| name | awf-release-integrator |
| description | Upgrade gh-aw to latest gh-aw-firewall release and identify follow-up spec tasks. |
AWF Release Integrator
Use this skill when updating github/gh-aw to a newer github/gh-aw-firewall release.
Goal
Land the version bump cleanly, rebuild the generated artifacts, and review upstream release/spec changes for any follow-up work that should accompany the bump.
Required sources
Consult these sources before editing anything:
- The latest
github/gh-aw-firewall release metadata and body.
- The current gh-aw version pins in
pkg/constants/version_constants.go.
- The canonical AWF config sources spec in
specs/awf-config-sources-spec.md.
- The embedded AWF schema in
pkg/workflow/schemas/awf-config.schema.json.
- AWF config integration code in:
pkg/workflow/awf_config.go
pkg/workflow/awf_helpers.go
- related AWF tests under
pkg/workflow/
For upstream spec review, compare these files from the target github/gh-aw-firewall release or tag:
docs/awf-config-spec.md
docs/awf-config.schema.json
src/awf-config-schema.json
- any release assets such as
awf-config.schema.json
Update procedure
- Read
pkg/constants/version_constants.go and record:
DefaultFirewallVersion
- every
AWF*MinVersion constant
- Look up the latest
github/gh-aw-firewall release.
- If the latest release tag matches
DefaultFirewallVersion, report that no version bump is needed and only continue with spec/release-note review if explicitly requested.
- If a newer release exists, update the gh-aw pins:
- bump
DefaultFirewallVersion
- update any
AWF*MinVersion constants that must move because the new release introduces or changes gated flags/features
- Review release notes for:
- new flags
- removed or deprecated flags
- schema/config additions
- security fixes
- behavioral changes that could require new tests, docs, or ADR/spec updates
- Review the upstream AWF specification and schema changes against:
pkg/workflow/schemas/awf-config.schema.json
specs/awf-config-sources-spec.md
- local AWF config generation and validation code
- Update any directly related gh-aw files needed for a complete integration, such as:
- embedded schema copies
- version-gated helpers/tests
- specs or ADRs documenting newly surfaced AWF behavior
- Add or update a patch changeset when the bump changes shipped behavior.
Required validation
After editing, run the full AWF rebuild flow exactly in this order. The second
make recompile is required to refresh image SHA pins resolved during the first pass.
make build
make recompile
make recompile
Then run focused validation for any touched Go code or schema logic, especially AWF-related tests.
Expected output
Summarize:
- current gh-aw AWF version → target release
- updated constants
- release-note highlights
- specification/schema differences reviewed
- additional recommended follow-up updates that are not yet implemented
Review heuristics
When deciding whether more than a version bump is needed, specifically check for:
- new AWF schema properties not represented in gh-aw
- new CLI flags that need
AWF*MinVersion gates
- config fields present in schema but absent from gh-aw generation/validation
- drift that should update
specs/awf-config-sources-spec.md
- tests whose expected pinned AWF version or schema URLs need refresh