Skip to content

[docs] Update documentation for features from 2026-02-25 #18254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pelikhan merged 1 commit into from
Feb 25, 2026
+22 −0
Merged

[docs] Update documentation for features from 2026-02-25 #18254

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/src/content/docs/reference/threat-detection.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ safe-outputs:
threat-detection: false # Disable threat detection
```

> [!NOTE]
> When a workflow explicitly sets `threat-detection: false`, that setting takes precedence over any imported fragments. Imported shared workflows that configure safe outputs without a `threat-detection` key will not re-enable threat detection in the importing workflow.

### Advanced Configuration

Use object syntax for fine-grained control:
Expand Down
19 changes: 19 additions & 0 deletions docs/src/content/docs/setup/cli.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,25 @@ gh aw compile --purge # Remove orphaned .lock.yml files

**Shared Workflows:** Workflows without an `on` field are detected as shared components. Validated with relaxed schema and skip compilation. See [Imports reference](/gh-aw/reference/imports/).

#### `validate`

Validate agentic workflows by running the compiler with all linters enabled, without generating lock files. Equivalent to `gh aw compile --validate --no-emit --zizmor --actionlint --poutine`.

```bash wrap
gh aw validate # Validate all workflows
gh aw validate my-workflow # Validate specific workflow
gh aw validate my-workflow daily # Validate multiple workflows
gh aw validate --json # Output results in JSON format
gh aw validate --strict # Enforce strict mode validation
gh aw validate --fail-fast # Stop at the first error
gh aw validate --dir custom/workflows # Validate from custom directory
gh aw validate --engine copilot # Override AI engine
```

**Options:** `--engine/-e`, `--dir/-d`, `--strict`, `--json/-j`, `--fail-fast`, `--stats`, `--no-check-update`

All linters (`zizmor`, `actionlint`, `poutine`), `--validate`, and `--no-emit` are always-on defaults and cannot be disabled. Accepts the same workflow ID format as `compile`.
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrase "always-on defaults and cannot be disabled" is slightly contradictory - "defaults" typically implies configurability, but "cannot be disabled" states the opposite. Consider rephrasing to "are always enabled and cannot be disabled" or "are enforced and cannot be disabled" for clearer communication.

Suggested change
All linters (`zizmor`, `actionlint`, `poutine`), `--validate`, and `--no-emit` are always-on defaults and cannot be disabled. Accepts the same workflow ID format as `compile`.
All linters (`zizmor`, `actionlint`, `poutine`), `--validate`, and `--no-emit` are always enabled and cannot be disabled. Accepts the same workflow ID format as `compile`.

Copilot uses AI. Check for mistakes.

### Testing

#### `trial`
Expand Down