githubnext · mrjf · May 21, 2026 · May 21, 2026 · May 21, 2026 · May 21, 2026
diff --git a/.github/ISSUE_TEMPLATE/crane-migration.md b/.github/ISSUE_TEMPLATE/crane-migration.md
@@ -0,0 +1,68 @@
+---
+name: Crane Migration
+about: Create a new Crane code-migration
+title: ''
+labels: crane-migration
+---
+
+<!-- CRANE:ISSUE-MIGRATION -->
+<!-- This issue defines a Crane migration. The format is identical to migration.md files. -->
+<!-- Crane will discover this issue by its label and run iterations automatically. -->
+<!-- After each run, a status comment will be posted/updated with links and results. -->
+
+---
+schedule: every 6h
+strategy: auto                   # in-place | greenfield | auto
+source-language: REPLACE         # e.g. python, ruby, perl
+target-languages: [REPLACE]      # e.g. [typescript], [typescript, go], [kotlin]
+target-metric: 1.0               # migration is complete when health score reaches this
+metric_direction: higher
+---
+
+# Migration Name
+
+## Source
+
+<!-- What you're migrating from. Be specific about language version, runtime, and paths. -->
+
+- **Language**: REPLACE (e.g. Python 3.11)
+- **Runtime**: REPLACE (e.g. CPython)
+- **Paths**:
+  - `REPLACE/path/to/source` -- (what lives here)
+  - `REPLACE/path/to/source-tests` -- existing test suite
+
+## Target
+
+<!-- What you're migrating to. Multiple target languages are allowed (e.g. TypeScript with a Go core for hot paths). -->
+
+- **Languages**: REPLACE (e.g. TypeScript, Go)
+- **Runtime**: REPLACE (e.g. Node 22 / Bun 1.x)
+- **Paths**:
+  - `REPLACE/path/to/target` -- (what should live here)
+- **Bridge** *(if polyglot)*: REPLACE (e.g. "Go core compiled to WASM, called from TypeScript through a thin wrapper")
+
+## Strategy
+
+<!-- Choose one and justify, or leave as `auto` in the frontmatter and let Crane decide on its first iteration. -->
+
+REPLACE -- explain why this strategy fits.
+
+- `in-place` (strangler-fig): system stays live throughout. Each milestone ports one unit and re-routes callers. Preferred for production code or anything with external consumers.
+- `greenfield`: target built in parallel; cutover after parity is total. Best for small, self-contained sources.
+- `auto`: let Crane pick on first iteration.
+
+## Verification
+
+<!-- A command that prints JSON containing `migration_score` (0.0-1.0). Recommended: migration_score = correctness_gate x progress -->
+
+```bash
+REPLACE_WITH_YOUR_VERIFICATION_COMMAND
+```
+
+The metric is `migration_score` (0.0-1.0). **Higher is better.** Optional companion fields: `progress`, `parity_passing`, `parity_total`, `source_tests_passing`, `target_tests_passing`, `perf_ratio`.
+
+## Out of scope
+
+<!-- Files Crane must NOT touch. -->
+
+- (list paths that are off-limits even if they share a parent with source/target paths)
diff --git a/.github/agents/agentic-workflows.agent.md b/.github/agents/agentic-workflows.agent.md
@@ -15,10 +15,17 @@ This is a **dispatcher agent** that routes your request to the appropriate speci
 - **Updating existing workflows**: Routes to `update` prompt
 - **Debugging workflows**: Routes to `debug` prompt  
 - **Upgrading workflows**: Routes to `upgrade-agentic-workflows` prompt
-- **Creating report-generating workflows**: Routes to `report` prompt — consult this whenever the workflow posts status updates, audits, analyses, or any structured output as issues, discussions, or comments
+- **Creating report-generating workflows**: Routes to `report` prompt -- consult this whenever the workflow posts status updates, audits, analyses, or any structured output as issues, discussions, or comments
 - **Creating shared components**: Routes to `create-shared-agentic-workflow` prompt
-- **Fixing Dependabot PRs**: Routes to `dependabot` prompt — use this when Dependabot opens PRs that modify generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`). Never merge those PRs directly; instead update the source `.md` files and rerun `gh aw compile --dependabot` to bundle all fixes
-- **Analyzing test coverage**: Routes to `test-coverage` prompt — consult this whenever the workflow reads, analyzes, or reports on test coverage data from PRs or CI runs
+- **Fixing Dependabot PRs**: Routes to `dependabot` prompt -- use this when Dependabot opens PRs that modify generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`). Never merge those PRs directly; instead update the source `.md` files and rerun `gh aw compile --dependabot` to bundle all fixes
+- **Analyzing test coverage**: Routes to `test-coverage` prompt -- consult this whenever the workflow reads, analyzes, or reports on test coverage data from PRs or CI runs
+- **Rendering ASCII charts in markdown**: Routes to `asciicharts` guide -- consult this whenever the workflow needs compact charts that render reliably in GitHub issues, comments, or discussions
+- **CLI commands and triggering workflows**: Routes to `cli-commands` guide -- consult this whenever the user asks how to run, compile, debug, or manage workflows from the command line, or when they need the MCP tool equivalent of a `gh aw` command
+- **Reducing token consumption / cost optimization**: Routes to `token-optimization` guide -- consult this whenever the user asks how to reduce token usage, lower costs, speed up workflows, or measure the impact of prompt changes with experiments
+- **Choosing workflow architectures and design patterns**: Routes to `patterns` guide -- consult this whenever the user asks for strategy, architecture, operating models, or pattern selection for agentic workflows
+
+> [!IMPORTANT]
+> For architecture/pattern-selection requests, load `https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/patterns.md` first.
 
 Workflows may optionally include:
 
@@ -30,7 +37,7 @@ Workflows may optionally include:
 - Workflow files: `.github/workflows/*.md` and `.github/workflows/**/*.md`
 - Workflow lock files: `.github/workflows/*.lock.yml`
 - Shared components: `.github/workflows/shared/*.md`
-- Configuration: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md
+- Configuration: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/github-agentic-workflows.md
 
 ## Problems This Solves
 
@@ -52,7 +59,7 @@ When you interact with this agent, it will:
 ### Create New Workflow
 **Load when**: User wants to create a new workflow from scratch, add automation, or design a workflow that doesn't exist yet
 
-**Prompt file**: https://github.com/github/gh-aw/blob/main/.github/aw/create-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/create-agentic-workflow.md
 
 **Use cases**:
 - "Create a workflow that triages issues"
@@ -62,7 +69,7 @@ When you interact with this agent, it will:
 ### Update Existing Workflow  
 **Load when**: User wants to modify, improve, or refactor an existing workflow
 
-**Prompt file**: https://github.com/github/gh-aw/blob/main/.github/aw/update-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/update-agentic-workflow.md
 
 **Use cases**:
 - "Add web-fetch tool to the issue-classifier workflow"
@@ -72,7 +79,7 @@ When you interact with this agent, it will:
 ### Debug Workflow  
 **Load when**: User needs to investigate, audit, debug, or understand a workflow, troubleshoot issues, analyze logs, or fix errors
 
-**Prompt file**: https://github.com/github/gh-aw/blob/main/.github/aw/debug-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/debug-agentic-workflow.md
 
 **Use cases**:
 - "Why is this workflow failing?"
@@ -82,17 +89,17 @@ When you interact with this agent, it will:
 ### Upgrade Agentic Workflows
 **Load when**: User wants to upgrade workflows to a new gh-aw version or fix deprecations
 
-**Prompt file**: https://github.com/github/gh-aw/blob/main/.github/aw/upgrade-agentic-workflows.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/upgrade-agentic-workflows.md
 
 **Use cases**:
 - "Upgrade all workflows to the latest version"
 - "Fix deprecated fields in workflows"
 - "Apply breaking changes from the new release"
 
 ### Create a Report-Generating Workflow
-**Load when**: The workflow being created or updated produces reports — recurring status updates, audit summaries, analyses, or any structured output posted as a GitHub issue, discussion, or comment
+**Load when**: The workflow being created or updated produces reports -- recurring status updates, audit summaries, analyses, or any structured output posted as a GitHub issue, discussion, or comment
 
-**Prompt file**: https://github.com/github/gh-aw/blob/main/.github/aw/report.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/report.md
 
 **Use cases**:
 - "Create a weekly CI health report"
@@ -102,7 +109,7 @@ When you interact with this agent, it will:
 ### Create Shared Agentic Workflow
 **Load when**: User wants to create a reusable workflow component or wrap an MCP server
 
-**Prompt file**: https://github.com/github/gh-aw/blob/main/.github/aw/create-shared-agentic-workflow.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/create-shared-agentic-workflow.md
 
 **Use cases**:
 - "Create a shared component for Notion integration"
@@ -112,23 +119,68 @@ When you interact with this agent, it will:
 ### Fix Dependabot PRs
 **Load when**: User needs to close or fix open Dependabot PRs that update dependencies in generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`)
 
-**Prompt file**: https://github.com/github/gh-aw/blob/main/.github/aw/dependabot.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/dependabot.md
 
 **Use cases**:
 - "Fix the open Dependabot PRs for npm dependencies"
 - "Bundle and close the Dependabot PRs for workflow dependencies"
 - "Update @playwright/test to fix the Dependabot PR"
 
 ### Analyze Test Coverage
-**Load when**: The workflow reads, analyzes, or reports test coverage — whether triggered by a PR, a schedule, or a slash command. Always consult this prompt before designing the coverage data strategy.
+**Load when**: The workflow reads, analyzes, or reports test coverage -- whether triggered by a PR, a schedule, or a slash command. Always consult this prompt before designing the coverage data strategy.
 
-**Prompt file**: https://github.com/github/gh-aw/blob/main/.github/aw/test-coverage.md
+**Prompt file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/test-coverage.md
 
 **Use cases**:
 - "Create a workflow that comments coverage on PRs"
 - "Analyze coverage trends over time"
 - "Add a coverage gate that blocks PRs below a threshold"
 
+### Render ASCII Charts in Markdown
+**Load when**: The workflow needs in-markdown charts (sparklines, bars, table+trend views) that must align cleanly and render reliably across GitHub surfaces, including mobile.
+
+**Reference file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/asciicharts.md
+
+**Use cases**:
+- "Show a compact trend chart in an issue comment"
+- "Render a dashboard table with sparkline trends"
+- "Generate aligned ASCII bars for service metrics"
+
+### CLI Commands Reference
+**Load when**: The user asks how to run, compile, debug, or manage workflows from the command line; needs the MCP tool equivalent of a `gh aw` command; or is in a restricted environment (e.g., Copilot Cloud) without direct CLI access.
+
+**Reference file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/cli-commands.md
+
+**Use cases**:
+- "How do I trigger workflow X on the main branch?"
+- "What's the MCP equivalent of `gh aw logs`?"
+- "I'm in Copilot Cloud -- how do I compile a workflow?"
+- "Show me all available gh aw commands"
+
+### Token Consumption Optimization
+**Load when**: The user asks how to reduce token usage, lower workflow costs, make a workflow faster or cheaper, or measure the impact of prompt or configuration changes.
+
+**Reference file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/token-optimization.md
+
+**Use cases**:
+- "How do I reduce the token cost of this workflow?"
+- "My workflow is too expensive -- how do I optimize it?"
+- "How do I compare token usage between two runs?"
+- "Should I use gh-proxy or the MCP server?"
+- "How do I use sub-agents to reduce costs?"
+- "How do I measure the impact of a prompt change?"
+
+### Workflow Pattern Selection
+**Load when**: The user asks for architecture, strategy, operating model selection, or pattern recommendations for building agentic workflows.
+
+**Reference file**: https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/patterns.md
+
+**Use cases**:
+- "Which pattern should I use for multi-repo rollout?"
+- "How should I structure this workflow architecture?"
+- "What pattern fits slash-command triage?"
+- "Should this be DispatchOps or DailyOps?"
+
 ## Instructions
 
 When a user interacts with you:
@@ -147,6 +199,10 @@ gh aw init
 # Generate the lock file for a workflow
 gh aw compile [workflow-name]
 
+# Trigger a workflow on demand (preferred over gh workflow run)
+gh aw run <workflow-name>             # interactive input collection
+gh aw run <workflow-name> --ref main  # run on a specific branch
+
 # Debug workflow runs
 gh aw logs [workflow-name]
 gh aw audit <run-id>
@@ -169,9 +225,12 @@ gh aw compile --validate
 
 ## Important Notes
 
-- Always reference the instructions file at https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md for complete documentation
+- Always reference the instructions file at https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/github-agentic-workflows.md for complete documentation
 - Use the MCP tool `agentic-workflows` when running in GitHub Copilot Cloud
 - Workflows must be compiled to `.lock.yml` files before running in GitHub Actions
 - **Bash tools are enabled by default** - Don't restrict bash commands unnecessarily since workflows are sandboxed by the AWF
 - Follow security best practices: minimal permissions, explicit network access, no template injection
+- **Network configuration**: Use ecosystem identifiers (`node`, `python`, `go`, etc.) or explicit FQDNs in `network.allowed`. Bare shorthands like `npm` or `pypi` are **not** valid. See https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/network.md for the full list of valid ecosystem identifiers and domain patterns.
 - **Single-file output**: When creating a workflow, produce exactly **one** workflow `.md` file. Do not create separate documentation files (architecture docs, runbooks, usage guides, etc.). If documentation is needed, add a brief `## Usage` section inside the workflow file itself.
+- **Triggering runs**: Always use `gh aw run <workflow-name>` to trigger a workflow on demand -- not `gh workflow run <file>.lock.yml`. `gh aw run` handles workflow resolution by short name, input parsing and validation, and correct run-tracking for agentic workflows. Use `--ref <branch>` to run on a specific branch.
+- **CLI commands reference**: For a complete guide on all `gh aw` commands and their MCP tool equivalents (for restricted environments), see https://github.com/github/gh-aw/blob/v0.74.4/.github/aw/cli-commands.md
diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json
@@ -30,15 +30,15 @@
       "version": "v7",
       "sha": "043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"
     },
-    "github/gh-aw-actions/setup-cli@v0.71.5": {
-      "repo": "github/gh-aw-actions/setup-cli",
-      "version": "v0.71.5",
-      "sha": "b8068426813005612b960b5ab0b8bd2c27142323"
-    },
-    "github/gh-aw-actions/setup@v0.71.5": {
+    "github/gh-aw-actions/setup@v0.74.4": {
       "repo": "github/gh-aw-actions/setup",
-      "version": "v0.71.5",
-      "sha": "b8068426813005612b960b5ab0b8bd2c27142323"
+      "version": "v0.74.4",
+      "sha": "d3abfe96a194bce3a523ed2093ddedd5704cdf62"
+    },
+    "github/gh-aw-actions/setup-cli@v0.74.4": {
+      "repo": "github/gh-aw-actions/setup-cli",
+      "version": "v0.74.4",
+      "sha": "d3abfe96a194bce3a523ed2093ddedd5704cdf62"
     },
     "github/gh-aw/actions/setup@v0.50.6": {
       "repo": "github/gh-aw/actions/setup",

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
@@ -0,0 +1,5 @@
+name: "CodeQL configuration"
+
+paths-ignore:
+  # Auto-generated lock files from gh-aw compile
+  - ".github/workflows/*.lock.yml"
diff --git a/.github/mcp.json b/.github/mcp.json
@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "github-agentic-workflows": {
+      "command": "gh",
+      "args": [
+        "aw",
+        "mcp-server"
+      ]
+    }
+  }
+}