v0.74.2

🌟 Release Highlights

This release brings powerful new developer tooling — custom Go linters, new gh aw fix codemods, and a --staged compile flag — alongside key reliability fixes for signed commits and safe-output PR creation, improved self-hosted runner docs, and a raised max-runs default for larger workflows.

✨ What's New

• gh aw compile --staged — Force workflows into staged mode at compile time. (#31975)
• Custom Go analysis linters — pkg/linters ships a new largefunc linter sample. (#31958)
• gh aw fix codemods — Rewrites single-quoted tools.bash args and lowercases discussion trigger categories. (#31874, #31872)
• Decentralized label_command routing via agentic_commands.yml. (#31917)
• REST API for agent session task creation — More reliable than gh CLI. (#32028)
• Higher default max-runs — Raised from 100 to 500. (#31986)
• Runner and actor OTel attributes for cross-runner observability. (#31913)

🐛 Bug Fixes & Improvements

• Signed commits: refuse unsafe fallback — pushSignedCommits no longer silently falls back to unsigned git push. (#31876)
• create_pull_request bundle ref mismatch fixed in safe output. (#31955)
• ARC/DinD detection now matches any (redacted) DOCKER_HOST`. (#31996)
• on: subsection indentation parser bug fixed. (#31871)
• gh aw lint false positives fixed. (#31916)
• Early CI lint gate reduces lint-fix PR churn. (#31921)

📚 Documentation

• Self-hosted runner guide: GHES and ARC sections. (#31923)
• Claude Quick Start parity and engine-neutral architecture labels. (#32016)
• Frontmatter reference: inline-sub-agents and max-effective-tokens documented. (#32010)
• repository_dispatch FAQ and trigger reference. (#31979)

🌍 Community Contributions

@michen00

• pushSignedCommits silently falls back to unsigned git push on merge/symlink/submodule/exec-bit commits (direct issue)

@octatone

• create_pull_request safe output fails: bundle branch ref doesn't match JSONL-declared branch name (direct issue)

@tore-unumed

• Docs: pre-agent-steps missing from Allowed Import Fields list (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 4.9M

---

What's Changed

• Fix S1011 staticcheck lint failure in central_slash_command_workflow.go by @Copilot in #31858
• Fix failing "Integration: Workflow Misc Part 2" tests by @Copilot in #31860
• [jsweep] Clean action_conclusion_otlp.cjs by @github-actions[bot] in #31868
• Fix on: subsection indentation handling causing test workflow failures by @Copilot in #31871
• chore: streamline outcome collection by @mnkiefer in #31888
• fix(push-signed-commits): refuse unsigned git push fallback for structurally unsignable commits by @Copilot in #31876
• [actions] Update GitHub Actions versions - 2026-05-13 by @github-actions[bot] in #31893
• fix(duplicate-code-detector): allow github.com and api.github.com through firewall by @Copilot in #31904
• Add gh aw fix codemod to rewrite single-quoted tools.bash args safely by @Copilot in #31874
• feat: implement outcome telemetry export by @mnkiefer in #31897
• Refactor update workflow call chain to use a shared options struct by @Copilot in #31886
• Refactor duplicated on-trigger section entry/reset logic in YAML on-section extraction by @Copilot in #31881
• Add GH_TOKEN to dev-mode gh-aw runtime install step generation by @Copilot in #31898
• Refactor permission-scope string conversion to validated inventory lookup by @Copilot in #31899
• Docs UX: Convert “Getting Help” run-on guidance into prioritized numbered steps by @Copilot in #31900
• Add default gh aw fix codemod to lowercase discussion trigger categories in frontmatter by @Copilot in #31872
• Docs/tests: include pre-agent-steps and post-steps in shared import allowlist by @Copilot in #31912
• Centralize filesystem permission policy and remove raw octal modes from production callsites by @Copilot in #31915
• Add runner and actor_id OTel resource attributes for cross-runner observability by @Copilot in #31913
• Add scheduled pr-sous-chef workflow to advance open PRs toward maintainer review by @Copilot in #31911
• Align strict-mode compatibility: allow Playwright MCP warnings and honor workflow-level strict opt-out for pull_request_target by @Copilot in #31914
• [docs] Update glossary - daily scan by @github-actions[bot] in #31924
• chore: update outcome collector by @mnkiefer in #31936
• [spec-enforcer] Enforce specifications for logger, parser, repoutil by @github-actions[bot] in #31935
• Refactor audit command hot-spots to use a shared AuditOptions API by @Copilot in #31920
• Fix gh aw lint false positives breaking make lint-lock by @Copilot in #31916
• Fix Issue Arborist Repo Mind Light token by @szabta89 in #31942
• Add detail_level A/B experiment to daily architecture diagram workflow output by @Copilot in #31927
• [function-namer] Improve internal helper naming in pkg/workflow for agent discoverability by @Copilot in #31951
• Enforce pre-submission lint hygiene and add an early CI lint gate to reduce lint-fix PR churn by @Copilot in #31921
• [docs] Consolidate developer specifications into instructions file (v9.6) by @github-actions[bot] in #31957
• fix(otel): emit gh-aw.engine.id on setup spans via shared resolveEngineId helper by @Copilot in #31956
• chore: enhance outcome evaluation process by @mnkiefer in #31938
• Fix Issue Arborist pre-agent issue fetch by @szabta89 in #31954
• Document pkg/testutil dependency on pkg/constants in package spec by @Copilot in #31950
• feat: add pkg/linters with custom Go analysis linters (largefunc sample) by @Copilot in #31958
• docs: add runner environment requirements, GHES, and ARC sections to self-hosted guide by @salmanmkc in #31923
• Handle bundle ref mismatch in create_pull_request safe output by @Copilot in #31955
• [docs] Update documentation for features from 2026-05-13 by @github-actions[bot] in #31928
• Add --staged flag to compile for forced staged workflows by @Copilot in #31975
• Fix gh-aw extension setup collisions in generated workflows by @Copilot in #31952
• Creating a dynamic agent of the day blog entry by @Copilot in #31981
• Add patterns router prompt and wire dispatcher routing by @Copilot in #31985
• Close SPDD gaps for forecast discovery, frontmatter hash limits, and related specs by @Copilot in #31984
• Increase default max-runs from 100 to 500 across compiler, schema, and docs by @Copilot in #31986
• docs: add repository_dispatch FAQ and trigger reference for external system integrations by @Copilot in #31979
• daily-experiment-report: install numpy/matplotlib when running on PyPy by @Copilot in #31992
• Add decentralized label_command routing via agentic_commands.yml by @Copilot in #31917
• Strengthen create-pull-request safe output guardrails: always recommend allowed-files by @Copilot in #31999
• restrict create-pull-request to docs/** files in blog-writer workflow by @Copilot in #31998
• [WIP] Fix failing GitHub Actions job Lint Gate by @Copilot in #32004
• [WIP] Fix failing GitHub Actions job lint-go by @Copilot in #32003
• [caveman] Optimize instruction verbosity — agentic-chat, campaign, cli-commands, context (2026-05-13) by @github-actions[bot] in #32019
• [deep-report] Add missing top-level inline-sub-agents and max-effective-tokens to canonical frontmatter references by @Copilot in #32010
• fix: broaden ARC/DinD detection to match any tcp:// DOCKER_HOST by @salmanmkc in htt...

v0.74.1

🌟 Release Highlights

This release brings new workflow control features, security hardening, improved observability, and resolves several community-reported issues including ARC/DinD runner support and lockfile consistency fixes.

✨ What's New

• Pre-activation author gating — New on.skip-author-associations field lets you gate workflow activation by the triggering user's repository association (e.g. allow only MEMBER or OWNER), reducing unnecessary agent runs. (#31836)
• Concurrency queue support — concurrency.queue field and queue-aware conclusion job defaults give fine-grained control over concurrent workflow execution. (#31764)
• Immediate command reactions — Centralized slash-command workflows now post emoji reactions immediately upon receipt and propagate the desired reaction context throughout the run. (#31847)
• Outcome evaluation for safe outputs — Safe output jobs can now declare pass/fail outcomes, enabling automated evaluation of agent results. (#31776)
• Token steering compiler support — firewall.effective-token-steering is now parsed and rendered in the agent and gateway JS parsers. (#31796, #31823)
• Improved OTel accuracy — The gh-aw.agent span now captures the true Execute-Agent-CLI start time, excluding pre-agent overhead from telemetry. (#31808)
• Stricter schema validation — Unused top-level command keys in main workflow frontmatter now produce a clear validation error. (#31750)

🐛 Bug Fixes & Improvements

• Fixed dispatch-workflow validation incorrectly rejecting workflows in target repos under the Side Repo Ops pattern. (#31835, resolves #31831)
• Fixed redirect-only workflows being misidentified as shared workflow components. (#31800, resolves #31689)
• Fixed lockfile differences between fork contributor checkouts and upstream CI. (#31613, resolves #31612)
• Fixed bundle transport failures in shallow checkouts where git fetch rejected bundle prerequisites. (#31603, resolves #31600)
• Fixed plan context substitution failures (/plan) for slash-command runs. (#31849)
• Fixed double quotes in experiment comparison expressions that broke evaluation. (#31770)
• Fixed centralized slash_command reaction and status-comment gating. (#31775)
• Clarified npm and pip package name validation error messages. (#31822)
• Normalized non-release agentic_commands.yml compiler metadata to dev. (#31829)

🔒 Security

• URL protocol sanitizer switched to an allowlist model, closing a potential bypass via non-://-scheme URLs. (#31715)
• stripDangerousAttributes now strips title= and data-* attributes, closing a hidden injection channel. (#31707)

🏗️ ARC / DinD Runner Support

Two long-standing community requests for ARC (Actions Runner Controller) support are resolved:

• First-class ARC runner support for AWF-backed workflows. (#31614, resolves #30840)
• AWF chroot mode now supports ARC/DinD Docker daemon filesystems without manual staging. (resolves #30838)

📚 Documentation

• Troubleshooting / common-issues page trimmed by ~27% for faster scanning. (#31756)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bmerkle

• regression in gh aw version v0.72.1 with daily-repo-status.md (direct issue)

@mrjf

• Bundle transport still fails in shallow checkout: git fetch rejects bundle prerequisites (direct issue)

@rhardouin

• [ARC-DinD] GAW should provide first-class ARC runner support for AWF-backed workflows (direct issue)
• [ARC-DinD] AWF chroot mode should support ARC/DinD Docker daemon filesystems without manual staging (direct issue)

@trask

• gh aw compile produces different lockfiles for fork contributors vs the upstream CI checkout, with no in-repo way to make them match (direct issue)

@yskopets

• dispatch-workflow validation fails for workflows in target repo (Side Repo Ops pattern) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 3.8M

---

What's Changed

• docs: extend memory.md with built-in GitHub graph and git history strategies by @Copilot in #31594
• Reduce ParseWorkflow regression by optimizing frontmatter delimiter parsing by @Copilot in #31583
• perf(workflow): cache manifest baseline lookup in CompileWorkflow path by @Copilot in #31584
• Stabilize DIFC proxy integration check by replacing flaky /rate_limit assertion by @Copilot in #31595
• [q] fix(weekly-blog-post-writer): dedupe Agent of the Week using published blog history by @Copilot in #31593
• Align audit/trial help text and update docs for update --cool-down by @Copilot in #31597
• [docs] Self-healing documentation fixes from issue analysis - 2026-05-12 by @github-actions[bot] in #31604
• build(deps): bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in #31601
• fix: link default footers to workflow run URL instead of agentic_workflow subpage by @Copilot in #31611
• Reduce ExtractWorkflowNameFromFile overhead in the title-scan path by @Copilot in #31598
• Fix bundle transport in shallow checkouts by @Copilot in #31603
• fix(engines): normalize wildcard bash commands to canonical tool permission syntax by @Copilot in #31599
• Address review feedback: dedupe normalized Claude Bash tools and tighten release bash permissions by @Copilot in #31615
• Prefer upstream remote for gh aw compile schedule seed in fork checkouts by @Copilot in #31613
• Auto-detect ARC/DinD and emit AWF --docker-host-path-prefix in generated workflows by @Copilot in #31614
• [code-simplifier] refactor: extract awfVersionAtLeast helper to deduplicate version-check functions by @github-actions[bot] in #31627
• Enable OTLP export for Agentic Portfolio Yield by @Copilot in #31647
• Add optional payload input to dependabot-worker reusable workflow by @mnkiefer in #31679
• [instructions] Sync instruction files with release v0.72.1 by @github-actions[bot] in #31661
• [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #31669
• [docs] Update glossary - daily scan 2026-05-12 by @github-actions[bot] in #31672
• [docs] Update documentation for features from 2026-05-12 by @github-actions[bot] in #31676
• [spec-enforcer] Enforce specifications for fileutil, gitutil, jsonutil by @github-actions[bot] in #31683
• Refactor workflow feature gates to use a shared version-threshold helper by @Copilot in #31642
• Classify repeated permission-denied failures as missing tool/permission issues in Copilot/Claude/Codex harnesses by @Copilot in #31629
• Treat gh aw as a first-class runtime with release setup-cli injection, dev source build, and firewall domains by @Copilot in #31622
• fix: propagate DOCKER_HOST to MCP gateway for ARC/dind runners by @salmanmkc in #31670
• Fix build-wasm CI failure by updating stale wasm compile fixture goldens by @Copilot in #31698
• fix: apply gofmt to runtime_definitions.go by @Copilot in #31700
• feat: add GHES-compatible artifact action versions via feature flag by @salmanmkc in #31664
• fix: decode named invisible-char HTML entities in decodeHtmlEntities to close @mention bypass by @Copilot in #31703
• fix: strip title= and data-* attributes in stripDangerousAttributes to close hidden injection channel by @Copilot in #31707
• test: parity regression guard for alias-branch template delimiter neutralization by @Copilot in #31712
• fix(sanitize): switch sanitizeUrlProtocols to allowlist for ://-scheme URLs by @Copilot in #31715
• build(deps-dev): bump @playwright/test from 1.59.1 to 1.60.0 in /docs by @dependabot[bot] in #31743
• build(deps-dev): bump @types/node from 25.6.0 to 25.7.0 in /actions/setup/js by @dependabot[bot] in #31742
• build(deps-dev): bump @vitest/ui from 4.1.5 to 4.1.6 in /actions/setup/js by @dependabot[bot] in #31744
• build(deps-dev): bump vitest from 4.1.5 to 4.1.6 in /actions/setup/js by @dependabot[bot] in https://github.com/gith...

v0.74.0

test

Generated by Release · ● 66.9M

---

What's Changed

• fix: set_issue_field skips gracefully when repo has no issue fields by @Copilot in #31576
• Integrate Repo Mind Light into Issue Arborist workflow by @Copilot in #31510
• optimize: reduce token usage in three high-consumption workflows by @Copilot in #31582
• Reduce Daily Syntax Error Quality workflow token churn without changing cadence by @Copilot in #31586
• Fix firewall token usage reporting to preserve raw counts and remove cache-rate transforms by @Copilot in #31581
• Fix golangci-lint failures in codemod and miner test files by @Copilot in #31590
• Auto-bump version when release tag already exists by @Copilot in #31592

Full Changelog: v0.72.2...v0.74.0

v0.72.1

🌟 Release Highlights

v0.72.1 delivers a new developer-facing lint command, critical compiler correctness fixes, and improved shared workflow ergonomics — all driven largely by community-reported issues.

✨ What's New

• gh aw lint — fast lock-file validation (#30704): New gh aw lint command runs actionlint directly against existing .lock.yml files — no recompile, no extra scanners. Perfect for a lightweight CI gate to catch syntax errors before pushing. Supports --dir, explicit file paths, and optional --shellcheck/--pyflakes checks.

• Import engine.mcp.tool-timeout from shared workflows (#30634): Shared workflows wrapping slow MCP servers (e.g. Repo Mind Light) can now declare engine.mcp.tool-timeout and engine.mcp.session-timeout once, and consumers inherit those values automatically — no more duplicating timeout configs in every consumer. Consumer-declared values still take precedence.

• First-party coding-agent skill for gh aw (#27259): Added a router skill that gives coding agents (Copilot, Claude, etc.) structured guidance on creating, debugging, and updating agentic workflows using the gh aw CLI.

• Shared skip-if-match dedup component: The common "open issue/PR by title prefix" deduplication query is now a shared compiler-imported component, eliminating copy-paste duplication across dozens of workflows.

🐛 Bug Fixes & Improvements

• && preserved in compiled workflow expressions (#30695): Go's HTML escaping was converting && to \u0026\u0026 inside AWF config JSON embedded in .lock.yml files, corrupting ${{ ... && ... }} expressions and causing workflow parse failures. Fixed by switching to json.Encoder with SetEscapeHTML(false).

• safe-outputs permission regression fixed (#30733): When update-project appeared alongside add-comment/add-labels, the minted App token was incorrectly downgraded to issues:read instead of issues:write, silently failing issue mutations.

• Conclusion comment now reflects safe_outputs failures (#30662): The conclusion job was reporting ✅ success even when safe_outputs failed (e.g., 422 on PR review submission). The job now correctly propagates safe_outputs status.

• Firewall binary version corrected (#30705, #30191): v0.71.1 was referencing a non-existent gh-aw-firewall version, causing 404s on AWF binary install. This release ships with the correct firewall v0.25.29 (which also includes the healthcheck fix).

• Playwright mode: cli recognized by compiler (#30088): gh aw compile now correctly accepts mode: cli in Playwright tool configuration.

• COPILOT_API_KEY dummy key no longer triggers over-billing (#30324): The dummy byok-key placeholder introduced in v0.71 was causing 10–100x premium request over-billing compared to v0.68. Fixed.

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• Bug: mode: cli for Playwright not recognized during gh aw compile (direct issue)

@bryanchen-d

• feat: lightweight gh aw lint — actionlint-only over existing .lock.yml files (no recompile, no zizmor/poutine) (direct issue)
• Compiler JSON-encodes && to \u0026\u0026 inside ${{ }} expressions in AWF config printf, breaking workflow parse (direct issue)

@haavamoa

• Release new gh-aw CLI version with firewall v0.25.29 (healthcheck fix) (direct issue)

@jonathanpeppers

• Conclusion comment shows success when safe_outputs fails to submit PR review (direct issue)

@lpcox

• Support importing engine.mcp.tool-timeout from shared workflows (direct issue)

@norrietaylor

• safe-outputs: update-project co-presence regresses handler-derived issues:write to issues:read in minted App token (direct issue)

@tore-unumed

• v0.71 COPILOT_API_KEY dummy-byok-key causes 10-100x premium request over-billing vs v0.68 (direct issue)

@verkyyi

• First-party coding-agent skills wrapping the gh aw CLI (direct issue)

@yskopets

• gh aw v0.71.1 compiles workflows referencing non-existent gh-aw-firewall v0.25.28, causing 404 on AWF binary install (direct issue)

---

For complete details, see CHANGELOG.

Note

🔒 Integrity filter blocked 3 items

The following items were blocked because they don't meet the GitHub integrity level.

• #30705 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #30088 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #30324 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Release · ● 14.1M

---

What's Changed

• Fix js-typecheck failure in OTLP payload guard by @Copilot in #30669
• Add daily SPDD spec-planning workflow that opens actionable issue queues by @Copilot in #30663
• fix: show failure in conclusion comment when safe_outputs job fails by @Copilot in #30666
• Remove cache option from Go setup step by @pelikhan in #30679
• Make bundle mode the default for safe-output patch packaging by @Copilot in #30626
• docs: move release process documentation to CONTRIBUTING.md by @Copilot in #30682
• Stabilize template conditional fuzz assertions to eliminate malformed-input false failures by @Copilot in #30678
• Stabilize codemod registry test by removing stale hardcoded count by @Copilot in #30677
• docs: SPDD spec improvements — multiplier registry, safeguards, conflict norms, error norms, sync notes, compliance stubs by @Copilot in #30681
• Fix lint-go failures in docker context tests and OTLP env assembly by @Copilot in #30676
• [caveman] Optimize instruction verbosity — cli-commands, experiments, github-mcp-server (2026-05-06) by @github-actions[bot] in #30690
• Add missing Agentic Ops pattern page by @Copilot in #30688
• Add retirement notice for releases 0.68.4–0.71.3 and FAQ upgrade instructions by @Copilot in #30698
• fix: skip COPILOT_API_KEY and /reflect when sandbox.agent is disabled by @Copilot in #30687
• Stabilize BenchmarkCompileMCPWorkflow by using Playwright CLI mode in benchmark fixture by @Copilot in #30697
• Align CLI help text semantics and terminology across mcp, project, pr, completion, logs, and init by @Copilot in #30696
• [workflow-style] Normalize report formatting guidance in workflow report prompts by @Copilot in #30702
• feat: support importing engine.mcp.tool-timeout and session-timeout from shared workflows by @Copilot in #30686
• [docs] Self-healing documentation fixes from issue analysis - 2026-05-07 by @github-actions[bot] in #30709
• Consolidate Grumpy + PR Nitpick into single pr-code-quality-reviewer by @Copilot in #30708
• perf: fix 104% regression in ExtractWorkflowNameFromFile by reducing scanner buffer allocation by @Copilot in #30706
• Preserve && in AWF config JSON embedded in lock workflows by @Copilot in #30700
• perf: eliminate reflection in validateSafeOutputsMax (4.3x faster) by @Copilot in #30701
• docs(instructions): never suggest pull_request_target over pull_request by @Copilot in #30718
• build(deps): Bump the npm_and_yarn group a...

v0.72.0

🌟 Release Highlights

This release makes inline sub-agents default-on, fixes a push_to_pull_request_branch rerun failure reported by the community, and improves reliability of Docker workflow execution.

✨ What's New

• Inline sub-agents are now default-on — The features.inline-agents: true flag is deprecated and no longer required. Inline sub-agent artifact staging and restoration are automatically emitted in compiled workflows. Run gh aw fix --write to auto-remove the deprecated flag from your existing workflows via the new features-inline-agents-removal codemod.

• AI discovery endpoints added to docs site — The documentation site now exposes AI-readable discovery files (/.well-known/ai.txt, /ai/summary.json, /ai/faq.json, /ai/service.json) to improve discoverability by AI assistants and crawlers.

🐛 Bug Fixes & Improvements

• Fixed: push_to_pull_request_branch fails with add/add conflict on reruns — When an agent reran and the patch reintroduced a file already present on the PR branch, git am --3way produced an unresolvable CONFLICT (add/add) that blocked incremental updates to long-lived branches. The fix detects add/add-only conflicts, resolves them by taking the patch side (--theirs), and automatically resumes with git am --continue.

• Context-aware Docker checks — IsDockerAvailable and IsDockerImageAvailable now accept and propagate context.Context, replacing bare exec.Command calls with exec.CommandContext. This prevents Docker subprocess calls from hanging indefinitely when the Docker daemon is slow or unresponsive.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@tore-unumed

• push_to_pull_request_branch: git am fails with add/add conflict when target branch already has the file (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 13.3M

---

What's Changed

• fix: correct gh skill install invocation in mattpocock-skills-reviewer by @Copilot in #30526
• Optimize daily-firewall-report with inline sub-agents for charting and firewall aggregation by @Copilot in #30523
• Escape OTLP endpoints JSON before YAML single-quote wrapping by @Copilot in #30527
• fix: use %q instead of single-quote wrapping for filePath in runtime import warnings by @Copilot in #30528
• refactor: extract getRunFailureStatusText helper to eliminate duplicated status mapping in notify_comment_error by @Copilot in #30536
• [instructions] Sync instruction files — document comment-memory in memory.md by @github-actions[bot] in #30555
• [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #30565
• [docs] Update glossary - daily scan by @github-actions[bot] in #30568
• Add homepage JSON-LD graph for WebSite, SoftwareApplication, Organization, FAQ, and SearchAction by @Copilot in #30525
• fix: align "Set up Python" → "Setup Python" in daily-geo-optimizer by @Copilot in #30576
• fix(deps_security): propagate context.Context through security advisory HTTP call by @Copilot in #30577
• Fix Multi-Device Docs Tester: surface safe-output requirement earlier and allow Chrome background domains by @Copilot in #30579
• Configure agent OTEL file export and forward Copilot traces to OTLP by @Copilot in #30530
• Restore token workflow behavior after agentic-ops bundle sync by @Copilot in #30533
• Add output_format A/B experiment to daily issues report and remove deprecated owner field by @Copilot in #30588
• [spec-enforcer] Enforce specifications for actionpins, agentdrain, cli by @github-actions[bot] in #30610
• Remove observability OTLP headers deprecation warning by @Copilot in #30590
• fix: update strict mode test fixture to use playwright CLI mode by @Copilot in #30603
• fix(daily-doc-updater): call noop instead of exiting silently when no docs changes needed by @Copilot in #30600
• Mark fuzz template branch harness as SEC-004 safe-outputs exempt by @Copilot in #30602
• Unify OTLP tool-span service.name under gh-aw in logSpan by @Copilot in #30591
• Remove unsupported owner field from ab-testing-advisor experiment example by @Copilot in #30597
• deps: bump github.com/charmbracelet/x/exp/golden to 2026-05-03 pseudo-version by @Copilot in #30592
• fix: add --force to gh skill install in mattpocock-skills-reviewer by @Copilot in #30599
• feat: promote github.run_attempt to OTLP resource attributes by @Copilot in #30604
• pkg/cli: thread context through Docker availability checks by @Copilot in #30606
• Refactor engine capability detection to use a single EngineCapabilities value by @Copilot in #30605
• Reduce token overhead in Daily Community Attribution while preserving prompt-style experiments and OTLP runtime import by @Copilot in #30589
• Update token optimization workflows by @mnkiefer in #30613
• [aw-compat] Add gh aw fix codemod to auto-set checkout: false for safe pull_request_target workflows by @Copilot in #30596
• Enforce SEC-005 target-repo allowlist in push_experiment_state handler by @Copilot in #30595
• Add AI discovery endpoints to docs site by @Copilot in #30621
• docs: fix spec audit violations in 4 package READMEs by @Copilot in #30629
• [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #30639
• Handle git am --3way add/add conflicts when pushing incremental updates to existing PR branches by @Copilot in #30601
• [docs] Consolidate developer specifications — v9.1 maintenance scan by @github-actions[bot] in #30633
• Enable inline sub-agents by default and deprecate features.inline-agents with auto-removal codemod by @Copilot in #30661

Full Changelog: v0.71.6...v0.72.0

v0.71.6

🌟 Release Highlights

This release delivers a focused round of bug fixes addressing community-reported issues, security hardening, and notable developer experience improvements.

✨ What's New

• Gateway RPC Message Rendering — AWF and MCP RPC message types are now rendered directly in the gateway step summary, giving you clearer visibility into tool call activity during workflow runs.
• Activation Artifact Enhancements — The activation artifact now includes prompt-template.txt and prompt-import-tree.json, making it easier to inspect and debug the prompts used by your workflows.
• small Model Alias for Sub-Agents — Inline sub-agent blocks now use the small model alias by default, reducing cost and latency for lightweight agent tasks.

🐛 Bug Fixes & Improvements

• Safe-outputs App token permissions cap fixed — The GitHub App token minted by safe-outputs was incorrectly capping issues:* permission at the workflow-level value, blocking add-comment and add-labels calls. Permissions are now derived correctly from the individual handlers.
• Dispatch-workflow "No ref found" error — dispatch-workflow was receiving job.workflow_sha as target-ref and failing. The correct ref is now resolved, so dispatching workflows from a commit SHA works as expected.
• Compiler now honors target-repo in shared PR checkout steps — push-to-pull-request-branch.target-repo (and update-pull-request.target-repo) were silently ignored when create-pull-request was not configured. The compiler now correctly threads the target repository through buildSharedPRCheckoutSteps.
• Orphan branch first push no longer silently discarded — An empty baseRef in pushSignedCommits caused the initial push to an orphan branch to be dropped; this is now handled correctly.
• Prompt rendering corruption fixed — JavaScript replace() special-character patterns (e.g. $&, $') could corrupt rendered prompt text; the renderer now escapes substitution patterns safely.
• Firewall audit artifact permissions — Compiled workflows now apply chmod -R a+rX to firewall audit artifacts, fixing permission errors when downloading them.
• Cache-memory miss no longer fails first optimizer run — daily-caveman-optimizer no longer reports a cache_memory_miss as a failure on the very first run.

🔒 Security

• Repo-loaded experiment state size guard — A maximum-size guard (SEC-003) has been enforced on experiment state loaded from the repository, preventing oversized payloads from affecting workflow execution.

📚 Documentation

• AI crawler discoverability — A robots.txt with the correct sitemap directive has been added to the docs site, unblocking AI crawlers from indexing interior pages.
• Friendlier frontmatter error messages — oneOf schema jargon in frontmatter validation messages has been replaced with plain-language descriptions.

🌍 Community Contributions

@bryanchen-d

• compiler: buildSharedPRCheckoutSteps ignores push-to-pull-request-branch.target-repo (and update-pull-request.target-repo) when create-pull-request is not configured (direct issue)

@danquirk

• Bug: dispatch-workflow receives job.workflow_sha as target-ref and fails with No ref found (direct issue)

@norrietaylor

• safe_outputs minted App token caps issues:* permission at workflow-level value, blocking add-comment / add-labels (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 13.6M

---

What's Changed

• [caveman] Optimize instruction verbosity — workflow-health.md, skills.md (2026-05-05) by @github-actions[bot] in #30456
• Enforce max-size guard for repo-loaded experiment state (SEC-003) by @Copilot in #30448
• [ab-advisor] Add output_format A/B experiment to deep-report workflow by @Copilot in #30447
• fix: replace APM with gh skill install in mattpocock-skills-reviewer workflow by @Copilot in #30433
• Use small model alias in inline sub-agent blocks by @Copilot in #30398
• Token optimization: daily-doc-updater — reduce sequential tool calls (~25–35% cost reduction) by @Copilot in #30438
• fix: dispatch-workflow fails with "No ref found" when target-ref is a commit SHA by @Copilot in #30426
• Fix safe-outputs GitHub App token permissions cap by deriving from handlers instead of workflow-level block by @Copilot in #30437
• fix: don't report cache_memory_miss as failure on first run of daily-caveman-optimizer by @Copilot in #30466
• Fix firewall audit artifact permissions in compiled workflows (chmod -R a+rX) by @Copilot in #30414
• fix: prevent JS replace() special patterns from corrupting rendered prompts by @Copilot in #30461
• refactor: decouple safe-outputs checkout from event trigger context by @Copilot in #30071
• fix: orphan branch first push silently discarded by empty baseRef in pushSignedCommits by @Copilot in #30463
• feat: add prompt-template.txt and prompt-import-tree.json to activation artifact by @Copilot in #30465
• Update Q workflow prompt to never modify itself and target workflows from GitHub context by @Copilot in #30476
• Add rebuild/recompile warning comments to firewall and mcpg version constants by @Copilot in #30478
• Update 2026-05-06 model multiplier inventory (Claude/GPT corrections + new Gemini/Copilot entries) by @Copilot in #30473
• Fix mapsloop lint violation in safe output app permission merge by @Copilot in #30480
• fix(compiler): honor push-to-pull-request-branch target-repo in shared PR checkout steps by @Copilot in #30474
• Replace oneOf schema jargon with user-friendly language in frontmatter docs by @Copilot in #30488
• Bump default firewall version to v0.25.41 by @Copilot in #30479
• Remove experiments.owner field from front matter, JSON, and docs by @Copilot in #30490
• feat: render AWF/MCP RPC message types in gateway step summary by @Copilot in #30489
• docs: add robots.txt with sitemap directive to fix AI crawler discoverability by @Copilot in #30503
• fix: make cloclo run-failure message actionable with run logs link by @Copilot in #30502

Full Changelog: v0.71.5...v0.71.6

v0.71.5

🌟 Release Highlights

This release focuses on reliability and correctness across the engine.env compilation pipeline, the security check layer, and the Claude engine — with five community-reported issues resolved.

🐛 Bug Fixes & Improvements

• Claude engine stability — Workflows using the claude engine no longer crash mid-session with "Fast mode unavailable". CLAUDE_CODE_DISABLE_FAST_MODE=1 is now set automatically to suppress an incompatible server-side flag introduced in Claude Code 2.1.120+.

• engine.env multi-line values — Block-scalar engine.env values (written with >- and extra-indented continuation lines) previously compiled to broken YAML with embedded newlines. These now compile correctly into valid multi-line env: entries. (Reported by @jeffhandley in #30204)

• engine.env needs expressions — Custom job references in engine.env values (e.g. ${{ needs.my_job.outputs.value }}) were silently dropped from the agent job's needs list, causing those expressions to evaluate to empty strings at runtime. The compiler now correctly wires these dependencies. (Reported by @jeffhandley in #30232)

• gh aw upgrade false BYOK warning — gh aw upgrade was incorrectly warning "Remove unsafe secrets from engine.env" for COPILOT_PROVIDER_API_KEY and COPILOT_PROVIDER_BEARER_TOKEN, silently stripping legitimate BYOK configuration. gh aw upgrade now matches gh aw compile in allowing these keys. (Reported by @MauroDruwel in #30178)

• pull_request_review activation signal — Workflows triggered by pull_request_review events no longer silently skip the 👀 reaction and run-started comment. The buildReactionLikeCondition allowlist now includes this event type. (Reported by @mason-tim in #30336)

• Confused-deputy false positive for bot-menu patterns — The security check introduced in v0.71.4 was blocking the legitimate pattern where a bot posts a checkbox-menu comment and a human maintainer edits it to tick a box (issue_comment:edited). The check now automatically detects [bot]-authored comments and skips the guard for that path, while keeping all other issue_comment:created paths fully protected. (Reported by @theletterf in #30327)

✨ What's New

• allow-bot-authored-trigger-comment frontmatter option — For bots that don't follow the standard [bot] naming convention, you can now opt into the confused-deputy bypass explicitly:

  on:
    issue_comment:
      types: [edited]
    allow-bot-authored-trigger-comment: true

• MCP progress notifications — The logs, audit, and audit-diff MCP tools now stream real-time progress updates to AI clients (Copilot, Claude) during long-running operations, eliminating silent 30+ second waits.

• MCP Gateway bump to v0.3.6 — The embedded MCP gateway has been updated to ghcr.io/github/gh-aw-mcpg:v0.3.6 with pinned digest for supply-chain safety.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@jeffhandley

• Agent 'needs' does not incorporate jobs in engine.env expressions (direct issue)
• Multi-line expressions unsupported in engine.env values (direct issue)

@mason-tim

• Activation comment / reaction not posted for pull_request_review triggers — buildReactionLikeCondition allowlist is incomplete (direct issue)

@MauroDruwel

• gh aw upgrade: still warns 'Remove unsafe secrets from engine.env' despite fix in #29378 for compile (direct issue)

@theletterf

• Confused-deputy check denies legitimate bot-posted-menu / user-checks-box pattern on issue_comment(edited) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.7M

---

What's Changed

• [spec-enforcer] Enforce specifications for cli by @github-actions[bot] in #30141
• [docs] Update documentation for features from 2026-05-04 by @github-actions[bot] in #30136
• [docs] Update glossary - weekly full scan by @github-actions[bot] in #30133
• feat: auto-allow playwright-cli bash command when playwright cli mode is enabled by @Copilot in #30126
• Add mattpocock-skills-reviewer agentic workflow by @Copilot in #30122
• [architecture] Update architecture diagram - 2026-05-04 by @github-actions[bot] in #30117
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #30112
• [specs] Update layout specification - 2026-05-04 by @github-actions[bot] in #30105
• Fix stale $INSTRUCTION assertion in TestEngineArgsIntegrationCodex by @Copilot in #30100
• [schema-coverage] feat: Add schema coverage demo for metadata field by @github-actions[bot] in #30099
• [schema-coverage] feat: Add schema coverage demo for labels field by @github-actions[bot] in #30098
• [spec-review] Update Safe Outputs conformance checker for recent spec changes by @github-actions[bot] in #30074
• [log] add debug logging to 5 Go packages by @github-actions[bot] in #30061
• Add GitHub Copilot billing multipliers collection to daily-model-inventory workflow by @Copilot in #30060
• Fix missing safe-output calls in Schema Consistency Checker and Multi-Device Docs Tester by @Copilot in #30109
• fix: resolve 3 claude-engine workflow failures (safe-output misses + blocked commands) by @Copilot in #30110
• chore: reduce per-engine boilerplate in domains.go public API by @Copilot in #30072
• [dead-code] chore: remove dead functions — 4 functions removed by @github-actions[bot] in #30167
• [docs] Consolidate developer specifications v9.0 — tone fix and engine domain registry docs by @github-actions[bot] in #30157
• docs: fix spec audit — add Public API, Usage Examples, and Dependencies to 17 packages by @Copilot in #30155
• fix(workflow): normalize report formatting in copilot-pr-nlp-analysis by @Copilot in #30160
• deps: update github.com/modelcontextprotocol/go-sdk v1.5.0 → v1.6.0 by @Copilot in #30164
• fix: 4 CLI consistency issues in mcp, logs, and init commands by @Copilot in #30158
• feat: Add daily Grafana OTel Instrumentation workflow by @mnkiefer in #30190
• fix: replace hardcoded mcpToolParams() with reflection-based extraction by @Copilot in #30166
• [jsweep] Clean add_reaction_and_edit_comment.cjs by @github-actions[bot] in #30062
• fix: add actions: read permission to smoke-water.yml (#investigate-smoke-water-failure) by @Copilot in #30197
• fix: format Go code with go fmt by @Copilot in #30199
• feat: delegate Phase 6 & 7 of daily-security-red-team to haiku inline sub-agents by @Copilot in #30195
• Add service.version to setup job spans via compiler env injection by @Copilot in #30198
• fix: gh aw upgrade strips BYOK credentials from engine.env by @Copilot in #30194
• fix: add missing noop calls to 4 workflows causing silent failures by @Copilot in #30210
• feat: merge all OTLP endpoints from shared agentic workflow imports by @Copilot in #30209
• fix: remove empty parent block after last child is removed by codemod by @Copilot in #30216
• perf: fix ~28% BenchmarkYAMLGeneration regression by eliminating reflection hot path by @Copilot in #30208
• fix(otlp): add standard resource attributes to logSpan tool spans by @Copilot in #30215
• feat: model alias inventory update 2026-05-05 by @Copilot in #30238
• Bump firewall to v0.25.38 and mcpg to v0.3.6 by @Copilot in #30230
• test(parser): improve import_cache_test.go quality per testify-expert criteria by @Copilot in #30218
• Fix mcp list-tools tab completion offering completions for second positional arg by @Copilot in #30221
• chor...

v0.71.4

🌟 Release Highlights

This release delivers a major A/B experimentation infrastructure, significant performance optimizations, improved security hardening, and a growing set of engine/model improvements.

✨ What's New

🧪 A/B Experiments CLI & Infrastructure
A full experiment lifecycle is now supported: define variants, run them round-robin, collect per-run state, and analyze results statistically. New commands include gh aw experiments to read experiment state from storage branches and gh aw experiments analyze for statistical computation (significance testing, sample-size tracking). Workflows can now store experiment state in either cache or a dedicated repo branch.

• #30020 Add experiments command for reading experiment state
• #30029 Extend experiments analyze with statistical computation
• #29985 Experiment schema additions, per-run state, OTEL attributes, audit accuracy
• #29996 Add storage option (cache | repo, default repo) to experiments
• #29988 Select randomly on cache miss instead of always picking first variant

🤖 Codex Engine: Default Harness with Retry Logic
Codex workflows now get a default codex_harness.cjs with built-in retry logic, making Codex-engine workflows more resilient out of the box. (#30035)

🔬 AWF /reflect Endpoint Integration
Agent harnesses now fetch the /reflect endpoint before and after running the agent, surfacing model introspection data in step summaries for better observability. (#29420, #30028)

🔐 Pull Request Security: pwn-request Detection
The compiler now validates pull_request_target workflows and detects patterns that could expose secrets to untrusted code — protecting repositories from confused-deputy attacks. (#29433)

📊 Multiple OTLP Endpoints
The endpoint field in OTLP observability config is now polymorphic — supply a single endpoint string or an array to fan out telemetry to multiple backends simultaneously. (#30021)

🏷️ Model Aliases & Validation
New builtin aliases gpt-4.1, reasoning (o1/o3/o4 families), and gpt-5-nano; fixed gpt-5-mini multiplier placeholder (was 0). Model aliases are now validated against the Model Alias Format spec. GitHub Actions expressions are now supported in alias parsers. (#30003, #30000, #29995)

🔒 Minimal Secrets Inheritance by Default
Workflows no longer use secrets: inherit by default — the compiler now infers the minimal set of secrets actually needed, reducing the blast radius of any token compromise. (#29455)

⏱️ --cool-down Flag for update Command
gh aw update now accepts --cool-down (default 7d) to avoid re-updating workflows that were recently refreshed. (#29454)

🖼️ <img> Tags in Safe Outputs
Safe-outputs HTML rendering now allows <img> tags, enabling richer formatted output in issue/PR comments. (#29401)

⚡ Performance

• YAML generation: -7% latency, -10% allocations on hot paths (#29409)
• Validation: 73% reduction in allocations — 11 → 3 allocs/op (#29408)
• Compiler: Eliminated redundant frontmatter re-parse in buildJobs (#29410)

🐛 Bug Fixes & Improvements

• Compiler detects single-quoted bash commands that crash Copilot CLI and now sanitizes them automatically (#30040)
• Action version downgrade prevention: UpdateActions no longer pins actions to older SHAs (#29477)
• MCP stdin piping: mcp-cli-bridge now supports multiline tool arguments via stdin (#29446)
• Schema validation errors: Raw schema errors are now transformed into actionable, human-readable messages (#29406)
• Dependabot security: Bot filtering is now guarded against confused-deputy attacks via dependabot (#29432)
• COPILOT_PROVIDER_ strict-mode*: Tokens are now allowed through strict-mode allowlist; BYOK mode documented (#29411)
• Round-robin on cache miss: Starting item is now randomly selected to avoid thundering-herd on first run (#30005)

📚 Documentation

• W3C-style A/B Experiments Specification — formal spec for experiment definitions
• Model Alias Format Specification
• COPILOT_PROVIDER_* variables and BYOK mode are now documented (#29411)
• Updated tools instructions and builtin prompts for gh-proxy mode (#29412)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bartul

• Upload activation artifact step missing include-hidden-files: true — silently drops .claude/.github from activation snapshot (direct issue)

@MauroDruwel

• docs: COPILOT_PROVIDER_* variables not documented and strict-mode allowlist not updated (direct issue)
• question: why is COPILOT_GITHUB_TOKEN still required when using an external provider? (direct issue)

@sg650

• Add <img> to safe-outputs HTML tag allowlist (direct issue)

@szabta89

• Proposal: make Repo Mind Light integration more reusable in gh-aw (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.1M

---

What's Changed

• fix: resolve stale wasm golden files and missing serena.md test fixture by @Copilot in #29370
• Introduce shared/daily-pr-base.md for automated code-improvement PR workflows by @Copilot in #29368
• Fix thundering-herd rate-limit failures: spread FUZZY:DAILY pool from 3h to 18h window by @Copilot in #29369
• [spec-enforcer] Enforce specifications for timeutil, tty, types by @github-actions[bot] in #29385
• fix(daily-community-attribution): cap Tier 3 lookups and add token budget guardrails to stop runaway by @Copilot in #29383
• fix(smoke-claude): resolve only unresolved review threads in test #16 by @Copilot in #29373
• Introduce shared/daily-issue-base.md for scheduled issue-creating workflows by @Copilot in #29374
• feat(copilot-session-insights): add orphaned branch escalation detection for high-gate CI waste by @Copilot in #29384
• fix(design-decision-gate): add MCP keepalive-interval: 60 to prevent GitHub MCP HTTP connection drops by @Copilot in #29375
• [FAQ] Add: controlling the agent's working branch at runtime by @chrizbo in #29377
• feat: add label-triggered jobs (disable workflow, apply safe outputs) to maintenance workflow by @Copilot in #29269
• fix: replace deprecated {{#import}} with {{#runtime-import}} in workflow files by @Copilot in #29399
• feat: add <img> to safe-outputs HTML tag allowlist by @Copilot in #29401
• optimize: reduce repository-quality-improver token usage ~800K/run by @Copilot in #29407
• fix(mcp): transform raw schema validation errors into helpful "Did you mean?" messages by @Copilot in #29406
• perf: eliminate redundant file read and frontmatter re-parse in buildJobs by @Copilot in #29410
• perf: optimize YAML generation hot paths (-7% latency, -10% allocations) by @Copilot in #29409
• docs: update tools instructions and builtin prompts for gh-proxy mode by @Copilot in #29412
• perf: reduce BenchmarkValidation allocations 73% (11 → 3 allocs/op) by @Copilot in #29408
• fix: add COPILOT_PROVIDER_* to strict-mode allowlist, skip token validation in BYOK mode, and document Copilot BYOK by @Copilot in #29411
• feat(token-optimizer): migrate prompt to gh-proxy mode with bash+jq efficiency guidance by @Copilot in https://gith...

v0.68.3

🌟 Release Highlights

This release delivers a major overhaul of push_signed_commits.cjs for edge-case reliability, significant improvements to shared workflow imports, smarter AI model error handling, and a wave of community-driven fixes.

✨ What's New

• Model-not-supported detection — When a model is unavailable or not supported by your Copilot plan, the workflow now stops retrying and surfaces a clear, actionable error in the failure report rather than spinning indefinitely. (#26229)
• checkout field in shared imports — Shared importable workflows now support a checkout field, giving you control over which ref is checked out when importing a shared workflow. (#26292)
• env field in shared imports — You can now pass environment variables via env: in shared import blocks, eliminating the need for workarounds when shared workflows require custom env context. (#26113)
• Time Between Turns (TBT) metric — gh aw audit and gh aw logs now report Time Between Turns, a key indicator of whether LLM prompt caching is effective for your workflows. (#26321)
• OTEL token breakdown — Conclusion spans now include token category breakdowns as attributes, enabling richer cost analysis in your observability dashboards. (#26121)
• API consumption charts as inline images — API consumption reports now render charts as inline Markdown images for instant visibility without requiring external image hosting. (#26150)

🐛 Bug Fixes & Improvements

push_signed_commits.cjs — five targeted fixes:

• File content is now read from commit objects (not the working tree), preventing stale-file bugs in agent-driven commits. (#26287)
• Copy/rename detection and C-quoted filenames are now handled correctly. (#26277)
• Non-100644 file modes (executables, symlinks) are detected and handled gracefully. (#26259)
• Commit ordering uses --topo-order and merge commits are handled with a git push fallback. (#26306)
• Submodule entries now fall back to a plain git push instead of erroring. (#26298)

Other notable fixes:

• on.github-token propagated to activation job — Cross-org workflow_call setups no longer fail because the GitHub token was missing from checkout and hash-check steps. (#26137)
• copilot-driver --resume auth recovery — Authentication failures during --continue/--resume are now handled instead of crashing the driver. (#26146)
• add_comment gains reply_to_id — The reply_to_id parameter is now documented in the MCP tool schema so agents reliably pass it when threading replies. (#26288)
• safe-outputs.actions tools exposed — Custom action tools defined in safe-outputs.actions are now included in the agent's MCP toolset. (#26291)
• engine.max-turns preserved through shared imports — The max-turns setting no longer silently drops when the engine config is sourced from a shared import. (#26122)
• Docker no longer required for gh aw compile --validate — Validation now skips Docker image checks when Docker is unavailable; opt in with --validate-images when needed. (#26074)
• GH_HOST env var used for GH CLI calls — gh repo view and gh pr create now respect GH_HOST, fixing failures in GHES and cross-org contexts. (#26311)
• resolveIssueNumber strips stray quotes — Item numbers wrapped in quotes no longer cause resolution failures. (#26114)
• --safe-update renamed to --approve — The flag name now more clearly conveys its intent. (#26160)

📚 Documentation

• Gemini AI engine added to the introduction/how-they-work guide. (#26147)
• github-app documented as a top-level Allowed Import Field in the imports reference. (#26119)
• New working-directory navigation example in the side-repo-ops pattern. (#26123)
• Comprehensive new guide: Maintaining repos with agentic workflows at scale. (#26073)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• Feature: Auto-detect available models or gracefully fallback on 400 errors (Copilot Pro/Education) (direct issue)

@bbonafed

• on.github-token not propagated to checkout and hash check steps in activation job (breaks cross-org workflow_call) (direct issue)

@corygehr

• add-comment: reply_to_id not documented in tool schema, causing agents to skip it (direct issue)

@susmahad

• safe-outputs.actions custom action tools not exposed to agent MCP toolset (direct issue)

@tadelesh

• copilot-driver --resume fails with 'No authentication information found' after transient AI model error (direct issue)

@wtgodbe

• bug: resolveIssueNumber should strip surrounding quotes from item_number values (direct issue)

@yskopets

• feat: support checkout field in importable shared workflows (direct issue)
• Support env field in shared imports (direct issue)
• engine.max-turns is silently dropped when engine config is sourced from a shared import (direct issue)
• Remove Docker dependency from gh aw compile --validate (direct issue)
• docs: add working-directory navigation example to side-repo-ops pattern (direct issue)
• Docs: add top-level github-app to Allowed Import Fields in imports reference (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 4.1M

---

What's Changed

• Add retry with jitter to create_issue safe-output handler by @Copilot in #26056
• docs: comprehensive guide for maintaining repos with agentic workflows at scale by @Copilot in #26073
• Migrate chart image uploads to upload-artifact with skip-archive in shared workflows by @Copilot in #26075
• Update instructions to use upload-artifact with skip-archive instead of upload-asset by @Copilot in #26076
• Add spec-extractor, spec-enforcer, and spec-librarian agentic workflows by @Copilot in #26083
• feat(deep-report): increase create-issue max from 3 to 7 by @Copilot in #26077
• Skip Docker image validation when Docker is unavailable, add --validate-images flag by @Copilot in #26074
• [actions] Update GitHub Actions versions - 2026-04-13 by @github-actions[bot] in #26087
• fix: update TestMCPGSupportsIntegrityReactions for MCPG v0.2.19 default by @dsyme in #26091
• fix: add imperative verbs to "Super-linter" and "Cross-repo setup guidance" step names by @Copilot in #26095
• Add --gemini-api-target to AWF proxy for Gemini API routing by @Copilot in #26060
• [safe-output-integrator] Add missing test workflow for upload-asset safe output type by @github-actions[bot] in #26103
• Add hippo-memory shared workflow and daily learn workflow by @Copilot in #26109
• Add MemPalace as a shared MCP workflow by @Copilot in #26102
• docs: add README specifications for 15 missing packages, update console and logger specs by @Copilot in #26105
• Fix gh pr checkout failing with GH_HOST mismatch in issue_comment workflows by @Copilot in #26037
• feat: resolve upload_artifact temporary IDs to artifact URLs in safe output bodies by @Copilot in #26108
• fix: strip surrounding quotes from item_number in resolveIssueNumber by @Copilot in https...

v0.68.2

🌟 Release Highlights

This release delivers a focused wave of reliability improvements: compiler fixes that were blocking real workflows, expanded strict-mode flexibility, deeper temporary ID support, and a new integrity-reactions feature for fine-grained trust control. A huge batch of community-reported bugs across Copilot engine, safe-outputs, cross-org workflows, and MCP Gateway are now resolved.

✨ What's New

• Reaction-based integrity control — The new integrity-reactions feature flag (requires MCPG ≥ v0.2.18, now bundled as v0.2.19) lets maintainers promote or demote tool-use integrity via 👍/❤️ and 👎/😕 GitHub reactions in proxy mode. Configurable endorsement and disapproval reaction sets with sensible defaults. Learn more

• Temporary ID resolution now reaches further — #temporary_id references are now resolved inside dispatch_workflow input values, update_issue/add_comment targets, and git am patch content — closing three long-standing gaps that required manual workarounds.

• Strict mode secrets unlocked — Strict mode now permits secrets.* in step-level with: bindings for action steps in pre-agent custom steps, and in step env: bindings — giving workflows a secure path to external secret managers without disabling strict mode entirely.

• slash_command event scoping — A new scope option lets workflows restrict which event types (issue comment, PR comment, etc.) trigger slash commands, reducing noise from unintended contexts.

• assign_to_agent multi-platform support — Copilot can now be assigned to the same issue multiple times when each assignment targets a different pull_request_repo (e.g., separate iOS and Android repositories), enabling true cross-platform agentic workflows.

• workflows: write auto-inferred — The compiler now automatically infers the workflows: write permission when a GitHub App token's allowed-files targets .github/workflows/, eliminating a confusing manual step.

🐛 Bug Fixes & Improvements

• create_issue rate-limit resilience — Added retry with jitter to the create_issue safe-output handler, preventing HTTP 403 failures when multiple daily workflows complete simultaneously and burst the API rate limit.

• create_pull_request ENOBUFS crash — Fixed a spawnSync buffer overflow that caused create_pull_request to fail on large diffs; the safe-output handler no longer crashes on oversized payloads.

• create_pull_request_review_comment tool not found — Resolved a runtime registration issue where the create_pull_request_review_comment safe-output tool was declared but not discoverable at runtime.

• Copilot engine workflows restored — Fixed two distinct failures introduced in v0.67.2–v0.67.4 that broke Copilot-engine workflows; plus resolved silent exit code 1 errors in the compiled Copilot CLI.

• Compiler: --allow-domains quoting fixed — The compiler no longer single-quotes --allow-domains values, which was breaking $\{\{ }} GitHub Actions expressions and causing HTTP 422 errors on workflow dispatch.

• inputs.* expressions in workflow_call — Expressions using inputs.* in prompt bodies are now properly resolved when a workflow is invoked via workflow_call.

• OIDC env vars forwarded to MCP Gateway — The compiler now forwards ACTIONS_ID_TOKEN_REQUEST_URL and related OIDC env vars to the docker run command for the MCP Gateway, enabling OIDC-based authentication flows.

• MCP servers on GitHub Enterprise Server — Improved documentation and policy guidance for organizations where the "MCP servers in Copilot" policy is not visible in GHE settings.

• SARIF upload permissions — Fixed Resource not accessible by integration errors during SARIF upload by correctly provisioning the required security-events: write permission.

• Cross-org workflow_call — Resolved failures in resolve_host_repo, checkout, and hash checks when invoking workflows across organization boundaries.

• push_repo_memory bot-comment guard — Fixed a bug where the push_repo_memory job ran even when the workflow was triggered by a bot comment that skipped pre_activation.

• ParseWorkflow ~18% faster — Eliminated a JSON round-trip in schema validation and optimized node traversal, reducing workflow parse time by ~18% with ~22% fewer allocations.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@apenab

• MCP servers blocked by policy on GHE — unable to find "MCP servers in Copilot" policy setting (direct issue)

@bbonafed

• Cross-org workflow_call: resolve_host_repo, checkout, and hash check all fail (direct issue)
• Compiler does not forward OIDC env vars to MCP Gateway docker run command (direct issue)

@benvillalobos

• inputs.* expressions in prompt body not resolved when called via workflow_call (direct issue)

@bryanchen-d

• bug: compiler single-quotes --allow-domains breaking $\{\{ }} GA expressions, causing HTTP 422 on workflow dispatch (direct issue)

@camposbrunocampos

• assign_to_agent: allow multiple assignments to same issue when pull_request_repo differs (direct issue)

@corygehr

• Copilot-engine workflows broken: two distinct failures across v0.67.2 and v0.67.4 (direct issue)

@devantler

• Compiler does not auto-infer workflows: write on GitHub App tokens when allowed-files targets .github/workflows/ (direct issue)
• Support temporary ID resolution for update_issue and add_comment targeting (direct issue)

@JanKrivanek

• Safe-output tool 'create_pull_request_review_comment' not found at runtime despite correct declaration (direct issue)

@johnpreed

• dispatch_workflow handler does not resolve #temporary_id references in input values (direct issue)

@kbreit-insight

• SARIF upload gives "Resource not accessible by integration" error (direct issue)

@neta-vega

• slash_command: scope option to restrict trigger event types (direct issue)

@susmahad

• Strict mode blocks secrets.* in step env: bindings — no secure path for workflows that need external secret managers (direct issue)
• Strict mode: allow secrets.* in step-level with: for action steps in pre-agent custom steps (direct issue)

@theletterf

• Copilot CLI exits with code 1 silently when compiled with v0.67.3 (pre-release) (direct issue)

@wtgodbe

• Temporary ID references in patch content are not resolved before git am (direct issue)

@yskopets

• safeoutputs create_pull_request fails with ENOBUFS on large diffs (spawnSync buffer overflow) (direct issue)
• bug: push_repo_memory job runs when workflow is triggered by a bot comment (pre_activation skipped) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.6M

---

What's Changed

• feat(test-quality-sentinel): pre-fetch PR diff, trim toolsets/bash tools, cap continuations by @Copilot in #25685
• build(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #25699
• fix: update golden test files for Copilot CLI bump to 1.0.21 by @Copilot in #25692
• feat: use job.workflow_* context for host repo resolution by @salmanmkc in #25697
• fix: add actionlint config and fix SC2129 grouped redirects by @Copilot in #25700
• fix: restore permission-discussions in GitHub App token fields by @lpcox in #25709
• fix: resolve #temporary_id references in dispatch_workflow inputs before dispatching by @Copilot in #25693
• feat: container image digest pinning in actions-lock.json with update/upgrade integration by @Copilot in #25688
• Write JSONL mirror unconditionally, decoupled from OTLP endpoint by @Copilot in #25716
• Add cross-repo allowlist validation to close_entity_helpers (SEC-005) by @Copilot in #25715
• Fix inputs.* expressions not resolved when workflow invoked via workflow_call by @Copilot in #25718
• [aw] Updates available by @github-actions[bot] in #25726
• Fix test failures after action pin updates by @Copilot in #25745
• fix: doubl...