v0.81.6

Compare Source

🌟 Release Highlights

This release focuses on stability and observability — restoring broken fleet-wide token tracking, hardening CI quality gates, and adding release traceability for merged PRs.

✨ What's New

• Release PR notifications — A new post-agent release job now automatically comments on every PR included in each release, making it easy to trace which release shipped your changes (#​41834).
• Loop engineering playbook — .github/aw/loop.md codifies patterns from autoloop, goal, and crane into a unified reference for building robust agentic loops (#​41833).
• Benchstat regression gate — The CI bench job now compares against a stored baseline using benchstat, preventing silent performance regressions from merging (#​41813).

🐛 Bug Fixes & Improvements

• Restored fleet-wide token usage collection — TokenUsage had been reporting 0 across the entire fleet since June 20 due to two co-conspirating bugs in the conclusion job. Both are fixed, restoring accurate AI credit tracking (#​41823).
• Security: pinned govulncheck to go.mod version — CI vulnerability scans now use the exact version declared in go.mod and produce reproducible SARIF reports. A local make vuln-sarif target is also available (#​41815).
• Hardened BYOK Ollama startup — The daily BYOK Ollama test now gates on explicit model and API readiness before proceeding, eliminating pre-agent failures from incomplete startup (#​41838).
• Stabilized Go Logger Enhancement compile — Fixed exit code 126 caused by unsafe shell glob expansion in the workflow tool allowlist (#​41840).
• Enforced safe output completion in quality workflow — The daily compiler quality workflow now requires an explicit safe output call, preventing silent no-op runs (#​41841).

🔧 Internal

• Refactored 5 extreme function-length hotspots (145–650 lines) in pkg/workflow and pkg/cli into focused, testable units (#​41800).
• SortedKeys sweep and deduplication logic consolidation across the codebase (#​41829).

Generated by 🚀 Release · 32.9 AIC · ⊞ 8.3K

What's Changed

• refactor: split 5 extreme function-length hotspots in pkg/workflow and pkg/cli by @​pelikhan with @​Copilot in #​41800
• fix(security): pin govulncheck to go.mod version in CI, add local SARIF target by @​pelikhan with @​Copilot in #​41815
• Add benchstat regression gate to CI bench job by @​pelikhan with @​Copilot in #​41813
• fix(token-usage): restore fleet-wide TokenUsage collection via non-empty copy guard and correct priority order by @​pelikhan with @​Copilot in #​41823
• Add post-agent release job to comment on PRs included in each release by @​pelikhan with @​Copilot in #​41834
• [community] Update community contributions in README by @​github-actions[bot] in #​41836
• Require explicit safe output completion in daily compiler quality workflow by @​pelikhan with @​Copilot in #​41841
• Harden Daily BYOK Ollama startup path with explicit model/API readiness gating by @​pelikhan with @​Copilot in #​41838
• [aw] Stabilize Go Logger Enhancement compile invocation by @​pelikhan with @​Copilot in #​41840
• refactor: SortedKeys sweep, deduplicate dedup logic, redistribute misplaced helpers by @​pelikhan with @​Copilot in #​41829
• Add .github/aw/loop.md playbook synthesizing loop-engineering patterns from autoloop/goal/crane by @​pelikhan with @​Copilot in #​41833

Full Changelog: github/gh-aw@v0.81.5...v0.81.6

v0.81.5

Compare Source

🌟 Release Highlights

This release focuses on org-mode maturity, performance optimizations, and sandbox hardening — making gh aw update/upgrade --org more robust and production-ready while delivering meaningful speed improvements across the compiler and validator.

✨ What's New

• Action-pin mapping in aw.json (#​41579) — Define action-pin overrides directly in your aw.json configuration, giving you centralized control over pinned action versions.

• manifest-version now optional in aw.yml (#​41687) — Reduces boilerplate in new workflow files; the field is inferred when omitted.

• Non-TTY fallback for gh aw add wizard (#​41717) — The interactive add wizard now gracefully falls back to text prompts in non-interactive environments (CI, scripts), unblocking automation pipelines.

• Org-mode improvements for update/upgrade --org (#​41617, #​41627, #​41719) — Workflow-targeted updates, repo prefiltering, version-tag display, unified repo discovery, and per-repo confirmation prompts (with --yes for CI). The --org flag is now significantly more useful for managing fleets of repositories.

• Sandbox hardening at 50% baseline (#​41786) — Half of all eligible agentic workflows now run with sandbox.agent.sudo: false, reducing the blast radius of runaway agent steps.

• Daily detection analysis report workflow (#​41802) — New built-in workflow that generates automated detection analysis reports.

⚡ Performance

• Lazy-loaded embedded JSON datasets (#​41587) — Embedded compile-time JSON is no longer loaded at startup, reducing memory footprint for CLI commands that do not compile.
• Lazy-loaded GitHub toolset permissions (#​41755) — Loaded via sync.Once so permission data is only read when needed.
• Cached regexp in applySanitizePattern (#​41762) — Eliminates repeated regex compilation on hot code paths.
• Faster ParseWorkflow (#​41772) — Model-alias cycle detection overhead reduced.

🐛 Bug Fixes & Improvements

• Secret double-escape fix (#​41801) — Custom MCP server env/header secrets are no longer double-escaped in generated lock files.
• Agent-supplied branch accepted in push_to_pull_request_branch (#​41654) — Fixes a regression where agent-provided branch names were rejected.
• MODEL_NOT_SUPPORTED detection extended (#​41792) — The pattern now catches 404 "Model not found" responses, improving resilience for unsupported model errors.
• Bundle manifest path resolution (#​41790) — .github/ paths are now resolved as repo-root-relative in nested bundle manifests.
• MCP post-completion relaunch is non-fatal (#​41713) — A failed MCP server relaunch after job completion no longer fails the workflow.
• PR Sous Chef cooldown (#​41759) — Prevents back-to-back comments by enforcing a 30-minute cooldown.
• Harness exits cleanly (#​41675) — Exits with code 0 when expected safe-outputs were already produced, even when subsequent steps encounter permission-denied errors.
• GH_AW_POLICY_STRICT enforced at runtime (#​41682) — Non-strict compiled workflows now properly respect the strict policy flag at runtime.

📚 Documentation

• Blog: Custom Linters, Sergo, Linter Miner & LintMonster (#​41663) — A new blog post walking through the custom linter ecosystem. Read it →
• gh aw env governance guide (#​41758) — New documentation covering defaults and scope inheritance for environment configuration.

Generated by 🚀 Release · 41.2 AIC · ⊞ 8.3K

What's Changed

• Add action-pin mapping support in aw.json by @​pelikhan with @​Copilot in #​41579
• pkg/workflow: lazy-load embedded JSON datasets used only at compile-time paths by @​pelikhan with @​Copilot in #​41587
• feat: add XML markers, deduplication, labels, and release links to org runner PRs/issues by @​pelikhan with @​Copilot in #​41580
• fix: resource lifecycle and context propagation (lint-monster) by @​pelikhan with @​Copilot in #​41589
• Replace lint-monster path literals with repository constants in CLI/workflow codepaths by @​pelikhan with @​Copilot in #​41611
• [UX] Professionalize Architecture Guardian safe-output status messages by @​pelikhan with @​Copilot in #​41612
• [jsweep] Clean update_context_helpers.cjs by @​github-actions[bot] in #​41608
• fix: accept agent-supplied branch in push_to_pull_request_branch (fixes #​41643) by @​dsyme in #​41654
• fix: replace deprecated gpt-5-mini with gpt-5.4-mini in daily-model-resolution workflow by @​pelikhan with @​Copilot in #​41625
• Enable sandbox.agent.sudo: false on 20 agentic workflows by @​pelikhan with @​Copilot in #​41628
• [docs] Update glossary - daily scan by @​github-actions[bot] in #​41657
• [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @​github-actions[bot] in #​41653
• [code-scanning-fix] Fix js/http-to-file-access: validate Content-Type and size for LFS PDF download by @​github-actions[bot] in #​41635
• Update gh aw update --org to support workflow-targeted updates and repo prefiltering by @​pelikhan with @​Copilot in #​41617
• panicinlibrarycode: enforce FuncLit boundaries for init/doc panic exemptions by @​pelikhan with @​Copilot in #​41631
• [instructions] Sync instruction files with release 0.81.4 by @​github-actions[bot] in #​41644
• Replace AWF runtime Python patch with shared JavaScript helper by @​pelikhan with @​Copilot in #​41623
• Add blog post on custom linters, Sergo, Linter Miner, and LintMonster by @​pelikhan with @​Copilot in #​41663
• reduce instructions-janitor max lines target from 500 to 400 by @​pelikhan with @​Copilot in #​41673
• Retry one completed Copilot BYOK proxy auth failure as a fresh run by @​pelikhan with @​Copilot in #​41629
• Make manifest-version optional in aw.yml by @​pelikhan with @​Copilot in #​41687
• Harden API consumption log collection against continuation timeouts by @​pelikhan with @​Copilot in #​41676
• [spec-enforcer] Enforce specifications for setutil by @​github-actions[bot] in #​41684
• Refactor duplicated key sorting, engine env assembly, and engine max-* codemods by @​pelikhan with @​Copilot in #​41674
• fix(harness): exit 0 when expected safe-outputs already produced despite numerous permission-denied by @​pelikhan with @​Copilot in #​41675
• improve update/upgrade --org: version tags, current version display, unified repo discovery by @​pelikhan with @​Copilot in #​41627
• Fix go-logger preflight manifest generation failing on jq filter quoting by @​pelikhan with @​Copilot in #​41695
• fix(USE-001): add standardized error codes to pr_review_buffer and set_issue_type handlers by @​pelikhan with @​Copilot in #​41692
• Enforce GH_AW_POLICY_STRICT at runtime for non-strict compiled workflows by @​pelikhan with @​Copilot in #​41682
• parser: add schema validation tests for sandbox.agent.sudo (regression guard for #​41679) by @​dsyme with @​Copilot in #​41681
• logs: populate message field with actionable guidance when no runs found by @​pelikhan with @​Copilot in #​41693
• docs: resolve spec audit — pkg/intent spec, actionpins Mappings field, linters 4 new subpackages by @​pelikhan with @​Copilot in #​41723
• fix: post-completion MCP relaunch failure is non-fatal; audit-diff surfaces removed denied domains by @​pelikhan with @​Copilot in #​41713
• Normalize report-format guidance across non-compliant agentic workflows by @​pelikhan with @​Copilot in #​41728
• Harden Super Linter workflow against generated-summary linting and log artifact permission failures by @​pelikhan with @​Copilot in #​41729
• Ensure centralized status comments are reused via the standard update path by @​pelikhan with @​Copilot in #​41709
• chore(deps): bump golang.org/x/vuln to v1.5.0 by @​pelikhan with @​Copilot in #​41726
• [dead-code] chore: remove dead functions — 5 functions removed by @​github-actions[bot] in #​41731
• Make banner styling TTY-safe by unexporting BannerStyle and standardizing ShowWelcomeBanner by @​pelikhan with @​Copilot in #​41716
• Add per-repo confirmations for org-mode update/upgrade create actions, with --yes CI bypass by @​pelikhan with @​Copilot in #​41719
• feat(mattpocock-reviewer): mention @​copilot in review comments by @​pelikhan with @​Copilot in #​41756
• Add governance guide for gh aw env defaults and scope inheritance by @​pelikhan with @​Copilot in #​41758
• fix(pr-sous-chef): prevent back-to-back comments and add 30-min cooldown by @​pelikhan with @​Copilot in #​41759
• Add non-TTY fallback for interactive add wizard (MultiSelect + text prompts) by @​pelikhan with @​Copilot in #​41717
• Preserve issue-intent label metadata in add_labels REST payload behind feature flag by @​pelikhan with @​Copilot in #​41725
• Reduce validation benchmark overhead by deduplicating Copilot permission tip emission by @​pelikhan with @​Copilot in #​41753
• refactor(workflow): split custom job builder module out of compiler_jobs.go by @​pelikhan with @​Copilot in #​41754
• feat: upgrade experiments_command.go manual tables to console.RenderTable() by @​pelikhan with @​Copilot in #​41718
• PR Sous Chef: require pr-finisher in Copilot nudge by @​pelikhan with @​Copilot in #​41768
• Fix daily-spdd-spec-planner tool denial limit exceeded by @​pelikhan with @​Copilot in #​41770
• fix(compile_stats): replace raw fmt.Fprintf sub-items with console helpers by @​pelikhan with @​Copilot in #​41764
• Align CLI help/grouping and flag semantics for command consistency by @​pelikhan with @​Copilot in #​41727
• Clarify workflow trigger selection and reporting patterns for agentic workflows by @​pelikhan with @​Copilot in #​41769
• Wrap bare error returns in buildActivationJob with context by @​pelikhan with @​Copilot in #​41763
• Use a named constant for the upgrade-org skills sparse-checkout path by @​pelikhan with @​Copilot in #​41774
• Refactor deploy --org to run through shared org runner by @​pelikhan with @​Copilot in #​41761
• Cache compiled regexp in applySanitizePattern by @​pelikhan with @​Copilot in #​41762
• PR Triage: include same-repo Copilot PRs in eligibility scope by @​pelikhan with @​Copilot in #​41783
• fix: extend MODEL_NOT_SUPPORTED_PATTERN to catch 404 standalone "Model not found" by @​pelikhan with @​Copilot in #​41792
• Lazy-load GitHub toolset permissions JSON via sync.Once by @​pelikhan with @​Copilot in #​41755
• perf(bench): isolate CompileMCPWorkflow benchmark from non-compilation overhead by @​pelikhan with @​Copilot in #​41782
• Add daily detection analysis report workflow by @​pelikhan with @​Copilot in #​41802
• ambient-context: compress shared prompts and fix tone conditional syntax by @​pelikhan with @​Copilot in #​41805
• Fix Copilot log parser for wireApi=responses format; surface tool response previews by @​pelikhan with @​Copilot in #​41767
• Reduce ParseWorkflow overhead by optimizing model-alias cycle detection by @​pelikhan with @​Copilot in #​41772
• Add runtime policy guard for create-pull-request safe outputs by @​pelikhan with @​Copilot in #​41771
• Migrate CLI stderr status output to stderr-aware pkg/console helpers across six commands by @​pelikhan with @​Copilot in #​41773
• chore(deps): bump charmbracelet/x/exp/golden pseudo-version (Jun 2 → Jun 22) by @​pelikhan with @​Copilot in #​41810
• fix: prevent double-escape of custom MCP server env/header secrets in generated lock files by @​pelikhan with @​Copilot in #​41801
• Raise agent sandbox hardening baseline to 50% of eligible workflows by @​pelikhan with @​Copilot in #​41786
• refactor(workflow): consolidate duplicate runtime action repo maps by @​pelikhan with @​Copilot in #​41809
• [docs] Self-healing documentation fixes from issue analysis - 2026-06-27 by @​github-actions[bot] in #​41816
• fix: treat .github/ paths as repo-root-relative in nested bundle manifests by @​mnkiefer with @​Copilot in #​41790

Full Changelog: github/gh-aw@v0.81.4...v0.81.5

v0.81.4

Compare Source

🌟 Release Highlights

This release focuses on reliability, performance, and new operational capabilities — fixing silent failures across the compiler and agent harnesses, reducing wasted credits on hot paths, and adding important new tooling.

✨ What's New

• --org flag for upgrade command (#​41335) — The upgrade command now supports --org and --repos flags, matching the org-wide mode already available in update. Bulk-preview or open upgrade PRs across an entire organization with a single command.

• Daily YAML Lint Fixer workflow (#​41574) — A new agentic workflow automatically fixes yamllint violations in generated *.lock.yml files, keeping CI lint checks clean without manual intervention.

• AWF Firewall startup failure detection (#​41472) — Firewall proxy startup failures (e.g., DNS not yet resolving at probe time) are now detected and surfaced in the agent failure issue — making previously silent infra failures immediately actionable.

• Spec-driven engine.env allowlist (#​41465) — The engine environment variable allowlist is now derived from GetSupportedEnvVarKeys rather than a fragile runtime heuristic, enabling strict: false to be safely removed from smoke workflows.

• Copilot engine launched from ${GITHUB_WORKSPACE} (#​41459) — The Copilot engine now starts from the workspace root, enabling APM skill discovery for context-aware agent behaviour.

🐛 Bug Fixes & Improvements

• Silent YAML parse errors fixed (#​41577) — Five yaml.Unmarshal call sites in workflow_builder.go were silently discarding errors, producing empty step lists on malformed YAML with no diagnostic. All errors now propagate correctly.

• Copilot SDK hang bounded by idle watchdog (#​41572) — After an agent's final tool result, sendAndWait could hang indefinitely until the step timeout killed the runner. A post-completion idle watchdog now bounds this wait, preventing wasted runner minutes.

• Codex harness no longer drains tokens on rate-limit reconnects (#​41385) — When Codex hit a TPM rate limit and exhausted reconnect retries, the harness kept retrying unnecessarily. It now recognises exhausted-reconnect exits and stops, preserving credits.

• Claude harness stops retrying on max_runs_exceeded (#​41361) — Fresh-run fallbacks no longer burn the full quota when a session has already hit its 20-invocation limit.

• Issue Monster false-positive 429 detection eliminated (#​41471) — Rate-limit false positives no longer trigger spurious failure handling.

• assign_to_agent no longer posts error comments on PRs (#​41475) — Error comments are now only posted to issues, matching expected behaviour.

• Daily schedule runs restored (#​41362) — Daily schedule runs broken since June 5 are now fixed.

• workflow_call permissions use union of caller + worker (#​41387) — Imported workflow_call permissions in generated call jobs are now correctly annotated.

⚡ Performance

• YAML generation is faster (#​41333) — Duplicate run-script scans in the skip-validation fast path collapsed to a single pass, restoring compilation performance.

• Design Decision Gate costs reduced (#​41332) — Now defaults to Sonnet instead of Opus and skips issue lookups on no-op paths, meaningfully reducing AI credit consumption per run.

🔒 Security

• Safe-output detection hardened (#​41547) — Detection stays in warn mode on parser/agent failures, ensuring non-reviewable safe outputs are blocked rather than passed through silently.

• Pi threat-detection model normalisation (#​41545) — Pi threat-detection models are now normalised before Copilot fallback, preventing misclassification due to model name variance.

🔧 Internal

• Bumped gh-aw-firewall to v0.27.11 and regenerated pinned workflow artifacts (#​41555)
• Bumped Codex 0.142.1 and Copilot SDK 1.0.4 (#​41430)
• Extracted shared org-wide runner for update and upgrade commands (#​41553)

Generated by 🚀 Release · 44.1 AIC · ⊞ 8.3K

What's Changed

• [community] Update community contributions in README by @​github-actions[bot] in #​41359
• Lower Design Decision Gate runtime cost with Sonnet default and conditional issue lookups by @​pelikhan with @​Copilot in #​41332
• Add GitHub lockdown guard-policy warning and sync security specs by @​pelikhan with @​Copilot in #​41331
• Reduce YAMLGeneration time by collapsing duplicate run-script scans by @​pelikhan with @​Copilot in #​41333
• fix(go-logger): restore daily schedule runs broken since June 5 by @​pelikhan with @​Copilot in #​41362
• feat: add --org to upgrade command by @​pelikhan with @​Copilot in #​41335
• Surface assign-to-agent auth/availability failures in agent failure issues/comments by @​pelikhan with @​Copilot in #​41336
• chore: set sandbox.agent.sudo: false on 30% of agentic workflows by @​pelikhan with @​Copilot in #​41380
• [ubuntu-image] research: update Ubuntu runner image analysis for 2026062.220.1 by @​github-actions[bot] in #​41373
• [code-scanning-fix] Fix workflow-graphql-static-concat: extract GraphQL query to named constant by @​github-actions[bot] in #​41357
• fix(manualmutexunlock): distinguish struct instances sharing a mutex field by @​pelikhan with @​Copilot in #​41383
• Add nolint parity to non-enforced context-family linters by @​pelikhan with @​Copilot in #​41382
• Fix stale frontmatter hash in design-decision-gate.lock.yml by @​pelikhan with @​Copilot in #​41390
• Enable Copilot assignment permissions in Issue Monster workflow by @​pelikhan with @​Copilot in #​41389
• [jsweep] Clean upload_assets.cjs by @​github-actions[bot] in #​41371
• fix: improve agent assignment failure issue reports by @​pelikhan with @​Copilot in #​41392
• [spec-extractor] Update package specifications for tty, types, typeutil, workflow by @​github-actions[bot] in #​41414
• fix: stop codex harness retry loop draining tokens on exhausted rate-limit reconnects by @​pelikhan with @​Copilot in #​41385
• refactor: consolidate triplicate merge helpers and add sliceutil.SortedKeys by @​pelikhan with @​Copilot in #​41388
• fix: use union of caller + worker permissions for call-workflow jobs by @​pelikhan with @​Copilot in #​41387
• fix: revert sandbox.agent.sudo to true in glossary-maintainer workflow by @​pelikhan with @​Copilot in #​41426
• Handle known Windows ConPTY runner failure in daily CLI integration by @​pelikhan with @​Copilot in #​41428
• fix(firewall): skip non-Squid diagnostic lines in generate_usage_activity_summary by @​pelikhan with @​Copilot in #​41429
• chore: bump Codex 0.142.1, Copilot SDK 1.0.4 by @​pelikhan with @​Copilot in #​41430
• Send GraphQL-Features header for issue intent mutations when issue_intents runtime feature is enabled by @​pelikhan with @​Copilot in #​41425
• Issue Monster: eliminate false-positive 429 rate-limit detection by @​pelikhan with @​Copilot in #​41471
• Standardize CLI help section order and GHE note wording by @​pelikhan with @​Copilot in #​41461
• feat: spec-driven engine.env allowlist via GetSupportedEnvVarKeys; remove strict: false from smoke workflows by @​pelikhan with @​Copilot in #​41465
• Annotate imported workflow_call permissions in generated call jobs by @​pelikhan with @​Copilot in #​41464
• fix: prevent assign_to_agent from posting error comments on PRs by @​pelikhan with @​Copilot in #​41475
• Reduce sandbox.agent.sudo: false usage to policy target across agentic workflows by @​pelikhan with @​Copilot in #​41463
• Update existing MCP configs with required gh-aw server fields by @​pelikhan with @​Copilot in #​41462
• feat: detect AWF firewall startup failures and surface them in the agent failure issue by @​pelikhan with @​Copilot in #​41472
• Render runtime features only when configured; move output behind details disclosure by @​pelikhan with @​Copilot in #​41358
• Align safe-outputs bundle pre-check with post-apply file detection by @​pelikhan with @​Copilot in #​41457
• Fix Daily Cache Strategy Analyzer codex model variant to avoid model-not-found failures by @​pelikhan with @​Copilot in #​41541
• Simplify assign-to-agent flow to issue assignee REST APIs with canonical bot login resolution by @​pelikhan with @​Copilot in #​41524
• update org resilience by @​pelikhan in #​41513
• Fix empty firewall allowlist in Codex external detection job (gh-aw-detection) by @​pelikhan with @​Copilot in #​41525
• Normalize Pi threat-detection models before Copilot fallback by @​pelikhan with @​Copilot in #​41545
• [caveman] Optimize instruction verbosity — cli-commands, campaign (2026-06-25) by @​github-actions[bot] in #​41544
• Keep detection in warn mode on parser/agent failures so non-reviewable safe outputs are blocked by @​pelikhan with @​Copilot in #​41547
• Fix docs homepage slide preview when the bundled PDF is an LFS pointer by @​pelikhan with @​Copilot in #​41540
• copilot engine: launch from ${GITHUB_WORKSPACE} to enable APM skill discovery by @​pelikhan with @​Copilot in #​41459
• Bump default gh-aw-firewall to v0.27.11 and regenerate pinned workflow artifacts by @​lpcox with @​Copilot in #​41555
• refactor: extract shared org-wide runner for update and upgrade commands by @​pelikhan with @​Copilot in #​41553
• feat: add daily-yamllint-fixer agentic workflow by @​pelikhan with @​Copilot in #​41574
• fix: resolve InvalidPDFException and add mobile nav toggle test by @​pelikhan with @​Copilot in #​41575
• console: swap supplementary-plane emoji for lightweight Unicode symbols by @​pelikhan with @​Copilot in #​41578
• fix(copilot-sdk): post-completion idle watchdog to bound SDK hang after final tool result by @​pelikhan with @​Copilot in #​41572
• fix: propagate yaml.Unmarshal errors in workflow_builder.go (5 silent sites) by @​pelikhan with @​Copilot in #​41577

Full Changelog: github/gh-aw@v0.81.3...v0.81.4

v0.81.3

Compare Source

🌟 Release Highlights

This release focuses on expanded automation reach with org-wide update management, greater expressiveness through GitHub Actions expression support in more places, and a round of critical fixes across Windows, rootless installs, and assignee resolution.

⚠️ Breaking Changes

sandbox.agent.network-isolation renamed to sandbox.agent.default-route

The frontmatter key sandbox.agent.network-isolation has been renamed to sandbox.agent.default-route (#​41302). Update any workflows using this key to use the new name.

✨ What's New

• Organization-wide gh aw update — Run gh aw update across an entire org with dry-run PR previews before applying changes, making fleet-wide workflow upgrades safer and more auditable (#​41247).
• Templatable safe-outputs.staged values — safe-outputs.staged now accepts GitHub Actions expressions (${{ ... }}), enabling dynamic output values at workflow runtime (#​41296).
• link-sub-issue accepts GitHub expressions — The allowed-repos field in link-sub-issue now supports GitHub Actions expressions for more flexible cross-repo linking (#​41237).
• ready_for_review trigger support — pull_request_target workflows can now trigger on the ready_for_review event, enabling automation when draft PRs are marked ready (#​41161).
• GH_HOST support in gh aw trial — gh aw trial --clone-repo now correctly honors the GH_HOST environment variable for GHES environments (#​41159).
• Sudo enabled in agentic sandboxes — All agentic workflow sandboxes now have sudo available by default, unblocking common agent install patterns (#​41313).
• Firewall v0.27.10 + mcpg v0.3.30 — Network-isolated workflows omit unnecessary sudo from generated lock files; bundled firewall and MCP gateway updated (#​41269).

⚡ Performance

• Parallelized audit analysis — gh aw audit now runs analysis tasks in parallel, significantly reducing latency for long-running workflows (#​41185).

🐛 Bug Fixes

• Windows ConPTY crash fixed — Removed a compat import that caused gh aw to crash on startup on Windows (#​41235).
• Rootless AWF install — gh aw installs correctly into $HOME/.local without root and properly exports $GITHUB_PATH in rootless environments (#​41310).
• Copilot assignee resolution restored — Assignee checks now prefer issue-scoped resolution, fixing cases where the wrong user was assigned (#​41306).
• UpdateContainerPins no longer wipes containers — Fixed a regression where gh aw update erased the entire containers section on every run (#​41262).
• Locked-PR 422 handled gracefully — Safe outputs now treats HTTP 422 on locked PRs as a soft skip with retry rather than a hard failure (#​41155).
• Compiler error quality improved — Errors now include accurate YAML context offsets, import hints, and early engine validation to help authors fix issues faster (#​41234).
• set_issue_type migrated to REST API — Replaced the GraphQL-based set_issue_type safe output with a single REST call for better reliability (#​41241).
• Linter fixes — lenstringsplit false positives with empty separators and ctxbackground false negatives in closures are resolved (#​41188, #​41187).
• Codex MCP CLI wrapper resolution — Fixed safe output path resolution for the Codex MCP CLI wrapper (#​41242).

📚 Documentation

• Safe rollout guidance streamlined for clarity (#​41272).
• Glossary updated with latest terminology (#​41211).

Generated by 🚀 Release · 36.2 AIC · ⊞ 8.3K

What's Changed

• Remove redundant python-dataviz imports from daily reporting workflows by @​pelikhan with @​Copilot in #​41158
• Support ready_for_review for pull_request_target triggers by @​pelikhan with @​Copilot in #​41161
• fix: treat locked-PR 422 as soft skip with retry in safe_outputs by @​pelikhan with @​Copilot in #​41155
• Add SEC-005 exemption for issue_intents.cjs false positive by @​pelikhan with @​Copilot in #​41182
• Allow AgentRx native package installs in Daily AgentRx Trace Optimizer by @​pelikhan with @​Copilot in #​41183
• Pin Daily Sub-Agent Model Resoluti

✂ Note

PR body was truncated to here.