Releases: github/gh-aw
Release list
v0.79.3
🌟 Release Highlights
v0.79.3 focuses on security hardening — stricter sandbox controls, enforced AI credit guardrails, and improved error surfacing for misconfigured model names.
⚠️ Breaking Changes
-
imports.ifremoved — Conditional frontmatter imports have been removed to keep import chains security-stable. Migrate experiment-driven conditional imports to runtime body-level imports. (#38247) -
sandbox.agent: falserequires explicit feature flag — Disabling the agent sandbox now requires thedangerously-disable-sandbox-agentfeature flag. Workflows without it will fail to compile, ensuring the security trade-off is always intentional. (#38205) -
Sandbox-disable justification enforced — Sandbox-disable declarations must now include a justification string; new AWF import and safe-output constraints are enforced at compile time. (#38228)
✨ What's New
-
Clearer model error messages — Invalid model names (Copilot, Codex, Claude) are now detected and routed to actionable conclusion failures instead of cryptic errors. (#38258)
-
AI credit guardrails with built-in defaults — Credit limits now default to 5,000/day and 1,000/run, with a consistent resolution order: frontmatter → imported config → GitHub variable → built-in constant. (#38197)
-
Dynamic
checkout.repositoryexpressions unblocked — Checkout manifest generation now usesgithub-script, enabling dynamic repository expressions in workflow definitions. (#38154) -
New
execcommandwithoutcontextlinter — Auto-mined linter #24 flags bareexec.Commandcalls in context-aware functions and provides an auto-fix toexec.CommandContext. (#38185)
🐛 Bug Fixes & Improvements
- Init file writers now recursively create parent directories, preventing failures when output paths do not yet exist. (#38204)
- Caller context is properly threaded into
pushWorkflowFilesgit subprocesses for better tracing and correctness. (#38208) - GitHub API rate limit is now measured and logged around the daily AI credit guardrail check. (#38256)
📚 Documentation
on.rolesclarified —on.rolesis an exact-match allowlist, not a privilege threshold. (#38209)- Cost Management reference updated with default runaway-cost guardrails and improved formatting. (#38186, #38224)
- OpenTelemetry references and docs updated. (#38196)
- Fixed
mcp list-toolsexample to use the correct--serverflag. (#38188) - Quick-start guide clarifies the
githubnext/agenticsorigin and simplifies the.lock.ymlexplanation. (#38189)
Generated by 🚀 Release · 109.6 AIC · ⊞ 28.8K
What's Changed
- Compile: move checkout-manifest generation to github-script to unblock dynamic checkout.repository expressions by @Copilot in #38154
- docs: add default runaway-cost guardrails to Cost Management reference by @Copilot in #38186
- docs: fix
mcp list-toolsexample to use--serverflag by @Copilot in #38188 - Add formal compiler threat-detection test suite for CTR-001/011/014/015/016 by @Copilot in #38166
- docs(quick-start): clarify githubnext/agentics origin and simplify .lock.yml paragraph by @Copilot in #38189
- [linter-miner] feat(linters): add execcommandwithoutcontext linter by @github-actions[bot] in #38185
- Remove extra otlp test/advisor workflows by @mnkiefer in #38200
- Update OpenTelemetry references and docs by @mnkiefer in #38196
- docs: clarify on.roles is an exact-match allowlist, not a privilege threshold by @Copilot in #38209
- Require
dangerously-disable-sandbox-agentfeature flag to allowsandbox.agent: falseby @Copilot in #38205 - Ensure init file writers create parent directories recursively by @Copilot in #38204
- docs(cost-management): replace all tables with headers and lists by @Copilot in #38224
- [caveman] Optimize instruction verbosity — context.md, experiments.md (2026-06-09) by @github-actions[bot] in #38215
- Thread caller context into
pushWorkflowFilesgit subprocesses by @Copilot in #38208 - docs: widen Starlight content column on large screens without mid-width TOC regressions by @Copilot in #38230
- Enforce AI credit resolution order; set built-in defaults to 5000 (daily) and 1000 (per-run) by @Copilot in #38197
- Enforce sandbox-disable justification strings and surface new AWF import/safe-output constraints by @Copilot in #38228
- chore: bump gh-aw-firewall to v0.27.0 and sync AWF schema artifacts by @Copilot in #38235
- Remove
imports.ifand migrate experiment-driven import usage to runtime imports by @Copilot in #38247 - [WIP] Fix failing GitHub Actions job 'Integration: CLI Compile & Poutine' by @Copilot in #38262
- Measure and log GitHub API rate limit around daily AIC guardrail by @Copilot in #38256
- Detect invalid model names across Copilot/Codex/Claude and surface as specialized conclusion failures by @Copilot in #38258
- [WIP] Fix failing GitHub Actions job Integration: Workflow Features by @Copilot in #38261
Full Changelog: v0.79.2...v0.79.3
v0.79.2
🌟 Release Highlights
This release sharpens the AI credits experience with clearer failure messaging and better observability, closes two compilation edge cases, and raises the quality bar for safe-outputs issue bodies.
✨ What's New
-
Redesigned max-ai-credits failure template — When a workflow exhausts its AI credit budget, the failure issue now presents inline metrics, a collapsible "Increase the limit" section with a copy-paste snippet, and a cleaner layout that surfaces the fix immediately. (#38164)
-
Richer 429 guardrail context — Engine
429 Maximum AI credits exceedederrors now include the specificmax-ai-creditsguardrail details in the failure issue, eliminating generic rate-limit noise. (#38131) -
AI credit usage tracked in OpenTelemetry — AIC consumption is now reported in OTel spans, making it easier to correlate credit spend with workflow trace data. (#38163)
-
Actionable syntax-error recovery hints — Duplicate frontmatter keys and invalid permission scopes now produce targeted, actionable hints instead of generic messages. (#38129)
-
Minimum body length enforced for
create_issue— Safe outputs now reject placeholder or near-empty issue bodies at the schema and validator level, preventing low-signal content from reaching GitHub. (#38114)
🐛 Bug Fixes
-
Dynamic
checkout.repositoryexpressions now compile correctly —gh aw compilewas failing in v0.78.3+ whencheckout.repositorywas aworkflow_dispatchinput expression (e.g.${{ github.event.inputs.trigger_ref }}). The checkout-manifest generation step has been moved to agithub-scriptaction to handle dynamic expressions correctly. (#38154) -
assertTrustedCheckoutRuntimefixed for bot/app actors — Calls with GitHub App actors likeCopilotordependabotwere returning HTTP 404 because the API does not accept App login names for collaborator permission checks. The function now detects and handles bot/app actors correctly. (#38152)
📚 Documentation
-
Feature-sync example page streamlined — Seven near-identical
create-pull-requestexamples were consolidated, making the multi-repo feature synchronization pattern easier to scan. (#38182) -
Upstream-managed workflow provenance documented in AGENTS.md — Workflows with a
source:frontmatter entry (e.g. fromgithubnext/agentic-ops) are now explicitly flagged as read-only, with the approved update path (gh aw update) spelled out for contributors. (#38087)
Generated by 🚀 Release · 121.3 AIC · ⊞ 28.6K
What's Changed
- Enforce minimum
create_issuebody length in safe outputs schema and validator by @Copilot in #38114 - Expand daily Windows terminal integration builder with systematic Windows chaos scenarios by @Copilot in #38132
- Document upstream-managed workflow provenance and update path in AGENTS.md by @Copilot in #38087
- Standardize workflow YAML unmarshalling on goccy/go-yaml by @Copilot in #38130
- Implementing AIC usage in otel by @Copilot in #38163
- Improve syntax-error recovery hints for duplicate keys and invalid permission scopes by @Copilot in #38129
- Surface max-ai-credits guardrail context for 429 engine failures by @Copilot in #38131
- Refactor linters to share AST helpers and eliminate helper drift by @Copilot in #38020
- Fix assertTrustedCheckoutRuntime for bot/app actors (Copilot, dependabot) by @Copilot in #38152
- [docs] docs: unbloat feature-sync example page by @github-actions[bot] in #38182
- feat: redesign max-ai-credits exceeded failure template by @Copilot in #38164
Full Changelog: v0.79.1...v0.79.2
v0.79.1
🌟 Release Highlights
This patch release sharpens agent resilience, expands automated testing coverage, and delivers targeted bug fixes across codemods, linters, and safe-output handlers.
✨ What's New
- Daily safeoutputs git simulator workflow (#38108) — A new daily agentic workflow continuously validates the safeoutputs git simulation path, catching regressions before they reach users.
- Two new codemods for persistent cross-repo compile failures (#38097) — Automated codemods now resolve recurring compile failures in
mauiandazure-rest-api-specs, reducing manual triage for common build patterns. - Dedicated daily Windows CLI integration workflow (#38048) — Windows-specific CLI smoke tests now run on a dedicated daily schedule, giving earlier signal on platform regressions.
- Compact MCP CLI help (#38056) — MCP CLI help output now fits full command and option names within 20–30 lines, making it easier to scan available tools at a glance.
🐛 Bug Fixes & Improvements
- Standardized error codes on safe-output handlers (#38100) — Four safe-output handlers now emit structured
USE-001error codes, making failures easier to identify and debug programmatically. - Tool-denial handling hardened (#38051, #38036, #38101) — Workflow prompts and failure reports now handle repeated permission-denial patterns more accurately: repeated denials surface before generic warnings, and the last denied request is formatted for clarity.
- sortslice linter precision fix (#38053) — The
sortsliceanalyzer now matches stdlib sort calls by type identity rather than identifier text, eliminating false positives from identically-named non-stdlib functions. - Windows PowerShell
--help/versioncheck fixed (#38115) — Corrects flag detection in the Windows CLI integration workflow so PowerShell-specific invocation patterns are properly validated. - Hardened
validate-yamllockfile detection in CGO workflow (#38112) — Lockfile presence checks during release builds are now more reliable, preventing false failures in CGO compilation workflows. - Compacted system prompt blocks (#38049) — Generated system prompts are smaller by flattening redundant XML wrappers and deduplicating guidance, reducing token usage on every agent invocation.
📚 Documentation
- sortslice added to linters namespace docs and public-API spec list, now covering 23 analyzers (#38052).
- Daily documentation and glossary updates for features shipped in this cycle (#38098, #38092).
Generated by 🚀 Release · 108.7 AIC · ⊞ 28.4K
What's Changed
- Align workflow designer skill mappings with current AW reference surface by @Copilot in #38033
- Prioritize repeated-permission-denial context over generic missing-tool warning by @Copilot in #38036
- Add dedicated daily Windows CLI integration workflow by @Copilot in #38048
- [instructions] Sync instruction files with release v0.79.0 by @github-actions[bot] in #38077
- Bump @types/node from 25.9.1 to 25.9.2 in /actions/setup/js by @dependabot[bot] in #38082
- Bump golang.org/x/crypto from 0.52.0 to 0.53.0 by @dependabot[bot] in #38081
- [docs] Update glossary - daily scan by @github-actions[bot] in #38092
- [spec-extractor] Update package specifications for stringutil, styles, testutil, timeutil by @github-actions[bot] in #38088
- Bump golang.org/x/mod from 0.36.0 to 0.37.0 by @dependabot[bot] in #38084
- [docs] Update documentation for features from 2026-06-09 by @github-actions[bot] in #38098
- Sync
sortsliceinto linters namespace docs and public-API spec list (23 analyzers) by @Copilot in #38052 - [jsweep] Clean validate_secrets.cjs by @github-actions[bot] in #38031
- chore: remove committed snapshot file and gitignore snapshots by @Copilot in #38104
- feat: daily safeoutputs git simulator agentic workflow by @Copilot in #38108
- sortslice: match stdlib sort calls by type identity, not identifier text by @Copilot in #38053
- Fix Windows PowerShell
--help/versionchecks in Windows CLI integration workflow by @Copilot in #38115 - Harden
validate-yamlrelease-build lockfile detection in CGO workflow by @Copilot in #38112 - Improve tool-denial failure report formatting for last denied request by @Copilot in #38101
- Harden workflow prompts against systemic tool-denial patterns by @Copilot in #38051
- feat: add two codemods for persistent cross-repo compile failures (maui, azure-rest-api-specs) by @Copilot in #38097
- [ab-advisor] A/B experiment: prefetch_strategy for daily-safe-output-optimizer by @Copilot in #38096
- fix(USE-001): add standardized error codes to four safe-output handlers by @Copilot in #38100
- Compact MCP CLI help to show full command/option names within 20/30 lines by @Copilot in #38056
- Removing snapshot test by @Copilot in #38124
- Compact generated system prompt blocks by flattening XML wrappers and removing duplicated guidance by @Copilot in #38049
- Enforce trusted-reviewer triage in pr-finisher/copilot-review and expand gh PR query filters by @Copilot in #38127
Full Changelog: v0.79.0...v0.79.1
v0.79.0
🌟 Release Highlights
v0.79.0 is a significant milestone release centered on the AI Credits (AIC) naming migration, smarter budget guardrails, Windows platform support, and a wave of compiler and tooling improvements.
⚠️ Breaking Changes
setup-stepsrejected on activation/pre-activation jobs — The compiler now fails fast ifsetup-stepsis attached toactivationorpre_activationjobs, where it could bypass built-in protection sequencing. Removesetup-stepsfrom these job types before upgrading. (#37441)max-runsdeprecated →max-turns— The top-levelmax-runsfield is deprecated in favor of the canonicalmax-turns. Automated migration is available viagh aw fix --write. (#37587)
✨ What's New
- AI Credits (AIC) — complete migration — The project has fully migrated from "Effective Tokens" terminology to "AI Credits (AIC)" across all docs, workflow templates, telemetry, and OpenTelemetry attributes. The cost management docs reflect the new language. (#37692, #37693, #37691)
max-ai-creditsenabled by default — Workflows now default to a1000AI Credit budget with no configuration needed. Setmax-ai-credits: -1to disable enforcement entirely for unrestricted runs. (#37585, #37437)- AIC exhaustion detection & smart retry halting — The harness now detects budget exhaustion from the firewall audit log and correctly classifies it separately from provider HTTP 429 throttling, preventing misleading failure reports and stopping unnecessary retries on credit exhaustion. (#37936, #38022, #38018)
- Windows platform support — A new
CWI.ymlpush-triggered workflow builds the CLI for Windows and runs integration tests to validate cross-OS compatibility. (#37844) pr-finisherskill — New skill that guides agents through taking an in-flight PR to merge-ready state: local validation order, failing CI inspection, and iteration discipline. (#37873)add-comment: exact-match comment minimization —hide-older-comments.matchnow supports exact multi-workflow comment minimization, giving workflows precise control over which older comments are hidden. (#37977)temporary_idenforcement —create-issueandcreate-pull-requestsafe-output calls now require valid#aw_*IDs enforced at the frontmatter and MCP validation layer, preventing stale references leaking into user-facing artifacts. (#37469)gh aw compile --use-samples— New hidden flag for deterministic safe-outputs replay, replacing live agentic execution with recorded samples for reproducible testing. (#37359)
🐛 Bug Fixes & Improvements
- Fix
gh aw addfor long hyphenated repository names — Workflow specs with long hyphenated repo names were incorrectly rejected; parsing is now accurate for all validowner/repo/pathforms. (#37960) - Fix bundle refs on non-main branch dispatch —
refs/heads/<branch>is now correctly included in bundles when the agent HEAD is on the target branch during non-main dispatches. (#37929) - Stop retrying Copilot CLI PAT-rejection 400 as transient — 400 errors from PAT rejection are now treated as permanent failures, avoiding wasteful retries. (#37937)
- Compiler: quote env scalars with
:in YAML — Env values containing:are now properly quoted in compiled YAML, preventing parse errors in generated workflows. (#37706) - TTY guard for
ConfirmAction— Matches existing non-TTY fallback inlist.goto prevent hangs in non-interactive environments. (#37933) - Windows terminal startup guard — Terminal probing on Windows is now skipped when stderr is redirected, preventing hangs in CI environments. (#37823)
⚡ Performance
- Reduced
set-memoryoverhead — High-traffic workflow and CLI paths now usemap[string]struct{}sets instead ofmap[string]bool, reducing allocations in hot paths. (#37480)
📚 Documentation
- AI Credits terminology — All user-facing documentation migrated from "Effective Tokens" to "AI Credits" including the cost management reference. (#37692)
GH_AW_GITHUB_TOKENreference and Go cache guidance — New docs covering secure token configuration and Go build cache best practices. (#37583)- PR lifecycle and
setup-stepsdocs — CONTRIBUTING and DEVGUIDE updated with PR lifecycle guidance;setup-stepsdocs clarify pre-activation constraints. (#37964, #37436)
Generated by 🚀 Release · 185.4 AIC · ⊞ 28.5K
What's Changed
- Enforce bash parser specification invariants in JS Copilot SDK parser by @Copilot in #37394
- Align token-usage tests with table-based summary output (JS shard 3/4) by @Copilot in #37399
- Resolve
lint-jsfailure by formatting new fuzz/parser JS files and preserve fuzz test coverage in CJS CI by @Copilot in #37406 - [aw] Update legacy ET rate-limit guidance to AI Credits-first format by @Copilot in #37400
- Emit compact
usageartifact from conclusion job for forecast data access by @Copilot in #37408 - Trim ambient-context wording from generated footer metrics by @Copilot in #37414
- Refactor Antigravity log metrics parsing to meet function-length linter by @Copilot in #37413
- feat: add daily-formal-spec-verifier agentic workflow by @Copilot in #37407
- Stabilize Daily Caveman Optimizer by keeping model-size experiment and fixing small-agent alias by @Copilot in #37402
- recompile: regenerate lock files with dev build by @Copilot in #37422
- agentics-maintenance: run forecast directly without log predownload by @Copilot in #37423
- Use repo UTC for computed expiration times in generated footers by @Copilot in #37424
- Forecast: prefer
usageartifact for token AIC, retain legacy agent fallback by @Copilot in #37427 - Use AIC in forecast issue report and consume AIC projection fields by @Copilot in #37428
- Normalize agentic workflow AI budgets to
max-ai-credits: 1500by @Copilot in #37431 - Refresh wasm golden fixtures for compiler output drift by @Copilot in #37433
- Standardize agent failure warnings on GitHub alert callouts by @Copilot in #37430
- Add AIC, ambient context metrics, and history link to noop comments by @Copilot in #37439
- feat(compile): add hidden
--use-samplesflag for deterministic safe-outputs replay by @dsyme in #37359 - Use usage-only forecast artifacts and cache forecast run logs in maintenance workflow by @Copilot in #37440
- Surface
jobs.<job>.setup-stepsin.github/awsyntax docs and clarify setup vs pre hook semantics by @Copilot in #37436 - feat(max-ai-credits): allow -1 to disable budget enforcement and steering by @dsyme in #37437
- Target effective-token terminology updates to AI credits in instruction docs by @Copilot in #37432
- Safe-outputs: add schema-driven synonym mapping (incl. camelCase aliases), keep synonym metadata internal to MCP/CLI prompts, and enforce strict unknown-parameter errors; clarify schema constraints by @Copilot in #37421
- Reject
setup-stepson activation and pre-activation jobs by @Copilot in #37441 - Improve forecast maintenance diagnostics and timeout behavior by @Copilot in #37447
- Pin Daily Documentation Healer to explicit Claude model variants by @Copilot in #37445
- Include detection AIC in no-op comment footer totals by @Copilot in #37446
- Fix Copilot SDK sample driver BYOK session configuration in Daily Model Inventory workflow by @Copilot in #37454
- Refactor import...
v0.78.3
🌟 Release Highlights
v0.78.3 centers on the AI Credits (AIC) budget system replacing legacy effective-token fields, significant Copilot SDK reliability improvements, and new workflow authoring capabilities including per-job setup steps and a new CLI flag.
⚠️ Breaking Changes
max-effective-tokensdefault removed — The implicit 25M effective-token fallback has been removed. Workflows that relied on the default must now set an explicit budget. Usemax-ai-creditsgoing forward and rungh aw fix --writeto migrate automatically (#37235, #37246). See the Cost Management reference for details.
✨ What's New
max-ai-creditsbudget support — Set AI credit spending limits directly in workflow frontmatter and AWF config. Failure reporting and token-usage step summaries now surface AIC context, giving you full visibility into agent spend (#37235, #37374).jobs.<job>.setup-steps— A new workflow field that injects custom steps before the compiler setup and App token minting phases. Use it to pre-install tools or bootstrap environments without modifying the compiled output (#37368).gh aw compile --gh-aw-ref— A new convenience flag pins compilation to a specific ref, improving reproducibility in CI pipelines (#37313).- Copilot SDK
max-tool-denialsguardrail — Agents can no longer spin indefinitely when tools are repeatedly denied; the new guardrail caps runaway denial loops and surfaces the failure clearly (#37161, #37363). - Centralized cap-exceeded failure tracking — Cap-exceeded failures now roll up into a single tracking issue (cap raised to 50/24h), reducing noise and improving operational observability (#37273).
🐛 Bug Fixes & Improvements
- Copilot driver startup fixed — Removed a runtime
minimatchdependency that caused driver startup failures in daily workflows (#37373). - Piped bash commands through permission checker — The Copilot SDK permission checker now correctly handles piped bash commands, preventing false denials on valid multi-command pipelines (#37369).
- safe-outputs: MCP git hang prevention — The safe-outputs MCP server no longer hangs on git operations; base-branch and checkout manifest support added for resilient execution (#37225, #37299).
copilot/provider prefix in AIC lookups — Model AI credit lookups now correctly resolve thecopilot/provider prefix, fixing incorrect cost attribution (#37340).- SARIF
actions: readfor private repos — Generated SARIF upload jobs now include the requiredactions: readpermission so code-scanning uploads succeed in private repositories (#37367). - Workflow timeout propagated to Copilot SDK sessions — SDK driver sessions now inherit the workflow-level timeout, preventing sessions from outliving their parent workflow (#37262).
📚 Documentation
- Safe-output type catalog converted from bullet lists to tables for improved scanability (#37362).
max-effective-tokens→max-ai-creditsmigration snippet added to the Cost Management reference (#37387).
Generated by 🚀 Release · 77.2 AIC · ⊞ 28.4K ambient context
What's Changed
- Add Copilot SDK
max-tool-denialsguardrail to stop runaway tool-denied loops by @Copilot in #37161 - Normalize discussion-body heading levels in
copilot-pr-nlp-analysisworkflow by @Copilot in #37198 - Refactor safe-outputs config: extract
handlerRegistryinto dedicated file by @Copilot in #37197 - [awf] Bump firewall to v0.25.65 and mcpg to v0.3.23 by @Copilot in #37201
- chore: bump default Claude/Copilot/Codex CLI pins by @Copilot in #37097
- Add smoke-copilot-aoai-apikey workflow for Azure OpenAI BYOK by @Copilot in #37174
- [safeoutputs] Clarify flat MCP arguments and add SafeOutputMCP wrapped-argument fallback by @Copilot in #37208
- refactor: consolidate triplicated import-path resolution, extract engine parse* helpers, inline redundant YAML wrapper by @Copilot in #37162
- test(ci): fix pre-existing failures on main (otlp env, MCP target repo, wasm goldens) by @dsyme in #37226
- fix(safe-outputs): prevent MCP server git hangs; add base-branch + checkout manifest by @dsyme in #37225
- feat: derive heredoc separators from content hash for build stability by @Copilot in #37224
- fix(setup): include safe_outputs_mcp_arguments in safe-outputs copy list by @Copilot in #37229
- Compact AIC labels in generated footers by @Copilot in #37234
- Add
max-ai-creditsbudget support across frontmatter, AWF config, imports, and failure reporting, and remove defaultmax-effective-tokens25M fallback by @Copilot in #37235 - Add
//nolintsuppression parity to all CI-enforced custom linters by @Copilot in #37237 - Prune non-schema entries from
SharedWorkflowForbiddenFieldsby @Copilot in #37236 - Align docs-server step names across docs testing workflows by @Copilot in #37238
- fix: wire GH_AW_COPILOT_SDK_SERVER_ARGS into SDK driver permission config by @Copilot in #37240
- Require mandatory Copilot SDK permission handler and codify config-driven behavior by @Copilot in #37245
- Increase per-category failure issue cap from 5 to 25 per day by @Copilot in #37248
- Merge
maininto feature branch and recompile generated/setup artifacts by @Copilot in #37249 - Deprecate legacy effective-token budget fields and add codemod migration to AI credits by @Copilot in #37246
- Add
//nolintsuppression support toseenmapboolandtolowerequalfoldby @Copilot in #37255 - Enforce
tolowerequalfoldby converting case-insensitive comparisons tostrings.EqualFoldby @Copilot in #37256 - Parse Copilot SDK tool-denial logs in permission issue extraction by @Copilot in #37261
- Propagate workflow timeout to Copilot SDK driver sessions by @Copilot in #37262
- Align SafeOutputsConfig YAML tag for
create-code-scanning-alertwith schema/handler key by @Copilot in #37258 - fix(safe-outputs): re-derive patch/bundle paths and stop double-writing infrastructure fields by @dsyme in #37299
- Prevent stale-base signed replay from synthesizing unrelated changes; enforce policy on GraphQL payload by @Copilot in #36937
- feat(cli): add --gh-aw-ref convenience flag to compile by @dsyme in #37313
- Prevent safe-outputs startup regressions in daily workflows by @Copilot in #37272
- fix(code-simplifier): eliminate python3 bash-policy failures, fix jq split bug, add guardrails by @Copilot in #37268
- [docs] Consolidate developer specifications into instructions file (v9.16) by @github-actions[bot] in #37318
- Increase per-run AI budget for Agentic Token Optimizer to prevent ET cap aborts by @Copilot in #37269
- Replace test set-style
map[string]boolusage withmap[string]struct{}by @Copilot in #37257 - [aw] Make spec-librarian reliably emit a safe output by @Copilot in #37321
- Update safe-output health failure messaging to AI Credits by @Copilot in #37265
- Fix Copilot SDK headless auth/driver path and tool-permission denials in daily workflows by @Copilot in #37322
- [aw] Pin Daily Go Function Namer experiment to concrete Claude models by @Copilot in #37325
- Add prompt_style A/B experiment to smoke-project workflow by @Copilot in #37326
- [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #37331
- [WIP] Normalize report formatting for non-compliant workf...
v0.78.2
🌟 Release Highlights
This release marks the full transition from Effective Tokens to AI Credits (AIC) as the primary cost metric, while hardening the Copilot SDK driver, tightening safe-outputs contracts, and cleaning up long-deprecated schema fields.
⚠️ Breaking Changes
Several deprecated fields have been removed in this release. Update your workflows before upgrading:
rate-limitfrontmatter field removed — useuser-rate-limitinsteadinline-sub-agentsandfeatures.inline-agentsfields removed — migrate to thesub-agentsconfigurationdisable-model-invocationremoved from the workflow schemamax-daily-effective-tokensremoved — usemax-daily-ai-creditsinstead (see cost management docs)modelsfrontmatter field deprecated — compilation warnings will be emitted- Premium Requests (PRU) support removed
- Copilot SDK driver inlined mode removed — only standalone driver mode is supported
✨ What's New
AI Credits (AIC) — New Cost Accounting Standard
AI Credits (AIC) is now the primary cost metric across gh-aw, replacing Effective Tokens:
max-daily-ai-creditsis a new frontmatter guardrail (docs)- ΔAIC and AIC columns added to token usage step summary tables for clear cost attribution
- AIC reported in generated footers, OTLP spans, and
gh aw forecastoutput - A W3C-style AI Credits specification documents the calculation methodology and
models.jsonformat - Model catalog now sourced from models.dev with native cost fields; pricing updated automatically
Copilot SDK Driver Enhancements
- Multi-language driver support: SDK drivers can now be written in any language or use arbitrary commands (docs)
engine.copilot-sdk-driverfield added to override the default driver scriptengine.copilot-sdkis now auto-inferred fromengine.copilot-sdk-driverwhen present- SDK driver events are now streamed to stderr as JSONL for real-time observability
- Default SDK log level set to
allin harness mode for richer debugging
Safe Outputs Improvements
close-older-pull-requestsoption added tocreate-pull-requestsafe output- Multi-repo wildcard
target-reponow supported in safe-outputs jobs - REST comment IDs accepted in
hide_comment(auto-resolved to GraphQL node IDs) add_commentwildcard target misses are now non-fatalsafe-outputs.mentions.allowednow honored during NDJSON collectionadd_commentwithtarget: "*"now requires an explicititem_number
New Tooling & Workflows
designer-drift-auditworkflow detects when the agentic workflow designer drifts from its spec- Daily Ambient Context Optimizer workflow automatically reduces prompt overhead in high-traffic daily workflows
workflow-step-summariesandprompt-token-efficiencyskills added to the skills librarymodel_sizeexperiment added to 5 daily workflows with a newsmall-agentalias- API-proxy steering event counts now surfaced in
gh aw logs,gh aw audit, and OTLP spans 100M/100Knotation now accepted for templatable token-limit fields
🐛 Bug Fixes & Improvements
- Security: Fixed a safe-outputs file-protection bypass via patch-parser differential (#36752)
- Security: Fixed patch/bundle desynchronization in safe-outputs (#36762)
- Fixed YAML corruption in safe-outputs when OTLP header masking is enabled
- Fixed
close_pull_requesttarget-repo propagation for cross-repo operations - Fixed Copilot SDK custom provider resolution in standalone driver
main() - Fixed empty step summary preview for Copilot SDK session events
- Slash command parser now performs precise name matching with dash support
tolowerequalfoldlinter avoids false positives onToLower(x) == xidiomsgh aw upgradenow verifies the post-upgrade version before reporting success
📚 Documentation
- Renamed assign-to-copilot → copilot-cloud-agent across all guides
- Copilot SDK support, driver configuration, and specification guidance added (docs)
- Cost management page expanded with token-reduction tips and AIC migration guidance (docs)
- Specification docs moved into a dedicated collapsed Specs section for better navigation
- Linter reference expanded to cover all 21 analyzers
- Self-hosted runner compatibility guidance added to workflow constraints
Generated by 🚀 Release · 122 AIC
What's Changed
- [WIP] Fix failing GitHub Actions job lint-go by @Copilot in #36545
- [docs] Self-healing documentation fixes from issue analysis - 2026-06-03 by @github-actions[bot] in #36551
- [model-inventory] Update aliases and multipliers for 2026-06-03 inventory by @Copilot in #36555
- [avenger] Update wasm golden files for 2026-06-03 model inventory by @github-actions[bot] in #36560
- Remove compiler-generated GitHub App token invalidation steps and refresh compiled workflow locks by @Copilot in #36556
- Improve slog adapter tests to run in CI and cover handler behavior by @Copilot in #36569
- [community] Update community contributions in README by @github-actions[bot] in #36562
- Add target field support to submit_pull_request_review safe-output by @Copilot in #36546
- [log] Add debug logging to token-limit parser, engine config dir, and inline section helpers by @github-actions[bot] in #36571
- Code Simplifier: allow required validation commands in sandbox tool permissions by @Copilot in #36573
- Refine Copilot SDK-mode tool permission scoping from engine config by @Copilot in #36538
- [jsweep] Clean update_pr_description_helpers.cjs by @github-actions[bot] in #36575
- Add
licensestring support inaw.ymlmanifest parsing and schema by @Copilot in #36583 - [instructions] Sync instruction files with release v0.78.1 by @github-actions[bot] in #36600
- Refactor copilot SDK driver into self-contained Node program by @Copilot in #36549
- Enforce safe-output completion contract in Daily MCP Tool Concurrency Analysis by @Copilot in #36618
- Slash command parser: precise name matching with dash support by @Copilot in #36622
- Refactor duplicated markdown body/footer assembly into shared helper by @Copilot in #36587
- Ignore disabled workflows in centralized slash/label dispatch routing by @Copilot in #36621
- Reduce first-invocation ambient context; shift detailed guidance to lazy-loaded skills by @Copilot in #36628
- [docs] Update glossary - daily scan by @github-actions[bot] in #36629
- Fix Daily Semgrep Scan: allowlist semgrep.dev and disable telemetry egress by @Copilot in #36631
- [docs] Update documentation for features from 2026-06-03 by @github-actions[bot] in #36635
- [spec-enforcer] Enforce specifications for syncutil, testutil, timeutil by @github-actions[bot] in #36639
- Add Daily Ambient Context Optimizer workflow by @Copilot in #36642
- Add Copilot SDK Driver standalone reference specification by @Copilot in #36632
- [WIP] Fix failing GitHub Actions job test by @Copilot in #36647
- Tighten ET computation details layout and compact model aliases by @Copilot in #36634
- Verify post-upgrade version before reporting
gh aw upgradesuccess by @Copilot in #36648 - fix: add missing target/target-repo/allowed-repos to safe output schemas by @dsyme in #36636
- [WIP] Fix failing GitHub Actions job lint-go by @Copilot in #36658
- Detect runtime for
copilot-sdkinstalls fromengine.copilot.commandvia runtime manager by @Copilot in #36653 - Add self-hosted runner compatibility guidance to workflow constraints by @salmanmkc in #36620
- Align
pkg/lintersspec dependencies with current analyzer surface by @Copilot in #36660 - Add
engine.copilot-sdk-driverto override Copilot SDK driver script by @Copilot in #36662 - Normalize report-formatting guidance in daily MCP concurrency and news workflows by @Copilot in #36665
- Refactor parser config-field extraction into composable helpers to satisfy largefunc limits by @Copilot in #36664
- Remove copilot SDK dri...
v0.78.1
🌟 Release Highlights
This release focuses on Copilot SDK hardening — smarter timeout management and better authentication flow — plus improvements to slash_command routing and safe-outputs configuration.
✨ What's New
-
slash_commandsupport across smoke workflows — All smoke agentic workflows now have centralizedslash_commandhandling, making it easier to trigger them consistently via slash commands. (#36522) -
Smarter Copilot SDK session timeouts — The Copilot SDK session timeout is now automatically derived from the agent step timeout (minus 30 seconds), eliminating manual coordination and reducing timeout-related failures. (#36505)
-
COPILOT_CONNECTION_TOKENin headless harness — The Copilot SDK headless harness flow now correctly generates and wiresCOPILOT_CONNECTION_TOKEN, unblocking authentication in headless execution environments. (#36506) -
deduplicate-by-titleforcreate-issuesafe-outputs — Thededuplicate-by-titleoption is now wired into the compiled safe-outputs config forcreate-issue, preventing duplicate issues from being filed by agents. (#36527)
🐛 Bug Fixes & Improvements
- Copilot CLI Deep Research bash allowlist — Aligned the bash allowlist with the survey commands actually used by the Deep Research prompt, fixing permission errors during research runs. (#36531)
📚 Documentation
- Cost management:
max-turnsguidance — Added documentation on usingmax-turnsas a cost control mechanism. Learn more (#36529)
Generated by 🚀 Release · sonnet46 972.1K
What's Changed
- Stabilize BenchmarkYAMLGeneration by removing safe-update overhead by @Copilot in #36514
- [cli-consistency] Standardize
e.g.,punctuation across CLI help text by @Copilot in #36513 - Derive Copilot SDK session timeout from agent step timeout (minus 30s) by @Copilot in #36505
- Align max-turns integration test with current frontmatter schema semantics by @Copilot in #36521
- [safe-output-integrator] Add missing safe-output test workflow and compiler test for create-check-run by @github-actions[bot] in #36520
- Generate and wire
COPILOT_CONNECTION_TOKENin Copilot SDK headless harness flow by @Copilot in #36506 - docs: add max-turns to cost management page by @Copilot in #36529
- feat: add slash_command centralized support to all smoke agentic workflows by @Copilot in #36522
- Align Copilot CLI Deep Research bash allowlist with its prompt-driven survey commands by @Copilot in #36531
- Wire create-issue
deduplicate-by-titleinto compiled safe-outputs config by @Copilot in #36527 - Latest slides by @pelikhan in #36541
Full Changelog: v0.78.0...v0.78.1
v0.78.0
🌟 Release Highlights
This release focuses on Copilot SDK 1.0.0 integration, token cost controls, and a round of reliability fixes across agentic engines.
✨ What's New
-
Copilot SDK 1.0.0 — Updated to the stable Copilot SDK 1.0.0 and enabled it on 50% of Copilot-backed agentic workflows, with harness fixes for stdin wiring, SDK resolution, and custom-provider setup. (#36495, #36455, #36358)
-
max-turnssupport — All agentic engines now support a top-levelmax-turnsfrontmatter field, giving you finer control over agent session length. (#36451) -
Short-form effective-token limits — Token budget fields now accept human-readable shorthand like
100Mor500Kin addition to raw integers, across schema, parsers, and docs. (#36496) -
Daily ET guardrail enabled by default — The effective-token guardrail now runs by default on all supported workflows; opt out by setting the limit to
-1. (#36392) -
On-demand token audit workflow — A new
agentic-token-trend-auditworkflow accepts a date-range dispatch input for historical token usage analysis, and now emits daily trend charts. (#36412, #36432)
🐛 Bug Fixes & Improvements
- Fixed the daily ET guardrail step that never failed the activation job; improved conclusion reporting. (#36497)
- Corrected the GraphQL mutation name to
markPullRequestReadyForReview. (#36494) - Added
id-token: writepermission to the detection job for GitHub OIDC auth. (#36461) - Fixed the
pull-request-target-checkout-falsecodemod to skip whencheckoutis a mapping node. (#36453) - Clarified Copilot 401 errors from the gh-aw API proxy with actionable messages. (#36454)
- Preserved OTEL resource attribution and normalized agent token counters. (#36450)
⚠️ Breaking Changes
- Removed deprecated
run-install-scriptsfrontmatter field — This top-level field has been removed. Migrate to the supportedinstallsection if you use it. (#36387)
📚 Documentation
- New Cost Management guide covers the
max-daily-effective-tokensguardrail and environment variable configuration. (#36468)
Generated by 🚀 Release · sonnet46 774.4K
What's Changed
- Remove estimated cost from audit-workflows report by @Copilot in #36356
- AOAI endpoint smoke test by @davidslater in #36384
- Remove deprecated top-level
run-install-scriptsfrontmatter field by @Copilot in #36387 - Reduce Chaos PR Bundle Fuzzer cadence to weekly by @Copilot in #36386
- Update 2026-06-02 model inventory: add missing Gemini preview multipliers by @Copilot in #36388
- Add
sub_agent_strategyA/B experiment to daily AgentRx trace optimizer by @Copilot in #36389 - Keep safe-output token placeholders out of runtime config.json by @Copilot in #36353
- Emit daily ET guardrail by default; disable only on explicit
-1by @Copilot in #36392 - [community] Update community contributions in README by @github-actions[bot] in #36393
- Update agentic-ops workflows by @mnkiefer in #36397
- Align aw.yml install ref resolution with single-workflow latest-release behavior by @Copilot in #36396
- [log] Add debug logging to 5 sparsely-logged Go files by @github-actions[bot] in #36403
- [docs] docs: replace remaining British spelling "behaviour" → "behavior" in docs references by @github-actions[bot] in #36399
- Fix copilot-sdk harness stdin wiring, SDK installation/resolution, custom-provider setup from /reflect, and remove duplicate harness timestamps by @Copilot in #36358
- Add on-demand token audit workflow with date-range dispatch input by @Copilot in #36412
- [instructions] Sync instruction files with release v0.77.5 by @github-actions[bot] in #36430
- Add daily token trend chart output to
agentic-token-trend-auditreport contract by @Copilot in #36432 - Enable Copilot SDK on 50% of Copilot-backed agentic workflows by @Copilot in #36455
- fix(daily-rendering-scripts-verifier): add missing bash permissions for npx, make, and mkdir by @Copilot in #36449
- [rendering-scripts] fix(copilot-parser): render inline cached token footer (Copilot CLI 1.0.55) by @github-actions[bot] in #36428
- [jsweep] Clean validate_memory_files.cjs by @github-actions[bot] in #36404
- Refactor harness permission-denied handling into shared helper module by @Copilot in #36415
- fix(codemod): skip pull-request-target-checkout-false when checkout is a mapping by @Copilot in #36453
- Allow Python network access in token audit workflows by @Copilot in #36452
- Preserve mini-tier GPT labels in PR Sous Chef footers by @Copilot in #36467
- Refresh package README dependency specs for cli, workflow, and types by @Copilot in #36463
- Clarify Copilot 401 errors from the gh-aw API proxy by @Copilot in #36454
- Recompute effective tokens from raw usage with current weights/multipliers by @Copilot in #36421
- [blog] Agent of the Day – 2026-06-02 by @github-actions[bot] in #36472
- fix: add id-token: write to detection job permissions for github-oidc auth by @Copilot in #36461
- docs: add
max-daily-effective-tokensguardrail and env var guidance to Cost Management by @Copilot in #36468 - [dead-code] chore: remove dead functions — 1 function removed by @github-actions[bot] in #36471
- Preserve OTEL resource attribution and normalize agent token counters by @Copilot in #36450
- Update bundled Copilot SDK to 1.0.0 and recompile lockfiles by @Copilot in #36495
- SPDD 2026-06-02: spec sync, guard-policy decisions, deprecation notices, integration tests by @Copilot in #36499
- Add top-level max-turns support across agentic engines by @Copilot in #36451
- [docs] docs: unbloat ResearchPlanAssignOps pattern (21% reduction) by @github-actions[bot] in #36503
- fix: correct GraphQL mutation name to markPullRequestReadyForReview by @Copilot in #36494
- fix: daily ET guardrail step never fails activation job; improve conclusion reporting by @Copilot in #36497
- Token trend audit: recompute effective tokens from raw usage by @Copilot in #36504
- Support short-form effective-token limits (
100M,100K) across schema, parsers, and docs by @Copilot in #36496 - [linter-miner] feat(linters): add tolowerequalfold linter by @github-actions[bot] in #36507
- Generate
init/upgradedispatcher file lists fromgithub/gh-awwith embedded fallback by @Copilot in #36493
Full Changelog: v0.77.6...v0.78.0
v0.77.6
🌟 Release Highlights
This release brings native Copilot SDK integration, templatable job timeouts, stricter workflow privacy enforcement, and a wave of bug fixes and internal quality improvements.
✨ What's New
- Copilot SDK harness (#36307): Workflows with
copilot-sdk: truenow drive Copilot directly via@github/copilot-sdk, enabling tighter, more reliable agent control compared to the CLI harness. - Templatable
timeout-minutes(#36314): Job and steptimeout-minutesvalues now support template expressions (e.g.,${{ inputs.timeout }}), giving workflows dynamic control over timeouts without hardcoding values. - Private workflow enforcement (#36227): Workflows that declare
private: trueare now rejected at the manifest level, preventing accidental publication of internal-only workflows to the registry. step-summarycommand dispatching (#36346): Theagentic_commandsdispatcher now recognises and routesstep-summarycommands, making agent step summaries consistently available downstream.- Git credential absence warning (#36269): Agents are now explicitly warned when git credentials are absent after a checkout, reducing confusing authentication failures during push operations.
🐛 Bug Fixes & Improvements
- Cross-repo PR creation (#36250): Fixed false post-create repository validation in cross-repo
create_pull_requestworkflows that caused spurious errors after a PR was successfully opened. - Sparse-checkout / partial-clone hygiene (#36259, #36260): Cleared lingering partial-clone state after sparse checkouts, and removed partial-clone blob filtering from safe-outputs ref fetches, eliminating a class of fetch failures.
- CI lint fixes (#36295): Resolved
copyloopvar,errorlint,modernize, andtestifylintlint failures that were blocking the CI pipeline. - DependaBot ignore pattern (#36222): Fixed the DependaBot ignore pattern for
gh-aw-actionsto use the exact repository name, preventing unintended dependency suppression. applyToallowlist cleanup (#36309): Removed a vestigialapplyTokey from the parser'svalidFieldsallowlist that could cause misleading schema validation errors.
📚 Documentation
- Frontmatter reference streamlined (#36300, #36285): Removed outdated
permissions.copilot-requests: writerecommendation and unbloated the frontmatter reference page for faster scanning. push_to_pull_request_branchclarification (#36238): Documented expected behaviour for multi-checkout workflows, reducing confusion when working across repository boundaries.- Docs updated for 2026-06-01 features (#36235): Reference pages refreshed to reflect features shipped in this cycle.
🔧 Internal
- Compiler orchestrators refactored to respect 60-line function-length limits (#36177).
- Inline skill and sub-agent extraction moved to shared parser helpers (#36247, #36248).
- Code Simplifier and Failure Investigator workflows optimised for lower token usage (#36311, #36286).
fmt.Errorfcalls without verb arguments converted toerrors.Newacross host and WASM targets (#36224).golang.org/x/toolslinter modernised to use Cursor API and direct assertions (#36221).gosecbumped to v2.27.0 (#36220).
Generated by 🚀 Release · sonnet46 798.8K
What's Changed
- [log] Add debug logging to token/offset/input helpers by @github-actions[bot] in #36182
- Refactor compiler orchestrators to enforce 60-line largefunc limits (part 1) by @Copilot in #36177
- [instructions] Sync instruction files with release v0.77.5 by @github-actions[bot] in #36212
- [schema-coverage] feat: add schema coverage demo for runs-on-slim field by @github-actions[bot] in #36206
- [schema-coverage] feat: add schema coverage demo for run-name field by @github-actions[bot] in #36205
- [schema-coverage] feat: add schema coverage demo for resources field by @github-actions[bot] in #36203
- [schema-coverage] feat: add schema coverage demo for redirect field by @github-actions[bot] in #36202
- [schema-coverage] feat: add schema coverage demo for private field by @github-actions[bot] in #36200
- chore: update drain3 default log pattern weights by @github-actions[bot] in #36190
- chore(deps): bump github.com/securego/gosec/v2 v2.26.1 → v2.27.0 by @Copilot in #36220
- Add UTC timezone tests for expiration closing comments in issues and PRs by @Copilot in #36229
- [docs] Update documentation for features from 2026-06-01 by @github-actions[bot] in #36235
- [docs] Update glossary - weekly full scan by @github-actions[bot] in #36230
- [model-inventory] Add Sonnet dot-notation alias coverage and missing 2026-06-01 multipliers by @Copilot in #36226
- fix: use exact repo name as DependaBot ignore pattern for gh-aw-actions by @Copilot in #36222
- Enforce manifest-level rejection of workflows that declare
private: trueby @Copilot in #36227 - Enforce fmterrorfnoverbs: convert no-verb fmt.Errorf → errors.New (2 host + 14 wasm sites) by @Copilot in #36224
- linters: modernize golang.org/x/tools usage — Cursor API, direct assertions, golden fix test by @Copilot in #36221
- Clear partial-clone state after sparse checkouts when
filter: ''is intended by @Copilot in #36259 - Remove partial-clone blob filtering from safe-outputs ref fetches by @Copilot in #36260
- Clarify
push_to_pull_request_branchbehavior for multi-checkout workflows by @Copilot in #36238 - Fix false post-create repo validation in cross-repo
create_pull_requestworkflows by @Copilot in #36250 - [blog] Agent of the Day – 2026-06-01 by @github-actions[bot] in #36272
- Warn agents that git credentials are absent after checkout by @Copilot in #36269
- Remove
permissions.copilot-requests: writerecommendation from frontmatter reference by @Copilot in #36285 - Refactor workflow cache/action/validation paths by extracting focused helpers by @Copilot in #36248
- [aw] Failure Investigator: cut token overhead by removing redundant sub-agents and tightening prefetch/prompt scope by @Copilot in #36286
- Refactor inline skill/sub-agent extraction to shared parser helpers by @Copilot in #36247
- Fix lint-go CI failures: copyloopvar, errorlint, modernize, testifylint by @Copilot in #36295
- [spdd] Daily spec work plan - 2026-06-01: add Safeguards/Norms/Sync Notes to model-alias, pkg-manifest, and effective-tokens specs by @Copilot in #36293
- [docs] docs: unbloat frontmatter reference by @github-actions[bot] in #36300
- Remove bundled daily-subagent-optimizer workflow artifacts by @Copilot in #36299
- Remove stale CHANGELOG reference from generated release notes by @Copilot in #36302
- Optimize Code Simplifier workflow token footprint via deterministic preprocessing, inline skills, and small-model sub-agents by @Copilot in #36311
- Remove vestigial
applyTofrom parser validFields allowlist by @Copilot in #36309 - Fix validate-yaml failure by regenerating code-simplifier lock workflow with dev metadata by @Copilot in #36316
- [linter-miner] feat(linters): add seenmapbool linter — flag map[string]bool used as a set by @github-actions[bot] in #36313
- Make
timeout-minutesa templatable integer in schema + custom job compilation by @Copilot in #36314 - copilot_harness: drive Copilot via @github/copilot-sdk when copilot-sdk: true by @Copilot in #36307
- Add step-summary command visibility to agentic_commands dispatcher by @Copilot in #36346
- Consolidate LintMonster function-length issues into one tracking workflow by @Copilot in #36347
- Refactor checks_command tests into table-driven suites and add formatter output coverage by @Copilot in #36327
Full Changelog: v0.77.5...v0.77.6
v0.77.5
🌟 Release Highlights
This release tightens the daily effective-workflow guardrail with smarter configuration gating, structured diagnostics, and a bug fix for artifact client setup — plus a project-level UTC offset feature for more accurate timestamps across timezones.
✨ What's New
- Project UTC offset for timestamps (#36142) — Rendered timestamps and expiration messages now respect a configured project UTC offset, so deadlines and expiry notices display correctly for teams in any timezone.
- Structured diagnostics in daily ET guardrail (#36164) — The daily effective-workflow guardrail now emits structured diagnostic output, making it easier to understand and debug guardrail evaluation results.
close_discussionsafe output in Daily Regulatory workflow (#36155) — The Daily Regulatory workflow can now close discussions as part of its safe-output actions, completing the full discussion lifecycle.- New
fmterrorfnoverbslinter (#36146) — A new Go linter enforces correct verb usage infmt.Errorfcalls, catching a common class of formatting mistakes at lint time.
🐛 Bug Fixes & Improvements
- Gate ET guardrail on explicit configuration (#36179) — The daily effective-workflow guardrail and its artifact client setup are now only activated when explicitly configured, preventing unnecessary overhead in workflows that do not use this feature.
- Fix
@actions/artifactinstall for ET guardrail (#36153) — Resolved a missing dependency that caused failures when the daily-effective-workflow guardrail was enabled. - Deploy command refactor (#36144) — Deploy command orchestration in
pkg/cliwas refactored to satisfylargefunclinter limits, improving maintainability without changing behavior. - Parser test coverage (#36149) — Frontmatter extraction tests migrated to testify with additional coverage, strengthening the parser test suite.
For complete details, see CHANGELOG.
Generated by 🚀 Release · sonnet46 659.7K
What's Changed
- Add project UTC offset support for rendered timestamps and expiration messages by @Copilot in #36142
- Fix: install @actions/artifact when daily-effective-workflow guardrail is configured by @Copilot in #36153
- [linter-miner] feat(linters): add fmterrorfnoverbs linter by @github-actions[bot] in #36146
- Refactor deploy command orchestration to satisfy largefunc limits in
pkg/cliby @Copilot in #36144 - test(parser): migrate frontmatter_extraction_test.go to testify + add missing coverage by @Copilot in #36149
- Enable
close_discussionsafe output in Daily Regulatory workflow by @Copilot in #36155 - [blog] Agent of the Day – 2026-06-01 by @github-actions[bot] in #36158
- Add structured diagnostics to the daily workflow ET guardrail by @Copilot in #36164
- [blog] Weekly blog post – 2026-06-01 by @github-actions[bot] in #36178
- Gate daily ET guardrail and artifact client setup on explicit configuration by @Copilot in #36179
Full Changelog: v0.77.4...v0.77.5