Skip to content

v0.65.5

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 02 Apr 04:12
· 58 commits to main since this release
v0.65.5
3c32425
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on security hardening, observability improvements, and setup performance β€” with a meaningful reduction in firewall install time and new token usage visibility for AI cost tracking.

✨ What's New

  • Token Usage Visibility β€” The Agentic Workflow Firewall now logs per-model token consumption to token-usage.jsonl. gh aw audit and gh aw logs surface a full breakdown (input, output, cache read/write tokens, cache hit %, avg request duration) per model. A new step summary step appends a markdown table to your workflow run's summary page. (#23943)

  • 140Γ— Faster Firewall Install β€” AWF v0.25.10 ships a single awf-bundle.js file (~357 KB). On GitHub-hosted runners with Node.js β‰₯ 20 (the default), setup now downloads 357 KB instead of ~50 MB β€” a 140Γ— reduction. Self-hosted runners without Node.js β‰₯ 20 automatically fall back to the platform binary. (#23993)

  • Richer Threat Detection Context β€” The detection job now performs a conditional repository checkout when a patch is present, giving the threat detection engine full codebase context to review code changes. Previously, the engine saw diffs in isolation without surrounding source files. (#23961)

  • GitHub Actions Expression Support β€” timeout-minutes, engine.version, tools.timeout, and tools.startup-timeout now accept GitHub Actions expressions (e.g., $\{\{ inputs.timeout }}), enabling reusable workflow_call workflows where callers can customize these values without forking the workflow. (docs)

πŸ› Bug Fixes & Improvements

  • Session Logs Now Collected β€” events.jsonl files written by Copilot CLI inside session subdirectories were silently missed by the log-copy step (flat glob only matched the top level). Fixed with a recursive find-based copy that preserves session IDs in filenames. (#23992)

  • Security: Git Hook Injection Prevented β€” Cache-memory git repos now have .git/hooks/ cleared and core.hooksPath set to /dev/null on every setup. Previously, a compromised run could plant executable hooks that fired on the host runner before the AWF sandbox was active. (#23929)

  • gh aw add-wizard No Longer Loses Work on Push Failure β€” If the branch push failed after downloading workflow files, the command previously rolled back everything and left users with nothing. Files and the local commit are now preserved, with actionable recovery instructions printed to the console. (#23926)

  • Label Pagination Fixed for Large Repos β€” create_discussion and update_discussion silently dropped any labels beyond the first 100 when resolving label names to IDs. The paginated fetch now loops until all labels are loaded. (#23915)

  • CLI Help Text Fixes β€” Dynamic column width in root command usage (fixing truncated hash-frontmatter), corrected logs --timeout flag description, and improved mcp add help text. (#23912)

πŸ“š Documentation

  • Updated reference docs for expression support in frontmatter.md, engines.md, and tools.md β€” including new "Tool Timeout Configuration" section.
  • Condensed verbose troubleshooting sections in common-issues.md (βˆ’49 lines, βˆ’8%).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@ajfeldman6

@yskopets

For complete details, see CHANGELOG.

Generated by Release

What's Changed

  • Fix 4 CLI consistency issues: dynamic column width, flag description, mcp add docs, command group tests by @Copilot in #23912
  • refactor: split checkout_manager.go into state management, step generation, and config parsing by @Copilot in #23911
  • Split pkg/constants/constants.go into domain-grouped files by @Copilot in #23913
  • fix: paginate label fetch in create_discussion and update_discussion by @Copilot in #23915
  • refactor: split trial_command.go (1,007 lines) into focused files by @Copilot in #23917
  • fix: preserve workflow files and guide user on manual push when branch push fails by @Copilot in #23926
  • feat: Add conditional workspace checkout to detection job for patch context by @lpcox in #23961
  • [docs] Update documentation for GitHub Actions expression support in frontmatter fields by @github-actions[bot] in #23947
  • fix(security): clear .git/hooks/ and disable hooksPath in cache-memory git setup by @Copilot in #23929
  • feat: bump firewall to v0.25.8 and surface token-usage.jsonl by @lpcox in #23943
  • feat: bump AWF to v0.25.10 and use lightweight esbuild bundle by @Mossaka in #23993
  • fix: events.jsonl not collected β€” copy step uses flat glob, misses session subdirectories by @lpcox in #23992
  • [docs] condense verbose sections in common-issues.md by @github-actions[bot] in #24010

Full Changelog: v0.65.4...v0.65.5

Contributors

Mossaka and lpcox
Assets 18
Loading