You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .github/aw/skills.md
+19Lines changed: 19 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,6 +18,25 @@ List available skills before choosing a strategy.
18
18
19
19
---
20
20
21
+
## Frontmatter `skills:` (SHA-Pinned Installs)
22
+
23
+
Declare external skills to install at activation time with the top-level `skills:` array. At activation, `gh aw` installs each via `gh skill install` and wires it into the engine — no manual vendoring.
- Static references must be pinned to a full 40-character lowercase commit SHA; `${{ ... }}` expressions are allowed in the ref position and resolved at runtime.
34
+
- Object entries set per-skill auth via `github-token` or `github-app`.
35
+
36
+
This is distinct from the prompt-side strategies below (hint / fusion / inline), which shape skill *content* into the prompt rather than installing skill packages.
37
+
38
+
---
39
+
21
40
## Strategy 0 — Agent Finder (Discovery First)
22
41
23
42
**Use when**: the relevant skill is not obvious, the repository may not contain the right skill yet, or you want to discover installable skills before loading local ones.
- Bot must be active (installed) on repository to trigger workflow
20
+
-**`on.roles:`** - Repository access roles that can trigger workflow (array or `"all"`). Default `[admin, maintainer, write]`; available roles: `admin`, `maintainer`, `write`, `read`, `all`.
21
+
-**`bots:`** - Bot identifiers allowed to trigger workflow regardless of role permissions (array; e.g. `[dependabot[bot], renovate[bot], github-actions[bot]]`). The bot must be active (installed) on the repository to trigger.
26
22
-**`strict:`** - Enable enhanced validation for production workflows (boolean, defaults to `true`; strongly recommended)
27
23
- Prefer `strict: true`; `strict: false` is dangerous, should be extremely rare, and must be carefully security reviewed before use
28
24
-**`max-turns:`** - AWF turn cap applied consistently across all agentic engines (integer or expression, e.g. `${{ inputs.max-turns }}`). The engine-level `engine.max-turns` is a deprecated alias kept for backward compatibility — prefer this top-level field. Not supported by the `gemini` engine.
29
25
-**`max-runs:`** - Deprecated legacy alias for the AWF invocation cap (`apiProxy.maxRuns`, defaults to `500` when omitted). Use `max-turns` instead; run `gh aw fix` to migrate.
30
26
-**`max-ai-credits:`** - Per-run AI Credits (AIC) budget enforced by the AWF firewall (integer or `K`/`M` short-form string like `100M`; default `1000`). Set a negative value to disable enforcement and token steering. See [token-optimization.md](token-optimization.md).
31
27
-**`max-turn-cache-misses:`** - Maximum consecutive AWF cache misses allowed before the API proxy blocks further requests (integer, default `5`). Maps to `apiProxy.maxCacheMisses`; precedence is frontmatter → `GH_AW_DEFAULT_MAX_TURN_CACHE_MISSES` env override → built-in default.
28
+
-**`models:`** - Model policy and optional pricing (object). Experimental policy fields `allowed` / `blocked` (lists of model names or patterns) restrict which models the workflow may use; they map to AWF `apiProxy.allowedModels` / `disallowedModels` and merge as unions across imports. Environment-variable overrides are supported. The separate `providers` field supplies custom pricing (see [token-optimization.md](token-optimization.md)).
29
+
30
+
```yaml
31
+
models:
32
+
allowed: ["gpt-5", "claude-*"]
33
+
blocked: ["*-preview"]
34
+
```
32
35
- **`max-daily-ai-credits:`** - Per-user 24-hour AI Credits (AIC) guardrail: activation blocks execution once the triggering user's aggregated AI Credits for this workflow over the last 24h exceed the threshold (integer or `K`/`M` short-form string, or `-1`). Enabled by default with a system default threshold; set `-1` to disable or an explicit value to override. See [token-optimization.md](token-optimization.md).
33
36
- **`user-rate-limit:`** - Rate limiting configuration to prevent users from triggering the workflow too frequently (object)
34
37
- **`max-runs-per-window:`** - Maximum runs allowed per user per time window (required, integer 1-10)
@@ -45,10 +48,7 @@ description: Agentic workflow specific frontmatter fields for GitHub Agentic Wor
45
48
ignored-roles: [admin, maintain]
46
49
```
47
50
48
-
- **`check-for-updates:`** - Control whether the activation job checks if the compiled `gh-aw` version is still supported (boolean, default: `true`)
49
-
- When `true` (default): blocked versions fail fast; below-recommended versions emit a warning
50
-
- When `false`: skips the version check; the compiler emits a warning at compile time
51
-
- Use `check-for-updates: false` only when deploying in isolated environments where version update checks are not feasible
51
+
- **`check-for-updates:`** - Whether the activation job checks that the compiled `gh-aw` version is still supported (boolean, default `true`). When `true`, blocked versions fail fast and below-recommended versions warn. Set `false` only for isolated environments (compiler then warns at compile time).
52
52
53
53
- **`features:`** - Feature flags for experimental or optional features (object)
54
54
- Each flag is a key-value pair; boolean flags (`true`/`false`) or string values are accepted
@@ -346,6 +346,7 @@ description: Agentic workflow specific frontmatter fields for GitHub Agentic Wor
346
346
agent: false
347
347
```
348
348
349
+
- **`sandbox.agent.sudo`** (boolean) controls whether AWF runs in root mode. Default is `false`: AWF runs rootless in network-isolation egress mode (`--network-isolation`), with MCP sidecars attached as bridge containers on the internal `awf-net` network. Set `sudo: true` for the legacy root mode; in strict mode explicit `sudo: true` is an error (warning otherwise).
349
350
- **Strict mode**: `sandbox.agent` blocks without an explicit `id: awf` are rejected in strict mode. Any non-nil, non-disabled agent config without `id`/`type` defaults to AWF at runtime.
350
351
351
352
- **`tools:`** - Tool configuration for the coding agent (`github`, `agentic-workflows`, `edit`, `web-fetch`, `web-search`, `bash`, `playwright`, custom MCP server names, plus `timeout`/`startup-timeout`/`cli-proxy`). See [syntax-tools-imports.md](syntax-tools-imports.md#tool-configuration) for the full schema (GitHub `mode`/`toolsets`/integrity fields, bash allowlist decision rule, Playwright CLI mode).
Copy file name to clipboardExpand all lines: .github/aw/syntax-core.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -105,6 +105,12 @@ The YAML frontmatter supports these fields:
105
105
- Exceptions: `id-token: write`is allowed to enable OIDC token minting; `copilot-requests: write` is recommended when targeting the Copilot coding agent so it can authenticate with `${{ github.token }}`
106
106
- **`runs-on:`** - Runner type for the main agent job (string, array, or object)
107
107
- **`runs-on-slim:`** - Runner type for all framework/generated jobs (activation, safe-outputs, unlock, etc.). Defaults to `ubuntu-slim`. `safe-outputs.runs-on` takes precedence for safe-output jobs specifically.
108
+
- **`runner:`** - Runner topology configuration (object). `topology: arc-dind` (only enum value) targets GitHub ARC runners with rootless Docker-in-Docker: gh-aw emits the topology in the AWF config, redirects the tool cache to a shared volume, and validates that no generated step requires root. AWF then activates split-filesystem handling, network isolation, sysroot staging, and DinD pre-staging automatically.
109
+
110
+
```yaml
111
+
runner:
112
+
topology: arc-dind
113
+
```
108
114
- **`timeout-minutes:`** - Agent execution step timeout in minutes (integer or GitHub Actions expression, defaults to 20 minutes; custom and safe-output jobs use the GitHub Actions platform default of 360 minutes unless explicitly set). Expressions are useful in compiled workflows that define `workflow_call` inputs, for example `timeout-minutes: ${{ inputs.timeout }}`. This setting applies to the workflow being compiled, not to plain GitHub Actions caller jobs that use job-level `uses:` (GitHub does not allow `timeout-minutes` on those caller jobs).
109
115
- **`concurrency:`** - Concurrency control (string or object)
110
116
- **`queue:`** - Pending run queue behavior for the concurrency group (`single` or `max`, defaults to `single`). `single` keeps one pending run and replaces older pending runs; `max` allows up to 100 pending runs in FIFO order (useful for conclusion jobs that must not be dropped).
0 commit comments