github
diff --git a/‎.github/workflows/config-consistency-auditor.lock.yml‎
Lines changed: 1318 additions & 0 deletions b/‎.github/workflows/config-consistency-auditor.lock.yml‎
Lines changed: 1318 additions & 0 deletions
diff --git a/‎.github/workflows/config-consistency-auditor.md‎
Lines changed: 193 additions & 0 deletions b/‎.github/workflows/config-consistency-auditor.md‎
Lines changed: 193 additions & 0 deletions
diff --git a/‎containers/agent/entrypoint.sh‎
Lines changed: 20 additions & 3 deletions b/‎containers/agent/entrypoint.sh‎
Lines changed: 20 additions & 3 deletions
diff --git a/‎containers/api-proxy/guards/effective-token-guard.js‎
Lines changed: 15 additions & 11 deletions b/‎containers/api-proxy/guards/effective-token-guard.js‎
Lines changed: 15 additions & 11 deletions
diff --git a/‎containers/api-proxy/guards/effective-token-guard.test.js‎
Lines changed: 20 additions & 4 deletions b/‎containers/api-proxy/guards/effective-token-guard.test.js‎
Lines changed: 20 additions & 4 deletions
diff --git a/‎src/config-file-mapping.test.ts‎
Lines changed: 13 additions & 0 deletions b/‎src/config-file-mapping.test.ts‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎src/config-file.ts‎
Lines changed: 1 addition & 0 deletions b/‎src/config-file.ts‎
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,193 @@
+---
+name: Config Consistency Auditor
+description: >
+  Daily audit of recently merged PRs to verify new configuration is consistently
+  represented across JSON schema, spec, TypeScript types, and env var wiring —
+  with security-sensitive values via env vars and non-sensitive via stdin config.
+on:
+  schedule: daily on weekdays
+  workflow_dispatch:
+permissions:
+  contents: read
+  pull-requests: read
+  issues: read
+engine: copilot
+strict: true
+timeout-minutes: 20
+network:
+  allowed:
+    - defaults
+    - node
+    - github
+tools:
+  github:
+    mode: gh-proxy
+    toolsets: [default, pull_requests]
+  cache-memory: true
+  bash: ["*"]
+  edit:
+safe-outputs:
+  threat-detection:
+    enabled: false
+  create-pull-request:
+    max: 1
+    labels: [automation, config-consistency]
+    title-prefix: "fix: "
+---
+
+# Config Consistency Auditor
+
+You are an AI agent that audits recently merged PRs for configuration consistency.
+Your goal is to catch gaps where new configuration was added to one layer but not
+propagated to all required layers.
+
+## Configuration Layers
+
+Every new AWF configuration field MUST be consistently represented across:
+
+1. **JSON Schema** (`src/awf-config-schema.json` and `docs/awf-config.schema.json`)
+   - Must be identical copies
+2. **Spec** (`docs/awf-config-spec.md`)
+   - Section 5 CLI Mapping table must list the config path and its CLI flag or env var mapping
+3. **TypeScript Types** (`src/types/*.ts` and `src/config-file.ts`)
+   - The config-file interface must include the field
+   - The options type must include the mapped CLI option
+4. **Env Var Wiring** (`src/services/api-proxy-service.ts` or other service files)
+   - The field must be mapped to its corresponding `AWF_*` env var for the api-proxy
+   - OR mapped to a CLI flag that the runtime handles
+
+## Security Classification
+
+Configuration fields MUST follow these rules:
+
+- **Security-sensitive values** (API keys, tokens, credentials, OIDC client IDs/secrets):
+  - Passed via environment variables (`-e` flag or `--env-file`)
+  - MUST NOT appear in stdin config JSON (which may be logged)
+- **Non-sensitive values** (domains, multipliers, model names, timeouts, strategies):
+  - Passed via stdin config (`--config -`)
+  - Mapped in `src/config-file.ts`
+
+## Procedure
+
+### 1. Load last-processed state
+
+Read `/tmp/gh-aw/cache-memory/config-audit-state.json`. It stores:
+```json
+{ "last_audit_date": "YYYY-MM-DD", "last_pr_number": 1234 }
+```
+
+- If the file exists, audit PRs merged since `last_audit_date`.
+- If the file does NOT exist (first run), audit PRs merged in the **last 7 days**.
+
+### 2. Fetch recently merged PRs
+
+```bash
+gh pr list --repo github/gh-aw-firewall --state merged --limit 20 \
+  --json number,title,mergedAt,files --jq '.[] | select(.mergedAt > "CUTOFF_DATE")'
+```
+
+Filter to PRs that modify any of these paths (likely to introduce config):
+- `src/config-file.ts`
+- `src/types/*.ts`
+- `src/awf-config-schema.json`
+- `docs/awf-config-spec.md`
+- `docs/awf-config.schema.json`
+- `src/services/api-proxy-service.ts`
+- `src/cli-options.ts` or `src/cli.ts`
+- `containers/api-proxy/server.js`
+- `containers/api-proxy/guards/*.js`
+
+If no relevant PRs are found, save state and exit with `noop`.
+
+### 3. For each relevant PR, check consistency
+
+For each PR, examine what new configuration was introduced by reading the diff:
+
+```bash
+gh pr diff <NUMBER> --repo github/gh-aw-firewall
+```
+
+Look for patterns indicating new config:
+- New properties in schema JSON (`"propertyName": { "type":`)
+- New rows in spec CLI mapping table
+- New fields in TypeScript interfaces
+- New `AWF_*` env var assignments
+- New CLI `.option(` definitions
+
+### 4. Cross-reference all layers
+
+For each new configuration field found, verify it exists in ALL required layers:
+
+| Check | How to verify |
+|-------|---------------|
+| JSON Schema (src) | `grep "fieldName" src/awf-config-schema.json` |
+| JSON Schema (docs) | Schemas must be identical: `diff src/awf-config-schema.json docs/awf-config.schema.json` |
+| Spec CLI mapping | `grep "fieldName" docs/awf-config-spec.md` |
+| TypeScript type | `grep "fieldName" src/types/*.ts src/config-file.ts` |
+| Env var wiring | `grep "AWF_FIELD_NAME" src/services/api-proxy-service.ts` (for api-proxy config) |
+
+### 5. Check security classification
+
+For each new field, determine if it's security-sensitive:
+- Contains "key", "secret", "token", "credential", "password" → security-sensitive
+- Is an OIDC client ID or tenant ID → security-sensitive
+- Is a domain, multiplier, timeout, strategy, model name → non-sensitive
+
+Verify:
+- Security-sensitive fields are passed via env vars (not in config-file.ts stdin mapping)
+- Non-sensitive fields are in config-file.ts (stdin config mapping)
+
+### 6. Fix gaps and create a PR
+
+If gaps are found, fix them directly:
+
+- **Missing TypeScript type field**: Add the field to the appropriate interface in
+  `src/types/*.ts` and/or `src/config-file.ts`
+- **Missing spec CLI mapping row**: Add the row to Section 5 of `docs/awf-config-spec.md`
+- **Missing schema field**: Add the property to `src/awf-config-schema.json` AND
+  `docs/awf-config.schema.json` (they must stay identical)
+- **Missing env var wiring**: Add the mapping in `src/services/api-proxy-service.ts`
+- **Schema drift**: Copy `src/awf-config-schema.json` to `docs/awf-config.schema.json`
+
+After making fixes, use the `create-pull-request` safe output with:
+- Title: `"fix: propagate config fields to all layers"`
+- Body: A summary table of what was fixed, organized by PR that introduced the gap
+
+Example PR body:
+```markdown
+## Config Consistency Fixes
+
+Automated fixes for configuration fields not fully propagated:
+
+### From PR #1234 — "feat: add fooBar config"
+
+| Field | Fix Applied |
+|-------|-------------|
+| `apiProxy.fooBar` | Added to TypeScript interface in `src/types/api-proxy-options.ts` |
+
+### Verification
+
+- [ ] TypeScript compiles (`tsc --noEmit`)
+- [ ] Config-file-mapping tests pass
+- [ ] Schema validation tests pass
+```
+
+If no gaps are found, use `noop` safe output.
+
+### 7. Save state
+
+Write the current date and highest PR number to
+`/tmp/gh-aw/cache-memory/config-audit-state.json`:
+```json
+{ "last_audit_date": "YYYY-MM-DD", "last_pr_number": 4063 }
+```
+
+## Important Notes
+
+- Internal refactors (renaming files, moving code between modules) that don't add
+  new user-facing config should be ignored.
+- Test-only changes (new test files, test helpers) should be ignored.
+- The `docs/awf-config.schema.json` and `src/awf-config-schema.json` MUST always be
+  identical. If they differ, report that as a critical gap.
+- Fields that are intentionally runtime-only (no config equivalent) should be noted
+  but not flagged as gaps if documented in the spec as "CLI-only".
@@ -715,10 +715,27 @@ if [ "${AWF_CHROOT_ENABLED}" = "true" ]; then
     # User not found in chroot's /etc/passwd (common on ARC-DinD Alpine daemons).
     # Synthesize minimal identity files so the agent can resolve its own UID/GID.
     HOST_USER="runner"
+    if [ -f /host/etc/passwd ] && grep -q "^${HOST_USER}:" /host/etc/passwd 2>/dev/null; then
+      HOST_USER="runner-${HOST_USER_UID}"
+      local_user_suffix=1
+      while grep -q "^${HOST_USER}:" /host/etc/passwd 2>/dev/null; do
+        HOST_USER="runner-${HOST_USER_UID}-${local_user_suffix}"
+        local_user_suffix=$((local_user_suffix + 1))
+      done
+    fi
     echo "[entrypoint] User with UID ${HOST_USER_UID} not found in chroot — synthesizing identity files"
 
     # Determine the user's home directory (default to /home/runner)
     SYNTH_HOME="${AWF_HOST_HOME:-/home/${HOST_USER}}"
+    SYNTH_GROUP_NAME="${HOST_USER}"
+    if [ -f /host/etc/group ] && grep -q "^${SYNTH_GROUP_NAME}:" /host/etc/group 2>/dev/null; then
+      SYNTH_GROUP_NAME="runner-${HOST_USER_GID}"
+      local_group_suffix=1
+      while grep -q "^${SYNTH_GROUP_NAME}:" /host/etc/group 2>/dev/null; do
+        SYNTH_GROUP_NAME="runner-${HOST_USER_GID}-${local_group_suffix}"
+        local_group_suffix=$((local_group_suffix + 1))
+      done
+    fi
 
     # Synthesize /etc/passwd entry if missing
     if ! grep -q "^[^:]*:[^:]*:${HOST_USER_UID}:" /host/etc/passwd 2>/dev/null; then
@@ -743,17 +760,17 @@ if [ "${AWF_CHROOT_ENABLED}" = "true" ]; then
 
     # Synthesize /etc/group entry if missing
     if ! grep -q "^[^:]*:[^:]*:${HOST_USER_GID}:" /host/etc/group 2>/dev/null; then
-      GROUP_ENTRY="${HOST_USER}:x:${HOST_USER_GID}:"
+      GROUP_ENTRY="${SYNTH_GROUP_NAME}:x:${HOST_USER_GID}:"
       if [ -f /host/etc/group ]; then
         if echo "${GROUP_ENTRY}" >> /host/etc/group 2>/dev/null; then
-          echo "[entrypoint] Appended group ${HOST_USER} (GID ${HOST_USER_GID}) to /host/etc/group"
+          echo "[entrypoint] Appended group ${SYNTH_GROUP_NAME} (GID ${HOST_USER_GID}) to /host/etc/group"
         else
           echo "[entrypoint][WARN] Could not write to /host/etc/group"
         fi
       else
         if printf '%s\n' "root:x:0:" "nobody:x:65534:" "${GROUP_ENTRY}" > /host/etc/group 2>/dev/null; then
           chmod 644 /host/etc/group 2>/dev/null
-          echo "[entrypoint] Created /host/etc/group with group ${HOST_USER} (GID ${HOST_USER_GID})"
+          echo "[entrypoint] Created /host/etc/group with group ${SYNTH_GROUP_NAME} (GID ${HOST_USER_GID})"
         else
           echo "[entrypoint][WARN] Could not create /host/etc/group"
         fi
 
@@ -25,6 +25,7 @@ function createEffectiveTokenState(configKey = null) {
     totalEffectiveTokens: 0,
     emittedThresholds: new Set(),
     uninjectedThresholds: new Set(),
+    warnedUnknownModels: new Set(),
   };
 }
 
@@ -77,11 +78,10 @@ function getEffectiveTokenConfig() {
   effectiveTokenConfigCache.rawDefaultMultiplier = rawDefaultMultiplier;
   const parsedMultipliers = Object.freeze(parseModelMultipliers(rawMultipliers));
   const configuredDefaultMultiplier = parsePositiveNumber(rawDefaultMultiplier);
-  const maxConfiguredMultiplier = Math.max(1, ...Object.values(parsedMultipliers));
   effectiveTokenConfigCache.parsed = {
     max: parsePositiveInteger(rawMax),
     multipliers: parsedMultipliers,
-    defaultMultiplier: configuredDefaultMultiplier ?? maxConfiguredMultiplier,
+    defaultMultiplier: configuredDefaultMultiplier ?? 1,
   };
   return effectiveTokenConfigCache.parsed;
 }
@@ -95,7 +95,7 @@ function getEffectiveTokenState(config) {
   return etGuardState;
 }
 
-function resolveModelMultiplier(model, config) {
+function resolveModelMultiplier(model, config, state = null) {
   if (Object.hasOwn(config.multipliers, model)) {
     return { multiplier: config.multipliers[model], source: 'exact' };
   }
@@ -111,17 +111,21 @@ function resolveModelMultiplier(model, config) {
 
   if (prefixMatch) return prefixMatch;
 
-  logRequest('warn', 'unknown_model_multiplier', {
-    model: sanitizeForLog(model),
-    applied_multiplier: config.defaultMultiplier,
-    default_model_multiplier: config.defaultMultiplier,
-  });
+  const shouldLog = !state || !state.warnedUnknownModels.has(model);
+  if (shouldLog) {
+    logRequest('warn', 'unknown_model_multiplier', {
+      model: sanitizeForLog(model),
+      applied_multiplier: config.defaultMultiplier,
+      default_model_multiplier: config.defaultMultiplier,
+    });
+    state?.warnedUnknownModels.add(model);
+  }
 
   return { multiplier: config.defaultMultiplier, source: 'default' };
 }
 
-function calculateEffectiveTokens(normalizedUsage, model, config) {
-  const multiplierResolution = resolveModelMultiplier(model, config);
+function calculateEffectiveTokens(normalizedUsage, model, config, state = null) {
+  const multiplierResolution = resolveModelMultiplier(model, config, state);
   const multiplier = multiplierResolution.multiplier;
   const baseWeightedTokens =
     (ET_DEFAULT_WEIGHTS.input * (normalizedUsage.input_tokens || 0)) +
@@ -141,7 +145,7 @@ function applyEffectiveTokenUsage(normalizedUsage, model) {
   if (!state || !normalizedUsage) return null;
 
   const previousTotal = state.totalEffectiveTokens;
-  const calc = calculateEffectiveTokens(normalizedUsage, model || 'unknown', config);
+  const calc = calculateEffectiveTokens(normalizedUsage, model || 'unknown', config, state);
   state.totalEffectiveTokens += calc.effectiveTokens;
   const percentUsed = (state.totalEffectiveTokens / config.max) * 100;
 
 
@@ -76,7 +76,7 @@ describe('effective-token-guard reflect state', () => {
     });
   });
 
-  it('uses the highest configured multiplier for unknown models by default and warns', () => {
+  it('uses multiplier 1 for unknown models when explicit default is unset and warns', () => {
     const { lines } = collectLogOutput();
     process.env.AWF_MAX_EFFECTIVE_TOKENS = '1000';
     process.env.AWF_EFFECTIVE_TOKEN_MODEL_MULTIPLIERS = JSON.stringify({
@@ -86,13 +86,13 @@ describe('effective-token-guard reflect state', () => {
 
     const usage = applyEffectiveTokenUsage({ output_tokens: 1 }, 'unmapped-expensive-model');
 
-    expect(usage.modelMultiplier).toBe(54);
-    expect(usage.effectiveTokensThisResponse).toBe(216);
+    expect(usage.modelMultiplier).toBe(1);
+    expect(usage.effectiveTokensThisResponse).toBe(4);
     expect(lines).toContainEqual(expect.objectContaining({
       event: 'unknown_model_multiplier',
       level: 'warn',
       model: 'unmapped-expensive-model',
-      applied_multiplier: 54,
+      applied_multiplier: 1,
     }));
   });
 
@@ -145,4 +145,20 @@ describe('effective-token-guard reflect state', () => {
     expect(usage.modelMultiplier).toBe(27);
     expect(lines.find((line) => line.event === 'unknown_model_multiplier')).toBeUndefined();
   });
+  it('logs unknown model multiplier once per model per config state', () => {
+    const { lines } = collectLogOutput();
+    process.env.AWF_MAX_EFFECTIVE_TOKENS = '1000';
+    process.env.AWF_EFFECTIVE_TOKEN_DEFAULT_MODEL_MULTIPLIER = '27';
+
+    applyEffectiveTokenUsage({ output_tokens: 1 }, 'unknown-model');
+    applyEffectiveTokenUsage({ output_tokens: 2 }, 'unknown-model');
+    applyEffectiveTokenUsage({ output_tokens: 1 }, 'other-unknown-model');
+
+    const unknownLogs = lines.filter((line) => line.event === 'unknown_model_multiplier');
+    expect(unknownLogs).toHaveLength(2);
+    expect(unknownLogs).toEqual(expect.arrayContaining([
+      expect.objectContaining({ model: 'unknown-model' }),
+      expect.objectContaining({ model: 'other-unknown-model' }),
+    ]));
+  });
 });
@@ -168,6 +168,19 @@ describe('mapAwfFileConfigToCliOptions', () => {
     expect(result.modelFallback).toEqual({ enabled: false, strategy: 'middle_power' });
   });
 
+  it('maps modelFallback.excludeEngines field', () => {
+    const result = mapAwfFileConfigToCliOptions({
+      apiProxy: {
+        modelFallback: { enabled: true, strategy: 'middle_power', excludeEngines: ['openai', 'copilot'] },
+      },
+    });
+    expect(result.modelFallback).toEqual({
+      enabled: true,
+      strategy: 'middle_power',
+      excludeEngines: ['openai', 'copilot'],
+    });
+  });
+
   it('leaves maxRuns undefined when not set', () => {
     const result = mapAwfFileConfigToCliOptions({});
     expect(result.maxRuns).toBeUndefined();
 
@@ -25,6 +25,7 @@ interface AwfFileConfig {
     modelFallback?: {
       enabled?: boolean;
       strategy?: 'middle_power';
+      excludeEngines?: string[];
     };
     targets?: {
       openai?: { host?: string; basePath?: string; authHeader?: string };