// Regenerate and post-process all agentic workflows. Use when gh-aw is updated, workflow .md files change, or when asked to recompile/regenerate workflows.
Use the AWF (Agentic Workflow Firewall) to run commands with network isolation and domain whitelisting. Provides L7 HTTP/HTTPS egress control for AI agents.
Use the AWF (Agentic Workflow Firewall) to run commands with network isolation and domain whitelisting. Provides L7 HTTP/HTTPS egress control for AI agents.
Debug the AWF firewall by inspecting Docker containers (awf-squid, awf-agent), analyzing Squid access logs, checking iptables rules, and troubleshooting blocked domains or network issues.
Practical Python scripts for debugging awf - parse logs, diagnose issues, inspect containers, test domains
Debug GitHub Actions workflows by downloading logs, analyzing summaries, and understanding how agentic workflows and the AWF firewall work together.
| name | recompile-workflows |
| description | Regenerate and post-process all agentic workflows. Use when gh-aw is updated, workflow .md files change, or when asked to recompile/regenerate workflows. |
| allowed-tools | Bash(gh:*), Bash(npx:*), Read, Glob, Edit |
Use this skill when you need to regenerate all agentic workflow lock files and apply post-processing.
Any time .lock.yml files are regenerated — whether via gh aw compile, gh aw upgrade, or any other gh-aw command — you MUST run the post-processing script afterward. This is not optional.
Use whichever command is appropriate:
# Full upgrade (updates agents, actions, codemods, then compiles)
gh aw upgrade
# Just recompile (when only .md workflow files changed)
gh aw compile
If any workflow fails to compile (e.g., strict mode violations like contents: write), fix the .md source file and re-run.
This step MUST run every time lock files are regenerated, regardless of how they were generated.
The post-processing script replaces the "Install awf binary" step in smoke and build-test workflows with local build+install steps, so CI tests the repo's own code instead of a released binary.
npx ts-node scripts/ci/postprocess-smoke-workflows.ts
This updates these lock files:
smoke-copilot.lock.ymlsmoke-claude.lock.ymlsmoke-chroot.lock.ymlbuild-test.lock.ymlNewer gh-aw versions enforce strict mode which disallows write permissions like contents: write, issues: write, etc. Workflows should use safe-outputs for write operations and only request read permissions.
Warnings about "General" vs "general" discussion category casing are non-blocking.
After both steps, run git diff --stat to review all changed files. Expect changes in:
.github/agents/ - Updated agent files.github/aw/actions-lock.json - Updated action pins.github/workflows/*.lock.yml - Regenerated lock files.github/workflows/*.md - If codemods applied fixes