v0.74.0

test

Generated by Release · ● 66.9M

---

What's Changed

• fix: set_issue_field skips gracefully when repo has no issue fields by @Copilot in #31576
• Integrate Repo Mind Light into Issue Arborist workflow by @Copilot in #31510
• optimize: reduce token usage in three high-consumption workflows by @Copilot in #31582
• Reduce Daily Syntax Error Quality workflow token churn without changing cadence by @Copilot in #31586
• Fix firewall token usage reporting to preserve raw counts and remove cache-rate transforms by @Copilot in #31581
• Fix golangci-lint failures in codemod and miner test files by @Copilot in #31590
• Auto-bump version when release tag already exists by @Copilot in #31592

Full Changelog: v0.72.2...v0.74.0

v0.72.1

🌟 Release Highlights

v0.72.1 delivers a new developer-facing lint command, critical compiler correctness fixes, and improved shared workflow ergonomics — all driven largely by community-reported issues.

✨ What's New

• gh aw lint — fast lock-file validation (#30704): New gh aw lint command runs actionlint directly against existing .lock.yml files — no recompile, no extra scanners. Perfect for a lightweight CI gate to catch syntax errors before pushing. Supports --dir, explicit file paths, and optional --shellcheck/--pyflakes checks.

• Import engine.mcp.tool-timeout from shared workflows (#30634): Shared workflows wrapping slow MCP servers (e.g. Repo Mind Light) can now declare engine.mcp.tool-timeout and engine.mcp.session-timeout once, and consumers inherit those values automatically — no more duplicating timeout configs in every consumer. Consumer-declared values still take precedence.

• First-party coding-agent skill for gh aw (#27259): Added a router skill that gives coding agents (Copilot, Claude, etc.) structured guidance on creating, debugging, and updating agentic workflows using the gh aw CLI.

• Shared skip-if-match dedup component: The common "open issue/PR by title prefix" deduplication query is now a shared compiler-imported component, eliminating copy-paste duplication across dozens of workflows.

🐛 Bug Fixes & Improvements

• && preserved in compiled workflow expressions (#30695): Go's HTML escaping was converting && to \u0026\u0026 inside AWF config JSON embedded in .lock.yml files, corrupting ${{ ... && ... }} expressions and causing workflow parse failures. Fixed by switching to json.Encoder with SetEscapeHTML(false).

• safe-outputs permission regression fixed (#30733): When update-project appeared alongside add-comment/add-labels, the minted App token was incorrectly downgraded to issues:read instead of issues:write, silently failing issue mutations.

• Conclusion comment now reflects safe_outputs failures (#30662): The conclusion job was reporting ✅ success even when safe_outputs failed (e.g., 422 on PR review submission). The job now correctly propagates safe_outputs status.

• Firewall binary version corrected (#30705, #30191): v0.71.1 was referencing a non-existent gh-aw-firewall version, causing 404s on AWF binary install. This release ships with the correct firewall v0.25.29 (which also includes the healthcheck fix).

• Playwright mode: cli recognized by compiler (#30088): gh aw compile now correctly accepts mode: cli in Playwright tool configuration.

• COPILOT_API_KEY dummy key no longer triggers over-billing (#30324): The dummy byok-key placeholder introduced in v0.71 was causing 10–100x premium request over-billing compared to v0.68. Fixed.

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• Bug: mode: cli for Playwright not recognized during gh aw compile (direct issue)

@bryanchen-d

• feat: lightweight gh aw lint — actionlint-only over existing .lock.yml files (no recompile, no zizmor/poutine) (direct issue)
• Compiler JSON-encodes && to \u0026\u0026 inside ${{ }} expressions in AWF config printf, breaking workflow parse (direct issue)

@haavamoa

• Release new gh-aw CLI version with firewall v0.25.29 (healthcheck fix) (direct issue)

@jonathanpeppers

• Conclusion comment shows success when safe_outputs fails to submit PR review (direct issue)

@lpcox

• Support importing engine.mcp.tool-timeout from shared workflows (direct issue)

@norrietaylor

• safe-outputs: update-project co-presence regresses handler-derived issues:write to issues:read in minted App token (direct issue)

@tore-unumed

• v0.71 COPILOT_API_KEY dummy-byok-key causes 10-100x premium request over-billing vs v0.68 (direct issue)

@verkyyi

• First-party coding-agent skills wrapping the gh aw CLI (direct issue)

@yskopets

• gh aw v0.71.1 compiles workflows referencing non-existent gh-aw-firewall v0.25.28, causing 404 on AWF binary install (direct issue)

---

For complete details, see CHANGELOG.

Note

🔒 Integrity filter blocked 3 items

The following items were blocked because they don't meet the GitHub integrity level.

• #30705 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #30088 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #30324 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Release · ● 14.1M

---

What's Changed

• Fix js-typecheck failure in OTLP payload guard by @Copilot in #30669
• Add daily SPDD spec-planning workflow that opens actionable issue queues by @Copilot in #30663
• fix: show failure in conclusion comment when safe_outputs job fails by @Copilot in #30666
• Remove cache option from Go setup step by @pelikhan in #30679
• Make bundle mode the default for safe-output patch packaging by @Copilot in #30626
• docs: move release process documentation to CONTRIBUTING.md by @Copilot in #30682
• Stabilize template conditional fuzz assertions to eliminate malformed-input false failures by @Copilot in #30678
• Stabilize codemod registry test by removing stale hardcoded count by @Copilot in #30677
• docs: SPDD spec improvements — multiplier registry, safeguards, conflict norms, error norms, sync notes, compliance stubs by @Copilot in #30681
• Fix lint-go failures in docker context tests and OTLP env assembly by @Copilot in #30676
• [caveman] Optimize instruction verbosity — cli-commands, experiments, github-mcp-server (2026-05-06) by @github-actions[bot] in #30690
• Add missing Agentic Ops pattern page by @Copilot in #30688
• Add retirement notice for releases 0.68.4–0.71.3 and FAQ upgrade instructions by @Copilot in #30698
• fix: skip COPILOT_API_KEY and /reflect when sandbox.agent is disabled by @Copilot in #30687
• Stabilize BenchmarkCompileMCPWorkflow by using Playwright CLI mode in benchmark fixture by @Copilot in #30697
• Align CLI help text semantics and terminology across mcp, project, pr, completion, logs, and init by @Copilot in #30696
• [workflow-style] Normalize report formatting guidance in workflow report prompts by @Copilot in #30702
• feat: support importing engine.mcp.tool-timeout and session-timeout from shared workflows by @Copilot in #30686
• [docs] Self-healing documentation fixes from issue analysis - 2026-05-07 by @github-actions[bot] in #30709
• Consolidate Grumpy + PR Nitpick into single pr-code-quality-reviewer by @Copilot in #30708
• perf: fix 104% regression in ExtractWorkflowNameFromFile by reducing scanner buffer allocation by @Copilot in #30706
• Preserve && in AWF config JSON embedded in lock workflows by @Copilot in #30700
• perf: eliminate reflection in validateSafeOutputsMax (4.3x faster) by @Copilot in #30701
• docs(instructions): never suggest pull_request_target over pull_request by @Copilot in #30718
• build(deps): Bump the npm_and_yarn group a...

v0.72.0

🌟 Release Highlights

This release makes inline sub-agents default-on, fixes a push_to_pull_request_branch rerun failure reported by the community, and improves reliability of Docker workflow execution.

✨ What's New

• Inline sub-agents are now default-on — The features.inline-agents: true flag is deprecated and no longer required. Inline sub-agent artifact staging and restoration are automatically emitted in compiled workflows. Run gh aw fix --write to auto-remove the deprecated flag from your existing workflows via the new features-inline-agents-removal codemod.

• AI discovery endpoints added to docs site — The documentation site now exposes AI-readable discovery files (/.well-known/ai.txt, /ai/summary.json, /ai/faq.json, /ai/service.json) to improve discoverability by AI assistants and crawlers.

🐛 Bug Fixes & Improvements

• Fixed: push_to_pull_request_branch fails with add/add conflict on reruns — When an agent reran and the patch reintroduced a file already present on the PR branch, git am --3way produced an unresolvable CONFLICT (add/add) that blocked incremental updates to long-lived branches. The fix detects add/add-only conflicts, resolves them by taking the patch side (--theirs), and automatically resumes with git am --continue.

• Context-aware Docker checks — IsDockerAvailable and IsDockerImageAvailable now accept and propagate context.Context, replacing bare exec.Command calls with exec.CommandContext. This prevents Docker subprocess calls from hanging indefinitely when the Docker daemon is slow or unresponsive.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@tore-unumed

• push_to_pull_request_branch: git am fails with add/add conflict when target branch already has the file (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 13.3M

---

What's Changed

• fix: correct gh skill install invocation in mattpocock-skills-reviewer by @Copilot in #30526
• Optimize daily-firewall-report with inline sub-agents for charting and firewall aggregation by @Copilot in #30523
• Escape OTLP endpoints JSON before YAML single-quote wrapping by @Copilot in #30527
• fix: use %q instead of single-quote wrapping for filePath in runtime import warnings by @Copilot in #30528
• refactor: extract getRunFailureStatusText helper to eliminate duplicated status mapping in notify_comment_error by @Copilot in #30536
• [instructions] Sync instruction files — document comment-memory in memory.md by @github-actions[bot] in #30555
• [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #30565
• [docs] Update glossary - daily scan by @github-actions[bot] in #30568
• Add homepage JSON-LD graph for WebSite, SoftwareApplication, Organization, FAQ, and SearchAction by @Copilot in #30525
• fix: align "Set up Python" → "Setup Python" in daily-geo-optimizer by @Copilot in #30576
• fix(deps_security): propagate context.Context through security advisory HTTP call by @Copilot in #30577
• Fix Multi-Device Docs Tester: surface safe-output requirement earlier and allow Chrome background domains by @Copilot in #30579
• Configure agent OTEL file export and forward Copilot traces to OTLP by @Copilot in #30530
• Restore token workflow behavior after agentic-ops bundle sync by @Copilot in #30533
• Add output_format A/B experiment to daily issues report and remove deprecated owner field by @Copilot in #30588
• [spec-enforcer] Enforce specifications for actionpins, agentdrain, cli by @github-actions[bot] in #30610
• Remove observability OTLP headers deprecation warning by @Copilot in #30590
• fix: update strict mode test fixture to use playwright CLI mode by @Copilot in #30603
• fix(daily-doc-updater): call noop instead of exiting silently when no docs changes needed by @Copilot in #30600
• Mark fuzz template branch harness as SEC-004 safe-outputs exempt by @Copilot in #30602
• Unify OTLP tool-span service.name under gh-aw in logSpan by @Copilot in #30591
• Remove unsupported owner field from ab-testing-advisor experiment example by @Copilot in #30597
• deps: bump github.com/charmbracelet/x/exp/golden to 2026-05-03 pseudo-version by @Copilot in #30592
• fix: add --force to gh skill install in mattpocock-skills-reviewer by @Copilot in #30599
• feat: promote github.run_attempt to OTLP resource attributes by @Copilot in #30604
• pkg/cli: thread context through Docker availability checks by @Copilot in #30606
• Refactor engine capability detection to use a single EngineCapabilities value by @Copilot in #30605
• Reduce token overhead in Daily Community Attribution while preserving prompt-style experiments and OTLP runtime import by @Copilot in #30589
• Update token optimization workflows by @mnkiefer in #30613
• [aw-compat] Add gh aw fix codemod to auto-set checkout: false for safe pull_request_target workflows by @Copilot in #30596
• Enforce SEC-005 target-repo allowlist in push_experiment_state handler by @Copilot in #30595
• Add AI discovery endpoints to docs site by @Copilot in #30621
• docs: fix spec audit violations in 4 package READMEs by @Copilot in #30629
• [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #30639
• Handle git am --3way add/add conflicts when pushing incremental updates to existing PR branches by @Copilot in #30601
• [docs] Consolidate developer specifications — v9.1 maintenance scan by @github-actions[bot] in #30633
• Enable inline sub-agents by default and deprecate features.inline-agents with auto-removal codemod by @Copilot in #30661

Full Changelog: v0.71.6...v0.72.0

v0.71.6

🌟 Release Highlights

This release delivers a focused round of bug fixes addressing community-reported issues, security hardening, and notable developer experience improvements.

✨ What's New

• Gateway RPC Message Rendering — AWF and MCP RPC message types are now rendered directly in the gateway step summary, giving you clearer visibility into tool call activity during workflow runs.
• Activation Artifact Enhancements — The activation artifact now includes prompt-template.txt and prompt-import-tree.json, making it easier to inspect and debug the prompts used by your workflows.
• small Model Alias for Sub-Agents — Inline sub-agent blocks now use the small model alias by default, reducing cost and latency for lightweight agent tasks.

🐛 Bug Fixes & Improvements

• Safe-outputs App token permissions cap fixed — The GitHub App token minted by safe-outputs was incorrectly capping issues:* permission at the workflow-level value, blocking add-comment and add-labels calls. Permissions are now derived correctly from the individual handlers.
• Dispatch-workflow "No ref found" error — dispatch-workflow was receiving job.workflow_sha as target-ref and failing. The correct ref is now resolved, so dispatching workflows from a commit SHA works as expected.
• Compiler now honors target-repo in shared PR checkout steps — push-to-pull-request-branch.target-repo (and update-pull-request.target-repo) were silently ignored when create-pull-request was not configured. The compiler now correctly threads the target repository through buildSharedPRCheckoutSteps.
• Orphan branch first push no longer silently discarded — An empty baseRef in pushSignedCommits caused the initial push to an orphan branch to be dropped; this is now handled correctly.
• Prompt rendering corruption fixed — JavaScript replace() special-character patterns (e.g. $&, $') could corrupt rendered prompt text; the renderer now escapes substitution patterns safely.
• Firewall audit artifact permissions — Compiled workflows now apply chmod -R a+rX to firewall audit artifacts, fixing permission errors when downloading them.
• Cache-memory miss no longer fails first optimizer run — daily-caveman-optimizer no longer reports a cache_memory_miss as a failure on the very first run.

🔒 Security

• Repo-loaded experiment state size guard — A maximum-size guard (SEC-003) has been enforced on experiment state loaded from the repository, preventing oversized payloads from affecting workflow execution.

📚 Documentation

• AI crawler discoverability — A robots.txt with the correct sitemap directive has been added to the docs site, unblocking AI crawlers from indexing interior pages.
• Friendlier frontmatter error messages — oneOf schema jargon in frontmatter validation messages has been replaced with plain-language descriptions.

🌍 Community Contributions

@bryanchen-d

• compiler: buildSharedPRCheckoutSteps ignores push-to-pull-request-branch.target-repo (and update-pull-request.target-repo) when create-pull-request is not configured (direct issue)

@danquirk

• Bug: dispatch-workflow receives job.workflow_sha as target-ref and fails with No ref found (direct issue)

@norrietaylor

• safe_outputs minted App token caps issues:* permission at workflow-level value, blocking add-comment / add-labels (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 13.6M

---

What's Changed

• [caveman] Optimize instruction verbosity — workflow-health.md, skills.md (2026-05-05) by @github-actions[bot] in #30456
• Enforce max-size guard for repo-loaded experiment state (SEC-003) by @Copilot in #30448
• [ab-advisor] Add output_format A/B experiment to deep-report workflow by @Copilot in #30447
• fix: replace APM with gh skill install in mattpocock-skills-reviewer workflow by @Copilot in #30433
• Use small model alias in inline sub-agent blocks by @Copilot in #30398
• Token optimization: daily-doc-updater — reduce sequential tool calls (~25–35% cost reduction) by @Copilot in #30438
• fix: dispatch-workflow fails with "No ref found" when target-ref is a commit SHA by @Copilot in #30426
• Fix safe-outputs GitHub App token permissions cap by deriving from handlers instead of workflow-level block by @Copilot in #30437
• fix: don't report cache_memory_miss as failure on first run of daily-caveman-optimizer by @Copilot in #30466
• Fix firewall audit artifact permissions in compiled workflows (chmod -R a+rX) by @Copilot in #30414
• fix: prevent JS replace() special patterns from corrupting rendered prompts by @Copilot in #30461
• refactor: decouple safe-outputs checkout from event trigger context by @Copilot in #30071
• fix: orphan branch first push silently discarded by empty baseRef in pushSignedCommits by @Copilot in #30463
• feat: add prompt-template.txt and prompt-import-tree.json to activation artifact by @Copilot in #30465
• Update Q workflow prompt to never modify itself and target workflows from GitHub context by @Copilot in #30476
• Add rebuild/recompile warning comments to firewall and mcpg version constants by @Copilot in #30478
• Update 2026-05-06 model multiplier inventory (Claude/GPT corrections + new Gemini/Copilot entries) by @Copilot in #30473
• Fix mapsloop lint violation in safe output app permission merge by @Copilot in #30480
• fix(compiler): honor push-to-pull-request-branch target-repo in shared PR checkout steps by @Copilot in #30474
• Replace oneOf schema jargon with user-friendly language in frontmatter docs by @Copilot in #30488
• Bump default firewall version to v0.25.41 by @Copilot in #30479
• Remove experiments.owner field from front matter, JSON, and docs by @Copilot in #30490
• feat: render AWF/MCP RPC message types in gateway step summary by @Copilot in #30489
• docs: add robots.txt with sitemap directive to fix AI crawler discoverability by @Copilot in #30503
• fix: make cloclo run-failure message actionable with run logs link by @Copilot in #30502

Full Changelog: v0.71.5...v0.71.6

v0.71.5

🌟 Release Highlights

This release focuses on reliability and correctness across the engine.env compilation pipeline, the security check layer, and the Claude engine — with five community-reported issues resolved.

🐛 Bug Fixes & Improvements

• Claude engine stability — Workflows using the claude engine no longer crash mid-session with "Fast mode unavailable". CLAUDE_CODE_DISABLE_FAST_MODE=1 is now set automatically to suppress an incompatible server-side flag introduced in Claude Code 2.1.120+.

• engine.env multi-line values — Block-scalar engine.env values (written with >- and extra-indented continuation lines) previously compiled to broken YAML with embedded newlines. These now compile correctly into valid multi-line env: entries. (Reported by @jeffhandley in #30204)

• engine.env needs expressions — Custom job references in engine.env values (e.g. ${{ needs.my_job.outputs.value }}) were silently dropped from the agent job's needs list, causing those expressions to evaluate to empty strings at runtime. The compiler now correctly wires these dependencies. (Reported by @jeffhandley in #30232)

• gh aw upgrade false BYOK warning — gh aw upgrade was incorrectly warning "Remove unsafe secrets from engine.env" for COPILOT_PROVIDER_API_KEY and COPILOT_PROVIDER_BEARER_TOKEN, silently stripping legitimate BYOK configuration. gh aw upgrade now matches gh aw compile in allowing these keys. (Reported by @MauroDruwel in #30178)

• pull_request_review activation signal — Workflows triggered by pull_request_review events no longer silently skip the 👀 reaction and run-started comment. The buildReactionLikeCondition allowlist now includes this event type. (Reported by @mason-tim in #30336)

• Confused-deputy false positive for bot-menu patterns — The security check introduced in v0.71.4 was blocking the legitimate pattern where a bot posts a checkbox-menu comment and a human maintainer edits it to tick a box (issue_comment:edited). The check now automatically detects [bot]-authored comments and skips the guard for that path, while keeping all other issue_comment:created paths fully protected. (Reported by @theletterf in #30327)

✨ What's New

• allow-bot-authored-trigger-comment frontmatter option — For bots that don't follow the standard [bot] naming convention, you can now opt into the confused-deputy bypass explicitly:

  on:
    issue_comment:
      types: [edited]
    allow-bot-authored-trigger-comment: true

• MCP progress notifications — The logs, audit, and audit-diff MCP tools now stream real-time progress updates to AI clients (Copilot, Claude) during long-running operations, eliminating silent 30+ second waits.

• MCP Gateway bump to v0.3.6 — The embedded MCP gateway has been updated to ghcr.io/github/gh-aw-mcpg:v0.3.6 with pinned digest for supply-chain safety.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@jeffhandley

• Agent 'needs' does not incorporate jobs in engine.env expressions (direct issue)
• Multi-line expressions unsupported in engine.env values (direct issue)

@mason-tim

• Activation comment / reaction not posted for pull_request_review triggers — buildReactionLikeCondition allowlist is incomplete (direct issue)

@MauroDruwel

• gh aw upgrade: still warns 'Remove unsafe secrets from engine.env' despite fix in #29378 for compile (direct issue)

@theletterf

• Confused-deputy check denies legitimate bot-posted-menu / user-checks-box pattern on issue_comment(edited) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.7M

---

What's Changed

• [spec-enforcer] Enforce specifications for cli by @github-actions[bot] in #30141
• [docs] Update documentation for features from 2026-05-04 by @github-actions[bot] in #30136
• [docs] Update glossary - weekly full scan by @github-actions[bot] in #30133
• feat: auto-allow playwright-cli bash command when playwright cli mode is enabled by @Copilot in #30126
• Add mattpocock-skills-reviewer agentic workflow by @Copilot in #30122
• [architecture] Update architecture diagram - 2026-05-04 by @github-actions[bot] in #30117
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #30112
• [specs] Update layout specification - 2026-05-04 by @github-actions[bot] in #30105
• Fix stale $INSTRUCTION assertion in TestEngineArgsIntegrationCodex by @Copilot in #30100
• [schema-coverage] feat: Add schema coverage demo for metadata field by @github-actions[bot] in #30099
• [schema-coverage] feat: Add schema coverage demo for labels field by @github-actions[bot] in #30098
• [spec-review] Update Safe Outputs conformance checker for recent spec changes by @github-actions[bot] in #30074
• [log] add debug logging to 5 Go packages by @github-actions[bot] in #30061
• Add GitHub Copilot billing multipliers collection to daily-model-inventory workflow by @Copilot in #30060
• Fix missing safe-output calls in Schema Consistency Checker and Multi-Device Docs Tester by @Copilot in #30109
• fix: resolve 3 claude-engine workflow failures (safe-output misses + blocked commands) by @Copilot in #30110
• chore: reduce per-engine boilerplate in domains.go public API by @Copilot in #30072
• [dead-code] chore: remove dead functions — 4 functions removed by @github-actions[bot] in #30167
• [docs] Consolidate developer specifications v9.0 — tone fix and engine domain registry docs by @github-actions[bot] in #30157
• docs: fix spec audit — add Public API, Usage Examples, and Dependencies to 17 packages by @Copilot in #30155
• fix(workflow): normalize report formatting in copilot-pr-nlp-analysis by @Copilot in #30160
• deps: update github.com/modelcontextprotocol/go-sdk v1.5.0 → v1.6.0 by @Copilot in #30164
• fix: 4 CLI consistency issues in mcp, logs, and init commands by @Copilot in #30158
• feat: Add daily Grafana OTel Instrumentation workflow by @mnkiefer in #30190
• fix: replace hardcoded mcpToolParams() with reflection-based extraction by @Copilot in #30166
• [jsweep] Clean add_reaction_and_edit_comment.cjs by @github-actions[bot] in #30062
• fix: add actions: read permission to smoke-water.yml (#investigate-smoke-water-failure) by @Copilot in #30197
• fix: format Go code with go fmt by @Copilot in #30199
• feat: delegate Phase 6 & 7 of daily-security-red-team to haiku inline sub-agents by @Copilot in #30195
• Add service.version to setup job spans via compiler env injection by @Copilot in #30198
• fix: gh aw upgrade strips BYOK credentials from engine.env by @Copilot in #30194
• fix: add missing noop calls to 4 workflows causing silent failures by @Copilot in #30210
• feat: merge all OTLP endpoints from shared agentic workflow imports by @Copilot in #30209
• fix: remove empty parent block after last child is removed by codemod by @Copilot in #30216
• perf: fix ~28% BenchmarkYAMLGeneration regression by eliminating reflection hot path by @Copilot in #30208
• fix(otlp): add standard resource attributes to logSpan tool spans by @Copilot in #30215
• feat: model alias inventory update 2026-05-05 by @Copilot in #30238
• Bump firewall to v0.25.38 and mcpg to v0.3.6 by @Copilot in #30230
• test(parser): improve import_cache_test.go quality per testify-expert criteria by @Copilot in #30218
• Fix mcp list-tools tab completion offering completions for second positional arg by @Copilot in #30221
• chor...

v0.71.4

🌟 Release Highlights

This release delivers a major A/B experimentation infrastructure, significant performance optimizations, improved security hardening, and a growing set of engine/model improvements.

✨ What's New

🧪 A/B Experiments CLI & Infrastructure
A full experiment lifecycle is now supported: define variants, run them round-robin, collect per-run state, and analyze results statistically. New commands include gh aw experiments to read experiment state from storage branches and gh aw experiments analyze for statistical computation (significance testing, sample-size tracking). Workflows can now store experiment state in either cache or a dedicated repo branch.

• #30020 Add experiments command for reading experiment state
• #30029 Extend experiments analyze with statistical computation
• #29985 Experiment schema additions, per-run state, OTEL attributes, audit accuracy
• #29996 Add storage option (cache | repo, default repo) to experiments
• #29988 Select randomly on cache miss instead of always picking first variant

🤖 Codex Engine: Default Harness with Retry Logic
Codex workflows now get a default codex_harness.cjs with built-in retry logic, making Codex-engine workflows more resilient out of the box. (#30035)

🔬 AWF /reflect Endpoint Integration
Agent harnesses now fetch the /reflect endpoint before and after running the agent, surfacing model introspection data in step summaries for better observability. (#29420, #30028)

🔐 Pull Request Security: pwn-request Detection
The compiler now validates pull_request_target workflows and detects patterns that could expose secrets to untrusted code — protecting repositories from confused-deputy attacks. (#29433)

📊 Multiple OTLP Endpoints
The endpoint field in OTLP observability config is now polymorphic — supply a single endpoint string or an array to fan out telemetry to multiple backends simultaneously. (#30021)

🏷️ Model Aliases & Validation
New builtin aliases gpt-4.1, reasoning (o1/o3/o4 families), and gpt-5-nano; fixed gpt-5-mini multiplier placeholder (was 0). Model aliases are now validated against the Model Alias Format spec. GitHub Actions expressions are now supported in alias parsers. (#30003, #30000, #29995)

🔒 Minimal Secrets Inheritance by Default
Workflows no longer use secrets: inherit by default — the compiler now infers the minimal set of secrets actually needed, reducing the blast radius of any token compromise. (#29455)

⏱️ --cool-down Flag for update Command
gh aw update now accepts --cool-down (default 7d) to avoid re-updating workflows that were recently refreshed. (#29454)

🖼️ <img> Tags in Safe Outputs
Safe-outputs HTML rendering now allows <img> tags, enabling richer formatted output in issue/PR comments. (#29401)

⚡ Performance

• YAML generation: -7% latency, -10% allocations on hot paths (#29409)
• Validation: 73% reduction in allocations — 11 → 3 allocs/op (#29408)
• Compiler: Eliminated redundant frontmatter re-parse in buildJobs (#29410)

🐛 Bug Fixes & Improvements

• Compiler detects single-quoted bash commands that crash Copilot CLI and now sanitizes them automatically (#30040)
• Action version downgrade prevention: UpdateActions no longer pins actions to older SHAs (#29477)
• MCP stdin piping: mcp-cli-bridge now supports multiline tool arguments via stdin (#29446)
• Schema validation errors: Raw schema errors are now transformed into actionable, human-readable messages (#29406)
• Dependabot security: Bot filtering is now guarded against confused-deputy attacks via dependabot (#29432)
• COPILOT_PROVIDER_ strict-mode*: Tokens are now allowed through strict-mode allowlist; BYOK mode documented (#29411)
• Round-robin on cache miss: Starting item is now randomly selected to avoid thundering-herd on first run (#30005)

📚 Documentation

• W3C-style A/B Experiments Specification — formal spec for experiment definitions
• Model Alias Format Specification
• COPILOT_PROVIDER_* variables and BYOK mode are now documented (#29411)
• Updated tools instructions and builtin prompts for gh-proxy mode (#29412)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bartul

• Upload activation artifact step missing include-hidden-files: true — silently drops .claude/.github from activation snapshot (direct issue)

@MauroDruwel

• docs: COPILOT_PROVIDER_* variables not documented and strict-mode allowlist not updated (direct issue)
• question: why is COPILOT_GITHUB_TOKEN still required when using an external provider? (direct issue)

@sg650

• Add <img> to safe-outputs HTML tag allowlist (direct issue)

@szabta89

• Proposal: make Repo Mind Light integration more reusable in gh-aw (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.1M

---

What's Changed

• fix: resolve stale wasm golden files and missing serena.md test fixture by @Copilot in #29370
• Introduce shared/daily-pr-base.md for automated code-improvement PR workflows by @Copilot in #29368
• Fix thundering-herd rate-limit failures: spread FUZZY:DAILY pool from 3h to 18h window by @Copilot in #29369
• [spec-enforcer] Enforce specifications for timeutil, tty, types by @github-actions[bot] in #29385
• fix(daily-community-attribution): cap Tier 3 lookups and add token budget guardrails to stop runaway by @Copilot in #29383
• fix(smoke-claude): resolve only unresolved review threads in test #16 by @Copilot in #29373
• Introduce shared/daily-issue-base.md for scheduled issue-creating workflows by @Copilot in #29374
• feat(copilot-session-insights): add orphaned branch escalation detection for high-gate CI waste by @Copilot in #29384
• fix(design-decision-gate): add MCP keepalive-interval: 60 to prevent GitHub MCP HTTP connection drops by @Copilot in #29375
• [FAQ] Add: controlling the agent's working branch at runtime by @chrizbo in #29377
• feat: add label-triggered jobs (disable workflow, apply safe outputs) to maintenance workflow by @Copilot in #29269
• fix: replace deprecated {{#import}} with {{#runtime-import}} in workflow files by @Copilot in #29399
• feat: add <img> to safe-outputs HTML tag allowlist by @Copilot in #29401
• optimize: reduce repository-quality-improver token usage ~800K/run by @Copilot in #29407
• fix(mcp): transform raw schema validation errors into helpful "Did you mean?" messages by @Copilot in #29406
• perf: eliminate redundant file read and frontmatter re-parse in buildJobs by @Copilot in #29410
• perf: optimize YAML generation hot paths (-7% latency, -10% allocations) by @Copilot in #29409
• docs: update tools instructions and builtin prompts for gh-proxy mode by @Copilot in #29412
• perf: reduce BenchmarkValidation allocations 73% (11 → 3 allocs/op) by @Copilot in #29408
• fix: add COPILOT_PROVIDER_* to strict-mode allowlist, skip token validation in BYOK mode, and document Copilot BYOK by @Copilot in #29411
• feat(token-optimizer): migrate prompt to gh-proxy mode with bash+jq efficiency guidance by @Copilot in https://gith...

v0.68.3

🌟 Release Highlights

This release delivers a major overhaul of push_signed_commits.cjs for edge-case reliability, significant improvements to shared workflow imports, smarter AI model error handling, and a wave of community-driven fixes.

✨ What's New

• Model-not-supported detection — When a model is unavailable or not supported by your Copilot plan, the workflow now stops retrying and surfaces a clear, actionable error in the failure report rather than spinning indefinitely. (#26229)
• checkout field in shared imports — Shared importable workflows now support a checkout field, giving you control over which ref is checked out when importing a shared workflow. (#26292)
• env field in shared imports — You can now pass environment variables via env: in shared import blocks, eliminating the need for workarounds when shared workflows require custom env context. (#26113)
• Time Between Turns (TBT) metric — gh aw audit and gh aw logs now report Time Between Turns, a key indicator of whether LLM prompt caching is effective for your workflows. (#26321)
• OTEL token breakdown — Conclusion spans now include token category breakdowns as attributes, enabling richer cost analysis in your observability dashboards. (#26121)
• API consumption charts as inline images — API consumption reports now render charts as inline Markdown images for instant visibility without requiring external image hosting. (#26150)

🐛 Bug Fixes & Improvements

push_signed_commits.cjs — five targeted fixes:

• File content is now read from commit objects (not the working tree), preventing stale-file bugs in agent-driven commits. (#26287)
• Copy/rename detection and C-quoted filenames are now handled correctly. (#26277)
• Non-100644 file modes (executables, symlinks) are detected and handled gracefully. (#26259)
• Commit ordering uses --topo-order and merge commits are handled with a git push fallback. (#26306)
• Submodule entries now fall back to a plain git push instead of erroring. (#26298)

Other notable fixes:

• on.github-token propagated to activation job — Cross-org workflow_call setups no longer fail because the GitHub token was missing from checkout and hash-check steps. (#26137)
• copilot-driver --resume auth recovery — Authentication failures during --continue/--resume are now handled instead of crashing the driver. (#26146)
• add_comment gains reply_to_id — The reply_to_id parameter is now documented in the MCP tool schema so agents reliably pass it when threading replies. (#26288)
• safe-outputs.actions tools exposed — Custom action tools defined in safe-outputs.actions are now included in the agent's MCP toolset. (#26291)
• engine.max-turns preserved through shared imports — The max-turns setting no longer silently drops when the engine config is sourced from a shared import. (#26122)
• Docker no longer required for gh aw compile --validate — Validation now skips Docker image checks when Docker is unavailable; opt in with --validate-images when needed. (#26074)
• GH_HOST env var used for GH CLI calls — gh repo view and gh pr create now respect GH_HOST, fixing failures in GHES and cross-org contexts. (#26311)
• resolveIssueNumber strips stray quotes — Item numbers wrapped in quotes no longer cause resolution failures. (#26114)
• --safe-update renamed to --approve — The flag name now more clearly conveys its intent. (#26160)

📚 Documentation

• Gemini AI engine added to the introduction/how-they-work guide. (#26147)
• github-app documented as a top-level Allowed Import Field in the imports reference. (#26119)
• New working-directory navigation example in the side-repo-ops pattern. (#26123)
• Comprehensive new guide: Maintaining repos with agentic workflows at scale. (#26073)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• Feature: Auto-detect available models or gracefully fallback on 400 errors (Copilot Pro/Education) (direct issue)

@bbonafed

• on.github-token not propagated to checkout and hash check steps in activation job (breaks cross-org workflow_call) (direct issue)

@corygehr

• add-comment: reply_to_id not documented in tool schema, causing agents to skip it (direct issue)

@susmahad

• safe-outputs.actions custom action tools not exposed to agent MCP toolset (direct issue)

@tadelesh

• copilot-driver --resume fails with 'No authentication information found' after transient AI model error (direct issue)

@wtgodbe

• bug: resolveIssueNumber should strip surrounding quotes from item_number values (direct issue)

@yskopets

• feat: support checkout field in importable shared workflows (direct issue)
• Support env field in shared imports (direct issue)
• engine.max-turns is silently dropped when engine config is sourced from a shared import (direct issue)
• Remove Docker dependency from gh aw compile --validate (direct issue)
• docs: add working-directory navigation example to side-repo-ops pattern (direct issue)
• Docs: add top-level github-app to Allowed Import Fields in imports reference (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 4.1M

---

What's Changed

• Add retry with jitter to create_issue safe-output handler by @Copilot in #26056
• docs: comprehensive guide for maintaining repos with agentic workflows at scale by @Copilot in #26073
• Migrate chart image uploads to upload-artifact with skip-archive in shared workflows by @Copilot in #26075
• Update instructions to use upload-artifact with skip-archive instead of upload-asset by @Copilot in #26076
• Add spec-extractor, spec-enforcer, and spec-librarian agentic workflows by @Copilot in #26083
• feat(deep-report): increase create-issue max from 3 to 7 by @Copilot in #26077
• Skip Docker image validation when Docker is unavailable, add --validate-images flag by @Copilot in #26074
• [actions] Update GitHub Actions versions - 2026-04-13 by @github-actions[bot] in #26087
• fix: update TestMCPGSupportsIntegrityReactions for MCPG v0.2.19 default by @dsyme in #26091
• fix: add imperative verbs to "Super-linter" and "Cross-repo setup guidance" step names by @Copilot in #26095
• Add --gemini-api-target to AWF proxy for Gemini API routing by @Copilot in #26060
• [safe-output-integrator] Add missing test workflow for upload-asset safe output type by @github-actions[bot] in #26103
• Add hippo-memory shared workflow and daily learn workflow by @Copilot in #26109
• Add MemPalace as a shared MCP workflow by @Copilot in #26102
• docs: add README specifications for 15 missing packages, update console and logger specs by @Copilot in #26105
• Fix gh pr checkout failing with GH_HOST mismatch in issue_comment workflows by @Copilot in #26037
• feat: resolve upload_artifact temporary IDs to artifact URLs in safe output bodies by @Copilot in #26108
• fix: strip surrounding quotes from item_number in resolveIssueNumber by @Copilot in https...

v0.68.2

🌟 Release Highlights

This release delivers a focused wave of reliability improvements: compiler fixes that were blocking real workflows, expanded strict-mode flexibility, deeper temporary ID support, and a new integrity-reactions feature for fine-grained trust control. A huge batch of community-reported bugs across Copilot engine, safe-outputs, cross-org workflows, and MCP Gateway are now resolved.

✨ What's New

• Reaction-based integrity control — The new integrity-reactions feature flag (requires MCPG ≥ v0.2.18, now bundled as v0.2.19) lets maintainers promote or demote tool-use integrity via 👍/❤️ and 👎/😕 GitHub reactions in proxy mode. Configurable endorsement and disapproval reaction sets with sensible defaults. Learn more

• Temporary ID resolution now reaches further — #temporary_id references are now resolved inside dispatch_workflow input values, update_issue/add_comment targets, and git am patch content — closing three long-standing gaps that required manual workarounds.

• Strict mode secrets unlocked — Strict mode now permits secrets.* in step-level with: bindings for action steps in pre-agent custom steps, and in step env: bindings — giving workflows a secure path to external secret managers without disabling strict mode entirely.

• slash_command event scoping — A new scope option lets workflows restrict which event types (issue comment, PR comment, etc.) trigger slash commands, reducing noise from unintended contexts.

• assign_to_agent multi-platform support — Copilot can now be assigned to the same issue multiple times when each assignment targets a different pull_request_repo (e.g., separate iOS and Android repositories), enabling true cross-platform agentic workflows.

• workflows: write auto-inferred — The compiler now automatically infers the workflows: write permission when a GitHub App token's allowed-files targets .github/workflows/, eliminating a confusing manual step.

🐛 Bug Fixes & Improvements

• create_issue rate-limit resilience — Added retry with jitter to the create_issue safe-output handler, preventing HTTP 403 failures when multiple daily workflows complete simultaneously and burst the API rate limit.

• create_pull_request ENOBUFS crash — Fixed a spawnSync buffer overflow that caused create_pull_request to fail on large diffs; the safe-output handler no longer crashes on oversized payloads.

• create_pull_request_review_comment tool not found — Resolved a runtime registration issue where the create_pull_request_review_comment safe-output tool was declared but not discoverable at runtime.

• Copilot engine workflows restored — Fixed two distinct failures introduced in v0.67.2–v0.67.4 that broke Copilot-engine workflows; plus resolved silent exit code 1 errors in the compiled Copilot CLI.

• Compiler: --allow-domains quoting fixed — The compiler no longer single-quotes --allow-domains values, which was breaking $\{\{ }} GitHub Actions expressions and causing HTTP 422 errors on workflow dispatch.

• inputs.* expressions in workflow_call — Expressions using inputs.* in prompt bodies are now properly resolved when a workflow is invoked via workflow_call.

• OIDC env vars forwarded to MCP Gateway — The compiler now forwards ACTIONS_ID_TOKEN_REQUEST_URL and related OIDC env vars to the docker run command for the MCP Gateway, enabling OIDC-based authentication flows.

• MCP servers on GitHub Enterprise Server — Improved documentation and policy guidance for organizations where the "MCP servers in Copilot" policy is not visible in GHE settings.

• SARIF upload permissions — Fixed Resource not accessible by integration errors during SARIF upload by correctly provisioning the required security-events: write permission.

• Cross-org workflow_call — Resolved failures in resolve_host_repo, checkout, and hash checks when invoking workflows across organization boundaries.

• push_repo_memory bot-comment guard — Fixed a bug where the push_repo_memory job ran even when the workflow was triggered by a bot comment that skipped pre_activation.

• ParseWorkflow ~18% faster — Eliminated a JSON round-trip in schema validation and optimized node traversal, reducing workflow parse time by ~18% with ~22% fewer allocations.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@apenab

• MCP servers blocked by policy on GHE — unable to find "MCP servers in Copilot" policy setting (direct issue)

@bbonafed

• Cross-org workflow_call: resolve_host_repo, checkout, and hash check all fail (direct issue)
• Compiler does not forward OIDC env vars to MCP Gateway docker run command (direct issue)

@benvillalobos

• inputs.* expressions in prompt body not resolved when called via workflow_call (direct issue)

@bryanchen-d

• bug: compiler single-quotes --allow-domains breaking $\{\{ }} GA expressions, causing HTTP 422 on workflow dispatch (direct issue)

@camposbrunocampos

• assign_to_agent: allow multiple assignments to same issue when pull_request_repo differs (direct issue)

@corygehr

• Copilot-engine workflows broken: two distinct failures across v0.67.2 and v0.67.4 (direct issue)

@devantler

• Compiler does not auto-infer workflows: write on GitHub App tokens when allowed-files targets .github/workflows/ (direct issue)
• Support temporary ID resolution for update_issue and add_comment targeting (direct issue)

@JanKrivanek

• Safe-output tool 'create_pull_request_review_comment' not found at runtime despite correct declaration (direct issue)

@johnpreed

• dispatch_workflow handler does not resolve #temporary_id references in input values (direct issue)

@kbreit-insight

• SARIF upload gives "Resource not accessible by integration" error (direct issue)

@neta-vega

• slash_command: scope option to restrict trigger event types (direct issue)

@susmahad

• Strict mode blocks secrets.* in step env: bindings — no secure path for workflows that need external secret managers (direct issue)
• Strict mode: allow secrets.* in step-level with: for action steps in pre-agent custom steps (direct issue)

@theletterf

• Copilot CLI exits with code 1 silently when compiled with v0.67.3 (pre-release) (direct issue)

@wtgodbe

• Temporary ID references in patch content are not resolved before git am (direct issue)

@yskopets

• safeoutputs create_pull_request fails with ENOBUFS on large diffs (spawnSync buffer overflow) (direct issue)
• bug: push_repo_memory job runs when workflow is triggered by a bot comment (pre_activation skipped) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.6M

---

What's Changed

• feat(test-quality-sentinel): pre-fetch PR diff, trim toolsets/bash tools, cap continuations by @Copilot in #25685
• build(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #25699
• fix: update golden test files for Copilot CLI bump to 1.0.21 by @Copilot in #25692
• feat: use job.workflow_* context for host repo resolution by @salmanmkc in #25697
• fix: add actionlint config and fix SC2129 grouped redirects by @Copilot in #25700
• fix: restore permission-discussions in GitHub App token fields by @lpcox in #25709
• fix: resolve #temporary_id references in dispatch_workflow inputs before dispatching by @Copilot in #25693
• feat: container image digest pinning in actions-lock.json with update/upgrade integration by @Copilot in #25688
• Write JSONL mirror unconditionally, decoupled from OTLP endpoint by @Copilot in #25716
• Add cross-repo allowlist validation to close_entity_helpers (SEC-005) by @Copilot in #25715
• Fix inputs.* expressions not resolved when workflow invoked via workflow_call by @Copilot in #25718
• [aw] Updates available by @github-actions[bot] in #25726
• Fix test failures after action pin updates by @Copilot in #25745
• fix: doubl...

v0.68.1

🌟 Release Highlights

This release delivers a critical Copilot CLI reliability hotfix, a new engine.bare control for AI context management, significant security hardening, and resolutions for 9 community-reported issues.

✨ What's New

• engine.bare frontmatter field — Disable automatic context loading for supported engines, giving you full control over what the AI agent sees. Use bare: true with copilot (suppresses AGENTS.md and user instructions) or claude (suppresses CLAUDE.md memory files). Unsupported engines emit a compiler warning. (#25661)

• Frontmatter hash checker improvements — When a stale lock file is detected, the activation job now emits step-by-step [hash-debug] log lines and creates a clear, actionable issue/comment (with progressive disclosure) to guide you through fixing it. (#25571)

• actions/github-script upgraded to v9 — Scripts now get getOctokit as a built-in context parameter, eliminating the need for dynamic @actions/github imports in safe-output handlers. (#25553)

• Squash-merge fallback in gh aw add — When a repository disallows merge commits, the setup PR now automatically falls back to squash merge rather than failing. (#25609)

🐛 Bug Fixes & Improvements

• [Critical] Copilot CLI pinned to v1.0.21 — Fixes Copilot-engine workflows that were hanging indefinitely or producing 0-byte output due to incompatibilities with v1.0.22. v1.0.21 is the last confirmed working version. (#25689)

• Security: agent-stdio.log permissions hardened — Log file is now pre-created with 0600 permissions before tee writes, preventing world-readable exposure of MCP gateway bearer tokens. Dynamic gateway token redaction added to redact_secrets.cjs. (#25618)

• Agent file injection fixed for Codex and Gemini — Both engines now read INSTRUCTION from prompt.txt (already assembled by the compiler), eliminating fragile shell-variable injection and double-inclusion of agent file content. (#25681)

• Claude agent file injection fixed — Claude now reliably reads its agent file via prompt.txt in AWF sandbox mode, resolving crashes caused by --env-all not propagating shell variables into AWF containers. (#25589)

• Write-to-read codemod no longer converts id-token/copilot-requests — The "Convert write permissions to read" codemod now correctly skips write-only permissions that cannot meaningfully be set to read. (#25604)

• Race condition in PR checkout — When a PR is merged milliseconds after triggering a workflow (stale state: open in the payload), the agent now re-queries the API before treating the checkout failure as a hard error. (#25581)

• CLI consistency fixes — Aligned --dir flag semantics across add/add-wizard/compile/fix/upgrade; added missing --dir flag to remove; corrected misleading --no-fix description; improved help text for trial, run, mcp add, and pr transfer. (#25658)

• smoke-gemini now triggers on the smoke label — Fixes the Gemini smoke test being excluded from the standard PR smoke suite. (#25639)

📚 Documentation

• firewall-audit-logs artifact reference — New docs/reference/artifacts.md documents all artifact names, their download paths, and the correct way to access token usage data (it lives in firewall-audit-logs, not agent). (#25684)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@adamhenson

• compiled lock files hardcode github.token in Configure Git credentials steps -- breaks in sandboxed runners (direct issue)

@bbonafed

• MCP Gateway container missing ACTIONS_ID_TOKEN_REQUEST_URL / ACTIONS_ID_TOKEN_REQUEST_TOKEN env vars (direct issue)

@dbudym-cs

• Failed to register MCP tools | HTTP 400: Bad Request (direct issue)

@deyaaeldeen

• Codemod 'Convert write permissions to read' incorrectly changes id-token: write to read (direct issue)

@drehelis

• codex exec command line argument misplaced (direct issue)

@lukeed

• cli: support merging via squash (direct issue)

@Mossaka

• Pipeline reports failure when Copilot CLI hits rate limit after successful completion (direct issue)

@salekseev

• AWF API proxy doubles https:// scheme in --anthropic-api-target URL (direct issue)

@tore-unumed

• Agent imports: .github/agents/ path does not resolve — must be under .github/workflows/ (direct issue)

⚠️ Attribution Candidates Need Review

The following community issues were closed during this period but could not be automatically linked to a specific merged PR. Please verify whether they should be credited:

• @grahame-white for CI Coach workflow uses invalid 'copilot-requests' permission: root cause analysis and remediation plan — closed 2026-04-10, state: NOT_PLANNED, no confirmed PR linkage found

---

For complete details, see CHANGELOG.

Generated by Release · ● 696.2K

---

What's Changed

• feat: update actions/github-script to v9.0.0 with builtin getOctokit by @Copilot in #25553
• Normalize report formatting: add shared/reporting.md import to two daily workflows by @Copilot in #25561
• feat: improve frontmatter hash checker with debug logging and failure propagation to conclusion job by @Copilot in #25571
• chore: update drain3 default log pattern weights by @github-actions[bot] in #25584
• chore: bump CLI versions — Claude Code 2.1.98, Copilot 1.0.22 (unpin), Gemini 0.37.1 by @Copilot in #25577
• [jsweep] Clean check_rate_limit.cjs by @github-actions[bot] in #25580
• fix: handle race condition when PR is merged before agent job checks out branch by @Copilot in #25581
• [code-simplifier] refactor: remove redundant fs require inside arrow function by @github-actions[bot] in #25591
• [architecture] Update architecture diagram - 2026-04-10 by @github-actions[bot] in #25597
• [instructions] Sync github-agentic-workflows.md with v0.67.4 by @github-actions[bot] in #25613
• fix: apply Q's weekly workflow improvements + prevent git misuse in Q prompt by @Copilot in #25607
• Fix write-to-read codemod incorrectly converting id-token and copilot-requests permissions by @Copilot in #25604
• [docs] Developer documentation tone scan v5.7 by @github-actions[bot] in #25617
• cli: try squash merge first, fall back to merge commit if not allowed by @Copilot in #25609
• fix: introduce SupportsNativeAgentFile capability; move Claude agent-file injection to compiler by @Copilot in #25589
• Pin copilot to v1.0.20 by @Copilot in #25623
• [dead-code] chore: remove dead functions — 5 functions removed by @github-actions[bot] in #25630
• test: add regression coverage for .github/agents/ root-relative import path by @Copilot in #25636
• fix(smoke-gemini): trigger on "smoke" label instead of "water" by @Copilot in #25639
• refactor: centralize close-flow logic into shared createCloseEntityHandler factory by @Copilot in #25628
• security: fix agent-stdio.log world-readable exposure and MCP gateway token leakage in redaction pipeline by @Copilot in #25618
• fix(cli): address 7 CLI consistency issues across help text and flag behavior by @Copilot in #25658
• fix: set supportsNativeAgentFile=false for Codex and Gemini; remove AGENT_CONTENT shell code from Codex by @Copilot in #25681
• feat: add engine.bare frontmatter field to suppress automatic context loading by @Copilot in #25661
• Doc: document firewall-audit-logs artifact name for downstream consumers by @Copilot in #25684
• f...

v0.68.0

🌟 Release Highlights

This release brings distributed tracing improvements, important security hardening, permission fixes, and a cleaner add-comment API — with a community-reported bug fix included.

✨ What's New

• OpenTelemetry cross-job trace hierarchy — Parent span IDs are now propagated through aw_context across jobs, enabling end-to-end distributed trace visibility for multi-job workflows. (#25540)

• Simplified discussion comment API — The deprecated add-comment.discussion (singular boolean) field has been removed in favor of the clearer discussions: true/false syntax. Update your workflows using gh aw fix --write. (#25532)

🐛 Bug Fixes & Improvements

• Fixed invalid discussions: write permission on safe-output jobs — The compiler was unconditionally emitting an invalid permission-discussions field into GitHub App token requests for safe-output jobs. This has been corrected. (#25508)

• Security: heredoc content validation — ValidateHeredocContent checks are now applied to five user-controlled heredoc insertion sites, closing a class of potential injection vectors. (#25510)

• MCP schema: proxy-args now accepted at top level — The stdio_mcp_tool schema now includes proxy-args as a top-level property, fixing validation errors for tools that use proxy arguments. (#25542)

• MCP config schema validation re-enabled — Previously dead MCP configuration schema validation paths are now wired up, improving compile-time error detection. (#25507)

• Docker pre-download list updated — The cli-proxy image is now included in the pre-download list, reducing cold-start latency in containerized runs. (#25558)

• Playground editor template dropdown restored — Four missing workflow templates have been restored to the playground editor dropdown. (#25528)

📚 Documentation

• Integrity-filtering inputs fully documented — All integrity-filtering inputs are now documented in the reference. (#25545, Learn more)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@IEvangelist

• Compiler unconditionally adds invalid discussions: write permission to safe-output jobs (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.1M

---

What's Changed

• [slides] Add OpenTelemetry distributed tracing slide by @github-actions[bot] in #25515
• fix: remove invalid permission-discussions from GitHub App token fields by @Copilot in #25508
• fix: temporarily disable GITHUB_COPILOT_INTEGRATION_ID env var by @lpcox in #25521
• Add ValidateHeredocContent checks to 5 user-controlled heredoc sites by @Copilot in #25510
• Wire up dead MCP config schema validation by @Copilot in #25507
• Fix TestStepOrderingValidation_SecretRedactionBeforeUploads: tighten Upload Safe Outputs assertion by @Copilot in #25524
• [docs] Fix playground editor template dropdown — restore 4 missing templates by @github-actions[bot] in #25528
• [ubuntu-image] research: update Ubuntu runner image analysis to 20260406.80.1 by @github-actions[bot] in #25537
• feat(otel): propagate parent span ID through aw_context for cross-job trace hierarchy by @Copilot in #25540
• Remove deprecated add-comment.discussion (singular) in favor of discussions: true/false by @Copilot in #25532
• docs: document all integrity-filtering inputs by @lpcox in #25545
• fix: add proxy-args to stdio_mcp_tool schema top-level properties by @Copilot in #25542
• [actions] Update GitHub Actions versions - 2026-04-09 by @Copilot in #25541
• [safe-output-integrator] Add missing upload-artifact safe-output test workflow and compiler test by @github-actions[bot] in #25547
• refactor(static-analysis-report): build gh-aw from source instead of installing a release by @Copilot in #25556
• fix: add cli-proxy image to Docker pre-download list by @lpcox in #25558
• Optimize Functional Pragmatist workflow token usage (~54% prompt reduction) by @Copilot in #25560

Full Changelog: v0.67.4...v0.68.0