v0.56.1
π Release Highlights
This release focuses on reliability and correctness β fixing several subtle but impactful bugs in sandbox execution, bot identity matching, workflow compilation, and safe-output handling, alongside expanded documentation.
π Bug Fixes & Improvements
-
Bot identity canonicalization β
on.botsallow-lists now correctly match GitHub App actors regardless of whether they appear asmy-appormy-app[bot]. Previously, the exact-string mismatch silently blocked activations. (#20059) -
AWF sandbox git identity β The first
git commitinside an AWF sandbox no longer fails with "Author identity unknown." Host Git identity environment variables are now injected into sandbox execution steps, preserving the caller's author/committer info. (#20056) -
dispatch-workflowcompile-order independence β Workflows that dispatch other workflows in the same compile batch no longer require a specific compilation order. Targets that exist as.mdfiles (without a pre-existing.lock.yml) are now accepted. (#20057) -
safe-outputs: failures now fail the workflow β When a safe-output handler returns
{success: false}, the step now callscore.setFailed()and exits non-zero. Previously, failures were only emitted as warnings and the workflow continued as successful. (#20055) -
Gateway log truncation fix β Log lines exceeding 64 KB in
gateway.jsonl(common with large AI tool call payloads) were silently truncated. Missingscanner.Buffer()calls have been added to prevent this. (#20074) -
Firewall analysis blocked domain display β The firewall log viewer now correctly shows the destination IP:port for iptables-dropped traffic instead of displaying
"-". (#20016)
π Documentation
-
Docker-based MCP server configuration β The MCP server reference now covers running gh-aw as an MCP server via Docker, for environments where the
ghCLI is not installed locally. (#20053) -
Workflow status message style guide β A new
.github/aw/messages.mdestablishes consistent conventions for tone and emoji usage in safe-outputs status messages across all workflows. (#20052) -
Updated feature documentation and permissions reference cleanup. (#20020, #20003)
π Community Contributions
A huge thank you to the community members who reported issues that were resolved in this release:
@samuelkahessayfor safe-outputs: handler failures never escalated to core.setFailed() (#20035)@strawgatefor Agent sandbox git identity missing: first commit fails, then agent self-configures (#20033)@samuelkahessayfordispatch-workflowvalidation is compile-order dependent (#20031)@samuelkahessayforon.botsmatching is exact-string only and fails for(slug)vs(slug)[bot](#20030)
For complete details, see CHANGELOG.
Generated by Release
What's Changed
- [docs] docs: reduce bloat in permissions.md by @github-actions[bot] in #20003
- [docs] Update documentation for features from 2026-03-08 by @github-actions[bot] in #20020
- Fix firewall analysis showing "-" instead of actual blocked domains for iptables-dropped traffic by @Copilot in #20016
- fix: canonicalize bot identifiers so
<slug>and<slug>[bot]match inon.botsby @Copilot in #20059 - docs: add Docker-based MCP server configuration by @Copilot in #20053
- safe-outputs: escalate handler failures to core.setFailed() by @Copilot in #20055
- Fix dispatch-workflow validation: accept .md-only targets in same compile batch by @Copilot in #20057
- Add workflow status message style guide by @Copilot in #20052
- Fix: Inject git identity env vars into AWF sandbox execution steps by @Copilot in #20056
Full Changelog: v0.56.0...v0.56.1