v0.68.0

🌟 Release Highlights

This release brings distributed tracing improvements, important security hardening, permission fixes, and a cleaner add-comment API — with a community-reported bug fix included.

✨ What's New

• OpenTelemetry cross-job trace hierarchy — Parent span IDs are now propagated through aw_context across jobs, enabling end-to-end distributed trace visibility for multi-job workflows. (#25540)

• Simplified discussion comment API — The deprecated add-comment.discussion (singular boolean) field has been removed in favor of the clearer discussions: true/false syntax. Update your workflows using gh aw fix --write. (#25532)

🐛 Bug Fixes & Improvements

• Fixed invalid discussions: write permission on safe-output jobs — The compiler was unconditionally emitting an invalid permission-discussions field into GitHub App token requests for safe-output jobs. This has been corrected. (#25508)

• Security: heredoc content validation — ValidateHeredocContent checks are now applied to five user-controlled heredoc insertion sites, closing a class of potential injection vectors. (#25510)

• MCP schema: proxy-args now accepted at top level — The stdio_mcp_tool schema now includes proxy-args as a top-level property, fixing validation errors for tools that use proxy arguments. (#25542)

• MCP config schema validation re-enabled — Previously dead MCP configuration schema validation paths are now wired up, improving compile-time error detection. (#25507)

• Docker pre-download list updated — The cli-proxy image is now included in the pre-download list, reducing cold-start latency in containerized runs. (#25558)

• Playground editor template dropdown restored — Four missing workflow templates have been restored to the playground editor dropdown. (#25528)

📚 Documentation

• Integrity-filtering inputs fully documented — All integrity-filtering inputs are now documented in the reference. (#25545, Learn more)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@IEvangelist

• Compiler unconditionally adds invalid discussions: write permission to safe-output jobs (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.1M

---

What's Changed

• [slides] Add OpenTelemetry distributed tracing slide by @github-actions[bot] in #25515
• fix: remove invalid permission-discussions from GitHub App token fields by @Copilot in #25508
• fix: temporarily disable GITHUB_COPILOT_INTEGRATION_ID env var by @lpcox in #25521
• Add ValidateHeredocContent checks to 5 user-controlled heredoc sites by @Copilot in #25510
• Wire up dead MCP config schema validation by @Copilot in #25507
• Fix TestStepOrderingValidation_SecretRedactionBeforeUploads: tighten Upload Safe Outputs assertion by @Copilot in #25524
• [docs] Fix playground editor template dropdown — restore 4 missing templates by @github-actions[bot] in #25528
• [ubuntu-image] research: update Ubuntu runner image analysis to 20260406.80.1 by @github-actions[bot] in #25537
• feat(otel): propagate parent span ID through aw_context for cross-job trace hierarchy by @Copilot in #25540
• Remove deprecated add-comment.discussion (singular) in favor of discussions: true/false by @Copilot in #25532
• docs: document all integrity-filtering inputs by @lpcox in #25545
• fix: add proxy-args to stdio_mcp_tool schema top-level properties by @Copilot in #25542
• [actions] Update GitHub Actions versions - 2026-04-09 by @Copilot in #25541
• [safe-output-integrator] Add missing upload-artifact safe-output test workflow and compiler test by @github-actions[bot] in #25547
• refactor(static-analysis-report): build gh-aw from source instead of installing a release by @Copilot in #25556
• fix: add cli-proxy image to Docker pre-download list by @lpcox in #25558
• Optimize Functional Pragmatist workflow token usage (~54% prompt reduction) by @Copilot in #25560

Full Changelog: v0.67.4...v0.68.0

v0.67.4

🌟 Release Highlights

This release delivers a critical Copilot engine reliability fix that restores all affected workflows, alongside a wave of new agentic workflow templates, meaningful security hardening, and a rich set of bug fixes driven by community reports.

🚨 Critical Fix: Copilot Engine Silent Startup Crash

All Copilot-engine workflows were silently failing for ~35+ hours starting April 8 due to a startup crash in Copilot CLI v1.0.21. This release pins DefaultCopilotVersion to 1.0.20 and recompiles all 187 workflow lock files to restore normal operation immediately.

✨ What's New

• Five new agentic workflow templates — approach-validator, test-quality-sentinel, refactoring-cadence, architecture-guardian, and design-decision-gate expand the built-in workflow library for code quality, ADR enforcement, and architectural governance.

• allowed-events filter for submit-pull-request-review — Workflows can now restrict which review types (APPROVE, COMMENT, REQUEST_CHANGES) the safe-output job may submit, giving maintainers tighter control over automated review actions. (#25484)

• Copilot driver retry logic — The Copilot driver now retries on partial session failures, reducing flaky workflow runs caused by transient CAPI errors. (#25329)

• --runner-guard compilation flag — gh aw compile now accepts --runner-guard to enforce runner constraints in the static-analysis-report workflow. (#25281)

• Version bumps — Firewall updated to v0.25.18 and MCP Gateway to v0.2.17 for all compiled workflows. (#25505)

🔒 Security Hardening

• NFKC normalization + homoglyph detection — SafeOutputs now normalizes Unicode input using NFKC and detects Cyrillic/Greek homoglyph substitutions. The Secret Leak threat detection check is also hardened to catch more patterns. (#25458)

• HTML comment bypass fix — removeXmlComments is now applied before mention neutralization, closing a potential injection path in safe-output processing. (#25462)

🐛 Bug Fixes & Improvements

• gh aw list false positive "Compiled: No" — The compiler now uses a frontmatter content hash instead of file mtime to detect compiled status, fixing incorrect results after git checkout. (#25364)

• safe-outputs type imports — Types declared in imported safe-outputs schemas are no longer silently dropped when the main workflow also defines safe-outputs. (#25402)

• gh aw add-wizard HTTPS auth fix — The wizard no longer fails authentication when the git remote uses an HTTPS URL with an embedded username. (#25375)

• Playwright MCP logs directory — chmod 777 applied to the playwright mcp-logs directory so non-root Docker containers can write logs correctly. (#25417)

• Stale actions-lock.json entries pruned — Compilation now removes stale gh-aw-actions entries from actions-lock.json, preventing stale pin accumulation across releases. (#25361)

• CLI proxy RUNNER_TEMP quoting — \$\{RUNNER_TEMP} in generated shell commands is now properly quoted and template expressions in run: blocks are handled correctly. (#25330)

📚 Documentation

• Developer docs consolidated (v5.6): broken README links fixed and tone updated. (#25446)
• Slash command guidance added for the SideRepoOps pattern.
• dispatch-ops.md condensed by 24% for easier reading. (#25423)

---

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bryanknox

• gh aw add-wizard not logged in to GitHub CLI (direct issue)

@chrisfregly

• Bug in safe-outputs Frontmatter Merging Schematics (direct issue)

@deyaaeldeen

• Compiler v0.67.3 pins runtime setup action to v0.67.1, leaving stale entries in actions-lock.json (direct issue)

@JanKrivanek

• submit-pull-request-review: allow filtering allowed event types (APPROVE, COMMENT, REQUEST_CHANGES) (direct issue)

@pholleran

• Copilot CLI should retry on transient CAPIError 400 Bad Request during agentic workflow execution (direct issue)

@yskopets

• gh aw list: 'Compiled: No' false positive after git checkout due to mtime comparison (direct issue)
• Docs: No guidance on using slash commands in SideRepoOps pattern (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 909.5K

---

What's Changed

• Fix MCP integration tests broken by SDK v1.5.0 schema validation behavior change by @Copilot in #25310
• chore: verify and recompile agentic workflows after hono/node-server bump by @dependabot[bot] in #25212
• Add --runner-guard to compile; wire into static-analysis-report workflow by @Copilot in #25281
• fix: filter AWF infrastructure lines from engine failure context by @Copilot in #25314
• Fix Changeset Generator missing github network preset in allowed-domains config by @Copilot in #25333
• Add copilot driver with retry logic for partial session failures by @Copilot in #25329
• [slides] Add Staged Mode slide to presentation by @github-actions[bot] in #25343
• feat: add design-decision-gate agentic workflow for ADR enforcement by @Copilot in #25323
• feat: add architecture-guardian agentic workflow by @Copilot in #25334
• fix: use absolute node path in awf wrapper to survive sudo PATH stripping by @Copilot in #25341
• feat: add approach-validator agentic workflow by @Copilot in #25354
• fix: quote ${RUNNER_TEMP} in generated shell commands and replace template expressions in run: blocks by @Copilot in #25330
• Add refactoring-cadence agentic workflow by @Copilot in #25352
• Prune stale gh-aw-actions entries from actions-lock.json after compilation by @Copilot in #25361
• feat: add test-quality-sentinel agentic workflow by @Copilot in #25353
• fix: selectively git add known files in maintenance update command by @Copilot in #25370
• fix: use frontmatter hash instead of mtime to determine compiled status in gh aw list by @Copilot in #25364
• feat: migrate 50% of agentic workflows from upload-asset to upload-artifact by @Copilot in #25342
• Fix add-wizard auth failure when git remote uses HTTPS URL with embedded username by @Copilot in #25375
• build(deps-dev): bump basic-ftp from 5.2.0 to 5.2.1 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #25380
• Rename "Upload Safe Output Items" → "Upload Safe Outputs Items" for terminology consistency by @Copilot in #25378
• fix(spec+compiler): update MCP gateway OTLP headers to string-only (v1.13.0) by @Copilot in #25135
• feat: increase logging in copilot driver for silent startup failures by @Copilot in #25390
• [log] Add debug logging to 5 CLI files for improved troubleshooting by @github-actions[bot] in #25393
• docs: add slash command guidance for SideRepoOps pattern by @Copilot in #25401
• CLI proxy: start difc-proxy on host, pass --difc-proxy-host to AWF by @Copilot in #25366
• chore: set AWFCliProxyMinVersion to v0.25.17 by @lpcox in #25411
• Normalize report headers from h2 to h3 in 3 workflow templates by @Copilot in #25414
• fix: safe-outputs types from imports dropped when main workflow defines any safe-outputs by @Copilot in #25402
• Remove CodeMirror dependency from live edito...

v0.67.3

🌟 Release Highlights

This release strengthens workflow composition, self-hosted runner support, and token-minting patterns — with four improvements driven directly by community feedback.

✨ What's New

pre-steps: same-job token minting for cross-repo checkout

A new pre-steps frontmatter field lets you inject steps that run before checkout and the agent, inside the same job. This is the recommended solution for workflows that use token-minting actions (e.g. actions/create-github-app-token, octo-sts) to check out external repositories. Because the minted token stays in the same job, it is never masked when crossing a job boundary — the long-standing checkout.token runtime failure is now fully addressed. Pre-steps from imported shared workflows are automatically merged in.

pre-steps:
  - name: Mint short-lived token
    id: mint
    uses: some-org/token-minting-action@v1
    with:
      scope: target-org/target-repo

checkout:
  - repository: target-org/target-repo
    path: target
    token: $\{\{ steps.mint.outputs.token }}
    current: false

import-inputs expressions in imports: section

$\{\{ github.aw.import-inputs.* }} expressions in the imports: section's with: values are now correctly resolved before nested import discovery. Multi-level workflow composition — where a shared workflow forwards an input to its own imports — now works as expected. See the imports reference for details.

assignees on create-pull-request fallback issues

safe-outputs.create-pull-request now accepts an assignees field that applies to all fallback paths, including protected-files: fallback-to-issue. Assignees are validated before submission, with automatic retry on HTTP 422. See the safe-outputs pull requests reference for details.

safe-outputs:
  create-pull-request:
    protected-files: fallback-to-issue
    reviewers: [mcg]
    assignees: [mcg]   # ← now accepted; applied to all fallback issues

New design pattern docs: WorkQueueOps & BatchOps

Two new design pattern pages are now available in the docs:

• WorkQueueOps: four queue strategies (issue checklists, sub-issues, cache-memory JSON, discussion-based) with concurrency and idempotency guidance.
• BatchOps: four batch strategies including chunked pagination, modulo-sharded matrix fan-out, rate-limit-aware processing, and result aggregation via cache-memory.

🐛 Bug Fixes & Improvements

• MCP compile + Docker unavailable: actionlint, zizmor, and poutine linting no longer marks every workflow as valid: false when Docker is unavailable. A clear DockerUnavailable error is surfaced instead of silently hiding compilation results.
• OTLP artifact upload: otel.jsonl (the span mirror written by send_otlp_span.cjs) is now automatically included in the "Upload agent artifacts" step for all OTLP-configured workflows, enabling post-hoc trace debugging without a live collector.
• Self-hosted runner path isolation: Fixed a setup issue where $RUNNER_TEMP = /tmp caused the read-only setup tree and the read-write runtime tree to collapse into the same path, inadvertently granting write access to compiled scripts and MCP configs.
• Tool version updates: Claude Code 2.1.92 → 2.1.94, Copilot CLI 1.0.20 → 1.0.21, MCP Go SDK v1.4.1 → v1.5.0 (security: Origin/Content-Type header verification; protocol version 2025-11-25).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@j-srodka

• Configurable or documented runs-on for generated agentics maintenance workflow (self-hosted fleets) (direct issue)

@salekseev

• checkout.token from custom jobs: fails at runtime when token-minting action masks output (direct issue)

@seangibeault

• Feature: support assignees on create-pull-request for protected-files: fallback-to-issue (direct issue)

@yskopets

• feat: allow ${{ github.aw.import-inputs.* }} expressions in frontmatter imports section (direct issue)

---

For complete details, see CHANGELOG.

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• #25199 issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Release · ● 1.5M

---

What's Changed

• fix: reject /-prefixed paths not under .agents/ or .github/ with security error by @Copilot in #24943
• Merge assign-to-agent safe output handler into the safe output main handler loop by @Copilot in #24934
• Align MCP Scripts step names with Safe Outputs naming conventions by @Copilot in #24944
• [actions] Update GitHub Actions versions - 2026-04-06 by @github-actions[bot] in #24952
• feat: add api-consumption-report daily agentic workflow by @Copilot in #24957
• refactor: move create-agent-session into main safe-outputs handler loop by @Copilot in #24951
• Bump MCPG container image to v0.2.15 by @Copilot in #24945
• fix: use actual OTLP span trace ID in job observability summary by @Copilot in #24963
• fix: unknown tool names in frontmatter tools section are compile errors; remove qmd built-in by @Copilot in #24855
• docs: document inlined-imports: true for cross-org workflow_call scenarios by @Copilot in #24977
• [safe-output-integrator] Add missing safe-output test workflows and compiler tests by @github-actions[bot] in #24975
• Add actions: read to activation job permissions when hash check API step is emitted by @Copilot in #24976
• feat: add --artifacts flag to audit/logs/audit-diff commands with MCP exposure and incremental caching by @Copilot in #24967
• Recompile workflows to sync lock files by @Copilot in #24988
• fix(api-consumption-report): track actual GitHub REST API quota from run_summary.json by @Copilot in #24986
• Fix resolve_host_repo.cjs to correctly identify callee repo in cross-org workflow_call by @Copilot in #24974
• feat: add assignees to create-pull-request for fallback issues by @Copilot in #24966
• fix: update golden files for activation job actions: read permission by @Copilot in #24998
• docs: add missing qmd reference page to fix docs build by @Copilot in #24999
• Fix build-wasm: update golden files for actions: read permission by @Copilot in #25000
• fix(tests): add audit-diff to MCP server tool tests by @Copilot in #25006
• fix(pdf-summary): normalize report formatting to match style guidelines by @Copilot in #25007
• [docs] docs(engines): reduce bloat in AI engines reference by @github-actions[bot] in #25010
• feat: add cli-proxy feature flag for AWF gh CLI proxy sidecar (firewall v0.25.14) by @Copilot in #24997
• [jsweep] Clean action_input_utils.test.cjs by @github-actions[bot] in #25021
• feat(compiler): setup node in agent job and safe_outputs job when using custom image runner by @Copilot in #25011
• Remove cli-proxy-writable feature flag and add read-only gh CLI prompt for cli-proxy by @Copilot in #25013
• Refocus api-consumption-report on GitHub API usage only by @Copilot in #25030
• Fix TestCustomPermissionsOverrideDefaults false failure on activation job permissions by @Copilot in #25039
• [code-simplifier] refactor: simplify cli-proxy code from #25013 (early-continue pattern + step numbering) by @github-actions[bot] in #25037
• perf: fix 20% validation regression by caching builtin file parsing and eliminating redundant work by @Copilot in #25036
• fix: remove 360 upper limit on timeout-minutes to support custom runners by @Copilot in #25042
• [fp-enhancer] Improve pkg/agentdrain: declarative initialization and functional transformation by @github-actions[bot] in #250...

v0.67.2

🌟 Release Highlights

This release focuses on reliability and correctness for cross-repo workflows, fixes network access issues with curl/wget, and improves import path resolution.

🐛 Bug Fixes & Improvements

• Cross-repo workflow hash check fixed — The lock file integrity check now correctly resolves GITHUB_WORKFLOW_REF and GITHUB_EVENT_NAME when workflows run cross-repo via org rulesets or workflow_call. Previously, ERR_CONFIG failures prevented reusable workflows from passing the timestamp check entirely.

• Cross-repo checkout tokens no longer silently dropped — GitHub Actions runner v2.308+ suppresses masked job outputs, causing checkout app tokens forwarded from the activation job to be dropped before reaching the agent. Tokens are now minted directly in the agent job, ensuring cross-repo checkouts work reliably.

• curl and wget now work with flags in network.allowed workflows — Copilot CLI's shell(curl) permission only matched a bare curl with no arguments. Any real invocation (curl -s …, curl --max-time 30 …) was denied even when the domain was explicitly listed in network.allowed. Both curl and wget are now registered as stem commands so flag-bearing invocations are permitted.

• Runtime import resolver handles repo-root-absolute paths — Paths like /.agents/skills/my-skill/instructions.md or //.github/agents/planner.md (with one or more leading slashes) were incorrectly resolved to .github/workflows/…. The resolver now strips leading slashes before prefix checks, matching the existing compile-time behavior.

• timeout-minutes capped at 360 in schema — The frontmatter schema now enforces a maximum value of 360 (GitHub's 6-hour runner limit), so workflows with values like 500 are caught at compile time rather than failing at runtime.

• Dependency security patches — Updated vite across docs and setup scripts to address path traversal and server.fs bypass vulnerabilities (CVE-adjacent upstream fixes in vite 7.3.2 / 8.0.5).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bbonafed

• Cross-repo workflow_call: hash check fails because github.workflow_ref and GITHUB_EVENT_NAME resolve to caller, not callee (direct issue)
• Runtime import resolver does not handle repo-root-absolute paths (leading /) (direct issue)

@wtgodbe

• Agent denied network access via curl to explicitly allowed domains; sometimes gives up entirely (direct issue)

@yskopets

• Cross-repo checkout fails: GitHub Actions suppresses checkout_app_token_0 job output as secret (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 2.4M

---

What's Changed

• [docs] Update glossary - weekly full scan by @github-actions[bot] in #24850
• [specs] Update layout specification - 2026-04-06 by @github-actions[bot] in #24840
• [code-simplifier] refactor: extract getActionInput() helper for hyphen/underscore input normalization (#24823) by @github-actions[bot] in #24836
• [instructions] Sync github-agentic-workflows.md with v0.67.0 by @github-actions[bot] in #24854
• [community] Update community contributions in README by @github-actions[bot] in #24852
• [jsweep] Clean add_reviewer.cjs by @github-actions[bot] in #24828
• [spec-review] Update Safe Outputs conformance checker for recent spec changes by @github-actions[bot] in #24857
• fix: use Math.floor instead of Math.round for OTEL job start ms timestamp by @Copilot in #24859
• spec(mcp-gateway): allow opentelemetry headers as name=value string (v1.12.0) by @Copilot in #24869
• rename: awInfoHasMCPServers → extractMCPServerNamesFromAwInfo by @Copilot in #24861
• [blog] Weekly blog post – 2026-04-06 by @github-actions[bot] in #24893
• test(agentdrain): migrate miner_test.go to testify, add coverage for TrainEvent/Clusters/Coordinator/persistence by @Copilot in #24871
• Add validation: safe-outputs max field must be a positive integer or -1 (unlimited) by @Copilot in #24864
• Convert Write Safe Outputs Tools step to actions/github-script with JSON env vars by @Copilot in #24872
• refactor: consolidate duplicate logic in role_checks.go by @Copilot in #24870
• Add run-install-scripts flag to disable npm pre/post install scripts by default by @Copilot in #24863
• [rendering-scripts] fix: preserve fenced code blocks in template rendering by @github-actions[bot] in #24862
• Add node runtime to daily-issues-report workflow by @Copilot in #24913
• docs: fix stale status-comment description to reflect auto-enable behavior by @Copilot in #24915
• fix: add network.allowed to schema-feature-coverage and ai-moderator Codex workflows by @Copilot in #24916
• fix: mint checkout app tokens in agent job, not activation job by @Copilot in #24902
• reduce token usage for daily-syntax-error-quality and dead-code-remover workflows by @Copilot in #24914
• fix(runtime-import): handle repo-root-absolute paths with leading / or // by @Copilot in #24903
• fix(tools): add curl and wget as stem commands to fix shell permission denial by @Copilot in #24923
• [slides] Update monitoring slide with audit and format commands by @github-actions[bot] in #24929
• fix(daily-syntax-error-quality): unblock /tmp/gh-aw compile path, remove unused GitHub toolset by @Copilot in #24925
• build(deps-dev): bump vite from 8.0.3 to 8.0.5 in /actions/setup/js in the npm_and_yarn group across 1 directory by @dependabot[bot] in #24936
• Add maximum: 360 to timeout-minutes schema to enforce GitHub Actions runner limit by @Copilot in #24931
• Fix cross-repo reusable workflow hash check: remove workflow_call event gate and correct workflow_ref assumptions by @Copilot in #24924
• build(deps): bump vite from 7.3.1 to 7.3.2 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #24937

Full Changelog: v0.67.1...v0.67.2

v0.67.1

🌟 Release Highlights

This release delivers a major OpenTelemetry observability overhaul, a new report_incomplete safe output signal, Claude Code 1.0.0 compatibility, and a wave of security hardening — all driven in part by community-reported issues.

✨ What's New

🔭 OpenTelemetry Observability (Multiple PRs)

A substantial series of improvements makes distributed tracing production-ready:

• Accurate span names — job lifecycle spans now use the actual job name (e.g. gh-aw.agent.conclusion) instead of the generic gh-aw.job.conclusion, making traces immediately readable in Grafana/Honeycomb/Datadog.
• Real job duration — conclusion spans now record actual execution time (previously always reported 2–5 ms due to a missing startMs).
• OTLP payload sanitization — sensitive values (token, secret, key, auth, etc.) in span attributes are automatically redacted before sending to any OTLP collector.
• OTLP headers masking — OTEL_EXPORTER_OTLP_HEADERS is masked with ::add-mask:: in every job, preventing auth tokens from leaking in GitHub Actions debug logs.
• MCP Gateway OpenTelemetry — the MCP Gateway now receives opentelemetry config derived from observability.otlp frontmatter and the actions/setup trace IDs, correlating all MCP tool-call traces under the workflow root trace.
• New resource attributes — service.version, github.repository, github.run_id, github.event_name, github.ref, github.sha, github.actions.run_url, deployment.environment, gh-aw.staged, gh-aw.run.attempt enriching all spans.
• Observability job summary auto-enabled — the job summary step is now rendered automatically whenever OTLP is configured; the observability.job-summary opt-in field is removed (auto-detected).
• Real OTLP trace ID in the observability job summary (was incorrectly showing the workflow_call_id).
• GitHub API rate limit analytics — gh aw audit, gh aw logs, and gh aw audit diff now show GitHub API quota consumed per run, per resource.

🛡️ report_incomplete Safe Output

A new first-class signal for agents to surface infrastructure or tool failures without being misclassified as successful runs. When an agent emits report_incomplete, the safe-outputs handler activates failure handling regardless of agent exit code — preventing "tool-failure comment disguised as a success" scenarios. Can be configured with create-issue, title-prefix, and labels, just like missing_tool.

✅ checks as a First-Class MCP Tool

The checks tool is now registered in the gh-aw MCP server, returning a normalized CI verdict (success, failed, pending, no_checks, policy_blocked). Review workflows no longer need to shell out to gh aw checks.

🔐 Security Hardening

• Token/secret injection prevention — 422 instances of $\{\{ secrets.* }} interpolated directly into run: blocks have been moved to env: mappings across 181 lock files and hand-authored CI workflows, preventing shell injection if a token contains metacharacters.
• runner-guard added to static analysis — the static-analysis-report workflow now runs Vigilant-LLC's runner-guard scanner alongside zizmor, poutine, and actionlint.

🔍 Pre-Activation Visibility

When a workflow activation is denied (bot gate, role gate, stop-after, skip-if-match, etc.), the activation job now writes a $GITHUB_STEP_SUMMARY explaining the exact reason and providing remediation guidance — no more silently skipping PRs with no visible indicator.

🤖 Claude Code 1.0.0 Compatibility

The --disable-slash-commands flag has been removed from the Claude CLI args builder. Claude Code 1.0.0 dropped this flag as a breaking change; the compiler was unconditionally injecting it, causing all Claude-engine workflows to fail at startup.

🐛 Bug Fixes & Improvements

• Fix Octokit .endpoint proxy — pre_activation check scripts were failing with route.endpoint is not a function due to the rate-limit-aware github proxy stripping Octokit's .endpoint decorator; fixed with a Proxy wrapper.
• Fix OTLP span kind — job lifecycle spans now use SPAN_KIND_INTERNAL (was SPAN_KIND_SERVER), preventing false RED-metric pollution in observability backends.
• Error message quality — duplicate permission scope hints suppressed, redundant path prefix stripped from single-failure messages, and YAML parse error fallbacks now emit proper IDE-navigable positions.
• Fix daily-issues-report — switched from codex to copilot engine after OpenAI API access restrictions blocked Codex since Mar 24.
• Fix runner-guard v2 module path — corrected go install path to include /v2/ suffix for Go major version convention compliance.
• Fix docs breadcrumb config — removed unrecognized breadcrumbs: true key that was breaking Starlight config.
• Add stateful scanning pattern to memory.md — documents the baseline-diff approach for nightly scans using repo-memory.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bbonafed

• Fix: Flexible import path resolution and cross-repo agent imports (direct issue)

@dagecko

• CI/CD Security Hardening: Extract tokens and secrets from run blocks into env mappings (direct issue)

@samuelkahessay

• gh-aw treats a comment-based review verdict as successful even when the agent only reported tool failures (direct issue)
• bot-gated PR review runs can disappear with no review check or surfaced skip reason (direct issue)
• gh-aw MCP server exposes 8 CLI tools but not checks, forcing review workflows to shell out to gh aw checks (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.2M

---

What's Changed

• feat: report agent failure in OTEL conclusion span by @Copilot in #24650
• fix: use actual job name in OTLP span names (#fix-span-names) by @Copilot in #24648
• feat: add daily-otel-instrumentation-advisor workflow by @Copilot in #24655
• [docs] Unbloat upgrading guide (-20% words) by @github-actions[bot] in #24657
• feat(otel): enrich resource attributes with service.version, github.repository, github.run_id, github.event_name by @Copilot in #24659
• feat(otel-advisor): query live Sentry OTel data to ground analysis by @Copilot in #24661
• fix(otel): show real OTLP trace ID in observability job summary by @Copilot in #24666
• feat: add gh-aw.run.attempt to setup and conclusion OTel spans by @Copilot in #24670
• [jsweep] Clean action_conclusion_otlp.cjs by @github-actions[bot] in #24669
• chore: update drain3 default log pattern weights by @github-actions[bot] in #24673
• enrich OTel error conclusion spans with agent_output.json error details by @Copilot in #24675
• [docs] Update dictation skill instructions by @github-actions[bot] in #24676
• fix: OTel conclusion spans record actual job execution duration instead of ~0 ms by @Copilot in #24680
• test: add test coverage for tool call result preview in generatePlainTextSummary (core.info) by @Copilot in #24688
• chore: upgrade gh-aw-mcpg to v0.2.14 by @Copilot in #24689
• [architecture] Update architecture diagram - 2026-04-05 by @github-actions[bot] in #24693
• feat(otel): add github.actions.run_url resource attribute to all spans by @Copilot in #24691
• docs: add stateful scanning (repo-memory baseline diff) pattern to memory.md by @Copilot in #24687
• docs: add pre-step data-fetching pattern to create-agentic-workflow.md by @Copilot in #24685
• Add GitHub API rate limit observability via JSONL artifact logging and OTLP span enrichment by @Copilot in #24694
• fix(otel): use SPAN_KIND_INTERNAL for job lifecycle spans instead of SPAN_KIND_SERVER by @Copilot in #24701
• [instructions] Sync github-agentic-workflows.md with v0.67.0 by @github-actions[bot] in #24707
• [docs] docs: Developer documentation consolidation v5.3 — GitHub API rate limit observability by @github-actions[bot] in #24709
• [community] Update community contributions in README by @github-actions[bot] in #24705
• Rename domainStatus → classifyFirewallDomainStatus and statusEmoji → firewallStatusEmoji by @Copilot in #24712
• Add gh-aw.staged and deployment.environment to OTLP conclusion spans by @Copilot in #24711
• [dead-code] chore: remove...

v0.67.0

🌟 Release Highlights

This release delivers a major observability milestone with full OTLP trace export support, resolves critical GitHub MCP App token authentication bugs, expands the environment variable reference documentation, and addresses a wave of community-reported issues across self-hosted runners, cross-repo workflows, and the Codex engine.

✨ What's New

📡 OTLP Trace Export (observability.otlp)

Workflows can now export structured OpenTelemetry spans to any OTLP-compatible backend (e.g. Honeycomb, Grafana Tempo, Sentry) with a single frontmatter block:

observability:
  otlp:
    endpoint: $\{\{ secrets.GH_AW_OTEL_ENDPOINT }}
    headers: $\{\{ secrets.GH_AW_OTEL_HEADERS }}

Every job emits setup and conclusion spans with rich attributes (gh-aw.job.name, gh-aw.workflow.name, gh-aw.engine.id, token usage, and more). Cross-job trace correlation is wired automatically — all jobs in a run share a single trace ID originating from the activation job. Dispatched child workflows inherit the parent's trace context via aw_context, giving you end-to-end visibility across composite workflow chains. When a static endpoint URL is provided, its hostname is automatically added to the AWF firewall allowlist.

📚 Environment Variable Reference

A new comprehensive Environment Variables reference section covers CLI configuration (DEBUG, GH_AW_FEATURES, …), per-phase model override variables (GH_AW_MODEL_AGENT_*), and guard policy fallback variables (GH_AW_GITHUB_BLOCKED_USERS, GH_AW_GITHUB_TRUSTED_USERS) — previously discoverable only by reading source code.

🐛 Bug Fixes & Improvements

• GitHub MCP App token always empty — actions/create-github-app-token masks its output token and GitHub Actions runner v2.308+ silently drops masked values from job outputs, causing github_mcp_app_token to always arrive empty in the agent job (GitHub MCP server ran unauthenticated). The token is now minted directly in the agent job to avoid the cross-job output masking issue. (closes #24569)

• Duplicate "Generate GitHub App token" step — when multiple checkout: entries fell back to the top-level github-app:, the compiler produced steps with the same name, causing a duplicate-step validation error. Each step is now uniquely named. (closes #24573)

• Tavily MCP docs and mcp inspect missing servers — the web-search guide referenced the wrong npm package (@tavily/mcp-server → @tavily/mcp) and a dead GitHub URL. Additionally, gh aw mcp inspect now correctly reports MCP servers defined in imported workflows and handles on: issues string triggers. (closes #24567)

• repo-memory file-glob patterns silently skipping files — documentation and several built-in workflow templates incorrectly instructed agents to prefix file-glob patterns with the branch path (e.g. memory/branch-name/*.json). Patterns are matched against relative paths from the artifact directory, so bare extension patterns (*.json) are correct. All affected workflows and the reference docs have been fixed.

• Remote workflow calls — fixed a regression that broke workflow_call triggers in cross-repository setups. (closes #24422)

• workflow_call missing ref: in cross-repo checkout — activation job now correctly passes ref: when checking out a target repository for workflow_call triggers. (closes #20508)

• setup.sh create_dir() fails on self-hosted Linux runners — create_dir() now uses sudo when the runner user lacks write access to /opt/. (closes #20283)

• Codex engine on self-hosted runners — the vendored codex-x86_64-unknown-linux-musl binary now correctly supports --dangerously-bypass-approvals-and-sandbox. (closes #20157)

• GH_AW_SAFE_OUTPUTS_CONFIG_PATH / GH_AW_SAFE_OUTPUTS_TOOLS_PATH not available as env vars — these paths are now written to both GITHUB_OUTPUT and GITHUB_ENV so downstream jobs can reference them as environment variables. (closes #23092)

• agent_version: latest causes 400 Bad Request with Gemini models — version resolution now correctly handles latest for model/version combinations that do not support it. (closes #20833)

• Runtime parameterization of frontmatter fields — compile-time frontmatter fields can now be overridden at runtime via $\{\{ vars.* }} or $\{\{ secrets.* }} expressions in supported fields. (closes #23724)

🔧 Internal

• Shared OTLP observability config extracted into shared/observability-otlp.md, adopted by 54 workflows (30% of the repo).
• hourly-ci-cleaner switched to the Claude engine with max-turns: 20, scoped make recompile to only when .md files changed, and added exit guardrails to eliminate the previous ~43% failure rate.
• Token optimizer data loading moved to deterministic pre-agentic steps, removing dependency on the unreliable agentic-workflows MCP container.

---

🌍 Community Contributions — A huge thank you to the community members who reported issues that were resolved in this release!

@bbonafed

• Ask: Runtime Parameterization of Compile-Time Frontmatter Fields (direct issue)

@Esomoire-consultancy-Company

• ✨ Set up Copilot instructions (direct issue)

@glitch-ux

• docs: add CLI and operator environment variable reference (direct issue)

@grahame-white

• BUG: Downstream 'GH_AW_SAFE_OUTPUTS_CONFIG_PATH' and 'GH_AW_SAFE_OUTPUTS_TOOLS_PATH' variables not available as env vars due to GITHUB_OUTPUT-only write (direct issue)

@jaroslawgajewski

• feat: OTLP trace export from agent runtime (direct issue)

@johnwilliams-12

• Activation job missing ref: in cross-repo checkout for workflow_call triggers (direct issue)

@MattSkala

• Invalid tavily MCP search link and config in docs (direct issue)

@microsasa

• agent_version: latest causes 400 Bad Request with gemini-3-pro-preview model (direct issue)

@Rubyj

• setup.sh: create_dir() does not use sudo on Linux, breaks self-hosted runners where runner user lacks write access to /opt/ (direct issue)

@straub

• Bug: github_mcp_app_token activation output silently skipped — regression introduced in #24251 (direct issue)

@strawgate

• Remote workflow call still broken (direct issue)

@tomasmed

• Codex engine fails on self-hosted runner: vendored codex-x86_64-unknown-linux-musl binary does not support --dangerously-bypass-approvals-and-sandbox (direct issue)

@yskopets

• Bug: duplicate 'Generate GitHub App token' step in activation job when checkout + tools.github used with top-level github-app (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 2.5M

---

What's Changed

• fix: handle null token_usage in optimizer jq aggregations by @lpcox in #24400
• feat: create shared/token-logs-24h.md to ensure log cache reuse across token workflows by @Copilot in #24417
• docs: add CLI and operator environment variable reference by @Copilot in #24407
• fix: strip surrounding quotes from --allow-domains value in agent log firewall parsing by @Copilot in #24409
• chore: update drain3 default log pattern weights by @github-actions[bot] in #24423
• feat(logs): query GitHub API rate limit before each batch iteration by @Copilot in #24424
• feat: show dedicated message for cyber_policy_violation engine failures by @Copilot in #24428
• feat: add missing OpenAI GPT model multipliers by @Copilot in #24430
• Comment out stale-check in generated lock.yml by @Copilot in #24435
• feat: add Python trending charts to Copilot Token Usage Analyzer by @Copilot in #24434
• fix: install gh-aw CLI in shared token-logs-24h before fallback download by @lpcox in #24438
• Fix stale lock check to resolve callee repo for cross-repo reusable workflows by @Copilot in #24433
• [docs] Remove redundant Safe Output Operations sect...

v0.66.1

🌟 Release Highlights

This release focuses on richer observability from gh aw logs — flat classification fields, per-tool-call metrics, and consolidated security reporting — along with several community-driven bug fixes and feature additions.

⚠️ Breaking Changes

gh aw audit report has been removed. Cross-run security reports are now generated directly by gh aw logs --format:

# Before
gh aw audit report --workflow "agent-task" --last 10
gh aw audit report --format pretty
gh aw audit report --last 5 --json

# After
gh aw logs agent-task --format markdown --count 10
gh aw logs --format pretty
gh aw logs --format markdown --last 5 --json

The new --last flag is available as an alias for --count to ease migration. All existing --json output continues to work.

✨ What's New

• Flat run classification in gh aw logs --json: Each run now carries a top-level classification string ("risky", "normal", "baseline", or "unclassified"), eliminating the need to null-guard against deeply nested comparison.classification.label. Query it directly:

  gh aw logs --json | jq '.runs[] | {id: .database_id, classification}'

• Per-tool-call metrics in logs: Episode responses now include granular tool-call metrics — token usage, failure counts, and latency per tool — making it possible to identify which tools consume the most resources or fail most frequently.

• Discussion thread reply support: The add-comment safe output now accepts a reply_to_id field, enabling agents to post threaded replies within GitHub Discussions.

• auth field accepted in HTTP MCP server config: Frontmatter validation no longer rejects the auth field on HTTP MCP servers, unblocking workflows that use authenticated remote MCP endpoints.

• Fuzzy schedule no longer requires an origin remote: Workflows using fuzzy/relative schedules now work correctly in repositories without a configured origin remote.

🐛 Bug Fixes & Improvements

• Token analysis workflows fixed: All four token workflows (Copilot/Claude analyzers and optimizers) now correctly parse gh aw logs --json output — extracting .runs[] and using snake_case field names. A new shared token-logs-fetch workflow pre-fetches logs once daily to avoid redundant API calls.
• Null-safe jq aggregations: Token optimizer workflows no longer crash with a division-by-zero error when runs have zero token usage.

📚 Documentation

• Agent-assisted workflow import guide: The packaging and imports guide now includes a step-by-step walkthrough for using a coding agent to import and adapt a workflow from another repository, with tabbed prompt examples for common use cases.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bbonafed

• auth field on HTTP MCP servers rejected by frontmatter schema validation (direct issue)

@corygehr

• add-comment: support reply_to_id field in agent output for discussion threading (direct issue)

@jaroslawgajewski

• feat(mcp): Add per-tool-call metrics to logs response (direct issue)
• feat(mcp): Include classification label in logs tool response (direct issue)

@jeffhandley

• Fuzzy schedule requires an 'origin' remote (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.9M

---

What's Changed

• [log] Add debug logging to agentdrain package by @github-actions[bot] in #24383
• Wrap token usage step summary in a details section by @Copilot in #24375
• fix: add auth field to http_mcp_tool frontmatter schema by @Copilot in #24369
• [actions] Update GitHub Actions versions - 2026-04-03 by @github-actions[bot] in #24378
• Proactively ignore .dockerbuild artifacts in logs download by @Copilot in #24386
• feat(add-comment): support reply_to_id for discussion threading from any trigger by @Copilot in #24367
• fix: reduce API rate limit pressure in train-drain3-weights workflow by @Copilot in #24392
• feat(mcp): Surface repository and organization in logs tool response by @Copilot in #24391
• fix: fuzzy schedule scattering works with non-origin remote names by @Copilot in #24390
• feat(logs): add top-level classification field to RunData in logs response by @Copilot in #24394
• feat(mcp): Add per-tool-call metrics to logs episode response by @Copilot in #24389
• docs: add agent-assisted import & adapt section to packaging-imports guide by @Copilot in #24397
• feat: merge gh aw audit report into gh aw logs --format by @Copilot in #24396
• fix: align token workflows with gh-aw logs --json schema and add shared log caching by @lpcox in #24395

Full Changelog: v0.66.0...v0.66.1

v0.66.0

🌟 Release Highlights

This release focuses on AI observability, workflow reliability, and threat detection extensibility — making it easier to monitor agent token usage, debug anomalies, and customize security pre/post-steps.

✨ What's New

• Token Usage Artifact (#24315) — Agent token counts are now bundled as an agent_usage.json artifact alongside each run, enabling third-party tooling and dashboards to consume structured token data without parsing step summaries.

• Log Pattern Mining in Audit & Logs (#24328) — gh aw audit report now includes an Agent Event Pattern Analysis section powered by Drain3 log template mining. Use the new gh aw logs --train flag to train weights from your own run history, improving anomaly detection accuracy over time.

• Threat Detection Pre-Steps & Post-Steps (#24250) — The threat detection job now supports custom pre-steps and post-steps, giving security teams the ability to run custom checks before and after detection without modifying the compiled workflow.

• create_labels Maintenance Operation (#24341) — A new agentics-maintenance.yml operation automatically creates any missing repository labels referenced in safe-outputs. Also, compile --json now includes a labels field per ValidationResult and exposes a --no-emit option.

• GitHub App Token Minting Moved to Activation Job (#24251) — GitHub App token minting now happens in the activation job, improving security posture and reducing token lifetime exposure in downstream jobs.

🐛 Bug Fixes & Improvements

• GH_HOST regression fixed (#24321) — The Install GitHub Copilot CLI step no longer silently drops the GH_HOST: github.com environment pin introduced in v0.65.6, restoring CLI functionality for users behind proxy configurations.

• SARIF upload overhauled (#24322) — Code scanning SARIF uploads now use a dedicated job with proper artifact transfer, direct checkout token computation, and GitHub App checkout support — resolving failures that required additional git commit references.

• push_repo_memory guarded against failed/skipped agents (#24363) — The repo-memory push job now requires needs.agent.result == 'success', preventing stale or incomplete memory from being written when the agent fails or is skipped.

• Pipefail SIGPIPE fixes in token optimizer workflows (#24350, #24354) — Token analyzer and optimizer workflows were silently aborting artifact download loops due to SIGPIPE (exit 141) under set -euo pipefail. Replaced piped while read patterns with temp-file approaches.

• Bundle transport fix for HEAD commits (#24317) — Fixed a bug where the bundle transport failed when the agent committed directly to HEAD instead of a named branch.

• Compiler error formatting (#24316) — Eliminated spurious file:1:1: prefix from double-wrapped compiler errors, making diagnostics cleaner.

• Daily Issues Report Generator restored (#24349) — Fixed 11 consecutive days of failures caused by PATH issues on GPU runners and a proxy-related gh issue list crash, with graceful fallback to an empty dataset.

📚 Documentation

• Updated CLI reference with --train flag docs, --no-emit option, labels JSON field, Agent Event Pattern Analysis, and agent_usage.json artifact table entry (#24377).
• Expanded the Manual Maintenance Operations guide with a full table of available operations including the new create_labels entry (#24377).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@adamhenson

• feat: expose compiled token data as job outputs or artifact (not just step summary) (direct issue)

@chrisfregly

• Missing Threat Detection Custom Pre-Steps (direct issue)

@jaroslawgajewski

• Suspected regression in v0.65.6: Install GitHub Copilot CLI no longer emits GH_HOST: github.com (direct issue)

@kbreit-insight

• SARIF upload requires additional git commit references (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.2M

---

What's Changed

• [dead-code] chore: remove dead functions — 4 functions removed by @github-actions[bot] in #24288
• [docs] docs: consolidate dev.md to v5.1 — add 3 previously uncovered spec files by @github-actions[bot] in #24275
• [instructions] Sync github-agentic-workflows.md with release v0.65.6 by @github-actions[bot] in #24273
• [docs] Update glossary - daily scan (imports and import-schema) by @github-actions[bot] in #24267
• [community] Update community contributions in README by @github-actions[bot] in #24271
• [architecture] Update architecture diagram - 2026-04-03 by @github-actions[bot] in #24264
• Rename isEmptyDiff → isEmptyFirewallDiff for consistency by @Copilot in #24277
• fix: remove stale action-tag: v0 from daily-fact.md and recompile by @Copilot in #24310
• refactor: eliminate duplicated AWF injection, secret validation, and MCP secret collection across engine implementations by @Copilot in #24283
• [q] fix: show effective tokens (ET) in discussion footer by @github-actions[bot] in #24320
• ci: skip go mod download on cache hit for 9 jobs by @Copilot in #24319
• perf: eliminate repeated O(n) action pin scans and redundant permissions parsing in MCP workflow compilation by @Copilot in #24256
• feat: add pre-steps and post-steps to threat detection job by @Copilot in #24250
• Fix double-wrapped compiler errors emitting spurious file:1:1: prefix by @Copilot in #24316
• fix: restore GH_HOST: github.com pin on Install GitHub Copilot CLI step by @Copilot in #24321
• Move github-app token minting to activation job by @Copilot in #24251
• fix: bundle transport fails when agent commits to HEAD instead of named branch by @Copilot in #24317
• feat: bundle token usage as agent artifact by @Copilot in #24315
• fix: update wasm golden files to include GH_HOST env var in Copilot CLI install step by @Copilot in #24330
• fix: install gh-aw CLI extension in workflow pre-steps by @lpcox in #24335
• Fix workflow network allowlist gaps from 2026-04-03 firewall report by @Copilot in #24332
• Upgrade charmbracelet/huh to charm.land/huh/v2 v2.0.3 by @Copilot in #24331
• Migrate HuhTheme to huh v2 ThemeFunc API by @Copilot in #24343
• feat: integrate log template mining into audit report and logs by @Copilot in #24328
• fix: replace piped while loops with temp files to avoid pipefail SIGPIPE by @lpcox in #24350
• Add create-labels maintenance operation and compile --json label reporting by @Copilot in #24341
• fix: eliminate piped while loops in token optimizer workflows by @lpcox in #24354
• fix: restore Daily Issues Report Generator — AWF binary install + issues data fetch resilience by @Copilot in #24349
• Fix copy dictation instructions button on agentic-authoring page by @Copilot in #24362
• fix: push_repo_memory should not run when agent job is skipped or failed by @Copilot in #24363
• fix: dedicated upload_code_scanning_sarif job with SARIF artifact transfer, direct checkout token computation, and github-app checkout support by @Copilot in #24322
• ci: skip GitHub API-heavy jobs on non-main branches by @Copilot in #24370
• [docs] Update documentation for features from 2026-04-03 by @github-actions[bot] in #24377
• chore: update drain3 default log pattern weights by @github-actions[bot] in #24381

Full Changelog: v0.65.7...v0.66.0

v0.65.7

🌟 Release Highlights

This release focuses on cross-repo workflow reliability, safe-outputs improvements, and new token optimization tooling — along with a handful of highly-requested community fixes.

✨ What's New

• MCP Gateway keepalive configuration — Expose keepalive-interval as a first-class frontmatter option under sandbox.mcp, preventing session expiry during long-running agent tasks. Learn more

• Dynamic github-token expressions — github-token fields in safe-outputs now accept $\{\{ needs.JOB.outputs.OUTPUT }} expressions, enabling short-lived tokens minted by upstream jobs (e.g., via actions/create-github-app-token or Octo STS) to be used seamlessly with built-in safe outputs. Learn more

• Daily token usage analysis workflows — New daily-token-usage-analysis and daily-safe-output-optimizer workflows help you identify unused tools and reduce per-turn token costs — the same pattern that has already produced concrete savings in gh-aw-firewall.

• Agent failure footers now include effective token count — The token consumption of each run is now surfaced directly in agent failure issue/comment footers, making cost investigation faster.

🐛 Bug Fixes & Improvements

• Cross-repo workflow_call integrity check fixed — GITHUB_WORKFLOW_REF env var always reflects the top-level caller, not the callee. The integrity check now correctly uses github.workflow_ref (the Actions context expression) to resolve the called workflow's source. Fixes long-standing failures for reusable remote workflows. Learn more

• Stale GH_HOST and false fork-PR detection resolved — configure_gh_for_ghe.sh returned early for github.com without clearing a previously-set GH_HOST, causing gh pr checkout and related commands to fail against the wrong host. A secondary false-positive fork detection was also removed. Closes #24208, #24217, #24218.

• Detection gate wired for imported safe-outputs — Workflows that declare no safe-outputs: in their own frontmatter but pull it in via imports: were compiled without a detection job gate. This is now correctly enforced.

• CI Cleaner always produces safe outputs — The CI Cleaner agent now has a mandatory exit protocol ensuring at least one safe-output tool is called before it exits, preventing silent "no safe outputs generated" failures.

📚 Documentation

• Frontmatter hash clarified — Documentation now accurately describes the frontmatter hash as a stale-lock detection mechanism, not a tamper-protection or security boundary, to avoid misleading security assumptions. See reference

• Copilot Agent Files reference page reduced from 167 → 125 lines (25% leaner) while preserving all essential information.

🔧 Maintenance

• Playwright Browser bumped to v1.59.1 (Windows regression fix)
• MCP Gateway bumped to v0.2.12
• AWF Firewall bumped to v0.25.13
• 6 GitHub Actions updated to latest SHA-pinned releases

---

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@ferryhinardi

• Threat detection compile path ignores workflow network.allowed domains (direct issue)

@salekseev

• Support expression-based safe-outputs github-token from auth job outputs (direct issue)

@strawgate

• Remote workflow_call appears broken (direct issue)
• Integrity check fails for cross-repo workflow_call: GITHUB_WORKFLOW_REF points to caller, not callee (direct issue)

@virenpepper

• engine: claude — squid proxy rejects chroot localhost connections (transaction-end-before-headers) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 716.4K

---

What's Changed

• [docs] Update documentation for 2026-04-02 features by @github-actions[bot] in #24170
• fix: wire detection gate for safe-outputs assembled entirely from imports by @Copilot in #24155
• fix(ci-cleaner): add mandatory exit protocol to always produce safe outputs by @Copilot in #24182
• [actions] Update GitHub Actions versions - 2026-04-02 by @Copilot in #24181
• [log] Add debug logging to 4 Go files by @Copilot in #24180
• chore: Bump AWF firewall version to v0.25.13 by @lpcox in #24185
• feat: Add daily token usage analysis and optimization workflows by @Copilot in #24192
• Include effective token count in agent failure issue/comment footer by @Copilot in #24196
• fix(workflows): normalize report headers to h3+ and add progressive disclosure by @Copilot in #24201
• docs: clarify frontmatter hash is stale-lock detection, not tamper protection by @Copilot in #24198
• fix: Clear stale GH_HOST and remove false fork PR detection (#24208) by @lpcox in #24221
• feat: Expose MCP gateway keepalive-interval in workflow config schema by @Copilot in #24220
• [docs] docs: reduce bloat in Copilot Agent Files reference page by @github-actions[bot] in #24223
• fix: unset stale GH_HOST when configuring gh for github.com by @Copilot in #24222
• feat: Allow ${{ needs.JOB.outputs.OUTPUT }} expressions in github-token fields by @Copilot in #24215
• Fix cross-repo workflow_call integrity check: use github.workflow_ref instead of GITHUB_WORKFLOW_REF by @Copilot in #24200
• [jsweep] Clean add_reaction_and_edit_comment.cjs by @github-actions[bot] in #24228
• Use details/summary for progressive disclosure of failure reporting tip by @Copilot in #24229
• chore: update Playwright Browser v1.59.1, MCP Gateway v0.2.12 by @Copilot in #24226

Full Changelog: v0.65.6...v0.65.7

v0.65.6

🌟 Release Highlights

This release centers on Effective Tokens — a new end-to-end feature that tracks and surfaces AI token usage across workflow runs — alongside five community-reported bug fixes and a set of reliability improvements.

✨ What's New

• Effective Tokens visibility — Token usage is now tracked from the MCP gateway log through the agent job outputs and surfaced directly in workflow footer comments. Footer templates gain three new variables: {effective_tokens} (raw integer), {effective_tokens_formatted} (compact string like 1.2K), and {effective_tokens_suffix} (a ready-to-use suffix like · ● 1.2K). All built-in footer templates have been updated to include {effective_tokens_suffix} by default. (#24150, #24132, #24122, #24029)

• Custom model token weights — The engine frontmatter now supports custom token weight overrides per model, enabling more accurate effective-token calculations for non-default deployments. (#24134)

• Native web-fetch for Codex and Gemini — The mcp/fetch fallback has been removed; Codex and Gemini workflows now use native web-fetch, reducing latency and eliminating an unnecessary MCP dependency. (#24017)

• Staggered cron schedules — Approximately 30 workflows previously fired simultaneously at the top of each hour, exhausting the GitHub App rate limit. The compiler now hashes each workflow's identity to scatter execution within ±30 minutes, eliminating rate-limit bursts. (#24144)

🐛 Bug Fixes & Improvements

• Safe outputs MCP server now receives GH_AW_SAFE_OUTPUTS — The environment variable was not passed to the safe-outputs MCP HTTP server startup step, causing outputs.jsonl to appear empty even on success. (#24126)

• Discussion reply threading fixed — add-comment now correctly threads replies when the triggering comment is itself a reply inside a discussion thread. (#24031)

• Lenient temporary ID validation — Invalid temporary IDs (e.g. containing underscores) now emit a warning instead of failing PR creation. (#24030)

• Conclusion job concurrency now customizable — A concurrency.job-discriminator field can be applied to the conclusion job, allowing users to control grouping independently of the agent job. (#24043)

• Lock file integrity check works across organizations — Reusable workflow lock files are now resolved from the source repository rather than the calling repository, fixing cross-org integrity validation. (#24057)

• add_comment no longer fails on scheduled runs — When no triggering context is available (e.g. a schedule trigger), the add_comment handler now silently skips instead of erroring. (#24131, #24098)

• MCP gateway tool allowlist enforced at gateway layer — Tool allow/deny lists are now enforced at the gateway itself with restricted config file permissions, improving security posture. (#23933)

• Protocol-relative URLs blocked in safe-outputs sanitizer — URLs like //evil.com are now treated as blocked domains, closing a sanitization bypass. (#23930)

📚 Documentation

• Added the Effective Tokens specification documenting the token-tracking architecture, formula, and template variables.
• Developer spec consolidated into dev.md v5.0. (#24067)

---

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@corygehr

• add-comment for Discussion doesn't allow for replies to a threaded comment reply (direct issue)

@dsyme

• Invalide temporary ID should probably not fail PR creation (direct issue)

@jaroslawgajewski

• Lock file integrity check should resolve the lock file from the reusable workflow source repository (direct issue)

@szabta89

• Conclusion job concurrency is static per workflow and cannot be customized (direct issue)

@yaananth

• Safe outputs MCP server returns success but outputs.jsonl is empty (v0.65.5) (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 747.2K

---

What's Changed

• fix: treat protocol-relative URLs as blocked domains in safe-outputs sanitizer by @Copilot in #23930
• Enforce MCP gateway tool allowlist at the gateway layer and restrict config file permissions by @Copilot in #23933
• feat: remove mcp/fetch fallback and wire native web-fetch for Codex and Gemini by @Copilot in #24017
• [jsweep] jsweep: Clean add_comment.cjs by @github-actions[bot] in #24020
• docs: expand security architecture section on homepage for non-security audiences by @Copilot in #24026
• feat(logs): parse events.jsonl as primary metrics source for Copilot CLI runs by @Copilot in #24027
• fix: use events.jsonl from copilot session-state for log parsing by @Copilot in #24028
• feat: render token-usage.jsonl in the MCP gateway step summary by @Copilot in #24029
• [code-simplifier] refactor: simplify token usage parsing in parse_mcp_gateway_log.cjs by @github-actions[bot] in #24032
• Fix discussion reply threading when triggering comment is itself a reply by @Copilot in #24031
• [ca] fix: correct JSDoc type annotation in parse_mcp_gateway_log.cjs by @github-actions[bot] in #24033
• fix: lenient temporary ID validation — support underscores, warn instead of fail by @Copilot in #24030
• fix: increase timeout for daily-architecture-diagram workflow by @Copilot in #24042
• [docs] Update glossary - daily scan by @github-actions[bot] in #24044
• Apply concurrency.job-discriminator to the conclusion job by @Copilot in #24043
• [community] Update community contributions in README by @github-actions[bot] in #24062
• [instructions] Sync github-agentic-workflows.md with release v0.65.5 by @github-actions[bot] in #24061
• fix: use Python venv for pip installs in shared Python workflows by @Copilot in #24053
• Set max branch limit to 10 and enable deletion on scheduled runs by @Copilot in #24064
• [docs] Consolidate developer specs into dev.md v5.0 (2026-04-02) by @github-actions[bot] in #24067
• Fix lock file integrity check for cross-org reusable workflows by @Copilot in #24057
• [rendering-scripts] fix: add pretty-print format support to copilot log parser by @github-actions[bot] in #24070
• Prevent copilot-maintenance workflow from running on forks by @Copilot in #24082
• Fix JS typecheck failures introduced by TypeScript v6 strict catch variable typing by @Copilot in #24089
• Remove unnecessary []byte casts in pkg/console golden tests by @Copilot in #24086
• Implement conclusion job step improvements by @Copilot in #24063
• Migrate pkg/repoutil tests to testify assertions by @Copilot in #24085
• [dead-code] chore: remove dead functions — 4 functions removed by @github-actions[bot] in #24094
• Return structured JSON instead of MCP protocol errors for invalid inputs in logs/audit/compile tools by @Copilot in #24058
• fix: silently skip add_comment when no triggering context (schedule runs) by @Copilot in #24098
• Extract Go source code analysis tools bundle into shared component by @Copilot in #24084
• fix(docs): add aria-label to Expressive Code copy-to-clipboard buttons by @Copilot in #24099
• refactor: split mixed-concern files identified by semantic function clustering analysis by @Copilot in #24101
• fix: add-wizard ls-remote de...