Weekly Research— April 27, 2026

[github-actions[bot]]

Plugin: github-agent-runner v0.2.1 · gh-aw lock: v0.68.3 · Compiled: 2026-04-27

---

Anthropic Platform Signals

No ToS changes this week. The Consumer Terms of Service (effective 2025-10-08) remain unchanged. The relevant prohibition is still active:

"Except when you are accessing our Services via an Anthropic API Key or where we otherwise explicitly permit it, to access the Services through automated or non-human means, whether through a bot, script, or otherwise."

This continues to be the baseline risk for the plugin's OAuth-token CI path. No new carve-out or allowlist update was published.

Demand signal — anthropics/claude-code issue #53902 (filed 2026-04-27, open): A user explicitly requests support for using CLAUDE_CODE_OAUTH_TOKEN to initiate remote/cloud sessions non-interactively. This is the precise pattern the plugin enables. The fact that it is a feature request (not documented behavior) is both a validation of the plugin's wedge and a confirmation that Anthropic has not yet officially blessed it.

Auth instability reported: Issue #53832 (filed 2026-04-27, labeled area:auth): Claude Pro subscribers on macOS are getting 401 on every API call after a successful login. Unrelated to CI use, but a signal that the OAuth token infrastructure is experiencing turbulence.

New model: Claude Opus 4.7 released 2026-04-16 ($5/$25 per M tokens, expanded coding/vision, xhigh effort level). Not a policy change, but relevant context if the plugin surfaces model guidance.

---

Claude Code Plugin Ecosystem

Skills are now the canonical extension type. Anthropic has fully merged the /.claude/commands/ format into the skills system. A SKILL.md file is the authoritative format; the old commands path still works as an alias. The plugin already uses this correctly (skills/*/SKILL.md).

Official marketplace (claude-plugins-official) — no new entries this week. The marketplace now lists ~25 plugins across LSP integrations, MCP bundles, and workflow tools. Active maintenance PRs in anthropics/claude-code this week:

• #53661 (Apr 26): fix marketplace version/author fields in agent-sdk-dev entry
• #53529 (Apr 26): add missing plugin-dev manifest and validate bundled marketplace

Plugin-private-repo bug (anthropics/claude-code-action issue #850, long-standing, updated Apr 25): plugin_marketplaces fails for private/internal repos because git auth is not configured before the marketplace clone step. Root cause is in base-action/src/install-plugins.ts. If this plugin ever targets enterprise users with private marketplace repos, this is a known upstream blocker.

ANTHROPIC_DEFAULT_SONNET_MODEL env var regression (issue #1258, filed Apr 26): Since claude-code-action v1.0.104 / claude-cli 2.1.118, the env var is honored at the top level but silently ignored by sub-agent/Task spawns, which revert to the hardcoded claude-sonnet-4-6. Community PR #1263 proposes a fix. Workaround: pin to v1.0.103 or SHA 4e5d8b13. Directly relevant if the agent-team pattern is run through claude-code-action.

Community trends (awesome-claude-code): The repo's open submissions (266 as of Apr 27) are trending heavily toward session management and context-persistence tools (SessionClose, Agent Sessions, Librarian, ClaudeOS-Core). This suggests developers are hitting real friction with context loss in multi-turn agentic workflows — a problem the agent-team pattern partially addresses through structured issue/PR comment handoffs.

---

gh-aw Upstream Activity

Current stable: v0.68.3 (released 2026-04-14) — which is what this repo pins in .github/aw/actions-lock.json.

Pre-release pace: gh-aw shipped v0.69.2 through v0.71.1 between Apr 21-24 (roughly one release per day). These are pre-releases; the next stable will likely incorporate several of the items below.

Relevant to this plugin

bypassPermissions → acceptEdits rename (PR #28047, v0.71.0): The Claude engine renamed the bypassPermissions flag to acceptEdits. The three dogfooded .lock.yml files in this repo (daily-repo-status, weekly-research, update-docs) each contain 2 occurrences of bypassPermissions (confirmed via grep). These files were compiled at v0.68.3 and are safe as-is, but recompiling with a gh-aw version ≥ v0.71.0 will emit acceptEdits instead. Auth.md line 87 already warns that gh aw compile reverts the OAuth tweak — a gh-aw upgrade would require recompile + re-tweak + verifying the new field name. Track this before any gh aw upgrade run.

bypassPermissions + --allowed-tools interaction clarified (PR #28174, v0.71.1): When running in bypassPermissions/acceptEdits mode, --allowed-tools is now documented as silently ignored; the MCP gateway allowed: filter is the sole effective tool boundary. This may affect how allowed-tools guidance in skills/install-workflow/SKILL.md should be communicated to users.

Action-pin regression in v0.68.3 (fixed in v0.70.0): gh aw compile in v0.68.3 stopped pinning actions to commit SHA hashes (a regression). The existing lock.yml files were pinned before this regression landed and are unaffected. But any gh aw compile run by a user on v0.68.3 would produce unpinned action refs. Fixed in v0.70.0.

on.needs for credential-supply jobs (PR #27895, v0.70.0): New field enabling GitHub App credentials to be sourced from upstream job outputs — a feature that improves the robustness of auth setup for cross-org and private-repo scenarios. Not a breaking change, but a new capability worth noting for future auth.md guidance.

Cross-org on.github-token propagation fix (PR #26137, v0.68.3): The github-token was not being propagated to activation job checkout/hash-check steps in cross-org workflow_call setups. Fixed in the current stable. Relevant if any user installs a workflow via workflow_call across organizations.

GH_HOST propagation fix (PR #26311, v0.68.3): gh repo view and gh pr create now respect GH_HOST, fixing GHES and cross-org contexts.

New catalog entries (githubnext/agentics, last 14 days)

New workflow additions across the v0.68.3–v0.71.1 window (discoverable via /discover-workflows):

• spec-extractor, spec-enforcer, spec-librarian (PR #26083)
• hippo-memory, daily-learn (PR #26109)
• MemPalace shared MCP workflow (PR #26102)
• skill-optimizer with artifact handoff (PR #27948)
• hippo-embed for vector embedding maintenance (PR #28178)
• comment_memory safe output — agents can now persist structured memory directly in a managed issue/PR comment, materialized at /tmp/gh-aw/comment-memory/ before the agent runs and synced back after (PR #27479, v0.69.2)

The comment_memory safe output is particularly notable: it offers a structured alternative to the agent-team pattern's current approach of parsing fenced HTML-comment blocks from issue bodies.

Breaking changes in pre-releases (watch before upgrading)

Change	Version	Impact on this plugin
bypassPermissions → acceptEdits	v0.71.0	Recompile required after gh-aw upgrade; combined with OAuth re-tweak
network.firewall frontmatter key removed	v0.69.2	Not used in this plugin's lock.yml files; no impact
cli-proxy → tools.github.mode: gh-proxy	v0.70.0	Not used in this plugin; no impact
APM shared job requires contents: read (issue #28672, unfixed)	v0.71.x	Only affects repos using the shared APM workflow

---

Competitive Landscape

anthropics/claude-code-action (7,306 stars): Released v1.0.107 on 2026-04-25, reverting a broken install of claude-code 2.1.120 that caused ENOENT failures (v1.0.106 was live for ~100 minutes). This is the closest "agentic CI" adjacent product and it remains the most active project in the space.

zircote/aw-author: Repository does not exist. The account zircote exists (Swagger-PHP author) but has no aw-author repo. No activity to report.

gh-aw forks adding OAuth: No public forks of github/gh-aw adding OAuth or alternative auth were found among the 367 total forks. This gap is not being pursued by the community.

New competing tools this week: No new standalone "workflow install automation," "workflow discovery," or "agentic CI harness" repos shipped in the April 13–27 window. The space remains effectively uncrowded outside of claude-code-action and gh-aw itself.

---

Subscription-Backed CI Signals

Demand confirmed, official support absent. The strongest signal this week is anthropics/claude-code issue #53902 (Apr 27): a user requests CLAUDE_CODE_OAUTH_TOKEN support for initiating remote/non-interactive sessions. This is the exact use case — and the fact it must be filed as a feature request confirms it is not a sanctioned workflow.

Public discourse volume is low. No HN posts, Reddit threads, or blog posts about using Claude subscriptions in CI were found in the April 13–27 window. The demand exists but has not reached public discourse velocity.

Assessment: The plugin occupies a real but officially unsanctioned niche. The risk profile is stable this week: the ToS hasn't tightened, but the feature request (#53902) signals that if Anthropic does add first-party support for this pattern, it would either legitimize or obsolete the plugin's OAuth wedge.

---

Strategic Suggestions

1. Submit to the official Claude Code marketplace before the window closes

The marketplace (claude.ai/settings/plugins/submit) is new and currently lists ~25 plugins. Early submissions have disproportionate visibility. The plugin already has a valid .claude-plugin/plugin.json manifest (v0.2.1) and three working skills. The submission bar is low right now; it will rise as the ecosystem matures. Action: submit this week. Marketplace listing + a merged PR to anthropics/claude-code are the two most credible portfolio signals in the current hiring climate (Anthropic has 10+ Claude Code roles open including "Model Quality Software Engineer" and "Technical Enablement Lead").

2. Adopt comment_memory in the agent-team pattern to reduce issue-body fragility

The current handoff mechanism (<!-- agent-team:spec iteration=1 -->...<!-- /agent-team:spec -->) is fragile: if a human edits the issue body, the fenced blocks can be corrupted. gh-aw's new comment_memory safe output (PR #27479, v0.69.2) persists structured state in a separate managed comment, materialized into /tmp/gh-aw/comment-memory/ at agent start. This would give the agent-team pattern a more robust state store without changing the user-visible issue structure. Action: evaluate comment_memory as a replacement for the fenced-comment pattern in catalog/agent-team/.

3. Plan for the bypassPermissions → acceptEdits rename before the next gh-aw stable

The three .lock.yml files in this repo contain bypassPermissions (2 occurrences each, verified). When gh-aw ships the next stable (which will include v0.71.0's rename), any recompile will emit acceptEdits instead. Since auth.md already documents that gh aw compile reverts the OAuth tweak, the upgrade path needs to account for both changes simultaneously: (a) rename in the output, (b) re-apply the two-pass sed tweak. Action: add a note to skills/install-workflow/auth.md and the upgrade section of CONTRIBUTING.md about the rename, and update the invariant test in tests/test-invariants.sh to verify the correct field name based on the pinned gh-aw version.

---

Enjoyable Anecdote

gh-aw generates its own pre-releases using its own agentic workflow compiler — the repo's release workflow is itself a gh-aw workflow, compiled and locked by the same tool it produces. This week's v0.69 through v0.71 series (six releases in four days) were all authored by this self-hosted pipeline. The action-pin regression in v0.68.3 — where gh aw compile stopped pinning actions to commit SHAs — meant the agentic release workflow was briefly generating its own lock files with unpinned refs, a bug that could only be noticed by inspecting the output of the tool that produces the tool. It was fixed in v0.70.0, presumably by the same pipeline.

---

Research Appendix — All Queries and Tools Used

Web Searches

• Anthropic ToS changes OAuth token policy Claude Code April 2026
• Anthropic blog April 2026 announcement
• Claude Code plugin marketplace new plugins April 2026
• hesreallyhim/awesome-claude-code recent activity
• anthropics/claude-code plugin PRs April 2026
• claude subscription CI automated use policy
• reddit r/ClaudeAI subscription CI workflows
• Anthropic jobs Claude Code engineer 2026
• gh-aw releases April 2026
• github/gh-aw new releases breaking changes auth
• githubnext/agentics catalog new workflows
• zircote/aw-author github
• anthropics/claude-code-action releases April 2026
• workflow install automation agentic CI harness new 2026
• claude subscription CI automated use hacker news April 2026
• Claude Code OAuth token CI community discourse

GitHub MCP Tool Calls (reads)

• mcp__github__list_releases — github/gh-aw
• mcp__github__list_pull_requests — github/gh-aw (state: closed, last 14 days)
• mcp__github__list_issues — github/gh-aw (state: open, last 7 days)
• mcp__github__list_releases — anthropics/claude-code-action
• mcp__github__list_issues — anthropics/claude-code-action (state: open, recent)
• mcp__github__list_issues — anthropics/claude-code (state: open, labels: area:auth)
• mcp__github__list_pull_requests — anthropics/claude-code (state: open, plugin-related)
• mcp__github__search_repositories — aw-author, OAuth gh-aw forks
• mcp__github__get_repository_tree — githubnext/agentics
• mcp__github__list_discussion_categories — verkyyi/github-agent-runner
• mcp__github__search_issues — anthropics/claude-code-action CLAUDE_CODE_OAUTH_TOKEN

Repo File Reads / Greps (local)

• README.md, CONTRIBUTING.md, .claude-plugin/plugin.json, .claude-plugin/marketplace.json
• skills/discover-workflows/SKILL.md, skills/install-workflow/SKILL.md, skills/install-workflow/auth.md, skills/install-agent-team/SKILL.md
• catalog/agent-team/README.md, catalog/agent-team/*.md
• .github/aw/actions-lock.json, .github/workflows/weekly-research.md, .github/workflows/daily-repo-status.md, .github/workflows/update-docs.md
• tests/README.md, tests/test-invariants.sh, tests/test-helpers.sh
• Grep: safe-update|--approve|githubnext/agentics|network\.firewall — all files
• Grep: cli-proxy|bypassPermissions|acceptEdits|comment_memory — all files
• Grep: gh aw add|gh aw compile|gh aw validate|gh aw upgrade|gh aw fix — skills/
• Grep: bypassPermissions|acceptEdits|permission.mode — .github/workflows/ (count mode)

Bash Commands

None executed.

Safe-Output Tools

• mcp__safeoutputs__create_discussion — this discussion

Warning

⚠️ Firewall blocked 3 domains

The following domains were blocked by the firewall during workflow execution:

• claude.com
• www.levels.fyi
• www.linkedin.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "claude.com"
    - "www.levels.fyi"
    - "www.linkedin.com"

See Network Configuration for more information.

Generated by Weekly Research · ◷

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/weekly-research.md@96b9d4c39aa22359c0b38265927eadb31dcf4e2a

• expires on May 4, 2026, 1:01 PM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-05-04T13:01:38.580Z.

Closed by Workflow