v0.71.3

🌟 Release Highlights

This release delivers major improvements to safe-outputs reusability and parameterization, more resilient Copilot driver behavior, a streamlined compiler configuration system, and solid self-hosted runner support — all driven in large part by community feedback.

✨ What's New

• Configurable MCP gateway session timeout — Set engine.mcp.session-timeout in workflow frontmatter to control how long MCP sessions stay alive, preventing premature timeouts in long-running workflows. (resolves community request #29353)

• Parameterized safe-outputs for reusable workflows — workflow_call inputs can now control safe-outputs.threat-detection, boolean flags, PR policy fields, and list constraints. Build reusable workflows that callers can configure without forking. (resolves #29171, #29172, #29173, #29174)

• Auto-inject create-issue safe output — Workflows without explicit safe-output configuration now automatically get a create_issue safe output, reducing boilerplate for common workflows.

• AWF JSON config file replaces CLI flag soup — The compiler now emits a structured JSON config file instead of long CLI flag strings, improving readability and maintainability of compiled workflows.

• Repo Mind Light shared workflow — A shared repo-mind-light.md workflow is now available for reuse across daily issue/PR agentic workflows. (resolves community request #29063)

• github_ref constraint on import-schema inputs — Import schemas now support github_ref constraints with action pin resolution, tightening input validation for workflow imports.

• Self-hosted runner support for non-default home directories — Workflows now work correctly on self-hosted runners where the service account home is not /home/runner. (resolves #27260)

• Team reviewers on add_reviewer — The add_reviewer MCP tool now supports setting team_reviewers on pull requests. (resolves #29228)

• Parameterized tools.bash — The tools.bash configuration can now be parameterized for greater workflow flexibility.

🐛 Bug Fixes & Improvements

• Copilot driver resilience — The driver now restarts fresh instead of using --continue when a null-type tool_call 400 error poisons the conversation history, and falls back to a fresh run when --continue auth fails mid-stream. (resolves #29312, #28774)

• repo-memory push with signed commits — push_repo_memory.cjs now uses GraphQL signed commits to satisfy "Require signed commits" repository rulesets. (resolves #29301)

• create_pull_request branch reuse — When preserve-branch-name is enabled, create_pull_request now correctly reuses an existing branch instead of failing. (resolves #29152)

• Gemini API routing fix — Added --gemini-api-target routing correction so Gemini API keys are no longer rejected by the proxy sidecar. (resolves #25944)

• Safe-output sanitizer preserves template delimiters — Template delimiters inside fenced code blocks are no longer incorrectly stripped during sanitization.

• add_reviewer MCP tool schema fix — Removed the top-level anyOf from the schema that was incompatible with the Anthropic API.

• Threat-detection CAUTION alert — A CAUTION alert is now injected at the top of markdown content when threat detection fires, making it clearly visible.

• 6-hour wait for run completion — gh aw run --repeat no longer times out after 30 minutes; wait time now matches the GitHub Actions maximum runtime of 6 hours.

📚 Documentation

• Quick Start jargon demystified — The Quick Start guide now explains "frontmatter" and other technical terms before first use, making it more accessible to newcomers.

• Organization practices guides — New organization practices documentation added and organized into the guides section.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bbonafed

• Feature: allow safe-outputs.threat-detection to be controlled by workflow_call inputs (direct issue)
• Feature: parameterize safe-output boolean controls for reusable workflows (direct issue)
• Feature: parameterize safe-output PR policy fields in workflow_call workflows (direct issue)
• Feature: allow expression inputs for safe-output list constraints (direct issue)

@bryanchen-d

• copilot-driver: --continue retry fails with 'No authentication information found' after mid-stream server error, no recovery path (direct issue)

@dholmes

• Allow for setting team_reviewers on add_reviewer tool call (direct issue)

@duncankmckinnon

• bug: gemini API key rejected by proxy sidecar despite valid key (direct issue)

@lpcox

• Support configurable session timeout in workflow frontmatter (direct issue)

@mason-tim

• repo-memory push fails with "Commits must have verified signatures" — push_repo_memory.cjs should use pushSignedCommits (direct issue)

@mlinksva

• Repo Assist creates duplicate monthly activity issues when search_issues results are DIFC-filtered (direct issue)

@mrjf

• create_pull_request should reuse existing branch when preserve-branch-name is enabled (direct issue)

@samuelkahessay

• Targeted dispatch can drift into scheduled backlog triage when bound issues are integrity-filtered on public repos (direct issue)

@stefankrzyz

• Support self-hosted runners whose service account/home is not /home/runner (direct issue)

@szabta89

• Proposal: make Repo Mind Light integration more reusable in gh-aw (direct issue)

@theletterf

• Flaky awf-api-proxy unhealthy failure in downstream Copilot workflow (direct issue)

@tore-unumed

• copilot-driver: restart fresh instead of --continue when 400 null-type tool_call poisons history (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.9M

---

What's Changed

• Update daily caveman optimizer to allow bash: ["*"] by @Copilot in #29126
• fix: suggest calling missing_tool when bash command blocked by security policy by @Copilot in #29127
• fix: remove ! from Issue Monster comment template to prevent bash history expansion by @Copilot in #29128
• fix(release): create community-data dir, copy community_issues.json, fix deprecated import syntax by @Copilot in #29131
• fix: replace manual loop with slices.Contains in isValidWorkflowRunConclusion by @Copilot in #29130
• feat: update daily caveman optimizer to process 5 files per run by @Copilot in #29133
• fix: allow releaseassets.githubusercontent.com in daily-sentrux-report by @Copilot in #29135
• [caveman] Optimize instruction verbosity — agentic-chat.md (2026-04-29) by @github-actions[bot] in #29138
• fix: compiler validates dangerous shell expansion in safe-outputs.steps; fix copilot-pr-nlp-analysis prompt by @Copilot in #29123
• fix(cli): address 6 help text inconsistencies across logs, mcp add, health, and secrets set by @Copilot in #29141
• fix: case-insensitive isPermissionsError in create_discussion.cjs (#25116260447) by @Copilot in #29154
• Consolidate duplicate ContainerPin struct: replace with type alias by @Copilot in #29155
• feat: add shared/otel.md OpenTelemetry shared import and instrument 6 daily workflows by @Copilot in #29162
• [slides] Fix engine label and toolsets comment accuracy by @github-actions[bot] in #29166
• Extract validatePermissions into permissions_compiler_validator.go by @Copilot in #29156
• fix: merge imported workflow bots field in compiler by @Copilot in #29151
• fix(daily-syntax-error-qualit...

v0.71.2

What's Changed

• feat(otel): add github.workflow_ref resource attribute to all OTel spans by @Copilot in #28358
• Fix GH_AW_BIN detection failure under bash -e/pipefail by @Copilot in #28339
• fix: write full repo-root-relative path in source field when fallback path resolution is used by @Copilot in #28342
• feat: add check-branch-protection option to push-to-pull-request-branch by @Copilot in #28365
• docs: remove "same-repo only" limit from push-to-pull-request-branch, document cross-repo setup by @Copilot in #28379
• bump Gemini CLI default to 0.39.1 to fix API_KEY_INVALID smoke failures by @Copilot in #28385
• fix: resolve target repo checkout path in push_to_pull_request_branch handlers by @Copilot in #28377
• fix: remove run_id from trending cache key and enforce via compiler validation by @Copilot in #28387
• fix: TypeScript type errors in push_to_pull_request_branch cross-repo support by @Copilot in #28388
• fix: resolve {{#import}} directives in workflow markdown body at compile and runtime; deprecate {{#import}} in favor of {{#runtime-import}} by @Copilot in #28366
• Add Kreuzberg document intelligence MCP shared workflow by @Copilot in #28392
• [docs] docs: remove redundant sections in agentic-observability-kit by @github-actions[bot] in #28391
• chore: bump Copilot CLI → 1.0.36, Codex CLI → 0.125.0, GitHub MCP Server → v1.0.3 by @Copilot in #28401
• [architecture] Update architecture diagram - 2026-04-25 by @github-actions[bot] in #28412
• [code-simplifier] refactor: remove orphaned comments and simplify patterns in include/compiler code by @github-actions[bot] in #28409
• [jsweep] Clean dispatch_repository.cjs by @github-actions[bot] in #28397
• [spec-enforcer] Enforce specifications for agentdrain, console, constants by @github-actions[bot] in #28423
• fix: use scratchpad/architecture.md as cache source of truth for architecture diagram by @Copilot in #28422
• perf: fix BenchmarkValidation regression (+275.9%) by caching repeated expensive operations by @Copilot in #28406
• [instructions] Sync github-agentic-workflows.md with release v0.68.3 by @github-actions[bot] in #28427
• perf: fix CompileSimpleWorkflow regression (+177.5% slowdown) by @Copilot in #28408
• perf: fix BenchmarkParseWorkflow regression — ~31% faster, ~40% fewer allocations by @Copilot in #28407
• [docs] docs: tone scan v8.0 — fix 4 marketing terms across 4 spec files by @github-actions[bot] in #28433
• fix(logs): replace database_id with run_id in RunData JSON output by @Copilot in #28420
• feat: place threat detection CAUTION alert at top of PR body and add agentic-threat-detected label by @Copilot in #28429
• feat: add daily-cache-strategy-analyzer workflow by @Copilot in #28434
• Apply progressive disclosure to comment-memory disclosure note by @Copilot in #28438
• fix: correct cache-memory paths for named caches by @Copilot in #28439
• fix: increase curl retry resilience in install_awf_binary.sh for transient 502s by @Copilot in #28443
• [actions] Update GitHub Actions versions - 2026-04-24 by @Copilot in #28444
• fix: move community attribution data to /tmp/gh-aw/agent/community-data/ by @Copilot in #28442
• fix: increase timeout and tool-timeout for copilot-session-insights by @Copilot in #28450
• fix: resolve node: command not found in Copilot engine on GPU self-hosted runners by @Copilot in #28451
• fix: add GEMINI_CLI_TRUST_WORKSPACE=true to unblock Gemini headless mode by @Copilot in #28475
• [docs] Update editor preview screenshots – 2026-04-25 by @github-actions[bot] in #28461
• fix: replace string concatenation loop with strings.Builder in spec_test.go by @Copilot in #28479
• docs: fix mobile navigation, sub-12px font sizes, and breakpoint conflicts by @Copilot in #28476
• fix(q): persist cache state to end 100% cache miss streak by @Copilot in #28473
• fix: skip {{#import}} directives inside backtick code spans in runtime import processor by @Copilot in #28474
• Count unique files in create_pull_request patch limit and add max-patch-files config by @Copilot in #28472
• Improve test quality for schedule_cron_detection_test.go by @Copilot in #28480
• formalize cache-memory location naming convention and align prompt/docs with implementation by @Copilot in #28482
• chore: remove allocated LLM gateway ports for OpenCode and Crush by @Copilot in #28484
• feat: protect any top-level folder starting with '.' in safe outputs by @Copilot in #28486
• feat: audit command accepts multiple run IDs for automatic diff mode by @Copilot in #28483
• fix: standardize "Config" abbreviation in compiler-generated step names by @Copilot in #28490
• feat: add tool calls diff and tokens-per-turn to audit diff mode by @Copilot in #28494
• fix: correct broken anchor hash in agentic-observability-kit docs by @Copilot in #28497
• fix: add --skip-trust to Gemini CLI command to prevent yolo override in AWF sandbox by @Copilot in #28496
• add cookie label to sergo-created issues by @Copilot in #28501
• refactor: replace map-to-sorted-slice boilerplate with slices.Sorted(maps.Keys(...)) by @Copilot in #28502
• fix(MCE-005): add remediation guidance to E006/E007/E008 error messages by @Copilot in #28514
• fix: correct cache-memory paths in ci-coach and shared ci-data-analysis workflows by @Copilot in #28513
• feat: add OTel GenAI semantic conventions to agent span by @Copilot in #28511
• Fix integration test: check run_ids_or_urls (plural) in audit error envelope by @Copilot in #28519
• feat: cache-memory cache_memory_miss detection and conclusion handler by @Copilot in #28516
• feat: add object form support for observability.otlp.headers by @Copilot in #28524
• docs: strengthen skip-if-match guidance for scheduled issue-creating workflows by @Copilot in #28545
• [docs] docs: condense agentic-observability-kit page (21% reduction) by @github-actions[bot] in #28539
• [architecture] Update architecture diagram - 2026-04-26 by @github-actions[bot] in #28564
• [jsweep] Clean allowed_extensions_helpers.cjs by @github-actions[bot] in #28548
• [spec-enforcer] Enforce specifications for envutil, fileutil, gitutil by @github-actions[bot] in #28571
• fix(dictation): @copilot everywhere, NLP histogram step, 256-term glossary by @Copilot in #28572
• fix(spec-extractor): add mkdir to bash allowlist to unblock cache-memory initialization by @Copilot in #28570
• [docs] Tone scan 2026-04-26: 4 fixes across 2 spec files by @github-actions[bot] in #28583
• [docs] Markdown spellcheck fixes for docs/src/content/ (2026-04-26) by @github-actions[bot] in #28580
• [docs] Update documentation for features from 2026-04-26 by @github-actions[bot] in #28577
• [instructions] Sync github-agentic-workflows.md with release v0.68.3 by @github-actions[bot] in #28576
• feat: add Playwright visual regression example workflow for Frontend Developer persona by @Copilot in #28550
• perf: eliminate redundant permissions parsing and domain computation per compilation by @Copilot in #28560
• fix: replace unavailable gpt-5.4-mini with gpt-4.1-mini in github-remote-mcp-auth-test by @Copilot in #28567
• refactor: reformat cache config alert with GitHub alert syntax, progressive disclosure, and template file by @Copilot in #28575
• perf: eliminate bufio.Scanner allocations and redundant file read in parse/YAML hot paths by @Copilot in #28557
• perf: fix 24.9% regression in BenchmarkCo...

v0.71.1

🌟 Release Highlights

This release focuses on reliability and correctness — fixing several impactful bugs reported by the community, improving agent workflow efficiency, and hardening security boundaries for the Claude engine.

🐛 Bug Fixes & Improvements

• protected-files object form compilation fixed — Workflows using the documented {policy, exclude} object form for protected-files were incorrectly rejected at compile time with expected string or null, got object. The schema now correctly allows the object form alongside the string shorthand. (#28341)

• APM-restored skills no longer clobbered in pull_request runs — Skills installed by pre-agent-steps (e.g. from .github/skills/) were silently overwritten because the "Restore agent config folders" step executed after pre-agent-steps. The step ordering is now correct for pull_request triggers. (#28290)

• push_to_pull_request_branch patch size now uses incremental diff — On long-running branches, max_patch_size was measured against the full cumulative diff from the default branch rather than the net change since the last push. Each iteration now measures only the incremental git diff against the PR branch head, preventing spurious size-limit rejections. (#28198)

• design-decision-gate reliability — Raised max-turns from 15 → 20 and added git ls-remote:* to allowed tools. The workflow was exhausting all turns on copilot/* PRs before completing useful work. An explicit MCP fallback table ensures the agent switches to GitHub MCP tools when pre-fetched context files are unavailable. (#28353)

• jsweep workflow no longer runs to 60 turns — Added explicit exit criteria after PR creation. Previously the agent kept calling create_pull_request in a loop consuming 4.64M tokens/run. (#28322)

• audit/audit-diff MCP tools now return structured JSON consistently — These tools were setting IsError: true on failure and routing output to stderr, unlike logs and compile which always return structured JSON. Behaviour is now consistent. (#28291)

• Model update in github-remote-mcp-auth-test — Replaced the unavailable gpt-5.1-codex-mini model with gpt-5.4-mini, fixing 3+ days of consecutive workflow failures. (#28321)

• MCP Gateway v0.2.30 compatibility — The mempalace shared config now includes the required container field on stdio server entries, fixing daily-fact workflow failures after the gateway schema tightened. (#28288)

✨ What's New

• Hippo memory vector embeddings — New hippo-embed maintenance workflow generates vector embeddings for all Hippo memories (previously <1% were embedded, making semantic recall nearly non-functional). The daily-hippo-learn workflow now runs hippo embed on every cycle to keep the index current. (#28178)

• Claude bypassPermissions tool enforcement documented and hardened — When Claude Code runs in bypassPermissions mode (triggered by unrestricted bash access), --allowed-tools is silently ignored. The MCP gateway allowed: filter is now the documented sole effective tool boundary in this mode, with implementation notes added to prevent regressions. (#28174)

⚡ Performance

• docs-noob-tester token usage reduced ~70% — Server setup (npm install, Astro dev server startup, readiness polling, bridge IP detection) now runs in pre-agent-steps before the agent starts, saving ~700K–1M tokens/run. Timeout reduced from 45 → 30 minutes. (#28343)

📚 Documentation

• Docs table wrapping on tablet screens — Markdown tables on 641px–768px viewports were silently clipped without horizontal scroll. A new rehype plugin wraps tables in a scrollable container. (#28280)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@edgeq

• [Bug] protected-files object form fails compilation despite being documented (direct issue)

@mrjf

• push_to_pull_request_branch should compute patch size relative to PR branch head, not checkout base (direct issue)

@theletterf

• PR-context workflows still lose APM-restored skills after v0.71.0 (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.4M

---

What's Changed

• fix: sync Hard Turn Budget in design-decision-gate prompt to match max-turns: 15 by @Copilot in #28173
• fix(otel): emit agent sub-span for cancelled workflow runs by @Copilot in #28172
• feat: add hippo-embed workflow + recurring embed step to daily-hippo-learn by @Copilot in #28178
• Normalize report formatting guidelines across 5 reporting workflows by @Copilot in #28186
• docs: document Claude bypassPermissions/--allowed-tools security boundary by @Copilot in #28174
• build(deps): Bump fast-xml-parser from 5.5.9 to 5.7.1 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #28189
• [docs] docs: remove duplicated code block and redundant paragraph in concurrency reference by @github-actions[bot] in #28194
• fix: disallow --name flag when adding multiple workflows at once by @Copilot in #28195
• chore: bump CLI tool versions (Claude Code, Copilot, Codex, MCP Server, MCP Gateway) + fix comment memory rendering + fix Claude install by @Copilot in #28200
• Update docs sidebar and streamline references by @dsyme in #28223
• [architecture] Update architecture diagram - 2026-04-24 by @github-actions[bot] in #28227
• chore(deps): update golang.org/x/vuln v1.2.0 → v1.3.0 by @Copilot in #28232
• [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #28257
• rename: FormatReference → FormatPinnedActionReference, notifyResolutionFailure → recordPinResolutionFailure in pkg/actionpins by @Copilot in #28246
• [docs] dev.md v7.0 maintenance tone scan (2026-04-24) by @github-actions[bot] in #28244
• deps: bump github.com/charmbracelet/x/exp/golden to v0.0.0-20260422141420-a6cbdff8a7e2 by @Copilot in #28231
• Fix push_to_pull_request_branch patch size to use incremental net diff by @Copilot in #28198
• [jsweep] Clean create_labels.cjs and add comprehensive tests by @github-actions[bot] in #28210
• refactor: move outlier functions to their semantic homes by @Copilot in #28282
• docs: add build-time table scroll wrapper as no-JS fallback by @Copilot in #28280
• Add update_pull_request_branches maintenance operation with dedicated workflow job by @Copilot in #28108
• fix(codemod): preserve source pin when migrating tools.serena by @Copilot in #28286
• fix(spec-enforcer): add explicit noop branch when all tests are already up-to-date by @Copilot in #28289
• fix(mcp): audit/audit-diff return graceful JSON errors instead of IsError=true by @Copilot in #28291
• fix: migrate mempalace MCP server to HTTP transport for MCP Gateway v0.2.30 by @Copilot in #28288
• fix(skill-optimizer): pre-flight stash, higher limits, targeted eval tasks by @Copilot in #28292
• Suggest tools.github.mode: gh-proxy when api.github.com is firewall-blocked by @Copilot in #28293
• Add push trigger on repository default branch for .github/workflows/*.md to agentic maintenance workflow generator by @Copilot in #28295
• fix: move base-folder restore before pre-agent-steps so APM-restored skills survive PR context by @Copilot in #28290
• fix: resolve 4 CLI help text inconsistencies (secrets bootstrap, trial, logs, validate) by @Copilot in #28306
• build(deps): Bump postcss from 8.5.8 to 8.5.10 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #28312
• fix: add render_template.cjs and is_truthy.cjs to SAFE_OUTPUTS_FILES by @Copilot in #28331
• Fix copilot-pr-prompt-analysis: ad...

v0.71.0

🌟 Release Highlights

This release focuses on reliability improvements: fixing critical runtime issues for Copilot threat-detection workflows, enhancing observability for cancelled runs, and shoring up Claude engine compatibility.

✨ What's New

• Setup Node.js now included in threat-detection jobs (#28160): The detection job for the Copilot engine now correctly emits a Setup Node.js step before invoking copilot_driver.cjs, eliminating the node: command not found error that affected threat-detection workflows.

• OTLP tracing for cancelled runs (#28172): Cancelled workflow runs now emit a proper gh-aw.agent.agent sub-span in OpenTelemetry traces, giving you full duration visibility even when a run is manually cancelled before agent_output.json is written.

• Claude engine: bypassPermissions → acceptEdits (#28047): Replaces the deprecated bypassPermissions flag with acceptEdits and corrects missing MCP server tool entries in --allowed-tools, keeping Claude-powered workflows fully functional with the latest SDK.

🐛 Bug Fixes & Improvements

• Design-decision-gate turn budget corrected (#28173): The in-prompt "Hard Turn Budget" comment now matches the max-turns: 15 frontmatter value, preventing agents from self-terminating prematurely.
• Auto-triage model pin updated (#28152): Replaced the unsupported gpt-4.1-mini model pin in auto-triage-issues.md so the workflow runs without errors.
• CLI help text consistency (#28139): Addressed five inconsistencies in CLI help text for a more polished experience.
• Documentation UI fix (#28146): Resolved a 1px header navigation gap at the iPad 768px breakpoint.

🔧 Internal

• Migrated 24 workflows from daily-audit-discussion + reporting to the unified daily-audit-base template (#28151).
• Refactored the 387-line validateWorkflowData function into 4 focused validators (#28145).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@romainh-betclic

• Threat-detection job omits Setup Node.js but launches copilot_driver.cjs via node → 'node: command not found' (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 818.1K

---

What's Changed

• chore: disable threat-detection for release.md and recompile by @Copilot in #28138
• fix: address 5 CLI help text consistency issues by @Copilot in #28139
• fix: update TestMCPGatewayVersionFromFrontmatter to resolve pinned container image by @Copilot in #28144
• [copilot-token-optimizer] Architecture Guardian: reduce 47-turn analysis via bash pre-step consolidation by @Copilot in #28141
• Fix 1px header nav gap at iPad 768px breakpoint by @Copilot in #28146
• fix(claude): replace bypassPermissions with acceptEdits and fix missing MCP server tools in --allowed-tools by @Copilot in #28047
• Migrate 24 workflows from daily-audit-discussion + reporting to daily-audit-base by @Copilot in #28151
• fix: replace unsupported gpt-4.1-mini model pin in auto-triage-issues workflow by @Copilot in #28152
• [log] add debug logging to 5 pkg files by @github-actions[bot] in #28169
• refactor: decompose 387-line validateWorkflowData into 4 focused validators by @Copilot in #28145
• [ubuntu-image] research: update Ubuntu runner image analysis to 20260413.86.1 by @github-actions[bot] in #28171
• fix(workflow): emit Setup Node.js in detection job for Copilot engine by @Copilot in #28160

Full Changelog: v0.70.0...v0.71.0

v0.70.0

🌟 Release Highlights

This release delivers a wave of community-driven bug fixes alongside significant new features: multi-repo workflow support, advanced credential supply patterns, comment-memory improvements, security hardening, and a new merge-pull-request safe output.

✨ What's New

• on.needs for credential supply jobs — Workflows can now declare on.needs to express dependencies on custom pre_activation/activation jobs, enabling GitHub App credentials to be sourced from upstream job outputs. This unblocks advanced credential-supply patterns that were previously impossible.

• Multi-repo (side-repo) push_to_pull_request_branch — push_to_pull_request_branch now correctly handles multi-repo checkout patterns by scoping all git operations to the target repository's working directory.

• merge-pull-request safe output — Workflows can now merge pull requests directly as a safe output operation.

• Sticky comments — The add_comment safe output now supports sticky (upsert) comments that update in place across runs.

• Configurable fallback labels for create_pull_request — When a PR cannot be created due to branch protection, the fallback issue can now be tagged with custom labels, making it easier to triage and route those issues.

• Container image digest pinning — All built-in container images are now pinned by digest in compiled lock files, ensuring reproducible and tamper-resistant workflow executions.

• add_comment routes to PR review threads — On pull_request_review_comment triggers, add_comment now replies directly in the review thread rather than posting at PR level.

• gh-proxy mode — The GitHub CLI proxy feature is now configured via tools.github.mode: gh-proxy, providing a cleaner and more discoverable API.

• BYOK Copilot defaults — Established sensible defaults for Bring-Your-Own-Key Copilot configurations; the deprecated byok-copilot flag is now flagged for removal.

• MCP-as-CLI progress messages — MCP tools can now emit progress messages on stderr for better real-time visibility during long-running operations.

• Multiple agent assignments per issue — Agents can now be assigned to the same issue multiple times, enabling multi-repo workflows where a single issue drives work across several repositories.

🐛 Bug Fixes & Improvements

• Fixed action pin regression — gh aw compile once again pins all actions to their commit SHA hashes (regression introduced in v0.68.3).
• Fixed push_to_pull_request_branch commit link — The tracking comment now correctly links to the actual pushed commit SHA instead of the pre-push HEAD.
• Fixed macOS case-colliding artifact extraction — gh run download no longer aborts when an artifact contains case-colliding filenames (e.g., MEMORY.md and memory.md) on macOS.
• Fixed allowed-base-branches compile validation — gh aw compile no longer incorrectly reports safe-outputs.create-pull-request.allowed-base-branches as an unknown field.
• Fixed update-project GitHub App permissions — The update-project safe output now includes the required issues: read permission when using a GitHub App token.
• Fixed list_commits filtering on feature branches — Own commits are no longer incorrectly filtered out when listing commits on a feature branch.
• Fixed firewall cleanup permissions — The generated cleanup step now includes the correct chmod for the firewall/audit log directory.
• Fixed PR-context base-branch restore — The base-branch restore step no longer overwrites APM-restored .github/skills before the Copilot agent starts.
• Fixed add_comment disclosure template lookup in comment-memory safe outputs.
• XPIA security hardening — Multiple fixes to close steganographic channels in sanitization paths; disable-xpia-prompt is now rejected at compile time in strict mode.

📚 Documentation

• Self-healing documentation fixes: tools.github.mode gh-proxy documented.
• Protected files defaults updated: .githooks/, .husky/, and DESIGN.md are now protected by default.
• Developer docs consolidation and glossary improvements.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@ahmadabdalla

• list_commits on a feature branch: my own commits get filtered out (direct issue)

@bbonafed

• on.github-app credentials cannot be sourced from a custom job's outputs (jobs.{pre_activation,activation}.pre-steps splicing/needs bugs + missing on.needs API) (direct issue)

@camposbrunocampos

• Assign to agent seems to be limited for 1 assignment per issue, I would like to extend it to multiple assignments so agent can work on multiple repos. (direct issue)

@h3y6e

• update-project safe output missing issues: read when using github-app (direct issue)

@JasonYeMSFT

• 0.68.3 gh aw compile no longer pin actions to commit hash (direct issue)

@jtracey93

• Question: How do I run an agentic workflow for issue triage on issues created prior to the agentic workflow existing? (direct issue)

@microsasa

• Feature request: merge-pull-request safe-output (direct issue)
• Feature request: pin container images by digest in compiled lock files (direct issue)

@shiran-gutsy

• Support configurable labels for create_pull_request fallback issues (direct issue)

@strawgate

• Support sticky comments (direct issue)

@theletterf

• PR-context base-branch restore overwrites APM-restored .github/skills before Copilot starts (direct issue)

@tsm-harmoney

• gh aw compile reports allowed-base-branches as unknown for safe-outputs.create-pull-reques (direct issue)

@yskopets

• bug: push-to-pull-request-branch tracking comment links to wrong commit SHA (direct issue)
• gh run download fails on macOS when artifact contains both MEMORY.md and memory.md (direct issue)
• push_to_pull_request_branch does not support multi-repo (side-repo) checkout pattern (direct issue)
• add_comment: reply to pull_request_review_comment in the review thread, not at PR level (direct issue)

@zkoppert

• Generated cleanup step missing chmod for firewall/audit directory (direct issue)

⚠️ Attribution Candidates Need Review

The following community issues were closed during this release window but could not be automatically linked to a specific merged PR. Please verify whether they should be credited:

• @viktoriyabogdanova for [aw-failures] Workflow timing out at 40min — MCP get_file_contents 37–71s per call, LLM turns 4–10min — closed 2026-04-22, no confirmed PR linkage found (closed as NOT_PLANNED)
• @samuelkahessay for Feature request: force-rerun semantic for workflow_dispatch against the same bound issue — closed 2026-04-23, no confirmed PR linkage found (closed as NOT_PLANNED)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.1M

---

What's Changed

• Fix smoke-ci safe_outputs failure on schedule-triggered runs by @Copilot in #27705
• [safe-output-integrator] Add missing safe-output test workflows and compiler tests by @github-actions[bot] in #27709
• Standardize USE-001 error codes in comment_memory and merge_pull_request safe-output handlers by @Copilot in #27701
• Enforce SEC-005 allowlist validation for cross-repo comment-memory setup by @Copilot in #27702
• Codex: inject openai-proxy provider in generated config when API proxy is enabled by @Copilot in #27711
• Refactor cli-proxy feature into tools.github.mode (gh-proxy) with codemod migration by @Copilot in #27707
• Update OpenCode/Crush universal LLM consumer backend handling by @Copilot in #27708
• Fix nosprintfhostport lint in codex_engine_test by @Copilot in #27734
• Bump default MCP gateway to v0.2.30 and AWF firewall to v0.25.28 by @Copilot in #27722
• Ignore link_sub_issue failure when already linked to same parent by @Copilot in #27735
• Emit OTEL error signals for cancelled conclusions and success-with-errors runs by @Copilot in #27739
• ci: include runner-guard in cgo security-scan matrix by @Copilot in #27745
• [docs] docs: unbloat footers.md — remove redundant sections by @github-actions[bot] in ...

v0.69.3

What's Changed

• fix(cli): remove duplicate checkmark in upgrade extension output by @Copilot in #27669
• fix: force extension upgrade for pinned gh-aw installs by @Copilot in #27679
• Add vulnerability-alerts as GITHUB_TOKEN permission scope by @salmanmkc in #27668
• Fix Integration “Workflow Misc Part 2” failures by removing deprecated network.firewall test fixtures by @Copilot in #27676
• [log] Add debug logging to safe-outputs config parsers and maintenance conditions by @github-actions[bot] in #27690
• Add supersede-older-reviews for PR reviews and shift guidance to COMMENT-first defaults by @Copilot in #27662
• [actions] Update GitHub Actions versions - 2026-04-21 by @github-actions[bot] in #27680
• Add smoke-ci coverage for cache/repo memory and update safe outputs by @Copilot in #27683
• Use hash-based stale lock validation guidance in Workflow Health Manager by @Copilot in #27696

Full Changelog: v0.69.2...v0.69.3

v0.69.2

🌟 Release Highlights

This release delivers a major new memory primitive for agentic workflows, tightens URL sanitization for agent inputs, and removes the long-deprecated network.firewall frontmatter key — with a one-command migration path.

⚠️ Breaking Changes

network.firewall frontmatter key removed — this field was previously deprecated; it is now rejected by the compiler. Migrate automatically using the built-in codemod:

gh aw fix --write

The codemod rewrites network.firewall: true → sandbox.agent: awf, network.firewall: false → sandbox.agent: false, and preserves version overrides. See #27626 for details.

✨ What's New

• comment_memory safe output (#27479) — Agents can now persist structured memory directly in a managed issue or PR comment. Memory files are materialized under /tmp/gh-aw/comment-memory/ before the agent runs, edited in-place by the agent, and automatically synced back to GitHub at the end of the workflow. This enables stateful agents that accumulate context across multiple runs without external storage.

• sandbox.agent.version support (#27626) — Pin the AWF sandbox version your workflow uses via sandbox.agent.version in frontmatter. Useful for staged rollouts and reproducibility testing.

🐛 Bug Fixes & Improvements

• URL sanitization fix (#27639) — The compute_text activation step was stripping all non-GitHub URLs from issue/PR/discussion bodies before the agent could read them, even when those domains were explicitly listed in network.allowed or safe-outputs.allowed-domains. URLs from workflow-configured allow-lists are now preserved in agent input, consistent with output-side sanitization behavior.

• MCP context overflow guard (#27657) — list_code_scanning_alerts calls in bundled workflows now enforce state: open and severity: critical,high filters to prevent 145K+ character payloads from overflowing agent context windows.

• AI Moderator Codex auth fix (#27656) — Corrected auth token precedence and allowed the required Codex domain for the AI Moderator workflow.

• Workflow Tools & MCP fixes (#27645) — Resolved integration failures triggered by the network.firewall deprecation in tooling and MCP-enabled workflows.

• comment-memory permission hardening (#27642) — Fixed permission regressions introduced by the comment-memory feature and migrated config to the tools block.

• Removed noisy MCP startup notices (#27617) — MCP server startup log lines no longer emit GitHub Actions notice annotations.

📚 Documentation

• Gemini quick-start & engine chooser (#27658) — Gemini is now included in quick-start prerequisites (including GEMINI_API_KEY setup), and a new "Which engine should I choose?" section in reference/engines helps users pick the right engine for their use case.

• CLI help alignment (#27622) — CLI reference docs for run, compile, logs, remove, fix, and validate are now synchronized with actual command output.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@corygehr

• compute_text step strips all non-GitHub URLs from issue/PR/discussion bodies before the agent sees them (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.3M

---

What's Changed

• Fix Workflow Features integration test fixture to align with current network schema by @Copilot in #27643
• Pass workflow allowed domains into activation compute_text sanitization by @Copilot in #27639
• Update smoke-ci to use comment-memory and write a haiku by @Copilot in #27640
• Harden safe_outputs permission tests by scoping assertions to job section by @Copilot in #27644
• Fix Workflow Tools & MCP integration failures after network.firewall deprecation by @Copilot in #27645
• docs: add Gemini quick-start coverage and engine selection guidance by @Copilot in #27658
• Guard list_code_scanning_alerts workflow usage to prevent MCP context overflow by @Copilot in #27657
• Fix comment-memory permission regressions, migrate config to tools, and exercise PR safe outputs in smoke-ci by @Copilot in #27642

Full Changelog: v0.69.1...v0.69.2

v0.69.1

🌟 Release Highlights

This release delivers significant improvements to workflow security, SHA pinning reliability, and safe-outputs extensibility — making agentic workflows more robust, auditable, and flexible out of the box.

✨ What's New

sandbox.agent.version — Pin the AWF version per workflow
You can now specify an exact AWF version override directly in your workflow frontmatter with sandbox.agent.version. This gives you fine-grained control over which agent version executes your workflow, and the compiler automatically migrates deprecated network.firewall settings to the modern sandbox.agent API. Learn more

safe-outputs.needs — Custom credential-supply job dependencies
Workflows that mint GitHub App tokens or fetch custom credentials in a separate job can now declare that job as an upstream dependency of safe_outputs using the new safe-outputs.needs field. This unblocks needs.<custom_job>.outputs.* references in safe-outputs handlers and eliminates actionlint failures caused by undeclared job dependencies. Learn more

safe-outputs:
  needs: [secrets_fetcher]
  github-app:
    app-id: $\{\{ needs.secrets_fetcher.outputs.app_id }}
    private-key: $\{\{ needs.secrets_fetcher.outputs.app_private_key }}

Hardened gh aw add SHA pinning — no more silent fallbacks
gh aw add now fails loudly when ref→SHA resolution fails instead of silently falling back to an unpinned @ref. Transient failures (rate limits, timeouts) are retried with exponential backoff before erroring. Pinned action-ref enforcement is now the default at compile/validate time, with a new --allow-action-refs flag to downgrade to warnings. Lock files also gain a resolution_failures section in the manifest for auditing unresolved pins.

🐛 Bug Fixes & Improvements

• Codex MCP gateway — Fixed startup failures caused by config.toml self-copy when CODEX_HOME pointed to the same directory as the MCP config source.
• create_issue concurrency — Eliminated a race condition where concurrent safe-output handler calls could both pass the max-issue-count check; slot reservation is now synchronized before the first await.

📚 Documentation

• CLI reference (docs/src/content/docs/setup/cli.md) corrected to accurately reflect --repeat semantics and complete option lists for compile, logs, remove, fix, and validate commands.
• Docs site improvements: high-contrast accessibility support, explicit logo dimensions for layout stability, and lazy-loading hints for video embeds.

A huge thank you to the community members who reported issues that were resolved in this release!

@bbonafed

• Allow extending safe_outputs.needs from frontmatter for custom credential-supply jobs (direct issue)

@verkyyi

• gh aw add: silent fallback to @ref when SHA resolution fails produces asymmetric .md/.lock.yml that fails ERR_CONFIG at runtime (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.8M

---

What's Changed

• [actions] Update GitHub Actions versions - 2026-04-20 by @github-actions[bot] in #27428
• Disable threat-detection phase in copilot-token-optimizer by @Copilot in #27426
• Align safe-jobs env setup step naming with Safe Outputs terminology by @Copilot in #27420
• Harden gh aw add SHA pinning, enforce .md/.lock.yml frontmatter hash parity, require pinned action refs by default, and audit pin-resolution failures by @Copilot in #27419
• fix: add CODEX_HOME env var to MCP gateway step for Codex engine workflows by @lpcox in #27457
• SEC-004 conformance: sanitize close-issue comment body and add explicit handler exemptions by @Copilot in #27448
• Align CLI/workflow package specs with actual public surface by @Copilot in #27461
• Fix Codex smoke gateway auth by syncing converted config into writable CODEX_HOME by @Copilot in #27418
• [safe-output-integrator] Add missing merge-pull-request safe-output test workflow and compiler test by @github-actions[bot] in #27456
• Document OpenCode/Crush MCP, permission, and API-routing gotchas in troubleshooting guide by @Copilot in #27451
• Fail loudly when preserve-branch-name collides with existing remote branch by @Copilot in #27458
• Add experimental OpenCode engine support, smoke workflow, and reassign LLM gateway ports by @Copilot in #27466
• Design Decision Gate: raise ADR-path turn budget from 5 to 10 by @Copilot in #27477
• Add configurable agentic engine driver script support by @Copilot in #27453
• Error on unknown single-word ecosystem identifiers in network.allowed by @Copilot in #27475
• Support extending safe_outputs dependencies via safe-outputs.needs by @Copilot in #27476
• [workflow-style] Normalize report formatting guidance across reporting workflows by @Copilot in #27481
• [docs] docs: reduce bloat in common-issues.md by 22% by @github-actions[bot] in #27483
• Bump default AWF firewall to v0.25.26, merge main, and recompile lock outputs by @Copilot in #27478
• Remove imports.apm-packages from workflow schema and schema-driven docs by @Copilot in #27493
• [jsweep] Clean messages_staged.cjs by @github-actions[bot] in #27487
• Emit agent output metrics on OTLP conclusion spans for all outcomes by @Copilot in #27495
• Add cadence clarification prompt for scheduled workflow trigger selection by @Copilot in #27505
• Document bash allowlist decision rule for trusted vs untrusted workflow inputs by @Copilot in #27506
• Raise Design Decision Gate turn cap to prevent false-failure on successful ADR runs by @Copilot in #27514
• [docs] Update Astro dependencies - 2026-04-21 by @github-actions[bot] in #27543
• [docs] Update documentation for features from 2026-04-21 by @github-actions[bot] in #27542
• [instructions] Sync github-agentic-workflows.md with v0.68.3 by @github-actions[bot] in #27541
• [spec-enforcer] Enforce specifications for actionpins, agentdrain, cli by @github-actions[bot] in #27539
• [spec-extractor] Update package specifications for gitutil, logger, stringutil, timeutil by @github-actions[bot] in #27536
• [docs] Update glossary - daily scan 2026-04-21 by @github-actions[bot] in #27535
• [docs] Consolidate developer docs v6.7: document OTLP agent output metrics by @github-actions[bot] in #27549
• build(deps-dev): Bump typescript from 6.0.2 to 6.0.3 in /actions/setup/js by @dependabot[bot] in #27532
• build(deps-dev): Bump @types/node from 25.5.2 to 25.6.0 in /actions/setup/js by @dependabot[bot] in #27530
• [architecture] Update architecture diagram - 2026-04-21 by @github-actions[bot] in #27521
• build(deps-dev): Bump prettier from 3.8.2 to 3.8.3 in /actions/setup/js by @dependabot[bot] in #27528
• build(deps-dev): Bump @actions/github from 9.0.0 to 9.1.0 in /actions/setup/js by @dependabot[bot] in #27526
• build(deps-dev): Bump vite from 8.0.8 to 8.0.9 in /actions/setup/js by @dependabot[bot] in #27525
• [dead-code] chore: remove dead functions — 4 functions removed by @github-actions[bot] in #27567
• Docs: address multi-device accessibility/layout warnings (contrast, logo sizing, video loading) by @Copilot in #27583
• [code-simplifier] Simplify OTLP error extraction in send_otlp_span.cjs (#27495) by @github-actions[bot] in #27507
• Harden create_issue concurrency limits and remove dead copilot assignment queue code by @Copilot in #27533
• Prevent Codex MCP gateway startup failures from config.toml self-copy by @Copilot in #27582
• Refactor sanitizer APIs to separate artifact identifiers from code identifiers by @Copilot in #27584
• [fp-enhancer] Improve pkg/actionpins: extract pure helpers, eliminate duplicate init by @github-actions[bot] in #27523
• Fix lint-go and test failures in actionpins and cli specs by @Copilot in #27608
• Refactor log parser shared...

v0.69.0

🌟 Release Highlights

v0.69.0 delivers significant safe-output workflow improvements — team reviewers, dynamic branch configuration, and update-branch support — plus the new Crush AI engine and a wave of community-reported bug fixes improving MCP reliability, secret redaction, and token reporting.

✨ What's New

🤖 Crush Engine Replaces OpenCode
The OpenCode engine has been retired and replaced with Crush across all runtime paths. Update your workflows with engine: crush to use the new engine. Learn more

👥 Team Reviewer Support for Safe Outputs
create-pull-request and add-reviewer safe outputs now support team reviewers in addition to individual users — resolving a long-requested community feature. Learn more

🌿 Dynamic Base Branch for create_pull_request
Workflows can now specify a per-run base branch via policy-gated configuration. The patch generator also correctly honors the configured base_branch instead of defaulting to the triggering repo's default branch.

🔄 Update-Branch Support in update-pull-request
Safe-output update-pull-request now supports the update-branch operation, enabling workflows to keep pull requests up to date with their base branch automatically.

↩️ Redirect Support for Workflow Updates
Workflow update operations now support a --no-redirect flag and safe-update approval checks, giving you more control over automated workflow changes.

🔀 Fallback PR Flow for Diverged Branches
When push-to-pull-request-branch diverges, the workflow now automatically falls back to an alternative PR flow. Opt-out is available for workflows that prefer the previous strict behavior.

📦 latex Network Ecosystem Group
A new latex network ecosystem identifier is available for workflows that need to fetch LaTeX packages during agentic runs. Learn more

⬆️ gh aw upgrade Improvements

• New --pre-releases flag to opt into pre-release versions
• Fixed duplicate success symbol display
• Extended rename+retry workaround to Windows

🏷️ LOW_QUALITY Comment Minimization
Safe outputs now support LOW_QUALITY as a valid comment minimization reason, expanding control over comment visibility on noisy threads.

🐛 Bug Fixes & Improvements

• Fixed MCP stdout corruption — gh aw mcp-server no longer writes diagnostic banners to stdout, preventing JSON-RPC stream poisoning (community report by @edburns)
• Fixed duplicate Token Usage section in agent summaries when MCP Gateway content was present (community report by @Daidanny008)
• Eliminated secret-redaction EACCES warnings — Redact secrets in logs no longer fails on MCP log files owned by another user (community report by @yskopets)
• Fixed pre-steps outputs unavailable to safe_outputs/conclusion/activation jobs that mint GitHub App tokens (community report by @bbonafed)
• Fixed markdown fence balancer corrupting sequential code blocks
• Fixed false-positive role assertion match in single-string test patterns (community report by @jeffhandley)
• Cap native action updates at the running CLI version to prevent over-upgrading
• Fixed missing state-reason field in close-issue JSON schema
• Added --allow-host-ports to AWF command for MCP gateway port 8080

🔒 Security

• SEC-005 allowlist validation now enforced for workflow_dispatch target repo overrides
• New gh aw fix codemods available for strict-mode secret leaks in step run and engine.env

📚 Documentation

• FAQ entry clarifying slash-command trigger noise and LabelOps mitigation
• CLI help text and engine documentation aligned with latest behavior

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bbonafed

• pre-steps outputs unavailable to safe_outputs/conclusion/activation jobs that mint GitHub App tokens (direct issue)

@Calidus

• Safe-output patch generator uses triggering repo's default branch instead of configured base_branch (direct issue)

@Daidanny008

• Extra Token-Usage Section Rendered in Agent Summary (direct issue)

@edburns

• 🐳 MCP Fail Whale: gh aw mcp-server writes diagnostic banners to stdout, poisoning the JSON-RPC stream (direct issue)

@IEvangelist

• Feature request: dynamic/per-run base branch for create_pull_request safe output (direct issue)

@jeffhandley

• Likely false-positive match on single-string role test assert (direct issue)

@jsoref

• Types of parameters 'options' and 'encoding' are incompatible. -- Type 'string' is not assignable to type 'WriteFileOptions | undefined'. (direct issue)

@seangibeault

• Safe outputs create-pull-request / add-reviewer don't support team reviewers (spec says they should) (direct issue)

@tinytelly

• triggering unwanted actions (direct issue)

@yskopets

• Refactor *.cjs scripts to support SideRepoOps pattern natively (direct issue)
• agent: "Redact secrets in logs" step emits 3 warnings — EACCES permission denied on MCP log files (direct issue)

⚠️ Attribution Candidates Need Review

The following community issues were closed during this period but could not be automatically linked to a specific merged PR. Please verify whether they should be credited:

• @Ray961123 for Question: Why do some GitHub Actions steps intermittently have no logs (data-log-url) after completion? — closed 2026-04-19, closed as NOT_PLANNED, no confirmed PR linkage found

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.6M

---

What's Changed

• test: tighten single-role GH_AW_REQUIRED_ROLES assertion (fixes #26799) by @Copilot in #26804
• Add daily Claude workflow for cross-repo gh-aw compilation compatibility checks by @Copilot in #26802
• Replace archived OpenCode engine with Crush across runtime, compiler, and workflow assets by @Copilot in #26819
• fix: prevent markdown fence balancer from corrupting sequential code blocks by @dsyme in #26785
• [architecture] Update architecture diagram - 2026-04-17 by @github-actions[bot] in #26831
• [jsweep] Clean resolve_mentions_from_payload.cjs by @github-actions[bot] in #26809
• [docs] Update glossary - daily scan by @github-actions[bot] in #26840
• [spec-extractor] Update package specifications for constants, cli (run 1) by @github-actions[bot] in #26841
• [spec-enforcer] Enforce specifications for timeutil, logger, constants by @github-actions[bot] in #26842
• [docs] Update documentation for features from 2026-04-17 by @github-actions[bot] in #26845
• [docs] docs: consolidation v6.3 — tone fixes and package structure update by @github-actions[bot] in #26851
• [docs] Self-healing documentation fix: update FAQ engine list - 2026-04-17 by @github-actions[bot] in #26872
• deps: bump bubbletea v2.0.5 → v2.0.6 for wide-char rendering fix by @Copilot in #26838
• fix: cap gh-aw native action updates at the running CLI version by @Copilot in #26827
• [aw-compat] Downgrade strict missing-permission failures for default GitHub toolsets to warnings by @Copilot in #26816
• Refactor MCP gateway converters to shared pipeline and thin engine adapters by @Copilot in #26858
• ci: compile gh-aw-marketplace workflows in CI by @Copilot in #26888
• Bump default CLI/tool versions (Claude, Copilot, Codex, GitHub MCP) and recompile lockfiles by @Copilot in #26810
• docs: clarify BYOK and MCP registry enforcement behavior by @Copilot in #26900
• Refactor activation job builder to eliminate function/file size architecture violations by @Copilot in #26879
• Reduce token overhead in Daily Compiler Quality workflow by @Copilot in #26907
• Add redirect support for updates with --no-redirect and safe-update approval checks by @Copilot in #26903
• [WIP] Fix failing GitHub Actions workflow lint-go by @Copilot in #26912
• Fix CI js typecheck errors in gateway config conversion scripts by @Copilot in #26913
• Add team reviewer support to create-pull-request an...

v0.68.7

🌟 Release Highlights

This release delivers targeted bug fixes and internal reliability improvements, including a community-reported fix for on.roles configuration handling and a Codex runtime stability fix.

🐛 Bug Fixes & Improvements

• on.roles Single-String Support (#26789) — The compiler now accepts a single role string (e.g., roles: write) in addition to an array. Previously, using a string instead of an array produced a misleading compiler error with no clear guidance.
• Codex AWF Chroot Fix (#26787) — Fixed Codex agent failures in chroot environments by relocating runtime state to writable /tmp. Codex workflows on restricted filesystems should now run reliably.
• Failure Investigator Improvements (#26795) — Reduced issue churn in the aw-failure-investigator workflow by prioritizing closure and reusing parent issue tracking across runs.
• Firewall Update (#26798) — Default firewall version bumped to v0.25.23 with regenerated compiled artifacts.

✨ What's New

• Cross-Repo Compilation Compatibility Checks (#26802) — A new daily Claude workflow automatically discovers repositories using gh-aw, runs compilation checks against the latest build, and surfaces compatibility issues before they affect users.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@jeffhandley

• Misleading compiler error when 'roles' is set to a string instead of an array (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.3M

---

What's Changed

• Reduce aw-failure-investigator issue churn by prioritizing closure and reusing parent tracking by @Copilot in #26795
• Allow on.roles single-string role values (not just all) by @Copilot in #26789
• Fix Codex AWF chroot failures by moving Codex runtime state to writable /tmp by @Copilot in #26787
• chore: bump default firewall version to v0.25.23 and regenerate compiled artifacts by @Copilot in #26798

Full Changelog: v0.68.6...v0.68.7