fix: sync src/awf-config-schema.json with docs/awf-config.schema.json#6266
fix: sync src/awf-config-schema.json with docs/awf-config.schema.json#6266github-actions[bot] wants to merge 2 commits into
Conversation
PR #6214 updated docs/awf-config.schema.json to mark apiProxy.enabled as deprecated and update environment descriptions, but did not apply the same changes to src/awf-config-schema.json, causing schema drift. This commit copies the docs schema to src to restore identical copies. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
@copilot fix conflict with main and finish implementation plan |
There was a problem hiding this comment.
Pull request overview
Synchronizes the runtime AWF configuration schema with its documentation counterpart.
Changes:
- Marks
apiProxy.enableddeprecated. - Updates credential-isolation descriptions to reflect the always-enabled API proxy.
Show a summary per file
| File | Description |
|---|---|
src/awf-config-schema.json |
Aligns API proxy and environment schema metadata with the documentation schema. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 0
- Review effort level: Medium
…chema-a12bd52b5c20842f # Conflicts: # src/awf-config-schema.json
Merged main into this branch and resolved the conflict in |
|
✅ Copilot review passed with no inline comments. @github-actions[bot] Add the |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
✅ Smoke Claude passed |
|
❌ Smoke Copilot BYOK AOAI (api-key) reports failed. AOAI BYOK (api-key) mode investigation needed... |
|
🔌 Smoke Services — All services reachable! ✅ |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
❌ Smoke Copilot BYOK AOAI (Entra) reports failed. AOAI BYOK (Entra) mode investigation needed... |
|
✅ Smoke Gemini completed. All facets verified. 💎 Attempting to list merged PRs and verify connectivity |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
✅ Contribution Check completed successfully! |
|
✅ Build Test Suite completed successfully! |
|
🦎🟣 Smoke gVisor Claude completed. gVisor + Claude smoke test passed. ✅ |
|
🦎 Smoke gVisor completed. gVisor smoke test passed. ✅ |
|
🐳🔮 Smoke Docker Sbx Codex completed. Docker sbx + Codex smoke test passed. ✅ |
|
🦎🔮 Smoke gVisor Codex completed. gVisor + Codex smoke test passed. ✅ |
|
Thanks for keeping the two schema copies in sync. Per the Contributing Code and Testing sections of CONTRIBUTING.md, please add or update focused tests for the schema behavior changed here, including the deprecated apiProxy.enabled metadata and the environment descriptions, and run the relevant test suite before merging. The PR checklist currently leaves the TypeScript, config-file-mapping, and schema-validation checks unchecked, so please either complete those checks or explain why they are not applicable. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Copilot PAT Auth
Overall: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Claude Engine Validation
Overall Result: PASS ✅ Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🔬 Smoke Test Results
Overall: PASS
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Services Connectivity
Overall: FAIL — Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: API Proxy OpenTelemetry Tracing
All 5 scenarios pass. OTEL tracing integration is working correctly. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Copilot BYOK (Direct) Mode
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY) via api-proxy to api.githubcopilot.com Overall: PARTIAL - BYOK inference confirmed; pre-fetched test data not expanded by workflow. cc Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🦎 gVisor Smoke Test Results
Overall: PASS Warning Firewall blocked 2 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "example.com"
- "host.docker.internal"See Network Configuration for more information.
|
|
Smoke Test Results: MCP ❌, Connectivity ❌, Files ✅, Bash ✅. Overall: FAIL. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
🦎🟣 gVisor + Claude Smoke Test
Overall status: PASS Warning Firewall blocked 2 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "example.com"
- "host.docker.internal"See Network Configuration for more information.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
🦎🔮 gVisor + Codex runtime: confirmed\n✅ /proc/version + dmesg\n✅ GitHub MCP connectivity\n✅ github.com HTTP check\n✅ file read/write check\n✅ example.com blocked\nOverall: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "172.30.0.1"See Network Configuration for more information.
|
🔥 Smoke Test: Docker Sbx — PASS
Overall: PASS —
|
Chroot Version Comparison
Result: Not all tests passed — Python and Node.js versions differ between host and chroot. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
🐳🔮 Docker sbx + Codex
|
🐳🟣 Docker sbx + Claude
Overall: FAIL — example.com was not blocked despite absence from the Squid allowlist.
|
Summary
This PR fixes schema drift introduced by #6214.
Gap Found
src/awf-config-schema.json)docs/awf-config.schema.jsonto deprecateapiProxy.enabledand update environment descriptions, but did not apply identical changes tosrc/awf-config-schema.jsonFix Applied
docs/awf-config.schema.json→src/awf-config-schema.jsonto restore identical copiesChanges in
src/awf-config-schema.jsonapiProxy.enabled: Added"deprecated": trueand updated description to mark as deprecatedenvironmentdescription: Removed stale reference toapiProxy.enabledbeing required for credential exclusionenvironment.excludeEnvdescription: Updated to reflect that LLM API keys are always excluded by the sidecarVerification Checklist
diff src/awf-config-schema.json docs/awf-config.schema.json→ empty (identical)tsc --noEmitpassesWarning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.