fix: propagate config fields to all layers#5279
Conversation
PR #5202 added the maxCacheMisses guardrail with full implementation: - JSON schemas (src + docs) - TypeScript type (RateLimitOptions) - config-file.ts mapping - CLI option --max-cache-misses - AWF_MAX_CACHE_MISSES env var wiring But docs/awf-config-spec.md was not updated with: 1. Section 5 CLI Mapping entry for apiProxy.maxCacheMisses → --max-cache-misses 2. Behavioral spec section (§11b) describing counting rules, enforcement, introspection format, and configuration Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the AWF configuration specification to ensure the apiProxy.maxCacheMisses setting is fully documented across the CLI mapping and the normative behavioral spec, aligning the docs with the existing schema/runtime wiring.
Changes:
- Added
apiProxy.maxCacheMisses→--max-cache-misses <number>to the normative CLI mapping section. - Added a new normative section (§11b) specifying cache-miss guard counting rules, enforcement, WebSocket behavior,
/reflectintrospection, and configuration.
Show a summary per file
| File | Description |
|---|---|
| docs/awf-config-spec.md | Documents apiProxy.maxCacheMisses in CLI mapping and adds the normative behavioral spec for the cache-miss guard. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 2
| ```json | ||
| { | ||
| "max_cache_misses": { | ||
| "enabled": true, | ||
| "max_cache_misses": 3, | ||
| "consecutive_cache_misses": 1, | ||
| "remaining_cache_misses": 2 | ||
| } | ||
| } | ||
| ``` |
|
@copilot merge main and address review feedback |
…cache-misses-spec-92d9d4d8ae18c58b
Done. I merged |
|
✅ Copilot review passed with no inline comments. @github-actions[bot] Add the |
|
❌ Smoke Claude failed |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
❌ Smoke Copilot BYOK AOAI (Entra) reports failed. AOAI BYOK (Entra) mode investigation needed... |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
🚀 Security Guard has started processing this pull request |
|
🔌 Smoke Services — All services reachable! ✅ |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
❌ Smoke Copilot BYOK AOAI (api-key) reports failed. AOAI BYOK (api-key) mode investigation needed... |
|
✅ Build Test Suite completed successfully! |
|
✅ Contribution Check completed successfully! |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
✅ Smoke Gemini completed. All facets verified. 💎 |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
🔬 Smoke Test ResultsPR: fix: propagate config fields to all layers
Overall: PASS (2/2 verifiable tests passed; file test skipped — pre-step outputs not resolved)
|
|
✅ chore: upgrade gh-aw to v0.80.6 and recompile workflows Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
Smoke Test Results: Copilot BYOK (Direct) Mode
Mode: Direct BYOK (COPILOT_PROVIDER_API_KEY) via api-proxy → api.githubcopilot.com Status: PASS
|
🔥 Smoke Test — Auth mode: PAT (COPILOT_GITHUB_TOKEN)
Overall: PASS (core connectivity verified) —
|
🔬 Smoke Test: API Proxy OpenTelemetry Tracing
All 5 scenarios passed. OTEL tracing integration is functioning correctly.
|
Chroot Runtime Version Comparison
Result: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot environments. The
|
|
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra Overall: PASS
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
Smoke Test: GitHub Actions Services Connectivity
Overall: FAIL
|
Gemini Engine Smoke Test Results
Overall status: PASS (Core capabilities verified) Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
lpcox
deleted the
fix/config-audit-max-cache-misses-spec-92d9d4d8ae18c58b
branch
PRs #5279 and #5283 both added `apiProxy.maxCacheMisses` to Section 5 of the spec within 20 seconds of each other, creating a duplicate entry in the CLI mapping table. Removes the redundant second entry (after maxPermissionDenied), keeping the correct placement between maxModelMultiplierCap and maxPermissionDenied that PR #5283 added. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…5387) PRs #5279 and #5283 both added `apiProxy.maxCacheMisses` to Section 5 of the spec within 20 seconds of each other, creating a duplicate entry in the CLI mapping table. Removes the redundant second entry (after maxPermissionDenied), keeping the correct placement between maxModelMultiplierCap and maxPermissionDenied that PR #5283 added. Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Config Consistency Fixes
Automated fixes for configuration fields not fully propagated across all required layers.
From PR #5202 — "Add max-cache-misses guardrail for API proxy token budget enforcement"
apiProxy.maxCacheMissesapiProxy.maxCacheMisses→--max-cache-misses <number>entry todocs/awf-config-spec.mdapiProxy.maxCacheMisses§11b. Cache-Miss Guardtodocs/awf-config-spec.mdcovering counting rules, enforcement behavior, WebSocket rejection, introspection format, and configurationLayers already complete (no action needed)
src/awf-config-schema.jsondocs/awf-config.schema.jsonsrc/types/rate-limit-options.tsmaxCacheMisses?: numberadded in #5202src/config-file.tsmapAwfFileConfigToCliOptionsmapping added in #5202src/cli-options.ts--max-cache-misses <number>option added in #5202src/services/api-proxy-service-config.tsAWF_MAX_CACHE_MISSESenv var wiring added in #5202srcvsdocs)Verification
tsc --noEmit— run as part of pre-commit hook, no errors)npm test -- config-file-mapping)npm test -- schema.test)