v0.68.7

🌟 Release Highlights

This release delivers targeted bug fixes and internal reliability improvements, including a community-reported fix for on.roles configuration handling and a Codex runtime stability fix.

🐛 Bug Fixes & Improvements

• on.roles Single-String Support (#26789) — The compiler now accepts a single role string (e.g., roles: write) in addition to an array. Previously, using a string instead of an array produced a misleading compiler error with no clear guidance.
• Codex AWF Chroot Fix (#26787) — Fixed Codex agent failures in chroot environments by relocating runtime state to writable /tmp. Codex workflows on restricted filesystems should now run reliably.
• Failure Investigator Improvements (#26795) — Reduced issue churn in the aw-failure-investigator workflow by prioritizing closure and reusing parent issue tracking across runs.
• Firewall Update (#26798) — Default firewall version bumped to v0.25.23 with regenerated compiled artifacts.

✨ What's New

• Cross-Repo Compilation Compatibility Checks (#26802) — A new daily Claude workflow automatically discovers repositories using gh-aw, runs compilation checks against the latest build, and surfaces compatibility issues before they affect users.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@jeffhandley

• Misleading compiler error when 'roles' is set to a string instead of an array (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.3M

---

What's Changed

• Reduce aw-failure-investigator issue churn by prioritizing closure and reusing parent tracking by @Copilot in #26795
• Allow on.roles single-string role values (not just all) by @Copilot in #26789
• Fix Codex AWF chroot failures by moving Codex runtime state to writable /tmp by @Copilot in #26787
• chore: bump default firewall version to v0.25.23 and regenerate compiled artifacts by @Copilot in #26798

Full Changelog: v0.68.6...v0.68.7

v0.68.6

🌟 Release Highlights

This release brings a major new AI engine, significant security hardening, and a wave of reliability fixes — many of them driven directly by community-reported issues.

✨ What's New

• OpenCode engine support — A new engine: opencode option integrates OpenCode as a first-class AI coding agent in your agentic workflows, joining Copilot, Claude, and Codex.

• engine.bare mode — Set engine.bare: true on any workflow to skip loading AGENTS.md context. Ideal for non-code workflows (triage, reporting, ops) where the repository code context is irrelevant and you want a clean, fast agent start.

• Pre-agent steps — A new pre-agent-steps frontmatter field lets you run custom GitHub Actions steps before the AI agent starts. Use this for authentication, environment setup, or any prerequisite work. Learn more

• Idle custom agent wiring — Idle custom agents are now automatically matched and connected to their corresponding workflows, reducing manual configuration for long-running agent sessions.

• Detection caution alerts in all footers — When threat detection identifies issues in a workflow run, a mandatory caution alert is now included in every generated footer (issues, PR descriptions, comments, and more), ensuring reviewers are always informed.

• Cache-memory working-tree sanitization — Before an agent run begins, the working tree is now sanitized to remove planted executables and disallowed files from cached memory. This prevents a class of supply-chain-style attacks via stale cache. Learn more

🐛 Bug Fixes & Improvements

• MCP gateway Docker socket access — Fixed two related bugs: the Docker socket GID is now pre-computed (not evaluated inside a non-shell spawn() call), and the --group-add flag is correctly passed to the MCP gateway container — ensuring Docker-in-Docker tools work reliably inside the sandbox.

• BYOK Copilot model fallback — Fixed an issue where COPILOT_MODEL could be set to an empty string in compiled workflows when using Bring Your Own Key (BYOK) Copilot configurations, causing unexpected model selection.

• Gemini proxy handler — Fixed GEMINI_API_BASE_URL routing issues: the AWF proxy now correctly handles Gemini API requests, resolving API proxy enabled but no API keys found errors for both gemini-cli and the Gemini engine.

• Duplicate action SHA conflict — Fixed a compilation error where two different actions could resolve to the same commit SHA after a gh aw update, causing "two different actions share the exact same commit SHA" failures.

• PR head branch handling — Gracefully handles deleted PR head branches in push_to_pull_request_branch (checked both before fetch and after push failure).

• Scheduled Copilot run hardening — Scheduled Copilot runs are now resilient to transient exit-code-2 startup failures.

• PR reaction activation permissions — Fixed incorrect permission derivation for workflows triggered by pull request reactions.

• MCP gateway health check retry — The port 80 health check now retries on transient container startup delays instead of failing immediately.

• AWF firewall updated to v0.25.22 and MCP gateway updated to v0.2.22.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• Gemini engine fails with AWF proxy: GEMINI_API_BASE_URL points to proxy but proxy has no Gemini handler (direct issue)

@bmerkle

• problem after gh aw update: Two different actions share the exact same commit SHA (direct issue)

@bryanchen-d

• MCP Gateway: port 80 health check fails with no retry on transient container startup delay (direct issue)

@dkurepa

• Enabling workflow-wide Docker-in-Docker configuration breaks gh aw workflows (direct issue)

@doughgle

• Gemini CLI Failed: API proxy enabled but no API keys found in environment (direct issue)

@jaroslawgajewski

• bug: Copilot CLI 1.0.21 added a startup model validation step: when COPILOT_MODEL is set (direct issue)

@yskopets

• bug: GOROOT not propagated into agent container despite --env-all and spec §8.5 (direct issue)

---

For complete details, see CHANGELOG.

Note

🔒 Integrity filter blocked 2 items

The following items were blocked because they don't meet the GitHub integrity level.

• ae832fb list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• cc2e417 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Release · ● 1.5M

---

What's Changed

• Improve docs mobile table readability and homepage video accessibility metadata by @Copilot in #26660
• Add support for pre-agent-steps before agent execution by @Copilot in #26666
• Fix redact_secrets gateway-token tests after MCP config path refactor by @Copilot in #26681
• Add mandatory caution alert to all generated footers when detection finds issues by @Copilot in #26684
• Stabilize daily Copilot merged-PR report by switching to bounded pre-fetched filtering by @Copilot in #26680
• Align JavaScript MCP scripts log renderer with Copilot output style by @Copilot in #26692
• Add 6-hour [aw] failure investigation workflow by @Copilot in #26694
• Fix lint-go failure from testifylint violations in spec tests by @Copilot in #26686
• Fix CaptureStderr restoration timing in testutil to resolve CI unit test failure by @Copilot in #26687
• Fix audit tool type undercount for Copilot MCP-only runs by @Copilot in #26689
• Scope activation reactions like status-comment targets and compute activation permissions from both target sets by @Copilot in #26693
• docs: clarify MCP gateway API key is leaked by design by @Copilot in #26695
• Add features.awf-diagnostic-logs to enable AWF failure diagnostics artifact collection by @Copilot in #26699
• Allow configuring conclusion failure issue expiration via aw.json by @Copilot in #26688
• Reduce Workflow Skill Extractor token overhead by removing unused tools and pre-indexing workflows by @Copilot in #26682
• Harden MCP Gateway startup health check against transient port-binding delays by @Copilot in #26697
• Fix JS workflow typecheck failure in MCP scripts log parser by @Copilot in #26703
• Always enable Copilot integration ID and remove feature flag gating by @Copilot in #26698
• Increase mcp-cli usage to 80% of agentic workflows by @Copilot in #26715
• Fix DIFC proxy shell integration test to use step-scoped proxy environment by @Copilot in #26704
• Handle deleted PR head branches in push_to_pull_request_branch before fetch and after push failures by @Copilot in #26705
• Fix activation permissions for pull request reactions by @Copilot in #26720
• Harden scheduled Copilot runs against transient exit-code-2 startup failures by @Copilot in #26713
• [log] Add debug logging to 5 Go files by @github-actions[bot] in #26738
• [ubuntu-image] docs: update Ubuntu runner image analysis for 2026-04-16 by @github-actions[bot] in #26741
• Use sort.Strings in GetAllScriptFilenames and add focused ordering tests by @Copilot in #26731
• Use declaration-site blank identifiers in workflow validation paths by @Copilot in #26730
• Enable strict mode and sanitized PR title in refiner input-triggered workflow by @Copilot in #26744
• Fix setup-span staging attribution when aw_info is unavailable by @Copilot in #26742
• Enable engine.bare f...

v0.68.5

🌟 Release Highlights

This release delivers two new workflow customization features, a significant security hardening for cache-memory workflows, and resolves four community-reported issues around permissions, safe-outputs protection, and GitHub App token deprecation.

✨ What's New

• pre-agent-steps frontmatter field — Inject custom steps immediately before the agent engine runs. Supports imports and merge semantics, giving you fine-grained control over pre-execution setup without forking shared workflows. (#26666)

• MCP config relocated to .github/mcp.json — The MCP configuration file now lives at .github/mcp.json (previously .mcp.json at the repository root), aligning with standard GitHub configuration conventions. The init flow creates the new path automatically; existing .mcp.json files will need to be migrated. (#26665)

• shared/reporting-otlp.md import bundle — A new composite import combines shared/reporting.md and shared/observability-otlp.md into a single import, reducing boilerplate in telemetry-enabled reporting workflows. (#26655)

• cache-memory working-tree sanitization — Cached working trees are now sanitized before agent execution to neutralize planted executables and disallowed files, hardening workflows that persist state across runs. (#26587)

🐛 Bug Fixes & Improvements

• Environment-level secrets now work correctly — The environment: frontmatter field now properly propagates to the activation job, preventing false secret-validation failures for environment-scoped secrets. (#26650)

• Activation-job permissions are now narrowly scoped — Compiled workflows no longer request broader permissions (e.g. discussions:write, pull-requests:write) than the workflow actually requires; permissions are now derived from the actual trigger events. (#26535)

• GitHub App token input migrated to client-id — Resolves the app-id deprecation warning. Includes schema-level compatibility and an automatic codemod to migrate existing workflows. (#26551)

• safe-outputs protected file manifests aligned for Claude engine — The activation-job config and handler config now use consistent protected_files/protected_path_prefixes for Claude engine workflows, fixing a mismatch that could cause safe-output failures. (#26550)

• BYOK Copilot model fallback fixed — Prevents an empty COPILOT_MODEL variable in compiled BYOK workflows. (#26566)

• Auto-Triage pre-agent auth failure resolved — Fixes no-op failed runs caused by an authentication failure before the agent step. (#26572)

• CLI Version Checker false positives eliminated — The version checker no longer reports failures when safe outputs were already produced in a prior step. (#26570)

• Security: @mention injection in create_issue body neutralized — Sanitizes @mentions in issue bodies to close a cross-workflow prompt-injection gap. (#26589)

• Security: steganographic injection via markdown link titles neutralized (#26596)

• MCP Gateway updated to v0.2.21 (#26678)

📚 Documentation

• Improved mobile table readability across the docs site — table columns now expose data-label attributes for card-layout rendering on small screens. Homepage videos gained descriptive accessibility metadata. (#26660)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@AlexDeMichieli

• environment: frontmatter does not propagate to activation job — environment-level secrets fail validation (direct issue)

@corygehr

• app-id deprecation warning — migrate to client-id in GitHub App token generation (direct issue)

@deyaaeldeen

• Compiled lock file requests broader permissions than workflow needs (discussions:write, pull-requests:write) (direct issue)

@lupinthe14th

• safe-outputs: activation config and handler config have different protected_files/protected_path_prefixes for Claude engine workflows (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.7M

---

What's Changed

• Scope activation-job permissions to actual trigger events and add status-comment discussions/issues/pull-requests toggles by @Copilot in #26535
• Migrate GitHub App token input to client-id, add schema-level compatibility, and provide codemod migration by @Copilot in #26551
• safe-outputs: align activation protected manifests with handler config for engine-specific files by @Copilot in #26550
• Generate poutine untrusted_checkout_exec suppression for workflow_call save-base steps by @Copilot in #26552
• Fix Auto-Triage Issues pre-agent auth failure that caused no-op failed runs by @Copilot in #26572
• Refactor MCP validation into focused sub-validators by @Copilot in #26573
• Prevent false CLI Version Checker failures when safe outputs were already produced by @Copilot in #26570
• Refactor dispatch workflow validation by extracting file-resolution utilities by @Copilot in #26574
• fix: sanitize @mentions in create_issue body to close XPIA gap by @Copilot in #26589
• [docs] Consolidate developer specs - tone fixes v6.2 (2026-04-16) by @github-actions[bot] in #26612
• [instructions] Sync github-agentic-workflows.md with v0.68.3 by @github-actions[bot] in #26607
• [docs] Update documentation for features from 2026-04-16 by @github-actions[bot] in #26605
• [spec-enforcer] Enforce specifications for stats, styles, testutil by @github-actions[bot] in #26601
• [spec-extractor] Update package specifications for agentdrain, fileutil, gitutil, tty by @github-actions[bot] in #26600
• [fp-enhancer] refactor(actionpins): precompile SHA regex and extract findCompatiblePin helper by @github-actions[bot] in #26597
• [architecture] Update architecture diagram - 2026-04-16 by @github-actions[bot] in #26591
• Split template injection validator by responsibility by @Copilot in #26580
• Refactor workflow tool validation by separating GitHub-specific logic from core tools validation by @Copilot in #26579
• Refactor safe-outputs max validation into dedicated module to enforce validator file size limit by @Copilot in #26581
• fix(sanitize): neutralize markdown link title text to close steganographic injection channel by @Copilot in #26596
• Ensure activation secret validation is skipped when top-level environment is configured by @Copilot in #26650
• Fix BYOK Copilot model fallback to avoid empty COPILOT_MODEL in compiled workflows by @Copilot in #26566
• Refactor daily audit import stack into shared daily-audit-base component by @Copilot in #26654
• Rename GetActionPinWithData to ResolveActionPin in pkg/actionpins by @Copilot in #26657
• Refactor workflow imports: add shared/reporting-otlp.md bundle and migrate dual-import workflows by @Copilot in #26655
• cache-memory: add pre-agent working-tree sanitization to neutralize planted executables and disallowed files by @Copilot in #26587
• Configure Architecture Guardian thresholds via repository-level .architecture.yml by @Copilot in #26664
• chore: bump DefaultMCPGatewayVersion to v0.2.21 by @lpcox in #26678
• Move MCP config from .mcp.json to .github/mcp.json by @Copilot in #26665

Full Changelog: v0.68.4...v0.68.5

v0.68.4

🌟 Release Highlights

v0.68.4 is a substantial patch release delivering over 20 community-reported bug fixes alongside new capabilities for SideRepoOps patterns, Copilot BYOK mode, and ecosystem domain improvements. This release reflects an exceptional level of community engagement — 21 issues reported and resolved in a single release cycle.

✨ What's New

• BYOK Copilot Mode — New byok-copilot feature flag wires offline Copilot support and bumps the default firewall to v0.25.21 (#26544)
• SideRepoOps: Auto-generated maintenance workflow — The compiler now auto-generates agentics-maintenance.yml for target repositories when using the SideRepoOps pattern, reducing manual setup (#26382)
• Configurable runs-on for agentics-maintenance — Specify custom runner labels for the generated maintenance workflow via runs-on in frontmatter (#26481)
• Protected-files exclusion — New protected-files: { exclude: [...] } option lets you remove specific paths from the default protected-file set, resolving long-standing conflicts with AGENTS.md (#26339)
• MCP servers as local CLIs — MCP servers can now be mounted as local CLI commands after the gateway starts, enabling richer tool integrations (#25928)
• --prompt-file for Copilot execution — Copilot now receives prompts via --prompt-file instead of inline args, with automatic fallback handling for older CLI versions (#26492)
• Lean ecosystem domain — Added the Lean theorem prover ecosystem (elan, lake) to the domain allowlist (#26424)
• Python-native (PyO3/maturin) ecosystem — Added ecosystem entry for Rust-backed Python packages (#26467)
• AI latency telemetry — A dedicated gh-aw.<job>.agent OTLP span now isolates AI execution time for better observability (#26504)

🐛 Bug Fixes & Improvements

• 4-backtick fence rule scoped correctly — The rule that upgrades triple-backtick fences to 4-backtick fences now only applies when the block truly contains a nested triple-backtick fence, fixing false triggering on mermaid and other standalone code blocks (#26506)
• Annotated tag SHA pinning — The compiler now peels annotated tag objects to the underlying commit SHA when pinning gh-aw-actions references, preventing Renovate from rewriting them (#26482)
• Import-schema default values resolved — Default values in $\{\{ github.aw.import-inputs.* }} expressions are now correctly resolved when no explicit with: inputs are provided (#26472)
• Single SHA for all actions/github-script steps — The compiler ensures every actions/github-script step in a compiled workflow resolves to the same commit SHA (#26444)
• Python ecosystem domain corrected — Removed incorrectly included crates.io domains from the Python ecosystem entry (#26430)
• MCP logs/audit: no git required — gh aw logs and gh aw audit now pass GITHUB_REPOSITORY as --repo, eliminating the unable to find git executable in PATH error in audit-workflows (#26377)
• False-positive Copilot classification fixed — Engine counts from aw_info.json are now included in the logs summary, preventing all workflows from being misclassified as Copilot-engine (#26359)
• Cross-repo activation checkout guarded — The activation job's .github sparse checkout is now guarded against GITHUB_TOKEN permission failures during workflow_call from a different repository (#26336)
• tools.github: false now overrides imports — Setting tools.github: false in a workflow now correctly disables GitHub tools even when a shared import enables them (#26323)
• Dispatch-workflow tool name periods fixed — Periods in dispatch-workflow MCP tool names are now normalized, resolving CAPIError: 400 Bad Request in strict mode (#26324)
• Claude .mcp.json format corrected — Claude's MCP config format and init-generated output are now aligned (#26532)
• Activation secret validation skipped for environments — Secret validation during activation is now skipped when environment: is configured, preventing spurious failures (#26509)
• Absolute node path for GPU runners — AWF commands now use the absolute node path, fixing node: command not found errors on GPU runners (#26427)
• Preserve agent config on PR checkout — checkout_pr_branch.cjs now preserves .github/skills/ and .github/instructions/ from the base branch after PR checkout (#26380)
• resolve_host_repo.cjs cross-repo fix — The host repo resolver now correctly resolves to the callee repository in direct cross-repo workflow_call scenarios (#21426 — fixed a long-standing issue)
• Safe-outputs add-comment preserves < and > — HTML angle brackets in markdown code blocks are no longer stripped by the add-comment safe-output handler (#18310)
• actions/create-github-app-token warning resolved — Removed the permission-discussions unexpected input that was generating warnings (#26337)
• Sandbox E2BIG crash fixed — Sandbox agents no longer crash with Argument list too long when the prompt and environment variables exceed ARG_MAX (#26045)
• Copilot CLI MCP blocking fixed — Resolved the issue where Copilot CLI v1.0.22+ blocked the safeoutputs MCP server (#25550)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@arezero

• AGENTS.md in protected_files list blocks legitimate modifications (direct issue)

@bbonafed

• bug: sandbox agent fails with Argument list too long (E2BIG) when prompt + env exceed ARG_MAX (direct issue)

@bryanchen-d

• markdown.md 4-backtick rule is over-applied to standalone code blocks (e.g. mermaid) (direct issue)

@corygehr

• Bug: dispatch-workflow safe-output causes CAPIError: 400 Bad Request in strict mode (direct issue)

@jamesadevine

• ecosystem_domains.json: add lean ecosystem entry (direct issue)
• ecosystem_domains.json: python entry contains crates.io domains (direct issue)

@kthompson

• Latest Copilot CLI v1.0.22 blocks safeoutputs MCP server (direct issue)

@lupinthe14th

• gh aw compile v0.68.1 pins actions/github-script@v9 to two different SHAs (direct issue)

@MatthewLabasan-NBCU

• bug: Workflow call failing to fetch .github repository (Exit Code 128) (direct issue)

@neta-vega

• Support configurable runs-on for the generated agentics-maintenance workflow (direct issue)

@pgaskin

• bug: multiple critical issues in push_signed_commits (direct issue)

@PureWeen

• Ability for checkout_pr_branch.cjs to preserve .github/skills/ and .github/instructions/ from base branch (direct issue)

@rspurgeon

• Compiler emits annotated tag object SHA for gh-aw-actions pins; Renovate rewrites to peeled commit SHA (direct issue)

@straub

• actions/create-github-app-token warning (direct issue)

@thi-feonir

• Bug: resolve_host_repo.cjs resolves to caller repo instead of callee in direct cross-repo workflow_call (direct issue)

@ViktorHofer

• Safe-outputs add-comment strips < and > from markdown code blocks (direct issue)

@yskopets

• bug: tools.github: false does not override tools.github.* from a shared import (direct issue)
• audit-workflows: gh aw logs MCP tool fails with 'unable to find git executable in PATH' (direct issue)
• audit-workflows: agent incorrectly classifies all workflows as Copilot-engine due to false positive string matching (direct issue)
• Support auto-generation of agentics-maintenance.yml for target repository in SideRepoOps pattern (direct issue)
• default value in $\{\{ github.aw.import-inputs.* }} expressions is not being resolved in shared imports (direct issue)

⚠️ Attribution Candidates Need Review

The following community issues were closed during this release window but could not be automatically linked to a specific merged PR. Please verify whether they should be credited:

• @dsyme for Allow push-to-pull-request-branch to optionally update the pull request title (and body?) — closed 2026-04-15, closed as NOT_PLANNED
• @justinhuangcode for Problem using GitHub Apps to auth writes to discussions — closed 2026-04-15, closed as DUPLICATE
• @strawgate for Report errors for git patch types which are not valid — closed 2026-04-15, closed as NOT_PLANNED

---

For complete details, see CHANGELOG.

Generated by Release · ● 1M

---

What's Changed

• fix: add ...

v0.68.3

🌟 Release Highlights

This release delivers a major overhaul of push_signed_commits.cjs for edge-case reliability, significant improvements to shared workflow imports, smarter AI model error handling, and a wave of community-driven fixes.

✨ What's New

• Model-not-supported detection — When a model is unavailable or not supported by your Copilot plan, the workflow now stops retrying and surfaces a clear, actionable error in the failure report rather than spinning indefinitely. (#26229)
• checkout field in shared imports — Shared importable workflows now support a checkout field, giving you control over which ref is checked out when importing a shared workflow. (#26292)
• env field in shared imports — You can now pass environment variables via env: in shared import blocks, eliminating the need for workarounds when shared workflows require custom env context. (#26113)
• Time Between Turns (TBT) metric — gh aw audit and gh aw logs now report Time Between Turns, a key indicator of whether LLM prompt caching is effective for your workflows. (#26321)
• OTEL token breakdown — Conclusion spans now include token category breakdowns as attributes, enabling richer cost analysis in your observability dashboards. (#26121)
• API consumption charts as inline images — API consumption reports now render charts as inline Markdown images for instant visibility without requiring external image hosting. (#26150)

🐛 Bug Fixes & Improvements

push_signed_commits.cjs — five targeted fixes:

• File content is now read from commit objects (not the working tree), preventing stale-file bugs in agent-driven commits. (#26287)
• Copy/rename detection and C-quoted filenames are now handled correctly. (#26277)
• Non-100644 file modes (executables, symlinks) are detected and handled gracefully. (#26259)
• Commit ordering uses --topo-order and merge commits are handled with a git push fallback. (#26306)
• Submodule entries now fall back to a plain git push instead of erroring. (#26298)

Other notable fixes:

• on.github-token propagated to activation job — Cross-org workflow_call setups no longer fail because the GitHub token was missing from checkout and hash-check steps. (#26137)
• copilot-driver --resume auth recovery — Authentication failures during --continue/--resume are now handled instead of crashing the driver. (#26146)
• add_comment gains reply_to_id — The reply_to_id parameter is now documented in the MCP tool schema so agents reliably pass it when threading replies. (#26288)
• safe-outputs.actions tools exposed — Custom action tools defined in safe-outputs.actions are now included in the agent's MCP toolset. (#26291)
• engine.max-turns preserved through shared imports — The max-turns setting no longer silently drops when the engine config is sourced from a shared import. (#26122)
• Docker no longer required for gh aw compile --validate — Validation now skips Docker image checks when Docker is unavailable; opt in with --validate-images when needed. (#26074)
• GH_HOST env var used for GH CLI calls — gh repo view and gh pr create now respect GH_HOST, fixing failures in GHES and cross-org contexts. (#26311)
• resolveIssueNumber strips stray quotes — Item numbers wrapped in quotes no longer cause resolution failures. (#26114)
• --safe-update renamed to --approve — The flag name now more clearly conveys its intent. (#26160)

📚 Documentation

• Gemini AI engine added to the introduction/how-they-work guide. (#26147)
• github-app documented as a top-level Allowed Import Field in the imports reference. (#26119)
• New working-directory navigation example in the side-repo-ops pattern. (#26123)
• Comprehensive new guide: Maintaining repos with agentic workflows at scale. (#26073)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• Feature: Auto-detect available models or gracefully fallback on 400 errors (Copilot Pro/Education) (direct issue)

@bbonafed

• on.github-token not propagated to checkout and hash check steps in activation job (breaks cross-org workflow_call) (direct issue)

@corygehr

• add-comment: reply_to_id not documented in tool schema, causing agents to skip it (direct issue)

@susmahad

• safe-outputs.actions custom action tools not exposed to agent MCP toolset (direct issue)

@tadelesh

• copilot-driver --resume fails with 'No authentication information found' after transient AI model error (direct issue)

@wtgodbe

• bug: resolveIssueNumber should strip surrounding quotes from item_number values (direct issue)

@yskopets

• feat: support checkout field in importable shared workflows (direct issue)
• Support env field in shared imports (direct issue)
• engine.max-turns is silently dropped when engine config is sourced from a shared import (direct issue)
• Remove Docker dependency from gh aw compile --validate (direct issue)
• docs: add working-directory navigation example to side-repo-ops pattern (direct issue)
• Docs: add top-level github-app to Allowed Import Fields in imports reference (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 4.1M

---

What's Changed

• Add retry with jitter to create_issue safe-output handler by @Copilot in #26056
• docs: comprehensive guide for maintaining repos with agentic workflows at scale by @Copilot in #26073
• Migrate chart image uploads to upload-artifact with skip-archive in shared workflows by @Copilot in #26075
• Update instructions to use upload-artifact with skip-archive instead of upload-asset by @Copilot in #26076
• Add spec-extractor, spec-enforcer, and spec-librarian agentic workflows by @Copilot in #26083
• feat(deep-report): increase create-issue max from 3 to 7 by @Copilot in #26077
• Skip Docker image validation when Docker is unavailable, add --validate-images flag by @Copilot in #26074
• [actions] Update GitHub Actions versions - 2026-04-13 by @github-actions[bot] in #26087
• fix: update TestMCPGSupportsIntegrityReactions for MCPG v0.2.19 default by @dsyme in #26091
• fix: add imperative verbs to "Super-linter" and "Cross-repo setup guidance" step names by @Copilot in #26095
• Add --gemini-api-target to AWF proxy for Gemini API routing by @Copilot in #26060
• [safe-output-integrator] Add missing test workflow for upload-asset safe output type by @github-actions[bot] in #26103
• Add hippo-memory shared workflow and daily learn workflow by @Copilot in #26109
• Add MemPalace as a shared MCP workflow by @Copilot in #26102
• docs: add README specifications for 15 missing packages, update console and logger specs by @Copilot in #26105
• Fix gh pr checkout failing with GH_HOST mismatch in issue_comment workflows by @Copilot in #26037
• feat: resolve upload_artifact temporary IDs to artifact URLs in safe output bodies by @Copilot in #26108
• fix: strip surrounding quotes from item_number in resolveIssueNumber by @Copilot in https...

v0.68.2

🌟 Release Highlights

This release delivers a focused wave of reliability improvements: compiler fixes that were blocking real workflows, expanded strict-mode flexibility, deeper temporary ID support, and a new integrity-reactions feature for fine-grained trust control. A huge batch of community-reported bugs across Copilot engine, safe-outputs, cross-org workflows, and MCP Gateway are now resolved.

✨ What's New

• Reaction-based integrity control — The new integrity-reactions feature flag (requires MCPG ≥ v0.2.18, now bundled as v0.2.19) lets maintainers promote or demote tool-use integrity via 👍/❤️ and 👎/😕 GitHub reactions in proxy mode. Configurable endorsement and disapproval reaction sets with sensible defaults. Learn more

• Temporary ID resolution now reaches further — #temporary_id references are now resolved inside dispatch_workflow input values, update_issue/add_comment targets, and git am patch content — closing three long-standing gaps that required manual workarounds.

• Strict mode secrets unlocked — Strict mode now permits secrets.* in step-level with: bindings for action steps in pre-agent custom steps, and in step env: bindings — giving workflows a secure path to external secret managers without disabling strict mode entirely.

• slash_command event scoping — A new scope option lets workflows restrict which event types (issue comment, PR comment, etc.) trigger slash commands, reducing noise from unintended contexts.

• assign_to_agent multi-platform support — Copilot can now be assigned to the same issue multiple times when each assignment targets a different pull_request_repo (e.g., separate iOS and Android repositories), enabling true cross-platform agentic workflows.

• workflows: write auto-inferred — The compiler now automatically infers the workflows: write permission when a GitHub App token's allowed-files targets .github/workflows/, eliminating a confusing manual step.

🐛 Bug Fixes & Improvements

• create_issue rate-limit resilience — Added retry with jitter to the create_issue safe-output handler, preventing HTTP 403 failures when multiple daily workflows complete simultaneously and burst the API rate limit.

• create_pull_request ENOBUFS crash — Fixed a spawnSync buffer overflow that caused create_pull_request to fail on large diffs; the safe-output handler no longer crashes on oversized payloads.

• create_pull_request_review_comment tool not found — Resolved a runtime registration issue where the create_pull_request_review_comment safe-output tool was declared but not discoverable at runtime.

• Copilot engine workflows restored — Fixed two distinct failures introduced in v0.67.2–v0.67.4 that broke Copilot-engine workflows; plus resolved silent exit code 1 errors in the compiled Copilot CLI.

• Compiler: --allow-domains quoting fixed — The compiler no longer single-quotes --allow-domains values, which was breaking $\{\{ }} GitHub Actions expressions and causing HTTP 422 errors on workflow dispatch.

• inputs.* expressions in workflow_call — Expressions using inputs.* in prompt bodies are now properly resolved when a workflow is invoked via workflow_call.

• OIDC env vars forwarded to MCP Gateway — The compiler now forwards ACTIONS_ID_TOKEN_REQUEST_URL and related OIDC env vars to the docker run command for the MCP Gateway, enabling OIDC-based authentication flows.

• MCP servers on GitHub Enterprise Server — Improved documentation and policy guidance for organizations where the "MCP servers in Copilot" policy is not visible in GHE settings.

• SARIF upload permissions — Fixed Resource not accessible by integration errors during SARIF upload by correctly provisioning the required security-events: write permission.

• Cross-org workflow_call — Resolved failures in resolve_host_repo, checkout, and hash checks when invoking workflows across organization boundaries.

• push_repo_memory bot-comment guard — Fixed a bug where the push_repo_memory job ran even when the workflow was triggered by a bot comment that skipped pre_activation.

• ParseWorkflow ~18% faster — Eliminated a JSON round-trip in schema validation and optimized node traversal, reducing workflow parse time by ~18% with ~22% fewer allocations.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@apenab

• MCP servers blocked by policy on GHE — unable to find "MCP servers in Copilot" policy setting (direct issue)

@bbonafed

• Cross-org workflow_call: resolve_host_repo, checkout, and hash check all fail (direct issue)
• Compiler does not forward OIDC env vars to MCP Gateway docker run command (direct issue)

@benvillalobos

• inputs.* expressions in prompt body not resolved when called via workflow_call (direct issue)

@bryanchen-d

• bug: compiler single-quotes --allow-domains breaking $\{\{ }} GA expressions, causing HTTP 422 on workflow dispatch (direct issue)

@camposbrunocampos

• assign_to_agent: allow multiple assignments to same issue when pull_request_repo differs (direct issue)

@corygehr

• Copilot-engine workflows broken: two distinct failures across v0.67.2 and v0.67.4 (direct issue)

@devantler

• Compiler does not auto-infer workflows: write on GitHub App tokens when allowed-files targets .github/workflows/ (direct issue)
• Support temporary ID resolution for update_issue and add_comment targeting (direct issue)

@JanKrivanek

• Safe-output tool 'create_pull_request_review_comment' not found at runtime despite correct declaration (direct issue)

@johnpreed

• dispatch_workflow handler does not resolve #temporary_id references in input values (direct issue)

@kbreit-insight

• SARIF upload gives "Resource not accessible by integration" error (direct issue)

@neta-vega

• slash_command: scope option to restrict trigger event types (direct issue)

@susmahad

• Strict mode blocks secrets.* in step env: bindings — no secure path for workflows that need external secret managers (direct issue)
• Strict mode: allow secrets.* in step-level with: for action steps in pre-agent custom steps (direct issue)

@theletterf

• Copilot CLI exits with code 1 silently when compiled with v0.67.3 (pre-release) (direct issue)

@wtgodbe

• Temporary ID references in patch content are not resolved before git am (direct issue)

@yskopets

• safeoutputs create_pull_request fails with ENOBUFS on large diffs (spawnSync buffer overflow) (direct issue)
• bug: push_repo_memory job runs when workflow is triggered by a bot comment (pre_activation skipped) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.6M

---

What's Changed

• feat(test-quality-sentinel): pre-fetch PR diff, trim toolsets/bash tools, cap continuations by @Copilot in #25685
• build(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #25699
• fix: update golden test files for Copilot CLI bump to 1.0.21 by @Copilot in #25692
• feat: use job.workflow_* context for host repo resolution by @salmanmkc in #25697
• fix: add actionlint config and fix SC2129 grouped redirects by @Copilot in #25700
• fix: restore permission-discussions in GitHub App token fields by @lpcox in #25709
• fix: resolve #temporary_id references in dispatch_workflow inputs before dispatching by @Copilot in #25693
• feat: container image digest pinning in actions-lock.json with update/upgrade integration by @Copilot in #25688
• Write JSONL mirror unconditionally, decoupled from OTLP endpoint by @Copilot in #25716
• Add cross-repo allowlist validation to close_entity_helpers (SEC-005) by @Copilot in #25715
• Fix inputs.* expressions not resolved when workflow invoked via workflow_call by @Copilot in #25718
• [aw] Updates available by @github-actions[bot] in #25726
• Fix test failures after action pin updates by @Copilot in #25745
• fix: doubl...

v0.68.1

🌟 Release Highlights

This release delivers a critical Copilot CLI reliability hotfix, a new engine.bare control for AI context management, significant security hardening, and resolutions for 9 community-reported issues.

✨ What's New

• engine.bare frontmatter field — Disable automatic context loading for supported engines, giving you full control over what the AI agent sees. Use bare: true with copilot (suppresses AGENTS.md and user instructions) or claude (suppresses CLAUDE.md memory files). Unsupported engines emit a compiler warning. (#25661)

• Frontmatter hash checker improvements — When a stale lock file is detected, the activation job now emits step-by-step [hash-debug] log lines and creates a clear, actionable issue/comment (with progressive disclosure) to guide you through fixing it. (#25571)

• actions/github-script upgraded to v9 — Scripts now get getOctokit as a built-in context parameter, eliminating the need for dynamic @actions/github imports in safe-output handlers. (#25553)

• Squash-merge fallback in gh aw add — When a repository disallows merge commits, the setup PR now automatically falls back to squash merge rather than failing. (#25609)

🐛 Bug Fixes & Improvements

• [Critical] Copilot CLI pinned to v1.0.21 — Fixes Copilot-engine workflows that were hanging indefinitely or producing 0-byte output due to incompatibilities with v1.0.22. v1.0.21 is the last confirmed working version. (#25689)

• Security: agent-stdio.log permissions hardened — Log file is now pre-created with 0600 permissions before tee writes, preventing world-readable exposure of MCP gateway bearer tokens. Dynamic gateway token redaction added to redact_secrets.cjs. (#25618)

• Agent file injection fixed for Codex and Gemini — Both engines now read INSTRUCTION from prompt.txt (already assembled by the compiler), eliminating fragile shell-variable injection and double-inclusion of agent file content. (#25681)

• Claude agent file injection fixed — Claude now reliably reads its agent file via prompt.txt in AWF sandbox mode, resolving crashes caused by --env-all not propagating shell variables into AWF containers. (#25589)

• Write-to-read codemod no longer converts id-token/copilot-requests — The "Convert write permissions to read" codemod now correctly skips write-only permissions that cannot meaningfully be set to read. (#25604)

• Race condition in PR checkout — When a PR is merged milliseconds after triggering a workflow (stale state: open in the payload), the agent now re-queries the API before treating the checkout failure as a hard error. (#25581)

• CLI consistency fixes — Aligned --dir flag semantics across add/add-wizard/compile/fix/upgrade; added missing --dir flag to remove; corrected misleading --no-fix description; improved help text for trial, run, mcp add, and pr transfer. (#25658)

• smoke-gemini now triggers on the smoke label — Fixes the Gemini smoke test being excluded from the standard PR smoke suite. (#25639)

📚 Documentation

• firewall-audit-logs artifact reference — New docs/reference/artifacts.md documents all artifact names, their download paths, and the correct way to access token usage data (it lives in firewall-audit-logs, not agent). (#25684)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@adamhenson

• compiled lock files hardcode github.token in Configure Git credentials steps -- breaks in sandboxed runners (direct issue)

@bbonafed

• MCP Gateway container missing ACTIONS_ID_TOKEN_REQUEST_URL / ACTIONS_ID_TOKEN_REQUEST_TOKEN env vars (direct issue)

@dbudym-cs

• Failed to register MCP tools | HTTP 400: Bad Request (direct issue)

@deyaaeldeen

• Codemod 'Convert write permissions to read' incorrectly changes id-token: write to read (direct issue)

@drehelis

• codex exec command line argument misplaced (direct issue)

@lukeed

• cli: support merging via squash (direct issue)

@Mossaka

• Pipeline reports failure when Copilot CLI hits rate limit after successful completion (direct issue)

@salekseev

• AWF API proxy doubles https:// scheme in --anthropic-api-target URL (direct issue)

@tore-unumed

• Agent imports: .github/agents/ path does not resolve — must be under .github/workflows/ (direct issue)

⚠️ Attribution Candidates Need Review

The following community issues were closed during this period but could not be automatically linked to a specific merged PR. Please verify whether they should be credited:

• @grahame-white for CI Coach workflow uses invalid 'copilot-requests' permission: root cause analysis and remediation plan — closed 2026-04-10, state: NOT_PLANNED, no confirmed PR linkage found

---

For complete details, see CHANGELOG.

Generated by Release · ● 696.2K

---

What's Changed

• feat: update actions/github-script to v9.0.0 with builtin getOctokit by @Copilot in #25553
• Normalize report formatting: add shared/reporting.md import to two daily workflows by @Copilot in #25561
• feat: improve frontmatter hash checker with debug logging and failure propagation to conclusion job by @Copilot in #25571
• chore: update drain3 default log pattern weights by @github-actions[bot] in #25584
• chore: bump CLI versions — Claude Code 2.1.98, Copilot 1.0.22 (unpin), Gemini 0.37.1 by @Copilot in #25577
• [jsweep] Clean check_rate_limit.cjs by @github-actions[bot] in #25580
• fix: handle race condition when PR is merged before agent job checks out branch by @Copilot in #25581
• [code-simplifier] refactor: remove redundant fs require inside arrow function by @github-actions[bot] in #25591
• [architecture] Update architecture diagram - 2026-04-10 by @github-actions[bot] in #25597
• [instructions] Sync github-agentic-workflows.md with v0.67.4 by @github-actions[bot] in #25613
• fix: apply Q's weekly workflow improvements + prevent git misuse in Q prompt by @Copilot in #25607
• Fix write-to-read codemod incorrectly converting id-token and copilot-requests permissions by @Copilot in #25604
• [docs] Developer documentation tone scan v5.7 by @github-actions[bot] in #25617
• cli: try squash merge first, fall back to merge commit if not allowed by @Copilot in #25609
• fix: introduce SupportsNativeAgentFile capability; move Claude agent-file injection to compiler by @Copilot in #25589
• Pin copilot to v1.0.20 by @Copilot in #25623
• [dead-code] chore: remove dead functions — 5 functions removed by @github-actions[bot] in #25630
• test: add regression coverage for .github/agents/ root-relative import path by @Copilot in #25636
• fix(smoke-gemini): trigger on "smoke" label instead of "water" by @Copilot in #25639
• refactor: centralize close-flow logic into shared createCloseEntityHandler factory by @Copilot in #25628
• security: fix agent-stdio.log world-readable exposure and MCP gateway token leakage in redaction pipeline by @Copilot in #25618
• fix(cli): address 7 CLI consistency issues across help text and flag behavior by @Copilot in #25658
• fix: set supportsNativeAgentFile=false for Codex and Gemini; remove AGENT_CONTENT shell code from Codex by @Copilot in #25681
• feat: add engine.bare frontmatter field to suppress automatic context loading by @Copilot in #25661
• Doc: document firewall-audit-logs artifact name for downstream consumers by @Copilot in #25684
• f...

v0.68.0

🌟 Release Highlights

This release brings distributed tracing improvements, important security hardening, permission fixes, and a cleaner add-comment API — with a community-reported bug fix included.

✨ What's New

• OpenTelemetry cross-job trace hierarchy — Parent span IDs are now propagated through aw_context across jobs, enabling end-to-end distributed trace visibility for multi-job workflows. (#25540)

• Simplified discussion comment API — The deprecated add-comment.discussion (singular boolean) field has been removed in favor of the clearer discussions: true/false syntax. Update your workflows using gh aw fix --write. (#25532)

🐛 Bug Fixes & Improvements

• Fixed invalid discussions: write permission on safe-output jobs — The compiler was unconditionally emitting an invalid permission-discussions field into GitHub App token requests for safe-output jobs. This has been corrected. (#25508)

• Security: heredoc content validation — ValidateHeredocContent checks are now applied to five user-controlled heredoc insertion sites, closing a class of potential injection vectors. (#25510)

• MCP schema: proxy-args now accepted at top level — The stdio_mcp_tool schema now includes proxy-args as a top-level property, fixing validation errors for tools that use proxy arguments. (#25542)

• MCP config schema validation re-enabled — Previously dead MCP configuration schema validation paths are now wired up, improving compile-time error detection. (#25507)

• Docker pre-download list updated — The cli-proxy image is now included in the pre-download list, reducing cold-start latency in containerized runs. (#25558)

• Playground editor template dropdown restored — Four missing workflow templates have been restored to the playground editor dropdown. (#25528)

📚 Documentation

• Integrity-filtering inputs fully documented — All integrity-filtering inputs are now documented in the reference. (#25545, Learn more)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@IEvangelist

• Compiler unconditionally adds invalid discussions: write permission to safe-output jobs (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.1M

---

What's Changed

• [slides] Add OpenTelemetry distributed tracing slide by @github-actions[bot] in #25515
• fix: remove invalid permission-discussions from GitHub App token fields by @Copilot in #25508
• fix: temporarily disable GITHUB_COPILOT_INTEGRATION_ID env var by @lpcox in #25521
• Add ValidateHeredocContent checks to 5 user-controlled heredoc sites by @Copilot in #25510
• Wire up dead MCP config schema validation by @Copilot in #25507
• Fix TestStepOrderingValidation_SecretRedactionBeforeUploads: tighten Upload Safe Outputs assertion by @Copilot in #25524
• [docs] Fix playground editor template dropdown — restore 4 missing templates by @github-actions[bot] in #25528
• [ubuntu-image] research: update Ubuntu runner image analysis to 20260406.80.1 by @github-actions[bot] in #25537
• feat(otel): propagate parent span ID through aw_context for cross-job trace hierarchy by @Copilot in #25540
• Remove deprecated add-comment.discussion (singular) in favor of discussions: true/false by @Copilot in #25532
• docs: document all integrity-filtering inputs by @lpcox in #25545
• fix: add proxy-args to stdio_mcp_tool schema top-level properties by @Copilot in #25542
• [actions] Update GitHub Actions versions - 2026-04-09 by @Copilot in #25541
• [safe-output-integrator] Add missing upload-artifact safe-output test workflow and compiler test by @github-actions[bot] in #25547
• refactor(static-analysis-report): build gh-aw from source instead of installing a release by @Copilot in #25556
• fix: add cli-proxy image to Docker pre-download list by @lpcox in #25558
• Optimize Functional Pragmatist workflow token usage (~54% prompt reduction) by @Copilot in #25560

Full Changelog: v0.67.4...v0.68.0

v0.67.4

🌟 Release Highlights

This release delivers a critical Copilot engine reliability fix that restores all affected workflows, alongside a wave of new agentic workflow templates, meaningful security hardening, and a rich set of bug fixes driven by community reports.

🚨 Critical Fix: Copilot Engine Silent Startup Crash

All Copilot-engine workflows were silently failing for ~35+ hours starting April 8 due to a startup crash in Copilot CLI v1.0.21. This release pins DefaultCopilotVersion to 1.0.20 and recompiles all 187 workflow lock files to restore normal operation immediately.

✨ What's New

• Five new agentic workflow templates — approach-validator, test-quality-sentinel, refactoring-cadence, architecture-guardian, and design-decision-gate expand the built-in workflow library for code quality, ADR enforcement, and architectural governance.

• allowed-events filter for submit-pull-request-review — Workflows can now restrict which review types (APPROVE, COMMENT, REQUEST_CHANGES) the safe-output job may submit, giving maintainers tighter control over automated review actions. (#25484)

• Copilot driver retry logic — The Copilot driver now retries on partial session failures, reducing flaky workflow runs caused by transient CAPI errors. (#25329)

• --runner-guard compilation flag — gh aw compile now accepts --runner-guard to enforce runner constraints in the static-analysis-report workflow. (#25281)

• Version bumps — Firewall updated to v0.25.18 and MCP Gateway to v0.2.17 for all compiled workflows. (#25505)

🔒 Security Hardening

• NFKC normalization + homoglyph detection — SafeOutputs now normalizes Unicode input using NFKC and detects Cyrillic/Greek homoglyph substitutions. The Secret Leak threat detection check is also hardened to catch more patterns. (#25458)

• HTML comment bypass fix — removeXmlComments is now applied before mention neutralization, closing a potential injection path in safe-output processing. (#25462)

🐛 Bug Fixes & Improvements

• gh aw list false positive "Compiled: No" — The compiler now uses a frontmatter content hash instead of file mtime to detect compiled status, fixing incorrect results after git checkout. (#25364)

• safe-outputs type imports — Types declared in imported safe-outputs schemas are no longer silently dropped when the main workflow also defines safe-outputs. (#25402)

• gh aw add-wizard HTTPS auth fix — The wizard no longer fails authentication when the git remote uses an HTTPS URL with an embedded username. (#25375)

• Playwright MCP logs directory — chmod 777 applied to the playwright mcp-logs directory so non-root Docker containers can write logs correctly. (#25417)

• Stale actions-lock.json entries pruned — Compilation now removes stale gh-aw-actions entries from actions-lock.json, preventing stale pin accumulation across releases. (#25361)

• CLI proxy RUNNER_TEMP quoting — \$\{RUNNER_TEMP} in generated shell commands is now properly quoted and template expressions in run: blocks are handled correctly. (#25330)

📚 Documentation

• Developer docs consolidated (v5.6): broken README links fixed and tone updated. (#25446)
• Slash command guidance added for the SideRepoOps pattern.
• dispatch-ops.md condensed by 24% for easier reading. (#25423)

---

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bryanknox

• gh aw add-wizard not logged in to GitHub CLI (direct issue)

@chrisfregly

• Bug in safe-outputs Frontmatter Merging Schematics (direct issue)

@deyaaeldeen

• Compiler v0.67.3 pins runtime setup action to v0.67.1, leaving stale entries in actions-lock.json (direct issue)

@JanKrivanek

• submit-pull-request-review: allow filtering allowed event types (APPROVE, COMMENT, REQUEST_CHANGES) (direct issue)

@pholleran

• Copilot CLI should retry on transient CAPIError 400 Bad Request during agentic workflow execution (direct issue)

@yskopets

• gh aw list: 'Compiled: No' false positive after git checkout due to mtime comparison (direct issue)
• Docs: No guidance on using slash commands in SideRepoOps pattern (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 909.5K

---

What's Changed

• Fix MCP integration tests broken by SDK v1.5.0 schema validation behavior change by @Copilot in #25310
• chore: verify and recompile agentic workflows after hono/node-server bump by @dependabot[bot] in #25212
• Add --runner-guard to compile; wire into static-analysis-report workflow by @Copilot in #25281
• fix: filter AWF infrastructure lines from engine failure context by @Copilot in #25314
• Fix Changeset Generator missing github network preset in allowed-domains config by @Copilot in #25333
• Add copilot driver with retry logic for partial session failures by @Copilot in #25329
• [slides] Add Staged Mode slide to presentation by @github-actions[bot] in #25343
• feat: add design-decision-gate agentic workflow for ADR enforcement by @Copilot in #25323
• feat: add architecture-guardian agentic workflow by @Copilot in #25334
• fix: use absolute node path in awf wrapper to survive sudo PATH stripping by @Copilot in #25341
• feat: add approach-validator agentic workflow by @Copilot in #25354
• fix: quote ${RUNNER_TEMP} in generated shell commands and replace template expressions in run: blocks by @Copilot in #25330
• Add refactoring-cadence agentic workflow by @Copilot in #25352
• Prune stale gh-aw-actions entries from actions-lock.json after compilation by @Copilot in #25361
• feat: add test-quality-sentinel agentic workflow by @Copilot in #25353
• fix: selectively git add known files in maintenance update command by @Copilot in #25370
• fix: use frontmatter hash instead of mtime to determine compiled status in gh aw list by @Copilot in #25364
• feat: migrate 50% of agentic workflows from upload-asset to upload-artifact by @Copilot in #25342
• Fix add-wizard auth failure when git remote uses HTTPS URL with embedded username by @Copilot in #25375
• build(deps-dev): bump basic-ftp from 5.2.0 to 5.2.1 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #25380
• Rename "Upload Safe Output Items" → "Upload Safe Outputs Items" for terminology consistency by @Copilot in #25378
• fix(spec+compiler): update MCP gateway OTLP headers to string-only (v1.13.0) by @Copilot in #25135
• feat: increase logging in copilot driver for silent startup failures by @Copilot in #25390
• [log] Add debug logging to 5 CLI files for improved troubleshooting by @github-actions[bot] in #25393
• docs: add slash command guidance for SideRepoOps pattern by @Copilot in #25401
• CLI proxy: start difc-proxy on host, pass --difc-proxy-host to AWF by @Copilot in #25366
• chore: set AWFCliProxyMinVersion to v0.25.17 by @lpcox in #25411
• Normalize report headers from h2 to h3 in 3 workflow templates by @Copilot in #25414
• fix: safe-outputs types from imports dropped when main workflow defines any safe-outputs by @Copilot in #25402
• Remove CodeMirror dependency from live edito...

v0.67.3

🌟 Release Highlights

This release strengthens workflow composition, self-hosted runner support, and token-minting patterns — with four improvements driven directly by community feedback.

✨ What's New

pre-steps: same-job token minting for cross-repo checkout

A new pre-steps frontmatter field lets you inject steps that run before checkout and the agent, inside the same job. This is the recommended solution for workflows that use token-minting actions (e.g. actions/create-github-app-token, octo-sts) to check out external repositories. Because the minted token stays in the same job, it is never masked when crossing a job boundary — the long-standing checkout.token runtime failure is now fully addressed. Pre-steps from imported shared workflows are automatically merged in.

pre-steps:
  - name: Mint short-lived token
    id: mint
    uses: some-org/token-minting-action@v1
    with:
      scope: target-org/target-repo

checkout:
  - repository: target-org/target-repo
    path: target
    token: $\{\{ steps.mint.outputs.token }}
    current: false

import-inputs expressions in imports: section

$\{\{ github.aw.import-inputs.* }} expressions in the imports: section's with: values are now correctly resolved before nested import discovery. Multi-level workflow composition — where a shared workflow forwards an input to its own imports — now works as expected. See the imports reference for details.

assignees on create-pull-request fallback issues

safe-outputs.create-pull-request now accepts an assignees field that applies to all fallback paths, including protected-files: fallback-to-issue. Assignees are validated before submission, with automatic retry on HTTP 422. See the safe-outputs pull requests reference for details.

safe-outputs:
  create-pull-request:
    protected-files: fallback-to-issue
    reviewers: [mcg]
    assignees: [mcg]   # ← now accepted; applied to all fallback issues

New design pattern docs: WorkQueueOps & BatchOps

Two new design pattern pages are now available in the docs:

• WorkQueueOps: four queue strategies (issue checklists, sub-issues, cache-memory JSON, discussion-based) with concurrency and idempotency guidance.
• BatchOps: four batch strategies including chunked pagination, modulo-sharded matrix fan-out, rate-limit-aware processing, and result aggregation via cache-memory.

🐛 Bug Fixes & Improvements

• MCP compile + Docker unavailable: actionlint, zizmor, and poutine linting no longer marks every workflow as valid: false when Docker is unavailable. A clear DockerUnavailable error is surfaced instead of silently hiding compilation results.
• OTLP artifact upload: otel.jsonl (the span mirror written by send_otlp_span.cjs) is now automatically included in the "Upload agent artifacts" step for all OTLP-configured workflows, enabling post-hoc trace debugging without a live collector.
• Self-hosted runner path isolation: Fixed a setup issue where $RUNNER_TEMP = /tmp caused the read-only setup tree and the read-write runtime tree to collapse into the same path, inadvertently granting write access to compiled scripts and MCP configs.
• Tool version updates: Claude Code 2.1.92 → 2.1.94, Copilot CLI 1.0.20 → 1.0.21, MCP Go SDK v1.4.1 → v1.5.0 (security: Origin/Content-Type header verification; protocol version 2025-11-25).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@j-srodka

• Configurable or documented runs-on for generated agentics maintenance workflow (self-hosted fleets) (direct issue)

@salekseev

• checkout.token from custom jobs: fails at runtime when token-minting action masks output (direct issue)

@seangibeault

• Feature: support assignees on create-pull-request for protected-files: fallback-to-issue (direct issue)

@yskopets

• feat: allow ${{ github.aw.import-inputs.* }} expressions in frontmatter imports section (direct issue)

---

For complete details, see CHANGELOG.

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• #25199 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Release · ● 1.5M

---

What's Changed

• fix: reject /-prefixed paths not under .agents/ or .github/ with security error by @Copilot in #24943
• Merge assign-to-agent safe output handler into the safe output main handler loop by @Copilot in #24934
• Align MCP Scripts step names with Safe Outputs naming conventions by @Copilot in #24944
• [actions] Update GitHub Actions versions - 2026-04-06 by @github-actions[bot] in #24952
• feat: add api-consumption-report daily agentic workflow by @Copilot in #24957
• refactor: move create-agent-session into main safe-outputs handler loop by @Copilot in #24951
• Bump MCPG container image to v0.2.15 by @Copilot in #24945
• fix: use actual OTLP span trace ID in job observability summary by @Copilot in #24963
• fix: unknown tool names in frontmatter tools section are compile errors; remove qmd built-in by @Copilot in #24855
• docs: document inlined-imports: true for cross-org workflow_call scenarios by @Copilot in #24977
• [safe-output-integrator] Add missing safe-output test workflows and compiler tests by @github-actions[bot] in #24975
• Add actions: read to activation job permissions when hash check API step is emitted by @Copilot in #24976
• feat: add --artifacts flag to audit/logs/audit-diff commands with MCP exposure and incremental caching by @Copilot in #24967
• Recompile workflows to sync lock files by @Copilot in #24988
• fix(api-consumption-report): track actual GitHub REST API quota from run_summary.json by @Copilot in #24986
• Fix resolve_host_repo.cjs to correctly identify callee repo in cross-org workflow_call by @Copilot in #24974
• feat: add assignees to create-pull-request for fallback issues by @Copilot in #24966
• fix: update golden files for activation job actions: read permission by @Copilot in #24998
• docs: add missing qmd reference page to fix docs build by @Copilot in #24999
• Fix build-wasm: update golden files for actions: read permission by @Copilot in #25000
• fix(tests): add audit-diff to MCP server tool tests by @Copilot in #25006
• fix(pdf-summary): normalize report formatting to match style guidelines by @Copilot in #25007
• [docs] docs(engines): reduce bloat in AI engines reference by @github-actions[bot] in #25010
• feat: add cli-proxy feature flag for AWF gh CLI proxy sidecar (firewall v0.25.14) by @Copilot in #24997
• [jsweep] Clean action_input_utils.test.cjs by @github-actions[bot] in #25021
• feat(compiler): setup node in agent job and safe_outputs job when using custom image runner by @Copilot in #25011
• Remove cli-proxy-writable feature flag and add read-only gh CLI prompt for cli-proxy by @Copilot in #25013
• Refocus api-consumption-report on GitHub API usage only by @Copilot in #25030
• Fix TestCustomPermissionsOverrideDefaults false failure on activation job permissions by @Copilot in #25039
• [code-simplifier] refactor: simplify cli-proxy code from #25013 (early-continue pattern + step numbering) by @github-actions[bot] in #25037
• perf: fix 20% validation regression by caching builtin file parsing and eliminating redundant work by @Copilot in #25036
• fix: remove 360 upper limit on timeout-minutes to support custom runners by @Copilot in #25042
• [fp-enhancer] Improve pkg/agentdrain: declarative initialization and functional transformation by @github-actions[bot] in #250...