[docs] Update documentation for features from 2026-02-25#18254
Conversation
…cedence - Add `validate` command section to setup/cli.md (Building section, after compile). The command was added in #18191 but was missing from the main CLI reference page; only the compilation-process.md reference table had been updated. - Add NOTE callout to reference/threat-detection.md clarifying that an explicit `threat-detection: false` in a workflow takes precedence over imported fragments, documenting the behaviour fixed in #18231. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the documentation to reflect two features that were merged in the last 24 hours: the new gh aw validate command (from #18191) and the clarified import precedence behavior for threat-detection: false (from #18231).
Changes:
- Added complete
validatecommand section to the CLI reference documentation - Added a NOTE callout clarifying that explicit
threat-detection: falsetakes precedence over imported fragments
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| docs/src/content/docs/setup/cli.md | Added validate command section under Building, documenting usage, options, and equivalence to compile --validate --no-emit --zizmor --actionlint --poutine |
| docs/src/content/docs/reference/threat-detection.md | Added NOTE callout explaining that explicit threat-detection: false in a workflow takes precedence over imported fragments that configure safe outputs |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| **Options:** `--engine/-e`, `--dir/-d`, `--strict`, `--json/-j`, `--fail-fast`, `--stats`, `--no-check-update` | ||
|
|
||
| All linters (`zizmor`, `actionlint`, `poutine`), `--validate`, and `--no-emit` are always-on defaults and cannot be disabled. Accepts the same workflow ID format as `compile`. |
There was a problem hiding this comment.
The phrase "always-on defaults and cannot be disabled" is slightly contradictory - "defaults" typically implies configurability, but "cannot be disabled" states the opposite. Consider rephrasing to "are always enabled and cannot be disabled" or "are enforced and cannot be disabled" for clearer communication.
| All linters (`zizmor`, `actionlint`, `poutine`), `--validate`, and `--no-emit` are always-on defaults and cannot be disabled. Accepts the same workflow ID format as `compile`. | |
| All linters (`zizmor`, `actionlint`, `poutine`), `--validate`, and `--no-emit` are always enabled and cannot be disabled. Accepts the same workflow ID format as `compile`. |
Documentation Updates - 2026-02-25
This PR updates the documentation based on features merged in the last 24 hours.
Features Documented
gh aw validatecommand (from feat: addgh aw validatecommand #18191)threat-detection: falseimport precedence behaviour (from fix: imported safe-output fragments no longer override explicitthreat-detection: false#18231)Changes Made
docs/src/content/docs/setup/cli.mdto add a fullvalidatecommand section under Building (aftercompile). PR feat: addgh aw validatecommand #18191 added the command and updated thecompilation-process.mdreference table, but the primary CLI commands page was missing the entry.docs/src/content/docs/reference/threat-detection.mdto add a NOTE callout clarifying that an explicitthreat-detection: falsein a workflow takes precedence over imported shared fragments — documenting the behaviour fixed in fix: imported safe-output fragments no longer override explicitthreat-detection: false#18231.Merged PRs Referenced
gh aw validatecommand #18191 — feat: addgh aw validatecommandthreat-detection: false#18231 — fix: imported safe-output fragments no longer override explicitthreat-detection: false.github/aw/prompt file references (internal help text; no external docs gap)gonetwork preset #18214 — fix(code-simplifier): allow Go module proxy domains viagonetwork preset (goecosystem identifier already documented inreference/network.md)Notes
No other merged PRs from the last 24 hours required external documentation updates. Internal fixes, test improvements, and infrastructure changes (#18253, #18234, #18224, #18216, #18215, #18208, #18206, #18205, #18197, #18194) were either non-user-facing or already accompanied by inline documentation in their respective PRs.