v0.74.6

🌟 Release Highlights

This maintenance release focuses on workflow import UX improvements, MCP security hardening, and critical bug fixes across safe outputs and workflow triggers.

✨ What's New

Enhanced Workflow Import Experience

• JSON workflow imports now preserve meaningful workflow names instead of GUID-like identifiers (#33432, #33421)
• Cleaner import output - removed noisy API metadata and refined import messages for better readability (#33420, #33424)
• Copilot workflow imports now support authenticated fetching from api.githubcopilot.com (#33402)

New Synthetic Trigger: pull_request_reviewer

• Added on.pull_request_reviewer: slash_command for PR reviewer lifecycle dispatch with reviewer-aware concurrency (#33273)
• Migrated ready-for-review workflows to the new trigger (#33412)

Model Support

• Added gemini-3.5-flash to model inventory with ET multiplier 14.0 (#33430)

🐛 Bug Fixes & Improvements

Safe Outputs & Review Handling

• Fixed submit_pull_request_review to gracefully skip when PR review context is unavailable (e.g., workflow_dispatch on main) (#33435)
• Fixed dispatchWorkflow API version header - now correctly passed as top-level header instead of nested params (#33419)

MCP Telemetry & Observability

• Zero-byte rpc-messages.jsonl files (MCP server crash/startup failures) now correctly reported as telemetry failures instead of silently passing (#33358)

Trigger & Event Handling

• Fixed activation steps attempting to add reactions/comments on unsupported pull_request_review events (#33418)

📚 Documentation

• Updated Astro dependencies to latest and applied Starlight 0.39 sidebar config migration (#33431)
• Hardened shared MCP allowlists for high-risk servers and documented wildcard policy (#33384)
• Self-healing documentation fixes from automated issue analysis (#33414)

🔧 Internal

• Dependency updates: vite 8.0.12→8.0.13, @types/node 25.7.0→25.9.1 (#33410, #33407)
• Optimized instruction verbosity in workflow-health runbook and report generation (#33393)

---

For complete details, see CHANGELOG.

Generated by 🚀 Release · ● 2.4M

---

What's Changed

• Add on.pull_request_reviewer: slash_command synthetic trigger and reviewer lifecycle routing by @Copilot in #33273
• [caveman] Optimize instruction verbosity — workflow-health, report (2026-05-19) by @github-actions[bot] in #33393
• Treat zero-byte rpc-messages.jsonl as an MCP telemetry failure by @Copilot in #33358
• Migrate ready-for-review agentic workflows to pull_request_reviewer by @Copilot in #33412
• Harden shared MCP allowlists for high-risk servers and document wildcard policy by @Copilot in #33384
• Allow add URL importer auth for api.githubcopilot.com by @Copilot in #33402
• [docs] Self-healing documentation fixes from issue analysis - 2026-05-20 by @github-actions[bot] in #33414
• fix: pass X-GitHub-Api-Version as top-level header in dispatchWorkflow by @Copilot in #33419
• Skip unsupported pull_request_review events in activation reaction/status conditions by @Copilot in #33418
• Drop non-config JSON metadata during add/add-wizard import by @Copilot in #33420
• Prefer JSON title/name for URL imports when derived workflow name is GUID-like by @Copilot in #33421
• Polish JSON-import UX for add/add-wizard output by @Copilot in #33424
• Preserve JSON-imported workflow names in add/add-wizard resolution by @Copilot in #33432
• Add missing gemini-3.5-flash ET multiplier to model inventory by @Copilot in #33430
• [WIP] Fix failing GitHub Actions job lint-go by @Copilot in #33429
• [docs] Update Astro dependencies and apply Starlight 0.39 sidebar migration by @Copilot in #33431
• Soft-skip submit_pull_request_review when no PR review context is available by @Copilot in #33435
• chore(deps-dev): bump @types/node from 25.7.0 to 25.9.1 in /actions/setup/js by @dependabot[bot] in #33407
• chore(deps-dev): bump vite from 8.0.12 to 8.0.13 in /actions/setup/js by @dependabot[bot] in #33410

Full Changelog: v0.74.5...v0.74.6

v0.74.5

🌟 Release Highlights

This release delivers 125 improvements focused on quality, stability, and developer experience. Key themes include enhanced observability with OpenTelemetry integration, improved CLI tooling with JSON workflow import capabilities, and significant bug fixes addressing authentication, safe-output handling, and workflow compilation edge cases.

✨ What's New

OpenTelemetry Observability & Multi-Backend Support

• Comprehensive OTel documentation and specification (#33380)
• Support for Datadog, Grafana, and Sentry backends with modular shared imports (#33202, #33023)
• Enhanced span attributes including resolved runtime models (gen_ai.response.model) and AWF/AWMG versions (#33275, #33030)

JSON Workflow Import

• New CLI capability to import workflows from JSON format with automatic trigger, tool, and permissions mapping (#33376)
• Support for importing from arbitrary HTTP(S) URLs (#33164)

Enhanced Error Handling & Developer Experience

• Actionable error message standards with custom linter enforcement (#33336)
• Prioritized compilation errors with recovery guidance in gh aw compile (#33337)
• Deprecated frontmatter field warnings via generic schema walker (#33362)
• Aggregate validation errors (report all issues together) with --fail-fast flag for legacy behavior

AI Engine & Model Improvements

• Per-engine default model aliases with Sonnet-sized agent defaults (#33182)
• Model inventory updates including raptor-mini alias coverage and GPT-5 search multipliers (#33177)
• Prompt compression A/B experiments and caveman prompt variant (#33296, #33162)

Safe Outputs Enhancements

• Field-name divergence warnings for add_labels, remove_labels, and update_pull_request (#33170)
• Preserved inline review analysis in 422 body-only fallback (#33361)
• Prevention of safe-output PR probing from creating stray downstream PRs (#33044)
• Support for tools.github.allowed-repos: current for repo-scoped MCP guard policies (#33041)

CLI & Tooling Improvements

• run_id alias support for audit MCP tool parameters (#33250)
• Lipgloss tree rendering for MCP hierarchy and status dependencies (#33276)
• Idempotent setup-gh-aw install when gh-aw is already available (#33240)

🐛 Bug Fixes & Improvements

Authentication & Credential Handling

• Fixed Copilot/Claude/Codex retry loops after authentication failure (stopped futile retries) (#33093)
• Restored authenticated ls-remote in signed commit push path (#33178)
• Hardened MCP gh-aw binary discovery for Q dev install paths (#33321, #33168)
• GitHub App token minting guarded across workflow paths with missing-key ignore mode (#33033)

Safe Outputs & Git Operations

• Fixed create_pull_request git am fallback and unrelated safe output cancellation (#33295)
• Resolved temporary ID substitution in bundle-based signed commit replay (#33181)
• Branch rename support when recreate-ref deleteRef is blocked by protection rules (#33163)
• Self-healing cache-memory git setup when restored metadata is corrupt (#33249)

Workflow Compilation & Validation

• Validation of required workflows: field on workflow_run trigger (#33191)
• Compile-time rejection of queue: max with cancel-in-progress: true (#33353)
• Fixed compound || expressions in prompt markdown never substituting at runtime (#33129)
• Prevention of compile panic when workflow directory contains only shared components (#33029)
• Fixed OTLP shared import in UK AI operational resilience workflow (#33036)

Error Context & Reporting

• Rendered report_incomplete reasons in agent failure comments and issue templates (#33087)
• Agent failure issue matching by stored metadata instead of title alone (#33089)
• Preserved inline review analysis in 422 body-only fallback (#33361)
• Derived gh-aw.run.status and status.code from output errors when conclusion env var is absent (#33037)

Network & Permissions

• Added pypi.org and files.pythonhosted.org to daily-semgrep-scan allowlist (#33035)
• Exposed reusable workflow network allowlist as opt-in workflow_call input (#33200)

Dependencies & Build

• Bumped default AWF firewall to v0.25.49 and MCP gateway versions (#33124, #32913)
• Updated GitHub Actions versions (2026-05-19) (#33238)
• Charmbracelet golden pseudo-version bump to 920740d613be (#33281)

⚡ Performance

• Reduced CLI Consistency Checker token usage via pre-agent help capture and prompt/frontmatter trimming (#33363)
• Optimized CLI Consistency Checker via inline small-model sub-agents (#33179)
• Reduced Step Name Alignment agent turns via deterministic pre-agent manifest (#33247)
• Optimized instruction verbosity for adr-writer, developer.instructions, agentic-chat (#33162)
• Trimmed token spend in Matt Pocock skills reviewer workflow (#33085)

📚 Documentation

• Unbloated documentation for correction-ops.md and integrity reference (#33375, #33110)
• Consolidated developer specifications into instructions file v9.11 (#33323)
• Added pkg/syncutil README and registered dependency in cli/workflow specs (#33325)
• Strengthened SPDD safeguards and OTel norms across 5 spec files (#33096)
• Daily/weekly glossary updates and feature documentation (#33278, #33283, #33021, #33018)
• Normalized report-formatting guidance across reporting workflows (#33335, #33220)
• Self-healing documentation fixes from issue analysis (#32915)
• Architecture diagram updates (2026-05-18) (#33006)
• Added FAQ guidance for using skills with agentic workflows (#33034)

🔧 Internal Improvements

• Refactored current-repository lookup caches to shared syncutil.OnceLoader (#33180)
• Replaced raw log.Print* usage in library packages with package-scoped logger instances (#33272)
• Refactored parser engine-include tests to table-driven testify assertions (#33241)
• Extracted resolveSafeOutputIssueTarget to eliminate boilerplate (#33231)
• Refactored create- config parsing* to shared helper (#33242)
• Added panic recovery to mcp inspect background goroutines (#33217)
• Refactored pkg mutex sites to use deferred unlocks consistently (#33038)
• JavaScript cleanup via jsweep for add_labels.cjs and add_comment.cjs (#33208, #32949)
• Centralized 403/410 error classification via errstringmatch linter enforcement (#33216, #33117)
• Schema coverage demos for multiple frontmatter fields (pre-steps, models, inline-sub-agents, github-app, environment, dependencies, container, check-for-updates) (#32985, #32984, #32983, #32981, #32980, #32978, #32977, #32976)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@Calidus

• bug: gh aw compile should validate required workflows: field on workflow_run trigger

@IEvangelist

• create_pull_request: git am fallback also fails and cancels unrelated safe outputs — needs stronger retry
• Copilot CLI retry loop in copilot_driver.cjs is futile after entrypoint unsets COPILOT_GITHUB_TOKEN between attempts
• report_incomplete context silently dropped: {report_incomplete_context} placeholder missing from agent_failure_comment.md and agent_failure_issue.md
• Failure-issue handler matches by title alone, turning one issue into an unbounded multi-PR / multi-cause / post-expiry comment magnet
• Agent step probes the runtime instead of relying solely on safe-outputs (leaves stray test PRs behind)

@mason-tim

• push_repo_memory broken on signed-commit rulesets: ls-remote missing gitAuthEnv (regression from #31478)
• Compound || expressions in prompt markdown body never substitute at runtime (compiler/runtime env-var naming mismatch)

@norrietaylor

• Expose network.allowed as a workflow_call input for reusable workflows

@polmichel

• conclusion job's App-token mint step fails hard when GH_AW_APP_ID isn't available and previous step are canceled

@samuelkahessay

• Generated locks emit secret-shaped dummy COPILOT_API_KEY value
• tools.github.allowed-repos cannot express current repository for generated workflows

@wtgodbe

• Bundle-based push path skips temporary ID substitution in file contents

---

Full Details: For complete commit-by-commit changes, see CHANGELOG.

What's Next: We're continuing to improve observability, enhance AI engine capabilities, and refine developer tooling. Stay tuned for more updates!

Generated by 🚀 Release · ● 4.1M

---

What's Changed

• Reject removed tools.serena in parser and align with schema by @Copilot in #32909
• [docs] Self-healing documentation fixes from issue analysis - 2026-05-18 by @github-actions[bot] in #32915
• Bump default AWF firewall to v0.25.48 and MCP gateway to v0.3.11 by @Copilot in #32913
• fix(model-inventory): enrich /reflect null models via mod...

v0.74.4

🌟 Release Highlights

This release delivers significant improvements to safe-outputs reliability, submodule checkout support, enhanced agent failure reporting, stronger security hardening against integer overflow, and a wave of community-requested fixes across MCP, protected-files, repo-memory, and lockdown checks.

✨ What's New

• Submodule-safe credential cleanup — New checkout.clean-git-credentials option prevents credential leaks when workflows use submodules, resolving a long-standing issue with persist-credentials: false in compiled lock files. (#32819)
• Automatic pull-requests: read permission inference — The compiler now infers pull-requests: read for activation jobs that include Vale pre-steps using gh pr diff, eliminating a common silent permission gap. (#32849)
• Larger repo-memory file cap — Default MaxFileSize raised from 10 KB to 100 KB, unblocking analysis of real-world source files. (#32826)
• Denied-command surfacing in failure reports — Agent failure reports now surface denied commands and include improved prompts for actionable debugging. (#32759)
• ctxbackground linter — New Go linter flags context.Background() calls when a ctx parameter already exists, enforcing consistent context propagation. (#32865)

🐛 Bug Fixes & Improvements

• Mentions policy respected in add_comment — Allowed mentions were being escaped due to a missing config pass-through; now correctly applied. (#32805)
• update_pull_request.update_branch permission failures non-fatal — Workflow-permission errors from branch-update calls are now treated as warnings rather than hard failures. (#32900)
• CLI not-found detection unified — Lowercase "not found" errors were previously missed; detection is now case-insensitive and centralized. (#32888)
• Cache-memory artifact upload path fixed — Threat-detection workflows were generating invalid artifact paths; upload now succeeds reliably. (#32733)
• Integer overflow guards — MergeUnique allocation sizing and the run-step sanitizer are both hardened against allocation-size overflow (addresses CodeQL finding #592). (#32842, #32841)
• create_pull_request chaos fallback — Prevents a spurious fallback when the branch already exists. (#32770)

📚 Documentation

• Multi-engine guidance in README — Explicit signal added to help users choose the right engine for their workflow. (#32889)
• LLM discoverability — llms.md and llms-full.txt added for LLM tool configuration and GEO discoverability. (#32744, #32867)
• Broken links fixed — Pattern links in patterns.md and engine link in engines.md repaired. (#32804, #32743)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@askpaisa

• Can GitHub Copilot Agent (Jira integration) use a branch specified in the Jira issue description? (direct issue)

@clementbolin

• MCP gateway fails on ARC self-hosted runners with dind sidecar — "Invalid container ID format" + "Docker socket not found" (direct issue)

@cogni-ai-ee

• docs: Non-existing patterns (direct issue)
• engines.md: Fix broken link to crush repo (direct issue)

@corygehr

• Feature request: first-class file attachments in safe-outputs comments (direct issue)

@IEvangelist

• Raise / unblock default 100-file cap in create_pull_request safe-output for generated-content workflows (direct issue)

@jaroslawgajewski

• Compiled lock files use persist-credentials: false on checkout steps — fails on repos with submodules (direct issue)
• Workflow-Specific OTEL Service Names (direct issue)

@JamesNK

• Replace repo-memory patch size limit with a rate limit over time (direct issue)

@jfomhover

• conclusion job uses static concurrency group, causing random cancellations in batch dispatches (direct issue)

@kaovilai

• protected-files fallback-to-issue: handler attempts git push before short-circuiting, produces inferior fallback issue (direct issue)
• protected-files fallback-to-issue: include Closes #N in pre-filled compare URL so merging auto-closes the issue (direct issue)
• Feature: title-based deduplication for create-issue safe-output handler (direct issue)
• Bundle apply fails due to shallow clone (fetch-depth: 1) in safe_outputs job (direct issue)

@lpcox

• feat: Model fallback when configured model is unavailable (direct issue)

@MH0386

• Custom API Endpoints doesn't work (direct issue)

@norrietaylor

• Lockdown check fails on private cross-repo workflow_call: Contents API uses caller's GITHUB_TOKEN, not callee-accessible token (direct issue)

@sg650

• Agent sandbox PATH puts wrong Ruby first; bundle exec fails until agent manually re-prepends toolcache bin (direct issue)

@theletterf

• Compiler omits pull-requests: read from activation job despite Vale pre-step using gh pr diff (direct issue)
• APM cache key collides across reusable workflows when called from a downstream repo (direct issue)

@yskopets

• SideRepoOps: creating a PR against a non-default branch generates E003 without a custom DEFAULT_BRANCH override (direct issue)

---

For complete details, see CHANGELOG.

Generated by 🚀 Release · ● 3.1M

---

What's Changed

• [caveman] Optimize instruction verbosity — token-optimization.md (2026-05-15) by @github-actions[bot] in #32478
• [testify-expert] Standardize pkg/stringutil tests on testify assertions by @Copilot in #32468
• Replace threat-detection XML marker token across JS and spec by @Copilot in #32458
• ci: reduce retention for debugging artifacts in ci.yml and cgo.yml by @Copilot in #32451
• [linter-miner] feat(linters): add osexitinlibrary linter by @github-actions[bot] in #32448
• Make centralized slash-command workflows emit non-required workflow_dispatch inputs by @Copilot in #32480
• [WIP] Fix failing GitHub Actions job Integration: CLI Audit Logs & Firewall by @Copilot in #32483
• Fix docs link-validator failures from stale experiments page URLs by @Copilot in #32490
• Preserve @copilot in add-comment mention filtering by @Copilot in #32487
• Refactor safe-output dispatch logic to use a canonical handler descriptor table by @Copilot in #32489
• [docs] Self-healing documentation fixes from issue analysis - 2026-05-16 by @github-actions[bot] in #32496
• Make OTEL service names workflow-specific in compiled OTLP workflows by @Copilot in #32488
• Raise Daily Observability workflow ET budget to prevent proxy-enforced exhaustion by @Copilot in #32506
• Stabilize Daily Model Inventory Copilot startup by removing fragile quoted jq allow-tool by @Copilot in #32505
• Refactor workflow config parser helpers and shared mount validation by @Copilot in #32507
• Prevent Linter Miner runs from completing without a terminal safe output by @Copilot in #32531
• Add output_format A/B experiment to daily-code-metrics workflow by @Copilot in #32535
• [compiler-threat-spec] spec: add CTR-017 Secret Leakage via Env Vars a...

v0.74.3

🌟 Release Highlights

This release brings significant improvements to safe outputs, observability, agent compatibility, and workflow reliability — with a strong focus on fixing community-reported issues including GPT-5.4 compatibility, signed-commit regressions, and bundle-apply race conditions.

✨ What's New

• Glob pattern support in add-labels safe outputs — The allowed list for add-labels now accepts glob patterns, making label rule configuration far more flexible. (#32022)
• Issue Fields Support in Safe Outputs — Safe outputs can now read and write GitHub issue fields, expanding what agentic workflows can do with issues. (#30846)
• slash_command and label_command triggers are now stable — Experimental warnings removed; these triggers are production-ready. (#32348)
• aw-compat codemods — New automatic codemods for run-expression hoisting, engine latest pinning, and toolset permission synthesis keep your workflows compatible as the platform evolves. (#32341)
• Warn-mode threat guardrails for safe outputs — Runtime enforcement of warn-mode threat-failure policies across all safe output types improves security posture. (#32399)
• Agent compatibility matrix and validation — Workflows can now declare and validate agent compatibility constraints. (#32396)
• Enhanced observability and proxy support — Improved OTel spans (gen_ai.system on setup/conclusion), Grafana MCP config shared component, and better proxy header handling. (#32425, #32340)
• excessivefuncparams linter — A new Go analyzer flags high-arity function declarations to encourage cleaner APIs. (#32402)
• experiments.* now valid in runtime-import expressions — Experiment flags can now be referenced in runtime-import validation contexts. (#32375)

🐛 Bug Fixes & Improvements

• Fix gh aw logs/gh aw status ignoring --repo — These commands now correctly bypass the local filesystem when --repo is set. (#31660)
• Fix orphan-branch signed-commit regression — Orphan-branch first commits now correctly use signed pushes, resolving a regression of #29301. (#31489)
• Fix bundle-apply race condition — Git stderr is now captured to recover missing prerequisite commits, eliminating a race between agent and safe_outputs jobs. (#32310)
• Fix on: key quoting in compiled .lock.yml — The top-level on: key is now emitted unquoted, matching GitHub Actions expectations. (#32354)
• Fix runtime import deduplication — Inline runtime-imports in workflow bodies are no longer expanded twice during recursive self-import expansion. (#31650)
• Fix GPT-5.4 tool call type error — Resolved 400 Invalid type for 'messages[x].tool_calls[x].type' errors when using GPT-5.4 models. (#31695)
• Fix gpt-5.4-mini strict mode failures — GPT-5.4-mini now works correctly via /chat/completions in strict AWF mode. (#32197)
• Fix safe_outputs git fetch on checked-out branch — Bundle targets no longer fail when targeting the currently checked-out branch. (#32069)
• Fix BYOK Azure AI Foundry model resolution — External Azure AI Foundry deployments no longer return HTTP 404 from the proxy catalog. (#30356)
• Allow unsigned pushes when signed commits are disabled — PR branch pushes now correctly skip signature requirements when the repo has signed commits disabled. (#32271)
• Improved compiler diagnostics — Better error messages for YAML missing-colon syntax errors and engine ID typos. (#32343)

📚 Documentation

• Major documentation reorganization — A new Practices sidebar section, collapsed Experimental section, and restructured Reference pages make the docs more navigable. (#32450, #32445, #32441, #32431)
• GHE support documentation — Added documentation for GitHub Enterprise support. (#31701)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• BYOK with external Azure AI Foundry deployment — model not found in proxy catalog (HTTP 404) (direct issue)

@hermanho

• gpt-5.4-mini fails via /chat/completions in strict AWF mode (direct issue)

@IEvangelist

• Generated *.lock.yml files quote the top-level on: key (direct issue)

@labudis

• Implement Issue Fields Support in Safe Outputs (direct issue)

@mason-tim

• Regression of #29301: orphan-branch first commit pushes unsigned, fails on "Require signed commits" rulesets (direct issue)

@mrjf

• push_to_pull_request_branch: merge commits blocked by both signed and unsigned push paths (direct issue)
• safe_outputs: git fetch fails when bundle targets the currently checked-out branch (direct issue)

@NicolasRannou

• Documentation: GHE support (direct issue)

@norrietaylor

• Bundle-apply race: safe_outputs fetch-depth=1 loses ancestor commits between agent and safe_outputs jobs (direct issue)

@rabo-unumed

• Bug: gh aw logs and gh aw status ignore --repo and fail without local .github/workflows (direct issue)

@sg650

• Upstream workflows that shell out to gh aw should install the gh-aw CLI explicitly (direct issue)
• Upstream workflows should disable observability when GH_AW_OTEL_* secrets are unset (direct issue)

@tore-unumed

• Runtime import deduplication: inline runtime-imports in workflow body are expanded twice due to recursive self-import (direct issue)

@tsm-harmoney

• Edit tool fails with GPT-5.4: 400 Invalid type for 'messages[x].tool_calls[x].type' (direct issue)

@yskopets

• feat: support glob patterns in allowed for add-labels safe-outputs (direct issue)

---

For complete details, see CHANGELOG.

Generated by 🚀 Release · ● 4.1M

---

What's Changed

• docs: add DeepReport to DDUw cookie-issue sources by @Copilot in #32030
• Support glob patterns in allowed label filters for safe-outputs by @Copilot in #32027
• [WIP] Fix failing GitHub Actions job lint-js by @Copilot in #32036
• [WIP] Fix failing GitHub Actions job for CLI completion by @Copilot in #32041
• [WIP] Fix failing GitHub Actions job lint-js by @Copilot in #32042
• [ubuntu-image] docs: update Ubuntu Actions runner image analysis (2026-05-14) by @github-actions[bot] in #32050
• [compiler-threat-spec] feat: add CTR-015 compiler warning for bare * in safe-outputs allowed-labels by @github-actions[bot] in #32046
• Accept pr_number / pr aliases for PR safe-output targets by @Copilot in #32043
• Add compiler guardrail to reject ${{ ... }} in compiled run scripts by @Copilot in #32048
• [jsweep] Clean allowed_issue_fields.cjs by @github-actions[bot] in #32059
• [aw] Enforce mandatory safe-output noop in PR Sous Chef runs by @Copilot in #32064
• chore: Add smoke test workflow for otlp telemetry export validation by @mnkiefer in #32091
• Fix Claude MCP config path expansion for Safe Output Health Monitor by @Copilot in #32065
• fix: mask otlp headers by @Copilot in #32096
• feat(architecture-guardian): offload violation classification to small inline sub-agent by @Copilot in #32102
• refactor: consolidate duplicate SHA...

v0.74.2

🌟 Release Highlights

This release brings powerful new developer tooling — custom Go linters, new gh aw fix codemods, and a --staged compile flag — alongside key reliability fixes for signed commits and safe-output PR creation, improved self-hosted runner docs, and a raised max-runs default for larger workflows.

✨ What's New

• gh aw compile --staged — Force workflows into staged mode at compile time. (#31975)
• Custom Go analysis linters — pkg/linters ships a new largefunc linter sample. (#31958)
• gh aw fix codemods — Rewrites single-quoted tools.bash args and lowercases discussion trigger categories. (#31874, #31872)
• Decentralized label_command routing via agentic_commands.yml. (#31917)
• REST API for agent session task creation — More reliable than gh CLI. (#32028)
• Higher default max-runs — Raised from 100 to 500. (#31986)
• Runner and actor OTel attributes for cross-runner observability. (#31913)

🐛 Bug Fixes & Improvements

• Signed commits: refuse unsafe fallback — pushSignedCommits no longer silently falls back to unsigned git push. (#31876)
• create_pull_request bundle ref mismatch fixed in safe output. (#31955)
• ARC/DinD detection now matches any (redacted) DOCKER_HOST`. (#31996)
• on: subsection indentation parser bug fixed. (#31871)
• gh aw lint false positives fixed. (#31916)
• Early CI lint gate reduces lint-fix PR churn. (#31921)

📚 Documentation

• Self-hosted runner guide: GHES and ARC sections. (#31923)
• Claude Quick Start parity and engine-neutral architecture labels. (#32016)
• Frontmatter reference: inline-sub-agents and max-effective-tokens documented. (#32010)
• repository_dispatch FAQ and trigger reference. (#31979)

🌍 Community Contributions

@michen00

• pushSignedCommits silently falls back to unsigned git push on merge/symlink/submodule/exec-bit commits (direct issue)

@octatone

• create_pull_request safe output fails: bundle branch ref doesn't match JSONL-declared branch name (direct issue)

@tore-unumed

• Docs: pre-agent-steps missing from Allowed Import Fields list (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 4.9M

---

What's Changed

• Fix S1011 staticcheck lint failure in central_slash_command_workflow.go by @Copilot in #31858
• Fix failing "Integration: Workflow Misc Part 2" tests by @Copilot in #31860
• [jsweep] Clean action_conclusion_otlp.cjs by @github-actions[bot] in #31868
• Fix on: subsection indentation handling causing test workflow failures by @Copilot in #31871
• chore: streamline outcome collection by @mnkiefer in #31888
• fix(push-signed-commits): refuse unsigned git push fallback for structurally unsignable commits by @Copilot in #31876
• [actions] Update GitHub Actions versions - 2026-05-13 by @github-actions[bot] in #31893
• fix(duplicate-code-detector): allow github.com and api.github.com through firewall by @Copilot in #31904
• Add gh aw fix codemod to rewrite single-quoted tools.bash args safely by @Copilot in #31874
• feat: implement outcome telemetry export by @mnkiefer in #31897
• Refactor update workflow call chain to use a shared options struct by @Copilot in #31886
• Refactor duplicated on-trigger section entry/reset logic in YAML on-section extraction by @Copilot in #31881
• Add GH_TOKEN to dev-mode gh-aw runtime install step generation by @Copilot in #31898
• Refactor permission-scope string conversion to validated inventory lookup by @Copilot in #31899
• Docs UX: Convert “Getting Help” run-on guidance into prioritized numbered steps by @Copilot in #31900
• Add default gh aw fix codemod to lowercase discussion trigger categories in frontmatter by @Copilot in #31872
• Docs/tests: include pre-agent-steps and post-steps in shared import allowlist by @Copilot in #31912
• Centralize filesystem permission policy and remove raw octal modes from production callsites by @Copilot in #31915
• Add runner and actor_id OTel resource attributes for cross-runner observability by @Copilot in #31913
• Add scheduled pr-sous-chef workflow to advance open PRs toward maintainer review by @Copilot in #31911
• Align strict-mode compatibility: allow Playwright MCP warnings and honor workflow-level strict opt-out for pull_request_target by @Copilot in #31914
• [docs] Update glossary - daily scan by @github-actions[bot] in #31924
• chore: update outcome collector by @mnkiefer in #31936
• [spec-enforcer] Enforce specifications for logger, parser, repoutil by @github-actions[bot] in #31935
• Refactor audit command hot-spots to use a shared AuditOptions API by @Copilot in #31920
• Fix gh aw lint false positives breaking make lint-lock by @Copilot in #31916
• Fix Issue Arborist Repo Mind Light token by @szabta89 in #31942
• Add detail_level A/B experiment to daily architecture diagram workflow output by @Copilot in #31927
• [function-namer] Improve internal helper naming in pkg/workflow for agent discoverability by @Copilot in #31951
• Enforce pre-submission lint hygiene and add an early CI lint gate to reduce lint-fix PR churn by @Copilot in #31921
• [docs] Consolidate developer specifications into instructions file (v9.6) by @github-actions[bot] in #31957
• fix(otel): emit gh-aw.engine.id on setup spans via shared resolveEngineId helper by @Copilot in #31956
• chore: enhance outcome evaluation process by @mnkiefer in #31938
• Fix Issue Arborist pre-agent issue fetch by @szabta89 in #31954
• Document pkg/testutil dependency on pkg/constants in package spec by @Copilot in #31950
• feat: add pkg/linters with custom Go analysis linters (largefunc sample) by @Copilot in #31958
• docs: add runner environment requirements, GHES, and ARC sections to self-hosted guide by @salmanmkc in #31923
• Handle bundle ref mismatch in create_pull_request safe output by @Copilot in #31955
• [docs] Update documentation for features from 2026-05-13 by @github-actions[bot] in #31928
• Add --staged flag to compile for forced staged workflows by @Copilot in #31975
• Fix gh-aw extension setup collisions in generated workflows by @Copilot in #31952
• Creating a dynamic agent of the day blog entry by @Copilot in #31981
• Add patterns router prompt and wire dispatcher routing by @Copilot in #31985
• Close SPDD gaps for forecast discovery, frontmatter hash limits, and related specs by @Copilot in #31984
• Increase default max-runs from 100 to 500 across compiler, schema, and docs by @Copilot in #31986
• docs: add repository_dispatch FAQ and trigger reference for external system integrations by @Copilot in #31979
• daily-experiment-report: install numpy/matplotlib when running on PyPy by @Copilot in #31992
• Add decentralized label_command routing via agentic_commands.yml by @Copilot in #31917
• Strengthen create-pull-request safe output guardrails: always recommend allowed-files by @Copilot in #31999
• restrict create-pull-request to docs/** files in blog-writer workflow by @Copilot in #31998
• [WIP] Fix failing GitHub Actions job Lint Gate by @Copilot in #32004
• [WIP] Fix failing GitHub Actions job lint-go by @Copilot in #32003
• [caveman] Optimize instruction verbosity — agentic-chat, campaign, cli-commands, context (2026-05-13) by @github-actions[bot] in #32019
• [deep-report] Add missing top-level inline-sub-agents and max-effective-tokens to canonical frontmatter references by @Copilot in #32010
• fix: broaden ARC/DinD detection to match any tcp:// DOCKER_HOST by @salmanmkc in htt...

v0.74.1

🌟 Release Highlights

This release brings new workflow control features, security hardening, improved observability, and resolves several community-reported issues including ARC/DinD runner support and lockfile consistency fixes.

✨ What's New

• Pre-activation author gating — New on.skip-author-associations field lets you gate workflow activation by the triggering user's repository association (e.g. allow only MEMBER or OWNER), reducing unnecessary agent runs. (#31836)
• Concurrency queue support — concurrency.queue field and queue-aware conclusion job defaults give fine-grained control over concurrent workflow execution. (#31764)
• Immediate command reactions — Centralized slash-command workflows now post emoji reactions immediately upon receipt and propagate the desired reaction context throughout the run. (#31847)
• Outcome evaluation for safe outputs — Safe output jobs can now declare pass/fail outcomes, enabling automated evaluation of agent results. (#31776)
• Token steering compiler support — firewall.effective-token-steering is now parsed and rendered in the agent and gateway JS parsers. (#31796, #31823)
• Improved OTel accuracy — The gh-aw.agent span now captures the true Execute-Agent-CLI start time, excluding pre-agent overhead from telemetry. (#31808)
• Stricter schema validation — Unused top-level command keys in main workflow frontmatter now produce a clear validation error. (#31750)

🐛 Bug Fixes & Improvements

• Fixed dispatch-workflow validation incorrectly rejecting workflows in target repos under the Side Repo Ops pattern. (#31835, resolves #31831)
• Fixed redirect-only workflows being misidentified as shared workflow components. (#31800, resolves #31689)
• Fixed lockfile differences between fork contributor checkouts and upstream CI. (#31613, resolves #31612)
• Fixed bundle transport failures in shallow checkouts where git fetch rejected bundle prerequisites. (#31603, resolves #31600)
• Fixed plan context substitution failures (/plan) for slash-command runs. (#31849)
• Fixed double quotes in experiment comparison expressions that broke evaluation. (#31770)
• Fixed centralized slash_command reaction and status-comment gating. (#31775)
• Clarified npm and pip package name validation error messages. (#31822)
• Normalized non-release agentic_commands.yml compiler metadata to dev. (#31829)

🔒 Security

• URL protocol sanitizer switched to an allowlist model, closing a potential bypass via non-://-scheme URLs. (#31715)
• stripDangerousAttributes now strips title= and data-* attributes, closing a hidden injection channel. (#31707)

🏗️ ARC / DinD Runner Support

Two long-standing community requests for ARC (Actions Runner Controller) support are resolved:

• First-class ARC runner support for AWF-backed workflows. (#31614, resolves #30840)
• AWF chroot mode now supports ARC/DinD Docker daemon filesystems without manual staging. (resolves #30838)

📚 Documentation

• Troubleshooting / common-issues page trimmed by ~27% for faster scanning. (#31756)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bmerkle

• regression in gh aw version v0.72.1 with daily-repo-status.md (direct issue)

@mrjf

• Bundle transport still fails in shallow checkout: git fetch rejects bundle prerequisites (direct issue)

@rhardouin

• [ARC-DinD] GAW should provide first-class ARC runner support for AWF-backed workflows (direct issue)
• [ARC-DinD] AWF chroot mode should support ARC/DinD Docker daemon filesystems without manual staging (direct issue)

@trask

• gh aw compile produces different lockfiles for fork contributors vs the upstream CI checkout, with no in-repo way to make them match (direct issue)

@yskopets

• dispatch-workflow validation fails for workflows in target repo (Side Repo Ops pattern) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 3.8M

---

What's Changed

• docs: extend memory.md with built-in GitHub graph and git history strategies by @Copilot in #31594
• Reduce ParseWorkflow regression by optimizing frontmatter delimiter parsing by @Copilot in #31583
• perf(workflow): cache manifest baseline lookup in CompileWorkflow path by @Copilot in #31584
• Stabilize DIFC proxy integration check by replacing flaky /rate_limit assertion by @Copilot in #31595
• [q] fix(weekly-blog-post-writer): dedupe Agent of the Week using published blog history by @Copilot in #31593
• Align audit/trial help text and update docs for update --cool-down by @Copilot in #31597
• [docs] Self-healing documentation fixes from issue analysis - 2026-05-12 by @github-actions[bot] in #31604
• build(deps): bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in #31601
• fix: link default footers to workflow run URL instead of agentic_workflow subpage by @Copilot in #31611
• Reduce ExtractWorkflowNameFromFile overhead in the title-scan path by @Copilot in #31598
• Fix bundle transport in shallow checkouts by @Copilot in #31603
• fix(engines): normalize wildcard bash commands to canonical tool permission syntax by @Copilot in #31599
• Address review feedback: dedupe normalized Claude Bash tools and tighten release bash permissions by @Copilot in #31615
• Prefer upstream remote for gh aw compile schedule seed in fork checkouts by @Copilot in #31613
• Auto-detect ARC/DinD and emit AWF --docker-host-path-prefix in generated workflows by @Copilot in #31614
• [code-simplifier] refactor: extract awfVersionAtLeast helper to deduplicate version-check functions by @github-actions[bot] in #31627
• Enable OTLP export for Agentic Portfolio Yield by @Copilot in #31647
• Add optional payload input to dependabot-worker reusable workflow by @mnkiefer in #31679
• [instructions] Sync instruction files with release v0.72.1 by @github-actions[bot] in #31661
• [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #31669
• [docs] Update glossary - daily scan 2026-05-12 by @github-actions[bot] in #31672
• [docs] Update documentation for features from 2026-05-12 by @github-actions[bot] in #31676
• [spec-enforcer] Enforce specifications for fileutil, gitutil, jsonutil by @github-actions[bot] in #31683
• Refactor workflow feature gates to use a shared version-threshold helper by @Copilot in #31642
• Classify repeated permission-denied failures as missing tool/permission issues in Copilot/Claude/Codex harnesses by @Copilot in #31629
• Treat gh aw as a first-class runtime with release setup-cli injection, dev source build, and firewall domains by @Copilot in #31622
• fix: propagate DOCKER_HOST to MCP gateway for ARC/dind runners by @salmanmkc in #31670
• Fix build-wasm CI failure by updating stale wasm compile fixture goldens by @Copilot in #31698
• fix: apply gofmt to runtime_definitions.go by @Copilot in #31700
• feat: add GHES-compatible artifact action versions via feature flag by @salmanmkc in #31664
• fix: decode named invisible-char HTML entities in decodeHtmlEntities to close @mention bypass by @Copilot in #31703
• fix: strip title= and data-* attributes in stripDangerousAttributes to close hidden injection channel by @Copilot in #31707
• test: parity regression guard for alias-branch template delimiter neutralization by @Copilot in #31712
• fix(sanitize): switch sanitizeUrlProtocols to allowlist for ://-scheme URLs by @Copilot in #31715
• build(deps-dev): bump @playwright/test from 1.59.1 to 1.60.0 in /docs by @dependabot[bot] in #31743
• build(deps-dev): bump @types/node from 25.6.0 to 25.7.0 in /actions/setup/js by @dependabot[bot] in #31742
• build(deps-dev): bump @vitest/ui from 4.1.5 to 4.1.6 in /actions/setup/js by @dependabot[bot] in #31744
• build(deps-dev): bump vitest from 4.1.5 to 4.1.6 in /actions/setup/js by @dependabot[bot] in https://github.com/gith...

v0.74.0

test

Generated by Release · ● 66.9M

---

What's Changed

• fix: set_issue_field skips gracefully when repo has no issue fields by @Copilot in #31576
• Integrate Repo Mind Light into Issue Arborist workflow by @Copilot in #31510
• optimize: reduce token usage in three high-consumption workflows by @Copilot in #31582
• Reduce Daily Syntax Error Quality workflow token churn without changing cadence by @Copilot in #31586
• Fix firewall token usage reporting to preserve raw counts and remove cache-rate transforms by @Copilot in #31581
• Fix golangci-lint failures in codemod and miner test files by @Copilot in #31590
• Auto-bump version when release tag already exists by @Copilot in #31592

Full Changelog: v0.72.2...v0.74.0

v0.72.1

🌟 Release Highlights

v0.72.1 delivers a new developer-facing lint command, critical compiler correctness fixes, and improved shared workflow ergonomics — all driven largely by community-reported issues.

✨ What's New

• gh aw lint — fast lock-file validation (#30704): New gh aw lint command runs actionlint directly against existing .lock.yml files — no recompile, no extra scanners. Perfect for a lightweight CI gate to catch syntax errors before pushing. Supports --dir, explicit file paths, and optional --shellcheck/--pyflakes checks.

• Import engine.mcp.tool-timeout from shared workflows (#30634): Shared workflows wrapping slow MCP servers (e.g. Repo Mind Light) can now declare engine.mcp.tool-timeout and engine.mcp.session-timeout once, and consumers inherit those values automatically — no more duplicating timeout configs in every consumer. Consumer-declared values still take precedence.

• First-party coding-agent skill for gh aw (#27259): Added a router skill that gives coding agents (Copilot, Claude, etc.) structured guidance on creating, debugging, and updating agentic workflows using the gh aw CLI.

• Shared skip-if-match dedup component: The common "open issue/PR by title prefix" deduplication query is now a shared compiler-imported component, eliminating copy-paste duplication across dozens of workflows.

🐛 Bug Fixes & Improvements

• && preserved in compiled workflow expressions (#30695): Go's HTML escaping was converting && to \u0026\u0026 inside AWF config JSON embedded in .lock.yml files, corrupting ${{ ... && ... }} expressions and causing workflow parse failures. Fixed by switching to json.Encoder with SetEscapeHTML(false).

• safe-outputs permission regression fixed (#30733): When update-project appeared alongside add-comment/add-labels, the minted App token was incorrectly downgraded to issues:read instead of issues:write, silently failing issue mutations.

• Conclusion comment now reflects safe_outputs failures (#30662): The conclusion job was reporting ✅ success even when safe_outputs failed (e.g., 422 on PR review submission). The job now correctly propagates safe_outputs status.

• Firewall binary version corrected (#30705, #30191): v0.71.1 was referencing a non-existent gh-aw-firewall version, causing 404s on AWF binary install. This release ships with the correct firewall v0.25.29 (which also includes the healthcheck fix).

• Playwright mode: cli recognized by compiler (#30088): gh aw compile now correctly accepts mode: cli in Playwright tool configuration.

• COPILOT_API_KEY dummy key no longer triggers over-billing (#30324): The dummy byok-key placeholder introduced in v0.71 was causing 10–100x premium request over-billing compared to v0.68. Fixed.

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• Bug: mode: cli for Playwright not recognized during gh aw compile (direct issue)

@bryanchen-d

• feat: lightweight gh aw lint — actionlint-only over existing .lock.yml files (no recompile, no zizmor/poutine) (direct issue)
• Compiler JSON-encodes && to \u0026\u0026 inside ${{ }} expressions in AWF config printf, breaking workflow parse (direct issue)

@haavamoa

• Release new gh-aw CLI version with firewall v0.25.29 (healthcheck fix) (direct issue)

@jonathanpeppers

• Conclusion comment shows success when safe_outputs fails to submit PR review (direct issue)

@lpcox

• Support importing engine.mcp.tool-timeout from shared workflows (direct issue)

@norrietaylor

• safe-outputs: update-project co-presence regresses handler-derived issues:write to issues:read in minted App token (direct issue)

@tore-unumed

• v0.71 COPILOT_API_KEY dummy-byok-key causes 10-100x premium request over-billing vs v0.68 (direct issue)

@verkyyi

• First-party coding-agent skills wrapping the gh aw CLI (direct issue)

@yskopets

• gh aw v0.71.1 compiles workflows referencing non-existent gh-aw-firewall v0.25.28, causing 404 on AWF binary install (direct issue)

---

For complete details, see CHANGELOG.

Note

🔒 Integrity filter blocked 3 items

The following items were blocked because they don't meet the GitHub integrity level.

• #30705 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #30088 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #30324 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Release · ● 14.1M

---

What's Changed

• Fix js-typecheck failure in OTLP payload guard by @Copilot in #30669
• Add daily SPDD spec-planning workflow that opens actionable issue queues by @Copilot in #30663
• fix: show failure in conclusion comment when safe_outputs job fails by @Copilot in #30666
• Remove cache option from Go setup step by @pelikhan in #30679
• Make bundle mode the default for safe-output patch packaging by @Copilot in #30626
• docs: move release process documentation to CONTRIBUTING.md by @Copilot in #30682
• Stabilize template conditional fuzz assertions to eliminate malformed-input false failures by @Copilot in #30678
• Stabilize codemod registry test by removing stale hardcoded count by @Copilot in #30677
• docs: SPDD spec improvements — multiplier registry, safeguards, conflict norms, error norms, sync notes, compliance stubs by @Copilot in #30681
• Fix lint-go failures in docker context tests and OTLP env assembly by @Copilot in #30676
• [caveman] Optimize instruction verbosity — cli-commands, experiments, github-mcp-server (2026-05-06) by @github-actions[bot] in #30690
• Add missing Agentic Ops pattern page by @Copilot in #30688
• Add retirement notice for releases 0.68.4–0.71.3 and FAQ upgrade instructions by @Copilot in #30698
• fix: skip COPILOT_API_KEY and /reflect when sandbox.agent is disabled by @Copilot in #30687
• Stabilize BenchmarkCompileMCPWorkflow by using Playwright CLI mode in benchmark fixture by @Copilot in #30697
• Align CLI help text semantics and terminology across mcp, project, pr, completion, logs, and init by @Copilot in #30696
• [workflow-style] Normalize report formatting guidance in workflow report prompts by @Copilot in #30702
• feat: support importing engine.mcp.tool-timeout and session-timeout from shared workflows by @Copilot in #30686
• [docs] Self-healing documentation fixes from issue analysis - 2026-05-07 by @github-actions[bot] in #30709
• Consolidate Grumpy + PR Nitpick into single pr-code-quality-reviewer by @Copilot in #30708
• perf: fix 104% regression in ExtractWorkflowNameFromFile by reducing scanner buffer allocation by @Copilot in #30706
• Preserve && in AWF config JSON embedded in lock workflows by @Copilot in #30700
• perf: eliminate reflection in validateSafeOutputsMax (4.3x faster) by @Copilot in #30701
• docs(instructions): never suggest pull_request_target over pull_request by @Copilot in #30718
• build(deps): Bump the npm_and_yarn group a...

v0.72.0

🌟 Release Highlights

This release makes inline sub-agents default-on, fixes a push_to_pull_request_branch rerun failure reported by the community, and improves reliability of Docker workflow execution.

✨ What's New

• Inline sub-agents are now default-on — The features.inline-agents: true flag is deprecated and no longer required. Inline sub-agent artifact staging and restoration are automatically emitted in compiled workflows. Run gh aw fix --write to auto-remove the deprecated flag from your existing workflows via the new features-inline-agents-removal codemod.

• AI discovery endpoints added to docs site — The documentation site now exposes AI-readable discovery files (/.well-known/ai.txt, /ai/summary.json, /ai/faq.json, /ai/service.json) to improve discoverability by AI assistants and crawlers.

🐛 Bug Fixes & Improvements

• Fixed: push_to_pull_request_branch fails with add/add conflict on reruns — When an agent reran and the patch reintroduced a file already present on the PR branch, git am --3way produced an unresolvable CONFLICT (add/add) that blocked incremental updates to long-lived branches. The fix detects add/add-only conflicts, resolves them by taking the patch side (--theirs), and automatically resumes with git am --continue.

• Context-aware Docker checks — IsDockerAvailable and IsDockerImageAvailable now accept and propagate context.Context, replacing bare exec.Command calls with exec.CommandContext. This prevents Docker subprocess calls from hanging indefinitely when the Docker daemon is slow or unresponsive.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@tore-unumed

• push_to_pull_request_branch: git am fails with add/add conflict when target branch already has the file (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 13.3M

---

What's Changed

• fix: correct gh skill install invocation in mattpocock-skills-reviewer by @Copilot in #30526
• Optimize daily-firewall-report with inline sub-agents for charting and firewall aggregation by @Copilot in #30523
• Escape OTLP endpoints JSON before YAML single-quote wrapping by @Copilot in #30527
• fix: use %q instead of single-quote wrapping for filePath in runtime import warnings by @Copilot in #30528
• refactor: extract getRunFailureStatusText helper to eliminate duplicated status mapping in notify_comment_error by @Copilot in #30536
• [instructions] Sync instruction files — document comment-memory in memory.md by @github-actions[bot] in #30555
• [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #30565
• [docs] Update glossary - daily scan by @github-actions[bot] in #30568
• Add homepage JSON-LD graph for WebSite, SoftwareApplication, Organization, FAQ, and SearchAction by @Copilot in #30525
• fix: align "Set up Python" → "Setup Python" in daily-geo-optimizer by @Copilot in #30576
• fix(deps_security): propagate context.Context through security advisory HTTP call by @Copilot in #30577
• Fix Multi-Device Docs Tester: surface safe-output requirement earlier and allow Chrome background domains by @Copilot in #30579
• Configure agent OTEL file export and forward Copilot traces to OTLP by @Copilot in #30530
• Restore token workflow behavior after agentic-ops bundle sync by @Copilot in #30533
• Add output_format A/B experiment to daily issues report and remove deprecated owner field by @Copilot in #30588
• [spec-enforcer] Enforce specifications for actionpins, agentdrain, cli by @github-actions[bot] in #30610
• Remove observability OTLP headers deprecation warning by @Copilot in #30590
• fix: update strict mode test fixture to use playwright CLI mode by @Copilot in #30603
• fix(daily-doc-updater): call noop instead of exiting silently when no docs changes needed by @Copilot in #30600
• Mark fuzz template branch harness as SEC-004 safe-outputs exempt by @Copilot in #30602
• Unify OTLP tool-span service.name under gh-aw in logSpan by @Copilot in #30591
• Remove unsupported owner field from ab-testing-advisor experiment example by @Copilot in #30597
• deps: bump github.com/charmbracelet/x/exp/golden to 2026-05-03 pseudo-version by @Copilot in #30592
• fix: add --force to gh skill install in mattpocock-skills-reviewer by @Copilot in #30599
• feat: promote github.run_attempt to OTLP resource attributes by @Copilot in #30604
• pkg/cli: thread context through Docker availability checks by @Copilot in #30606
• Refactor engine capability detection to use a single EngineCapabilities value by @Copilot in #30605
• Reduce token overhead in Daily Community Attribution while preserving prompt-style experiments and OTLP runtime import by @Copilot in #30589
• Update token optimization workflows by @mnkiefer in #30613
• [aw-compat] Add gh aw fix codemod to auto-set checkout: false for safe pull_request_target workflows by @Copilot in #30596
• Enforce SEC-005 target-repo allowlist in push_experiment_state handler by @Copilot in #30595
• Add AI discovery endpoints to docs site by @Copilot in #30621
• docs: fix spec audit violations in 4 package READMEs by @Copilot in #30629
• [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #30639
• Handle git am --3way add/add conflicts when pushing incremental updates to existing PR branches by @Copilot in #30601
• [docs] Consolidate developer specifications — v9.1 maintenance scan by @github-actions[bot] in #30633
• Enable inline sub-agents by default and deprecate features.inline-agents with auto-removal codemod by @Copilot in #30661

Full Changelog: v0.71.6...v0.72.0

v0.71.6

🌟 Release Highlights

This release delivers a focused round of bug fixes addressing community-reported issues, security hardening, and notable developer experience improvements.

✨ What's New

• Gateway RPC Message Rendering — AWF and MCP RPC message types are now rendered directly in the gateway step summary, giving you clearer visibility into tool call activity during workflow runs.
• Activation Artifact Enhancements — The activation artifact now includes prompt-template.txt and prompt-import-tree.json, making it easier to inspect and debug the prompts used by your workflows.
• small Model Alias for Sub-Agents — Inline sub-agent blocks now use the small model alias by default, reducing cost and latency for lightweight agent tasks.

🐛 Bug Fixes & Improvements

• Safe-outputs App token permissions cap fixed — The GitHub App token minted by safe-outputs was incorrectly capping issues:* permission at the workflow-level value, blocking add-comment and add-labels calls. Permissions are now derived correctly from the individual handlers.
• Dispatch-workflow "No ref found" error — dispatch-workflow was receiving job.workflow_sha as target-ref and failing. The correct ref is now resolved, so dispatching workflows from a commit SHA works as expected.
• Compiler now honors target-repo in shared PR checkout steps — push-to-pull-request-branch.target-repo (and update-pull-request.target-repo) were silently ignored when create-pull-request was not configured. The compiler now correctly threads the target repository through buildSharedPRCheckoutSteps.
• Orphan branch first push no longer silently discarded — An empty baseRef in pushSignedCommits caused the initial push to an orphan branch to be dropped; this is now handled correctly.
• Prompt rendering corruption fixed — JavaScript replace() special-character patterns (e.g. $&, $') could corrupt rendered prompt text; the renderer now escapes substitution patterns safely.
• Firewall audit artifact permissions — Compiled workflows now apply chmod -R a+rX to firewall audit artifacts, fixing permission errors when downloading them.
• Cache-memory miss no longer fails first optimizer run — daily-caveman-optimizer no longer reports a cache_memory_miss as a failure on the very first run.

🔒 Security

• Repo-loaded experiment state size guard — A maximum-size guard (SEC-003) has been enforced on experiment state loaded from the repository, preventing oversized payloads from affecting workflow execution.

📚 Documentation

• AI crawler discoverability — A robots.txt with the correct sitemap directive has been added to the docs site, unblocking AI crawlers from indexing interior pages.
• Friendlier frontmatter error messages — oneOf schema jargon in frontmatter validation messages has been replaced with plain-language descriptions.

🌍 Community Contributions

@bryanchen-d

• compiler: buildSharedPRCheckoutSteps ignores push-to-pull-request-branch.target-repo (and update-pull-request.target-repo) when create-pull-request is not configured (direct issue)

@danquirk

• Bug: dispatch-workflow receives job.workflow_sha as target-ref and fails with No ref found (direct issue)

@norrietaylor

• safe_outputs minted App token caps issues:* permission at workflow-level value, blocking add-comment / add-labels (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 13.6M

---

What's Changed

• [caveman] Optimize instruction verbosity — workflow-health.md, skills.md (2026-05-05) by @github-actions[bot] in #30456
• Enforce max-size guard for repo-loaded experiment state (SEC-003) by @Copilot in #30448
• [ab-advisor] Add output_format A/B experiment to deep-report workflow by @Copilot in #30447
• fix: replace APM with gh skill install in mattpocock-skills-reviewer workflow by @Copilot in #30433
• Use small model alias in inline sub-agent blocks by @Copilot in #30398
• Token optimization: daily-doc-updater — reduce sequential tool calls (~25–35% cost reduction) by @Copilot in #30438
• fix: dispatch-workflow fails with "No ref found" when target-ref is a commit SHA by @Copilot in #30426
• Fix safe-outputs GitHub App token permissions cap by deriving from handlers instead of workflow-level block by @Copilot in #30437
• fix: don't report cache_memory_miss as failure on first run of daily-caveman-optimizer by @Copilot in #30466
• Fix firewall audit artifact permissions in compiled workflows (chmod -R a+rX) by @Copilot in #30414
• fix: prevent JS replace() special patterns from corrupting rendered prompts by @Copilot in #30461
• refactor: decouple safe-outputs checkout from event trigger context by @Copilot in #30071
• fix: orphan branch first push silently discarded by empty baseRef in pushSignedCommits by @Copilot in #30463
• feat: add prompt-template.txt and prompt-import-tree.json to activation artifact by @Copilot in #30465
• Update Q workflow prompt to never modify itself and target workflows from GitHub context by @Copilot in #30476
• Add rebuild/recompile warning comments to firewall and mcpg version constants by @Copilot in #30478
• Update 2026-05-06 model multiplier inventory (Claude/GPT corrections + new Gemini/Copilot entries) by @Copilot in #30473
• Fix mapsloop lint violation in safe output app permission merge by @Copilot in #30480
• fix(compiler): honor push-to-pull-request-branch target-repo in shared PR checkout steps by @Copilot in #30474
• Replace oneOf schema jargon with user-friendly language in frontmatter docs by @Copilot in #30488
• Bump default firewall version to v0.25.41 by @Copilot in #30479
• Remove experiments.owner field from front matter, JSON, and docs by @Copilot in #30490
• feat: render AWF/MCP RPC message types in gateway step summary by @Copilot in #30489
• docs: add robots.txt with sitemap directive to fix AI crawler discoverability by @Copilot in #30503
• fix: make cloclo run-failure message actionable with run logs link by @Copilot in #30502

Full Changelog: v0.71.5...v0.71.6