Skip to content

Align CLI docs and deprecation behavior for audit, status, experiments, and legacy --disable-* flags#44312

Merged
pelikhan merged 4 commits into
mainfrom
copilot/cli-consistency-fix
Jul 9, 2026
Merged

Align CLI docs and deprecation behavior for audit, status, experiments, and legacy --disable-* flags#44312
pelikhan merged 4 commits into
mainfrom
copilot/cli-consistency-fix

Conversation

Copilot AI commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

The CLI consistency sweep found a small set of high-severity mismatches between documented behavior and the current command surface: audit mode docs were wrong, experiments was missing from the CLI guide, status promised schedule output it does not render in console mode, and legacy --disable-* aliases were silently accepted without migration guidance.

  • Docs: align command reference with actual behavior

    • audit now documents the current two-mode model: single-run audit and multi-run analysis
    • status no longer claims console output includes schedules; it points readers to --json for raw on data
    • added a missing experiments section to the CLI guide
    • documented the intentional polarity difference between compile --fix and upgrade --no-fix
  • CLI help: make fix/no-fix behavior explicit

    • compile help now states that codemods are opt-in via --fix
    • upgrade help now states that fix/action-update/compile work runs by default and --no-fix disables it
  • Flag behavior: deprecate legacy aliases instead of hiding them

    • replaced hidden legacy aliases with deprecated aliases that emit migration guidance
    • affected aliases:
      • --disable-security-scanner--no-security-scanner
      • --disable-release-bump--no-release-bump
  • Tests: lock in CLI consistency

    • added focused assertions for deprecated flag metadata
    • added doc/help consistency checks for audit, status, experiments, and fix/no-fix wording

Example of the alias behavior after this change:

cmd.Flags().Bool("no-security-scanner", false, "Disable security scanning of workflow markdown content")
cmd.Flags().Bool("disable-security-scanner", false, "Disable security scanning of workflow markdown content")
_ = cmd.Flags().MarkDeprecated("disable-security-scanner", "use --no-security-scanner instead")

Copilot AI and others added 2 commits July 8, 2026 14:47
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix CLI consistency issues as per inspection Align CLI docs and deprecation behavior for audit, status, experiments, and legacy --disable-* flags Jul 8, 2026
Copilot AI requested a review from pelikhan July 8, 2026 14:52
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🤖 PR Triage

Field Value
Category docs
Risk 🟢 low
Score 26/100 (impact:14 urgency:5 quality:7)
Action ⏸ defer
Batch docs-chore (with #44314, #44355)

Status: DRAFT — needs undraft + CI before review.

CLI consistency sweep: aligns audit, status, experiments, and legacy --disable-* docs with actual behavior. Part of docs-chore batch — consider reviewing alongside #44314 and #44355.

Run §28966928999

Generated by 🔧 PR Triage Agent · 106.9 AIC · ⌖ 10.9 AIC · ⊞ 5.4K ·

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

⚠️ PR Code Quality Reviewer failed during code quality review.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #44312 does not have the 'implementation' label and has only 63 new lines of code in business logic directories (threshold: 100).

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Test Quality Sentinel completed test quality analysis.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request aligns gh aw CLI documentation and help text with current behavior, and formalizes deprecation behavior for legacy --disable-* aliases so users receive migration guidance.

Changes:

  • Updated docs/help text for compile, upgrade, status, audit, and added CLI docs coverage for experiments.
  • Replaced hidden legacy aliases (--disable-security-scanner, --disable-release-bump) with deprecated aliases that emit guidance.
  • Added/extended tests to lock in deprecated-flag metadata and doc/help consistency assertions.
Show a summary per file
File Description
pkg/cli/upgrade_command.go Adjusts upgrade long help to clarify default fix/update/compile behavior.
pkg/cli/update_command.go Deprecates legacy --disable-* aliases instead of hiding them.
pkg/cli/update_command_test.go Adds assertions for deprecated flag metadata on update command aliases.
pkg/cli/trial_command.go Deprecates legacy --disable-security-scanner alias in trial.
pkg/cli/trial_command_test.go Adds test asserting deprecated metadata for trial legacy alias.
pkg/cli/deploy_command.go Deprecates legacy --disable-security-scanner alias in deploy.
pkg/cli/deploy_command_test.go Adds test asserting deprecated metadata for deploy legacy alias.
pkg/cli/cli_consistency_help_test.go Adds doc/help consistency checks covering audit, status, experiments, and fix/no-fix wording.
pkg/cli/add_command.go Deprecates legacy --disable-security-scanner alias in add.
pkg/cli/add_command_test.go Adds test asserting deprecated metadata for add legacy alias.
docs/src/content/docs/setup/cli.md Updates CLI guide text for compile, status, audit, upgrade, and adds experiments section.
cmd/gh-aw/main.go Updates compile help text to clarify that codemods are opt-in via --fix.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 12/12 changed files
  • Comments generated: 1
  • Review effort level: Low

Comment on lines 46 to 48
Flag behavior:
- --no-fix skips codemods, action version updates, and workflow compilation
- upgrade runs the equivalent of fix/action-update/compile work by default; use --no-fix to skip codemods, action version updates, and workflow compilation
- --no-actions and --no-compile are only applied when --no-fix is not set
@github-actions github-actions Bot mentioned this pull request Jul 9, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Align CLI docs and deprecation behavior

The changes are well-scoped and correct. All --disable-* legacy flags are consistently migrated from MarkHidden to MarkDeprecated with matching migration messages, tests cover every affected command, and the doc updates accurately reflect actual behavior (removed false schedule-in-console claim, fixed three-mode to two-mode audit description, added the missing experiments section).

One minor issue found: In pkg/cli/update_command_test.go lines 93-95, a comment and require.NotNil message still say "undocumented alias" even though the alias is now deprecated. The assert.Equal assertion added just below is correct, so this is a stale label, not a logic error. Inline comment posted.

Everything else looks good - the upgrade_command.go help text, the compile/upgrade polarity note in both help and docs, and the consistency test additions are all accurate.

🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 34.8 AIC · ⌖ 6.08 AIC · ⊞ 4.8K

Comment thread pkg/cli/update_command_test.go Outdated
@@ -93,6 +93,16 @@ func TestNewUpdateCommand_HasDisableSecurityScannerFlag(t *testing.T) {
// Undocumented alias should still be registered
deprecated := cmd.Flags().Lookup("disable-security-scanner")
require.NotNil(t, deprecated, "update command should keep --disable-security-scanner as undocumented alias")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The surrounding comment (line 93) and the require.NotNil message here still say "undocumented alias", but the alias is now a deprecated alias (not just hidden). The existing assert.Equal added on the next line correctly checks flag.Deprecated, so the intent is right — but the comment and message now contradict it.

Suggest updating both to match the new intent:

// Deprecated alias should still be registered
deprecated := cmd.Flags().Lookup("disable-security-scanner")
require.NotNil(t, deprecated, "update command should keep --disable-security-scanner as a deprecated alias")

@copilot please address this.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🧪 Test Quality Sentinel Report

⚠️ Test Quality Score: 74/100 — Acceptable

Analyzed 8 test(s): 8 design, 0 implementation, 0 violation(s).

📊 Metrics (8 tests)
Metric Value
Analyzed 8 (Go: 8, JS: 0)
✅ Design 8 (100%)
⚠️ Implementation 0 (0%)
Edge/error coverage 5 (62%)
Duplicate clusters 1
Inflation Yes
🚨 Violations 0
Test File Classification Issues
TestNewAddCommand_DeprecatesDisableSecurityScannerFlag pkg/cli/add_command_test.go design_test, high_value None
TestAuditCommandDescriptionsAreConsistent (+assertion) pkg/cli/cli_consistency_help_test.go design_test, high_value None
TestCompileDocsIncludeNoModelsDevLookupOption (+assertion) pkg/cli/cli_consistency_help_test.go design_test, high_value None
TestCLIDocsReflectStatusAuditAndExperimentsCommands pkg/cli/cli_consistency_help_test.go design_test, high_value None
TestNewDeployCommand_DeprecatesDisableSecurityScannerFlag pkg/cli/deploy_command_test.go design_test, high_value Duplicate pattern
TestNewTrialCommand_DeprecatesDisableSecurityScannerFlag pkg/cli/trial_command_test.go design_test, high_value Duplicate pattern
TestNewUpdateCommand_HasDisableSecurityScannerFlag (+assertion) pkg/cli/update_command_test.go design_test, high_value Duplicate pattern
TestNewUpdateCommand_DeprecatesDisableReleaseBumpFlag pkg/cli/update_command_test.go design_test, high_value None
⚠️ Flagged Tests (1 cluster)

Deprecation pattern cluster (add_command_test.go, deploy_command_test.go, trial_command_test.go, update_command_test.go) — 4 tests share a nearly identical 3-step structure: construct command → require.NotNil on disable-security-scanner flag → assert.Equal on Deprecated message. This is expected given the PR aligns deprecation behavior across 4 commands, so it is not a quality concern but noted per duplicate-cluster detection rules. Consider a shared helper if the pattern grows further.

Inflation note — All test files show >2:1 added-lines ratio vs their production counterparts (e.g., deploy_command_test.go +9 vs deploy_command.go +1). This is expected when production changes are small one-line deprecation wires; the tests verify the full behavioral contract. Deducted 10 points per formula.

Verdict

Passed. 0% implementation tests (threshold: 30%). No guideline violations. Tests are well-focused behavioral contracts verifying flag deprecation wires and CLI documentation accuracy.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🧪 Test quality analysis by Test Quality Sentinel · 48.9 AIC · ⌖ 10.1 AIC · ⊞ 6.8K ·
Comment /review to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Test Quality Sentinel: 74/100. 0% implementation tests (threshold: 30%). All 8 tests are design-level behavioral contracts with no guideline violations.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skills-Based Review 🧠

Applied /codebase-design, /grill-with-docs, and /tdd — commenting only, no blocking issues.

📋 Key Themes & Highlights

Key Themes

  • Stale test comment (correctness)update_command_test.go still says "undocumented alias" after the flag was promoted to a deprecated alias; the assertion message is now misleading.
  • Terminology drift (docs ↔ help)upgrade_command.go and cli.md use different informal phrases for the same three-step pipeline, undermining the consistency goal of this PR.
  • Brittle string pinning — the new assertion in cli_consistency_help_test.go pins an exact sentence from audit.go's Long description; any prose refactoring will break the test without a user-visible regression.
  • Minor redundancy in experiments docs — options are listed twice (root + analyze) when a single line would suffice.

Positive Highlights

  • ✅ Clean, uniform application of MarkDeprecated across all five affected commands
  • ✅ Good pattern of accompanying each flag change with a focused test that pins the .Deprecated field
  • TestCLIDocsReflectStatusAuditAndExperimentsCommands is a valuable cross-file consistency gate — it will catch future regressions where code and docs drift apart
  • NotContains on the removed schedule promise is a particularly well-chosen assertion
  • ✅ PR description is clear and well-structured — the example code snippet makes the deprecation behavior immediately concrete

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 76.1 AIC · ⌖ 5.75 AIC · ⊞ 6.6K
Comment /matt to run again

Comment thread pkg/cli/update_command_test.go Outdated
@@ -93,6 +93,16 @@ func TestNewUpdateCommand_HasDisableSecurityScannerFlag(t *testing.T) {
// Undocumented alias should still be registered
deprecated := cmd.Flags().Lookup("disable-security-scanner")
require.NotNil(t, deprecated, "update command should keep --disable-security-scanner as undocumented alias")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[/codebase-design] Stale comment and assertion message still say "undocumented alias" after the flag became a deprecated alias.

Lines 93–95 were not updated to match the change from MarkHidden to MarkDeprecated. The test now lies about what it is verifying, which undermines its value as a specification.

💡 Suggested fix
// Deprecated alias should still be registered
deprecated := cmd.Flags().Lookup("disable-security-scanner")
require.NotNil(t, deprecated, "update command should keep --disable-security-scanner as a deprecated alias")
assert.Equal(t, "use --no-security-scanner instead", deprecated.Deprecated)

All four new tests added in this PR use the phrase "deprecated alias" correctly — this pre-existing block is the only outlier.

@copilot please address this.

Comment thread docs/src/content/docs/setup/cli.md Outdated
gh aw experiments analyze my-workflow --repo owner/repo # Analyze experiments in another repository
```

**Options:** root command `--repo/-r`, `--json/-j`; `analyze` also accepts `--repo/-r`, `--json/-j`

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[/grill-with-docs] experiments docs list --repo/-r and --json/-j twice — once for the root command and once for analyze — but they are the same flags, which may confuse readers.

The actual flag registration shows --repo and --json are added to both the root command (via addRepoFlag/addJSONFlag) and to each subcommand independently. The options line documents this correctly but it reads redundantly. Consider clarifying that all subcommands inherit --repo/-r and --json/-j rather than duplicating them.

💡 Suggested wording
**Options:** All subcommands accept `--repo/-r` and `--json/-j`.

This is a minor docs readability issue, not a correctness bug.

@copilot please address this.

Comment thread pkg/cli/cli_consistency_help_test.go Outdated

assert.Contains(t, cmd.Short, "workflow runs", "audit short description should describe multiple run inputs")
assert.Contains(t, cmd.Long, "Audit one or more workflow runs", "audit long description should describe multiple run inputs")
assert.Contains(t, cmd.Long, "When two or more runs are provided", "audit help should document multi-run analysis mode")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[/tdd] This assertion pin-tests an internal string literal in audit.go rather than observable behavior — if the phrasing is refactored, the test breaks without any user-visible regression.

Pinning to a specific sentence like "When two or more runs are provided" couples the test to implementation prose. A more durable approach is to test that the command accepts multiple positional args and routes to the multi-run path (e.g., integration test with two run IDs), or at minimum to document why the exact sentence is part of the public contract.

💡 Alternative

If the intent is purely doc-surface consistency, consider a higher-level assertion such as checking that the word multi-run or multiple runs appears in the long description rather than pinning to a sentence-level fragment.

@copilot please address this.

Comment thread pkg/cli/upgrade_command.go Outdated

Flag behavior:
- --no-fix skips codemods, action version updates, and workflow compilation
- upgrade runs the equivalent of fix/action-update/compile work by default; use --no-fix to skip codemods, action version updates, and workflow compilation

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[/grill-with-docs] The help text uses two different informal phrases for the same concept: fix/action-update/compile work (upgrade help) vs fix/update/compile steps (docs). The inconsistency makes it harder to grep or cross-reference.

The docs added in this PR (cli.md line 742) say fix/update/compile steps while the upgrade command's own --help output says fix/action-update/compile work. Users reading both will see different terminology for the same pipeline.

💡 Suggested fix

Pick one canonical phrase — fix/action-update/compile matches the --no-actions and --no-compile flag names better — and use it in both places:

// upgrade_command.go
- upgrade runs the equivalent of fix/action-update/compile work by default; use --no-fix to skip codemods, action version updates, and workflow compilation
+ upgrade runs fix/action-update/compile by default; use --no-fix to skip all three steps
// cli.md
- Unlike `gh aw compile --fix`, `gh aw upgrade` runs its fix/update/compile steps by default
+ Unlike `gh aw compile --fix`, `gh aw upgrade` runs fix/action-update/compile by default

@copilot please address this.

@pelikhan

pelikhan commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

@copilot run pr-finisher skill

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking observations on what is otherwise a clean consistency sweep.

### Findings summary

1. Stale "undocumented alias" language in update_command_test.go (medium)
The existing test comment and require.NotNil message were not updated alongside the new deprecation behavior. The three brand-new tests in this PR all say "deprecated alias" correctly; this one old test was missed. Low risk, but creates a misleading paper trail.

2. Lone NotContains in TestCLIDocsReflectStatusAuditAndExperimentsCommands (medium)
The test guards against the old schedule-output text surviving but does not assert the replacement guidance (Use --json to inspect...) is present. Without a paired Contains, the assertion is half a test — it would silently pass if the replacement line were removed or reworded later.

Flag wiring verified: Confirmed that deprecated aliases are still OR-ed into the primary flag read (disableSecurityScanner = disableSecurityScanner || disableSecurityScannerLegacy) in add_command.go, deploy_command.go, trial_command.go, and update_command.go — deprecated flags continue to work functionally.

🔎 Code quality review by PR Code Quality Reviewer · 126.4 AIC · ⌖ 5.18 AIC · ⊞ 5.4K
Comment /review to run again

Comments that could not be inline-anchored

pkg/cli/update_command_test.go:95

Stale comment and assertion message still say "undocumented alias" after this flag becomes explicitly deprecated.

The comment on line 93 and the require.NotNil message on line 95 both read undocumented alias, but this PR promotes the alias to a deprecated alias with an explicit migration message. The three new tests added in this PR (TestNewAddCommand_DeprecatesDisableSecurityScannerFlag etc.) all use the correct "deprecated alias" wording — this old test was only partially updated…

pkg/cli/cli_consistency_help_test.go:138

NotContains alone does not verify the replacement text is present — the test can pass while the docs fix is missing.

assert.NotContains(t, text, &quot;enabled/disabled status, schedules, and labels&quot;, ...) only guards against the old string surviving. If someone reverts the status-docs change and writes a slightly different sentence (or leaves a blank), this assertion passes while the documented behavior is still wrong.

<details>
<summary>💡 Suggested fix</summary>

Add a positive assertion…

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@copilot run pr-finisher skill

Ran PR finisher pass and pushed follow-up commit 46ff57b with the remaining review-driven wording/consistency fixes plus full local validation (make fmt, make lint, make test-unit, make test, make recompile).

@pelikhan pelikhan merged commit a0d45aa into main Jul 9, 2026
29 checks passed
@pelikhan pelikhan deleted the copilot/cli-consistency-fix branch July 9, 2026 01:58
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🎉 This pull request is included in a new release.

Release: v0.82.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[cli-consistency] CLI Consistency Issues - 2026-07-08

3 participants