v0.62.0
π Release Highlights
This release promotes the GitHub MCP guard policy to general availability, adds inline custom safe-output scripts, and ships several quality-of-life improvements for diagnostics and documentation.
β¨ What's New
-
Custom safe-output scripts β Define inline JavaScript handlers in
safe-outputs.scriptsthat run inside the consolidated safe-outputs job, without creating a separate GitHub Actions job. This gives you lightweight extensibility right where you need it. (#21582) -
GitHub MCP guard policy is now GA β The
tools.githubrepos/min-integrityguard policy is out of experimental status. The noisy "experimental feature" warning has been removed for cleaner workflow logs. (#21717) -
Collapsible guard policy step summary β The GitHub MCP guard policy step now uses a
<details>element for its summary, reducing visual noise in the Actions UI while keeping details accessible. (#21677)
π Bug Fixes & Improvements
-
Guard policy defaults fixed β Specifying only
min-integrityundertools.githubwithout areposfield no longer raises a hard validation error; it now correctly defaults torepos: all. (#21718) -
Audit diagnostics improved β The
gh aw auditcommand no longer shows the contradictory "failed with 0 error(s)" message, and correctly reportsworkflow_namefor pre-activation failures (cancelled runs, infrastructure-level failures). (#21692) -
Better PR permission error guidance β When PR creation fails due to missing GitHub Actions permissions, diagnostics now include a direct link to the relevant FAQ entry to speed up resolution. (#21694)
-
Corrected default timeout documentation β The documented default timeout was incorrectly listed as 360 minutes; it is 20 minutes. (#21673)
π Documentation
steps.sanitized.outputs.*is now the canonical form β All documentation has been updated to use$\{\{ steps.sanitized.outputs.text/title/body }}instead of the deprecated$\{\{ needs.activation.outputs.* }}form. The compiler still accepts the old form (with a deprecation warning) for backward compatibility. (#21682)
π Community Contributions
A huge thank you to the community members who reported issues that were resolved in this release:
For complete details, see CHANGELOG.
Generated by Release
What's Changed
- fix: correct default timeout docs from 360 to 20 minutes (#21663) by @dsyme in #21673
- [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #21683
- Use
<details>element for GitHub MCP guard policy step summary by @Copilot in #21677 - Add support for defined custom safe-output scripts by @Copilot in #21582
- Add DIFC_FILTERED event support to gateway log parsing by @Copilot in #21681
- fix: add docs/.npmrc to resolve astro-mermaid peer dep conflict with Astro v6 by @Copilot in #21691
- Deprecate
needs.activation.outputs.*in workflow markdown; update all docs to usesteps.sanitized.outputs.*by @Copilot in #21682 - Replace github.lockdown with github.repos/min-integrity guard policies in create prompt by @Copilot in #21705
- fix(smoke): remove redundant title-prefix from smoke-update-cross-repo-pr by @Copilot in #21712
- fix(audit): misleading "failed with 0 error(s)" message and wrong workflow_name for pre-activation failures by @Copilot in #21692
- Add FAQ link to "GitHub Actions not permitted to create or approve pull requests" diagnostics by @Copilot in #21694
- Remove experimental warning for tools.github guard policy (repos/min-integrity) by @Copilot in #21717
- fix: default
github.repostoallwhen omitted from guard policy by @Copilot in #21718 - [docs] Update documentation for features from 2026-03-19 by @github-actions[bot] in #21731
- Update gh-aw-mcpg to v0.1.19 by @Copilot in #21737
Full Changelog: v0.61.2...v0.62.0
