Releases: github/gh-aw
Release list
v0.82.12
🌟 Release Highlights
This release brings usability improvements to gh aw add, important security fixes for agent sandboxing, and a wave of internal refactoring that strengthens the codebase quality and consistency.
✨ What's New
gh aw addbootstrap by default — The package manifestconfigbootstrap flow now runs automatically when adding a new workflow, reducing manual setup steps.- Enhanced GitHub host detection — PAT creation and setup commands now correctly detect GitHub host variants, improving multi-environment setups.
- New
mapclearlooplinter — Automatically replaces range-delete loops with the idiomaticclear(m)call, keeping generated Go code clean and modern.
🐛 Bug Fixes & Improvements
- Agent sandbox credential isolation — Job-output credential env vars are now correctly excluded from the agent sandbox (
--exclude-env), preventing inadvertent credential leakage. - External threat detection — Custom engine base URLs and allowlist propagation are now properly honored, fixing false-negative detections in custom environments.
- SHA-pinned action version comments — Fixed a bug where version comments were lost when
SkipHardcodedFallbackwas set, restoring full audit traceability. - MAI model update — Updated to
mai-code-1-flash-pickerwith improved sandbox test isolation. - ESLint error-handling normalization — Consistent error-handling patterns in
actions/setup/jsimprove reliability of generated JavaScript setup steps. - Release PR comment throttling — Rate-limit-safe posting prevents secondary rate limit errors during busy release cycles.
🔧 Internal
Extensive refactoring this release: unified token-usage metrics (TokenCoreMetrics), options-struct patterns to eliminate excessive function parameters, shared analysis base types, and consolidated AST predicates across linters.
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 16.7 AIC · ⊞ 7.6K
What's Changed
- Run package manifest
configbootstrap flow by default ingh aw addby @mnkiefer with @Copilot in #46041 - Throttle release PR comment posting to avoid secondary rate limits by @pelikhan with @Copilot in #46081
- refactor: extract TokenCoreMetrics to unify token-usage quartet by @pelikhan with @Copilot in #46059
- Replace positional boolean params with named option structs in workflow helpers by @pelikhan with @Copilot in #46064
- [linter-miner] feat(linters): add mapclearloop linter — replace range-delete loops with clear(m) by @github-actions[bot] in #46060
- refactor: introduce options structs to eliminate excessivefuncparams linter violations by @pelikhan with @Copilot in #46065
- Extract shared AnalysisBase from DomainAnalysis/FirewallAnalysis by @pelikhan with @Copilot in #46063
- Extract shared base for access and firewall log summaries by @pelikhan with @Copilot in #46079
- fix: update MAI model to mai-code-1-flash-picker and fix sandbox test isolation by @pelikhan with @Copilot in #46052
- Fix external threat detection to honor custom engine base URLs and allowlist propagation by @pelikhan with @Copilot in #46077
- [log] Add debug logging to workflow and CLI helpers by @github-actions[bot] in #46124
- refactor: consolidate duplicate byte/string AST predicates into linters astutil by @pelikhan with @Copilot in #46108
- Enhance GitHub host detection for PAT creation and setup commands by @mnkiefer in #46128
- fix: SHA-pinned actions lose version comment when SkipHardcodedFallback is set by @pelikhan with @Copilot in #46122
- [community] Update community contributions in README by @github-actions[bot] in #46116
- [yamllint-fixer] Trim trailing whitespace and cap blank runs in inlined prompt content by @github-actions[bot] in #46123
- fix(eslint): normalize error-handling patterns in actions/setup/js by @pelikhan with @Copilot in #46101
- fix: exclude job-output credential env vars from agent sandbox (--exclude-env) by @pelikhan with @Copilot in #46076
Full Changelog: v0.82.11...v0.82.12
v0.82.11
🌟 Release Highlights
This release focuses on improved onboarding, stronger safe-outputs reliability, expanded eval coverage, and a wave of targeted bug fixes across the agentic harnesses and compiler toolchain.
✨ What's New
- Streamlined
gh aw addsetup — The package manifestconfigbootstrap flow now runs automatically, reducing manual configuration steps when adding new workflows. (#46041) - Preconfigured Copilot PAT onboarding in
gh aw add-wizard— The wizard now walks users through setting up a Copilot Personal Access Token, making first-time setup smoother. (#45987) - Fork-backed safe-output pull request support — Safe outputs now support creating pull requests from fork-backed branches, expanding the supported workflow topologies. (#45909)
- GitHub MCP Server upgraded to v1.6.0 — The bundled MCP server is now at v1.6.0 with
fields_paramenabled by default, giving workflows access to richer GitHub data. (#45832) - Issue-intent metadata required for close/assignment tools —
closeandassign_to_agenttools now requireissue-intentmetadata by default (with per-tool opt-out), reducing unintentional issue state changes. (#46014) - Evals expanded to 24 more workflows — Automated evaluation coverage has been significantly broadened, improving reliability signals across the workflow library. (#45984)
- PR sous-chef surfaces failed checks in nudge comments — When a PR is nudged, failed CI checks are now included in the comment, making it easier to act on blocking issues. (#45957)
🐛 Bug Fixes & Improvements
- Fix
repositories: ["*"]in GitHub App token minting — Activation tokens now correctly honor wildcard repository scopes. (#45908) - Decouple safe-outputs client token from project token — The Process Safe Outputs client token is now independent of the project-specific token, fixing token confusion in multi-project setups. (#45999)
- Fix compiler version normalization for
git describeoutput — Version strings fromgit describeare now normalized correctly before use in compiled workflows. (#46030) - Fast-fail Copilot harness on LLM invocation cap — When the LLM invocation cap is saturated, the Copilot harness now fails fast instead of hanging. (#45827)
- Exempt large body/content fields from SM-IS-01 10 KB cap — Added
maxLength: 65536to body and content fields so large payloads are not incorrectly rejected. (#45826) - Detect Claude Code 401 auth errors in
claude_harness— Authentication failures from Claude Code are now caught and reported clearly. (#45982) - Fix Pi JSONL eval log parsing — YES/NO answers in Pi engine JSONL log format are now parsed correctly. (#45960)
- Align
actionlintto v1.7.12 — All references now use a consistent actionlint version. (#45979) - Prevent spurious
.githubsymlink probes — The frontmatter hash GitHub API reader no longer emits false symlink probe requests. (#45989) - Improve unknown model pricing errors — Better error messaging and accurate issue titles when a model's pricing data is missing. (#45985)
- Prevent duplicate "Download container images" step in Codex evals — A duplicate step in the generated Codex evals job is now correctly suppressed. (#45991)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 33.8 AIC · ⊞ 7.6K
What's Changed
- nilctxpassed: ignore variadic spread slice arguments to prevent false positives by @pelikhan with @Copilot in #45906
- [WIP] Fix failing GitHub Actions job Integration: Workflow Misc Part 2 by @pelikhan with @Copilot in #45927
- [WIP] Fix failing GitHub Actions job agent by @pelikhan with @Copilot in #45935
- [avenger] Update wasm golden files for action pin bumps by @github-actions[bot] in #45948
- feat: surface failed checks in pr-sous-chef nudge comments by @pelikhan with @Copilot in #45957
- fix(evals): parse YES/NO answers from Pi JSONL engine log format by @pelikhan with @Copilot in #45960
- [instructions] Sync instruction files with release v0.82.10 by @github-actions[bot] in #45967
- fix: add maxLength: 65536 to body/content fields to exempt from SM-IS-01 10 KB cap by @pelikhan with @Copilot in #45826
- Honor
repositories: ["*"]in activation GitHub App token minting by @pelikhan with @Copilot in #45908 - fix: fast-fail copilot harness when LLM invocation cap is saturated by @pelikhan with @Copilot in #45827
- [docs] Update glossary - daily scan by @github-actions[bot] in #45975
- feat: upgrade GitHub MCP server to v1.6.0, enable fields_param by default by @pelikhan with @Copilot in #45832
- eslint-factory: consolidate fs-sync try/catch rules and unify ESM/CJS fs binding detection by @pelikhan with @Copilot in #45964
- [eslint-miner] feat(eslint): add require-new-url-try-catch rule by @github-actions[bot] in #45971
- eslint-factory: extract nonStringKind to shared module; align setOutput rule with CORE_ALIASES by @pelikhan with @Copilot in #45973
- Refactor
ResolveWorkflowsinto focused helpers to reduce largefunc backlog by @pelikhan with @Copilot in #45965 - Add evals to 24 more agentic workflows by @pelikhan with @Copilot in #45984
- fix: align actionlint version to v1.7.12 across all references by @pelikhan with @Copilot in #45979
- fix: detect Claude Code 401 auth errors in claude_harness by @pelikhan with @Copilot in #45982
- fix: unknown model pricing — better error options and accurate issue title by @pelikhan with @Copilot in #45985
- fix: prevent duplicate "Download container images" step in codex evals job by @pelikhan with @Copilot in #45991
- Add fork-backed safe-output pull request support by @pelikhan with @Copilot in #45909
- fix: prevent spurious .github symlink probes in frontmatter hash GitHub API reader by @pelikhan with @Copilot in #45989
- Add preconfigured Copilot PAT onboarding in
gh aw add-wizardby @mnkiefer with @Copilot in #45987 - fix add normalization for git describe compiler versions by @mnkiefer in #46030
- feat: add smoke-copilot-mai workflow using mai-code-1-flash by @pelikhan with @Copilot in #46048
- [spdd] Daily spec work plan - 2026-07-16 (rotation 15–19) by @pelikhan with @Copilot in #46044
- Require issue-intent metadata for close/assignment tools by default, with per-tool opt-out by @pelikhan with @Copilot in #46014
- feat: add OutcomeStatusLifecycle and OutcomeStatusLifecycleClose as first-class outcome status constants by @pelikhan with @Copilot in #46039
- [aw] Decouple Process Safe Outputs client token from project-specific token by @pelikhan with @Copilot in #45999
Full Changelog: v0.82.10...v0.82.11
v0.82.10
🌟 Release Highlights
This release brings declarative custom-engine support, expanded evals infrastructure, CLI improvements, and an important security default change — alongside a strong wave of bug fixes and code quality improvements.
⚠️ Breaking Changes
- Strict security mode is now the default —
sudoinjection and--enable-host-accessare no longer injected automatically. Workflows relying on these must opt in explicitly. (#45360)
✨ What's New
- Declarative custom-engine frontmatter — Crush, OpenCode, and other engines can now be declared via shared behavior definitions in frontmatter, removing boilerplate and improving portability. (#44465)
engine.driverfrontmatter field — New reference field lets you pin workflows to a specific engine driver. Learn more (#45420)- Evals on agentic workflows — BinEval evals enabled on 10 workflows; daily evals report added; evals results now captured in conclusion usage artifacts;
--evalsflag added tologsandauditcommands for filtering. (#45751, #45805, #45373) - Bootstrap config consolidation —
gh aw addandgh aw add-wizardnow share a unified config; theactionssubcommand is renamed toconfigfor clarity. (#45758) - Azure OpenAI BYOK support documented — New guide covers bringing your own Azure OpenAI key for Copilot workflows. (#45276)
nilctxpassedGo linter — New analyzer catchesnilcontext passed to functions, preventing hard-to-debug runtime panics. (#45799)
🐛 Bug Fixes & Improvements
- Fixed secrets context leaking into
ignore-if-missingguard expressions, which could silently suppress legitimate failures. (#45828) - Fixed
update_projectsilently ignoring string-typedfieldsby iterating over characters instead of field names. (#45825) - Fixed missing
id-token: writepermission on activation/conclusion/safe_outputs jobs for OTLP OIDC auth. (#45823) - Fixed a recurring 60 s timeout in the logs MCP tool that was corrupting audit datasets. (#45714)
- Fixed MCP gateway config to use raw header serialization for the GitHub remote Authorization header. (#45335)
- Fixed safe-outputs scope rejection incorrectly triggering when the agent changeset had no workflow files. (#45870)
- CLI consistency pass:
--no-stagedrenamed for clarity,-eshorthand added tologs, grammar and style fixes. (#45280) - Reduced GitHub API consumption in PR review cluster via pre-fetching and caching (~significant reduction in rate-limit pressure). (#45431)
📚 Documentation
- New BinEval syntax and question decomposition guide at
.github/aw/evals.md. (#45833) - Replaced deprecated
dispatch_repositoryreference block with a migration note. (#45786) - CLI help text, shared flag usage, and setup docs aligned for consistency. (#45753)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 16.9 AIC · ⊞ 7.6K
What's Changed
- [caveman] Optimize instruction verbosity — skills.md (2026-07-13) by @github-actions[bot] in #45328
- fix: CLI consistency — rename
--no-staged, add-eto logs, grammar/style fixes by @pelikhan with @Copilot in #45280 - [WIP] Fix failing GitHub Actions job Integration: Workflow Misc Part 2 by @pelikhan with @Copilot in #45293
- [jsweep] Clean validate_secrets.cjs by @github-actions[bot] in #45184
- Propagate runner topology into detection AWF image pre-pull by @pelikhan with @Copilot in #45274
- Refactor token env lookup and schedule helpers to remove semantic drift by @pelikhan with @Copilot in #45298
- feat(eslint-factory): add Object.assign suggestion to no-throw-plain-object rule by @pelikhan with @Copilot in #45299
- [linter-miner] feat(linters): add bytesbufferstring linter — flag string(buf.Bytes()) in favour of buf.String() by @github-actions[bot] in #45301
- Strengthen action pin mapping spec coverage and assertion rigor in
pkg/actionpinsby @pelikhan with @Copilot in #45340 - Remove the client-side
issue_intentsruntime gate by @pelikhan with @Copilot in #45275 - eslint-factory: detect aliased/destructured/computed core.setFailed in require-return-after-core-setfailed by @pelikhan with @Copilot in #45334
- feat: enable evals on smoke-copilot by @pelikhan with @Copilot in #45324
- Stabilize Sighthound Security Scan by scanning a clean archived repo snapshot by @pelikhan with @Copilot in #45361
- Fix autofix import robustness: use actual local binding qualifier in sprintfint/writebytestring/bytescomparestring by @pelikhan with @Copilot in #45339
- Fix MCP gateway config JSON: use raw header serialization for GitHub remote MCP Authorization header by @pelikhan with @Copilot in #45335
- Annotate allowed issue field allowlist as SEC-004 exempt by @pelikhan with @Copilot in #45363
- [log] Add debug logging to docker-sbx install step generators by @github-actions[bot] in #45374
- refactor(workflow): split 420-line buildMainJob into focused helpers by @pelikhan with @Copilot in #45333
- Refine interpolated-route diagnostics for opaque Octokit route helpers by @pelikhan with @Copilot in #45364
- Document Azure OpenAI BYOK configuration for Copilot workflows by @pelikhan with @Copilot in #45276
- [community] Update community contributions in README by @github-actions[bot] in #45367
- [yamllint-fixer] fix(workflow): reduce yamllint noise in generated lock files (16 → 3) by @github-actions[bot] in #45372
- Harden daily multi-device docs tester for Playwright startup and docs preview readiness by @pelikhan with @Copilot in #45399
- fix(create_pull_request): redirect fallback issue to alternate repo when target has issues disabled (410) by @pelikhan with @Copilot in #45359
- Lock in tag-scoped
on.pushas a valid scoped trigger by @pelikhan with @Copilot in #45362 - Audit: surface actionable failure diagnostics from step logs or agent-stdio fallback by @pelikhan with @Copilot in #45398
- docs: add
engine.driverto frontmatter reference by @pelikhan with @Copilot in #45420 - [instructions] Sync instruction files with release v0.82.9 by @github-actions[bot] in #45422
- feat: add --evals flag to logs and audit commands to filter by evals results by @pelikhan with @Copilot in #45373
- [jsweep] Clean harness_retry_config.cjs by @github-actions[bot] in #45378
- Add declarative custom-engine frontmatter and migrate Crush/OpenCode to shared behavior definitions by @pelikhan with @Copilot in #44465
- chore: remove outdated package workflows for dependabot by @mnkiefer in #45433
- [docs] Update glossary - daily scan by @github-actions[bot] in #45447
- feat: reduce GitHub API consumption in PR review cluster via pre-fetching and caching by @pelikhan with @Copilot in #45431
- Handle braceless
core.setFailed()control-flow inrequire-return-after-core-setfailedby @pelikhan with @Copilot in #45430 - [rendering-scripts] Fix Pi log parser for the v3 streaming schema (empty step summaries) by @github-actions[bot] in #45414
- enforce: add stringsindexcontains + stringscountcontains to CI linter batch by @pelikhan with @Copilot in https://github.com/github/gh-...
v0.82.9
🌟 Release Highlights
This release focuses on security hardening, performance improvements, and expanded runtime support — including a new docker-sbx runtime, better compiler analysis, and meaningful speed gains in core compilation paths.
✨ What's New
docker-sbxruntime support — Workflows can now target a Docker-based sandbox runtime via thedocker-sbxkey in the compiler, enabling more isolated execution environments. (#45006)- PowerShell installer for Windows —
gh-awnow ships a PowerShell install path and Windows CI coverage, making it easier to get started on Windows. (#44953) private-to-public-flows: allowfrontmatter field — Workflows can now explicitly opt in to cross-visibility flows using a newtools.githubfrontmatter field. (#45113)- Issue dependency tools in GitHub MCP toolsets — The MCP toolset mapping now includes issue dependency tools. (#45082)
- Unscoped push trigger validation — A new
ValidatePushBranchScopecompiler check prevents accidental workflow fan-out from unscopedpushtriggers. (#44915) toJSON(secrets)blocking rule — The compiler now flags expressions that would expose secrets viatoJSON. (#44922)pull_request → pull_request_targetescalation detection — The safe-update analysis now flags trigger escalations that could grant elevated permissions unexpectedly. (#44925)- Sighthound-gated agentic scan workflow — New workflow for artifact-backed security scanning with configurable gating. (#45120)
⚡ Performance
ParseWorkflowregression fixed — Targeted caching reduces parse time by ~51% vs the regression baseline. (#44994)CompileMemoryUsageregression fixed — OptimizednormalizeBlankLinesandfindRunValuepaths recover a memory regression. (#44995)ExtractWorkflowNameFromFilehot-path improvements — Faster header parsing recovers a benchmark regression on the critical path. (#45225)
🐛 Bug Fixes
- CLI proxy default policy now correctly respects repository visibility, blocking private-repo access from public-repo contexts. (#45158)
- GitHub MCP server fallback — When native HTTP initialization fails, the CLI mounts the MCP server as a fallback. (#44976)
COPILOT_MODELalias resolution — Model aliases are now resolved at runtime before the Copilot CLI is spawned. (#44975)- PR triage agent
gh pr checksreplaced — Switched to MCPget_check_runsto eliminate CLI proxy 403 errors. (#44927) - gVisor pinned release bumped — Updated from
20250623.0to20250707.0. (#45101) - sbx credential refresh — A credential refresh step is now emitted before agent execution. (#45146)
- Hamburger nav breakpoint — Fixed iPad Pro 12.9 header overlap by extending the breakpoint to 1050px. (#45281)
- Docs mobile overflow — Resolved hidden-label overflow on mobile and restored the homepage skip-link target. (#45224)
📚 Documentation
- Deprecated
dispatch_repositoryde-emphasized in the frontmatter reference. (#44928) engine.token-weightsfrontmatter field removed (was deprecated). (#44948)- Developer specifications consolidated into the instructions file (v9.20). (#44961)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 23.7 AIC · ⊞ 7.6K
What's Changed
- [instructions] Sync instruction files with release v0.82.8 by @github-actions[bot] in #44920
- fix(eslint): require-return-after-core-setfailed — detect nested-block fall-through, document break/continue limitation by @pelikhan with @Copilot in #44917
- [eslint-miner] eslint: add no-throw-plain-object rule by @github-actions[bot] in #44924
- docs: de-emphasize deprecated
dispatch_repositoryin frontmatter full reference by @pelikhan with @Copilot in #44928 - [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #44930
- fix(pr-triage-agent): replace
gh pr checkswith MCPget_check_runsto stop CLI proxy 403s by @pelikhan with @Copilot in #44927 - feat: add ValidatePushBranchScope to prevent unscoped push triggers causing workflow fan-out by @pelikhan with @Copilot in #44915
- Flag pull_request → pull_request_target trigger escalation in compiler safe-update analysis by @pelikhan with @Copilot in #44925
- [avenger] Fix prettier formatting in eslint rule source by @github-actions[bot] in #44935
- Reduce Smoke CI REST fan-out by scoping pull_request triggers by @pelikhan with @Copilot in #44934
- Add rule to block toJSON(secrets) expressions by @pelikhan with @Copilot in #44922
- Stop recommending
get_mefor workflow identity in GitHub MCP prompts by @pelikhan with @Copilot in #44936 - Reduce
list_pull_requestsMCP context bloat via default pagination + minimal output guidance by @pelikhan with @Copilot in #44941 - [spec-enforcer] Enforce specifications for colorwriter, console, constants by @github-actions[bot] in #44949
- Normalize progressive-disclosure guidance across reporting workflows by @pelikhan with @Copilot in #44960
- Remove deprecated
engine.token-weightsfrontmatter by @pelikhan with @Copilot in #44948 - eslint-factory: suppress unsafe
addReturnsuggestion after terminal cleanup followingcore.setFailedby @pelikhan with @Copilot in #44929 - [docs] Consolidate developer specifications into instructions file (v9.20) by @github-actions[bot] in #44961
- Skip closed-PR follow-up workflows on Copilot branches by @pelikhan with @Copilot in #44967
- Add formal safe-update specification for compiler enforcement and manifest baselines by @pelikhan with @Copilot in #44997
- feat: Add
docker-sbxruntime support to compiler by @lpcox with @Copilot in #45006 - chore: bump firewall version to v0.27.30 by @lpcox with @Copilot in #45025
- [docs] Update dictation skill instructions by @github-actions[bot] in #45053
- [safe-output-integrator] Add missing copilot safe-output fixture files (close-discussion, assign-to-agent, assign-to-user, unassign-from-user) by @github-actions[bot] in #45004
- Improve docs homepage JSON-LD for GEO citation (WebSite + Organization) by @pelikhan with @Copilot in #44991
- [docs] docs: unbloat about page by @github-actions[bot] in #44992
- fix: bump pinned gVisor release from 20250623.0 to 20250707.0 by @lpcox with @Copilot in #45101
- feat: implement
private-to-public-flows: allowas atools.githubfrontmatter field by @lpcox with @Copilot in #45113 - fix: emit sbx credential refresh step before agent execution by @lpcox in #45146
- Fix CLI proxy default policy to respect repo visibility (block private repos in public repos) by @lpcox with @Copilot in #45158
- spdd: 2026-07-11 spec work plan — normative requirements, combined-integrity fixture, coverage audit by @pelikhan with @Copilot in #44986
- fix: resolve COPILOT_MODEL aliases at runtime before spawning Copilot CLI by @pelikhan with @Copilot in #44975
- Formalize
replace-labelcompliance model and fixture-backed conformance tests by @pelikhan with @Copilot in #44981 - [linter-miner] feat(linters): add ioutildeprecated linter to flag deprecated io/ioutil usag...
v0.82.8
🌟 Release Highlights
This release brings substantial quality and reliability improvements across the compiler, linters, CLI tooling, security architecture, and documentation — with particular focus on ARC/DinD self-hosted runner support and safe-outputs robustness.
✨ What's New
- gVisor container runtime support — Workflows can now opt into the gVisor runtime via
sandbox.agent.runtime: gvisorfor stronger sandbox isolation. (#44796) - Shared partials can declare
sandbox.agent.mounts— Partial workflow files can now define mount configurations that are merged into the parent workflow, enabling reusable sandbox setups. (#44500) - AI authorship disclosure header — A new
disclosure-headersafe-output message type allows agents to declare AI authorship inline in PR comments and issues. (#44497) gh aw addresolves transitiveuses:references — Importing a workflow partial now automatically resolves and includes any nested imports, eliminating manual dependency management. (#44763)- OAuth token failure propagated to conclusion job — When an OAuth or missing-token failure occurs, it is now surfaced in the conclusion job so failures are never silently swallowed. (#44777, #44756)
- New
stringscountcontainslinter — Detectsstrings.Count(s, sub) > 0patterns that should be written asstrings.Contains. (#44820) - ARC DinD how-to guide — New documentation covering how to run the GitHub Copilot coding agent on self-hosted ARC runners with Docker-in-Docker. (Learn more) (#44561, #44586)
🐛 Bug Fixes & Improvements
- Compiler performance —
CompileSimpleWorkflowno longer scans heredoc content for run-block expressions, recovering a measurable regression. (#44454) - GHE SSH remote URL parsing — Fixed fuzzy schedule scattering for GHE SSH remotes with non-standard usernames. (#44502)
- Stale lock guard — A base-ref-aware guard now prevents stale lock files from being introduced when workflow markdown edits occur on branches. (#44912)
- Confused deputy fix — The confused deputy check is now correctly scoped to bot actors on
pull_request:synchronizeevents only. (#44494) - Docker socket GID resolution — Robust GID resolution for ARC/DinD and split-daemon topologies ensures correct socket permissions. (#44446)
- Playwright-based model pricing scraper — Replaced the fragile static HTML scraper with a Playwright-driven extractor that stays reliable as pricing pages evolve. (#44453)
pull_request_reviewevent handling — Fixedadd_workflow_run_comment.cjsto correctly handle thepull_request_reviewevent type. (#44503)- CI token authentication — Extra-empty-commit CI triggers now correctly authenticate using the CI token rather than persisted checkout credentials. (#44180)
- linter self-contained fixes —
sprintfint,writebytestring, andbytescomparestringsuggested fixes are now fully self-contained, including all required import edits. (#44911, #44665, #44488) - Copilot harness idle termination — The Copilot harness now terminates idle processes after a terminal safe output, preventing lingering background jobs. (#44440)
📚 Documentation
- Cost management page — Reorganized and expanded the cost management reference for clarity. (#44685)
- Imports reference tightened — Redundant content pruned and accuracy improved in the imports reference. (#44804)
- CLI reference aligned — The CLI reference now matches the current
gh aw --helpoutput and exposes theexperimentscommand. (#44603, #44794) - Sandbox reference — Updated sandbox reference reflects new
sandbox.agent.runtimeandsandbox.agent.mountsfields.
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 25.3 AIC · ⊞ 7.6K
What's Changed
- fix: replace allocating string comparison with bytes.Equal in virtual_fs.go by @pelikhan with @Copilot in #44463
- fix(daily-model-inventory): replace static HTML pricing scraper with playwright-based extraction by @pelikhan with @Copilot in #44453
- [community] Update community contributions in README by @github-actions[bot] in #44457
- docs: expand dispatch-repository nested fields in frontmatter-full.md by @pelikhan with @Copilot in #44456
- Copilot harness: terminate idle process after terminal safe output by @pelikhan with @Copilot in #44440
- Ensure extra-empty-commit CI trigger push authenticates as CI token, not persisted checkout credentials by @pelikhan with @Copilot in #44180
- perf: fix CompileSimpleWorkflow regression — skip heredoc content in run-block expression scan by @pelikhan with @Copilot in #44454
- pkg/agentdrain: add nil-guard to Analyze and improve anomaly test quality by @pelikhan with @Copilot in #44455
- chore: bump gh-aw-firewall to v0.27.28 by @pelikhan with @Copilot in #44467
- [instructions] Sync instruction files with release v0.82.7 by @github-actions[bot] in #44541
- fix: remove double-normalization in overridePersistedExtraheader by @pelikhan with @Copilot in #44492
- fix: resolve all non-largefunc custom linter findings by @pelikhan with @Copilot in #44461
- Fix yamllint violations in generated lock files by @pelikhan with @Copilot in #44491
- fix: handle pull_request_review event in add_workflow_run_comment.cjs by @pelikhan with @Copilot in #44503
- Use specific failure categories before
agent_failurein failure-issue routing by @pelikhan with @Copilot in #44498 - Document and pin
no-github-request-interpolated-routeboundary behavior by @pelikhan with @Copilot in #44550 - Add ARC DinD how-to guide for running GitHub Copilot coding agent on self-hosted runners by @lpcox with @Copilot in #44561
- docs: DinD is required for ARC (not optional), fix NET_ADMIN misinformation, clarify sudo scope by @lpcox with @Copilot in #44586
- fix: scope confused deputy check to bot actors on pull_request:synchronize by @pelikhan with @Copilot in #44494
- Track compiled lock files for the new test workflows by @pelikhan with @Copilot in #44551
- [docs] docs: unbloat workflow structure reference by @github-actions[bot] in #44596
- Align CLI reference with current
gh aw --helpoutput by @pelikhan with @Copilot in #44603 - [safe-output-integrator] fix: use canonical dispatch-repository key in test fixture by @github-actions[bot] in #44614
- fix: parse GHE SSH remote URLs with non-standard usernames for fuzzy schedule scattering by @pelikhan with @Copilot in #44502
- Always compile after any workflow .md change to keep .lock.yml in sync by @pelikhan with @Copilot in #44565
- Reframe
bytescomparestringas style/intent lint and fix single-import autofix output by @pelikhan with @Copilot in #44488 - Refresh package specs for spec-audit mismatches and stale README coverage by @pelikhan with @Copilot in #44564
- Reduce
ExtractWorkflowNameFromFileoverhead in CLI workflow title parsing by @pelikhan with @Copilot in #44604 - Surface ex...
v0.82.7
🌟 Release Highlights
This release delivers significant reliability improvements for ARC/DIND runners, MCP Gateway upgrades, expanded checkout authentication, and a wave of bug fixes and documentation enhancements.
✨ What's New
-
Safe-output GitHub App checkout auth — Workflows can now authenticate checkouts in
safe_outputsjobs using a GitHub App (checkout.safe-output-github-app), enabling secure, credential-scoped repository access without using personal tokens. (#44444) -
MCP Gateway v0.4.1 — Upgraded the embedded MCP Gateway (
mcpg) to v0.4.1, bringing the latest guard-policy fixes and sink-visibility support to all agentic workflow runs. (#44403) -
Smoke tests for
model: smallalias — A new daily smoke workflow validates that themodel: smallalias resolves correctly end-to-end, catching regressions before they reach production. (#44288) -
Decentralized
label_commandauto-permissions — The compiler now automatically grantspull-requests:readtopre_activationjobs whenlabel_commandis used onpull_requestevents, eliminating a common manual permission boilerplate. (#44282) -
Formal checkout behavior spec — Agent and
safe_outputsjob checkout behavior is now formally specified, giving workflow authors a clear contract for credential availability and repo access. (#44225)
⚡ Performance
- Faster
run-scriptexpression guardrail — CutYAMLGenerationoverhead in therun-scriptexpression guardrail, improving compilation throughput for workflows with many run steps. (#44438)
🐛 Bug Fixes & Improvements
-
ARC/DIND runner fix — Propagating
RunnerConfigto the detection job resolves aENOENTerror on ARC-dind Copilot runners. (#44445) -
Sandbox firewall directory permissions — Root-owned sandbox firewall directories are now reclaimed on reused runners, preventing
EACCESerrors on subsequent runs. (#44276) -
Copilot CLI hang on exit fixed — Reduced the post-completion idle watchdog timeout and added cleanup timeouts, preventing the Copilot CLI from hanging after workflow completion. (#44254)
-
Elixir runtime
erlexposure —erlis now correctly exposed in the AWF sandbox when usingruntimes.elixir. (#44283) -
Nested repo-memory glob matching — Fixed glob matching for memory files stored in nested subdirectories. (#44215)
-
Claude startup failure hardening — Empty-log Avenger runs no longer fail silently; Claude startup failures are now detected and surfaced correctly. (#44332)
-
Safe-outputs graceful fallback —
GH_AW_SAFE_OUTPUTSis now correctly passed to the "Parse agent logs" step, activating the graceful fallback path when needed. (#44354) -
Engine driver schema broadened — The
engine.driverschema description now matches the actual runtime multi-language support, reducing schema validation false positives. (#44355)
📚 Documentation
-
Sink visibility field — Documented the
sink-visibilityfield in the MCP Gateway write-sink guard policy (spec v1.15.0) and tightened guard-policy prose. (#44373, #44305) -
--force-public-reposproxy flag — The--force-public-reposflag for theproxysubcommand is now documented. (#44360) -
CLI flag alignment —
audit,status,experiments, and legacy--disable-*flags are now consistently documented with their deprecation behavior. (#44312) -
Custom model pricing FAQ — Added a FAQ entry covering custom model pricing in agentic workflow frontmatter. (#44450)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 36.5 AIC · ⊞ 7.6K
What's Changed
- add smoke-copilot-small workflow to validate
model: smallalias resolution by @pelikhan with @Copilot in #44288 - Fix repo-memory glob matching for nested memory files by @pelikhan with @Copilot in #44215
- Compiler: auto-grant pull-requests:read to pre_activation for decentralized label_command on pull_request events by @pelikhan with @Copilot in #44282
- fix: reduce post-completion idle watchdog and add cleanup timeouts to prevent Copilot CLI hang on exit by @pelikhan with @Copilot in #44254
- docs(parser): document missing internal dependencies in README by @pelikhan with @Copilot in #44308
- docs: document sink-visibility field in MCP Gateway write-sink guard policy (spec v1.15.0) by @lpcox with @Copilot in #44305
- docs: document --force-public-repos flag for proxy subcommand by @lpcox in #44360
- Copilot/document sink visibility field by @lpcox in #44373
- [linter-miner] linter: add bytescomparestring — flag string(a)==string(b) where a,b are []byte by @github-actions[bot] in #44389
- Add formal checkout behavior specification for agent and safe_outputs jobs by @pelikhan with @Copilot in #44225
- [docs] docs: tighten MCP gateway guard-policy prose by @github-actions[bot] in #44365
- fix: broaden engine.driver schema description to match runtime multi-language support by @pelikhan with @Copilot in #44355
- [safe-output-integrator] Add missing safe-output type fixtures and Go test coverage (11 types) by @github-actions[bot] in #44405
- [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #44330
- fix: pass GH_AW_SAFE_OUTPUTS to "Parse agent logs" step to activate graceful fallback by @pelikhan with @Copilot in #44354
- Normalize report body formatting rules across 11 reporting workflows by @pelikhan with @Copilot in #44314
- Bump MCP Gateway (mcpg) to v0.4.1 by @lpcox with @Copilot in #44403
- Schedule Smoke Copilot Sub Agents workflow to run daily by @pelikhan with @Copilot in #44443
- Align CLI docs and deprecation behavior for audit, status, experiments, and legacy
--disable-*flags by @pelikhan with @Copilot in #44312 - Refactor safe-outputs config parsing into focused workflow modules by @pelikhan with @Copilot in #44313
- SPDD 2026-07-08: close spec sync gaps and enforce add-flow rollback semantics by @pelikhan with @Copilot in #44358
- fix: expose erl in AWF sandbox when using runtimes.elixir by @pelikhan with @Copilot in #44283
- docs: FAQ entry for custom model pricing in agentic workflow frontmatter by @pelikhan with @Copilot in #44450
- Harden Claude startup failure handling for empty-log Avenger runs by @pelikhan with @Copilot in #44332
- perf(workflow): cut YAMLGeneration overhead in run-script expression guardrail by @pelikhan with @Copilot in #44438
- fix: reclaim root-owned sandbox firewall dirs to prevent EACCES on reused runners by @pelikhan with @Copilot in #44276
- fix: propagate RunnerConfig to detection job to fix arc-dind Copilot ENOENT by @pelikhan with @Copilot in #44445
- Add
checkout.safe-output-github-appsupport for safe_outputs checkout auth by @pelikhan with @Copilot in #44444
Full Changelog: v0.82.6...v0.82.7
v0.82.6
🌟 Release Highlights
This release focuses on correctness and reliability — fixing subtle bugs in workflow compilation, strengthening security defaults, and improving developer tooling with new ESLint rules and unit tests.
✨ What's New
-
ESLint rule:
no-github-request-interpolated-route— A new static analysis rule flags interpolated template literals and string concatenation in Octokit.request()route arguments. This prevents malformed URLs and enforces the typed placeholder syntax ({owner},{repo}) that GitHub's REST API expects. (#44268) -
Comment-memory support for deterministic jobs — Custom jobs and
on.stepsflows withrestore-memory: truenow correctly receive the comment-memory config, enabling deterministic steps to consume persisted memory before agent execution. (#44214)
🐛 Bug Fixes & Improvements
-
Safer lockdown defaults on API failure — When the
determine-automatic-lockdownstep cannot fetch repository visibility,sink-visibilitynow defaults to"public"(strict policy) instead of the previously unrecognized"unknown"value, preventing unpredictable guard policy behavior. (#44286) -
Detection job dependency fix —
engine.envvalues referencingneeds.<job>.outputs.*expressions now correctly propagate to thedetectionjob'sneedslist, preventing silent empty-string resolution at runtime. (#44202) -
Lockdown autodetection skip when guard policy is explicit — The
determine-automatic-lockdownstep is now skipped when guard policies are already statically configured in frontmatter, eliminating redundant runtime detection. (#44270) -
Deprecated output references cleaned up — All remaining uses of
needs.activation.outputs.{text,title,body}in tests and specs replaced with the currentsteps.sanitized.outputs.*form, eliminating spurious deprecation warnings. (#44255)
📚 Documentation
- Token type validation clarified — Auth reference docs now explicitly document that
COPILOT_GITHUB_TOKENandGH_AW_GITHUB_TOKENmust be fine-grained PATs. OAuth user tokens (gho_...) are intentionally rejected at activation with remediation guidance. (#44275, Learn more)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 24.6 AIC · ⊞ 7.6K
What's Changed
- [spec-extractor] Update package specifications for tty, types, typeutil, workflow by @github-actions[bot] in #44266
- fix: skip lockdown autodetection step when guard policy is explicitly configured by @pelikhan with @Copilot in #44270
- Replace deprecated
needs.activation.outputs.{text,title,body}withsteps.sanitized.outputs.*by @pelikhan with @Copilot in #44255 - fix: detection job missing engine.env job dependencies in needs list by @pelikhan with @Copilot in #44202
- Restore comment-memory config for deterministic memory-read jobs by @pelikhan with @Copilot in #44214
- refactor(workflow): rename same-name/different-semantics helpers to eliminate navigation confusion by @pelikhan with @Copilot in #44149
- [docs] Update documentation for features from 2026-07-08 by @github-actions[bot] in #44275
- [docs] Update glossary - daily scan by @github-actions[bot] in #44273
- feat(eslint): add no-github-request-interpolated-route rule by @pelikhan with @Copilot in #44268
- fix: default sink-visibility to "public" when repository visibility check fails by @pelikhan with @Copilot in #44286
- Add unit tests for StripANSI in pkg/stringutil by @pelikhan with @Copilot in #44277
Full Changelog: v0.82.5...v0.82.6
v0.82.5
🌟 Release Highlights
This release focuses on developer guardrails and code quality tooling, hardening ESLint rules, improving compile-time safety, and adding proactive security checks for credential hygiene.
✨ What's New
-
Workflow-edit guard for stale lock files — A lightweight CI guard now catches agents that edit
.github/workflows/*.mdwithout recompiling the corresponding.lock.yml. This surfaces CI failures early, before the heavyweightcheck-workflow-driftjob runs. (#44238) -
OAuth token detection in activation jobs — The activation job now flags
COPILOT_GITHUB_TOKENandGH_AW_GITHUB_TOKENvalues that are OAuth tokens (gho_...). OAuth tokens are over-provisioned user-scoped credentials unsuitable for automation, and early detection prevents hard-to-debug permission failures downstream. (#44204) -
Runtime sink-visibility —
sink-visibilityin the MCP guard policy config is now computed at runtime instead of baked in at compile time. This eliminates stale configs and removes the network call during compilation. (#44245)
🐛 Bug Fixes & Improvements
-
ESLint:
try/finallywithoutcatchtreated as unprotected —isInsideTryBlockwas returningtruefortry/finallyblocks with nocatchclause. Since a catch-lesstry/finallydoes not suppress thrown errors, these call sites are now correctly flagged. (#44256) -
ESLint:
require-fs-sync-try-catchcatches destructured and aliased fs bindings — The rule previously only matchedfs.method()call patterns, silently missing bindings introduced by destructuring (e.g.,const { appendFileSync } = fs) or aliasing. Unprotected file-system calls using these patterns are now correctly reported. (#44240) -
Designer:
dismiss-pull-request-reviewadded to Safe Output Mapping — The Designer Drift Audit had falsely flagged 15 missing network ecosystem identifiers due to a head-limit truncation bug, and one genuinely missing safe output type (dismiss-pull-request-review). Both are now fixed. (#44209) -
Go code gen:
string()cast emitted for named string types —writebytestringnow correctly emits astring(s)cast when writing named string types (e.g.,type MyStr string), fixing non-compiling generated code.RunWithSuggestedFixessupport was also added. (#44208)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 26 AIC · ⊞ 7.6K
What's Changed
- [jsweep] Clean compact_numbers.cjs — add comprehensive test suite by @github-actions[bot] in #44189
- fix(designer): add dismiss-pull-request-review to Safe Output Mapping; fix head limits in drift audit by @pelikhan with @Copilot in #44209
- feat: add lightweight workflow-edit guard for stale lock files by @pelikhan with @Copilot in #44238
- fix(writebytestring): emit string() cast for named string types; add RunWithSuggestedFixes by @pelikhan with @Copilot in #44208
- refactor: compute sink-visibility at runtime instead of compile time by @pelikhan with @Copilot in #44245
- Refactor
getOrCreateListRepoCloneinto focused helpers in parser remote file listing by @pelikhan with @Copilot in #44179 - [instructions] Sync instruction files with release v0.82.4 by @github-actions[bot] in #44252
- fix(eslint-factory): require-fs-sync-try-catch catches destructured and aliased fs bindings by @pelikhan with @Copilot in #44240
- fix(eslint-factory): treat try/finally without catch as unprotected in isInsideTryBlock by @pelikhan with @Copilot in #44256
- feat: detect OAuth tokens in activation job for COPILOT_GITHUB_TOKEN and GH_AW_GITHUB_TOKEN by @pelikhan with @Copilot in #44204
Full Changelog: v0.82.4...v0.82.5
v0.82.4
🌟 Release Highlights
This release focuses on memory step ordering reliability, security hardening, and compiler improvements that enhance the predictability and safety of agentic workflow execution.
✨ What's New
-
Memory stores available earlier in agent jobs —
cache-memory,repo-memory, andcomment-memoryare now restored before user-definedsteps:, ensuring your workflow steps always have access to memory context. Custom jobs also benefit from automaticrestore-memorystep injection (#44037, #43984, #43952). -
Deterministic dispatch gating — Memory stores are now exposed to
on.stepsin pre-activation, enabling more reliable conditional dispatch logic based on memory state (#44015). -
Sink visibility in compiled policies — Compiled write-sink guard policies now emit
sink-visibilitymetadata, improving auditability of what each job can write (#44154). -
Loopback MCP server isolation — Loopback HTTP MCP servers are now rejected in network isolation mode, strengthening the security boundary for isolated workflow runs (#44113).
-
Binary evaluations via BinEval — The compiler now supports an
evalsjob type for BinEval binary evaluations, enabling structured model evaluation pipelines (#43700). -
set_issue_fieldfield validation — Builtin fields are now refused inset_issue_fieldto prevent accidental overwrites of system-managed fields (#44170).
🐛 Bug Fixes & Improvements
-
Stale
/tmp/gh-awownership fixed — Root-owned temp directories are now reclaimed before AWF invocation, preventing permission errors in agent runs (#44022). -
arc-dind workspace mount — Removed the deprecated
--docker-host-path-prefixCLI flag and added an explicit workspace mount for the arc-dind topology, ensuring reliable container builds (#44145). -
Parser field population fix —
required-labelsandrequired-title-prefixfields are now correctly populated in theupdate-pull-requestandupdate-issueparsers (#44168). -
Security: safer installer pattern — Replaced
curl | shinstaller pipes with a download-then-verify pattern, eliminating a supply-chain risk (RGS-018) (#43716). -
CLI flag and docs consistency — Corrected
--yesverb,--direnv hint, and add-wizard documentation across 9 commands for a more consistent developer experience (#44050). -
SHA-pinned build-tools image — The firewall image for arc-dind topology is now SHA-pinned, ensuring reproducible and tamper-resistant builds (#44044).
📚 Documentation
- Clarified Quick Start terminology for frontmatter and
.lock.ymlto reduce onboarding confusion (#44079). - Trimmed cache-memory reference bloat and updated the glossary for cleaner, more focused documentation (#44088, #44010).
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 25.5 AIC · ⊞ 7.6K
What's Changed
- fix: reclaim stale root-owned /tmp/gh-aw before AWF invocation by @lpcox in #44022
- Move comment-memory preparation before user
steps:in agent job by @pelikhan with @Copilot in #43952 - eslint-factory: detect catch-variable aliases in require-error-cause-in-rethrow by @pelikhan with @Copilot in #43966
- [instructions] Sync instruction files with release v0.82.2 by @github-actions[bot] in #43990
- [spec-extractor] Update package specifications for stringutil, styles, testutil, timeutil by @github-actions[bot] in #44007
- [docs] Update glossary - daily scan 2026-07-07 by @github-actions[bot] in #44010
- Update package specs for modelsdev, console, and logger by @pelikhan with @Copilot in #44047
- fix: SHA-pin build-tools firewall image for arc-dind topology by @lpcox with @Copilot in #44044
- [eslint-miner] eslint: add require-fs-sync-try-catch rule by @github-actions[bot] in #43994
- feat(go-gh): modernize go-gh API usage — drop gh.Exec for GraphQL, add timeouts, tidy DefaultRESTClient by @pelikhan with @Copilot in #43985
- Targeted custom-lint cleanup: append byte conversion, context propagation, error wrapping, and param-count reduction by @pelikhan with @Copilot in #43938
- Move cache-memory and repo-memory restore steps before user
steps:in agent job by @pelikhan with @Copilot in #43984 - Clarify Quick Start terminology for frontmatter and
.lock.ymlby @pelikhan with @Copilot in #44079 - [docs] docs: trim cache-memory reference bloat by @github-actions[bot] in #44088
- Route pdf-summary discussions to Audits category by @pelikhan with @Copilot in #44092
- refactor(workflow): extract helpers to fix function-length lint violations by @pelikhan with @Copilot in #44008
- fix(doc-healer): gate artifact constant check on actual artifact production by @pelikhan with @Copilot in #44134
- test(constants): table-driven assertions and extend octal-literal check to cmd/ by @pelikhan with @Copilot in #44114
- Add restore-memory step injection for custom jobs by @pelikhan with @Copilot in #44037
- fix: correct --yes verb, --dir env hint, and add-wizard docs across 9 commands by @pelikhan with @Copilot in #44050
- refactor: split logs_orchestrator.go (1284 lines) into 5 focused modules by @pelikhan with @Copilot in #44051
- [linter-miner] linters: add writebytestring — flag w.Write([]byte(s)) calls that should use io.WriteString by @github-actions[bot] in #44101
- Reduce BenchmarkValidation overhead by caching safe-output field order by @pelikhan with @Copilot in #44090
- Reject loopback HTTP MCP servers in network isolation mode by @pelikhan with @Copilot in #44113
- Extend envutil for bool/string access and remove direct CI bypasses by @pelikhan with @Copilot in #44097
- compiler: add evals job for BinEval binary evaluations by @pelikhan with @Copilot in #43700
- Expose memory stores to
on.stepsin pre-activation for deterministic dispatch gating by @pelikhan with @Copilot in #44015 - Emit
sink-visibilityin compiled write-sink guard policies by @lpcox with @Copilot in #44154 - fix(arc-dind): remove --docker-host-path-prefix CLI flag and add explicit workspace mount by @lpcox in #44145
- fix(security): replace curl|sh installer pipes with download+verify (RGS-018) by @pelikhan with @Copilot in #43716
- [log] Add debug logging to parser and workflow files by @github-actions[bot] in #44183
- [community] Update community contributions in README by @github-actions[bot] in #44171
- feat: refuse builtin fields in set_issue_field by @pelikhan with @Copilot in #44170
- Bump AWF to v0.27.27 and MCPG to v0.4.0 by @lpcox with @Copilot in #44173
- Replace hard-coded activation symlink path literals with named/shared path constants by @pelikhan with @Copilot in #44177
- fix: populate required-labels and required-title-prefix in update-pull-request and update-issue parsers by @pelikhan with @Copilot in #44168
Full Changelog: v0.82.3...v0.82.4
v0.82.3
🌟 Release Highlights
This release focuses on developer experience, security hardening, and compiler flexibility — delivering tighter CI guardrails, new safe-output primitives, and meaningful quality-of-life improvements across the toolchain.
✨ What's New
-
Compiler job dependency control —
jobs.<generated>.needscan now augment compiler-generated job dependencies, giving authors explicit control over execution order for generated jobs likeactivation,agent, andsafe_outputs(#43940) -
dismiss-reviewsafe output — Workflows can now programmatically dismiss their own PR reviews with actor-bound guards and required justification, enabling automated review lifecycle management (#43125) -
Native duplicate issue marking —
close-issuewithduplicate_ofnow creates a proper GitHub "marked as duplicate of #X" timeline entry instead of a plain comment (#43152) -
CI drift detection for lock files — A new CI check catches stale
.lock.ymlfiles when workflow markdown is edited without regenerating the corresponding lock files, preventing silent drift (#43747) -
Selective maintenance job opt-out —
maintenance.disabled_jobslets repositories omit specific agentics-maintenance jobs, avoiding unnecessary write scopes for issue-triage-only repos (#43300) -
Harness retry policy now configurable —
GH_AW_HARNESS_*env vars let workflows widen the retry window for Copilot/Claude harnesses during sustained API transients (#43051) -
Model inventory update — New model aliases (
kiwi,mai-code) added; 10 Copilot sub-agents upgraded fromsmallto newer model aliases for improved output quality (#43085, #43063)
🐛 Bug Fixes & Improvements
-
MCP server security hardening — HTTP MCP server now binds to
127.0.0.1only, closing a DNS-rebinding and cross-origin POST attack surface introduced by go-sdk v1.6.0 (#43766) -
Ctrl-C cancellation restored —
context.Contextthreaded through 8remote_fetch.goAPIs so Ctrl-C now properly cancels in-flight HTTP requests from any CLI command (#43128) -
Token double-charging fix — Cache-read tokens for the
github-copilotprovider were incorrectly counted twice; this is now corrected for accurate cost reporting (#43048) -
Token metrics restoration — Token usage metrics are now correctly restored even when
events.jsonlomitssession.shutdown.modelMetrics(#43007) -
Rate limit cancellation —
checkAndWaitForRateLimitis now context-cancellable, preventing stuck runs during Ctrl-C (#43848) -
gh aw trialGH_HOST support —--trigger-contextissue URLs now correctly honorGH_HOSTfor GitHub Enterprise Server deployments (#43729) -
safe-outputs manifest bundled — The safe-outputs-items manifest is now included in the usage artifact, restoring
SafeItemsCountvisibility in run reports (#43056)
📚 Documentation
-
Quick Start improvements — Frontmatter defined inline with
.lock.ymlsemantics surfaced as a callout; engine secret setup clarified (#43083, #43107) -
CLI reference expanded — Added "When to use" column to CLI commands summary table; enterprise guidance collapsed to reduce cognitive load (#43699, #43082)
-
Persona-driven authoring guide — New documentation covering persona-based workflow authoring and ad hoc scenario evaluation (#43050)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by 🚀 Release · 33.4 AIC · ⊞ 7.6K
What's Changed
- Honor NO_COLOR/color-profile degradation for Lip Gloss v2 output paths by @pelikhan with @Copilot in #42945
- Surface canonical
dispatch-repositorykey in frontmatter full reference by @pelikhan with @Copilot in #43009 - [docs] docs: trim repetitive glossary entries by @github-actions[bot] in #43019
- fix(lint-monster): eliminate os.Getenv coupling in compilerenv and action_mode by @pelikhan with @Copilot in #42984
- Strengthen codemod registry coverage by asserting all registered IDs by @pelikhan with @Copilot in #43008
- Fix CLI consistency issues in lint, mcp, and secrets commands by @pelikhan with @Copilot in #42982
- Restore token usage metrics when
events.jsonlomitssession.shutdown.modelMetricsby @pelikhan with @Copilot in #43007 - compiler: inject missing model pricing from models.dev at compile time by @pelikhan with @Copilot in #43003
- refactor(copilot-sdk): multi-provider only — remove single-provider legacy by @pelikhan with @Copilot in #42740
- compilerenv: remove constructor panic to satisfy custom Go lint by @pelikhan with @Copilot in #43044
- Suppress CodeQL
js/http-to-file-accessinensure-docs-slide-pdf.jswith explicit trust-boundary rationale by @pelikhan with @Copilot in #43049 - Document persona-driven workflow authoring and ad hoc scenario evaluation by @pelikhan with @Copilot in #43050
- Refresh AWF container digests and recompile workflow lockfiles by @pelikhan with @Copilot in #43060
- feat(models): 2026-07-03 model inventory update — new models, alias additions, mirror sync by @pelikhan with @Copilot in #43063
- Trim
search_repositoriestoken cost with explicit small-page pagination in workflow prompts by @pelikhan with @Copilot in #43055 - Harden temp writes in safe-output evaluation script by @pelikhan with @Copilot in #43054
- Reduce ambient prompt bloat in core analysis workflows by @pelikhan with @Copilot in #43053
- fix: stop double-charging cache-read tokens for github-copilot provider by @pelikhan with @Copilot in #43048
- fix: prevent tool denial failures in daily-agent-of-the-day-blog-writer by @pelikhan with @Copilot in #43070
- feat: migrate 10 copilot sub-agents from
smalltokiwi/mai-codeby @pelikhan with @Copilot in #43085 - Quick Start: define frontmatter inline and surface
.lock.ymlsemantics as a callout by @pelikhan with @Copilot in #43083 - refactor: split compiler_types.go grab-bag into workflow_data.go and safe_outputs_config.go by @pelikhan with @Copilot in #43071
- Docs: reduce CLI page cognitive load by collapsing enterprise guidance by @pelikhan with @Copilot in #43082
- fix(safe-outputs): bundle safe-outputs-items manifest into usage artifact to restore SafeItemsCount by @pelikhan with @Copilot in #43056
- fix: pass GITHUB_SHA to safe-outputs MCP server container by @pelikhan with @Copilot in #43106
- [log] Add debug logging to import-path and pricing resolution by @github-actions[bot] in #43109
- Fail fast on empty safeoutputs schema and add Copilot soft-time convergence guard by @pelikhan with @Copilot in #43057
- fix: hard-bake workflow ID in workflow_call concurrency group to prevent deadlock by @pelikhan with @Copilot in #43078
- Home page: move Public Preview notice into hero with warning callout styling by @pelikhan with @Copilot in #43081
- [jsweep] Clean tool_call_details.cjs by @github-actions[bot] in #43111
- Clarify Quick Start workflow source and engine secret setup by @pelikhan with @Copilot in #43107
- Add centralized
/souschefPR command routing to PR Sous Chef by @pelikhan with @Copilot in #43119 - Refactor main-job runtime setup orchestration to reduce largefunc backlog by @pelikhan with @Copilot in #43105
- fix(daily-yamllint-fixer): add testdata/** to allowed...