Release Notes Action Items for awf 0.25.65 → 0.27.3
This issue summarizes upstream release notes for the awf dependency between the previously pinned version (0.25.65) and the new pinned version (0.27.3), highlighting items that may need follow-up in ado-aw.
The companion version-bump PR is titled chore(deps): update AWF_VERSION to 0.27.3.
Releases analyzed
Security fixes
- [v0.27.2]
fix: WIF/OIDC Anthropic auth regression — Squid blocks api-proxy OIDC exchange + ANTHROPIC_API_KEY leaks to agent (#4748): A regression caused ANTHROPIC_API_KEY to be visible to the agent container when using WIF/OIDC Anthropic auth. This is now fixed. ado-aw maintainers should ensure this pinned version is deployed promptly to any configurations using Anthropic WIF/OIDC auth.
Notable features for ado-aw to adopt
- [v0.25.66]
fix(api-proxy): add Azure/AWS/GCP OIDC support to Copilot adapter (#4407): AWF's API proxy now supports Azure, AWS, and GCP managed-identity OIDC for Copilot API authentication. ado-aw could document or expose config options to help OneBranch consumers leverage workload-identity credentials without a PAT.
- [v0.25.66]
feat: persist budget fields in token-usage.jsonl and align maxTurns/docs reporting (#4500): AWF now persists budget fields (maxTurns, etc.) in token-usage.jsonl. ado-aw's audit OTel analyzer (src/audit/analyzers/otel.rs) may be able to surface these new fields.
- [v0.27.1]
feat: emit AI credits as OTEL span attributes (#4707): AI credit consumption is now emitted as OTEL span attributes. The ado-aw audit command's OTel analyzer could be updated to display credit consumption alongside token usage.
- [v0.27.1]
feat: persist redacted resolved config as audit artifact (#4719): AWF now writes a redacted copy of the resolved runtime config as an audit artifact. The ado-aw audit command could optionally download and display this artifact for diagnostics.
- [v0.27.1]
Add opt-in diagnostics artifact for blocked LLM request bodies (#4678): AWF can optionally capture the bodies of blocked LLM requests as a diagnostics artifact. ado-aw could expose a debug flag to enable this for easier prompt-injection investigation.
- [v0.27.3]
feat(api-proxy): implement OTLP fan-out to multiple endpoints (#4845): The API proxy can now fan out OTLP telemetry to multiple endpoints simultaneously. ado-aw's pipeline template could be updated to configure this if multiple OTLP sinks are desired.
This issue was opened automatically by the dependency version updater workflow.
Generated by Dependency Version Updater · sonnet46 2.8M · ◷
Release Notes Action Items for
awf0.25.65→0.27.3This issue summarizes upstream release notes for the
awfdependency between the previously pinned version (0.25.65) and the new pinned version (0.27.3), highlighting items that may need follow-up in ado-aw.The companion version-bump PR is titled
chore(deps): update AWF_VERSION to 0.27.3.Releases analyzed
Security fixes
fix: WIF/OIDC Anthropic auth regression — Squid blocks api-proxy OIDC exchange + ANTHROPIC_API_KEY leaks to agent(#4748): A regression causedANTHROPIC_API_KEYto be visible to the agent container when using WIF/OIDC Anthropic auth. This is now fixed. ado-aw maintainers should ensure this pinned version is deployed promptly to any configurations using Anthropic WIF/OIDC auth.Notable features for ado-aw to adopt
fix(api-proxy): add Azure/AWS/GCP OIDC support to Copilot adapter(#4407): AWF's API proxy now supports Azure, AWS, and GCP managed-identity OIDC for Copilot API authentication. ado-aw could document or expose config options to help OneBranch consumers leverage workload-identity credentials without a PAT.feat: persist budget fields in token-usage.jsonl and align maxTurns/docs reporting(#4500): AWF now persists budget fields (maxTurns, etc.) intoken-usage.jsonl. ado-aw'sauditOTel analyzer (src/audit/analyzers/otel.rs) may be able to surface these new fields.feat: emit AI credits as OTEL span attributes(#4707): AI credit consumption is now emitted as OTEL span attributes. The ado-awauditcommand's OTel analyzer could be updated to display credit consumption alongside token usage.feat: persist redacted resolved config as audit artifact(#4719): AWF now writes a redacted copy of the resolved runtime config as an audit artifact. The ado-awauditcommand could optionally download and display this artifact for diagnostics.Add opt-in diagnostics artifact for blocked LLM request bodies(#4678): AWF can optionally capture the bodies of blocked LLM requests as a diagnostics artifact. ado-aw could expose adebugflag to enable this for easier prompt-injection investigation.feat(api-proxy): implement OTLP fan-out to multiple endpoints(#4845): The API proxy can now fan out OTLP telemetry to multiple endpoints simultaneously. ado-aw's pipeline template could be updated to configure this if multiple OTLP sinks are desired.This issue was opened automatically by the dependency version updater workflow.