v0.59.0

🌟 Release Highlights

v0.59.0 is a substantial release focused on new trigger types, call-workflow reliability, performance fixes, and a streamlined safe-outputs domain configuration. It also ships two new CLI commands and meaningful add-wizard UX improvements.

⚠️ Breaking Changes

• default-redaction renamed to default-safe-outputs — The built-in compound ecosystem identifier has been renamed. Update any frontmatter that references default-redaction in safe-outputs.allowed-domains.
• safe-outputs.allowed-url-domains merged into allowed-domains — The separate allowed-url-domains field has been removed. Its capabilities (ecosystem identifiers, additive URL allowlisting) are now part of the unified allowed-domains field.

✨ What's New

• Label Command Trigger — A new label_command trigger activates workflows when a specific label is added to an issue, PR, or discussion. The label is automatically removed on activation so it can be reapplied to re-trigger. (#21118)

• gh aw domains command — Inspect the effective network domain configuration across all your workflows, or drill into a specific workflow with per-domain ecosystem annotations. (#21086)

• Pre-activation step injection — New on.steps and on.permissions frontmatter fields let you inject custom steps and permissions into the activation job, enabling advanced trigger customization. (#21219)

• Smarter add-wizard — The wizard now detects org-level secrets to skip redundant token prompts (#21262) and offers an "Edit PR title and retry" option when a merge fails (#21261).

• Richer agent step log summaries — MCP tool calls now display their key arguments inline (e.g., ✓ github-list_issues repo=my-repo), giving you at-a-glance insight without digging into raw logs. (#21060)

• Builtin MCP usage guide — The canonical agentic-workflows MCP usage guide is now automatically injected at compile time — no need to duplicate it across workflow prompts. (#21117)

• Default reaction: eyes and status-comment — Slash-command and label-command triggers now enable reaction: eyes and status-comment: true by default, providing immediate visual acknowledgment when a workflow is triggered. (#21229)

⚡ Performance

• Fixed a ~50% regression in FindIncludesInContent that slowed compilation for workflows with many imports. (#21265)
• Fixed a YAML generation regression caused by repeated schema parsing; deprecated-field schema is now cached. (#21264)

🐛 Bug Fixes & Improvements

• call-workflow reliability — Multiple fixes: call-workflow is now wired into the consolidated safe-outputs handler path (#21218), tool registration in the HTTP MCP server is corrected (#21124), workflow_call inputs are properly forwarded (#21085), and caller jobs now inherit the correct permissions (#21080).
• PR reviewers respected — create-pull-request safe output now correctly applies reviewers configured in the workflow frontmatter. (#21217)
• sandbox.mcp payload fields — payloadSizeThreshold and other sandbox MCP fields were silently ignored during frontmatter extraction; this is now fixed. (#21167)
• label_command + slash_command co-existence — Workflows that declare both triggers no longer suppress label_command activation. (#21222)
• Bot allowlist fallback — check_membership.cjs no longer short-circuits the bot allowlist when a permissions API error occurs. (#21109)
• Missing npm treated as warning — Workflows that don't require npm no longer fail compilation on machines where npm is absent. (#21165)
• Long PAT header corruption — Checkout fetch steps now use base64 -w 0 to prevent line-wrapped headers with long PATs. (#21068)
• Compiler error messages — Syntax errors now report more precise locations and clearer descriptions. (#21123)

📚 Documentation

• Fixed the custom trigger filtering guide to use job-based graceful skip instead of exit 1. (#21215)
• Updated ecosystem identifiers and safe-outputs.allowed-domains reference docs. (#21170)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @alondahari for create-pull-request safe output does not add reviewers configured in workflow (#21207)
• @johnwilliams-12 for call-workflow is not wired into the consolidated safe_outputs handler-manager path (#21205)
• @johnwilliams-12 for HTTP safe-outputs server does not register generated call-workflow tools (#21074)
• @johnwilliams-12 for call-workflow generated caller jobs omit required permissions: (#21071)
• @johnwilliams-12 for call-workflow fan-out jobs do not forward declared workflow_call.inputs (#21062)
• @strawgate for sandbox.mcp.payloadSizeThreshold is ignored during frontmatter extraction (#21135)
• @strawgate for Feature: support explicit custom key for close-older matching (#21028)
• @microsasa for check_membership.cjs error branch short-circuits before bot allowlist fallback (#21098)
• @MattSkala for Allow conditional trigger filtering without failing workflow runs (#21203)
• @veverkap for Feature Request: Modify PR before creation (#21257)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Fix engine validation error location and improve error detection (#issue) by @Copilot in #21023
• [docs] Update documentation for features from 2026-03-15 by @github-actions[bot] in #21025
• feat: use action mode for release builds instead of release mode by @Copilot in #21024
• [docs] Update dictation skill glossary with 20 new terms by @github-actions[bot] in #21032
• fix: use qmd vsearch instead of qmd query to avoid LLM dependency in CI by @Copilot in #21046
• [code-simplifier] refactor: simplify fastParseTitle state machine and deduplicate formatCompilerError by @github-actions[bot] in #21050
• [docs] Update dictation skill instructions by @github-actions[bot] in #21059
• feat: enable status-comment on archie, cloclo, and q workflows by @Copilot in #21055
• [cloclo] fix: resolve temporary IDs in add_labels and remove_labels handlers by @github-actions[bot] in #21058
• Fix missing permissions in security-alert-burndown campaign workflow by @Copilot in #21066
• fix: use base64 -w 0 in checkout fetch step to prevent header corruption with long PATs by @Copilot in #21068
• fix(workflow-health-manager): increase repo-memory max-patch-size by @Copilot in #21070
• Show tool arguments and outputs in agent step log summaries by @Copilot in #21060
• cloclo: add protected-files fallback-to-issue by @Copilot in #21078
• Add history URL to agent failure issue/comment footers by @Copilot in #21075
• feat: support explicit custom key for close-older matching by @Copilot in #21076
• Add CI guard for validator file size limit (768 lines) by @Copilot in #21077
• fix: propagate worker job permissions to call-workflow caller jobs (#21061) by @Copilot in #21...

v0.58.3

🌟 Release Highlights

This release focuses on security hardening, GHES compatibility, and developer experience improvements — with better MCP write protection, a new Copilot pre-flight diagnostic for enterprise environments, and a noticeably improved run details summary.

✨ What's New

• MCP Write-Sink Guard Policy — All non-GitHub MCP servers configured via the gateway now enforce a write-sink guard policy, preventing unintended writes through third-party MCP tools. This improves the security posture of workflows using custom MCP integrations. (#21005)

• Copilot Pre-flight Diagnostic for GHES — A new pre-flight check helps diagnose Copilot configuration issues in GitHub Enterprise Server environments before a workflow run fails, saving time when debugging enterprise setups. (#20975)

• Action Pins Mode with gh-aw-actions v0 — The action-tag step now uses action pins mode, enabling stable and auditable action references via gh-aw-actions at the v0 tag. (#20991)

• Enhanced Run Details Step Summary — Workflow run summaries now render as structured bullet points, display the gh-aw version, and include full aw_info output for easier post-run inspection. (#20989)

⚡ Performance

• Faster Workflow Name Extraction — extractWorkflowNameFromFile no longer performs an unnecessary full YAML parse, reducing overhead when processing large workflow collections. (#21012)

🐛 Bug Fixes & Improvements

• GHES Host Leakage Prevention — The "Install GitHub Copilot CLI" step now explicitly emits GH_HOST: github.com, preventing GHES host values from leaking into the Copilot CLI installation context. (#20992)
• Workflow Call Artifact Downloads Fixed — Artifact prefix handling in the conclusion job and script step downloads now works correctly in workflow_call contexts. (#21011)
• TypeScript Type Error Fixed — Resolved a type error in json_object_to_markdown.cjs that could cause runtime failures in certain output scenarios. (#21010)
• Go Firewall Rule for Shared Workflows — The shared/go-make.md shared workflow now includes go in its firewall allowed set, enabling Go toolchain downloads during builds. (#21014)

📚 Documentation

• Accessibility: Live Search Results — The docs site search now announces results to screen readers via aria-live, improving accessibility for keyboard and assistive technology users. (#21019)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Optimize qmd-docs workflows: explicitly instruct models to use qmd-query for doc search by @Copilot in #20987
• Add Copilot pre-flight diagnostic for GHES environments by @claude in #20975
• Improve run details step summary: bullet points, aw version, and full aw_info rendering by @Copilot in #20989
• feat: update action-tag to use action pins mode (gh-aw-actions) with v0 by @Copilot in #20991
• fix: emit GH_HOST: github.com on Install GitHub Copilot CLI step to prevent GHES host leakage by @Copilot in #20992
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #21001
• [docs] docs: condense CentralRepoOps intro and remove duplicate cross-repo notes by @github-actions[bot] in #21003
• feat: add write-sink guard policy to all non-GitHub MCP servers configured by gateway by @Copilot in #21005
• Add go firewall allowed set to shared/go-make.md by @Copilot in #21014
• perf: optimize extractWorkflowNameFromFile by eliminating unnecessary YAML parse by @Copilot in #21012
• fix: use artifact prefix in conclusion job and script step downloads for workflow_call context by @Copilot in #21011
• Remove copilot-preflight script and associated step generation by @Copilot in #21016
• docs: add aria-live enhancement for search results accessibility (#issue) by @Copilot in #21019

Full Changelog: v0.58.2...v0.58.3

v0.58.2

🌟 Release Highlights

This release delivers broad GitHub Enterprise Server (GHES) improvements, making setup and tooling smoother for enterprise users, alongside critical reliability fixes for safe-outputs and several quality-of-life enhancements.

✨ What's New

• GitHub Enterprise Server auto-detection — The audit and add-wizard commands now automatically detect GHES environments and configure themselves accordingly, reducing manual setup friction. GITHUB_HOST is also passed to the GitHub MCP server to enable enterprise-aware API calls. (#20971, #20973, #20944, #20878)

• excluded-files for PR creation — The create-pull-request and push-to-pull-request-branch tools now support an excluded-files field, giving workflows fine-grained control over which files are included in pull requests. (#20935)

• Richer create_pull_request_review_comment schema — The pull_request_number and repo fields are now available in the safe-outputs tool, enabling cross-repo PR review comments. (#20963)

• Clearer run command errors — Missing workflow inputs now produce descriptive, actionable error messages instead of silent failures. (#20951)

🐛 Bug Fixes & Improvements

• Safe-outputs now reliably capture items — Fixed a bug where safe-output-items.jsonl was always empty and SafeItemsCount always reported 0, causing workflows to silently produce no outputs. (#20899)

• Safe-outputs MCP server stability — Disabled HTTP server timeouts that caused idle connection drops during long agent runs, preventing workflows from incorrectly reporting success with no outputs. (#20901)

• close_pull_request tool restored — The tool was missing from config.json despite being defined in the handler, preventing agents from closing PRs even when explicitly configured to do so. (#20897)

• gh aw upgrade drift fix — Corrected a bug where upgrade left a stale with: version: field out of sync with its uses: comment after version changes. (#20895)

• GHES: add-wizard PR creation fixed — The --create-pull-request flag now works correctly on GitHub Enterprise Server repositories. (#20898)

• Suppressed spurious wildcard fetch warning — Public repositories no longer show an irrelevant warning about wildcard branch fetching. (#20955)

• Security: cross-repo dispatch validation — Added allowlist validation to dispatch_workflow to prevent unauthorized cross-repository workflow dispatches. (#20970)

📚 Documentation

Automated documentation self-healing resolved three community-reported issues: improved staged-mode docs, fixed broken CONTRIBUTING.md anchors, and expanded APM guidance in the dependencies: reference.

🌍 Community Contributions

A huge thank you to the community members who reported issues resolved in this release:

• @dsyme for Staged mode support needs better docs (#20241)
• @bmerkle for invalid html anchor used in error message: CONTRIBUTING.md#prerequisites (#20646)
• @danielmeppiel for The dependencies: documentation undersells APM and lacks guidance for users (#20663)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Update gh-aw-mcpg version to v0.1.15 by @claude in #20862
• Add gh CLI configuration for GitHub Enterprise support by @claude in #20878
• [instructions] Sync github-agentic-workflows.md with v0.58.1 by @github-actions[bot] in #20876
• [dead-code] chore: remove dead functions — 5 functions removed by @Copilot in #20871
• [docs] docs: condense tools.md Registry Field section and trim Related Documentation by @github-actions[bot] in #20879
• fix: close_pull_request missing from config.json despite being in handler config by @Copilot in #20897
• Fix add-wizard/add --create-pull-request failing on GitHub Enterprise Server repos by @Copilot in #20898
• fix: correct stale with: version: when uses: comment and version drifted before upgrade by @Copilot in #20895
• fix: safe-output-items.jsonl always empty and SafeItemsCount always 0 by @Copilot in #20899
• [jsweep] Clean add_comment.cjs by @github-actions[bot] in #20900
• fix: disable HTTP server timeouts in safe-outputs MCP server to prevent idle connection drops by @Copilot in #20901
• [docs] Update documentation for GHES improvements from 2026-03-14 by @github-actions[bot] in #20906
• docs: require GitHub Copilot coding agent to always create a pull request by @Copilot in #20933
• refactor: rename runActionlintOnFile to runActionlintOnFiles by @Copilot in #20941
• fix(gemini): move error files into /tmp/gh-aw/ before artifact bundling by @Copilot in #20938
• refactor: extract shared project config parsing helpers to eliminate duplication by @Copilot in #20939
• feat: pass GITHUB_HOST to GitHub MCP server for enterprise support by @Copilot in #20944
• feat: improve run command error output for missing workflow inputs by @Copilot in #20951
• fix: update tests and golden files for GITHUB_HOST in GitHub MCP server config by @Copilot in #20956
• Add excluded-files field to create-pull-request and push-to-pull-request-branch by @Copilot in #20935
• improve test quality in pkg/parser/schedule_parser_test.go by @Copilot in #20969
• [safeoutputs] Add pull_request_number and repo fields to create_pull_request_review_comment tool schema by @Copilot in #20963
• [refactor] Semantic Function Clustering: Outlier Functions in agentic_engine.go and js.go by @Copilot in #20972
• fix(sec-005): add cross-repo allowlist validation to dispatch_workflow and exempt resolve_host_repo by @Copilot in #20970
• [docs] Self-healing documentation fixes from issue analysis - 2026-03-14 by @github-actions[bot] in #20980
• GHES: Add auto-detection helper functions for wizard configuration by @claude in #20971
• Add GHES auto-detection to audit and add-wizard commands by @claude in #20973
• Fix health smoke-copilot CI: use lock file name for gh run list API calls by @Copilot in #20979
• Suppress wildcard fetch warning for public repos by @Copilot in #20955
• [log] Add dedicated debug loggers to 5 pkg files for improved traceability by @github-actions[bot] in #20984

Full Changelog: v0.58.1...v0.58.2

v0.58.1

🌟 Release Highlights

This release focuses on workflow chaining and cross-repo improvements, adding powerful new composition primitives while shipping a broad round of bug fixes and quality improvements.

✨ What's New

• call-workflow safe output for workflow_call chaining (#20806) — Workflows can now emit a call-workflow safe output to chain into other workflows, enabling modular, reusable workflow pipelines.

• checkout: false support for agent jobs (#20844) — Disable automatic repository checkout in agent jobs when it's not needed, reducing startup time and improving security posture.

• preserve-branch-name for create-pull-request (#20788) — The create-pull-request safe output now supports a preserve-branch-name option, giving you control over branch naming in automated PR workflows.

• scope for skip-if-no-match / skip-if-match (#20803) — Activation filters now support a scope field for finer-grained control. github-token and github-app have also been promoted to top-level on: configuration, along with a new shared/activation-app.md shared workflow.

• Unrestricted discussion creation (#20845) — The announcement-capable category restriction for discussion creation has been removed, allowing agents to create discussions in any category.

🐛 Bug Fixes & Improvements

• Guard policy rendering fixed for repos="all" and repos="public" (#20764) — Guard policies now render correctly for broad repository scopes.

• Improved compiler error messages (#20755) — Compilation errors now include better hints, deduplication, position info, YAML translations, and schema hints — making it significantly easier to diagnose workflow issues.

• Cross-repo dispatch-workflow uses caller's GITHUB_REF (#20790) — Fixed an issue where cross-repo dispatched workflows were using the wrong ref, ensuring the caller's branch is preserved.

• Pagination bug in update-project resolved (#20778) — Field fetching was capped at 20 results; projects with more fields now work correctly.

• qmd MCP server startup fixed (#20840) — The qmd MCP server now registers collections before starting, resolving an empty tools list issue on first use.

• Relay activation checkout preserves callee workflow ref (#20714) — Caller-hosted relay workflows now correctly preserve the callee workflow ref and fix checkout behavior for cross-repo relays.

• GitHub App token fallback in workflow_call relays (#20825) — Fixed incorrect use of owner/repo slug (should be repo name only) in the GitHub App token fallback path.

📚 Documentation

• Updated reference documentation for the api-target engine field (#20765)
• Updated docs for new features shipped in this cycle (#20856, #20812)
• Added release process documentation to CONTRIBUTING.md (#20800)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Fix guard-policy rendering for repos="all" and repos="public" by @claude in #20764
• [docs] Update documentation for engine api-target field from 2026-03-13 by @github-actions[bot] in #20765
• refactor(cli): extract shared field-removal codemod factory to eliminate scaffold duplication by @Copilot in #20763
• fix: improve compiler error message quality (hints, dedup, position, YAML translations, schema hints) by @Copilot in #20755
• fix: preserve callee workflow ref in caller-hosted relay activation checkout and fix Checkout actions folder for cross-repo relays by @Copilot in #20714
• refactor: Semantic function clustering — move validation to proper files, remove wrappers, generify duplicate-ID checks by @Copilot in #20756
• Upgrade gh-aw-firewall default to v0.24.1 by @Copilot in #20767
• Move sync_actions instructions to push_tag so they appear before the environment gate by @Copilot in #20774
• Fix pagination bug in update-project field fetching (hard limit of 20) by @Copilot in #20778
• Use runtime ${{ github.action_ref }} for dev-mode "Checkout actions folder" step by @Copilot in #20775
• Add "action" mode for github/gh-aw-actions external actions repo by @Copilot in #20776
• Fix missing target-repo/allowed-repos in submit-pull-request-review schema by @Copilot in #20789
• fix: restore repository: github/gh-aw in dev mode checkout step by @Copilot in #20791
• fix: cross-repo dispatch-workflow uses caller's GITHUB_REF instead of target repo's ref by @Copilot in #20790
• docs: add release process to CONTRIBUTING.md by @Copilot in #20800
• fix: resolve 4 CLI help text consistency issues by @Copilot in #20805
• feat: add preserve-branch-name option to create-pull-request safe output by @Copilot in #20788
• Add shared MCP workflow for qmd-docs indexing by @Copilot in #20792
• [docs] Update documentation for features from 2026-03-13 by @github-actions[bot] in #20812
• fix: update TestGetActionPinsSorting expected count from 31 to 34 (#23057948566) by @Copilot in #20824
• [dead-code] chore: remove dead functions — 5 functions removed by @github-actions[bot] in #20835
• [file-diet] Refactor pkg/workflow/mcp_renderer.go (1053 lines) into focused modules by @Copilot in #20804
• feat: add scope to skip-if-no-match / skip-if-match; move github-token and github-app to top-level on:; add shared/activation-app.md by @Copilot in #20803
• fix: use repo name (not owner/repo slug) for GitHub App token fallback in workflow_call relays by @Copilot in #20825
• fix: ensure qmd MCP server registers collections before start to fix empty tools list by @Copilot in #20840
• [code-simplifier] refactor: simplify targetRepoName extraction in resolve_host_repo.cjs (#20825) by @github-actions[bot] in #20839
• feat: add call-workflow safe output for workflow_call chaining by @Copilot in #20806
• Remove announcement-capable category restriction for discussion creation by @Copilot in #20845
• [log] Add debug logging to 5 files across workflow, parser, and cli packages by @github-actions[bot] in #20850
• Add checkout: false support to disable agent job repository checkout by @Copilot in #20844
• chore(deps): bump undici from 6.23.0 to 6.24.0 in /actions/setup/js in the npm_and_yarn group across 1 directory by @dependabot[bot] in #20853
• Configure smoke-agent workflow with GitHub guard policies for public repos by @claude in #20830
• [docs] Update documentation for features from 2026-03-13 by @github-actions[bot] in #20856
• Update qmd-docs.md to use mcp-scripts instead of MCP server by @Copilot in #20847

Full Changelog: v0.58.0...v0.58.1

v0.58.0

🌟 Release Highlights

v0.58.0 is a substantial release focused on cross-repo workflow reliability, custom AI endpoint support, and a wave of community-driven bug fixes. 92 PRs merged.

✨ What's New

• Custom API Endpoints for Agentic Engines — You can now point workflows at custom OpenAI and Anthropic API targets (e.g., Azure OpenAI, proxies, private deployments) via the engine frontmatter. Both the sandbox and engine configuration support custom base_url and authentication settings. (#20730, #20631)

• Auto-derived Safe Outputs Guard Policy — The safeoutputs guard policy is now automatically derived from the GitHub MCP guard policy, eliminating redundant configuration. Paired with a bump to MCP gateway v0.1.14. (#20467)

• Redirect Failure Issues to a Different Repo — New safe-outputs.failure-issue-repo frontmatter field lets you route workflow failure issues to a central repository instead of the workflow's own repo. (#20429)

• Unified Agent Artifact — Agent job artifacts are now merged into a single agent artifact, making it easier to download and inspect workflow outputs. (#20507)

• APM Artifact Pack/Unpack Support Reimplemented — APM (Artifact Package Manager) dependency workflows now correctly pack and unpack artifacts across jobs. (#20564)

• Compile-time Warnings for push-to-pull-request-branch — The compiler now emits warnings when push-to-pull-request-branch is configured with target: "*", helping catch potentially unintended broad-scope writes before deployment. (#20580)

• --skip-secret Flag for add-wizard — A new --skip-secret flag bypasses the API key prompt during gh aw add, useful for CI environments and workflows that manage secrets externally. (#20598)

🐛 Bug Fixes & Improvements

• Fixed "Exceeded max expression length 21000" — Compiled workflows with large toolsets (e.g., toolsets: [all]) combined with create-pull-request.base-branch no longer fail GitHub Actions YAML validation. (#20751)

• Cross-repo relay activation checkout — A series of fixes resolves checkout failures in event-driven relay workflows where event_name propagation caused the wrong repo/ref to be checked out. (#20583)

• dispatch_workflow now honors target-repo — Cross-repo relay workflows using dispatch_workflow correctly dispatch to the configured target-repo instead of always targeting context.repo. (#20708)

• submit_pull_request_review cross-repo support — Added target-repo support to submit_pull_request_review so review submissions work correctly in cross-repo workflows. (#20678)

• gh aw logs actionable errors — Fixed a bug where an invalid path field in gh run list caused errors to be misclassified as authentication failures. The CLI now surfaces the real cause. (#20684)

• Codex web search disabled by default — Codex no longer uses web search unless the web-search tool is explicitly configured, preventing unintended external lookups. (#20607)

• Fixed push-to-pull-request-branch default max: 1 — The default value was incorrectly set to 0 instead of the documented 1. (#20582)

• Fixed git fetch auth after clean_git_credentials.sh — push_to_pull_request_branch no longer fails with authentication errors after credential cleanup. (#20581, #20524)

• Fixed PR creation fallback status — create-pull-request no longer incorrectly reports a PR as created when it fell back to creating a review issue instead. (#20602)

• Improved merge conflict failure issues — When create_pull_request or push_to_pull_request_branch fail due to merge conflicts, the resulting failure issue now includes actionable context. (#20421)

• reply_to_pull_request_review_comment registered in config — The tool was missing from config.json, preventing it from being used. (#20525)

• Custom safe-output job types now recognized — Fixed a regression where custom safe-output job types were not recognized in the safe_outputs job. (#20682)

• Artifact name prefix for workflow_call — Prevents artifact name collisions when multiple callers invoke the same reusable workflow concurrently. (#20685)

• actionlint integration failures distinguished from lint findings — gh aw compile --actionlint now correctly differentiates tool failures (non-zero exit with no findings) from actual lint errors. (#20637)

📚 Documentation

• Debug logging troubleshooting guide — Added a common-issues page section on using DEBUG=* to diagnose workflow problems. (#20725)

• allowed-files clarified as exclusive allowlist — Documented that allowed-files is a strict allowlist, not an additive exception list. (#20606)

• Dedicated APM Dependencies reference page — Added a reference page covering APM dependency workflows and configuration. (#20674)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @grahame-white for Bug: Exceeded max expression length in compiled workflows with large toolsets (#20719) and compile --actionlint exits nonzero with zero findings (#20629)
• @johnwilliams-12 for cross-repo activation checkout bugs in event-driven relays (#20697, #20696, #20658, #20567)
• @rabo-unumed for gh aw logs misclassifies errors as authentication failures (#20679)
• @alexsiilvaa for submit_pull_request_review lacks target-repo support (#20664)
• @tspascoal for PR creation fallback still claims PR was created (#20597)
• @mcantrell for Option to skip API secret prompt for add-wizard (#20592)
• @eaftan for Codex uses web search even when tool is not configured (#20457)
• @NicoAvanzDev for push_to_pull_request_branch git fetch failure (#20540) and incorrect default max: 0 (#20528)
• @arezero for reply_to_pull_request_review_comment missing from config.json (#20512) and clean_git_credentials.sh breaking push_to_pull_request_branch (#20511)
• @dsyme for push-to-pull-request-branch warnings (#20578) and better merge conflict failure issues (#20420)
• @bmerkle for missing Prerequisites section in CONTRIBUTING.md (#20646) and cleanup contributions

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: propagate environment: frontmatter field to all safe-output jobs by @Copilot in #20384
• Recompile workflows to sync lock files with markdown sources by @Copilot in #20396
• refactor: split pkg/cli/remote_workflow.go into 5 focused modules by @Copilot in #20377
• fix(cli): standardize --help flag descriptions and "agentic workflow" terminology by @Copilot in #20375
• fix(wasm): update golden files for GH_AW_PHASE, GH_AW_VERSION, GITHUB_AW env vars by @Copilot in #20408
• [code-simplifier] Simplify duplicate alt-path blocks in fetch.go; fix add_command test broken by #20375 by @github-actions[bot] in #20410
• [docs] Self-healing documentation fixes from issue analysis - 2026-03-10 by @github-actions[bot] in #20412
• fix: prevent test suite timeout caused by real network calls in force-overwrite test by @Copilot in #20428
• fix: only emit GH_AW_VERSION with real version in release builds, use "dev" otherwise by @Copilot in #20433
• [aw] Updates available by @github-actions[bot] in #20430
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in https...

v0.57.2

🌟 Release Highlights

This patch release improves agent self-awareness and polishes report readability in built-in reporting workflows.

✨ What's New

• Agent execution context detection — All engine execution steps (Copilot, Claude, Codex, Gemini) now inject three new environment variables: GITHUB_AW=true lets agents detect they're running inside a GitHub Agentic Workflow, GH_AW_PHASE identifies whether it's the main agent run or a detection (threat detection) run, and GH_AW_VERSION exposes the gh-aw compiler version. This enables agents to tag their output, adapt behavior, and integrate with observability tooling. 166 lock files have been recompiled to include these new variables. (#20382)

🐛 Bug Fixes & Improvements

• Cleaner report formatting with progressive disclosure — The daily-secrets-analysis and copilot-pr-merged-report built-in workflows now use correct header levels (no top-level #/## headings) and wrap verbose sections (e.g., Top 10 Secrets table, Merged PRs table, code generation metrics) in collapsible <details> blocks. Executive summaries and key findings remain always visible, reducing noise for readers scanning long reports. (#20376)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Normalize report formatting: fix headers and add progressive disclosure in secrets and copilot PR reports by @Copilot in #20376
• Add GITHUB_AW, GH_AW_PHASE, and GH_AW_VERSION env vars to agentic engine execution steps by @Copilot in #20382

Full Changelog: v0.57.1...v0.57.2

v0.57.1

🌟 Release Highlights

This release focuses on reliability and developer experience — fixing schema validation gaps, hardening the upgrade flow, improving failure diagnostics, and expanding cross-repo workflow capabilities.

✨ What's New

• Cross-repo workflow_call runtime imports — Workflows invoked via workflow_call from another repository now correctly check out the callee's .md files at runtime, eliminating ERR_SYSTEM: Runtime import file not found errors in cross-repo reuse scenarios. Includes a secrets: inherit support for reusable workflow call jobs. (#20301)

• Auto-upgrade on gh aw upgrade — gh aw upgrade now automatically installs the latest extension version before compiling lock files, then relaunches the new binary transparently. Lock files no longer embed a stale version string after upgrading. (#20300)

• Richer failure issue diagnostics — Agent failure issues now include a universal copy-pasteable debug prompt for any coding agent (Copilot, Claude, Gemini, etc.), plus a new top-level debug.md entry point. A new report-failure-as-issue: false frontmatter option lets you suppress failure issue creation per-workflow. Dedicated 📦 Patch Size Exceeded sections appear when max-patch-size limits are hit. (#20266, #20354)

• CLI flag consistency — Four commands gained missing flags to align with the rest of the CLI: gh aw run --json, gh aw audit --repo, gh aw new --engine, and gh aw list --dir. (#20272)

• Non-agent job concurrency defaults — Non-agent job concurrency groups now default cancel-in-progress: false, preventing accidental cancellation of setup or cleanup jobs during rapid pushes. (#20224)

🐛 Bug Fixes & Improvements

• max-patch-size schema fix — The tools.repo-memory JSON schema was missing the max-patch-size property, causing schema validation to reject valid frontmatter before compilation could process it. (#20309)

• pull_request_target as PR context — create_pull_request_review_comment and target: "triggering" now correctly recognize pull_request_target events as valid PR context, fixing Not in pull request context errors. (#20268)

• gh aw audit no longer crashes on non-zip artifacts — Docker build artifacts and other non-zip formats are now skipped gracefully instead of aborting the entire audit report. (#20294)

• Improved Docker validation error messages — Docker-related validation failures now surface actionable guidance instead of opaque internal errors. (#20350)

📚 Documentation

• Staged mode reference page — A dedicated reference/staged-mode page covers enabling staged mode globally or per output type, the 🎭 preview format, per-type support table, and the recommended staged → review → enable adoption pattern. (#20269)

• Debugging prompts in authoring guides — Self-contained and Copilot-specific debugging prompts have been added to the authoring guides and debug.md to help diagnose workflow failures faster. (#20349)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @mnkiefer for [research] Overview of docs improver agents (#19836)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• chore: clarify org permissions in docs by @mnkiefer in #20260
• Default cancel-in-progress: false for non-agent job concurrency groups by @Copilot in #20224
• [log] Add debug logging to artifact manager, update command, and MCP config utils by @github-actions[bot] in #20261
• [code-simplifier] refactor: combine PR expires tests into table-driven test by @github-actions[bot] in #20253
• [docs] Self-healing documentation fixes from issue analysis - 2026-03-09 by @github-actions[bot] in #20254
• docs: add dedicated staged mode documentation page for safe outputs by @Copilot in #20269
• fix(safe-outputs): treat pull_request_target as valid PR context in create_pull_request_review_comment by @Copilot in #20268
• Improve failure issue actionability with generic debug prompt and report-failure-as-issue option by @Copilot in #20266
• Fix schema/validation mismatch: add "public" to repos enum in guard-policies by @Copilot in #20281
• fix: move permission computation to dedicated safe_outputs_permissions.go by @Copilot in #20270
• Add missing flags to run, audit, new, and list commands for CLI consistency by @Copilot in #20272
• fix(audit): gracefully skip non-zip artifacts instead of crashing by @Copilot in #20294
• fix(step-names): standardize "Install dev dependencies" → "Install development dependencies" and "Install uv" → "Setup uv" by @Copilot in #20295
• refactor: split safe_outputs_generation.go (1549 lines) into focused modules by @Copilot in #20296
• [docs] Update documentation for features from 2026-03-10 by @github-actions[bot] in #20306
• fix: auto-upgrade gh-aw extension during gh aw upgrade to prevent stale version in lock files by @Copilot in #20300
• Fix: max-patch-size missing from tools.repo-memory JSON schema by @Copilot in #20309
• [fp-enhancer] Improve pkg/cli: replace bubble sort, use sliceutil.Map, migrate to slices package by @github-actions[bot] in #20323
• [docs] Update glossary - daily scan by @github-actions[bot] in #20328
• feat: fix runtime-import in cross-repo workflow_call by detecting callee repository at checkout by @Copilot in #20301
• Improve Docker validation error messages to be actionable by @Copilot in #20350
• docs: add self-contained and Copilot debugging prompts to authoring guides and debug.md by @Copilot in #20349
• fix(daily-code-metrics): increase max-patch-size to prevent push_repo_memory failures by @Copilot in #20353
• Add dedicated error messages for max patch size failures in agent failure issues by @Copilot in #20354

Full Changelog: v0.57.0...v0.57.1

v0.57.0

🌟 Release Highlights

This release delivers a meaningful rename that clarifies the product model, a new concurrency primitive for fan-out workflows, and a focused round of reliability fixes across safe-outputs and developer tooling.

⚠️ Breaking Changes

safe-inputs renamed to mcp-scripts

The safe-inputs frontmatter field has been renamed to mcp-scripts throughout the compiler, schema, documentation, and runtime to better reflect its purpose as a lightweight MCP Script host.

Migration: Run the built-in codemod to update your workflows automatically:

gh aw fix --write safe-inputs-to-mcp-scripts

All documentation, environment variables, log messages, and shared workflows have been updated accordingly. (#20115)

---

✨ What's New

concurrency.job-discriminator for fan-out workflows

A new job-discriminator field in the concurrency frontmatter block prevents concurrent fan-out runs from cancelling each other. When set, the expression is appended to compiler-generated job-level concurrency groups (agent, output jobs), making each dispatch unique.

# Allow concurrent runs dispatched with different inputs
concurrency:
  job-discriminator: $\{\{ inputs.finding_id }}

# Use run_id for scheduled workflows with no distinguishing input
concurrency:
  job-discriminator: $\{\{ github.run_id }}

This is especially useful for workflows invoked in batch — such as per-repository analysis jobs — where the default static concurrency group would cancel all-but-two concurrent runs. (#20190)

---

🐛 Bug Fixes & Improvements

Safe-Outputs reliability:

• created_issue_* outputs now emitted correctly — created_issue_number and created_issue_url were silently dropped after a successful create-issue action due to the handler manager never calling the emitter. Workflows gating on these outputs will now work as expected. (#20130)
• pull_request_target events now recognized as PR context — Safe-output operations using target: "triggering" (e.g., update-pull-request) were silently skipped or failed when triggered via pull_request_target. (#20198)
• Cross-repo safe-outputs now pass GITHUB_TOKEN to git CLI — Custom token sources are now wired into the GITHUB_TOKEN environment variable for create-pull-request and push-to-pull-request-branch steps involving cross-repo checkouts. (#19890)

Tooling fixes:

• gh aw health now finds workflow runs — The path field was accidentally dropped from the gh run list query, causing the .lock.yml filter to discard every run and always report "No workflow runs found". (#20221)
• Firewall analysis no longer inflates blocked counts — Internal Squid error entries (client ::1:, domain -) were being counted as blocked requests. (#20137)
• Campaign discovery no longer crashes — The campaign workflow step now inlines discovery logic instead of referencing /opt/gh-aw/actions/campaign_discovery.cjs, which is not a built-in module. (#20109)
• repo-memory no longer fails on repos without a Wiki — The __GH_AW_WIKI_NOTE__ placeholder in repo_memory_prompt.md is now correctly substituted when wiki: true is not set. (#20236)
• create-pull-request integer expires values now converted correctly — Integer values (e.g., expires: 14) representing days were previously stored as-is instead of being converted to hours. (#20231)
• Agent failure issues now use cleaner titles — Pre-agent stage denomination removed; failure issues always use the format [aw] (workflow-name) failed. (#20146)

Engine parity:

• Codex runs now display a rich session preview in the "Parse agent logs" step, matching the output format of Copilot, Claude, and Gemini engines. (#20199)

No-op runs:

• The auto-created no-op runs issue template now includes a helpful tip explaining how to disable reporting via safe-outputs. (#20229)

---

📚 Documentation

• Cost management reference guide updated with gh aw logs monitoring section and corrected skip-if-match / skip-if-no-match YAML examples. (#20128)
• Getting-started MCP guide streamlined by 21% — duplicate content and verbose tables removed. (#20136)
• Project Operations page updated with improved authentication guidance and visual examples. (#20165)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [log] Add debug logging to MCP inspection, workflow resolution, and repo memory by @github-actions[bot] in #20119
• fix: inline campaign discovery logic in campaign workflow step by @Copilot in #20109
• [WIP] Improve cost management reference documentation by @Copilot in #20128
• fix(safe-outputs): emit created_issue_* outputs from handler manager by @Copilot in #20130
• [instructions] Sync github-agentic-workflows.md with v0.40.1 — document safe-outputs step action outputs by @github-actions[bot] in #20134
• [docs] docs: unbloat getting-started-mcp guide by @github-actions[bot] in #20136
• Rename safe-inputs to mcp-scripts by @Copilot in #20115
• fix: expose GITHUB_TOKEN env var for cross-repo git CLI operations in safe outputs by @Copilot in #19890
• Fix firewall analysis inflating blocked count with internal Squid error entries by @Copilot in #20137
• [WIP] Fix agent failure issue creation by removing pre-agent denomination by @Copilot in #20146
• [jsweep] Clean assign_to_agent.cjs by @github-actions[bot] in #20155
• [docs] Update documentation for features from 2026-03-09 by @github-actions[bot] in #20159
• chore: update project ops page by @mnkiefer in #20165
• [docs] Update glossary - weekly full scan by @github-actions[bot] in #20191
• [architecture] Update architecture diagram - 2026-03-09 by @github-actions[bot] in #20175
• [specs] Update layout specification - 2026-03-09 by @github-actions[bot] in #20170
• fix(safe-outputs): include pull_request_target in PR context detection by @Copilot in #20198
• Fix broken anchor links in project-ops docs causing CI build failure by @Copilot in #20173
• Show Codex session preview in parse agent log step like other engines by @Copilot in #20199
• Add concurrency.job-discriminator to prevent fan-out cancellations in job-level concurrency groups by @Copilot in #20190
• Add GFM tip to no-op runs issue template explaining how to disable reporting by @Copilot in #20229
• fix: use preprocessExpiresField for create-pull-request integer expires conversion by @samueltauil in #20231
• fix: gh aw health always returns "No workflow runs found" by @Copilot in #20221
• Fix __GH_AW_WIKI_NOTE__ placeholder not substituted when wiki is disabled by @Copilot in #20236

New Contributors

• @samueltauil made their first contribution in #20231

Full Changelog: v0.56.2...v0.57.0

v0.56.2

🌟 Release Highlights

This release focuses on reliability improvements across protected-file handling, setup CLI pinning, and cross-repo workflows — along with an upgrade to GitHub MCP server v0.32.0 and a new strict allowlist feature for protected-file protection.

✨ What's New

• allowed-files strict allowlist for protected-file PR safe outputs (#20051) — You can now configure an explicit allowlist of files that are permitted in protected-file PRs. Any file outside the allowlist is blocked, giving teams tighter control over what agents can modify in sensitive branches.

🐛 Bug Fixes & Improvements

• Protected-file fallback-to-issue now works when workflows permission is absent (#20106) — When an agent patch touches .github/workflows/ files and the GitHub App lacks workflows permission, gh-aw now correctly creates a fallback review issue rather than silently failing.
• Default branch no longer hardcoded to main (#20099) — create_pull_request and related operations now query the repository's actual default branch, fixing failures in repos using master, develop, or any non-main default.
• add-wizard correctly syncs working tree after PR merge (#20094) — Switching to the default branch after merging a wizard-created PR ensures workflow files are visible immediately, eliminating "workflow file not found" errors.
• setup-cli action now respects pinned version input (#20081) — The action verifies the installed version matches the requested version after gh extension install, falling back to a manual binary download if there's a mismatch.
• Safe output handler gracefully handles custom safe output job types (#20114) — Unknown job types no longer surface as unhandled errors; they are now logged and skipped cleanly.

⚡ Performance

• Compiled regex patterns moved to package-level variables (#20073, #20079) — regexp.MustCompile calls across pkg/cli, pkg/workflow, and the expression-validation hot path are now initialized once at startup rather than on every invocation, reducing allocation pressure in high-frequency compilation paths.

🔧 Dependencies & Infrastructure

• GitHub MCP server upgraded to v0.32.0 (#20100) — Picks up the latest GitHub MCP tooling improvements and bug fixes.

📚 Documentation

• New Cost Management reference page (#20078) — Added guidance on understanding and controlling the compute costs associated with running agentic workflows.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @dsyme for Change to protected file not correctly using a fallback issue (#20103)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Add missing scanner.Buffer() calls to prevent silent truncation in gateway_logs.go by @Copilot in #20074
• chore: hoist regexp.MustCompile calls to package-level vars across pkg/cli and pkg/workflow by @Copilot in #20073
• perf: hoist regexp.MustCompile calls to package-level vars in validateExpressionForDangerousProps by @Copilot in #20079
• IMP-003: Move generateCustomJobToolDefinition to safe_outputs_config_generation.go by @Copilot in #20080
• docs: add Cost Management reference page by @Copilot in #20078
• Fix setup-cli action ignoring pinned version input by @Copilot in #20081
• fix: query repo default branch instead of hardcoding 'main' (#20098) by @dsyme in #20099
• [dead-code] chore: remove dead functions — 9 functions removed by @github-actions[bot] in #20101
• fix: switch to default branch before pulling after add-wizard PR merge by @Copilot in #20094
• fix: create protected-file review issue when push fails due to workflows permission by @dsyme in #20106
• Update MCP gateway GitHub guard terminology by @claude in #20096
• Upgrade GitHub MCP server to v0.32.0, recompile workflows by @Copilot in #20100
• Add allowed-files strict allowlist for protected-file protection on PR safe outputs by @Copilot in #20051
• Fix safe output handler to gracefully ignore custom safe output job types by @Copilot in #20114
• [code-simplifier] refactor: simplify generateCustomJobToolDefinition and extractDispatchWorkflowNames by @github-actions[bot] in #20107

Full Changelog: v0.56.1...v0.56.2

v0.56.1

🌟 Release Highlights

This release focuses on reliability and correctness — fixing several subtle but impactful bugs in sandbox execution, bot identity matching, workflow compilation, and safe-output handling, alongside expanded documentation.

🐛 Bug Fixes & Improvements

• Bot identity canonicalization — on.bots allow-lists now correctly match GitHub App actors regardless of whether they appear as my-app or my-app[bot]. Previously, the exact-string mismatch silently blocked activations. (#20059)

• AWF sandbox git identity — The first git commit inside an AWF sandbox no longer fails with "Author identity unknown." Host Git identity environment variables are now injected into sandbox execution steps, preserving the caller's author/committer info. (#20056)

• dispatch-workflow compile-order independence — Workflows that dispatch other workflows in the same compile batch no longer require a specific compilation order. Targets that exist as .md files (without a pre-existing .lock.yml) are now accepted. (#20057)

• safe-outputs: failures now fail the workflow — When a safe-output handler returns {success: false}, the step now calls core.setFailed() and exits non-zero. Previously, failures were only emitted as warnings and the workflow continued as successful. (#20055)

• Gateway log truncation fix — Log lines exceeding 64 KB in gateway.jsonl (common with large AI tool call payloads) were silently truncated. Missing scanner.Buffer() calls have been added to prevent this. (#20074)

• Firewall analysis blocked domain display — The firewall log viewer now correctly shows the destination IP:port for iptables-dropped traffic instead of displaying "-". (#20016)

📚 Documentation

• Docker-based MCP server configuration — The MCP server reference now covers running gh-aw as an MCP server via Docker, for environments where the gh CLI is not installed locally. (#20053)

• Workflow status message style guide — A new .github/aw/messages.md establishes consistent conventions for tone and emoji usage in safe-outputs status messages across all workflows. (#20052)

• Updated feature documentation and permissions reference cleanup. (#20020, #20003)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @samuelkahessay for safe-outputs: handler failures never escalated to core.setFailed() (#20035)
• @strawgate for Agent sandbox git identity missing: first commit fails, then agent self-configures (#20033)
• @samuelkahessay for dispatch-workflow validation is compile-order dependent (#20031)
• @samuelkahessay for on.bots matching is exact-string only and fails for (slug) vs (slug)[bot] (#20030)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [docs] docs: reduce bloat in permissions.md by @github-actions[bot] in #20003
• [docs] Update documentation for features from 2026-03-08 by @github-actions[bot] in #20020
• Fix firewall analysis showing "-" instead of actual blocked domains for iptables-dropped traffic by @Copilot in #20016
• fix: canonicalize bot identifiers so <slug> and <slug>[bot] match in on.bots by @Copilot in #20059
• docs: add Docker-based MCP server configuration by @Copilot in #20053
• safe-outputs: escalate handler failures to core.setFailed() by @Copilot in #20055
• Fix dispatch-workflow validation: accept .md-only targets in same compile batch by @Copilot in #20057
• Add workflow status message style guide by @Copilot in #20052
• Fix: Inject git identity env vars into AWF sandbox execution steps by @Copilot in #20056

Full Changelog: v0.56.0...v0.56.1