Skip to content

v0.77.4

Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 31 May 18:51
Immutable release. Only release title and notes can be modified.
55db7d7

🌟 Release Highlights

This release delivers Anthropic WIF authentication, a new copilot-sdk engine, expanded aw.yml manifest capabilities, and a battery of reliability fixes across safe-outputs, threat-detection, and workflow compilation.

✨ What's New

  • Anthropic WIF Authentication β€” Claude-engine workflows can now authenticate via Workload Identity Federation, eliminating long-lived API key secrets (#35939)
  • copilot-sdk Engine β€” A new copilot-sdk frontmatter engine field gives workflows access to the Copilot SDK runtime directly (#35936)
  • aw.yml Manifest: Includes, Skills & Agents β€” The repository manifest now supports includes, skills, and agents keys, making it easier to compose and share workflow components across repos (#35778)
  • Per-Workflow 24-Hour Effective-Token Guardrail β€” A new configurable token guardrail prevents runaway agent costs with enterprise-grade defaults and ET shorthand support (#36042)
  • search_commits in GitHub MCP Search Toolset β€” Commit search is now available to agents via the GitHub MCP search toolset (#36115)
  • copilot-review Skill β€” A new skill guides agents through planning, addressing, and responding to PR review feedback (#36111)
  • go-codemod Skill β€” Agents can now implement and test Go codemods for the gh aw fix command (#36034)
  • Ruflo-Backed Agentic Task Workflow β€” New workflow for running agentic tasks via the Ruflo engine (#36046)

πŸ› Bug Fixes & Improvements

  • Activation comment fix β€” Activation comments no longer use the wrong repo/client or fire on empty commits (#35982)
  • Safe-output target-repo β€” Safe output handlers now correctly respect the configured target-repo (#35901)
  • Sparse-checkout filter β€” Agent checkout now emits filter: '' correctly when sparse-checkout is enabled (#35949)
  • Protected-files fallback β€” create_pull_request now pushes the branch before creating a fallback issue (#35990)
  • HEAD-only bundle handling β€” create_pull_request safe-output fallback handles HEAD-only bundles gracefully (#35989)
  • Threat-detection hardening β€” Missing prompt artifacts no longer block safe-output execution (#36113)
  • Reusable workflow timeout β€” timeout-minutes is now correctly passed through reusable workflow callers (#36107)
  • on.needs YAML strip β€” Processed on.needs keys are stripped from emitted YAML, preventing invalid workflow syntax (#35965)
  • Billing multiplier accuracy β€” billing.multiplier from Copilot reflect is now used as the primary ET multiplier source of truth (#36027)
  • Prefer toolcache Copilot CLI β€” Workflows now prefer the Actions toolcache copy of the Copilot CLI before downloading a release, speeding up setup (#35992)
  • Disable histexpand in shell wrappers β€” Bash history expansion is disabled in all generated shell wrappers to prevent unexpected ! expansion (#35991)

πŸ“š Documentation

  • Deprecated/migration callouts removed for a cleaner reference experience (#35923)
  • OpenTelemetry reference slimmed down β€” duplicate config examples removed (#36143)

For complete details, see CHANGELOG.

Generated by πŸš€ Release Β· sonnet46 994.4K


What's Changed

  • Stabilize Step Name Alignment by removing legacy CLI-proxy path by @Copilot in #35804
  • Enforce strconvparseignorederror in CI and remove 6 silent parse discards by @Copilot in #35805
  • [deep-report] Raise Avenger max-turns to 50 to prevent max-turn exits by @Copilot in #35789
  • chore: bump awf to v0.25.57, mcpg to v0.3.21 by @Copilot in #35782
  • [WIP] Fix failing GitHub Actions job lint-go by @Copilot in #35806
  • Remove emoji from experiment assignment summary heading by @Copilot in #35815
  • Align lipgloss compat detection with stderr output path by @Copilot in #35813
  • Extend aw.yml to support includes, skills, and agents by @Copilot in #35778
  • Fix context cancel lifecycle violations in workflow + MCP inspect paths by @Copilot in #35811
  • refactor(workflow): decompose Claude allowed-tools assembly to reduce function complexity by @Copilot in #35812
  • DDUw: catch not_planned docs-coverage/convention gaps (engine-example parity) by @Copilot in #35820
  • Add missing Claude Opus multiplier aliases and correct GPT-5.5 multipliers for 2026-05-30 inventory by @Copilot in #35826
  • Refactor Agentic Workflows routing: move dispatch index to skill, keep agent static, and update init generator by @Copilot in #35817
  • [awf] Fix tool-cache mount handling, smoke-pi runtime config, and cache-memory git recovery by @Copilot in #35802
  • [community] Update community contributions with Tier 3 findings by @github-actions[bot] in #35844
  • Clarify Outcome Collector reference mapping to enforce exact Status-order link parity by @Copilot in #35852
  • [log] Add debug logging to three previously-unlogged pkg/ files by @github-actions[bot] in #35857
  • [docs] docs: apply American English spelling in content reference docs by @github-actions[bot] in #35853
  • [code-simplifier] Simplify claude_tools.go: use getOrCreateToolMap and clearer isClaudeToolName by @github-actions[bot] in #35855
  • fix: safe output handlers now respect target-repo config by @dsyme in #35901
  • Share RUNNER_TEMP with agent step in compiled lock.yml by @Copilot in #35880
  • [docs] Update editor preview screenshots – 2026-05-30 by @github-actions[bot] in #35890
  • [instructions] Sync instruction files with release v0.76.1 by @github-actions[bot] in #35892
  • docs: remove deprecated/migration callouts by @dsyme in #35923
  • [spec-enforcer] Enforce specifications for typeutil, workflow, actionpins by @github-actions[bot] in #35910
  • Remove markdown header from <repo-memory> default prompt section by @Copilot in #35920
  • [docs] Consolidate developer specifications into instructions file by @github-actions[bot] in #35928
  • Improve checkout prompt clarity: repoβ†’path mapping and sparse-checkout visibility by @Copilot in #35927
  • Remove nested Markdown headers from mcp-clis prompt section by @Copilot in #35922
  • fix: add SEC-004 exemption to safe_output_execution_metadata.cjs by @Copilot in #35933
  • Preserve agent and inlined-skill frontmatter during runtime imports so model selection is honored by @Copilot in #35938
  • fix: emit filter:'' in agent checkout when sparse-checkout is enabled (#35947) by @dsyme in #35949
  • Copy skills from aw.yml manifest first; copy skill folders recursively and safely by @Copilot in #35946
  • Add safe-output failure guardrails and actionable PR-branch checkout errors by @Copilot in #35945
  • Drop redundant --yolo from Pi engine invocations by @Copilot in #35950
  • Route harness fallback diagnostics through safeoutputs CLI by @Copilot in #35934
  • feat: Anthropic WIF support in EngineAuthConfig and ClaudeEngine by @Copilot in #35939
  • Strip processed on.needs from emitted on: YAML to prevent invalid workflow syntax by @Copilot in #35965
  • chore: bump firewall to v0.25.58 and gateway to v0.3.22 by @Copilot in #35973
  • fix: activation comment uses wrong repo/client and fires on empty commits by @dsyme in #35982
  • feat: add copilot-sdk engine front matter field by @Copilot in #35936
  • Disable bash histexpand in all generated shell wrappers by @Copilot in #35991
  • fix(create-pull-request): push branch before creating fallback issue for protected-files fallback-to-issue by @Copilot in #35990
  • Sync runtime safe-outputs tool schema with compiler copy, enforce full-object parity, and remove incompatible top-level anyOf by @Copilot in #36007
  • fix: handle HEAD-only bundles in create_pull_request safe-output fallback by @Copilot in #35989
  • Prefer Actions toolcache Copilot CLI before release download by @Copilot in #35992
  • fix: add Anthropic WIF fields to engine.auth JSON schema by @Copilot in #36005
  • fix: align Drain3 MCP Server casing and daily-news cache step name with conventions by @Copilot in #36014
  • Harden golangci-lint install against invalid release downloads by @Copilot in #36011
  • Skip largefunc diagnostics for Go test files by @Copilot in #36009
  • feat: use billing.multiplier from Copilot reflect as primary ET multiplier source of truth by @Copilot in #36027
  • Optimize Daily OTel Instrumentation Advisor with inline sub-agents by @Copilot in #36028
  • Add go-codemod skill for implementing and testing gh aw fix codemods by @Copilot in #36034
  • Refactor duplicated workflow helpers and remove dead audit render stubs by @Copilot in #36010
  • fix: move run-install-scripts under runtimes.node by @Copilot in #36029
  • fix: triage jsonmarshalignoredeerror violations and enforce linter in CI by @Copilot in #36032
  • Strengthen frontmatter YAML helper tests with table-driven coverage and injection guards by @Copilot in #36031
  • Regenerate agentic-workflows skill and agent artifacts from code by @Copilot in #36041
  • Recommend emoji: frontmatter for new agentic workflows by @Copilot in #36045
  • Refactor ParseWorkflowFile orchestration into focused helper phases by @Copilot in #36012
  • [log] Add debug logging to five pkg/ Go files by @github-actions[bot] in #36056
  • Add Ruflo-backed agentic task workflow by @Copilot in #36046
  • [community] Update community contributions in README by @github-actions[bot] in #36048
  • Optimize PR Sous Chef token usage with early-exit setup gating and tighter processing limits by @Copilot in #36075
  • Trim go-logger workflow prompt and validation overhead by @Copilot in #36088
  • Enforce uncheckedtypeassertion in CI and remove remaining analyzer self-violations by @Copilot in #36063
  • [instructions] Sync instruction files with release v0.76.1 by @github-actions[bot] in #36092
  • [docs] Update dictation skill instructions by @github-actions[bot] in #36078
  • fix(linters): decompose oversized functions in pkg/linters and pkg/parser by @Copilot in #36064
  • Fix reusable workflow caller timeout-minutes handling by @Copilot in #36107
  • Add tone_variant A/B experiment to aw-failure-investigator workflow prompt by @Copilot in #36108
  • [jsweep] Clean update_pull_request_branches.cjs by @github-actions[bot] in #36057
  • [spec-enforcer] Enforce specifications for errorutil, linters, parser by @github-actions[bot] in #36110
  • Stop retrying effective-token hard rail failures across harnesses by @Copilot in #36104
  • Add copilot-review skill for PR feedback triage and response by @Copilot in #36111
  • Keep assign_to_agent failures from failing safe_outputs by @Copilot in #36112
  • Add 24-hour per-workflow effective-token guardrail with enterprise defaults and ET shorthand support by @Copilot in #36042
  • Harden threat-detection against missing prompt artifact; unblock safe_outputs by @Copilot in #36113
  • Refactor .github/aw instructions into compact indexed references by @Copilot in #36114
  • [mcp-tools] Add search_commits to GitHub MCP search toolset mapping by @github-actions[bot] in #36115
  • fix: use canonical module paths for pkg/logger in package READMEs by @Copilot in #36128
  • [dead-code] chore: remove dead functions β€” 2 functions removed by @github-actions[bot] in #36129
  • [actions] Update GitHub Actions versions and recompile workflows - 2026-05-31 by @github-actions[bot] in #36084
  • Optimize api-consumption-report with inline small-model sub-agents by @Copilot in #36137
  • Format CJS helpers failing lint-js, merge main, and recompile workflows by @Copilot in #36139
  • [docs] docs: unbloat OpenTelemetry reference (remove duplicate config examples) by @github-actions[bot] in #36143
  • Resolve lint-go findings and refresh post-merge workflow test expectations by @Copilot in #36140
  • Normalize report-format instructions in terminal-stylist and daily-doc-updater workflows by @Copilot in #36145

Full Changelog: v0.77.3...v0.77.4