v0.77.4
Pre-release
Pre-release
Immutable
release. Only release title and notes can be modified.
π Release Highlights
This release delivers Anthropic WIF authentication, a new copilot-sdk engine, expanded aw.yml manifest capabilities, and a battery of reliability fixes across safe-outputs, threat-detection, and workflow compilation.
β¨ What's New
- Anthropic WIF Authentication β Claude-engine workflows can now authenticate via Workload Identity Federation, eliminating long-lived API key secrets (#35939)
copilot-sdkEngine β A newcopilot-sdkfrontmatter engine field gives workflows access to the Copilot SDK runtime directly (#35936)aw.ymlManifest: Includes, Skills & Agents β The repository manifest now supportsincludes,skills, andagentskeys, making it easier to compose and share workflow components across repos (#35778)- Per-Workflow 24-Hour Effective-Token Guardrail β A new configurable token guardrail prevents runaway agent costs with enterprise-grade defaults and
ETshorthand support (#36042) search_commitsin GitHub MCP Search Toolset β Commit search is now available to agents via the GitHub MCP search toolset (#36115)copilot-reviewSkill β A new skill guides agents through planning, addressing, and responding to PR review feedback (#36111)go-codemodSkill β Agents can now implement and test Go codemods for thegh aw fixcommand (#36034)- Ruflo-Backed Agentic Task Workflow β New workflow for running agentic tasks via the Ruflo engine (#36046)
π Bug Fixes & Improvements
- Activation comment fix β Activation comments no longer use the wrong repo/client or fire on empty commits (#35982)
- Safe-output target-repo β Safe output handlers now correctly respect the configured
target-repo(#35901) - Sparse-checkout filter β Agent checkout now emits
filter: ''correctly when sparse-checkout is enabled (#35949) - Protected-files fallback β
create_pull_requestnow pushes the branch before creating a fallback issue (#35990) - HEAD-only bundle handling β
create_pull_requestsafe-output fallback handles HEAD-only bundles gracefully (#35989) - Threat-detection hardening β Missing prompt artifacts no longer block safe-output execution (#36113)
- Reusable workflow timeout β
timeout-minutesis now correctly passed through reusable workflow callers (#36107) on.needsYAML strip β Processedon.needskeys are stripped from emitted YAML, preventing invalid workflow syntax (#35965)- Billing multiplier accuracy β
billing.multiplierfrom Copilot reflect is now used as the primary ET multiplier source of truth (#36027) - Prefer toolcache Copilot CLI β Workflows now prefer the Actions toolcache copy of the Copilot CLI before downloading a release, speeding up setup (#35992)
- Disable
histexpandin shell wrappers β Bash history expansion is disabled in all generated shell wrappers to prevent unexpected!expansion (#35991)
π Documentation
- Deprecated/migration callouts removed for a cleaner reference experience (#35923)
- OpenTelemetry reference slimmed down β duplicate config examples removed (#36143)
For complete details, see CHANGELOG.
Generated by π Release Β· sonnet46 994.4K
What's Changed
- Stabilize Step Name Alignment by removing legacy CLI-proxy path by @Copilot in #35804
- Enforce
strconvparseignorederrorin CI and remove 6 silent parse discards by @Copilot in #35805 - [deep-report] Raise Avenger max-turns to 50 to prevent max-turn exits by @Copilot in #35789
- chore: bump awf to v0.25.57, mcpg to v0.3.21 by @Copilot in #35782
- [WIP] Fix failing GitHub Actions job lint-go by @Copilot in #35806
- Remove emoji from experiment assignment summary heading by @Copilot in #35815
- Align lipgloss compat detection with stderr output path by @Copilot in #35813
- Extend aw.yml to support includes, skills, and agents by @Copilot in #35778
- Fix context cancel lifecycle violations in workflow + MCP inspect paths by @Copilot in #35811
- refactor(workflow): decompose Claude allowed-tools assembly to reduce function complexity by @Copilot in #35812
- DDUw: catch not_planned docs-coverage/convention gaps (engine-example parity) by @Copilot in #35820
- Add missing Claude Opus multiplier aliases and correct GPT-5.5 multipliers for 2026-05-30 inventory by @Copilot in #35826
- Refactor Agentic Workflows routing: move dispatch index to skill, keep agent static, and update init generator by @Copilot in #35817
- [awf] Fix tool-cache mount handling, smoke-pi runtime config, and cache-memory git recovery by @Copilot in #35802
- [community] Update community contributions with Tier 3 findings by @github-actions[bot] in #35844
- Clarify Outcome Collector reference mapping to enforce exact Status-order link parity by @Copilot in #35852
- [log] Add debug logging to three previously-unlogged pkg/ files by @github-actions[bot] in #35857
- [docs] docs: apply American English spelling in content reference docs by @github-actions[bot] in #35853
- [code-simplifier] Simplify claude_tools.go: use getOrCreateToolMap and clearer isClaudeToolName by @github-actions[bot] in #35855
- fix: safe output handlers now respect target-repo config by @dsyme in #35901
- Share RUNNER_TEMP with agent step in compiled lock.yml by @Copilot in #35880
- [docs] Update editor preview screenshots β 2026-05-30 by @github-actions[bot] in #35890
- [instructions] Sync instruction files with release v0.76.1 by @github-actions[bot] in #35892
- docs: remove deprecated/migration callouts by @dsyme in #35923
- [spec-enforcer] Enforce specifications for typeutil, workflow, actionpins by @github-actions[bot] in #35910
- Remove markdown header from
<repo-memory>default prompt section by @Copilot in #35920 - [docs] Consolidate developer specifications into instructions file by @github-actions[bot] in #35928
- Improve checkout prompt clarity: repoβpath mapping and sparse-checkout visibility by @Copilot in #35927
- Remove nested Markdown headers from
mcp-clisprompt section by @Copilot in #35922 - fix: add SEC-004 exemption to safe_output_execution_metadata.cjs by @Copilot in #35933
- Preserve agent and inlined-skill frontmatter during runtime imports so model selection is honored by @Copilot in #35938
- fix: emit filter:'' in agent checkout when sparse-checkout is enabled (#35947) by @dsyme in #35949
- Copy skills from aw.yml manifest first; copy skill folders recursively and safely by @Copilot in #35946
- Add safe-output failure guardrails and actionable PR-branch checkout errors by @Copilot in #35945
- Drop redundant
--yolofrom Pi engine invocations by @Copilot in #35950 - Route harness fallback diagnostics through safeoutputs CLI by @Copilot in #35934
- feat: Anthropic WIF support in EngineAuthConfig and ClaudeEngine by @Copilot in #35939
- Strip processed
on.needsfrom emittedon:YAML to prevent invalid workflow syntax by @Copilot in #35965 - chore: bump firewall to v0.25.58 and gateway to v0.3.22 by @Copilot in #35973
- fix: activation comment uses wrong repo/client and fires on empty commits by @dsyme in #35982
- feat: add copilot-sdk engine front matter field by @Copilot in #35936
- Disable bash histexpand in all generated shell wrappers by @Copilot in #35991
- fix(create-pull-request): push branch before creating fallback issue for protected-files fallback-to-issue by @Copilot in #35990
- Sync runtime safe-outputs tool schema with compiler copy, enforce full-object parity, and remove incompatible top-level anyOf by @Copilot in #36007
- fix: handle HEAD-only bundles in create_pull_request safe-output fallback by @Copilot in #35989
- Prefer Actions toolcache Copilot CLI before release download by @Copilot in #35992
- fix: add Anthropic WIF fields to engine.auth JSON schema by @Copilot in #36005
- fix: align Drain3 MCP Server casing and daily-news cache step name with conventions by @Copilot in #36014
- Harden golangci-lint install against invalid release downloads by @Copilot in #36011
- Skip
largefuncdiagnostics for Go test files by @Copilot in #36009 - feat: use billing.multiplier from Copilot reflect as primary ET multiplier source of truth by @Copilot in #36027
- Optimize Daily OTel Instrumentation Advisor with inline sub-agents by @Copilot in #36028
- Add
go-codemodskill for implementing and testinggh aw fixcodemods by @Copilot in #36034 - Refactor duplicated workflow helpers and remove dead audit render stubs by @Copilot in #36010
- fix: move run-install-scripts under runtimes.node by @Copilot in #36029
- fix: triage jsonmarshalignoredeerror violations and enforce linter in CI by @Copilot in #36032
- Strengthen frontmatter YAML helper tests with table-driven coverage and injection guards by @Copilot in #36031
- Regenerate agentic-workflows skill and agent artifacts from code by @Copilot in #36041
- Recommend
emoji:frontmatter for new agentic workflows by @Copilot in #36045 - Refactor
ParseWorkflowFileorchestration into focused helper phases by @Copilot in #36012 - [log] Add debug logging to five pkg/ Go files by @github-actions[bot] in #36056
- Add Ruflo-backed agentic task workflow by @Copilot in #36046
- [community] Update community contributions in README by @github-actions[bot] in #36048
- Optimize PR Sous Chef token usage with early-exit setup gating and tighter processing limits by @Copilot in #36075
- Trim go-logger workflow prompt and validation overhead by @Copilot in #36088
- Enforce
uncheckedtypeassertionin CI and remove remaining analyzer self-violations by @Copilot in #36063 - [instructions] Sync instruction files with release v0.76.1 by @github-actions[bot] in #36092
- [docs] Update dictation skill instructions by @github-actions[bot] in #36078
- fix(linters): decompose oversized functions in pkg/linters and pkg/parser by @Copilot in #36064
- Fix reusable workflow caller timeout-minutes handling by @Copilot in #36107
- Add
tone_variantA/B experiment toaw-failure-investigatorworkflow prompt by @Copilot in #36108 - [jsweep] Clean update_pull_request_branches.cjs by @github-actions[bot] in #36057
- [spec-enforcer] Enforce specifications for errorutil, linters, parser by @github-actions[bot] in #36110
- Stop retrying effective-token hard rail failures across harnesses by @Copilot in #36104
- Add copilot-review skill for PR feedback triage and response by @Copilot in #36111
- Keep assign_to_agent failures from failing safe_outputs by @Copilot in #36112
- Add 24-hour per-workflow effective-token guardrail with enterprise defaults and ET shorthand support by @Copilot in #36042
- Harden threat-detection against missing prompt artifact; unblock safe_outputs by @Copilot in #36113
- Refactor
.github/awinstructions into compact indexed references by @Copilot in #36114 - [mcp-tools] Add search_commits to GitHub MCP search toolset mapping by @github-actions[bot] in #36115
- fix: use canonical module paths for pkg/logger in package READMEs by @Copilot in #36128
- [dead-code] chore: remove dead functions β 2 functions removed by @github-actions[bot] in #36129
- [actions] Update GitHub Actions versions and recompile workflows - 2026-05-31 by @github-actions[bot] in #36084
- Optimize
api-consumption-reportwith inline small-model sub-agents by @Copilot in #36137 - Format CJS helpers failing lint-js, merge main, and recompile workflows by @Copilot in #36139
- [docs] docs: unbloat OpenTelemetry reference (remove duplicate config examples) by @github-actions[bot] in #36143
- Resolve lint-go findings and refresh post-merge workflow test expectations by @Copilot in #36140
- Normalize report-format instructions in terminal-stylist and daily-doc-updater workflows by @Copilot in #36145
Full Changelog: v0.77.3...v0.77.4