0.44.1 (2026-07-13)
0.44.0 (2026-07-13)
- cli: add catalog versions kind and use it in the copilot-cli workflow (#1471) (8009dd0)
- compile: add pool-overrides for per-job pool configuration (#1464) (#1472) (f1109c6)
- compile: support named pool demands (#1461) (77f4f90)
- ado-script: fail closed for unresolved synthetic PR merge-base (#1460) (2e60ec4)
- ci: avoid runner context in job env (#1469) (8ec1166)
- compile: emit prepare-pr-base in the SafeOutputs job (#1453) (#1458) (c5b1404)
- compile: trust generated SafeOutputs MCP for Copilot (#1462) (2e85e40)
0.43.0 (2026-07-09)
- compile: decouple create-pull-request diff base from checkout depth (#1425) (ec21b6f)
- compile: support Azure DevOps variable group imports (#1426) (77eb6ed)
- engine: allow hyphenated GitHub App private key variables (#1417) (ad027f5)
- executor-e2e: let definition variable override issue-filing repo (#1403) (3f6ac09)
- executor-e2e: self-diagnose GitHub issue-filing auth failures (#1401) (6967da7)
- safe-outputs: create build attachments via DistributedTask timeline attachment API (#1433) (ce310d4)
- safe-outputs: send empty body for add-build-tag PUT (#1423) (fa89e22)
0.42.0 (2026-07-07)
- engine: add engine.provider (BYOK) with in-job Azure CLI token minting (#1377) (2c4f40b)
- inspect: add Copilot model list updater workflow and fix catalog drift (#1376) (b620ae6)
0.41.0 (2026-07-06)
- compile: add per-repo checkout fetch depth/tags tuning (#1325) (b3f2110)
- engine: GitHub App-backed Copilot engine auth (#1326) (ca1b29e)
- ado-script: normalize github app PEM secrets from ADO vars (#1380) (d429146)
- compile: skip conclusion job when run is cancelled (#1313) (f5f67d6)
0.40.0 (2026-07-02)
- workflows: add issue-triage and issue-arborist workflows; upgrade gh-aw to v0.81.6 (#1281) (dccd040)
0.39.0 (2026-07-01)
- agency: centralize Claude Code plugin and self-contained marketplace (#1102) (0635922)
- compile: add Conclusion job for pipeline failure reporting (#1076) (9a1ba2f)
- compile: gate high-impact safe outputs behind manual review (#1196) (8e76df6)
- compile: migrate legacy {{ workspace }} markers and validate checkout-aware paths (#1263) (9a01c07)
- compile: substitute ADO path-anchor variables in the agent prompt (#1265) (79a0f72)
- engine: allow ADO macros on Copilot BYOM provider env keys (#1264) (dff4c64)
- ir: add typed builder for AzureCLI@2 (#1195) (56f7004)
- ir: add typed builder for AzureContainerApps@1 (#1200) (4da4dff)
- ir: add typed builder for AzureFileCopy@6 (#1214) (1e8a74a)
- ir: add typed builder for AzureFunctionApp@2 (#1230) (985121c)
- ir: add typed builder for AzureResourceManagerTemplateDeployment@3 (#1232) (b41491a)
- ir: add typed builder for AzureWebApp@1 (#1179) (c9fdeb3)
- ir: add typed builder for BicepDeploy@0 (#1269) (7ac5a94)
- ir: add typed builder for DownloadBuildArtifacts@1 (#1197) (2971c21)
- ir: add typed builder for DownloadSecureFile@1 (#1174) (3096eef)
- ir: add typed builder for GitHubRelease@1 (#1164) (0d558cc)
- ir: add typed builder for Gradle@3 (#1113) (2a070e0)
- ir: add typed builder for HelmInstaller@1 (#1213) (2ad1e2b)
- ir: add typed builder for KubernetesManifest@1 (#1229) (01d06cf)
- ir: add typed builder for ManualValidation@1 (#1193) (f049b32)
- ir: add typed builder for Maven@3 (#1122) (cd7f0f1)
- ir: add typed builder for MavenAuthenticate@0 (#1161) (3d719eb)
- ir: add typed builder for NodeTool@0 (#1224) (553bac3)
- ir: add typed builder for npmAuthenticate@0 (#1157) (b2da117)
- ir: add typed builder for SonarQubeAnalyze@8 (#1245) (c6d3af3)
- ir: add typed builder for SonarQubePrepare@8 (#1226) (b2a86e1)
- ir: add typed builder for SonarQubePublish@8 (#1268) (426ee21)
- ir: add typed builder for TwineAuthenticate@1 (#1158) (096c8f1)
- ir: add typed builder for UniversalPackages@1 (#1208) (d375dde)
- ir: add typed builder for UseRubyVersion@0 (#1176) (ccab04d)
- ir: add typed builder for VSBuild@1 (#1210) (af20033)
- site: fix build broken by astro@6.4.8 dependabot bump (#1191) (32063ac)
- workflows: let docs auditors open PRs for README and AGENTS.md (#1188) (d855e6e)
0.38.0 (2026-06-22)
- compile: add internal supply-chain feed/registry mirror (#1080) (a4300e6)
- ir: add EnvValue::RuntimeExpression variant to prevent $[] in step env (#1082) (17f314b)
- ir: add typed builder for AzureKeyVault@2 (#1132) (f72849a)
- ir: add typed builder for AzurePowerShell@5 (#1127) (7a51798)
- ir: add typed builder for CargoAuthenticate@0 (#1139) (5e84b57)
- ir: add typed builder for DownloadPackage@1 (#1108) (b690c5c)
- ir: add typed builder for GoTool@0 (#1145) (c598ed2)
- ir: add typed builder for JavaToolInstaller@0 (#1125) (f3ec497)
- ir: add typed builder for NuGetAuthenticate@1 (#1136) (1f8c23c)
- ir: add typed builder for PipAuthenticate@1 (#1142) (0ec314d)
- ir: add typed builder for PublishBuildArtifacts@1 (#1105) (56cee37)
- ir: add typed builder for PublishCodeCoverageResults@2 (#1131) (2c2572c)
- ir: add typed builder for PythonScript@0 (#1128) (6315119)
- ir: add typed builder for UseDotNet@2 (#1150) (da3c645)
- ir: add typed builder for UseNode@1 (#1148) (90511fb)
- ir: add typed builder for UsePythonVersion@0 (#1154) (5c635b6)
- ir: add typed builder for VSTest@2 (#1110) (d471541)
- ir: add typed helper for CmdLine@2 (#1083) (14ebe83)
- ir: add typed helper for DeleteFiles@1 (#1071) (8d8dbb2)
- ir: add typed helper for DownloadPipelineArtifact@2 (#1063) (a647fd9)
- ir: add typed helper for ExtractFiles@1 (#1042) (33284df)
- ir: add typed helper for Npm@1 (#1077) (19a8532)
- ir: add typed helper for NuGetCommand@2 (#1047) (513643e)
- ir: add typed helper for PublishPipelineArtifact@1 (#1065) (9dc3176)
- ir: add typed helpers for Docker@2 (#1086) (9f738c4)
- ir: add typed helpers for PowerShell@2 (#1051) (c752f81)
- ado: detect ADO sign-in HTML response in list and report auth error (#1044) (77bee77)
- safeoutputs: render applyable PR suggestions correctly (#1104) (6213b1c)
- smoke: target ADO agent-definitions repo for PR/git-write smokes (#1045) (aae77f6)
0.37.0 (2026-06-15)
- clippy: replace std::sync::Mutex with tokio::sync::Mutex in test (#1031) (b7eee72)
- compile: drop stray
\ \in MCPG docker-env continuation lines (#1035) (ebda84d)
0.36.0 (2026-06-15)
- compile: native ADO pipeline IR (#960) (9a18b0e)
- exec-context: add 7 trigger-context contributors with shared/ refactor (#1019) (816ba39)
- inspect: add IR-based pipeline reasoning tools (inspect, graph, whatif, lint, catalog, trace, mcp-author) (#998) (64e59bc)
- ir: add tasks module with typed helper for PublishTestResults@2 (#1012) (e6489b8)
- ir: add typed helper for CopyFiles@2 (#1017) (f56b150)
- ir: add typed helper for DockerInstaller@0 (#1015) (ca64336)
- ir: add typed helper for DotNetCoreCLI@2 (#1025) (74e7bea)
- workflows: add ado-task-ir-contributor agentic workflow (#1004) (79b357d)
- ir: reject cross-pipeline duplicate StepIds; strict de-indent in lower_raw_yaml; document EnvValue::Literal contract (#992) (28403fe)
- validate: block workspace alias shell injection in generated bash steps (#1018) (e7bf9c4)
0.35.3 (2026-06-11)
0.35.2 (2026-06-11)
0.35.1 (2026-06-11)
- compile: repair synthetic-PR gate + Stage step env var plumbing (#956) (79919bd)
- workflows: allow github-actions[bot] to trigger recompile-safe-output-fixtures (#958) (5d36dfd)
0.35.0 (2026-06-10)
0.34.3 (2026-06-10)
- compile: use macro form for same-job synthPr gate refs (#944) (51ae40e)
- workflows: lower min-integrity for issue-plan-maker /plan command (#952) (2808e8a)
0.34.2 (2026-06-09)
0.34.1 (2026-06-09)
0.34.0 (2026-06-09)
- compile: record on.pr.mode (synthetic|policy) trigger model (#933)
0.33.1 (2026-06-09)
- secrets: prune disabled/paused pipelines by default in discovery, add --include-disabled opt-out (#914) (f7e9d17)
0.33.0 (2026-06-08)
0.32.0 (2026-06-07)
- audit: add
ado-aw audit <build-id-or-url>command (#691) (5c33e40) - compile: add execution-context plugin with PR contributor (#860) (#865) (3de0690)
- compile: default executor to System.AccessToken and add always-on Azure CLI (#873) (ca4a04b)
- workflows: recompile tests/safe-outputs fixtures on each ado-aw release (#863) (7c6fb23)
- workflows: add integrity heuristic and per-file compile loop to recompile-safe-output-fixtures (#868) (665ad0e)
- workflows: allow github CDN egress in recompile-safe-output-fixtures (#864) (abc4959)
- workflows: broaden allowed-files glob to cover flat tests/safe-outputs layout (#871) (6d3559f)
- workflows: switch recompile trigger to release:published and drop broken Step 0 (#869) (039e547)
0.31.1 (2026-06-01)
- compile: allow external dependsOn/condition on job and stage template targets (#823) (608b0b5)
- workflows: allow doc-freshness-check to patch safeoutput source files (#816) (d16f808)
0.31.0 (2026-06-01)
- cli: check for newer GitHub release on every user-facing command (#637) (7d197f1)
- compile: runtime prompt loading via {{#runtime-import}} markers (#625) (6ad1816)
- compile: warn about out-of-date compiled definitions on recompile (#638) (1b2b266)
- secrets: add --all-repos and --source via Pipeline Preview discovery (#624) (6d4c824)
- workflows: add docs-writer agentic workflow (#631) (50bd4e0)
- workflows: add test-reducer agentic workflow (#626) (4733c76)
- workflows: make test-gap-finder open PRs for coverage gaps (#680) (4087579)
- compile: normalize absolute input paths in generate_header_comment (#645) (7a0d268)
- site: create runtime-imports page and fix broken relative link in filter-ir.mdx (#654) (ad1b44b)
- site: restore correct --sl-color-black in light mode for search box contrast (#646) (f63a1a6)
0.30.2 (2026-05-18)
0.30.1 (2026-05-18)
0.30.0 (2026-05-18)
- cli: add ado-aw enable (#583) (1b4273b)
- cli: consolidate Phase 1 pipeline-lifecycle commands (disable/remove/list/status/run/secrets) (#602) (096b7a4)
- compile: add --force flag to bypass GitHub-remote guard (#577) (562ff7f)
- compile: replace Python gate evaluator with bundled TypeScript gate.js (#389) (a2ce38c)
- engine: split copilot CLI install path by compile target (#584) (4fe2175)
- safeoutputs: add daily smoke suite and reject unknown safe-output keys (#563) (29b221e)
- workflows: add clippy-fixer agentic workflow (#575) (ca914f1)
- workflows: allow update-awf-version to close superseded PRs (#590) (e0ddc2c)
- workflows: file release-notes action-item issues from update-awf-version (#593) (d4fedd5)
- compile: default non-1es vmImage to ubuntu-22.04 (#578) (b841998)
- compile: enforce ADO build-number rules for pipeline_agent_name (#576) (1c7c407)
- compile: quote pipeline name in generated YAML to handle colons and quotes (#568) (ebd2f17)
- compile: tighten ADO org name validation to alphanumeric and hyphen only (#598) (91d39a9)
- configure: accept bare org name for --org (#579) (8029980)
- safeoutputs: prevent symlink exfiltration in create-pr Stage 3 (#549) (f04c033)
- secrets: preserve masked ADO secrets on definition PUT (#604) (2e0a0bb)
0.29.0 (2026-05-15)
- compile: add target: job and target: stage for ADO template output (#519) (8df9682)
- compile: unify pool front-matter replacement across targets (#538) (7806369)
- safeoutputs: add ado-aw-debug.create-issue for dogfood pipelines (#492) (69a634b)
- safeoutputs: add work-item filing to noop and missing-tool safe outputs (#521) (c1bf552)
- cache-memory: reject symlinks in agent memory to prevent Stage 3 credential theft (#524) (f311d36)
- ci: move docs deploy workflow to top-level .github/workflows (#539) (dcb2b33)
- compile: address pool review feedback (#541) (9bdb126)
- safeoutputs: neutralize Stage 3 upload message command injection paths (#501) (45cd552)
0.28.0 (2026-05-09)
- compile: add compact
repos:front-matter syntax with codemod auto-rewrite (#478) (3e67cfd) - compile: autorewrite front matter via detection-based codemods (#476) (64bbc73)
- safeoutputs: block VSO command injection via repository alias across Stage 3 PR-safe-output executors (#482) (6f4a6dd)
- workflow: add protected-files fallback-to-issue for doc-freshness-check (#473) (12e273c)
0.27.0 (2026-05-08)
- doc-freshness-check: expand allowed-files to docs, README, prompts (#463) (4abeb09)
- execute: match safe-output repository by name or alias (#469) (76cd618)
- safeoutputs: send Content-Range header for pipeline artifact uploads (#467) (e95cbf5)
0.26.1 (2026-05-08)
- ci: allow doc freshness workflow to update AGENTS.md (#452) (463dafa)
- compile: detect and prevent workspace checkout collision with self repo (#456) (051d45c)
0.26.0 (2026-05-07)
0.25.1 (2026-05-07)
- safeoutputs: support glob wildcards anywhere in allowed-tags patterns (#442) (17e372c)
- workflows: simplify change-risk to use add-comment instead of PR review (#443) (4f2f188)
0.25.0 (2026-05-07)
0.24.0 (2026-05-07)
- logging: always capture debug logs to file while preserving console verbosity (#430) (64e9709)
- safeoutputs: use sanitize_config for identifier fields instead of sanitize_text (#433) (ea43b11)
0.23.1 (2026-05-07)
- safeoutputs: rewrite upload-pipeline-artifact flow to fix HTTP 405 (#425) (5e4c89e)
- security: harden upload path validation and trigger filter script integrity (#428) (84a2031)
0.23.0 (2026-05-06)
- safeoutputs: fix upload-pipeline-artifact 405 by adding scopeIdentifier to container API requests (#421) (2d460fd)
0.22.4 (2026-05-06)
0.22.3 (2026-05-05)
0.22.2 (2026-05-05)
0.22.1 (2026-05-05)
0.22.0 (2026-05-05)
- runtimes: add unified Node.js and Python runtime extensions (#400) (991621a)
- safe-outputs: rename upload-build-artifact to upload-build-attachment and add upload-pipeline-artifact (#404) (d3aad31)
- security: neutralize pipeline commands in execute_safe_outputs Err arm (#405) (da83c03)
- security: neutralize VSO pipeline commands in Stage 3 log output (#396) (ea76888)
0.21.0 (2026-05-02)
- compile: trigger filter IR with data-driven Python evaluator (#345)
- compile: trigger filter IR with data-driven Python evaluator (#345) (90df351)
- executor: auto-capture ADO build variables in ExecutionContext (#378) (7575218)
- safe-outputs: add unified upload-build-artifact safe output (#380) (b66037d)
- safeoutputs: enforce add-build-tag scope for build IDs > i32::MAX (#379) (c533900)
- safeoutputs: sanitize ADO-sourced title and tags in prefix-guard error messages to prevent VSO command injection (#370) (3fa067f)
0.20.0 (2026-04-29)
0.19.0 (2026-04-29)
- compile: add required_awf_mounts to CompilerExtension for Lean runtime (#354) (f6f437b)
- engine: update default model to claude-opus-4.7 (#355) (dff681b)
0.18.2 (2026-04-28)
0.18.1 (2026-04-28)
- compile: anchor source/pipeline paths to trigger repo, not workspace (#342) (0845490)
- compile: pin LF eol on managed gitattributes entries (#340) (8efb5fb)
0.18.0 (2026-04-28)
0.17.1 (2026-04-27)
- block template marker delimiters in front matter identity fields (#315) (2575246)
- deterministic MCPG config key ordering (HashMap -> BTreeMap) (#328) (889ee62)
0.17.0 (2026-04-23)
- The
runsubcommand is removed. See docs/local-development.md for manual local development instructions. - The engine front matter format changed from model names (engine: claude-opus-4.5) to engine identifiers (engine: copilot). Model is now a sub-field in the object form (engine: { id: copilot, model: ... }).
- add cyclomatic complexity reducer agentic workflow (#298) (1066a2f)
- align engine front matter with gh-aw and hook up Engine enum (#286) (f90bd81)
- remove
runsubcommand (#306) (a71ed16)
0.16.0 (2026-04-21)
- align tool allow lists with gh-aw (#279) (be3b4c5)
- revert pipeline prompt to $(cat) inline expansion (#276) (784de06)
0.15.0 (2026-04-21)
- add /scout issue slash-command workflow (#258) (57afa1e)
- add ado-aw run subcommand for local development (#266) (55db04c)
- add macOS x64 and arm64 release binaries in GitHub Actions (#264) (9bfe8ea)
- compile: add --skip-integrity flag for debug builds (#246) (8cae693)
- execute: add --dry-run flag to execute command (#265) (b2955d4)
- model GitHub and SafeOutputs as extensions, add --allow-tool for all MCP servers (#251) (2150cdb)
- add required 'domain' field to MCPG gateway config (#249) (e355b92)
- align MCPG integration with gh-aw reference implementation (#244) (bb4cccd)
- bypass MCPG run_containerized.sh to fix port validation with --network host (#250) (9b0568e)
- resolve compiler warnings and remove dead code (#268) (dd7df1f)
- run: base64-encode PAT for ADO MCP and pass prompts via @file (#270) (11b01ec)
0.14.0 (2026-04-16)
- remove legacy service-connection MCP field (#233) (#234) (baf5fe9)
- rename resolve-pr-review-thread to resolve-pr-thread (#228) (#231) (e1d3735)
0.13.0 (2026-04-15)
0.12.0 (2026-04-15)
- add ecosystem domain allowlists from gh-aw (#213) (22a2069)
- add Lean 4 runtime support with runtimes: front matter (#208) (16fc9be)
- standardise front matter sanitization via SanitizeConfig/SanitizeContent traits (#210) (85ac3ab)
- create-pr: skip auto-complete API call on draft PRs (#194) (#200) (d58dbeb)
- improve trigger.pipeline validation with expression checks and better errors (#189, #188) (#196) (b0ae590)
0.11.0 (2026-04-14)
- The create subcommand has been removed. Use ado-aw init instead.
- create-pr: align with gh-aw create-pull-request implementation (#155) (b1859ae)
- replace create wizard with AI-first onboarding (#187) (c468320)
- address injection vulnerabilities from red team audit (#171) (#175) (5e3ac1b)
- pin prompt URLs to version tag instead of main branch (#191) (1f3b6da)
0.10.0 (2026-04-14)
- add red team security auditor agentic workflow (#170) (6700677)
- add runtime parameters support with auto-injected clearMemory (#166) (dc5b766)
- align MCP config with MCPG spec — container/HTTP transport (#157) (a46a85b)
- enable real-time agent output streaming with VSO filtering (#159) (7497cd6)
- mcp: filter SafeOutputs tools based on front matter config (#156) (f43b22e)
- promote memory to cache-memory tool and add first-class azure-devops tool (#167) (39103e1)
- swap to using aw-mcpg (#19) (1cddfb3)
- address review findings — MCPG_IMAGE constant, constant-time auth, reqwest dev-dep, MCP enabled check (#151) (09be1f2)
- use length-check + ct_eq for constant-time auth comparison (#153) (d0aed74)
0.9.0 (2026-04-11)
- add COPILOT_CLI_VERSION to dependency version updater workflow (#137) (8155d24)
- map engine max-turns and timeout-minutes to Copilot CLI arguments (#134) (2dbe162)
- deprecate max-turns and move timeout-minutes to YAML job property (#138) (9887c97)
- report-incomplete fails pipeline, percent-encode user_id, stage-1 status validation, merge_strategy validation, dead code removal (#141) (e81c570)
0.8.3 (2026-04-02)
- handle string WikiType enum from ADO API in branch resolution (#122) (7914169)
- resolve check command source path from repo root (#120) (a057598)
0.8.2 (2026-04-02)
0.8.1 (2026-04-02)
- auto-detect code wiki branch for wiki page safe outputs (#115) (f8ea1e9)
- preserve subdirectory in generated pipeline_path and source_path (#114) (32137fe)
0.8.0 (2026-04-01)
- \check
\ is now \check . Update any scripts or pipeline templates that call the old two-arg form.
- add /rust-review slash command for on-demand PR reviews (#60) (8eaf972)
- add \configure\ command to detect pipelines and update GITHUB_TOKEN (#92) (a032b4e)
- add comment-on-work-item safe output tool (#80) (513f7fe)
- add create-wiki-page safe output (#61) (87d6527)
- add edit-wiki-page safe output (#58) (7b4536f)
- add update-work-item safe output (#65) (cf5e6b5)
- Add Windows x64 binary to release artifacts (#37) (d463006)
- allow copilot bot to trigger rust PR reviewer (#59) (0bcef57)
- apply max budget enforcement to all safe-output tools (#91) (e88d8da)
- auto-detect source from header in check command (#108) (b25f143)
- auto-discover and recompile all agentic pipelines (#96) (fb1de50)
- configure: accept explicit definition IDs via --definition-ids (#100) (b12c5ff)
- Download releases from GitHub. (#17) (8478453)
- rename edit-wiki-page to update-wiki-page (#66) (2b6c5ed)
- replace read-only-service-connection with permissions field (#26) (410e2df)
- add --repo flag to gh release upload in checksums job (#40) (fd437da)
- configure: support Azure CLI auth and fix YAML path matching (#98) (a771036)
- pin AWF container images to specific firewall version (#30) (bb92c9c)
- pin AWF container images to specific firewall version (#32) (9c3b85c)
- pin DockerInstaller to v26.1.4 for API compatibility (#105) (2c6baf2)
- quote chmod paths and remove fragile sha256sum pipe in templates (#43) (b246fb1)
- sha256sum --ignore-missing silently passes when binary is absent from checksums.txt (#47) (26c03c4)
- strip redundant ./ prefixes from source path in header comment (#106) (689825c)
- tests: strengthen checksum verification assertion against regression (#48) (7fcabe2)
- update Copilot CLI version to 1.0.6 via compiler constants (#51) (b8d8ece)
- YAML path matching and legacy SSH URL support (#95) (f85dd39)
0.7.1 (2026-04-01)
- pin DockerInstaller to v26.1.4 for API compatibility (#105) (2c6baf2)
- strip redundant ./ prefixes from source path in header comment (#106) (689825c)
0.7.0 (2026-03-31)
0.6.1 (2026-03-31)
0.6.0 (2026-03-31)
0.5.0 (2026-03-31)
0.4.0 (2026-03-30)
- add /rust-review slash command for on-demand PR reviews (#60) (8eaf972)
- add comment-on-work-item safe output tool (#80) (513f7fe)
- add create-wiki-page safe output (#61) (87d6527)
- add edit-wiki-page safe output (#58) (7b4536f)
- add update-work-item safe output (#65) (cf5e6b5)
- allow copilot bot to trigger rust PR reviewer (#59) (0bcef57)
- apply max budget enforcement to all safe-output tools (#91) (e88d8da)
- rename edit-wiki-page to update-wiki-page (#66) (2b6c5ed)
- sha256sum --ignore-missing silently passes when binary is absent from checksums.txt (#47) (26c03c4)
- tests: strengthen checksum verification assertion against regression (#48) (7fcabe2)
- update Copilot CLI version to 1.0.6 via compiler constants (#51) (b8d8ece)
0.3.2 (2026-03-17)
0.3.1 (2026-03-17)
0.3.0 (2026-03-17)
- Add Windows x64 binary to release artifacts (#37) (d463006)
- Download releases from GitHub. (#17) (8478453)
- replace read-only-service-connection with permissions field (#26) (410e2df)
- pin AWF container images to specific firewall version (#30) (bb92c9c)
- pin AWF container images to specific firewall version (#32) (9c3b85c)