From 57e93ead8bb70946822bcd9d385d99560a04dde3 Mon Sep 17 00:00:00 2001
From: Daily Documentation Updater
 <github-actions[bot]@users.noreply.github.com>
Date: Sat, 25 Oct 2025 06:07:46 +0000
Subject: [PATCH] docs: Update CLI reference for features from 2025-10-25
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Update CLI documentation to reflect recent feature additions:

- Document firewall log parsing in --parse flag (PR #2349, #2350)
  - Logs and audit commands now generate firewall.md files
  - JSON output includes firewall analysis

- Update --dependabot documentation (PR #2359)
  - Added pip and Go ecosystem support
  - Clarified command detection patterns

- Add repository feature validation section (PR #2347)
  - Compile validates discussions/issues enabled
  - Prevents runtime failures for incompatible workflows

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 docs/src/content/docs/tools/cli.md | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/docs/src/content/docs/tools/cli.md b/docs/src/content/docs/tools/cli.md
index 9e2928acca4..8acb07b3689 100644
--- a/docs/src/content/docs/tools/cli.md
+++ b/docs/src/content/docs/tools/cli.md
@@ -144,15 +144,24 @@ gh aw compile --dependabot --force         # Force overwrite existing files
 
 Enables enhanced security validation requiring timeouts, explicit network configuration, and blocking write permissions. Use `--strict` flag or `strict: true` in frontmatter.
 
+**Repository Feature Validation:**
+
+The compile command validates that workflows using `create-discussion`, `create-issue`, or `add-comment` with discussions are compatible with the target repository. Compilation fails if:
+
+- Workflows use `create-discussion` but the repository doesn't have discussions enabled
+- Workflows use `create-issue` but the repository doesn't have issues enabled
+
+Enable discussions or issues in repository settings, or remove the incompatible safe-outputs from workflows.
+
 **Dependency Manifest Generation:**
 
 The `--dependabot` flag scans workflows for package dependencies and generates manifest files for automated security updates:
 
 - **npm**: Creates `package.json` and `package-lock.json` for packages used with `npx` (requires npm in PATH)
-- **pip**: Creates `requirements.txt` for Python packages
-- **Go**: Creates `go.mod` for packages installed via `go install` or `go get`
+- **pip**: Creates `requirements.txt` for Python packages installed via `pip install` or `pip3 install`
+- **Go**: Creates `go.mod` for Go packages installed via `go install` or `go get`
 
-The command also creates or updates `.github/dependabot.yml` to enable Dependabot monitoring. Existing manifests are merged intelligently to preserve manual entries. Use `--force` to overwrite the Dependabot configuration file if needed.
+The command creates or updates `.github/dependabot.yml` to enable Dependabot monitoring for all detected ecosystems. Existing manifests are merged intelligently to preserve manual entries. Use `--force` to overwrite the Dependabot configuration file if needed.
 
 ```bash
 # Scan workflows and generate manifests for detected dependencies
@@ -246,8 +255,8 @@ Metrics include execution duration, token consumption, costs, success/failure ra
 
 **Log Parsing and JSON Output:**
 
-- `--parse`: Generates `log.md` files with tool calls, reasoning, and execution details extracted by engine-specific parsers
-- `--json`: Outputs structured JSON with summary metrics, runs, tool usage, missing tools, MCP failures, and access logs
+- `--parse`: Generates `log.md` and `firewall.md` files with tool calls, reasoning, execution details, and network access patterns extracted by engine-specific parsers
+- `--json`: Outputs structured JSON with summary metrics, runs, tool usage, missing tools, MCP failures, access logs, and firewall analysis
 
 ### Single Run Audit
 
@@ -271,9 +280,9 @@ The audit command accepts workflow run URLs from any repository and GitHub insta
 
 **Options:**
 
-- `--parse`: Generates detailed `log.md` files with tool calls and reasoning extracted by engine-specific parsers
+- `--parse`: Generates detailed `log.md` and `firewall.md` files with tool calls, reasoning, and network access patterns extracted by engine-specific parsers
 
-The audit command checks local cache first (`logs/run-{id}`), then attempts download. On permission errors, it provides MCP server instructions for artifact downloads. Reports include overview, metrics, tool usage, MCP failures, and available artifacts.
+The audit command checks local cache first (`logs/run-{id}`), then attempts download. On permission errors, it provides MCP server instructions for artifact downloads. Reports include overview, metrics, tool usage, MCP failures, firewall analysis, and available artifacts.
 
 ### MCP Server Management