Rolling upstream release action items — awf
This is the single canonical tracking issue for action items from new awf releases. The update-awf-version workflow appends a comment here for each version bump going forward — the most recent activity lives in the comments below. This body consolidates everything filed so far.
Latest pinned version covered: 0.27.21
Consolidated history (earliest → latest)
0.25.48 → 0.25.60 (was #851)
- OTel distributed tracing in api-proxy (v0.25.51): api-proxy now emits OTel traces; ado-aw could expose config to help consumers use this.
- ARC/DinD split-filesystem auto-detection (v0.25.52): AWF auto-detects DinD split filesystem via sentinel probe; ado-aw docs may need updating.
- Middle-power model fallback (v0.25.53): api-proxy supports model fallback when primary is unavailable; ado-aw could expose this.
- Anthropic WIF support (v0.25.58): api-proxy supports Anthropic WIF schema fields + OIDC validation.
- Pre-startup model validation via
requestedModel config (v0.25.58): api-proxy validates requested model before startup; ado-aw may wish to populate this field.
0.25.48 → 0.25.63 (was #859)
- Security: proxy auth normalization hardened (v0.25.49): Prevents malformed
Authorization headers from reaching the upstream API.
- Responses API cache reads in token usage rollups (v0.25.63): Fixes under-reporting of cached token reads; improves
ado-aw audit accuracy.
0.25.65 → 0.25.66 (was #902)
- Azure/AWS/GCP OIDC support in Copilot adapter (v0.25.66): api-proxy supports cloud OIDC credential injection; ado-aw could expose via
engine:/network: front-matter.
- Budget fields in
token-usage.jsonl (v0.25.66): maxTurns and budget fields now persisted; ado-aw audit module could surface these in AuditData.
0.25.65 → 0.25.68 (was #930)
GITHUB_COPILOT_INTEGRATION_ID forwarding fix (v0.25.67): AWF now correctly forwards it as COPILOT_INTEGRATION_ID to the api-proxy.
- PAT-safe integration ID + model name normalization (v0.25.68): Regression fix from v0.25.67; normalizes legacy CAPI model names.
0.25.65 → 0.27.0 (was #950)
- cli-proxy fail fast on DIFC unreachability (v0.25.66): CLI proxy now errors immediately rather than hanging; verify DIFC proxy config before upgrade.
0.25.65 → 0.27.1 (was #970)
- AI credits as OTEL span attributes (v0.27.1): AWF emits AI credit consumption as OTel spans;
agent_stats.rs + audit could surface these.
- Redacted resolved config as audit artifact (v0.27.1):
ado-aw audit could expose for configuration diagnostics.
- Opt-in diagnostics artifact for blocked LLM request bodies (v0.27.1): ado-aw could surface via
ado-aw-debug: flag.
0.25.65 → 0.27.2 (was #983)
- Security: WIF/OIDC Anthropic auth regression (v0.27.2):
ANTHROPIC_API_KEY leaked to agent container when Squid blocked OIDC exchange; fixed in 0.27.2.
0.25.65 → 0.27.3 (was #990)
- OTLP fan-out to multiple endpoints (v0.27.3): api-proxy can fan out telemetry to multiple OTLP endpoints simultaneously.
0.27.3 → 0.27.5 (was #1093)
- Security: HTTPS-only for bare API proxy targets (v0.27.5): Prevents over-broad HTTP allowlisting; verify no existing config relies on HTTP.
allowedModels/disallowedModels in api-proxy (v0.27.5): Model allow/deny-list policy; ado-aw could expose as engine.allowed-models front-matter.
COPILOT_INTEGRATION_ID forwarding from host env (v0.27.5): api-proxy forwards from host into sandbox; ensure ado-aw passes it through AWF invocation.
- GHES detection fix for Copilot auth prefix (v0.27.4): Fixes auth failures for non-standard GHES hostnames.
0.27.3 → 0.27.7 (was #1118)
max-cache-misses guardrail (v0.27.6): Limits token spend when cache misses exceed threshold; useful for cost-sensitive pipelines.
0.27.3 → 0.27.9 (was #1184)
- Copilot Business endpoint auth prefix corrected (v0.27.9): Fixed wrong
bearer prefix (should be token); Business-account pipelines may have been silently failing.
0.27.9 → 0.27.11 (was #1219)
- Portable self-hosted runner doctor agent (v0.27.11): New AWF diagnostic tool; ado-aw could reference in troubleshooting docs.
- Topology-attach ordering deadlock fix (v0.27.11): Starved cli-proxy health gate; MCPG-based pipelines (
--topology-attach mcp-gateway) were directly affected.
- ARC/DinD chroot path fix (v0.27.10):
/host/tmp/awf-runner-bin instead of /host/usr collision; update ARC/DinD docs if referencing /host/usr.
0.27.9 → 0.27.12 (was #1241)
- Security: June 2026 dependency refresh (v0.27.12): Routine security dep upgrades; upgrading recommended.
- OIDC config propagation fix (v0.27.12):
apiProxy.auth OIDC fields were not propagated to all proxy layers; previously configured OIDC may have been silently ignored.
0.27.9 → 0.27.13 (was #1252)
- Security: ReDoS fix in postprocess script (v0.27.11): ReDoS vulnerability patched; no consumer action beyond upgrading.
maxRuns counts only inference calls (v0.27.13): Semantics changed — no longer counts tool calls; re-evaluate any max-runs tuning based on total tool-call counts.
- HTTP 429 (not 403) when max turns exceeded (v0.27.13): Update any ado-aw code/docs that treat 403 as the max-turns-exceeded indicator.
0.27.9 → 0.27.15 (was #1260)
- Note: v0.27.14 was retracted; its changes are included in v0.27.15.
- Security: transitive
linkify-it → v5.0.1 (v0.27.12): Part of June 2026 security refresh.
0.27.9 → 0.27.21 (was #1304) — canonical
container.mounts in AWF config schema (v0.27.21): ado-aw could expose as front-matter field for custom sandbox mounts.
- Model-to-API endpoint mapping (v0.27.16): AWF maintains a model→endpoint map updated daily; relevant for ado-aw model validation allowlist.
Consolidated by the Deps Release-Notes Consolidator workflow. Superseded per-release issues were closed and point here.
Generated by Deps Release-Notes Consolidator · 319.3 AIC · ⌖ 17.7 AIC · ⊞ 6.6K · ◷
Rolling upstream release action items —
awfThis is the single canonical tracking issue for action items from new
awfreleases. Theupdate-awf-versionworkflow appends a comment here for each version bump going forward — the most recent activity lives in the comments below. This body consolidates everything filed so far.Latest pinned version covered:
0.27.21Consolidated history (earliest → latest)
0.25.48→0.25.60(was #851)requestedModelconfig (v0.25.58): api-proxy validates requested model before startup; ado-aw may wish to populate this field.0.25.48→0.25.63(was #859)Authorizationheaders from reaching the upstream API.ado-aw auditaccuracy.0.25.65→0.25.66(was #902)engine:/network:front-matter.token-usage.jsonl(v0.25.66):maxTurnsand budget fields now persisted; ado-aw audit module could surface these inAuditData.0.25.65→0.25.68(was #930)GITHUB_COPILOT_INTEGRATION_IDforwarding fix (v0.25.67): AWF now correctly forwards it asCOPILOT_INTEGRATION_IDto the api-proxy.0.25.65→0.27.0(was #950)0.25.65→0.27.1(was #970)agent_stats.rs+auditcould surface these.ado-aw auditcould expose for configuration diagnostics.ado-aw-debug:flag.0.25.65→0.27.2(was #983)ANTHROPIC_API_KEYleaked to agent container when Squid blocked OIDC exchange; fixed in0.27.2.0.25.65→0.27.3(was #990)0.27.3→0.27.5(was #1093)allowedModels/disallowedModelsin api-proxy (v0.27.5): Model allow/deny-list policy; ado-aw could expose asengine.allowed-modelsfront-matter.COPILOT_INTEGRATION_IDforwarding from host env (v0.27.5): api-proxy forwards from host into sandbox; ensure ado-aw passes it through AWF invocation.0.27.3→0.27.7(was #1118)max-cache-missesguardrail (v0.27.6): Limits token spend when cache misses exceed threshold; useful for cost-sensitive pipelines.0.27.3→0.27.9(was #1184)bearerprefix (should betoken); Business-account pipelines may have been silently failing.0.27.9→0.27.11(was #1219)--topology-attach mcp-gateway) were directly affected./host/tmp/awf-runner-bininstead of/host/usrcollision; update ARC/DinD docs if referencing/host/usr.0.27.9→0.27.12(was #1241)apiProxy.authOIDC fields were not propagated to all proxy layers; previously configured OIDC may have been silently ignored.0.27.9→0.27.13(was #1252)maxRunscounts only inference calls (v0.27.13): Semantics changed — no longer counts tool calls; re-evaluate anymax-runstuning based on total tool-call counts.0.27.9→0.27.15(was #1260)linkify-it→ v5.0.1 (v0.27.12): Part of June 2026 security refresh.0.27.9→0.27.21(was #1304) — canonicalcontainer.mountsin AWF config schema (v0.27.21): ado-aw could expose as front-matter field for custom sandbox mounts.Consolidated by the Deps Release-Notes Consolidator workflow. Superseded per-release issues were closed and point here.