v0.79.8

🌟 Release Highlights

v0.79.8 brings two new Go linters for code quality enforcement, a wave of targeted bug fixes improving reliability and portability, a performance boost for workflow run queries, and codemod improvements to complete the max-effective-tokens → max-ai-credits migration.

✨ What's New

• httpnoctx linter (#38888) — Automatically flags Go HTTP calls made without a context.Context parameter, helping catch a common source of non-cancellable requests before they reach production.
• hardcodedfilepath linter (#38742) — Detects hard-coded file path string literals in Go code, surfacing brittle path assumptions that break across environments.
• Code Simplifier budget caps (#38851) — Per-run hard budgets with graceful noop exit prevent runaway simplification loops from consuming unbounded AI credits.
• --gh-aw-ref resolved to commit SHA at compile time (#38689) — Branch and tag references passed via --gh-aw-ref are now pinned to their commit SHA during compilation, ensuring deterministic and auditable workflow builds.
• AOAI Entra smoke workflow (#38706) — New end-to-end smoke workflow validates Azure OpenAI Entra authentication for Copilot, extending CI coverage to AOAI-backed runs.

🐛 Bug Fixes & Improvements

• environment: propagation fixed (#38918) — Top-level environment: blocks are now correctly propagated to the detection job, resolving a compilation gap that silently dropped environment bindings.
• set_issue_field GraphQL fix (#38882) — Corrects an invalid GraphQL query in fetchIssueFields that caused set_issue_field calls to fail at runtime.
• String-form create_issue.labels handled (#38738) — Safe-output validation and schema definitions now correctly handle labels provided as a comma-separated string in addition to arrays, fixing label assignment failures.
• False-positive AI credits failures eliminated (#38737) — Prevents erroneous failure issues from being filed on successful runs that happened to trigger unknown-model detection logic.
• Copilot supports arbitrary HOME directories (#38725) — The Copilot engine integration no longer assumes /home/runner as the home directory, improving portability for non-standard runner environments.
• Designer Drift Audit permissions fix (#38855) — Added the missing pull-requests: read scope so the Designer Drift Audit workflow can read PR data without permission errors.

⚡ Performance

• Faster workflow run queries (#38779) — listWorkflowRuns pagination now stops as soon as the 24-hour cutoff is reached rather than fetching all pages, significantly reducing API calls on active repositories.

🔧 Migration

• max-effective-tokens: -1 codemod completed (#38850) — The effective-tokens-to-ai-credits codemod (gh aw fix --write) now correctly rewrites the -1 sentinel value for max-effective-tokens, closing the last gap in the legacy budget migration. Run gh aw fix --write if you still see max-effective-tokens: -1 in your workflows.

📚 Documentation

• Updated docs covering features shipped through 2026-06-12 (#38828) including spec audits for fileutil, constants, timeutil, and tty packages (#38848).

Generated by 🚀 Release · 110.8 AIC · ⊞ 28.8K

---

What's Changed

• Prevent false-positive AI credits/unknown-model failure issues on successful runs by @Copilot in #38737
• Scale homepage hero slides correctly on mobile by @Copilot in #38740
• Add hardcodedfilepath linter to detect hard-coded file path string literals by @Copilot in #38742
• fix(copilot): support arbitrary HOME directory, not just /home/runner by @Copilot in #38725
• Add AOAI Entra smoke workflow for Copilot by @Copilot in #38706
• Handle string-form create_issue.labels across safe-output validation and schema/tool definitions by @Copilot in #38738
• [community] Update community contributions in README by @github-actions[bot] in #38771
• Resolve --gh-aw-ref branch/tag to commit SHA at compile time by @dsyme in #38689
• Fix lint-go CGO failure by normalizing ResolveGhAwRef formatting and string construction by @Copilot in #38778
• [spec-enforcer] Enforce specifications for styles, syncutil, testutil by @github-actions[bot] in #38831
• [docs] Update documentation for features from 2026-06-12 by @github-actions[bot] in #38828
• [spec-extractor] Update package specifications for tty, types, typeutil, workflow by @github-actions[bot] in #38822
• optimize: stop paginating listWorkflowRuns once 24h cutoff is reached by @Copilot in #38779
• Add debug-scoped /tmp/gh-aw file inventory to setup post cleanup by @Copilot in #38780
• refactor: semantic function clustering — dedup, shared helpers, and generics consolidation by @Copilot in #38776
• deps(go): bump golang.org/x/tools to v0.46.0 by @Copilot in #38849
• Add SEC-004 transport-body exemption to artifact client by @Copilot in #38853
• docs: spec audit — add github README, update fileutil/constants/timeutil/tty specs by @Copilot in #38848
• Add missing pull-requests: read scope to Designer Drift Audit workflow by @Copilot in #38855
• [aw-compat] Migrate max-effective-tokens: -1 to max-ai-credits: -1 in codemod by @Copilot in #38850
• Add SEC-005 exemption annotation for apply_samples replay driver by @Copilot in #38852
• [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #38858
• Cap Code Simplifier runaways with hard per-run budgets and graceful noop exit by @Copilot in #38851
• [jsweep] Clean validate_context_variables.cjs by @github-actions[bot] in #38785
• [linter-miner] feat(linters): add httpnoctx linter — flag HTTP calls without context by @github-actions[bot] in #38888
• ctxbackground: resolve Background() calls by package identity, not identifier text by @Copilot in #38854
• Refactor engine log parsing to canonical Copilot event format by @Copilot in #38781
• [caveman] Optimize instruction verbosity — serena-tool, skills, subagents (2026-06-12) by @github-actions[bot] in #38930
• Move auto-generated notice to first line with debugging skill URL by @Copilot in #38923
• fix: propagate top-level environment: to the detection job by @Copilot in #38918
• Correct OTLP CLI version attribution for scope/service/span fields by @Copilot in #38916
• fix(set_issue_field): fix invalid GraphQL query in fetchIssueFields by @Copilot in #38882

Full Changelog: v0.79.7...v0.79.8

v0.79.7

🌟 Release Highlights

This release focuses on AI credit management hardening, codemod reliability, and expanded tooling support — with stronger guardrail enforcement and cleaner failure diagnostics throughout.

⚠️ Notable Changes

• daily_effective_workflow_* metrics renamed to daily_ai_credits_* (#38611): Workflow run metrics are now standardized under the daily_ai_credits_* namespace. If you reference these metrics in dashboards, queries, or configurations, update them to the new names. See the migration guide for details.

✨ What's New

• Codemod exclusion flags for fix and upgrade (#38688): gh aw fix and gh aw upgrade now accept exclusion flags, giving you fine-grained control over which codemods are applied during automated maintenance runs.
• Pi CLI support (#38724): The @earendil-works/pi-coding-agent CLI is now tracked in the cli-version-checker, expanding agent compatibility monitoring.

🐛 Bug Fixes & Improvements

• Guardrail enforcement hardened (#38639): The max_daily_ai_credits guardrail now fails as a hard stop, preventing cost overruns while correctly preserving workflow conclusion failure handling.
• Guardrail coverage expanded (#38705): Daily AI credit guardrails now apply to label-triggered and slash-command-triggered workflows, closing a gap where these trigger paths were previously unenforced.
• Codemod shell comment handling (#38682): Shell comment lines are now correctly skipped when scanning run: blocks for expression hoisting, preventing false-positive codemod transformations.
• Actionable COPILOT_GITHUB_TOKEN error messages (#38722): When COPILOT_GITHUB_TOKEN is missing, agent failure issues now include a permissions.copilot-requests: write suggestion, making the fix immediately actionable.
• Faster OIDC api-proxy startup (#38718): The initial awf-reflect models probe is deferred until after startup, reducing cold-start latency for the harness.

📚 Documentation

• Azure Foundry OpenAI v1 BYOK (#38641): Documentation now covers Bring Your Own Key (BYOK) configuration for Azure Foundry OpenAI v1 deployments.

Generated by 🚀 Release · 111.2 AIC · ⊞ 28.8K

---

What's Changed

• [dead-code] chore: remove dead functions — 5 functions removed by @github-actions[bot] in #38640
• Add codemod exclusion flags to fix and upgrade by @Copilot in #38688
• Fail max_daily_ai_credits guardrail as a hard stop while preserving conclusion failure handling by @Copilot in #38639
• docs: Document Azure Foundry OpenAI v1 BYOK support by @Copilot in #38641
• chore: update slides and place on hero page by @mnkiefer in #38690
• fix: enhance slide loading and error handling in WorkflowHero by @mnkiefer in #38712
• fix(codemod): skip shell comment lines when scanning run blocks for expression hoisting by @Copilot in #38682
• fix: run daily AIC guardrail for label and slash command triggers by @Copilot in #38705
• Eliminate setup-time @actions/artifact install by inlining required artifact client features by @Copilot in #38684
• Remove legacy model_multipliers.json artifacts and file-based multiplier merge path by @Copilot in #38642
• [linter-miner] feat(linters): add timesleepnocontext linter by @github-actions[bot] in #38704
• feat(harness): defer initial awf-reflect models probe during OIDC api-proxy startup by @Copilot in #38718
• Track Pi CLI (@earendil-works/pi-coding-agent) in cli-version-checker by @Copilot in #38724
• Fix Smoke Pi: no safe outputs due to wrong prompt order and missing gh CLI instruction by @Copilot in #38719
• rename daily_effective_workflow_* → daily_ai_credits_* by @Copilot in #38611
• Suggest permissions.copilot-requests: write in agent failure issue when COPILOT_GITHUB_TOKEN is missing by @Copilot in #38722

Full Changelog: v0.79.6...v0.79.7

v0.79.6

🌟 Release Highlights

This release focuses on observability improvements, Windows CLI reliability, and security hardening for the AWF firewall runtime — keeping your agentic workflows stable and easier to debug.

✨ What's New

• AI Credit Observability — gh-aw.aic is now emitted as a doubleValue on OTLP conclusion spans, fixing Sentry EAP type inference and ensuring AI credit cap attributes appear consistently even when INPUT_JOB_NAME is absent. Richer data means faster cost diagnosis. (#38550, #38510, #38580)

• Go MCP Server Process Guardrail — A 4-process limit is now enforced on child gh invocations spawned by the Go MCP server, preventing runaway process trees and improving resource safety in constrained runners. (#38544)

• Prefetch Strategy A/B Experiment — The weekly-blog-post-writer workflow gains a prefetch_strategy experiment flag, enabling controlled rollout of prefetch optimizations across agentic runs. (#38622)

• Maintenance Trigger Logging — The first trigger reason for agentics-maintenance generation is now logged, giving operators clear visibility into what kicked off a maintenance cycle. (#38616)

🐛 Bug Fixes & Improvements

• Windows CLI Deadlock Fixed — A process wrapper deadlock in the Windows CLI integration has been resolved, unblocking workflows that stalled when spawning child processes on Windows. (#38592)

• Smarter Failure Titles — The conclusion job now uses failure-specific issue titles and detects the unknown_model_ai_credits failure mode, making auto-filed failure issues more actionable. (#38615, #38610)

• Windows Test Coverage Expanded — The Windows CLI integration test suite is restructured into a scenario matrix covering shell, environment, path, and chaos scenarios for broader coverage. (#38526)

🔒 Security & Reliability

• AWF 0.27.2 Update — Upgraded to the latest AWF firewall runtime, incorporating upstream security and stability fixes. (#38660)

• Digest Pinning Restored — Container image digest pinning for AWF 0.27.0 firewall sidecar images has been restored, and the release pipeline now gates on resolved SHA pins before pushing tags — ensuring supply chain integrity. (#38595, #38608)

📚 Documentation

• LLM/Agent Discovery — Replaced starlight-llms-txt with a custom llms.txt/agents.txt that points directly to .github/aw/*.md workflow sources, making this repo more discoverable by LLM-based tooling. (#38630)

• copilot-requests: write Permission Guidance — Instruction docs now recommend the copilot-requests: write permission for Copilot-targeted workflows. (#38410)

Generated by 🚀 Release · 107.7 AIC · ⊞ 28.8K

---

What's Changed

• Replace remaining sort.Slice call sites with type-safe slices.SortFunc by @Copilot in #38498
• [jsweep] Clean write_large_content_to_file.cjs by @github-actions[bot] in #38504
• Ensure gh-aw.aic is emitted on conclusion spans when INPUT_JOB_NAME is missing by @Copilot in #38510
• Restructure Windows CLI integration into scenario matrix with missing shell/env/path/chaos coverage by @Copilot in #38526
• Add AI credit cap observability attributes to OTLP conclusion spans by @Copilot in #38550
• [instructions] Sync instruction files with release v0.79.4 by @github-actions[bot] in #38567
• [docs] Update documentation for features from 2026-06-11 by @github-actions[bot] in #38593
• [docs] Update glossary - daily scan by @github-actions[bot] in #38585
• Recommend copilot-requests: write for Copilot-targeted workflows in instruction docs by @Copilot in #38410
• Fix Windows CLI integration deadlock in process wrapper by @Copilot in #38592
• release: gate on resolved container SHA pins before push_tag by @Copilot in #38608
• Restore digest pinning for AWF 0.27.0 firewall sidecar images by @Copilot in #38595
• fix: always emit gh-aw.aic as doubleValue to fix Sentry EAP type inference by @Copilot in #38580
• Add a 4-process guardrail for Go MCP server child gh invocations by @Copilot in #38544
• Log first trigger reason for agentics-maintenance generation by @Copilot in #38616
• Detect unknown_model_ai_credits failure in conclusion job by @Copilot in #38610
• Use failure-specific issue titles in conclusion job by @Copilot in #38615
• Add prefetch_strategy A/B experiment to weekly-blog-post-writer by @Copilot in #38622
• docs: replace starlight-llms-txt with custom llms.txt/agents.txt pointing to .github/aw/*.md by @Copilot in #38630
• updated to awf 0.27.2 by @pelikhan in #38660

Full Changelog: v0.79.5...v0.79.6

v0.79.5

🌟 Release Highlights

This release focuses on AI cost visibility and control: the legacy “effective tokens” metric is now called AI Credits across all surfaces, threat detection gets a configurable cost cap, and the add-wizard gains smarter Copilot org billing guidance. Several reliability improvements round out the release.

✨ What’s New

• AI Credits Terminology — “Effective tokens” is now AI Credits (AIC) throughout the UI and workflow metrics, providing clearer cost reporting aligned with the primary billing metric. (#38481)

• Threat Detection Cost Cap — safe-outputs.threat-detection now supports a max-ai-credits field (default: 400) with runtime override, giving you independent budget control over security-scan runs. Learn more (#38456)

• Smarter Copilot Org Billing Setup — gh aw add-wizard now asks Copilot users whether they want to use copilot-requests (org billing via Actions token, no PAT required) or a traditional PAT, simplifying enterprise onboarding. (#38449)

• AI Metrics in Failure Comments — Agent failure issue comments now include AI credit metrics from detection jobs, making cost attribution transparent even when runs fail. (#38453)

🐛 Bug Fixes & Improvements

• Fixed false secret validation warnings for Copilot org billing mode — no more spurious warnings when secrets are correctly configured. (#38459)

• Improved safe-outputs error surfacing — comment_memory now fails (instead of silently skipping) in non-PR contexts, and add_comment hard-fails on unrecognized message targets. (#38447)

• Fixed Docker Hub dependency in safe-outputs — Safe-outputs no longer pulls node:lts-alpine from Docker Hub, restoring reliability for environments with restricted container registries. (#38452)

• Fixed push_to_pull_request_branch — Branch derivation now always uses the PR’s actual head ref, resolving incorrect branch targeting. (#37863)

• Fixed numeric telemetry — gh-aw.aic is now always emitted as a numeric value for agent/detection spans, ensuring consistent OpenTelemetry ingestion. (#38432)

📚 Documentation

• Automated self-healing documentation fixes applied from issue analysis. (#38464)

Generated by 🚀 Release · 95.1 AIC · ⊞ 28.8K

---

What's Changed

• fix: always emit gh-aw.aic as numeric for agent/detection spans by @Copilot in #38432
• Update .github/aw guidance for frontier-model cost architecture (triage, context pull, bounded sub-agents) by @Copilot in #38429
• [caveman] Optimize instruction verbosity — network, pr-reviewer, report, reuse, workflow-health (2026-06-10) by @github-actions[bot] in #38440
• Creating integration tests for gh aw mcp server by @Copilot in #38448
• Fix #37835: always derive push_to_pull_request_branch from PR head ref by @dsyme in #37863
• fix: safe outputs — comment_memory fails instead of skips in non-PR context; add_comment hard-fails on unrecognized message target by @Copilot in #38447
• Include detection job AI metrics in agent failure issue comment footer by @Copilot in #38453
• Fix secret validation false warnings for copilot org billing mode by @Copilot in #38459
• fix: stop pulling node:lts-alpine for safe-outputs (Docker Hub unreachable) by @Copilot in #38452
• feat: add-wizard prompts Copilot users to choose copilot-requests (org billing) vs PAT by @Copilot in #38449
• [docs] Self-healing documentation fixes from issue analysis - 2026-06-11 by @github-actions[bot] in #38464
• Add threat-detection max-ai-credits with 400 default and runtime override by @Copilot in #38456
• Bump gh-aw-firewall to v0.27.1 by @Copilot in #38480
• Replace "effective tokens" with "AI Credits" in user-facing text by @Copilot in #38481
• [community] Update community contributions in README by @github-actions[bot] in #38493

Full Changelog: v0.79.4...v0.79.5

v0.79.4

🌟 Release Highlights

v0.79.4 delivers significant improvements to AI credit (AIC) cost tracking and telemetry accuracy, introduces new workflow authoring controls for custom model pricing and configurable timeouts, and hardens sandbox security. A focused round of bug fixes improves milestone caching, SHA-pinning reliability, and failure reporting.

⚠️ Breaking Changes

• dangerously-disable-sandbox-agent now requires an operator-authored string justification (#38325). Boolean true is no longer accepted — workflows must supply a plain-text reason (≥ 20 characters) explaining why the trust boundary is being removed. Update any workflow using dangerously-disable-sandbox-agent: true to a descriptive string.

• user-invokable and disable-model-invocation fields removed from the gh-aw schema (#38328). These Copilot-specific fields have no meaning in gh-aw workflows and will now produce a validation error. Remove them from any .github/workflows/*.md files.

✨ What's New

• Custom model pricing via models frontmatter (#38276). Declare custom cost tables for private or non-catalog models directly in your workflow frontmatter. Overlays merge over the built-in models.json at runtime with main-workflow precedence. Learn more

• Configurable safe-outputs timeout (#38361). The default safe_outputs job timeout has been raised from 30 to 45 minutes, and a new safe-outputs.timeout-minutes frontmatter field lets you tune it per workflow. Learn more

• create_check_run now supports PR targeting (#38237). Pass target: "pr" or target: "*" to attach check runs to the triggering pull request in addition to the existing commit-based flow.

• Steering messages visible in unified log view (#38277). Mid-run steering messages from operators are now rendered inline in the unified workflow log.

🐛 Bug Fixes & Improvements

• AIC telemetry accuracy across all engines (#38314, #38364, #38327, #38412). The github_models provider alias is now recognised; zero-AIC firewall proxy responses correctly fall back to engine-reported values; AIC credits are properly wired through the agent failure handler and propagated into the failure footer.

• Milestone cache now scoped per owner/repo (#38342). Milestone lookups in assign_milestone no longer bleed across repositories in multi-repo runs.

• SHA-pinning for runtime setup-cli in custom steps: workflows (#38344). The emitted setup-cli step in steps: workflows now receives a SHA pin, aligning with the security posture of standard compiled workflows.

• Failure-issue permission denials handled gracefully (#38273). Workflows lacking issues: write no longer crash on failure reporting; timeout-specific failure messages are now enforced separately.

• Usage tracking fixed for engine jobs (#38353). sendJobConclusionSpan now correctly records token usage for engine-backed jobs.

📚 Documentation

• Auth reference page restructured for clarity (#38390)
• copilot-requests: write now recommended for Copilot authentication (#38404) — see permissions reference
• AIC pricing documentation now links to the live models.dev catalog (#38371)

Generated by 🚀 Release · 164.2 AIC · ⊞ 28.8K

---

What's Changed

• [caveman] Optimize instruction verbosity — memory, mcp-clis, messages, network (2026-06-10) by @github-actions[bot] in #38263
• [WIP] Fix failing GitHub Actions job Integration: Workflow Misc Part 2 by @Copilot in #38265
• Handle failure-issue permission denials and enforce timeout-specific failure messaging by @Copilot in #38273
• Add steering message rendering in unified log view by @Copilot in #38277
• emit gh-aw.aic as OTLP Sum metric for backend-native consumption by @Copilot in #38279
• Add objective mapping constants and tests by @mnkiefer in #38293
• Fix empty AIC cells in daily guardrail summary when no prior runs exist in 24h window by @Copilot in #38304
• Remove gh_aw.aic OTLP metric emission and keep AIC on traces only by @Copilot in #38312
• fix: emit gh-aw.aic for all engines by recognizing github_models provider alias by @Copilot in #38314
• Add PR-targeting support to create_check_run (including target: "*" flows) by @Copilot in #38237
• [instructions] Sync instruction files with release v0.79.3 by @github-actions[bot] in #38316
• [spec-extractor] Update package specifications for tty, types, typeutil, workflow by @github-actions[bot] in #38334
• feat: require operator-authored justification for dangerously-disable-sandbox-agent by @Copilot in #38325
• fix: wire GH_AW_AIC and GH_AW_MAX_AI_CREDITS to Handle agent failure step by @Copilot in #38327
• Cap impacted Go test selection at ~1 minute via sampled unit tests by @Copilot in #38343
• CJS: ignore impacted JS runs when no matching test files exist by @Copilot in #38339
• pkg/linters: extract inspector helper, migrate to Cursor API, add autofixes by @Copilot in #38317
• fix: usage tracking for engine jobs in sendJobConclusionSpan by @mnkiefer in #38353
• [docs] Update documentation for features from 2026-06-10 by @github-actions[bot] in #38351
• chore: remove user-invokable and disable-model-invocation from the gh-aw schema by @Copilot in #38328
• Updating daily token consumption report to new AIC format by @Copilot in #38362
• fix(assign_milestone): scope milestone cache by owner/repo to prevent cross-repo pollution by @Copilot in #38342
• docs: source AIC pricing from models.dev catalog by @Copilot in #38371
• Bound sampled impacted Go test patterns to prevent go test argv overflow by @Copilot in #38381
• Add models frontmatter field for custom model pricing by @Copilot in #38276
• Record agent failure categories as OTLP attribute for counting by @Copilot in #38331
• feat: raise safe_outputs default timeout to 45m and add safe-outputs.timeout-minutes frontmatter by @Copilot in #38361
• fix: SHA-pin the runtime setup-cli step emitted for custom steps: workflows by @Copilot in #38344
• Replace /reference/auth engine-secret table with header/list reference blocks by @Copilot in #38390
• fix(telemetry): emit gh-aw.aic=0 and fall back to engine-reported AIC when firewall proxy reports zero by @Copilot in #38364
• optimize: reduce claude-code-user-docs-review AIC cost ~20–33% by eliminating redundant main-agent work by @Copilot in #38401
• docs: recommend copilot-requests: write for Copilot authentication by @Copilot in #38404
• Expand Daily AIC report to include Grafana telemetry and backend-specific AIC gaps by @Copilot in #38400
• [docs] docs: unbloat monitoring-with-projects.md by @github-actions[bot] in #38417
• [WIP] Fix failing GitHub Actions job 'js-typecheck' by @Copilot in #38397
• [WIP] Explore agent persona and scenarios for agentic workflows by @Copilot in #38407
• Propagate resolved AI credits into failure footer context by @Copilot in #38412

Full Changelog: v0.79.3...v0.79.4

v0.79.3

🌟 Release Highlights

v0.79.3 focuses on security hardening — stricter sandbox controls, enforced AI credit guardrails, and improved error surfacing for misconfigured model names.

⚠️ Breaking Changes

• imports.if removed — Conditional frontmatter imports have been removed to keep import chains security-stable. Migrate experiment-driven conditional imports to runtime body-level imports. (#38247)

• sandbox.agent: false requires explicit feature flag — Disabling the agent sandbox now requires the dangerously-disable-sandbox-agent feature flag. Workflows without it will fail to compile, ensuring the security trade-off is always intentional. (#38205)

• Sandbox-disable justification enforced — Sandbox-disable declarations must now include a justification string; new AWF import and safe-output constraints are enforced at compile time. (#38228)

✨ What's New

• Clearer model error messages — Invalid model names (Copilot, Codex, Claude) are now detected and routed to actionable conclusion failures instead of cryptic errors. (#38258)

• AI credit guardrails with built-in defaults — Credit limits now default to 5,000/day and 1,000/run, with a consistent resolution order: frontmatter → imported config → GitHub variable → built-in constant. (#38197)

• Dynamic checkout.repository expressions unblocked — Checkout manifest generation now uses github-script, enabling dynamic repository expressions in workflow definitions. (#38154)

• New execcommandwithoutcontext linter — Auto-mined linter #24 flags bare exec.Command calls in context-aware functions and provides an auto-fix to exec.CommandContext. (#38185)

🐛 Bug Fixes & Improvements

• Init file writers now recursively create parent directories, preventing failures when output paths do not yet exist. (#38204)
• Caller context is properly threaded into pushWorkflowFiles git subprocesses for better tracing and correctness. (#38208)
• GitHub API rate limit is now measured and logged around the daily AI credit guardrail check. (#38256)

📚 Documentation

• on.roles clarified — on.roles is an exact-match allowlist, not a privilege threshold. (#38209)
• Cost Management reference updated with default runaway-cost guardrails and improved formatting. (#38186, #38224)
• OpenTelemetry references and docs updated. (#38196)
• Fixed mcp list-tools example to use the correct --server flag. (#38188)
• Quick-start guide clarifies the githubnext/agentics origin and simplifies the .lock.yml explanation. (#38189)

Generated by 🚀 Release · 109.6 AIC · ⊞ 28.8K

---

What's Changed

• Compile: move checkout-manifest generation to github-script to unblock dynamic checkout.repository expressions by @Copilot in #38154
• docs: add default runaway-cost guardrails to Cost Management reference by @Copilot in #38186
• docs: fix mcp list-tools example to use --server flag by @Copilot in #38188
• Add formal compiler threat-detection test suite for CTR-001/011/014/015/016 by @Copilot in #38166
• docs(quick-start): clarify githubnext/agentics origin and simplify .lock.yml paragraph by @Copilot in #38189
• [linter-miner] feat(linters): add execcommandwithoutcontext linter by @github-actions[bot] in #38185
• Remove extra otlp test/advisor workflows by @mnkiefer in #38200
• Update OpenTelemetry references and docs by @mnkiefer in #38196
• docs: clarify on.roles is an exact-match allowlist, not a privilege threshold by @Copilot in #38209
• Require dangerously-disable-sandbox-agent feature flag to allow sandbox.agent: false by @Copilot in #38205
• Ensure init file writers create parent directories recursively by @Copilot in #38204
• docs(cost-management): replace all tables with headers and lists by @Copilot in #38224
• [caveman] Optimize instruction verbosity — context.md, experiments.md (2026-06-09) by @github-actions[bot] in #38215
• Thread caller context into pushWorkflowFiles git subprocesses by @Copilot in #38208
• docs: widen Starlight content column on large screens without mid-width TOC regressions by @Copilot in #38230
• Enforce AI credit resolution order; set built-in defaults to 5000 (daily) and 1000 (per-run) by @Copilot in #38197
• Enforce sandbox-disable justification strings and surface new AWF import/safe-output constraints by @Copilot in #38228
• chore: bump gh-aw-firewall to v0.27.0 and sync AWF schema artifacts by @Copilot in #38235
• Remove imports.if and migrate experiment-driven import usage to runtime imports by @Copilot in #38247
• [WIP] Fix failing GitHub Actions job 'Integration: CLI Compile & Poutine' by @Copilot in #38262
• Measure and log GitHub API rate limit around daily AIC guardrail by @Copilot in #38256
• Detect invalid model names across Copilot/Codex/Claude and surface as specialized conclusion failures by @Copilot in #38258
• [WIP] Fix failing GitHub Actions job Integration: Workflow Features by @Copilot in #38261

Full Changelog: v0.79.2...v0.79.3

v0.79.2

🌟 Release Highlights

This release sharpens the AI credits experience with clearer failure messaging and better observability, closes two compilation edge cases, and raises the quality bar for safe-outputs issue bodies.

✨ What's New

• Redesigned max-ai-credits failure template — When a workflow exhausts its AI credit budget, the failure issue now presents inline metrics, a collapsible "Increase the limit" section with a copy-paste snippet, and a cleaner layout that surfaces the fix immediately. (#38164)

• Richer 429 guardrail context — Engine 429 Maximum AI credits exceeded errors now include the specific max-ai-credits guardrail details in the failure issue, eliminating generic rate-limit noise. (#38131)

• AI credit usage tracked in OpenTelemetry — AIC consumption is now reported in OTel spans, making it easier to correlate credit spend with workflow trace data. (#38163)

• Actionable syntax-error recovery hints — Duplicate frontmatter keys and invalid permission scopes now produce targeted, actionable hints instead of generic messages. (#38129)

• Minimum body length enforced for create_issue — Safe outputs now reject placeholder or near-empty issue bodies at the schema and validator level, preventing low-signal content from reaching GitHub. (#38114)

🐛 Bug Fixes

• Dynamic checkout.repository expressions now compile correctly — gh aw compile was failing in v0.78.3+ when checkout.repository was a workflow_dispatch input expression (e.g. ${{ github.event.inputs.trigger_ref }}). The checkout-manifest generation step has been moved to a github-script action to handle dynamic expressions correctly. (#38154)

• assertTrustedCheckoutRuntime fixed for bot/app actors — Calls with GitHub App actors like Copilot or dependabot were returning HTTP 404 because the API does not accept App login names for collaborator permission checks. The function now detects and handles bot/app actors correctly. (#38152)

📚 Documentation

• Feature-sync example page streamlined — Seven near-identical create-pull-request examples were consolidated, making the multi-repo feature synchronization pattern easier to scan. (#38182)

• Upstream-managed workflow provenance documented in AGENTS.md — Workflows with a source: frontmatter entry (e.g. from githubnext/agentic-ops) are now explicitly flagged as read-only, with the approved update path (gh aw update) spelled out for contributors. (#38087)

Generated by 🚀 Release · 121.3 AIC · ⊞ 28.6K

---

What's Changed

• Enforce minimum create_issue body length in safe outputs schema and validator by @Copilot in #38114
• Expand daily Windows terminal integration builder with systematic Windows chaos scenarios by @Copilot in #38132
• Document upstream-managed workflow provenance and update path in AGENTS.md by @Copilot in #38087
• Standardize workflow YAML unmarshalling on goccy/go-yaml by @Copilot in #38130
• Implementing AIC usage in otel by @Copilot in #38163
• Improve syntax-error recovery hints for duplicate keys and invalid permission scopes by @Copilot in #38129
• Surface max-ai-credits guardrail context for 429 engine failures by @Copilot in #38131
• Refactor linters to share AST helpers and eliminate helper drift by @Copilot in #38020
• Fix assertTrustedCheckoutRuntime for bot/app actors (Copilot, dependabot) by @Copilot in #38152
• [docs] docs: unbloat feature-sync example page by @github-actions[bot] in #38182
• feat: redesign max-ai-credits exceeded failure template by @Copilot in #38164

Full Changelog: v0.79.1...v0.79.2

v0.79.1

🌟 Release Highlights

This patch release sharpens agent resilience, expands automated testing coverage, and delivers targeted bug fixes across codemods, linters, and safe-output handlers.

✨ What's New

• Daily safeoutputs git simulator workflow (#38108) — A new daily agentic workflow continuously validates the safeoutputs git simulation path, catching regressions before they reach users.
• Two new codemods for persistent cross-repo compile failures (#38097) — Automated codemods now resolve recurring compile failures in maui and azure-rest-api-specs, reducing manual triage for common build patterns.
• Dedicated daily Windows CLI integration workflow (#38048) — Windows-specific CLI smoke tests now run on a dedicated daily schedule, giving earlier signal on platform regressions.
• Compact MCP CLI help (#38056) — MCP CLI help output now fits full command and option names within 20–30 lines, making it easier to scan available tools at a glance.

🐛 Bug Fixes & Improvements

• Standardized error codes on safe-output handlers (#38100) — Four safe-output handlers now emit structured USE-001 error codes, making failures easier to identify and debug programmatically.
• Tool-denial handling hardened (#38051, #38036, #38101) — Workflow prompts and failure reports now handle repeated permission-denial patterns more accurately: repeated denials surface before generic warnings, and the last denied request is formatted for clarity.
• sortslice linter precision fix (#38053) — The sortslice analyzer now matches stdlib sort calls by type identity rather than identifier text, eliminating false positives from identically-named non-stdlib functions.
• Windows PowerShell --help/version check fixed (#38115) — Corrects flag detection in the Windows CLI integration workflow so PowerShell-specific invocation patterns are properly validated.
• Hardened validate-yaml lockfile detection in CGO workflow (#38112) — Lockfile presence checks during release builds are now more reliable, preventing false failures in CGO compilation workflows.
• Compacted system prompt blocks (#38049) — Generated system prompts are smaller by flattening redundant XML wrappers and deduplicating guidance, reducing token usage on every agent invocation.

📚 Documentation

• sortslice added to linters namespace docs and public-API spec list, now covering 23 analyzers (#38052).
• Daily documentation and glossary updates for features shipped in this cycle (#38098, #38092).

Generated by 🚀 Release · 108.7 AIC · ⊞ 28.4K

---

What's Changed

• Align workflow designer skill mappings with current AW reference surface by @Copilot in #38033
• Prioritize repeated-permission-denial context over generic missing-tool warning by @Copilot in #38036
• Add dedicated daily Windows CLI integration workflow by @Copilot in #38048
• [instructions] Sync instruction files with release v0.79.0 by @github-actions[bot] in #38077
• Bump @types/node from 25.9.1 to 25.9.2 in /actions/setup/js by @dependabot[bot] in #38082
• Bump golang.org/x/crypto from 0.52.0 to 0.53.0 by @dependabot[bot] in #38081
• [docs] Update glossary - daily scan by @github-actions[bot] in #38092
• [spec-extractor] Update package specifications for stringutil, styles, testutil, timeutil by @github-actions[bot] in #38088
• Bump golang.org/x/mod from 0.36.0 to 0.37.0 by @dependabot[bot] in #38084
• [docs] Update documentation for features from 2026-06-09 by @github-actions[bot] in #38098
• Sync sortslice into linters namespace docs and public-API spec list (23 analyzers) by @Copilot in #38052
• [jsweep] Clean validate_secrets.cjs by @github-actions[bot] in #38031
• chore: remove committed snapshot file and gitignore snapshots by @Copilot in #38104
• feat: daily safeoutputs git simulator agentic workflow by @Copilot in #38108
• sortslice: match stdlib sort calls by type identity, not identifier text by @Copilot in #38053
• Fix Windows PowerShell --help/version checks in Windows CLI integration workflow by @Copilot in #38115
• Harden validate-yaml release-build lockfile detection in CGO workflow by @Copilot in #38112
• Improve tool-denial failure report formatting for last denied request by @Copilot in #38101
• Harden workflow prompts against systemic tool-denial patterns by @Copilot in #38051
• feat: add two codemods for persistent cross-repo compile failures (maui, azure-rest-api-specs) by @Copilot in #38097
• [ab-advisor] A/B experiment: prefetch_strategy for daily-safe-output-optimizer by @Copilot in #38096
• fix(USE-001): add standardized error codes to four safe-output handlers by @Copilot in #38100
• Compact MCP CLI help to show full command/option names within 20/30 lines by @Copilot in #38056
• Removing snapshot test by @Copilot in #38124
• Compact generated system prompt blocks by flattening XML wrappers and removing duplicated guidance by @Copilot in #38049
• Enforce trusted-reviewer triage in pr-finisher/copilot-review and expand gh PR query filters by @Copilot in #38127

Full Changelog: v0.79.0...v0.79.1

v0.79.0

🌟 Release Highlights

v0.79.0 is a significant milestone release centered on the AI Credits (AIC) naming migration, smarter budget guardrails, Windows platform support, and a wave of compiler and tooling improvements.

⚠️ Breaking Changes

• setup-steps rejected on activation/pre-activation jobs — The compiler now fails fast if setup-steps is attached to activation or pre_activation jobs, where it could bypass built-in protection sequencing. Remove setup-steps from these job types before upgrading. (#37441)
• max-runs deprecated → max-turns — The top-level max-runs field is deprecated in favor of the canonical max-turns. Automated migration is available via gh aw fix --write. (#37587)

✨ What's New

• AI Credits (AIC) — complete migration — The project has fully migrated from "Effective Tokens" terminology to "AI Credits (AIC)" across all docs, workflow templates, telemetry, and OpenTelemetry attributes. The cost management docs reflect the new language. (#37692, #37693, #37691)
• max-ai-credits enabled by default — Workflows now default to a 1000 AI Credit budget with no configuration needed. Set max-ai-credits: -1 to disable enforcement entirely for unrestricted runs. (#37585, #37437)
• AIC exhaustion detection & smart retry halting — The harness now detects budget exhaustion from the firewall audit log and correctly classifies it separately from provider HTTP 429 throttling, preventing misleading failure reports and stopping unnecessary retries on credit exhaustion. (#37936, #38022, #38018)
• Windows platform support — A new CWI.yml push-triggered workflow builds the CLI for Windows and runs integration tests to validate cross-OS compatibility. (#37844)
• pr-finisher skill — New skill that guides agents through taking an in-flight PR to merge-ready state: local validation order, failing CI inspection, and iteration discipline. (#37873)
• add-comment: exact-match comment minimization — hide-older-comments.match now supports exact multi-workflow comment minimization, giving workflows precise control over which older comments are hidden. (#37977)
• temporary_id enforcement — create-issue and create-pull-request safe-output calls now require valid #aw_* IDs enforced at the frontmatter and MCP validation layer, preventing stale references leaking into user-facing artifacts. (#37469)
• gh aw compile --use-samples — New hidden flag for deterministic safe-outputs replay, replacing live agentic execution with recorded samples for reproducible testing. (#37359)

🐛 Bug Fixes & Improvements

• Fix gh aw add for long hyphenated repository names — Workflow specs with long hyphenated repo names were incorrectly rejected; parsing is now accurate for all valid owner/repo/path forms. (#37960)
• Fix bundle refs on non-main branch dispatch — refs/heads/<branch> is now correctly included in bundles when the agent HEAD is on the target branch during non-main dispatches. (#37929)
• Stop retrying Copilot CLI PAT-rejection 400 as transient — 400 errors from PAT rejection are now treated as permanent failures, avoiding wasteful retries. (#37937)
• Compiler: quote env scalars with : in YAML — Env values containing : are now properly quoted in compiled YAML, preventing parse errors in generated workflows. (#37706)
• TTY guard for ConfirmAction — Matches existing non-TTY fallback in list.go to prevent hangs in non-interactive environments. (#37933)
• Windows terminal startup guard — Terminal probing on Windows is now skipped when stderr is redirected, preventing hangs in CI environments. (#37823)

⚡ Performance

• Reduced set-memory overhead — High-traffic workflow and CLI paths now use map[string]struct{} sets instead of map[string]bool, reducing allocations in hot paths. (#37480)

📚 Documentation

• AI Credits terminology — All user-facing documentation migrated from "Effective Tokens" to "AI Credits" including the cost management reference. (#37692)
• GH_AW_GITHUB_TOKEN reference and Go cache guidance — New docs covering secure token configuration and Go build cache best practices. (#37583)
• PR lifecycle and setup-steps docs — CONTRIBUTING and DEVGUIDE updated with PR lifecycle guidance; setup-steps docs clarify pre-activation constraints. (#37964, #37436)

Generated by 🚀 Release · 185.4 AIC · ⊞ 28.5K

---

What's Changed

• Enforce bash parser specification invariants in JS Copilot SDK parser by @Copilot in #37394
• Align token-usage tests with table-based summary output (JS shard 3/4) by @Copilot in #37399
• Resolve lint-js failure by formatting new fuzz/parser JS files and preserve fuzz test coverage in CJS CI by @Copilot in #37406
• [aw] Update legacy ET rate-limit guidance to AI Credits-first format by @Copilot in #37400
• Emit compact usage artifact from conclusion job for forecast data access by @Copilot in #37408
• Trim ambient-context wording from generated footer metrics by @Copilot in #37414
• Refactor Antigravity log metrics parsing to meet function-length linter by @Copilot in #37413
• feat: add daily-formal-spec-verifier agentic workflow by @Copilot in #37407
• Stabilize Daily Caveman Optimizer by keeping model-size experiment and fixing small-agent alias by @Copilot in #37402
• recompile: regenerate lock files with dev build by @Copilot in #37422
• agentics-maintenance: run forecast directly without log predownload by @Copilot in #37423
• Use repo UTC for computed expiration times in generated footers by @Copilot in #37424
• Forecast: prefer usage artifact for token AIC, retain legacy agent fallback by @Copilot in #37427
• Use AIC in forecast issue report and consume AIC projection fields by @Copilot in #37428
• Normalize agentic workflow AI budgets to max-ai-credits: 1500 by @Copilot in #37431
• Refresh wasm golden fixtures for compiler output drift by @Copilot in #37433
• Standardize agent failure warnings on GitHub alert callouts by @Copilot in #37430
• Add AIC, ambient context metrics, and history link to noop comments by @Copilot in #37439
• feat(compile): add hidden --use-samples flag for deterministic safe-outputs replay by @dsyme in #37359
• Use usage-only forecast artifacts and cache forecast run logs in maintenance workflow by @Copilot in #37440
• Surface jobs.<job>.setup-steps in .github/aw syntax docs and clarify setup vs pre hook semantics by @Copilot in #37436
• feat(max-ai-credits): allow -1 to disable budget enforcement and steering by @dsyme in #37437
• Target effective-token terminology updates to AI credits in instruction docs by @Copilot in #37432
• Safe-outputs: add schema-driven synonym mapping (incl. camelCase aliases), keep synonym metadata internal to MCP/CLI prompts, and enforce strict unknown-parameter errors; clarify schema constraints by @Copilot in #37421
• Reject setup-steps on activation and pre-activation jobs by @Copilot in #37441
• Improve forecast maintenance diagnostics and timeout behavior by @Copilot in #37447
• Pin Daily Documentation Healer to explicit Claude model variants by @Copilot in #37445
• Include detection AIC in no-op comment footer totals by @Copilot in #37446
• Fix Copilot SDK sample driver BYOK session configuration in Daily Model Inventory workflow by @Copilot in #37454
• Refactor import...

v0.78.3

🌟 Release Highlights

v0.78.3 centers on the AI Credits (AIC) budget system replacing legacy effective-token fields, significant Copilot SDK reliability improvements, and new workflow authoring capabilities including per-job setup steps and a new CLI flag.

⚠️ Breaking Changes

• max-effective-tokens default removed — The implicit 25M effective-token fallback has been removed. Workflows that relied on the default must now set an explicit budget. Use max-ai-credits going forward and run gh aw fix --write to migrate automatically (#37235, #37246). See the Cost Management reference for details.

✨ What's New

• max-ai-credits budget support — Set AI credit spending limits directly in workflow frontmatter and AWF config. Failure reporting and token-usage step summaries now surface AIC context, giving you full visibility into agent spend (#37235, #37374).
• jobs.<job>.setup-steps — A new workflow field that injects custom steps before the compiler setup and App token minting phases. Use it to pre-install tools or bootstrap environments without modifying the compiled output (#37368).
• gh aw compile --gh-aw-ref — A new convenience flag pins compilation to a specific ref, improving reproducibility in CI pipelines (#37313).
• Copilot SDK max-tool-denials guardrail — Agents can no longer spin indefinitely when tools are repeatedly denied; the new guardrail caps runaway denial loops and surfaces the failure clearly (#37161, #37363).
• Centralized cap-exceeded failure tracking — Cap-exceeded failures now roll up into a single tracking issue (cap raised to 50/24h), reducing noise and improving operational observability (#37273).

🐛 Bug Fixes & Improvements

• Copilot driver startup fixed — Removed a runtime minimatch dependency that caused driver startup failures in daily workflows (#37373).
• Piped bash commands through permission checker — The Copilot SDK permission checker now correctly handles piped bash commands, preventing false denials on valid multi-command pipelines (#37369).
• safe-outputs: MCP git hang prevention — The safe-outputs MCP server no longer hangs on git operations; base-branch and checkout manifest support added for resilient execution (#37225, #37299).
• copilot/ provider prefix in AIC lookups — Model AI credit lookups now correctly resolve the copilot/ provider prefix, fixing incorrect cost attribution (#37340).
• SARIF actions: read for private repos — Generated SARIF upload jobs now include the required actions: read permission so code-scanning uploads succeed in private repositories (#37367).
• Workflow timeout propagated to Copilot SDK sessions — SDK driver sessions now inherit the workflow-level timeout, preventing sessions from outliving their parent workflow (#37262).

📚 Documentation

• Safe-output type catalog converted from bullet lists to tables for improved scanability (#37362).
• max-effective-tokens → max-ai-credits migration snippet added to the Cost Management reference (#37387).

Generated by 🚀 Release · 77.2 AIC · ⊞ 28.4K ambient context

---

What's Changed

• Add Copilot SDK max-tool-denials guardrail to stop runaway tool-denied loops by @Copilot in #37161
• Normalize discussion-body heading levels in copilot-pr-nlp-analysis workflow by @Copilot in #37198
• Refactor safe-outputs config: extract handlerRegistry into dedicated file by @Copilot in #37197
• [awf] Bump firewall to v0.25.65 and mcpg to v0.3.23 by @Copilot in #37201
• chore: bump default Claude/Copilot/Codex CLI pins by @Copilot in #37097
• Add smoke-copilot-aoai-apikey workflow for Azure OpenAI BYOK by @Copilot in #37174
• [safeoutputs] Clarify flat MCP arguments and add SafeOutputMCP wrapped-argument fallback by @Copilot in #37208
• refactor: consolidate triplicated import-path resolution, extract engine parse* helpers, inline redundant YAML wrapper by @Copilot in #37162
• test(ci): fix pre-existing failures on main (otlp env, MCP target repo, wasm goldens) by @dsyme in #37226
• fix(safe-outputs): prevent MCP server git hangs; add base-branch + checkout manifest by @dsyme in #37225
• feat: derive heredoc separators from content hash for build stability by @Copilot in #37224
• fix(setup): include safe_outputs_mcp_arguments in safe-outputs copy list by @Copilot in #37229
• Compact AIC labels in generated footers by @Copilot in #37234
• Add max-ai-credits budget support across frontmatter, AWF config, imports, and failure reporting, and remove default max-effective-tokens 25M fallback by @Copilot in #37235
• Add //nolint suppression parity to all CI-enforced custom linters by @Copilot in #37237
• Prune non-schema entries from SharedWorkflowForbiddenFields by @Copilot in #37236
• Align docs-server step names across docs testing workflows by @Copilot in #37238
• fix: wire GH_AW_COPILOT_SDK_SERVER_ARGS into SDK driver permission config by @Copilot in #37240
• Require mandatory Copilot SDK permission handler and codify config-driven behavior by @Copilot in #37245
• Increase per-category failure issue cap from 5 to 25 per day by @Copilot in #37248
• Merge main into feature branch and recompile generated/setup artifacts by @Copilot in #37249
• Deprecate legacy effective-token budget fields and add codemod migration to AI credits by @Copilot in #37246
• Add //nolint suppression support to seenmapbool and tolowerequalfold by @Copilot in #37255
• Enforce tolowerequalfold by converting case-insensitive comparisons to strings.EqualFold by @Copilot in #37256
• Parse Copilot SDK tool-denial logs in permission issue extraction by @Copilot in #37261
• Propagate workflow timeout to Copilot SDK driver sessions by @Copilot in #37262
• Align SafeOutputsConfig YAML tag for create-code-scanning-alert with schema/handler key by @Copilot in #37258
• fix(safe-outputs): re-derive patch/bundle paths and stop double-writing infrastructure fields by @dsyme in #37299
• Prevent stale-base signed replay from synthesizing unrelated changes; enforce policy on GraphQL payload by @Copilot in #36937
• feat(cli): add --gh-aw-ref convenience flag to compile by @dsyme in #37313
• Prevent safe-outputs startup regressions in daily workflows by @Copilot in #37272
• fix(code-simplifier): eliminate python3 bash-policy failures, fix jq split bug, add guardrails by @Copilot in #37268
• [docs] Consolidate developer specifications into instructions file (v9.16) by @github-actions[bot] in #37318
• Increase per-run AI budget for Agentic Token Optimizer to prevent ET cap aborts by @Copilot in #37269
• Replace test set-style map[string]bool usage with map[string]struct{} by @Copilot in #37257
• [aw] Make spec-librarian reliably emit a safe output by @Copilot in #37321
• Update safe-output health failure messaging to AI Credits by @Copilot in #37265
• Fix Copilot SDK headless auth/driver path and tool-permission denials in daily workflows by @Copilot in #37322
• [aw] Pin Daily Go Function Namer experiment to concrete Claude models by @Copilot in #37325
• Add prompt_style A/B experiment to smoke-project workflow by @Copilot in #37326
• [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #37331
• [WIP] Normalize report formatting for non-compliant workf...