Skip to content

Releases: github/gh-aw

v0.82.12

v0.82.12 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 17 Jul 07:19
Immutable release. Only release title and notes can be modified.
b944311

🌟 Release Highlights

This release brings usability improvements to gh aw add, important security fixes for agent sandboxing, and a wave of internal refactoring that strengthens the codebase quality and consistency.

✨ What's New

  • gh aw add bootstrap by default — The package manifest config bootstrap flow now runs automatically when adding a new workflow, reducing manual setup steps.
  • Enhanced GitHub host detection — PAT creation and setup commands now correctly detect GitHub host variants, improving multi-environment setups.
  • New mapclearloop linter — Automatically replaces range-delete loops with the idiomatic clear(m) call, keeping generated Go code clean and modern.

🐛 Bug Fixes & Improvements

  • Agent sandbox credential isolation — Job-output credential env vars are now correctly excluded from the agent sandbox (--exclude-env), preventing inadvertent credential leakage.
  • External threat detection — Custom engine base URLs and allowlist propagation are now properly honored, fixing false-negative detections in custom environments.
  • SHA-pinned action version comments — Fixed a bug where version comments were lost when SkipHardcodedFallback was set, restoring full audit traceability.
  • MAI model update — Updated to mai-code-1-flash-picker with improved sandbox test isolation.
  • ESLint error-handling normalization — Consistent error-handling patterns in actions/setup/js improve reliability of generated JavaScript setup steps.
  • Release PR comment throttling — Rate-limit-safe posting prevents secondary rate limit errors during busy release cycles.

🔧 Internal

Extensive refactoring this release: unified token-usage metrics (TokenCoreMetrics), options-struct patterns to eliminate excessive function parameters, shared analysis base types, and consolidated AST predicates across linters.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 16.7 AIC · ⊞ 7.6K


What's Changed

  • Run package manifest config bootstrap flow by default in gh aw add by @mnkiefer with @Copilot in #46041
  • Throttle release PR comment posting to avoid secondary rate limits by @pelikhan with @Copilot in #46081
  • refactor: extract TokenCoreMetrics to unify token-usage quartet by @pelikhan with @Copilot in #46059
  • Replace positional boolean params with named option structs in workflow helpers by @pelikhan with @Copilot in #46064
  • [linter-miner] feat(linters): add mapclearloop linter — replace range-delete loops with clear(m) by @github-actions[bot] in #46060
  • refactor: introduce options structs to eliminate excessivefuncparams linter violations by @pelikhan with @Copilot in #46065
  • Extract shared AnalysisBase from DomainAnalysis/FirewallAnalysis by @pelikhan with @Copilot in #46063
  • Extract shared base for access and firewall log summaries by @pelikhan with @Copilot in #46079
  • fix: update MAI model to mai-code-1-flash-picker and fix sandbox test isolation by @pelikhan with @Copilot in #46052
  • Fix external threat detection to honor custom engine base URLs and allowlist propagation by @pelikhan with @Copilot in #46077
  • [log] Add debug logging to workflow and CLI helpers by @github-actions[bot] in #46124
  • refactor: consolidate duplicate byte/string AST predicates into linters astutil by @pelikhan with @Copilot in #46108
  • Enhance GitHub host detection for PAT creation and setup commands by @mnkiefer in #46128
  • fix: SHA-pinned actions lose version comment when SkipHardcodedFallback is set by @pelikhan with @Copilot in #46122
  • [community] Update community contributions in README by @github-actions[bot] in #46116
  • [yamllint-fixer] Trim trailing whitespace and cap blank runs in inlined prompt content by @github-actions[bot] in #46123
  • fix(eslint): normalize error-handling patterns in actions/setup/js by @pelikhan with @Copilot in #46101
  • fix: exclude job-output credential env vars from agent sandbox (--exclude-env) by @pelikhan with @Copilot in #46076

Full Changelog: v0.82.11...v0.82.12

v0.82.11

v0.82.11 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 16 Jul 19:50
Immutable release. Only release title and notes can be modified.
38e22c4

🌟 Release Highlights

This release focuses on improved onboarding, stronger safe-outputs reliability, expanded eval coverage, and a wave of targeted bug fixes across the agentic harnesses and compiler toolchain.

✨ What's New

  • Streamlined gh aw add setup — The package manifest config bootstrap flow now runs automatically, reducing manual configuration steps when adding new workflows. (#46041)
  • Preconfigured Copilot PAT onboarding in gh aw add-wizard — The wizard now walks users through setting up a Copilot Personal Access Token, making first-time setup smoother. (#45987)
  • Fork-backed safe-output pull request support — Safe outputs now support creating pull requests from fork-backed branches, expanding the supported workflow topologies. (#45909)
  • GitHub MCP Server upgraded to v1.6.0 — The bundled MCP server is now at v1.6.0 with fields_param enabled by default, giving workflows access to richer GitHub data. (#45832)
  • Issue-intent metadata required for close/assignment toolsclose and assign_to_agent tools now require issue-intent metadata by default (with per-tool opt-out), reducing unintentional issue state changes. (#46014)
  • Evals expanded to 24 more workflows — Automated evaluation coverage has been significantly broadened, improving reliability signals across the workflow library. (#45984)
  • PR sous-chef surfaces failed checks in nudge comments — When a PR is nudged, failed CI checks are now included in the comment, making it easier to act on blocking issues. (#45957)

🐛 Bug Fixes & Improvements

  • Fix repositories: ["*"] in GitHub App token minting — Activation tokens now correctly honor wildcard repository scopes. (#45908)
  • Decouple safe-outputs client token from project token — The Process Safe Outputs client token is now independent of the project-specific token, fixing token confusion in multi-project setups. (#45999)
  • Fix compiler version normalization for git describe output — Version strings from git describe are now normalized correctly before use in compiled workflows. (#46030)
  • Fast-fail Copilot harness on LLM invocation cap — When the LLM invocation cap is saturated, the Copilot harness now fails fast instead of hanging. (#45827)
  • Exempt large body/content fields from SM-IS-01 10 KB cap — Added maxLength: 65536 to body and content fields so large payloads are not incorrectly rejected. (#45826)
  • Detect Claude Code 401 auth errors in claude_harness — Authentication failures from Claude Code are now caught and reported clearly. (#45982)
  • Fix Pi JSONL eval log parsing — YES/NO answers in Pi engine JSONL log format are now parsed correctly. (#45960)
  • Align actionlint to v1.7.12 — All references now use a consistent actionlint version. (#45979)
  • Prevent spurious .github symlink probes — The frontmatter hash GitHub API reader no longer emits false symlink probe requests. (#45989)
  • Improve unknown model pricing errors — Better error messaging and accurate issue titles when a model's pricing data is missing. (#45985)
  • Prevent duplicate "Download container images" step in Codex evals — A duplicate step in the generated Codex evals job is now correctly suppressed. (#45991)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 33.8 AIC · ⊞ 7.6K


What's Changed

  • nilctxpassed: ignore variadic spread slice arguments to prevent false positives by @pelikhan with @Copilot in #45906
  • [WIP] Fix failing GitHub Actions job Integration: Workflow Misc Part 2 by @pelikhan with @Copilot in #45927
  • [WIP] Fix failing GitHub Actions job agent by @pelikhan with @Copilot in #45935
  • [avenger] Update wasm golden files for action pin bumps by @github-actions[bot] in #45948
  • feat: surface failed checks in pr-sous-chef nudge comments by @pelikhan with @Copilot in #45957
  • fix(evals): parse YES/NO answers from Pi JSONL engine log format by @pelikhan with @Copilot in #45960
  • [instructions] Sync instruction files with release v0.82.10 by @github-actions[bot] in #45967
  • fix: add maxLength: 65536 to body/content fields to exempt from SM-IS-01 10 KB cap by @pelikhan with @Copilot in #45826
  • Honor repositories: ["*"] in activation GitHub App token minting by @pelikhan with @Copilot in #45908
  • fix: fast-fail copilot harness when LLM invocation cap is saturated by @pelikhan with @Copilot in #45827
  • [docs] Update glossary - daily scan by @github-actions[bot] in #45975
  • feat: upgrade GitHub MCP server to v1.6.0, enable fields_param by default by @pelikhan with @Copilot in #45832
  • eslint-factory: consolidate fs-sync try/catch rules and unify ESM/CJS fs binding detection by @pelikhan with @Copilot in #45964
  • [eslint-miner] feat(eslint): add require-new-url-try-catch rule by @github-actions[bot] in #45971
  • eslint-factory: extract nonStringKind to shared module; align setOutput rule with CORE_ALIASES by @pelikhan with @Copilot in #45973
  • Refactor ResolveWorkflows into focused helpers to reduce largefunc backlog by @pelikhan with @Copilot in #45965
  • Add evals to 24 more agentic workflows by @pelikhan with @Copilot in #45984
  • fix: align actionlint version to v1.7.12 across all references by @pelikhan with @Copilot in #45979
  • fix: detect Claude Code 401 auth errors in claude_harness by @pelikhan with @Copilot in #45982
  • fix: unknown model pricing — better error options and accurate issue title by @pelikhan with @Copilot in #45985
  • fix: prevent duplicate "Download container images" step in codex evals job by @pelikhan with @Copilot in #45991
  • Add fork-backed safe-output pull request support by @pelikhan with @Copilot in #45909
  • fix: prevent spurious .github symlink probes in frontmatter hash GitHub API reader by @pelikhan with @Copilot in #45989
  • Add preconfigured Copilot PAT onboarding in gh aw add-wizard by @mnkiefer with @Copilot in #45987
  • fix add normalization for git describe compiler versions by @mnkiefer in #46030
  • feat: add smoke-copilot-mai workflow using mai-code-1-flash by @pelikhan with @Copilot in #46048
  • [spdd] Daily spec work plan - 2026-07-16 (rotation 15–19) by @pelikhan with @Copilot in #46044
  • Require issue-intent metadata for close/assignment tools by default, with per-tool opt-out by @pelikhan with @Copilot in #46014
  • feat: add OutcomeStatusLifecycle and OutcomeStatusLifecycleClose as first-class outcome status constants by @pelikhan with @Copilot in #46039
  • [aw] Decouple Process Safe Outputs client token from project-specific token by @pelikhan with @Copilot in #45999

Full Changelog: v0.82.10...v0.82.11

v0.82.10

v0.82.10 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 16 Jul 06:35
Immutable release. Only release title and notes can be modified.
de126a1

🌟 Release Highlights

This release brings declarative custom-engine support, expanded evals infrastructure, CLI improvements, and an important security default change — alongside a strong wave of bug fixes and code quality improvements.

⚠️ Breaking Changes

  • Strict security mode is now the defaultsudo injection and --enable-host-access are no longer injected automatically. Workflows relying on these must opt in explicitly. (#45360)

✨ What's New

  • Declarative custom-engine frontmatter — Crush, OpenCode, and other engines can now be declared via shared behavior definitions in frontmatter, removing boilerplate and improving portability. (#44465)
  • engine.driver frontmatter field — New reference field lets you pin workflows to a specific engine driver. Learn more (#45420)
  • Evals on agentic workflows — BinEval evals enabled on 10 workflows; daily evals report added; evals results now captured in conclusion usage artifacts; --evals flag added to logs and audit commands for filtering. (#45751, #45805, #45373)
  • Bootstrap config consolidationgh aw add and gh aw add-wizard now share a unified config; the actions subcommand is renamed to config for clarity. (#45758)
  • Azure OpenAI BYOK support documented — New guide covers bringing your own Azure OpenAI key for Copilot workflows. (#45276)
  • nilctxpassed Go linter — New analyzer catches nil context passed to functions, preventing hard-to-debug runtime panics. (#45799)

🐛 Bug Fixes & Improvements

  • Fixed secrets context leaking into ignore-if-missing guard expressions, which could silently suppress legitimate failures. (#45828)
  • Fixed update_project silently ignoring string-typed fields by iterating over characters instead of field names. (#45825)
  • Fixed missing id-token: write permission on activation/conclusion/safe_outputs jobs for OTLP OIDC auth. (#45823)
  • Fixed a recurring 60 s timeout in the logs MCP tool that was corrupting audit datasets. (#45714)
  • Fixed MCP gateway config to use raw header serialization for the GitHub remote Authorization header. (#45335)
  • Fixed safe-outputs scope rejection incorrectly triggering when the agent changeset had no workflow files. (#45870)
  • CLI consistency pass: --no-staged renamed for clarity, -e shorthand added to logs, grammar and style fixes. (#45280)
  • Reduced GitHub API consumption in PR review cluster via pre-fetching and caching (~significant reduction in rate-limit pressure). (#45431)

📚 Documentation

  • New BinEval syntax and question decomposition guide at .github/aw/evals.md. (#45833)
  • Replaced deprecated dispatch_repository reference block with a migration note. (#45786)
  • CLI help text, shared flag usage, and setup docs aligned for consistency. (#45753)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 16.9 AIC · ⊞ 7.6K


What's Changed

  • [caveman] Optimize instruction verbosity — skills.md (2026-07-13) by @github-actions[bot] in #45328
  • fix: CLI consistency — rename --no-staged, add -e to logs, grammar/style fixes by @pelikhan with @Copilot in #45280
  • [WIP] Fix failing GitHub Actions job Integration: Workflow Misc Part 2 by @pelikhan with @Copilot in #45293
  • [jsweep] Clean validate_secrets.cjs by @github-actions[bot] in #45184
  • Propagate runner topology into detection AWF image pre-pull by @pelikhan with @Copilot in #45274
  • Refactor token env lookup and schedule helpers to remove semantic drift by @pelikhan with @Copilot in #45298
  • feat(eslint-factory): add Object.assign suggestion to no-throw-plain-object rule by @pelikhan with @Copilot in #45299
  • [linter-miner] feat(linters): add bytesbufferstring linter — flag string(buf.Bytes()) in favour of buf.String() by @github-actions[bot] in #45301
  • Strengthen action pin mapping spec coverage and assertion rigor in pkg/actionpins by @pelikhan with @Copilot in #45340
  • Remove the client-side issue_intents runtime gate by @pelikhan with @Copilot in #45275
  • eslint-factory: detect aliased/destructured/computed core.setFailed in require-return-after-core-setfailed by @pelikhan with @Copilot in #45334
  • feat: enable evals on smoke-copilot by @pelikhan with @Copilot in #45324
  • Stabilize Sighthound Security Scan by scanning a clean archived repo snapshot by @pelikhan with @Copilot in #45361
  • Fix autofix import robustness: use actual local binding qualifier in sprintfint/writebytestring/bytescomparestring by @pelikhan with @Copilot in #45339
  • Fix MCP gateway config JSON: use raw header serialization for GitHub remote MCP Authorization header by @pelikhan with @Copilot in #45335
  • Annotate allowed issue field allowlist as SEC-004 exempt by @pelikhan with @Copilot in #45363
  • [log] Add debug logging to docker-sbx install step generators by @github-actions[bot] in #45374
  • refactor(workflow): split 420-line buildMainJob into focused helpers by @pelikhan with @Copilot in #45333
  • Refine interpolated-route diagnostics for opaque Octokit route helpers by @pelikhan with @Copilot in #45364
  • Document Azure OpenAI BYOK configuration for Copilot workflows by @pelikhan with @Copilot in #45276
  • [community] Update community contributions in README by @github-actions[bot] in #45367
  • [yamllint-fixer] fix(workflow): reduce yamllint noise in generated lock files (16 → 3) by @github-actions[bot] in #45372
  • Harden daily multi-device docs tester for Playwright startup and docs preview readiness by @pelikhan with @Copilot in #45399
  • fix(create_pull_request): redirect fallback issue to alternate repo when target has issues disabled (410) by @pelikhan with @Copilot in #45359
  • Lock in tag-scoped on.push as a valid scoped trigger by @pelikhan with @Copilot in #45362
  • Audit: surface actionable failure diagnostics from step logs or agent-stdio fallback by @pelikhan with @Copilot in #45398
  • docs: add engine.driver to frontmatter reference by @pelikhan with @Copilot in #45420
  • [instructions] Sync instruction files with release v0.82.9 by @github-actions[bot] in #45422
  • feat: add --evals flag to logs and audit commands to filter by evals results by @pelikhan with @Copilot in #45373
  • [jsweep] Clean harness_retry_config.cjs by @github-actions[bot] in #45378
  • Add declarative custom-engine frontmatter and migrate Crush/OpenCode to shared behavior definitions by @pelikhan with @Copilot in #44465
  • chore: remove outdated package workflows for dependabot by @mnkiefer in #45433
  • [docs] Update glossary - daily scan by @github-actions[bot] in #45447
  • feat: reduce GitHub API consumption in PR review cluster via pre-fetching and caching by @pelikhan with @Copilot in #45431
  • Handle braceless core.setFailed() control-flow in require-return-after-core-setfailed by @pelikhan with @Copilot in #45430
  • [rendering-scripts] Fix Pi log parser for the v3 streaming schema (empty step summaries) by @github-actions[bot] in #45414
  • enforce: add stringsindexcontains + stringscountcontains to CI linter batch by @pelikhan with @Copilot in https://github.com/github/gh-...
Read more

v0.82.9

v0.82.9 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 13 Jul 16:42
Immutable release. Only release title and notes can be modified.

🌟 Release Highlights

This release focuses on security hardening, performance improvements, and expanded runtime support — including a new docker-sbx runtime, better compiler analysis, and meaningful speed gains in core compilation paths.

✨ What's New

  • docker-sbx runtime support — Workflows can now target a Docker-based sandbox runtime via the docker-sbx key in the compiler, enabling more isolated execution environments. (#45006)
  • PowerShell installer for Windowsgh-aw now ships a PowerShell install path and Windows CI coverage, making it easier to get started on Windows. (#44953)
  • private-to-public-flows: allow frontmatter field — Workflows can now explicitly opt in to cross-visibility flows using a new tools.github frontmatter field. (#45113)
  • Issue dependency tools in GitHub MCP toolsets — The MCP toolset mapping now includes issue dependency tools. (#45082)
  • Unscoped push trigger validation — A new ValidatePushBranchScope compiler check prevents accidental workflow fan-out from unscoped push triggers. (#44915)
  • toJSON(secrets) blocking rule — The compiler now flags expressions that would expose secrets via toJSON. (#44922)
  • pull_request → pull_request_target escalation detection — The safe-update analysis now flags trigger escalations that could grant elevated permissions unexpectedly. (#44925)
  • Sighthound-gated agentic scan workflow — New workflow for artifact-backed security scanning with configurable gating. (#45120)

⚡ Performance

  • ParseWorkflow regression fixed — Targeted caching reduces parse time by ~51% vs the regression baseline. (#44994)
  • CompileMemoryUsage regression fixed — Optimized normalizeBlankLines and findRunValue paths recover a memory regression. (#44995)
  • ExtractWorkflowNameFromFile hot-path improvements — Faster header parsing recovers a benchmark regression on the critical path. (#45225)

🐛 Bug Fixes

  • CLI proxy default policy now correctly respects repository visibility, blocking private-repo access from public-repo contexts. (#45158)
  • GitHub MCP server fallback — When native HTTP initialization fails, the CLI mounts the MCP server as a fallback. (#44976)
  • COPILOT_MODEL alias resolution — Model aliases are now resolved at runtime before the Copilot CLI is spawned. (#44975)
  • PR triage agent gh pr checks replaced — Switched to MCP get_check_runs to eliminate CLI proxy 403 errors. (#44927)
  • gVisor pinned release bumped — Updated from 20250623.0 to 20250707.0. (#45101)
  • sbx credential refresh — A credential refresh step is now emitted before agent execution. (#45146)
  • Hamburger nav breakpoint — Fixed iPad Pro 12.9 header overlap by extending the breakpoint to 1050px. (#45281)
  • Docs mobile overflow — Resolved hidden-label overflow on mobile and restored the homepage skip-link target. (#45224)

📚 Documentation

  • Deprecated dispatch_repository de-emphasized in the frontmatter reference. (#44928)
  • engine.token-weights frontmatter field removed (was deprecated). (#44948)
  • Developer specifications consolidated into the instructions file (v9.20). (#44961)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 23.7 AIC · ⊞ 7.6K


What's Changed

  • [instructions] Sync instruction files with release v0.82.8 by @github-actions[bot] in #44920
  • fix(eslint): require-return-after-core-setfailed — detect nested-block fall-through, document break/continue limitation by @pelikhan with @Copilot in #44917
  • [eslint-miner] eslint: add no-throw-plain-object rule by @github-actions[bot] in #44924
  • docs: de-emphasize deprecated dispatch_repository in frontmatter full reference by @pelikhan with @Copilot in #44928
  • [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #44930
  • fix(pr-triage-agent): replace gh pr checks with MCP get_check_runs to stop CLI proxy 403s by @pelikhan with @Copilot in #44927
  • feat: add ValidatePushBranchScope to prevent unscoped push triggers causing workflow fan-out by @pelikhan with @Copilot in #44915
  • Flag pull_request → pull_request_target trigger escalation in compiler safe-update analysis by @pelikhan with @Copilot in #44925
  • [avenger] Fix prettier formatting in eslint rule source by @github-actions[bot] in #44935
  • Reduce Smoke CI REST fan-out by scoping pull_request triggers by @pelikhan with @Copilot in #44934
  • Add rule to block toJSON(secrets) expressions by @pelikhan with @Copilot in #44922
  • Stop recommending get_me for workflow identity in GitHub MCP prompts by @pelikhan with @Copilot in #44936
  • Reduce list_pull_requests MCP context bloat via default pagination + minimal output guidance by @pelikhan with @Copilot in #44941
  • [spec-enforcer] Enforce specifications for colorwriter, console, constants by @github-actions[bot] in #44949
  • Normalize progressive-disclosure guidance across reporting workflows by @pelikhan with @Copilot in #44960
  • Remove deprecated engine.token-weights frontmatter by @pelikhan with @Copilot in #44948
  • eslint-factory: suppress unsafe addReturn suggestion after terminal cleanup following core.setFailed by @pelikhan with @Copilot in #44929
  • [docs] Consolidate developer specifications into instructions file (v9.20) by @github-actions[bot] in #44961
  • Skip closed-PR follow-up workflows on Copilot branches by @pelikhan with @Copilot in #44967
  • Add formal safe-update specification for compiler enforcement and manifest baselines by @pelikhan with @Copilot in #44997
  • feat: Add docker-sbx runtime support to compiler by @lpcox with @Copilot in #45006
  • chore: bump firewall version to v0.27.30 by @lpcox with @Copilot in #45025
  • [docs] Update dictation skill instructions by @github-actions[bot] in #45053
  • [safe-output-integrator] Add missing copilot safe-output fixture files (close-discussion, assign-to-agent, assign-to-user, unassign-from-user) by @github-actions[bot] in #45004
  • Improve docs homepage JSON-LD for GEO citation (WebSite + Organization) by @pelikhan with @Copilot in #44991
  • [docs] docs: unbloat about page by @github-actions[bot] in #44992
  • fix: bump pinned gVisor release from 20250623.0 to 20250707.0 by @lpcox with @Copilot in #45101
  • feat: implement private-to-public-flows: allow as a tools.github frontmatter field by @lpcox with @Copilot in #45113
  • fix: emit sbx credential refresh step before agent execution by @lpcox in #45146
  • Fix CLI proxy default policy to respect repo visibility (block private repos in public repos) by @lpcox with @Copilot in #45158
  • spdd: 2026-07-11 spec work plan — normative requirements, combined-integrity fixture, coverage audit by @pelikhan with @Copilot in #44986
  • fix: resolve COPILOT_MODEL aliases at runtime before spawning Copilot CLI by @pelikhan with @Copilot in #44975
  • Formalize replace-label compliance model and fixture-backed conformance tests by @pelikhan with @Copilot in #44981
  • [linter-miner] feat(linters): add ioutildeprecated linter to flag deprecated io/ioutil usag...
Read more

v0.82.8

v0.82.8 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 11 Jul 08:56
Immutable release. Only release title and notes can be modified.
0e0d373

🌟 Release Highlights

This release brings substantial quality and reliability improvements across the compiler, linters, CLI tooling, security architecture, and documentation — with particular focus on ARC/DinD self-hosted runner support and safe-outputs robustness.

✨ What's New

  • gVisor container runtime support — Workflows can now opt into the gVisor runtime via sandbox.agent.runtime: gvisor for stronger sandbox isolation. (#44796)
  • Shared partials can declare sandbox.agent.mounts — Partial workflow files can now define mount configurations that are merged into the parent workflow, enabling reusable sandbox setups. (#44500)
  • AI authorship disclosure header — A new disclosure-header safe-output message type allows agents to declare AI authorship inline in PR comments and issues. (#44497)
  • gh aw add resolves transitive uses: references — Importing a workflow partial now automatically resolves and includes any nested imports, eliminating manual dependency management. (#44763)
  • OAuth token failure propagated to conclusion job — When an OAuth or missing-token failure occurs, it is now surfaced in the conclusion job so failures are never silently swallowed. (#44777, #44756)
  • New stringscountcontains linter — Detects strings.Count(s, sub) > 0 patterns that should be written as strings.Contains. (#44820)
  • ARC DinD how-to guide — New documentation covering how to run the GitHub Copilot coding agent on self-hosted ARC runners with Docker-in-Docker. (Learn more) (#44561, #44586)

🐛 Bug Fixes & Improvements

  • Compiler performanceCompileSimpleWorkflow no longer scans heredoc content for run-block expressions, recovering a measurable regression. (#44454)
  • GHE SSH remote URL parsing — Fixed fuzzy schedule scattering for GHE SSH remotes with non-standard usernames. (#44502)
  • Stale lock guard — A base-ref-aware guard now prevents stale lock files from being introduced when workflow markdown edits occur on branches. (#44912)
  • Confused deputy fix — The confused deputy check is now correctly scoped to bot actors on pull_request:synchronize events only. (#44494)
  • Docker socket GID resolution — Robust GID resolution for ARC/DinD and split-daemon topologies ensures correct socket permissions. (#44446)
  • Playwright-based model pricing scraper — Replaced the fragile static HTML scraper with a Playwright-driven extractor that stays reliable as pricing pages evolve. (#44453)
  • pull_request_review event handling — Fixed add_workflow_run_comment.cjs to correctly handle the pull_request_review event type. (#44503)
  • CI token authentication — Extra-empty-commit CI triggers now correctly authenticate using the CI token rather than persisted checkout credentials. (#44180)
  • linter self-contained fixessprintfint, writebytestring, and bytescomparestring suggested fixes are now fully self-contained, including all required import edits. (#44911, #44665, #44488)
  • Copilot harness idle termination — The Copilot harness now terminates idle processes after a terminal safe output, preventing lingering background jobs. (#44440)

📚 Documentation

  • Cost management page — Reorganized and expanded the cost management reference for clarity. (#44685)
  • Imports reference tightened — Redundant content pruned and accuracy improved in the imports reference. (#44804)
  • CLI reference aligned — The CLI reference now matches the current gh aw --help output and exposes the experiments command. (#44603, #44794)
  • Sandbox reference — Updated sandbox reference reflects new sandbox.agent.runtime and sandbox.agent.mounts fields.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 25.3 AIC · ⊞ 7.6K


What's Changed

  • fix: replace allocating string comparison with bytes.Equal in virtual_fs.go by @pelikhan with @Copilot in #44463
  • fix(daily-model-inventory): replace static HTML pricing scraper with playwright-based extraction by @pelikhan with @Copilot in #44453
  • [community] Update community contributions in README by @github-actions[bot] in #44457
  • docs: expand dispatch-repository nested fields in frontmatter-full.md by @pelikhan with @Copilot in #44456
  • Copilot harness: terminate idle process after terminal safe output by @pelikhan with @Copilot in #44440
  • Ensure extra-empty-commit CI trigger push authenticates as CI token, not persisted checkout credentials by @pelikhan with @Copilot in #44180
  • perf: fix CompileSimpleWorkflow regression — skip heredoc content in run-block expression scan by @pelikhan with @Copilot in #44454
  • pkg/agentdrain: add nil-guard to Analyze and improve anomaly test quality by @pelikhan with @Copilot in #44455
  • chore: bump gh-aw-firewall to v0.27.28 by @pelikhan with @Copilot in #44467
  • [instructions] Sync instruction files with release v0.82.7 by @github-actions[bot] in #44541
  • fix: remove double-normalization in overridePersistedExtraheader by @pelikhan with @Copilot in #44492
  • fix: resolve all non-largefunc custom linter findings by @pelikhan with @Copilot in #44461
  • Fix yamllint violations in generated lock files by @pelikhan with @Copilot in #44491
  • fix: handle pull_request_review event in add_workflow_run_comment.cjs by @pelikhan with @Copilot in #44503
  • Use specific failure categories before agent_failure in failure-issue routing by @pelikhan with @Copilot in #44498
  • Document and pin no-github-request-interpolated-route boundary behavior by @pelikhan with @Copilot in #44550
  • Add ARC DinD how-to guide for running GitHub Copilot coding agent on self-hosted runners by @lpcox with @Copilot in #44561
  • docs: DinD is required for ARC (not optional), fix NET_ADMIN misinformation, clarify sudo scope by @lpcox with @Copilot in #44586
  • fix: scope confused deputy check to bot actors on pull_request:synchronize by @pelikhan with @Copilot in #44494
  • Track compiled lock files for the new test workflows by @pelikhan with @Copilot in #44551
  • [docs] docs: unbloat workflow structure reference by @github-actions[bot] in #44596
  • Align CLI reference with current gh aw --help output by @pelikhan with @Copilot in #44603
  • [safe-output-integrator] fix: use canonical dispatch-repository key in test fixture by @github-actions[bot] in #44614
  • fix: parse GHE SSH remote URLs with non-standard usernames for fuzzy schedule scattering by @pelikhan with @Copilot in #44502
  • Always compile after any workflow .md change to keep .lock.yml in sync by @pelikhan with @Copilot in #44565
  • Reframe bytescomparestring as style/intent lint and fix single-import autofix output by @pelikhan with @Copilot in #44488
  • Refresh package specs for spec-audit mismatches and stale README coverage by @pelikhan with @Copilot in #44564
  • Reduce ExtractWorkflowNameFromFile overhead in CLI workflow title parsing by @pelikhan with @Copilot in #44604
  • Surface ex...
Read more

v0.82.7

v0.82.7 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 09 Jul 03:56
Immutable release. Only release title and notes can be modified.
f78aa11

🌟 Release Highlights

This release delivers significant reliability improvements for ARC/DIND runners, MCP Gateway upgrades, expanded checkout authentication, and a wave of bug fixes and documentation enhancements.

✨ What's New

  • Safe-output GitHub App checkout auth — Workflows can now authenticate checkouts in safe_outputs jobs using a GitHub App (checkout.safe-output-github-app), enabling secure, credential-scoped repository access without using personal tokens. (#44444)

  • MCP Gateway v0.4.1 — Upgraded the embedded MCP Gateway (mcpg) to v0.4.1, bringing the latest guard-policy fixes and sink-visibility support to all agentic workflow runs. (#44403)

  • Smoke tests for model: small alias — A new daily smoke workflow validates that the model: small alias resolves correctly end-to-end, catching regressions before they reach production. (#44288)

  • Decentralized label_command auto-permissions — The compiler now automatically grants pull-requests:read to pre_activation jobs when label_command is used on pull_request events, eliminating a common manual permission boilerplate. (#44282)

  • Formal checkout behavior spec — Agent and safe_outputs job checkout behavior is now formally specified, giving workflow authors a clear contract for credential availability and repo access. (#44225)

⚡ Performance

  • Faster run-script expression guardrail — Cut YAMLGeneration overhead in the run-script expression guardrail, improving compilation throughput for workflows with many run steps. (#44438)

🐛 Bug Fixes & Improvements

  • ARC/DIND runner fix — Propagating RunnerConfig to the detection job resolves a ENOENT error on ARC-dind Copilot runners. (#44445)

  • Sandbox firewall directory permissions — Root-owned sandbox firewall directories are now reclaimed on reused runners, preventing EACCES errors on subsequent runs. (#44276)

  • Copilot CLI hang on exit fixed — Reduced the post-completion idle watchdog timeout and added cleanup timeouts, preventing the Copilot CLI from hanging after workflow completion. (#44254)

  • Elixir runtime erl exposureerl is now correctly exposed in the AWF sandbox when using runtimes.elixir. (#44283)

  • Nested repo-memory glob matching — Fixed glob matching for memory files stored in nested subdirectories. (#44215)

  • Claude startup failure hardening — Empty-log Avenger runs no longer fail silently; Claude startup failures are now detected and surfaced correctly. (#44332)

  • Safe-outputs graceful fallbackGH_AW_SAFE_OUTPUTS is now correctly passed to the "Parse agent logs" step, activating the graceful fallback path when needed. (#44354)

  • Engine driver schema broadened — The engine.driver schema description now matches the actual runtime multi-language support, reducing schema validation false positives. (#44355)

📚 Documentation

  • Sink visibility field — Documented the sink-visibility field in the MCP Gateway write-sink guard policy (spec v1.15.0) and tightened guard-policy prose. (#44373, #44305)

  • --force-public-repos proxy flag — The --force-public-repos flag for the proxy subcommand is now documented. (#44360)

  • CLI flag alignmentaudit, status, experiments, and legacy --disable-* flags are now consistently documented with their deprecation behavior. (#44312)

  • Custom model pricing FAQ — Added a FAQ entry covering custom model pricing in agentic workflow frontmatter. (#44450)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 36.5 AIC · ⊞ 7.6K


What's Changed

  • add smoke-copilot-small workflow to validate model: small alias resolution by @pelikhan with @Copilot in #44288
  • Fix repo-memory glob matching for nested memory files by @pelikhan with @Copilot in #44215
  • Compiler: auto-grant pull-requests:read to pre_activation for decentralized label_command on pull_request events by @pelikhan with @Copilot in #44282
  • fix: reduce post-completion idle watchdog and add cleanup timeouts to prevent Copilot CLI hang on exit by @pelikhan with @Copilot in #44254
  • docs(parser): document missing internal dependencies in README by @pelikhan with @Copilot in #44308
  • docs: document sink-visibility field in MCP Gateway write-sink guard policy (spec v1.15.0) by @lpcox with @Copilot in #44305
  • docs: document --force-public-repos flag for proxy subcommand by @lpcox in #44360
  • Copilot/document sink visibility field by @lpcox in #44373
  • [linter-miner] linter: add bytescomparestring — flag string(a)==string(b) where a,b are []byte by @github-actions[bot] in #44389
  • Add formal checkout behavior specification for agent and safe_outputs jobs by @pelikhan with @Copilot in #44225
  • [docs] docs: tighten MCP gateway guard-policy prose by @github-actions[bot] in #44365
  • fix: broaden engine.driver schema description to match runtime multi-language support by @pelikhan with @Copilot in #44355
  • [safe-output-integrator] Add missing safe-output type fixtures and Go test coverage (11 types) by @github-actions[bot] in #44405
  • [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #44330
  • fix: pass GH_AW_SAFE_OUTPUTS to "Parse agent logs" step to activate graceful fallback by @pelikhan with @Copilot in #44354
  • Normalize report body formatting rules across 11 reporting workflows by @pelikhan with @Copilot in #44314
  • Bump MCP Gateway (mcpg) to v0.4.1 by @lpcox with @Copilot in #44403
  • Schedule Smoke Copilot Sub Agents workflow to run daily by @pelikhan with @Copilot in #44443
  • Align CLI docs and deprecation behavior for audit, status, experiments, and legacy --disable-* flags by @pelikhan with @Copilot in #44312
  • Refactor safe-outputs config parsing into focused workflow modules by @pelikhan with @Copilot in #44313
  • SPDD 2026-07-08: close spec sync gaps and enforce add-flow rollback semantics by @pelikhan with @Copilot in #44358
  • fix: expose erl in AWF sandbox when using runtimes.elixir by @pelikhan with @Copilot in #44283
  • docs: FAQ entry for custom model pricing in agentic workflow frontmatter by @pelikhan with @Copilot in #44450
  • Harden Claude startup failure handling for empty-log Avenger runs by @pelikhan with @Copilot in #44332
  • perf(workflow): cut YAMLGeneration overhead in run-script expression guardrail by @pelikhan with @Copilot in #44438
  • fix: reclaim root-owned sandbox firewall dirs to prevent EACCES on reused runners by @pelikhan with @Copilot in #44276
  • fix: propagate RunnerConfig to detection job to fix arc-dind Copilot ENOENT by @pelikhan with @Copilot in #44445
  • Add checkout.safe-output-github-app support for safe_outputs checkout auth by @pelikhan with @Copilot in #44444

Full Changelog: v0.82.6...v0.82.7

v0.82.6

v0.82.6 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 08 Jul 13:30
Immutable release. Only release title and notes can be modified.
adb344b

🌟 Release Highlights

This release focuses on correctness and reliability — fixing subtle bugs in workflow compilation, strengthening security defaults, and improving developer tooling with new ESLint rules and unit tests.

✨ What's New

  • ESLint rule: no-github-request-interpolated-route — A new static analysis rule flags interpolated template literals and string concatenation in Octokit .request() route arguments. This prevents malformed URLs and enforces the typed placeholder syntax ({owner}, {repo}) that GitHub's REST API expects. (#44268)

  • Comment-memory support for deterministic jobs — Custom jobs and on.steps flows with restore-memory: true now correctly receive the comment-memory config, enabling deterministic steps to consume persisted memory before agent execution. (#44214)

🐛 Bug Fixes & Improvements

  • Safer lockdown defaults on API failure — When the determine-automatic-lockdown step cannot fetch repository visibility, sink-visibility now defaults to "public" (strict policy) instead of the previously unrecognized "unknown" value, preventing unpredictable guard policy behavior. (#44286)

  • Detection job dependency fixengine.env values referencing needs.<job>.outputs.* expressions now correctly propagate to the detection job's needs list, preventing silent empty-string resolution at runtime. (#44202)

  • Lockdown autodetection skip when guard policy is explicit — The determine-automatic-lockdown step is now skipped when guard policies are already statically configured in frontmatter, eliminating redundant runtime detection. (#44270)

  • Deprecated output references cleaned up — All remaining uses of needs.activation.outputs.{text,title,body} in tests and specs replaced with the current steps.sanitized.outputs.* form, eliminating spurious deprecation warnings. (#44255)

📚 Documentation

  • Token type validation clarified — Auth reference docs now explicitly document that COPILOT_GITHUB_TOKEN and GH_AW_GITHUB_TOKEN must be fine-grained PATs. OAuth user tokens (gho_...) are intentionally rejected at activation with remediation guidance. (#44275, Learn more)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 24.6 AIC · ⊞ 7.6K


What's Changed

  • [spec-extractor] Update package specifications for tty, types, typeutil, workflow by @github-actions[bot] in #44266
  • fix: skip lockdown autodetection step when guard policy is explicitly configured by @pelikhan with @Copilot in #44270
  • Replace deprecated needs.activation.outputs.{text,title,body} with steps.sanitized.outputs.* by @pelikhan with @Copilot in #44255
  • fix: detection job missing engine.env job dependencies in needs list by @pelikhan with @Copilot in #44202
  • Restore comment-memory config for deterministic memory-read jobs by @pelikhan with @Copilot in #44214
  • refactor(workflow): rename same-name/different-semantics helpers to eliminate navigation confusion by @pelikhan with @Copilot in #44149
  • [docs] Update documentation for features from 2026-07-08 by @github-actions[bot] in #44275
  • [docs] Update glossary - daily scan by @github-actions[bot] in #44273
  • feat(eslint): add no-github-request-interpolated-route rule by @pelikhan with @Copilot in #44268
  • fix: default sink-visibility to "public" when repository visibility check fails by @pelikhan with @Copilot in #44286
  • Add unit tests for StripANSI in pkg/stringutil by @pelikhan with @Copilot in #44277

Full Changelog: v0.82.5...v0.82.6

v0.82.5

v0.82.5 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 08 Jul 10:26
Immutable release. Only release title and notes can be modified.
f9635a3

🌟 Release Highlights

This release focuses on developer guardrails and code quality tooling, hardening ESLint rules, improving compile-time safety, and adding proactive security checks for credential hygiene.

✨ What's New

  • Workflow-edit guard for stale lock files — A lightweight CI guard now catches agents that edit .github/workflows/*.md without recompiling the corresponding .lock.yml. This surfaces CI failures early, before the heavyweight check-workflow-drift job runs. (#44238)

  • OAuth token detection in activation jobs — The activation job now flags COPILOT_GITHUB_TOKEN and GH_AW_GITHUB_TOKEN values that are OAuth tokens (gho_...). OAuth tokens are over-provisioned user-scoped credentials unsuitable for automation, and early detection prevents hard-to-debug permission failures downstream. (#44204)

  • Runtime sink-visibilitysink-visibility in the MCP guard policy config is now computed at runtime instead of baked in at compile time. This eliminates stale configs and removes the network call during compilation. (#44245)

🐛 Bug Fixes & Improvements

  • ESLint: try/finally without catch treated as unprotectedisInsideTryBlock was returning true for try/finally blocks with no catch clause. Since a catch-less try/finally does not suppress thrown errors, these call sites are now correctly flagged. (#44256)

  • ESLint: require-fs-sync-try-catch catches destructured and aliased fs bindings — The rule previously only matched fs.method() call patterns, silently missing bindings introduced by destructuring (e.g., const { appendFileSync } = fs) or aliasing. Unprotected file-system calls using these patterns are now correctly reported. (#44240)

  • Designer: dismiss-pull-request-review added to Safe Output Mapping — The Designer Drift Audit had falsely flagged 15 missing network ecosystem identifiers due to a head-limit truncation bug, and one genuinely missing safe output type (dismiss-pull-request-review). Both are now fixed. (#44209)

  • Go code gen: string() cast emitted for named string typeswritebytestring now correctly emits a string(s) cast when writing named string types (e.g., type MyStr string), fixing non-compiling generated code. RunWithSuggestedFixes support was also added. (#44208)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 26 AIC · ⊞ 7.6K


What's Changed

  • [jsweep] Clean compact_numbers.cjs — add comprehensive test suite by @github-actions[bot] in #44189
  • fix(designer): add dismiss-pull-request-review to Safe Output Mapping; fix head limits in drift audit by @pelikhan with @Copilot in #44209
  • feat: add lightweight workflow-edit guard for stale lock files by @pelikhan with @Copilot in #44238
  • fix(writebytestring): emit string() cast for named string types; add RunWithSuggestedFixes by @pelikhan with @Copilot in #44208
  • refactor: compute sink-visibility at runtime instead of compile time by @pelikhan with @Copilot in #44245
  • Refactor getOrCreateListRepoClone into focused helpers in parser remote file listing by @pelikhan with @Copilot in #44179
  • [instructions] Sync instruction files with release v0.82.4 by @github-actions[bot] in #44252
  • fix(eslint-factory): require-fs-sync-try-catch catches destructured and aliased fs bindings by @pelikhan with @Copilot in #44240
  • fix(eslint-factory): treat try/finally without catch as unprotected in isInsideTryBlock by @pelikhan with @Copilot in #44256
  • feat: detect OAuth tokens in activation job for COPILOT_GITHUB_TOKEN and GH_AW_GITHUB_TOKEN by @pelikhan with @Copilot in #44204

Full Changelog: v0.82.4...v0.82.5

v0.82.4

v0.82.4 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 08 Jul 05:36
Immutable release. Only release title and notes can be modified.
c94f432

🌟 Release Highlights

This release focuses on memory step ordering reliability, security hardening, and compiler improvements that enhance the predictability and safety of agentic workflow execution.

✨ What's New

  • Memory stores available earlier in agent jobscache-memory, repo-memory, and comment-memory are now restored before user-defined steps:, ensuring your workflow steps always have access to memory context. Custom jobs also benefit from automatic restore-memory step injection (#44037, #43984, #43952).

  • Deterministic dispatch gating — Memory stores are now exposed to on.steps in pre-activation, enabling more reliable conditional dispatch logic based on memory state (#44015).

  • Sink visibility in compiled policies — Compiled write-sink guard policies now emit sink-visibility metadata, improving auditability of what each job can write (#44154).

  • Loopback MCP server isolation — Loopback HTTP MCP servers are now rejected in network isolation mode, strengthening the security boundary for isolated workflow runs (#44113).

  • Binary evaluations via BinEval — The compiler now supports an evals job type for BinEval binary evaluations, enabling structured model evaluation pipelines (#43700).

  • set_issue_field field validation — Builtin fields are now refused in set_issue_field to prevent accidental overwrites of system-managed fields (#44170).

🐛 Bug Fixes & Improvements

  • Stale /tmp/gh-aw ownership fixed — Root-owned temp directories are now reclaimed before AWF invocation, preventing permission errors in agent runs (#44022).

  • arc-dind workspace mount — Removed the deprecated --docker-host-path-prefix CLI flag and added an explicit workspace mount for the arc-dind topology, ensuring reliable container builds (#44145).

  • Parser field population fixrequired-labels and required-title-prefix fields are now correctly populated in the update-pull-request and update-issue parsers (#44168).

  • Security: safer installer pattern — Replaced curl | sh installer pipes with a download-then-verify pattern, eliminating a supply-chain risk (RGS-018) (#43716).

  • CLI flag and docs consistency — Corrected --yes verb, --dir env hint, and add-wizard documentation across 9 commands for a more consistent developer experience (#44050).

  • SHA-pinned build-tools image — The firewall image for arc-dind topology is now SHA-pinned, ensuring reproducible and tamper-resistant builds (#44044).

📚 Documentation

  • Clarified Quick Start terminology for frontmatter and .lock.yml to reduce onboarding confusion (#44079).
  • Trimmed cache-memory reference bloat and updated the glossary for cleaner, more focused documentation (#44088, #44010).

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 25.5 AIC · ⊞ 7.6K


What's Changed

  • fix: reclaim stale root-owned /tmp/gh-aw before AWF invocation by @lpcox in #44022
  • Move comment-memory preparation before user steps: in agent job by @pelikhan with @Copilot in #43952
  • eslint-factory: detect catch-variable aliases in require-error-cause-in-rethrow by @pelikhan with @Copilot in #43966
  • [instructions] Sync instruction files with release v0.82.2 by @github-actions[bot] in #43990
  • [spec-extractor] Update package specifications for stringutil, styles, testutil, timeutil by @github-actions[bot] in #44007
  • [docs] Update glossary - daily scan 2026-07-07 by @github-actions[bot] in #44010
  • Update package specs for modelsdev, console, and logger by @pelikhan with @Copilot in #44047
  • fix: SHA-pin build-tools firewall image for arc-dind topology by @lpcox with @Copilot in #44044
  • [eslint-miner] eslint: add require-fs-sync-try-catch rule by @github-actions[bot] in #43994
  • feat(go-gh): modernize go-gh API usage — drop gh.Exec for GraphQL, add timeouts, tidy DefaultRESTClient by @pelikhan with @Copilot in #43985
  • Targeted custom-lint cleanup: append byte conversion, context propagation, error wrapping, and param-count reduction by @pelikhan with @Copilot in #43938
  • Move cache-memory and repo-memory restore steps before user steps: in agent job by @pelikhan with @Copilot in #43984
  • Clarify Quick Start terminology for frontmatter and .lock.yml by @pelikhan with @Copilot in #44079
  • [docs] docs: trim cache-memory reference bloat by @github-actions[bot] in #44088
  • Route pdf-summary discussions to Audits category by @pelikhan with @Copilot in #44092
  • refactor(workflow): extract helpers to fix function-length lint violations by @pelikhan with @Copilot in #44008
  • fix(doc-healer): gate artifact constant check on actual artifact production by @pelikhan with @Copilot in #44134
  • test(constants): table-driven assertions and extend octal-literal check to cmd/ by @pelikhan with @Copilot in #44114
  • Add restore-memory step injection for custom jobs by @pelikhan with @Copilot in #44037
  • fix: correct --yes verb, --dir env hint, and add-wizard docs across 9 commands by @pelikhan with @Copilot in #44050
  • refactor: split logs_orchestrator.go (1284 lines) into 5 focused modules by @pelikhan with @Copilot in #44051
  • [linter-miner] linters: add writebytestring — flag w.Write([]byte(s)) calls that should use io.WriteString by @github-actions[bot] in #44101
  • Reduce BenchmarkValidation overhead by caching safe-output field order by @pelikhan with @Copilot in #44090
  • Reject loopback HTTP MCP servers in network isolation mode by @pelikhan with @Copilot in #44113
  • Extend envutil for bool/string access and remove direct CI bypasses by @pelikhan with @Copilot in #44097
  • compiler: add evals job for BinEval binary evaluations by @pelikhan with @Copilot in #43700
  • Expose memory stores to on.steps in pre-activation for deterministic dispatch gating by @pelikhan with @Copilot in #44015
  • Emit sink-visibility in compiled write-sink guard policies by @lpcox with @Copilot in #44154
  • fix(arc-dind): remove --docker-host-path-prefix CLI flag and add explicit workspace mount by @lpcox in #44145
  • fix(security): replace curl|sh installer pipes with download+verify (RGS-018) by @pelikhan with @Copilot in #43716
  • [log] Add debug logging to parser and workflow files by @github-actions[bot] in #44183
  • [community] Update community contributions in README by @github-actions[bot] in #44171
  • feat: refuse builtin fields in set_issue_field by @pelikhan with @Copilot in #44170
  • Bump AWF to v0.27.27 and MCPG to v0.4.0 by @lpcox with @Copilot in #44173
  • Replace hard-coded activation symlink path literals with named/shared path constants by @pelikhan with @Copilot in #44177
  • fix: populate required-labels and required-title-prefix in update-pull-request and update-issue parsers by @pelikhan with @Copilot in #44168

Full Changelog: v0.82.3...v0.82.4

v0.82.3

v0.82.3 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 07 Jul 10:00
Immutable release. Only release title and notes can be modified.
afad433

🌟 Release Highlights

This release focuses on developer experience, security hardening, and compiler flexibility — delivering tighter CI guardrails, new safe-output primitives, and meaningful quality-of-life improvements across the toolchain.

✨ What's New

  • Compiler job dependency controljobs.<generated>.needs can now augment compiler-generated job dependencies, giving authors explicit control over execution order for generated jobs like activation, agent, and safe_outputs (#43940)

  • dismiss-review safe output — Workflows can now programmatically dismiss their own PR reviews with actor-bound guards and required justification, enabling automated review lifecycle management (#43125)

  • Native duplicate issue markingclose-issue with duplicate_of now creates a proper GitHub "marked as duplicate of #X" timeline entry instead of a plain comment (#43152)

  • CI drift detection for lock files — A new CI check catches stale .lock.yml files when workflow markdown is edited without regenerating the corresponding lock files, preventing silent drift (#43747)

  • Selective maintenance job opt-outmaintenance.disabled_jobs lets repositories omit specific agentics-maintenance jobs, avoiding unnecessary write scopes for issue-triage-only repos (#43300)

  • Harness retry policy now configurableGH_AW_HARNESS_* env vars let workflows widen the retry window for Copilot/Claude harnesses during sustained API transients (#43051)

  • Model inventory update — New model aliases (kiwi, mai-code) added; 10 Copilot sub-agents upgraded from small to newer model aliases for improved output quality (#43085, #43063)

🐛 Bug Fixes & Improvements

  • MCP server security hardening — HTTP MCP server now binds to 127.0.0.1 only, closing a DNS-rebinding and cross-origin POST attack surface introduced by go-sdk v1.6.0 (#43766)

  • Ctrl-C cancellation restoredcontext.Context threaded through 8 remote_fetch.go APIs so Ctrl-C now properly cancels in-flight HTTP requests from any CLI command (#43128)

  • Token double-charging fix — Cache-read tokens for the github-copilot provider were incorrectly counted twice; this is now corrected for accurate cost reporting (#43048)

  • Token metrics restoration — Token usage metrics are now correctly restored even when events.jsonl omits session.shutdown.modelMetrics (#43007)

  • Rate limit cancellationcheckAndWaitForRateLimit is now context-cancellable, preventing stuck runs during Ctrl-C (#43848)

  • gh aw trial GH_HOST support--trigger-context issue URLs now correctly honor GH_HOST for GitHub Enterprise Server deployments (#43729)

  • safe-outputs manifest bundled — The safe-outputs-items manifest is now included in the usage artifact, restoring SafeItemsCount visibility in run reports (#43056)

📚 Documentation

  • Quick Start improvements — Frontmatter defined inline with .lock.yml semantics surfaced as a callout; engine secret setup clarified (#43083, #43107)

  • CLI reference expanded — Added "When to use" column to CLI commands summary table; enterprise guidance collapsed to reduce cognitive load (#43699, #43082)

  • Persona-driven authoring guide — New documentation covering persona-based workflow authoring and ad hoc scenario evaluation (#43050)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 33.4 AIC · ⊞ 7.6K


What's Changed

  • Honor NO_COLOR/color-profile degradation for Lip Gloss v2 output paths by @pelikhan with @Copilot in #42945
  • Surface canonical dispatch-repository key in frontmatter full reference by @pelikhan with @Copilot in #43009
  • [docs] docs: trim repetitive glossary entries by @github-actions[bot] in #43019
  • fix(lint-monster): eliminate os.Getenv coupling in compilerenv and action_mode by @pelikhan with @Copilot in #42984
  • Strengthen codemod registry coverage by asserting all registered IDs by @pelikhan with @Copilot in #43008
  • Fix CLI consistency issues in lint, mcp, and secrets commands by @pelikhan with @Copilot in #42982
  • Restore token usage metrics when events.jsonl omits session.shutdown.modelMetrics by @pelikhan with @Copilot in #43007
  • compiler: inject missing model pricing from models.dev at compile time by @pelikhan with @Copilot in #43003
  • refactor(copilot-sdk): multi-provider only — remove single-provider legacy by @pelikhan with @Copilot in #42740
  • compilerenv: remove constructor panic to satisfy custom Go lint by @pelikhan with @Copilot in #43044
  • Suppress CodeQL js/http-to-file-access in ensure-docs-slide-pdf.js with explicit trust-boundary rationale by @pelikhan with @Copilot in #43049
  • Document persona-driven workflow authoring and ad hoc scenario evaluation by @pelikhan with @Copilot in #43050
  • Refresh AWF container digests and recompile workflow lockfiles by @pelikhan with @Copilot in #43060
  • feat(models): 2026-07-03 model inventory update — new models, alias additions, mirror sync by @pelikhan with @Copilot in #43063
  • Trim search_repositories token cost with explicit small-page pagination in workflow prompts by @pelikhan with @Copilot in #43055
  • Harden temp writes in safe-output evaluation script by @pelikhan with @Copilot in #43054
  • Reduce ambient prompt bloat in core analysis workflows by @pelikhan with @Copilot in #43053
  • fix: stop double-charging cache-read tokens for github-copilot provider by @pelikhan with @Copilot in #43048
  • fix: prevent tool denial failures in daily-agent-of-the-day-blog-writer by @pelikhan with @Copilot in #43070
  • feat: migrate 10 copilot sub-agents from small to kiwi / mai-code by @pelikhan with @Copilot in #43085
  • Quick Start: define frontmatter inline and surface .lock.yml semantics as a callout by @pelikhan with @Copilot in #43083
  • refactor: split compiler_types.go grab-bag into workflow_data.go and safe_outputs_config.go by @pelikhan with @Copilot in #43071
  • Docs: reduce CLI page cognitive load by collapsing enterprise guidance by @pelikhan with @Copilot in #43082
  • fix(safe-outputs): bundle safe-outputs-items manifest into usage artifact to restore SafeItemsCount by @pelikhan with @Copilot in #43056
  • fix: pass GITHUB_SHA to safe-outputs MCP server container by @pelikhan with @Copilot in #43106
  • [log] Add debug logging to import-path and pricing resolution by @github-actions[bot] in #43109
  • Fail fast on empty safeoutputs schema and add Copilot soft-time convergence guard by @pelikhan with @Copilot in #43057
  • fix: hard-bake workflow ID in workflow_call concurrency group to prevent deadlock by @pelikhan with @Copilot in #43078
  • Home page: move Public Preview notice into hero with warning callout styling by @pelikhan with @Copilot in #43081
  • [jsweep] Clean tool_call_details.cjs by @github-actions[bot] in #43111
  • Clarify Quick Start workflow source and engine secret setup by @pelikhan with @Copilot in #43107
  • Add centralized /souschef PR command routing to PR Sous Chef by @pelikhan with @Copilot in #43119
  • Refactor main-job runtime setup orchestration to reduce largefunc backlog by @pelikhan with @Copilot in #43105
  • fix(daily-yamllint-fixer): add testdata/** to allowed...
Read more