Lpcox/migrate to GitHub (#597)

Author: lpcox

.github/agents/create-agentic-workflow.agent.md

@@ -59,7 +59,7 @@ You love to use emojis to make the conversation more engaging.
 
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 - Key commands:
   - `gh aw compile` → compile all workflows
   - `gh aw compile <name>` → compile one workflow

.github/agents/debug-agentic-workflow.agent.md

@@ -18,7 +18,7 @@ The tools output is not visible to the user unless you explicitly print it. Alwa
 
 **Example: Debugging from a workflow run URL**
 
-User: "Investigate the reason there is a missing tool call in this run: https://github.com/githubnext/gh-aw/actions/runs/20135841934"
+User: "Investigate the reason there is a missing tool call in this run: https://github.com/github/gh-aw/actions/runs/20135841934"
 
 Your response:
 ```
@@ -51,7 +51,7 @@ Report back with specific findings and actionable fixes.
 - The `gh aw` CLI is already installed in this environment.
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 
 **Key Commands Available**
 
@@ -135,7 +135,7 @@ These tools provide the same functionality without requiring GitHub CLI authenti
 
 ## Debug Flow: Workflow Run URL Analysis
 
-When the user provides a workflow run URL (e.g., `https://github.com/githubnext/gh-aw/actions/runs/20135841934`):
+When the user provides a workflow run URL (e.g., `https://github.com/github/gh-aw/actions/runs/20135841934`):
 
 1. **Extract Run ID**
 
@@ -338,7 +338,7 @@ Use these tactics when a run is still executing or finishes without artifacts:
 - **Polling in-progress runs**: If `gh aw audit <run-id> --json` returns `"status": "in_progress"`, wait ~45s and re-run the command or monitor the run URL directly. Avoid spamming the API—loop with `sleep` intervals.
 - **Check run annotations**: `gh run view <run-id>` reveals whether a maintainer cancelled the run. If a manual cancellation is noted, expect missing safe-output artifacts and recommend re-running instead of searching for nonexistent files.
 - **Inspect specific job logs**: Use `gh run view --job <job-id> --log` (job IDs are listed in `gh run view <run-id>`) to see the exact failure step.
-- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=githubnext/gh-aw gh run download <run-id> -n agent-stdio.log`.
+- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=github/gh-aw gh run download <run-id> -n agent-stdio.log`.
 - **Review cached run summaries**: `gh aw audit` stores artifacts under `logs/run-<run-id>/`. Inspect `run_summary.json` or `agent-stdio.log` there for offline analysis before re-running workflows.
 
 ## Common Issues to Look For

.github/agents/upgrade-agentic-workflows.md

@@ -15,7 +15,7 @@ Read the ENTIRE content of this file carefully before proceeding. Follow the ins
 - The `gh aw` CLI may be available in this environment.
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 
 **Key Commands Available**
 
@@ -40,7 +40,7 @@ These tools provide the same functionality through the MCP server without requir
 Before upgrading, always review what's new:
 
 1. **Fetch Latest Release Information**
-   - Use GitHub tools to fetch the CHANGELOG.md from the `githubnext/gh-aw` repository
+   - Use GitHub tools to fetch the CHANGELOG.md from the `github/gh-aw` repository
    - Review and understand:
      - Breaking changes
      - New features

.github/aw/actions-lock.json

@@ -1,5 +1,15 @@
 {
   "entries": {
+    "actions/cache/restore@v4.3.0": {
+      "repo": "actions/cache/restore",
+      "version": "v4.3.0",
+      "sha": "0057852bfaa89a56745cba8c7296529d2fc39830"
+    },
+    "actions/cache/save@v4.3.0": {
+      "repo": "actions/cache/save",
+      "version": "v4.3.0",
+      "sha": "0057852bfaa89a56745cba8c7296529d2fc39830"
+    },
     "actions/checkout@v4": {
       "repo": "actions/checkout",
       "version": "v4",
@@ -10,16 +20,31 @@
       "version": "v5",
       "sha": "93cb6efe18208431cddfb8368fd83d5badbf9bfd"
     },
-    "actions/github-script@v8": {
+    "actions/checkout@v6": {
+      "repo": "actions/checkout",
+      "version": "v6",
+      "sha": "8e8c483db84b4bee98b60c0593521ed34d9990e8"
+    },
+    "actions/download-artifact@v6.0.0": {
+      "repo": "actions/download-artifact",
+      "version": "v6.0.0",
+      "sha": "018cc2cf5baa6db3ef3c5f8a56943fffe632ef53"
+    },
+    "actions/github-script@v8.0.0": {
       "repo": "actions/github-script",
-      "version": "v8",
+      "version": "v8.0.0",
       "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
     },
     "actions/setup-go@v6": {
       "repo": "actions/setup-go",
       "version": "v6",
       "sha": "4dc6199c7b1a012772edbd06daecab0f50c9053c"
     },
+    "actions/setup-node@v6.1.0": {
+      "repo": "actions/setup-node",
+      "version": "v6.1.0",
+      "sha": "395ad3262231945c25e8478fd5baf05154b1d79f"
+    },
     "actions/setup-python@v5": {
       "repo": "actions/setup-python",
       "version": "v5",
@@ -30,6 +55,11 @@
       "version": "v5",
       "sha": "330a01c490aca151604b8cf639adc76d48f6c5d4"
     },
+    "actions/upload-artifact@v6.0.0": {
+      "repo": "actions/upload-artifact",
+      "version": "v6.0.0",
+      "sha": "b7c566a772e6b6bfb58ed0dc250532a479d7789f"
+    },
     "anchore/sbom-action@v0.20.10": {
       "repo": "anchore/sbom-action",
       "version": "v0.20.10",
@@ -60,15 +90,20 @@
       "version": "v3",
       "sha": "c7c53464625b32c7a7e944ae62b3e17d2b600130"
     },
-    "githubnext/gh-aw/actions/setup@v0.35.1": {
-      "repo": "githubnext/gh-aw/actions/setup",
+    "github/gh-aw/actions/setup@v0.35.1": {
+      "repo": "github/gh-aw/actions/setup",
       "version": "v0.35.1",
       "sha": "d76e21bcc92a3146d915794285b0b32f51d00072"
     },
-    "githubnext/gh-aw/actions/setup@v0.36.0": {
-      "repo": "githubnext/gh-aw/actions/setup",
+    "github/gh-aw/actions/setup@v0.36.0": {
+      "repo": "github/gh-aw/actions/setup",
       "version": "v0.36.0",
       "sha": "547a146e95910805ca7136cedc9069497c14210d"
+    },
+    "githubnext/gh-aw/actions/setup@v0.38.5": {
+      "repo": "githubnext/gh-aw/actions/setup",
+      "version": "v0.38.5",
+      "sha": "c62cb1aecba894a20fdb4c6bbc39992bc6ce37e2"
     }
   }
 }

.github/aw/create-agentic-workflow.md

@@ -57,7 +57,7 @@ You love to use emojis to make the conversation more engaging.
 
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 - Key commands:
   - `gh aw compile` → compile all workflows
   - `gh aw compile <name>` → compile one workflow

.github/aw/create-shared-agentic-workflow.md

@@ -93,7 +93,7 @@ mcp-servers:
 \`\`\`yaml
 mcp-servers:
   serena:
-    container: "ghcr.io/githubnext/serena-mcp-server"
+    container: "ghcr.io/github/serena-mcp-server"
     version: "latest"
     args: # args come before the docker image argument
       - "-v"

.github/aw/debug-agentic-workflow.md

@@ -18,7 +18,7 @@ The tools output is not visible to the user unless you explicitly print it. Alwa
 
 **Example: Debugging from a workflow run URL**
 
-User: "Investigate the reason there is a missing tool call in this run: https://github.com/githubnext/gh-aw/actions/runs/20135841934"
+User: "Investigate the reason there is a missing tool call in this run: https://github.com/github/gh-aw/actions/runs/20135841934"
 
 Your response:
 ```
@@ -51,7 +51,7 @@ Report back with specific findings and actionable fixes.
 - The `gh aw` CLI is already installed in this environment.
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 
 **Key Commands Available**
 
@@ -136,7 +136,7 @@ Report back with specific findings and actionable fixes.
 
 ## Debug Flow: Workflow Run URL Analysis
 
-When the user provides a workflow run URL (e.g., `https://github.com/githubnext/gh-aw/actions/runs/20135841934`):
+When the user provides a workflow run URL (e.g., `https://github.com/github/gh-aw/actions/runs/20135841934`):
 
 1. **Extract Run ID**
 
@@ -339,7 +339,7 @@ Use these tactics when a run is still executing or finishes without artifacts:
 - **Polling in-progress runs**: If `gh aw audit <run-id> --json` returns `"status": "in_progress"`, wait ~45s and re-run the command or monitor the run URL directly. Avoid spamming the API—loop with `sleep` intervals.
 - **Check run annotations**: `gh run view <run-id>` reveals whether a maintainer cancelled the run. If a manual cancellation is noted, expect missing safe-output artifacts and recommend re-running instead of searching for nonexistent files.
 - **Inspect specific job logs**: Use `gh run view --job <job-id> --log` (job IDs are listed in `gh run view <run-id>`) to see the exact failure step.
-- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=githubnext/gh-aw gh run download <run-id> -n agent-stdio.log`.
+- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=github/gh-aw gh run download <run-id> -n agent-stdio.log`.
 - **Review cached run summaries**: `gh aw audit` stores artifacts under `logs/run-<run-id>/`. Inspect `run_summary.json` or `agent-stdio.log` there for offline analysis before re-running workflows.
 
 ## Common Issues to Look For

.github/aw/github-agentic-workflows.md

@@ -266,7 +266,7 @@ The YAML frontmatter supports these fields:
     sandbox:
       agent: awf                      # or "srt", or false to disable
       mcp:                            # MCP Gateway configuration (requires mcp-gateway feature flag)
-        container: ghcr.io/githubnext/mcp-gateway
+        container: ghcr.io/github/mcp-gateway
         port: 8080
         api-key: ${{ secrets.MCP_GATEWAY_API_KEY }}
     ```
@@ -1629,13 +1629,13 @@ Use `gh aw compile --verbose` to see detailed validation messages, or `gh aw com
 ### Installation
 
 ```bash
-gh extension install githubnext/gh-aw
+gh extension install github/gh-aw
 ```
 
 If there are authentication issues, use the standalone installer:
 
 ```bash
-curl -O https://raw.githubusercontent.com/githubnext/gh-aw/main/install-gh-aw.sh
+curl -O https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh
 chmod +x install-gh-aw.sh
 ./install-gh-aw.sh
 ```
@@ -1664,4 +1664,4 @@ gh aw logs <workflow-id>
 
 ### Documentation
 
-For complete CLI documentation, see: https://githubnext.github.io/gh-aw/setup/cli/
+For complete CLI documentation, see: https://github.github.io/gh-aw/setup/cli/

.github/aw/schemas/agentic-workflow.json

@@ -1,6 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "https://github.com/githubnext/gh-aw/schemas/main_workflow_schema.json",
+  "$id": "https://github.com/github/gh-aw/schemas/main_workflow_schema.json",
   "title": "GitHub Agentic Workflow Schema",
   "description": "JSON Schema for validating agentic workflow frontmatter configuration",
   "version": "1.0.0",
@@ -20,8 +20,8 @@
     },
     "source": {
       "type": "string",
-      "description": "Optional source reference indicating where this workflow was added from. Format: owner/repo/path@ref (e.g., githubnext/agentics/workflows/ci-doctor.md@v1.0.0). Rendered as a comment in the generated lock file.",
-      "examples": ["githubnext/agentics/workflows/ci-doctor.md", "githubnext/agentics/workflows/daily-perf-improver.md@1f181b37d3fe5862ab590648f25a292e345b5de6"]
+      "description": "Optional source reference indicating where this workflow was added from. Format: owner/repo/path@ref (e.g., github/agentics/workflows/ci-doctor.md@v1.0.0). Rendered as a comment in the generated lock file.",
+      "examples": ["github/agentics/workflows/ci-doctor.md", "github/agentics/workflows/daily-perf-improver.md@1f181b37d3fe5862ab590648f25a292e345b5de6"]
     },
     "tracker-id": {
       "type": "string",
@@ -64,7 +64,7 @@
     },
     "imports": {
       "type": "array",
-      "description": "Optional array of workflow specifications to import (similar to @include directives but defined in frontmatter). Format: owner/repo/path@ref (e.g., githubnext/agentics/workflows/shared/common.md@v1.0.0). Can be strings or objects with path and inputs. Any markdown files under .github/agents directory are treated as custom agent files and only one agent file is allowed per workflow.",
+      "description": "Optional array of workflow specifications to import (similar to @include directives but defined in frontmatter). Format: owner/repo/path@ref (e.g., github/agentics/workflows/shared/common.md@v1.0.0). Can be strings or objects with path and inputs. Any markdown files under .github/agents directory are treated as custom agent files and only one agent file is allowed per workflow.",
       "items": {
         "oneOf": [
           {
@@ -1806,7 +1806,7 @@
       ]
     },
     "env": {
-      "$comment": "See environment variable precedence documentation: https://githubnext.github.io/gh-aw/reference/environment-variables/",
+      "$comment": "See environment variable precedence documentation: https://github.github.io/gh-aw/reference/environment-variables/",
       "description": "Environment variables for the workflow",
       "oneOf": [
         {
@@ -2368,14 +2368,14 @@
         },
         {
           "mcp": {
-            "container": "ghcr.io/githubnext/mcp-gateway",
+            "container": "ghcr.io/github/mcp-gateway",
             "port": 8080
           }
         },
         {
           "agent": "awf",
           "mcp": {
-            "container": "ghcr.io/githubnext/mcp-gateway",
+            "container": "ghcr.io/github/mcp-gateway",
             "port": 8080,
             "api-key": "${{ secrets.MCP_GATEWAY_API_KEY }}"
           }
@@ -5286,7 +5286,7 @@
       "type": "boolean",
       "default": true,
       "$comment": "Strict mode enforces several security constraints that are validated in Go code (pkg/workflow/strict_mode_validation.go) rather than JSON Schema: (1) Write Permissions + Safe Outputs: When strict=true AND permissions contains write values (contents:write, issues:write, pull-requests:write), safe-outputs must be configured. This relationship is too complex for JSON Schema as it requires checking if ANY permission property has a 'write' value. (2) Network Requirements: When strict=true, the 'network' field must be present and cannot contain wildcard '*'. (3) MCP Container Network: Custom MCP servers with containers require explicit network configuration. (4) Action Pinning: Actions must be pinned to commit SHAs. These are enforced during compilation via validateStrictMode().",
-      "description": "Enable strict mode validation for enhanced security and compliance. Strict mode enforces: (1) Write Permissions - refuses contents:write, issues:write, pull-requests:write; requires safe-outputs instead, (2) Network Configuration - requires explicit network configuration with no wildcard '*' in allowed domains, (3) Action Pinning - enforces actions pinned to commit SHAs instead of tags/branches, (4) MCP Network - requires network configuration for custom MCP servers with containers, (5) Deprecated Fields - refuses deprecated frontmatter fields. Can be enabled per-workflow via 'strict: true' in frontmatter, or disabled via 'strict: false'. CLI flag takes precedence over frontmatter (gh aw compile --strict enforces strict mode). Defaults to true. See: https://githubnext.github.io/gh-aw/reference/frontmatter/#strict-mode-strict",
+      "description": "Enable strict mode validation for enhanced security and compliance. Strict mode enforces: (1) Write Permissions - refuses contents:write, issues:write, pull-requests:write; requires safe-outputs instead, (2) Network Configuration - requires explicit network configuration with no wildcard '*' in allowed domains, (3) Action Pinning - enforces actions pinned to commit SHAs instead of tags/branches, (4) MCP Network - requires network configuration for custom MCP servers with containers, (5) Deprecated Fields - refuses deprecated frontmatter fields. Can be enabled per-workflow via 'strict: true' in frontmatter, or disabled via 'strict: false'. CLI flag takes precedence over frontmatter (gh aw compile --strict enforces strict mode). Defaults to true. See: https://github.github.io/gh-aw/reference/frontmatter/#strict-mode-strict",
       "examples": [true, false]
     },
     "safe-inputs": {

.github/aw/update-agentic-workflow.md

@@ -24,7 +24,7 @@ You format your questions and responses similarly to the GitHub Copilot CLI chat
 
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 - Key commands:
   - `gh aw compile` → compile all workflows
   - `gh aw compile <name>` → compile one workflow