Release Notes Action Items for awf 0.27.3 → 0.27.7
This issue summarizes upstream release notes for the awf dependency between the previously pinned version (0.27.3) and the new pinned version (0.27.7), highlighting items that may need follow-up in ado-aw.
The companion version-bump PR is titled chore(deps): update AWF_VERSION to 0.27.7.
Releases analyzed
Security fixes
- Over-broad HTTP allowlisting fixed in api-proxy —
fix: add bare API proxy targets as https:// only to prevent over-broad allowlisting (v0.27.5). Bare API proxy target entries now default to HTTPS-only. ado-aw maintainers should verify that any API proxy target configuration in the compiled pipeline does not rely on the old permissive HTTP behavior.
Notable features for ado-aw to adopt
- allowedModels / disallowedModels policy enforcement in api-proxy —
feat: allowedModels / disallowedModels policy enforcement in api-proxy (v0.27.5). AWF now supports enforcing an allow-list or deny-list of model names at the api-proxy layer. ado-aw could surface allowedModels / disallowedModels config fields in the engine: or network: front-matter sections so pipeline authors can restrict which models agents are permitted to use.
- max-cache-misses guardrail for token budget enforcement —
Add max-cache-misses guardrail for API proxy token budget enforcement (v0.27.6). AWF now supports a max-cache-misses guardrail that limits token spend when cache misses exceed a threshold. ado-aw could expose this as a configurable field for cost-sensitive pipelines.
This issue was opened automatically by the dependency version updater workflow.
Generated by Dependency Version Updater · 488.3 AIC · ⌖ 19.9 AIC · ⊞ 39.3K · ◷
Release Notes Action Items for
awf0.27.3→0.27.7This issue summarizes upstream release notes for the
awfdependency between the previously pinned version (0.27.3) and the new pinned version (0.27.7), highlighting items that may need follow-up in ado-aw.The companion version-bump PR is titled
chore(deps): update AWF_VERSION to 0.27.7.Releases analyzed
Security fixes
fix: add bare API proxy targets as https:// only to prevent over-broad allowlisting(v0.27.5). Bare API proxy target entries now default to HTTPS-only. ado-aw maintainers should verify that any API proxy target configuration in the compiled pipeline does not rely on the old permissive HTTP behavior.Notable features for ado-aw to adopt
feat: allowedModels / disallowedModels policy enforcement in api-proxy(v0.27.5). AWF now supports enforcing an allow-list or deny-list of model names at the api-proxy layer. ado-aw could surfaceallowedModels/disallowedModelsconfig fields in theengine:ornetwork:front-matter sections so pipeline authors can restrict which models agents are permitted to use.Add max-cache-misses guardrail for API proxy token budget enforcement(v0.27.6). AWF now supports amax-cache-missesguardrail that limits token spend when cache misses exceed a threshold. ado-aw could expose this as a configurable field for cost-sensitive pipelines.This issue was opened automatically by the dependency version updater workflow.