Skip to content

fix: propagate config fields to all layers#5809

Merged
lpcox merged 2 commits into
mainfrom
fix/config-audit-container-mounts-spec-6faf42f774223327
Jul 2, 2026
Merged

fix: propagate config fields to all layers#5809
lpcox merged 2 commits into
mainfrom
fix/config-audit-container-mounts-spec-6faf42f774223327

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Config Consistency Fixes

Automated fixes for configuration fields not fully propagated across all required layers.

From PR #5755 — feat: add container.mounts to AWF config file schema

Field Fix Applied
container.mounts Added CLI mapping entry to Section 5 of docs/awf-config-spec.md: maps to -v, --mount (repeatable)

Root cause: PR #5755 correctly updated src/awf-config-schema.json, docs/awf-config.schema.json, src/config-file.ts, and src/config-mapper.ts, but did not add the CLI mapping entry to docs/awf-config-spec.md.

Verification

  • Schemas identical: diff src/awf-config-schema.json docs/awf-config.schema.json produces no output
  • TypeScript compiles: tsc passes with no errors
  • Config-file-mapping tests pass: 118 tests passed across config-file-mapping and schema suites

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Config Consistency Auditor · 58.1 AIC · ⊞ 6.4K ·

Add missing container.mounts CLI mapping entry to awf-config-spec.md.

PR #5755 added container.mounts to the JSON schema, TypeScript types,
and config-file.ts mapping, but the Section 5 CLI mapping table in
docs/awf-config-spec.md was not updated.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lpcox lpcox marked this pull request as ready for review July 2, 2026 22:33
Copilot AI review requested due to automatic review settings July 2, 2026 22:33

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the AWF config specification documentation to reflect the missing CLI mapping for the newly-added container.mounts config field, improving consistency between config schema, mapper behavior, and docs.

Changes:

  • Documented container.mounts[]-v, --mount CLI mapping in docs/awf-config-spec.md.
Show a summary per file
File Description
docs/awf-config-spec.md Adds the missing CLI mapping entry for container.mounts[] to keep the config spec aligned with the schema/mapping layers.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 1
  • Review effort level: Low

Comment thread docs/awf-config-spec.md Outdated
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

✅ Copilot review passed with no inline comments.

@github-actions[bot] Add the ready-for-aw label to this PR to trigger agentic CI smoke tests.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 50a7149

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Build Test Suite completed successfully!

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Claude passed

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

🚀 Security Guard has started processing this pull request

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Contribution Check completed successfully!

PR follows the applicable contribution guidelines; no comment needed.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Gemini completed. All facets verified. 💎

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Chroot tests failed Smoke Chroot failed - See logs for details.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Claude Engine Validation

Check Result
API Status ✅ PASS
GH Check ✅ PASS
File Status ✅ PASS

Overall Result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #5809 · 34.7 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Tests: MCP ✅ GitHub.com ✅ File I/O ✅ BYOK ✅\nRunning direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL)\nOverall: PASS\n@lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: Services Connectivity

  • Redis PING: ❌ Network is unreachable
  • PostgreSQL pg_isready: ❌ no response
  • PostgreSQL SELECT 1: ❌ Network is unreachable

Overall: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

🔬 Smoke Test: Copilot PAT Auth — PASS

Test Result
GitHub MCP connectivity
GitHub.com HTTP (200)
File write/read

Overall: PASS · Auth mode: PAT (COPILOT_GITHUB_TOKEN) · Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test Results: Copilot BYOK (Direct) ✅

  • ✅ GitHub connectivity (HTTP 200)
  • ✅ File write/read test
  • ✅ BYOK inference path (api-proxy → api.githubcopilot.com)

Status: PASS — Direct BYOK mode working via COPILOT_PROVIDER_API_KEY

@lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test Results

  • GitHub MCP Testing: ❌
  • GitHub.com Connectivity: ❌
  • File Writing Testing: ✅
  • Bash Tool Testing: ✅

Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

🔍 Smoke Test: Copilot Engine Validation

Test Result
GitHub MCP Connectivity ✅ MCP bridge reachable
GitHub.com HTTP Connectivity ✅ Pre-step completed successfully
File Write/Read ✅ Smoke file exists with correct content

Overall: PASS

Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)

Tests:

  • GitHub MCP connectivity: ✅
  • GitHub.com connectivity: ✅
  • File I/O: ✅
  • BYOK inference: ✅

Overall status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Merged PRs: fix: chmod squid logs inside container before compose down; fix(ci): postprocess install-step swap must tolerate trailing --rootless flag | ✅ GitHub PR query | ✅ File write/read | ✅ Discussion lookup/comment | ✅ Build | ✅ GitHub title check via Chromium fallback | ❌ Playwright tool unavailable in this runner | Overall: FAIL

Warning

Firewall blocked 8 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • awmgmcpg
  • clients2.google.com
  • contentautofill.googleapis.com
  • images.ctfassets.net
  • redirector.gvt1.com
  • registry.npmjs.org
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "awmgmcpg"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "images.ctfassets.net"
    - "redirector.gvt1.com"
    - "registry.npmjs.org"
    - "www.google.com"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color 1/1 passed ✅ PASS
Go env 1/1 passed ✅ PASS
Go uuid 1/1 passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx all passed ✅ PASS
Node.js execa all passed ✅ PASS
Node.js p-limit all passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #5809 · 31.3 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Smoke Test: API Proxy OpenTelemetry Tracing — Results

Scenario Status Details
1. Module Loading ✅ Pass otel.js loads successfully; exports startRequestSpan, setTokenAttributes, setBudgetAttributes, endSpan, endSpanError, shutdown, isEnabled + internal helpers
2. Test Suite ✅ Pass 45 OTEL tests passed, 0 failures across otel.test.js, otel-fanout.test.js, upstream-token.test.js
3. Env Var Forwarding ✅ Pass src/services/api-proxy-env-config.ts forwards GH_AW_OTLP_ENDPOINTS, OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_HEADERS, GITHUB_AW_OTEL_TRACE_ID, GITHUB_AW_OTEL_PARENT_SPAN_ID, OTEL_SERVICE_NAME
4. Token Tracker Integration ✅ Pass onUsage callback confirmed at token-tracker-http.js:324; upstream-token.test.js validates OTEL wiring
5. OTEL Diagnostics ✅ Pass Graceful degradation confirmed — falls back to FileSpanExporter (/var/log/api-proxy/otel.jsonl) when no OTLP endpoint configured; isEnabled() returns true in all cases

All 5 scenarios pass. OTEL tracing integration is fully functional.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@lpcox lpcox merged commit 79aa828 into main Jul 2, 2026
80 of 81 checks passed
@lpcox lpcox deleted the fix/config-audit-container-mounts-spec-6faf42f774223327 branch July 2, 2026 23:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants