Skip to content

[deps-release-notes] awf — upstream release action items #1304

Description

@github-actions

Rolling upstream release action items — awf

This is the single canonical tracking issue for action items from new awf releases. The update-awf-version workflow appends a comment here for each version bump going forward — the most recent activity lives in the comments below. This body consolidates everything filed so far.

Latest pinned version covered: 0.27.21

Consolidated history (earliest → latest)

0.25.480.25.60 (was #851)

  • OTel distributed tracing in api-proxy (v0.25.51): api-proxy now emits OTel traces; ado-aw could expose config to help consumers use this.
  • ARC/DinD split-filesystem auto-detection (v0.25.52): AWF auto-detects DinD split filesystem via sentinel probe; ado-aw docs may need updating.
  • Middle-power model fallback (v0.25.53): api-proxy supports model fallback when primary is unavailable; ado-aw could expose this.
  • Anthropic WIF support (v0.25.58): api-proxy supports Anthropic WIF schema fields + OIDC validation.
  • Pre-startup model validation via requestedModel config (v0.25.58): api-proxy validates requested model before startup; ado-aw may wish to populate this field.

0.25.480.25.63 (was #859)

  • Security: proxy auth normalization hardened (v0.25.49): Prevents malformed Authorization headers from reaching the upstream API.
  • Responses API cache reads in token usage rollups (v0.25.63): Fixes under-reporting of cached token reads; improves ado-aw audit accuracy.

0.25.650.25.66 (was #902)

  • Azure/AWS/GCP OIDC support in Copilot adapter (v0.25.66): api-proxy supports cloud OIDC credential injection; ado-aw could expose via engine:/network: front-matter.
  • Budget fields in token-usage.jsonl (v0.25.66): maxTurns and budget fields now persisted; ado-aw audit module could surface these in AuditData.

0.25.650.25.68 (was #930)

  • GITHUB_COPILOT_INTEGRATION_ID forwarding fix (v0.25.67): AWF now correctly forwards it as COPILOT_INTEGRATION_ID to the api-proxy.
  • PAT-safe integration ID + model name normalization (v0.25.68): Regression fix from v0.25.67; normalizes legacy CAPI model names.

0.25.650.27.0 (was #950)

  • cli-proxy fail fast on DIFC unreachability (v0.25.66): CLI proxy now errors immediately rather than hanging; verify DIFC proxy config before upgrade.

0.25.650.27.1 (was #970)

  • AI credits as OTEL span attributes (v0.27.1): AWF emits AI credit consumption as OTel spans; agent_stats.rs + audit could surface these.
  • Redacted resolved config as audit artifact (v0.27.1): ado-aw audit could expose for configuration diagnostics.
  • Opt-in diagnostics artifact for blocked LLM request bodies (v0.27.1): ado-aw could surface via ado-aw-debug: flag.

0.25.650.27.2 (was #983)

  • Security: WIF/OIDC Anthropic auth regression (v0.27.2): ANTHROPIC_API_KEY leaked to agent container when Squid blocked OIDC exchange; fixed in 0.27.2.

0.25.650.27.3 (was #990)

  • OTLP fan-out to multiple endpoints (v0.27.3): api-proxy can fan out telemetry to multiple OTLP endpoints simultaneously.

0.27.30.27.5 (was #1093)

  • Security: HTTPS-only for bare API proxy targets (v0.27.5): Prevents over-broad HTTP allowlisting; verify no existing config relies on HTTP.
  • allowedModels/disallowedModels in api-proxy (v0.27.5): Model allow/deny-list policy; ado-aw could expose as engine.allowed-models front-matter.
  • COPILOT_INTEGRATION_ID forwarding from host env (v0.27.5): api-proxy forwards from host into sandbox; ensure ado-aw passes it through AWF invocation.
  • GHES detection fix for Copilot auth prefix (v0.27.4): Fixes auth failures for non-standard GHES hostnames.

0.27.30.27.7 (was #1118)

  • max-cache-misses guardrail (v0.27.6): Limits token spend when cache misses exceed threshold; useful for cost-sensitive pipelines.

0.27.30.27.9 (was #1184)

  • Copilot Business endpoint auth prefix corrected (v0.27.9): Fixed wrong bearer prefix (should be token); Business-account pipelines may have been silently failing.

0.27.90.27.11 (was #1219)

  • Portable self-hosted runner doctor agent (v0.27.11): New AWF diagnostic tool; ado-aw could reference in troubleshooting docs.
  • Topology-attach ordering deadlock fix (v0.27.11): Starved cli-proxy health gate; MCPG-based pipelines (--topology-attach mcp-gateway) were directly affected.
  • ARC/DinD chroot path fix (v0.27.10): /host/tmp/awf-runner-bin instead of /host/usr collision; update ARC/DinD docs if referencing /host/usr.

0.27.90.27.12 (was #1241)

  • Security: June 2026 dependency refresh (v0.27.12): Routine security dep upgrades; upgrading recommended.
  • OIDC config propagation fix (v0.27.12): apiProxy.auth OIDC fields were not propagated to all proxy layers; previously configured OIDC may have been silently ignored.

0.27.90.27.13 (was #1252)

  • Security: ReDoS fix in postprocess script (v0.27.11): ReDoS vulnerability patched; no consumer action beyond upgrading.
  • maxRuns counts only inference calls (v0.27.13): Semantics changed — no longer counts tool calls; re-evaluate any max-runs tuning based on total tool-call counts.
  • HTTP 429 (not 403) when max turns exceeded (v0.27.13): Update any ado-aw code/docs that treat 403 as the max-turns-exceeded indicator.

0.27.90.27.15 (was #1260)

  • Note: v0.27.14 was retracted; its changes are included in v0.27.15.
  • Security: transitive linkify-it → v5.0.1 (v0.27.12): Part of June 2026 security refresh.

0.27.90.27.21 (was #1304) — canonical

  • container.mounts in AWF config schema (v0.27.21): ado-aw could expose as front-matter field for custom sandbox mounts.
  • Model-to-API endpoint mapping (v0.27.16): AWF maintains a model→endpoint map updated daily; relevant for ado-aw model validation allowlist.

Consolidated by the Deps Release-Notes Consolidator workflow. Superseded per-release issues were closed and point here.

Generated by Deps Release-Notes Consolidator · 319.3 AIC · ⌖ 17.7 AIC · ⊞ 6.6K ·

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions