // true when run-install-scripts: true is set (globally or per node runtime); disables --ignore-scripts on generated npm install steps
+	RunInstallScripts              bool                            // true when runtimes.node.run-install-scripts: true is set (main workflow and/or imports); disables --ignore-scripts on generated npm install steps
 	CachedPermissions              *Permissions                    // cached parsed Permissions object (for performance optimization); populated by applyDefaults after all permission mutations
 	CachedPermissionScopeNamesErr  error                           // cached result of ValidatePermissionScopeNames(Permissions); nil = valid; populated by applyDefaults
 	CachedPermissionScopeNamesSet  bool                            // true once CachedPermissionScopeNamesErr has been populated; distinguishes "valid (nil)" from "not yet computed"

diff --git a/pkg/workflow/frontmatter_types.go b/pkg/workflow/frontmatter_types.go
@@ -292,7 +292,6 @@ type FrontmatterConfig struct {
 	MaxDailyEffectiveTokens *TemplatableInt32 `json:"max-daily-effective-tokens,omitempty"`
 	Strict                  *bool             `json:"strict,omitempty"`              // Pointer to distinguish unset from false
 	Private                 *bool             `json:"private,omitempty"`             // If true, workflow cannot be added to other repositories
-	RunInstallScripts       *bool             `json:"run-install-scripts,omitempty"` // If true, allow pre/post install scripts globally (supply chain risk; emits warning or error in strict mode)
 	Labels                  []string          `json:"labels,omitempty"`
 
 	// Configuration sections - using strongly-typed structs