Releases · github/gh-aw

16 Feb 21:23

v0.45.1

0e8dc45

v0.45.1 Latest

Latest

🌟 Release Highlights

This release focuses on security hardening, GitHub Enterprise support, and developer experience improvements with 42 merged pull requests addressing stability, compilation accuracy, and workflow authoring.

🔒 Security

Fixed shell injection vulnerability in branch name handling (CWE-78) - critical security patch for workflows using dynamic branch names (#16121)
Enhanced PAT token validation - COPILOT_GITHUB_TOKEN now strictly validates fine-grained PAT format to prevent auth failures (#16169)
Updated security tools - gosec v2.23.0 and actionlint v1.7.11 for latest vulnerability detection (#16070, #16071)

⚡ Stability & Performance

Fixed critical race conditions preventing concurrent workflow compilation:
- Concurrent map panic in MCP server caches (#16042)
- Data race in compile watch debounce timer (#16043)
- Nil pointer panic in DirExists on permission errors (#16041)
Improved YAML error reporting - Native FormatError() API with VSCode integration for better debugging experience (#16078)
Stabilized import topological sort - Deterministic ordering with comprehensive test coverage (#16149)

🌐 GitHub Enterprise Support

Full GitHub Enterprise compatibility for repo-memory feature - dynamic server URL extraction replaces hardcoded github.com references (#16154)
Alpine container support - Downgraded to 3.19 for gh CLI availability in containerized environments (#16050)

✨ Features & Enhancements

Expanded safe-outputs capabilities:
- unassign_from_user and assign_to_user for issue management (#16132)
- Reviewers field now compiled into create-pull-request handler config (#16122)
- Improved constraint enforcement at MCP server invocation (#16011)
Better scheduling UX:
- "on weekdays" suffix for Monday-Friday restrictions (#16048)
- Recommendations for weekday scheduling to avoid Monday backlog (#16069)
Multi-language workflow support - Added .NET/C# instructions to multi-language workflows (#16155)
Workflow portability - ai-moderator now repository-agnostic (removed hardcoded bot restrictions) (#16207)

🐛 Bug Fixes

Compilation accuracy:
- Fixed placeholder substitution ordering for runtime-imported workflows (#16191)
- Fixed import path detection in workflow specifications (#16208)
- Aligned update_project temporary ID patterns across schema and implementation (#16098, #16101, #16104)
- Fixed duplicate GitHub App token step in safe-outputs job (#16135)
CLI fixes:
- enable/disable commands now respect --repo flag for workflow status checks (#16044)
- Improved template/substitution pipeline logging with proper setupGlobals initialization (#16180)

📚 Documentation

Updated logs command documentation with skip-bots/skip-roles features (#16014)
Clarified runtime-import path validation examples in templating docs (#16133)
Added markdown formatting guidelines to ci-coach workflow (#16134)
Glossary updates and layout specification refresh (#16083, #16056)

🔧 Internal Improvements

CI now validates lock files aren't compiled with release builds (#16216)
Updated allowed domains for workflow configuration (#16213)
Refactored duplicate workflow metadata setup in cleanup scripts (#16049)
Code simplifications and test improvements (#16182, #16193, #16127, #16084)
Dependencies: awf v0.19.0, GitHub Actions updates (#16172, #16067)

Upgrade Note: If upgrading from githubnext/gh-aw to github/gh-aw, see v0.40.1 migration guide for extension re-registration steps.

For complete details, see the CHANGELOG.

What's Changed

[docs] Update documentation for logs command and skip-bots/skip-roles features by @github-actions[bot] in #16014
Enforce add_comment constraints at MCP server invocation by @Copilot in #16011
Remove SupportsHTTPTransport from engine interface by @Copilot in #16021
Fix nil pointer panic in DirExists on permission errors by @AI-Reviewer-QS in #16041
Fix enable/disable ignoring --repo flag for workflow status check by @AI-Reviewer-QS in #16044
Refactor: Extract duplicate workflow metadata setup in expired entity cleanup scripts by @Copilot in #16049
Add "on weekdays" suffix for Monday-Friday schedule restriction by @Copilot in #16048
[specs] Update layout specification - 2026-02-16 by @github-actions[bot] in #16056
[actions] Update GitHub Actions versions - February 16, 2026 by @github-actions[bot] in #16067
Recommend weekday scheduling for daily workflows to avoid Monday backlog by @Copilot in #16069
Update actionlint from v1.7.10 to v1.7.11 by @Copilot in #16071
[docs] Update glossary - weekly full scan by @github-actions[bot] in #16083
Update gosec from v2.22.11 to v2.23.0 by @Copilot in #16070
Remove TestGetActionPinSemverPreference test by @Copilot in #16084
Clean-up temporary ID pattern and add deferral logic to update-project by @mnkiefer in #16098
Fix data race in compile watch debounce timer by @AI-Reviewer-QS in #16043
Compile reviewers field into create-pull-request handler config by @Copilot in #16122
Fix shell injection vulnerability in branch name handling (CWE-78) by @Copilot in #16121
Fix concurrent map panic in MCP server caches by @AI-Reviewer-QS in #16042
Replace custom YAML error parsing with native FormatError() API and add VSCode integration by @Copilot in #16078
Clarify runtime-import path validation examples in templating docs by @Copilot in #16133
Add markdown formatting guidelines to ci-coach workflow by @Copilot in #16134
Fix duplicate GitHub App token step in safe-outputs job by @Copilot in #16135
Add unassign_from_user and assign_to_user to compile-time safe outputs schema by @Copilot in #16132
Stabilize import topological sort and add comprehensive test coverage by @Copilot in #16149
Add .NET/C# instructions to multi-language workflows by @ViktorHofer in #16155
Fix hardcoded github.com references in repo-memory for GitHub Enterprise support by @Copilot in #16154
[code-simplifier] Simplify serverHost extraction in push_repo_memory.cjs by @github-actions[bot] in #16182
🔐 Validate PAT tokens and improve RunOptions by @dsyme in #16169
Fix Go linting errors - unused append results and test assertion pattern by @Copilot in #16193
Add logging to template/substitution pipeline and fix setupGlobals initialization by @Copilot in #16180
Make ai-moderator workflow repository-agnostic by @Copilot in #16207
chore: update awf to v0.19.0 by @Mossaka in #16172
🔧 Fix Import Path Detection in Workflow Specification by @dsyme in #16208
🌐 Update allowed domains for workflow configuration by @dsyme in #16213

New Contributors

@AI-Reviewer-QS made their first contribution in #16041
@ViktorHofer made their first contribution in #16155

Full Changelog: v0.45.0...v0.45.1

Contributors

Mossaka, dsyme, and 3 other contributors

Assets 16

checksums.txt

sha256:cc0a4762f438c928f8a2dd4b6b189872d7755c48cbcc2ca105abadf52fd75b0d

872 Bytes 2026-02-16T21:22:59Z
darwin-amd64

sha256:6da8ce370f864de01134ed6cbbdc9740e6404f28760256f0c17eb87f39e2b31a

21 MB 2026-02-16T21:22:59Z
darwin-arm64

sha256:f8b9e6a3f2a4ce86f71eaf878b22f094e5db5eedfcbe10261ef16320918134c3

19.6 MB 2026-02-16T21:22:59Z
freebsd-386

sha256:1bd3266fc1e9e9316c46264e4b0f0285814b90911da3da61f8405f075940543b

19.8 MB 2026-02-16T21:22:59Z
freebsd-amd64

sha256:16844eaa5a31bbd107afdccd65d0363e97310622d38334de5777136b4a19b279

20.6 MB 2026-02-16T21:22:59Z
freebsd-arm64

sha256:36152c979cc2c5662f78282e7b15200fbd033c7fe89f1b58fab86166d91393a0

19.1 MB 2026-02-16T21:22:59Z
linux-386

sha256:b09786d3212fcab3c401ebf3fc9602776879852be72831707d58518d5433cfca

19.9 MB 2026-02-16T21:23:00Z
linux-amd64

sha256:ff62121052158d56dadfa46e2248b3f4d461c5a6367a75a1550cfc384385692f

20.6 MB 2026-02-16T21:23:00Z
linux-arm

sha256:172d90d5b5b1386d6d220454ea4281f25810086e9f67168212cc953929b1a866

19.8 MB 2026-02-16T21:23:00Z
linux-arm64

sha256:5d6bc60af8b21540606ec24acebac2ea84c8268f64d7d95fb053246f950d5dda

19.1 MB 2026-02-16T21:23:00Z
Source code (zip)

2026-02-16T20:48:34Z
Source code (tar.gz)

2026-02-16T20:48:34Z

16 Feb 01:11

github-actions

v0.45.0

58d1d15

v0.45.0

🌟 Release Highlights

This release brings powerful new workflow control features, improved flexibility, enhanced security enforcement, and a significant breaking change to reaction/status comment behavior. Highlights include role-based and bot-based workflow skipping, flexible workflow name matching, SRT removal, and major security specification updates.

⚠️ Breaking Changes

Reaction and Status Comments Now Independent (#15856)

The ai-reaction emoji and status-comment fields are now fully decoupled. Both must be explicitly enabled in your workflow configuration.

Migration required:

# ❌ OLD (implicit coupling)
messages:
  ai-reaction: 👀  # Auto-enabled status comments

# ✅ NEW (explicit configuration)
messages:
  ai-reaction: 👀
  status-comment: true  # Must explicitly enable

Workflows relying on automatic status comments when ai-reaction is set will need to add status-comment: true. Learn more about message configuration

SRT (Sandbox Runtime) Removed (#15834)

AWF (Agent Workflow Firewall) is now the only supported sandbox implementation. Legacy workflows using sandbox.agent: srt or sandbox: sandbox-runtime are automatically migrated to AWF during compilation, but explicit updates are recommended.

✨ What's New

Role-Based Workflow Skipping (#15988)

Skip workflows based on repository permissions with on.skip-roles:

on:
  skip-roles: [admin, maintain]  # Skip for admins/maintainers

Perfect for workflows that should only run for external contributors or specific permission levels. The pre-activation job checks roles before workflow execution. Documentation

Bot-Based Workflow Skipping (#15993)

Cancel workflows for specific GitHub actors (bots or users) with on.skip-bots:

on:
  skip-bots: [dependabot, renovate]

Supports flexible bot name matching—github-actions matches both github-actions and github-actions[bot] actors. Complements skip-roles for fine-grained workflow control.

Flexible Workflow Name Matching (#16007)

The gh aw logs command now accepts both workflow IDs (ci-failure-doctor) and display names ("CI Failure Doctor") with case-insensitive matching, bringing consistency with compile and status commands. No more remembering exact workflow names!

Custom Agentic Engine Guide (#15857)

New comprehensive guide for implementing custom agentic engines, enabling integration with proprietary AI systems or specialized LLM deployments beyond the built-in Copilot/Claude/Codex engines. Read the implementation guide

🔒 Security Enhancements

MCP Server Constraint Enforcement (#15996)

MCP servers now enforce constraints during tool invocation (Phase 4) for immediate LLM feedback. Dual enforcement at both MCP server and safe output processor layers provides defense-in-depth. Updated Safe Outputs specification with new constraint enforcement requirements.

Cross-Repository Allowlist Validation (#15808)

Added SEC-005 validation to prevent workflows from accessing unauthorized repositories through GitHub MCP tools. Enhances security for multi-repo operations.

Content Sanitization (#15807)

Implemented SEC-004 content sanitization across safe-output handlers to prevent injection attacks and ensure output integrity.

Max Limit Enforcement (#15806)

Added SEC-003 maximum limit enforcement to 7 core safe-output handlers (comments, issues, PRs, etc.) preventing resource exhaustion attacks.

🐛 Bug Fixes & Improvements

Fixed sandbox detection for legacy Type field configurations (#15995)
Fixed mentions.allowed normalization to handle '@' prefix at compile time (#15978)
Fixed locked issue handling with proper 403 status + message validation (#15980, #15967, #15998)
Fixed CI test failures from one-shot-token stderr pollution (#15925)
Fixed awf logs command failure when binary not installed (#15813)
Fixed runtime-import path extraction for .github.io repositories (#15826)
Fixed docs build with invalid link correction (#15835)
Issue unlocking moved to dedicated job with if: always() for reliability (#15969)
Playwright MCP updated from 0.0.64 to 0.0.68 (#15924)
Nested imports and symlinks now properly resolved (#15987)

📚 Documentation

Safe Outputs specification updated with structured verification methods and constraint enforcement requirements (#15941, #15996)
Playwright MCP usage guide added to prevent module loading errors (#15848)
Sandbox documentation updated to reflect SRT removal (#15865)
Developer specifications consolidated into instructions file (#15815)
FAQ entry added explaining why PRs from GitHub Actions bot don't trigger CI workflows (#15923)
Dictation skill updated with comprehensive project glossary (#15888)
MCP step name capitalization aligned with glossary standards (#15932)

🔧 Internal Improvements

Consolidated AWF command building logic across all agentic engines (#15810)
Extracted shared helper for close-older entity flows (#15933)
Consolidated developer specifications structure (#15815)
Force COMMENT review type when reviewer is PR author (#15838)
Enhanced footer generation in add_comment handler (#15964)
Switch review workflows to submit_pull_request_review (#15818)
Storage.googleapis.com added to go ecosystem allowlist (#15953)

Full changelog: CHANGELOG.md

Upgrade from githubnext/gh-aw? See the v0.40.1 migration guide for instructions on switching to the new github/gh-aw extension location.

What's Changed

Merge frontmatter features from imports by @Copilot in #15796
Set lockdown: false on daily-syntax-error-quality workflow by @Copilot in #15811
[docs] Consolidate developer specifications into instructions file by @github-actions[bot] in #15815
Fix awf logs command failure when binary not installed by @Copilot in #15813
Switch review workflows to submit_pull_request_review by @strawgate in #15818
Consolidate AWF command building logic across all agentic engines by @Copilot in #15810
Fix docs build: invalid link in safe-outputs-specification by @Copilot in #15835
Remove SRT (Sandbox Runtime) support, keep AWF only by @Copilot in #15834
Fix runtime-import path extraction for .github.io repositories by @Copilot in #15826
Force COMMENT for PR review when reviewer is the PR author by @strawgate in #15838
[Safe Outputs] Add max limit enforcement to 7 core handlers (SEC-003) by @Copilot in #15806
Add custom agentic engine implementation guide by @Copilot in #15857
Document Playwright MCP usage to prevent module loading errors by @Copilot in #15848
[jsweep] Clean is_truthy.test.cjs by @github-actions[bot] in #15858
SEC-004: Add content sanitization to safe-output handlers by @Copilot in #15807
[docs] Update sandbox documentation to reflect SRT removal by @github-actions[bot] in #15865
Decouple ai-reaction emoji from status comments [BREAKING] by @Copilot in #15856
[docs] Update dictation skill with comprehensive project glossary by @github-actions[bot] in #15888
Add cross-repository allowlist validation (SEC-005) by @Copilot in #15808
Update Playwright MCP from 0.0.64 to 0.0.68 by @Copilot in #15924
Extract shared helper for close-older entity flows by @Copilot in #15933
Align MCP step name capitalization with glossary by @Copilot in #15932
Add FAQ entry: PRs from GitHub Actions bot don't trigger CI workflows by @Copilot in #15923
Add structured verification methods to Safe Outputs specification requirements by @Copilot in #15941
Fix CI test failures: one-shot-token stderr pollution by @Copilot in #15925
Lpcox/udpate arch doc by @lpcox in #15945
[cloclo] Add storage.googleapis.com to go ecosystem by @github-actions[bot] in #15953
[q] Use generateFooterWithMessages in add_comment to respect custom footer config by @github-actions[bot] in #15964
[cloclo] Handle locked issue/PR reactions gracefully by @github-actions[bot] in #15967
[cloclo] Fix mentions.allowed to normalize '@' prefix at compile time by @github-actions[bot] in #15978
[cloclo] Fix locked error check: require 403 status AND locked message by @github-actions[bot] in #15980
Move issue unlocking to dedicated job with if: always() by @Copilot in #15969
Add skip-roles to conditionally skip workflows based on repository permissions by @Copilot in https://github.com/github/gh-...

Contributors

strawgate and lpcox

Assets 16

14 Feb 21:56

github-actions

v0.44.0

cec1ecf

v0.44.0

🌟 Release Highlights

This release brings major enhancements to Safe Outputs, introduces a powerful new TypeScript SDK, and adds comprehensive PR review automation capabilities.

✨ What's New

TypeScript Copilot SDK (#15592)
Program GitHub Copilot sessions directly from your workflows with the new TypeScript SDK. Create interactive AI agents, manage conversations, and integrate Copilot capabilities programmatically. Learn more

Safe Outputs Formal Specification v1.9.0 (#15711, #15698)
Complete security review and formalization of Safe Outputs with automated conformance checking. The specification now includes comprehensive permission documentation, daily conformance validation (#15734), and weekly spec synchronization (#15733).

Enhanced PR Review Automation (#15668, #15643, #15793)

Resolve review threads programmatically with new resolve-pull-request-review-thread safe output
Control footer visibility on PR review comments with conditional footer support
Submit PR reviews with configurable if-body settings for better workflow control

PR Management Features (#15686, #15737)

Create and update PRs in draft mode for incremental development
Set expiration dates on pull requests (e.g., expires: 1d) for automatic cleanup of temporary branches

Experimental Copilot SDK Engine (#15642)
New copilot-sdk engine with port-based LLM gateway support for advanced integrations.

🐛 Bug Fixes & Improvements

MCP Gateway: Fixed empty awmg_version in aw_info.json for workflows with MCP servers (#15787)
Firewall: Integrated gh-aw-firewall v0.17.2 with Codex LLM gateway support (#15785)
Testing: Improved cross-language hash validation test robustness with dynamic hash computation (#15776, #15784)
Git Tool Validation: Added automatic error detection for workflows missing git in bash allowed commands (#15749)
Safe Outputs: Added max limit enforcement to add_comment handler for security (SEC-003) (#15745)
Job Outputs: Fixed output setting in collect_ndjson_output.cjs error paths (#15603)
Docker Validation: Fixed ST1005 linting errors in Docker validation messages (#15710)

📚 Documentation

Added FAQ entry for PR creation disabled by organization settings (#15676)
Updated PR review comment footer control documentation (#15655, #15653)
Added Ubuntu Actions Runner Image Analysis documentation (#15639)
Added spam prevention guidelines to CONTRIBUTING.md (#15605)
Documented schema generation architecture and conformance checking (IMP-003) (#15744)

🔧 Internal Improvements

Bundled copilot-client with tsup for better dependency management (#15599)
Deployed copilot-client.js to /opt/gh-aw/copilot/ (#15629)
Refactored LLM gateway ports to constants for consistency (#15738)
Improved Codex log rendering with shared pretty-print renderer (#15688)
Added staged mode support across all safe output handlers (#15689)
Updated Claude Code to 2.1.42 and Copilot CLI to 0.0.410 (#15762)

For complete details, see CHANGELOG.

What's Changed

Remove legacy generateFooter by @strawgate in #15566
[WIP] Fix failing GitHub Actions workflow test by @Copilot in #15573
Recompile workflow lock files to sync with markdown sources by @Copilot in #15594
Add TypeScript copilot-sdk client for programmatic Copilot sessions by @Copilot in #15592
Add spam prevention guideline to CONTRIBUTING.md by @Copilot in #15605
Fix: Set all job outputs in collect_ndjson_output.cjs early returns and error paths by @Copilot in #15603
safe-outputs: Apply labels when creating discussions by @Copilot in #15597
Bundle copilot-client with tsup including all dependencies and integrate into recompile by @Copilot in #15599
[ubuntu-image] Add Ubuntu Actions Runner Image Analysis Documentation by @github-actions[bot] in #15639
Fix: Add if: always() to "Ingest agent output" step by @Copilot in #15630
Deploy copilot-client.js to /opt/gh-aw/copilot/ by @Copilot in #15629
Add conditional footer control for PR review comments by @Copilot in #15643
[instructions] Add footer control documentation for PR review comments by @github-actions[bot] in #15653
[docs] Update documentation for PR review comment footer control by @github-actions[bot] in #15655
[jsweep] Clean handle_noop_message.cjs by @github-actions[bot] in #15649
fix: accepted footer values for submit pr review by @strawgate in #15673
Add resolve-pull-request-review-thread safe output by @strawgate in #15668
Add FAQ entry for PR creation disabled by organization settings by @Copilot in #15676
Add draft mode support to update_pull_request and fix type definitions by @Copilot in #15686
Use "dev" prefix for fuzzy schedule seeds in development mode by @Copilot in #15692
Implement staged mode for all safe output handlers by @Copilot in #15689
Add comprehensive PR review safe outputs testing to smoke-claude workflow with per-safe-output staged mode by @Copilot in #15684
perf: Ensure Docker daemon exists AND is running by @strawgate in #15693
Disable LLM gateway support for Codex engine by @Copilot in #15674
Add daily security red team workflow for actions/setup code scanning with forensics and task generation by @Copilot in #15699
Add Safe Outputs formal specification with comprehensive permission documentation by @Copilot in #15698
Fix ST1005 linting errors in docker validation error messages by @Copilot in #15710
Add experimental copilot-sdk engine with port-based LLM gateway support by @Copilot in #15642
Fix CI pipeline issue in actions workflow by @Copilot in #15709
Safe Outputs Specification: Security Review, Automated Conformance Checker, v1.9.0 Implementation, and CI Integration by @Copilot in #15711
[WIP] Fix failing GitHub Actions workflow for integration by @Copilot in #15731
Add daily Safe Outputs conformance checker workflow by @Copilot in #15734
Add weekly workflow to sync Safe Outputs spec changes with conformance checker by @Copilot in #15733
Add expires: 1d to create-pull-request in smoke-project workflow by @Copilot in #15737
Fix IMP-003: Document schema generation architecture and update conformance check by @Copilot in #15744
Refactor LLM gateway ports to constants by @Copilot in #15738
Add max limit enforcement to add_comment handler (SEC-003) by @Copilot in #15745
Disable LLM gateway for Codex engine by @Copilot in #15748
Fix git_helpers test timeout by avoiding network operations by @Copilot in #15766
Update Claude Code to 2.1.42 and Copilot CLI to 0.0.410 by @Copilot in #15762
Add error detection for git tool usage in workflows and fix affected workflows by @Copilot in #15749
Add SafeOutput for reply to PR Review Comment by @strawgate in #15691
Fix TestNeutralToolsIntegration: add git to bash allowed commands by @Copilot in #15777
Fix reply_to_pull_request_review_comment schema CI failures by @strawgate in #15779
Make cross-language hash validation test robust by computing hash dynamically by @Copilot in #15776
Fix: Increase timeout for cross-language hash validation test by @Copilot in #15784
Integrate gh-aw-firewall v0.17.2 and enable Codex LLM gateway by @Copilot in #15785
Move if-body setting to submit-pull-request-review by @strawgate in #15793
Fix empty awmg_version in aw_info.json for workflows with MCP servers by @Copilot in #15787

Full Changelog: v0.43.23...v0.44.0

Contributors

strawgate

Assets 16

14 Feb 02:22

github-actions

v0.43.23

9382be3

v0.43.23

🌟 Release Highlights

This maintenance release focuses on reliability improvements, CI/CD enhancements, and better developer experience with expanded smoke test coverage.

✨ What's New

🔧 Enhanced API Proxy Architecture - The API proxy now uses capability-based detection (supportsLLMGateway engine flag) instead of hardcoded engine checks, making it easier to add future engines with LLM gateway support (#15557)

🧪 Expanded Smoke Test Coverage - Claude smoke tests now support 50 conversation turns (up from 25), allowing more comprehensive validation of complex workflows with multiple test scenarios (#15565)

📋 Stricter Contribution Guidelines - The project now requires agent-based bug analysis before filing issues, improving issue quality and reducing noise. Use gh aw audit and gh aw logs for automated diagnostics (#15532)

🐛 Bug Fixes & Improvements

Cache & Artifact Naming - Fixed cache-memory and repo-memory artifacts to use sanitized workflow IDs, eliminating issues with spaces and special characters in cache keys. Cache keys now use consistent formatting like memory-smokecopilot-{run-id} instead of memory-Smoke Copilot-{run-id} (#15558)

Test Infrastructure - Added missing build tags to test files and improved HTTP 403 error handling, preventing spurious CI failures (#15526)

Permissions Optimization - Safe outputs now compute minimal required permissions based on configured outputs, reducing over-permissioning (#15518)

PR Approval Flexibility - Pull request approvals no longer require a body comment, and the footer: false setting is now properly honored (#15507)

Codespaces Documentation - Added clear warnings that gh aw secrets set doesn't work in GitHub Codespaces; users should use the GitHub UI instead (#15537)

🔧 Internal

Fixed hash consistency test by recompiling release.lock.yml (#15538)
Refactored API proxy capability detection to use engine registry (#15557)

For complete details, see CHANGELOG.

What's Changed

feat: prefer Announcements category by default for create-discussion by @Copilot in #15513
Fix: Compute minimal permissions for conclusion/safe_outputs jobs based on configured safe-outputs by @Copilot in #15518
Don't require body on PR Approval and honor footer: false by @strawgate in #15507
Fix test build failures: add missing build tag and handle HTTP 403 by @Copilot in #15526
Add Codespaces incompatibility note for CLI secrets command by @Copilot in #15537
Fix hash consistency test by recompiling release.lock.yml by @Copilot in #15538
Require agent-based bug analysis before filing issues by @Copilot in #15532
Enable --enable-api-proxy for Claude and Codex engines by @Mossaka in #15533
Fix cache-memory and repo-memory naming to use sanitized IDs by @Copilot in #15558
Increase smoke-claude max-turns to 50 by @Copilot in #15565

Full Changelog: v0.43.22...v0.43.23

Contributors

Mossaka and strawgate

Assets 16

13 Feb 21:49

github-actions

v0.43.22

fe858c3

v0.43.22

🌟 Release Highlights

This maintenance release focuses on improving the reliability and usability of safe outputs, particularly for GitHub Discussion and PR creation workflows, plus better security controls for lockdown mode.

✨ What's New

GitHub Discussions Default Behavior - Discussion creation now automatically defaults to "Announcements" category, which provides enhanced visibility and notification features ideal for AI-generated content. This prevents common integration-forbidden errors when using categories without announcement capabilities. Learn more

Enhanced Lockdown Mode Security - Lockdown mode now activates only when at least one custom GitHub token is configured (GH_AW_GITHUB_TOKEN, GH_AW_GITHUB_MCP_SERVER_TOKEN, or custom github-token), providing clearer security boundaries for public repository workflows. Includes runtime validation to catch misconfigurations early. Learn more

Improved Tool Context - When using update_project or create_project_status_update safe outputs, AI agents now receive the configured default project URL in tool descriptions, making it clearer which project they're operating on.

🐛 Bug Fixes & Improvements

Fixed Cross-Repository PR Creation (#15501) - When create-pull-request specifies a target-repo, git operations (checkout, fetch, push) now correctly use the target repository instead of the source repo. Previously only the PR API call used the target, causing workflow failures.

Fixed Comment Body Handling (#15508) - close_issue and close_pull_request now properly use the body field from messages for closure comments. Previously, comments were being lost due to incorrect field mapping.

Cleaner Workflow Listings (#15499) - gh aw status and gh aw list now hide internal workflows, showing only user-created workflows for better clarity.

📚 Documentation

Added comprehensive guidance on announcement-capable categories for GitHub Discussions
Updated cross-repository workflow examples with correct git operation patterns
Improved lockdown mode security documentation with token configuration details

For complete details, see CHANGELOG.

What's Changed

Fix cut off border on blog post box by @eaftan in #15496
Fix landing page header hierarchy and harmonize blog section styling by @Copilot in #15497
Hide internal workflows from gh aw status and gh aw list by @Copilot in #15499
Fix: Use target repository for git operations in create-pull-request by @Copilot in #15501
[code-simplifier] Simplify close safe-output handlers by @github-actions[bot] in #15504
Include default project URL in update_project and create_project_status_update tool descriptions by @Copilot in #15502
Document create-discussion announcement-capable category requirement by @Copilot in #15512
Fix close_issue/close_pull_request to use message body field by @Copilot in #15508
lockdown: used only of one of user tokens is set by @dsyme in #15509

Full Changelog: v0.43.21...v0.43.22

Contributors

eaftan and dsyme

Assets 16

13 Feb 19:34

github-actions

v0.43.21

633c2ca

v0.43.21

🌟 Release Highlights

This release focuses on improving the developer experience with clearer messaging, better safe-output handling, and documentation enhancements.

✨ What's New

Relaxed Temporary ID Validation - Temporary IDs now support 3-8 alphanumeric characters (previously 4-8), making it easier to create short, memorable references like aw_abc (#15482)
Smarter Permission Validation - When GitHub MCP tools are auto-added, permission validation is now skipped to avoid unnecessary warnings (#15480)
Enhanced Close Actions - Close safe-output tools (close_issue, close_pull_request, close_discussion) now recommend adding comments and gracefully handle already-closed entities (#15489)

📚 Documentation & UX

Clearer Compilation Messages - Workflow compilation now provides more actionable feedback to help you understand what's happening (#15478)
Improved Tool Descriptions - The difference between update_issue (for editing) and close_issue (for closing) is now more clearly documented (#15475)
Better Docs Navigation - Added a centered blog link section to the documentation landing page for easier discovery (#15476)
Updated Tutorial Video - Refreshed the Copilot PAT setup video with current instructions (#15479)

🐛 Bug Fixes

Fixed Blog Post Border - Resolved a visual issue where borders were cut off on blog post boxes in the documentation (#15496)

For complete details, see CHANGELOG.

What's Changed

[WIP] Debug workflow failure for Smoke Claude by @Copilot in #15472
Clarify update-issue vs close-issue tool descriptions by @Copilot in #15475
chore: update copilot pat video by @mnkiefer in #15479
Add centered blog link section to docs landing page by @Copilot in #15476
Skip permission validation when tools.github auto-added by @Copilot in #15480
Relax temporary ID validation from aw_{4,8} to aw_{3,8} by @Copilot in #15482
🔧 Improve workflow compilation message clarity by @dsyme in #15478
Update close safe-output types to recommend comments and handle already-closed entities by @Copilot in #15489

Full Changelog: v0.43.20...v0.43.21

Contributors

dsyme and mnkiefer

Assets 16

13 Feb 16:47

github-actions

v0.43.20

1c80b7e

v0.43.20

🌟 Release Highlights

This release includes an important migration notice for existing users, a new security feature flag, and improved temporary ID handling in safe outputs.

⚠️ Migration Notice

If you installed from githubnext/gh-aw, you must re-register the extension to receive future updates:

# Remove old extension
gh extension remove gh-aw

# Install from new location
gh extension install github/gh-aw

The gh-aw project has moved from githubnext/gh-aw to github/gh-aw. Users on the old channel will not receive updates unless they reinstall from the new location.

✨ What's New

XPIA Prompt Control (#15461) - New disable-xpia-prompt feature flag allows workflows to opt out of the Cross-Prompt Injection Attack (XPIA) security prompt in agent instructions. Useful for workflows with custom security requirements:
```
---
features:
  disable-xpia-prompt: true
---
```

🐛 Bug Fixes

Temporary ID Resolution in Comments (#15459) - Fixed add_comment safe output handler to properly resolve temporary IDs (e.g., aw_test01) before validation. Previously, the handler attempted to parse temporary IDs as integers, causing NaN validation errors. Now follows the same resolution pattern as other handlers.

For complete details, see CHANGELOG.

What's Changed

Add disable-xpia-prompt feature flag by @Copilot in #15461
Update CHANGELOG for gh-aw migration and bug fixes by @bmerkle in #15463
Fix add_comment handler to resolve temporary IDs before validation by @Copilot in #15459

Full Changelog: v0.43.19...v0.43.20

Contributors

bmerkle

Assets 16

13 Feb 16:06

github-actions

v0.43.19

7fe5515

v0.43.19

🌟 Release Highlights

This release strengthens strict mode network validation, improves temporary ID handling, enhances bot detection workflows, and refines documentation for better user experience.

✨ What's New

Strict Mode Network Validation Improvements

Ecosystem identifier suggestions - When custom domains are rejected in strict mode, error messages now suggest the appropriate ecosystem identifier (e.g., "pypi.org" → suggest "python") for easier troubleshooting
Unified validation for all engines - Strict mode now enforces ecosystem domain validation consistently across all AI engines, including those with LLM gateway support
Go ecosystem support - Workflows dependent on Go now have the "go" ecosystem available in network allowlists, enabling access to go.dev, golang.org, and Go module proxies

Enhanced Temporary ID System

New alphanumeric format - Temporary IDs now use aw_[A-Za-z0-9]{4,8} format (4-8 alphanumeric characters) instead of the previous hex format, making them more readable and easier to generate
Improved validation and normalization - Better handling of temporary ID cross-references in safe-output workflows with comprehensive documentation updates

Bot Detection & Activity Tracking

Enhanced observability - Added detailed logging throughout bot detection workflows including contributor account loading and precompute steps
Improved search accuracy - Refined issue and PR search queries for more accurate bot activity detection
Better activity reporting - Enhanced tracking and reporting of bot activity patterns

🐛 Bug Fixes & Improvements

SafeOutputMessagesConfig field merging - Fixed incomplete field merging in mergeMessagesConfig to ensure all 13 configuration fields are properly merged during workflow imports
Strict mode test failures - Resolved failing tests related to custom network domains in strict mode by properly handling ecosystem validation
XPIA prompt integration - Added cross-prompt injection attack (XPIA) security prompts to strengthen workflow security
Community feedback integration - Added prominent Community Feedback link to documentation footer for easier user input

📚 Documentation

Strict mode network validation guide - Comprehensive documentation updates explaining ecosystem identifiers, domain validation rules, and error resolution strategies
Temporary ID reference - Enhanced documentation with clear examples of valid/invalid formats and usage patterns
Quick-start improvements - Updated authentication instructions and fixed typos for clearer onboarding experience
Glossary refinement - Removed unnecessary bloat from glossary for improved readability

🔧 Internal Improvements

Multiple GitHub Actions workflow fixes and stability improvements
Code simplification passes for better maintainability
Test infrastructure enhancements with improved coverage
Workflow recompilation to propagate schema and validation updates

Full Details: See CHANGELOG for complete list of changes.

Learn More: Visit gh-aw documentation for guides and references.

What's Changed

[WIP] Fix failing GitHub Actions workflow Integration: Workflow Misc Part 2 by @Copilot in #15341
[instructions] Sync github-agentic-workflows.md with v0.40.1 changes by @github-actions[bot] in #15348
chore: update bot detection workflow to token by @mnkiefer in #15354
chore: update schedule and token usage by @mnkiefer in #15355
chore: improve issue and PR search accuracy by @mnkiefer in #15356
[docs] Update documentation for allowed-extensions default behavior by @github-actions[bot] in #15352
refactor: improve activity tracking and reporting by @mnkiefer in #15360
chore: add contributor account loading to bot detection workflow by @mnkiefer in #15366
[WIP] Add flag to agentic engine interface for LLM gateway support by @Copilot in #15363
Add observability logging to bot-detection precompute step by @Copilot in #15367
fix: pass shared temporary ID map by @mnkiefer in #15371
feat: enhance bot detection logging by @mnkiefer in #15376
Fix strict mode validation failures for workflows with custom network domains by @Copilot in #15369
Fix security regression test failing under default strict mode by @Copilot in #15368
fix: imrpove temporary ID validation and normalization by @mnkiefer in #15392
[WIP] Fix issues in existing tests by @Copilot in #15395
Recompile workflows to propagate temporary ID schema updates by @Copilot in #15402
Enhance documentation for temporary ID by @mnkiefer in #15404
Fix permissions test: remove network config conflicting with strict mode by @Copilot in #15406
adding xpia prompt by @pelikhan in #15414
[WIP] Update terminology from discussions to issues by @Copilot in #15421
Add Community Feedback link to documentation footer by @Copilot in #15423
Enforce strict mode network domain validation for all engines by @Copilot in #15409
Add ecosystem identifier suggestions to strict mode network validation errors by @Copilot in #15424
[docs] Remove bloat from glossary by @github-actions[bot] in #15433
[docs] Update documentation for strict mode network validation features from 2026-02-13 by @github-actions[bot] in #15426
[WIP] Fix failing GitHub Actions workflow test by @Copilot in #15432
[code-simplifier] Code Simplification - 2026-02-13 by @github-actions[bot] in #15428
Change temporary ID format from hex to alphanumeric (4-8 chars) by @Copilot in #15419
Fix typo in 'pre-requisites' in quick-start guide by @lindseywild in #15452
Add Go ecosystem to network allowlist for Go-dependent workflows by @Copilot in #15454
Fix incomplete field merging in SafeOutputMessagesConfig imports by @Copilot in #15453
Update quick-start guide for authentication instructions by @bmerkle in #15455

New Contributors

@lindseywild made their first contribution in #15452

Full Changelog: v0.43.18...v0.43.19

Contributors

bmerkle, pelikhan, and 2 other contributors

Assets 16

13 Feb 08:17

github-actions

v0.43.18

5988e5c

v0.43.18

🌟 Release Highlights

This maintenance release focuses on quality improvements, enhanced debugging capabilities, and critical bug fixes for label trigger handling.

🐛 Bug Fixes

Label trigger schema validation - Fixed invalid GitHub Actions YAML generation when using label trigger shorthand (on: pull_request labeled (label)). The compiler now correctly applies the labels field only to event types that support native GitHub Actions label filtering (#15321, #15341)

⚡ Improvements

Activity alert refinements - Enhanced bot detection and activity monitoring with explicit allowlists for domains, accounts, and organizations. Dynamically loads repository and organization members for more accurate filtering (#15343)
Debug logging enhancements - Added comprehensive debug logging across 5 critical workflow compilation files and removed redundant log.Enabled() conditionals for cleaner code (#15338, #15339)
JavaScript modernization - Cleaned up add_labels.cjs with modern JavaScript patterns while maintaining full functionality and test coverage (#15336, #15337)

📚 Documentation

Instructions sync - Updated github-agentic-workflows.md instructions to reflect v0.40.1 changes (#15348)

For complete details, see CHANGELOG.

What's Changed

chore: make bot detection agentic by @mnkiefer in #15317
[jsweep] Clean validate_memory_files.cjs by @github-actions[bot] in #15313
Fix label trigger schema validation for pull_request events by @Copilot in #15321
[jsweep] Clean add_labels.cjs by @github-actions[bot] in #15336
[log] Add debug logging to 5 workflow-related files by @github-actions[bot] in #15338
chore: adjust activity alerts for allowed domains and accounts by @mnkiefer in #15343

Full Changelog: v0.43.17...v0.43.18

Contributors

mnkiefer

Assets 16

13 Feb 07:31

github-actions

v0.43.17

7efa93d

v0.43.17

🌟 Release Highlights

This release strengthens security, improves code quality tooling, and enhances the developer experience with better documentation and automated refinement workflows.

🔒 Security Enhancements

GitHub Lockdown Mode now enabled by default in public repositories - Automatically filters content from untrusted sources to prevent security risks in automated workflows (#15289). Learn more about Lockdown Mode
Agentic bot detection workflow - New intelligent workflow scores accounts based on risk factors and maintains a centralized triage issue for findings (#15317)
Command injection vulnerability patched - Fixed HIGH severity vulnerability in merge operations that could lead to arbitrary code execution (#15306)
Firewall binary update - Bumped to v0.16.3 with latest security fixes (#15323)

✨ New Features

Refiner workflow - Automated code style and security analysis triggered by the "refine" label. Checks alignment with repository conventions, detects malicious patterns, and identifies test coverage gaps (#15307)
Friendly PR reviews - PR reviews now support status (approve, request changes, comment) and inline comments attached to reviews (#15299)
Pagination improvements - Bot detection now uses github.paginate with 500-item caps to catch activity on noisy/abused PRs (#15318)

🐛 Bug Fixes & Improvements

TypeScript type safety - Fixed TS18046 errors in error handling for unknown types (#15308)
Test reliability - Avoided flaky assertions in read-only directory tests that failed in elevated privilege environments (#15312)
JavaScript formatting consistency - Standardized quote styles and removed trailing whitespace across .cjs files (#15316)
Code modernization - Cleaned up validate_memory_files.cjs with arrow functions, optional chaining, and improved type definitions (#15313)

📚 Documentation

Safe-outputs GitHub App permissions - Documented per-job token narrowing, automatic permission scoping, and token auto-revocation (#15297). Read the guide
Unassign-from-user safe output - Added complete documentation for removing user assignments from issues/PRs (#15310)

For complete details, see CHANGELOG.

What's Changed

🔒 Enable GitHub Lockdown Mode Security Feature by default in public repos by @dsyme in #15289
Document safe-outputs GitHub App permission narrowing by @Copilot in #15297
Produce friendly PR Reviews by @strawgate in #15299
[Security] Fix HIGH vulnerability: javascript.lang.security.detect-child-process.detect-child-process by @orbisai0security in #15306
Add refiner workflow for automated code style and security analysis by @Copilot in #15307
test: avoid flaky read-only dir assertion in extractZipFile by @liuxiaopai-ai in #15312
[docs] Update documentation for unassign-from-user safe output by @github-actions[bot] in #15310
Fix TypeScript type errors in error handling for unknown types by @Copilot in #15308
awf v0.16.3 by @pelikhan in #15323

New Contributors

@strawgate made their first contribution in #15299
@orbisai0security made their first contribution in #15306
@liuxiaopai-ai made their first contribution in #15312

Full Changelog: v0.43.16...v0.43.17

Contributors

pelikhan, strawgate, and 3 other contributors

Assets 16

Releases: github/gh-aw

v0.45.1

🌟 Release Highlights

🔒 Security

⚡ Stability & Performance

🌐 GitHub Enterprise Support

✨ Features & Enhancements

🐛 Bug Fixes

📚 Documentation

🔧 Internal Improvements

What's Changed

New Contributors

Contributors

Uh oh!

v0.45.0

🌟 Release Highlights

⚠️ Breaking Changes

✨ What's New

🔒 Security Enhancements

🐛 Bug Fixes & Improvements

📚 Documentation

🔧 Internal Improvements

What's Changed

Contributors

Uh oh!

v0.44.0

🌟 Release Highlights

✨ What's New

🐛 Bug Fixes & Improvements

📚 Documentation

🔧 Internal Improvements

What's Changed

Contributors

Uh oh!

v0.43.23

🌟 Release Highlights

✨ What's New

🐛 Bug Fixes & Improvements

🔧 Internal

What's Changed

Contributors

Uh oh!

v0.43.22

🌟 Release Highlights

✨ What's New

🐛 Bug Fixes & Improvements

📚 Documentation

What's Changed

Contributors

Uh oh!

v0.43.21

🌟 Release Highlights

✨ What's New

📚 Documentation & UX

🐛 Bug Fixes

What's Changed

Contributors

Uh oh!

v0.43.20

🌟 Release Highlights

⚠️ Migration Notice

✨ What's New

🐛 Bug Fixes

What's Changed

Contributors

Uh oh!

v0.43.19

🌟 Release Highlights

✨ What's New

🐛 Bug Fixes & Improvements

📚 Documentation

🔧 Internal Improvements

What's Changed

New Contributors

Contributors

Uh oh!

v0.43.18

🌟 Release Highlights

🐛 Bug Fixes

⚡ Improvements