Skip to content

Enforce AI credit resolution order; set built-in defaults to 5000 (daily) and 1000 (per-run) #38197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pelikhan merged 16 commits into from
Jun 10, 2026
Merged

Enforce AI credit resolution order; set built-in defaults to 5000 (daily) and 1000 (per-run) #38197

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
c8d95b7
Resolve max AI credit defaults and precedence coverage
Copilot Jun 9, 2026
e2871b4
Merge branch 'main' into copilot/check-max-ai-credits
pelikhan Jun 9, 2026
841235a
Plan: resolve GH_AW_DEFAULT_MAX_DAILY_AI_CREDITS at action runtime
Copilot Jun 9, 2026
8660afd
Resolve GH_AW_DEFAULT_MAX_DAILY_AI_CREDITS at action runtime via vars…
Copilot Jun 9, 2026
c97f339
Merge branch 'main' into copilot/check-max-ai-credits
pelikhan Jun 9, 2026
272eb70
Plan: add AI credits guardrail spec section and spec tests
Copilot Jun 9, 2026
53ece72
Add §9 Daily AI Credits Guardrail to AI credits spec; add spec tests
Copilot Jun 9, 2026
2925b32
Also resolve GH_AW_DEFAULT_MAX_AI_CREDITS at action runtime; add spec…
Copilot Jun 9, 2026
c98e1b2
Plan: update AI credits spec §9 and §10 to reflect 4-level resolution…
Copilot Jun 9, 2026
152d606
Update AI credits spec §9 and §10 to reflect 4-level resolution order…
Copilot Jun 9, 2026
5b069a8
Fix test assertions: use escaped JSON patterns in shell command checks
Copilot Jun 9, 2026
e3494f7
Recompile all lock files: replace Python script with direct JSON expr…
Copilot Jun 9, 2026
17b2a6a
Refactor maxAiCredits runtime expression into local export; use doubl…
Copilot Jun 9, 2026
30e788e
Merge branch 'main' into copilot/check-max-ai-credits
pelikhan Jun 9, 2026
ffe5510
Add draft ADR-38197 for AI credit resolution order
github-actions[bot] Jun 9, 2026
556859e
Add changeset for AI credit resolution order
github-actions[bot] Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions pkg/constants/constants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,9 @@ const DefaultHTTPClientTimeout = 30 * time.Second
// DefaultMaxAICredits is the default AI Credits budget enforced by the AWF API proxy.
const DefaultMaxAICredits int64 = 1000

// DefaultMaxDailyAICredits is the default per-workflow daily AI Credits guardrail.
const DefaultMaxDailyAICredits = "5000"

// DefaultMaxRuns is the default AWF invocation cap enforced by the AWF API proxy.
const DefaultMaxRuns = 500

Expand Down
21 changes: 21 additions & 0 deletions pkg/workflow/awf_config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,27 @@ func TestBuildAWFConfigJSON(t *testing.T) {
assert.Contains(t, jsonStr, `"maxAiCredits":2000`, "apiProxy should emit env var default maxAiCredits when unset")
})

t.Run("frontmatter max-ai-credits takes precedence over enterprise default env var", func(t *testing.T) {
t.Setenv(compilerenv.DefaultMaxAICredits, "2k")
config := AWFCommandConfig{
EngineName: "copilot",
AllowedDomains: "github.com",
WorkflowData: &WorkflowData{
EngineConfig: &EngineConfig{
ID: "copilot",
MaxAICredits: 333,
},
NetworkPermissions: &NetworkPermissions{
Firewall: &FirewallConfig{Enabled: true},
},
},
}

jsonStr, err := BuildAWFConfigJSON(config)
require.NoError(t, err)
assert.Contains(t, jsonStr, `"maxAiCredits":333`, "apiProxy should prefer frontmatter maxAiCredits over enterprise default")
})

t.Run("token steering is enabled by default in apiProxy config", func(t *testing.T) {
config := AWFCommandConfig{
EngineName: "copilot",
Expand Down
12 changes: 6 additions & 6 deletions pkg/workflow/compilerenv/manager_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,32 +9,32 @@ import (
func TestResolveDefaultMaxDailyAICredits(t *testing.T) {
t.Run("unset uses fallback", func(t *testing.T) {
t.Setenv(DefaultMaxDailyAICredits, "")
assert.Equal(t, "500000", ResolveDefaultMaxDailyAICredits("500000"))
assert.Equal(t, "5000", ResolveDefaultMaxDailyAICredits("5000"))
})

t.Run("invalid uses fallback", func(t *testing.T) {
t.Setenv(DefaultMaxDailyAICredits, "abc")
assert.Equal(t, "500000", ResolveDefaultMaxDailyAICredits("500000"))
assert.Equal(t, "5000", ResolveDefaultMaxDailyAICredits("5000"))
})

t.Run("zero uses fallback", func(t *testing.T) {
t.Setenv(DefaultMaxDailyAICredits, "0")
assert.Equal(t, "500000", ResolveDefaultMaxDailyAICredits("500000"))
assert.Equal(t, "5000", ResolveDefaultMaxDailyAICredits("5000"))
})

t.Run("valid value overrides fallback", func(t *testing.T) {
t.Setenv(DefaultMaxDailyAICredits, "1000000")
assert.Equal(t, "1000000", ResolveDefaultMaxDailyAICredits("500000"))
assert.Equal(t, "1000000", ResolveDefaultMaxDailyAICredits("5000"))
})

t.Run("suffix value overrides fallback", func(t *testing.T) {
t.Setenv(DefaultMaxDailyAICredits, "2M")
assert.Equal(t, "2000000", ResolveDefaultMaxDailyAICredits("500000"))
assert.Equal(t, "2000000", ResolveDefaultMaxDailyAICredits("5000"))
})

t.Run("disables guardrail with -1", func(t *testing.T) {
t.Setenv(DefaultMaxDailyAICredits, "-1")
assert.Equal(t, "-1", ResolveDefaultMaxDailyAICredits("500000"))
assert.Equal(t, "-1", ResolveDefaultMaxDailyAICredits("5000"))
})
}

Expand Down
7 changes: 4 additions & 3 deletions pkg/workflow/daily_aic_workflow.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"
"strings"

"github.com/github/gh-aw/pkg/constants"
"github.com/github/gh-aw/pkg/logger"
"github.com/github/gh-aw/pkg/typeutil"
"github.com/github/gh-aw/pkg/workflow/compilerenv"
Expand Down Expand Up @@ -76,21 +77,21 @@ func resolveMaxDailyAIC(frontmatter map[string]any, importedJSON string) *string
}
if importedJSON == "" {
dailyAICWorkflowLog.Print("No frontmatter value and no imported config; falling back to default max-daily-ai-credits")
defaultValue := compilerenv.ResolveDefaultMaxDailyAICredits("500000")
defaultValue := compilerenv.ResolveDefaultMaxDailyAICredits(constants.DefaultMaxDailyAICredits)
return parseMaxDailyAICValue(defaultValue)
}
Comment thread
pelikhan marked this conversation as resolved.
var imported any
if err := json.Unmarshal([]byte(importedJSON), &imported); err != nil {
dailyAICWorkflowLog.Printf("Failed to unmarshal imported max-daily-ai-credits JSON, using default: %v", err)
defaultValue := compilerenv.ResolveDefaultMaxDailyAICredits("500000")
defaultValue := compilerenv.ResolveDefaultMaxDailyAICredits(constants.DefaultMaxDailyAICredits)
return parseMaxDailyAICValue(defaultValue)
}
if value, found := resolveMaxDailyAICFromRaw(imported); found {
dailyAICWorkflowLog.Print("Resolved max-daily-ai-credits from imported config")
return value
}
dailyAICWorkflowLog.Print("Imported config did not provide a usable value; falling back to default max-daily-ai-credits")
defaultValue := compilerenv.ResolveDefaultMaxDailyAICredits("500000")
defaultValue := compilerenv.ResolveDefaultMaxDailyAICredits(constants.DefaultMaxDailyAICredits)
return parseMaxDailyAICValue(defaultValue)
}

Expand Down
14 changes: 11 additions & 3 deletions pkg/workflow/daily_aic_workflow_guardrail_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,19 @@ func TestResolveMaxDailyAIC(t *testing.T) {
}
})

t.Run("uses built-in 500k default when no frontmatter and no env vars", func(t *testing.T) {
t.Run("frontmatter value takes precedence over enterprise default", func(t *testing.T) {
t.Setenv(compilerenv.DefaultMaxDailyAICredits, "2222")
got := resolveMaxDailyAIC(map[string]any{"max-daily-ai-credits": 1234}, "")
if got == nil || *got != "1234" {
t.Fatalf("expected frontmatter value to override enterprise default, got %v", got)
}
})

t.Run("uses built-in 5k default when no frontmatter and no env vars", func(t *testing.T) {
t.Setenv(compilerenv.DefaultMaxDailyAICredits, "")
got := resolveMaxDailyAIC(map[string]any{}, "")
if got == nil || *got != "500000" {
t.Fatalf("expected built-in 500k default, got %v", got)
if got == nil || *got != "5000" {
t.Fatalf("expected built-in 5k default, got %v", got)
}
})

Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
comment_id: ""
comment_repo: ""
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
comment_id: ""
comment_repo: ""
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
comment_id: ""
comment_repo: ""
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
comment_id: ""
comment_repo: ""
Expand Down Expand Up @@ -95,7 +95,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
comment_id: ""
comment_repo: ""
Expand Down Expand Up @@ -96,7 +96,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
comment_id: ""
comment_repo: ""
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
comment_id: ""
comment_repo: ""
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
body: ${{ steps.sanitized.outputs.body }}
comment_id: ""
Expand Down Expand Up @@ -111,7 +111,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
actions: read
contents: read
env:
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
outputs:
comment_id: ""
comment_repo: ""
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }}
GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_AW_MAX_DAILY_AI_CREDITS: "500000"
GH_AW_MAX_DAILY_AI_CREDITS: "5000"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
Loading