Skip to content

v0.62.3

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 Mar 06:28
· 1774 commits to main since this release
v0.62.3
458e90f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on extensibility and reliability β€” bringing custom GitHub Actions into the safe-outputs toolkit, hardening the MCP Gateway, and shaving ~20 seconds off every workflow run.

✨ What's New

  • Custom Actions as Safe Output Tools (#21752)
    Expose any GitHub Action as an MCP tool via the new safe-outputs.actions block. The compiler resolves action.yml at compile time to derive the tool schema and inject it into the agent β€” no custom wiring required. Learn more

  • trustedBots support in MCP Gateway (#21865)
    Workflows can now pass an allowlist of additional GitHub bot identities to the MCP Gateway via the new trustedBots field, enabling safe cross-bot collaboration in guarded environments.

  • gh-aw-metadata v3 with agent & model tracking (#21899)
    Compiled lock files now embed the configured agent ID/model and detection agent ID/model in the gh-aw-metadata comment, making it easier to audit which model drove each workflow run.

  • Raised update_issue / update_discussion safe output limits to 256 (#21902)
    The previous cap of 100 operations blocked high-throughput workflows. The maximum is now 256, giving busy automation more headroom.

⚑ Performance

  • ~20 seconds faster per workflow run (#21873)
    Bumped DefaultFirewallVersion to v0.24.5, which eliminates a 10-second container shutdown delay for both the main agent and the threat detection container combined.

πŸ› Bug Fixes & Improvements

  • MCP Gateway no longer crashes when only min-integrity is set (#21893) β€” repos now defaults to "all" when the field is omitted, fixing a silent config-generation failure introduced by Gateway v0.1.19.

  • Schema validation errors now show the correct line number (#21853) β€” Errors like timeout-minutes: -10 previously always reported file.md:1:1. They now point to the actual offending line and use a cleaner message prefix.

  • Staged safe-output handlers no longer acquire write permissions (#21903) β€” Handlers that only emit step-summary previews were incorrectly merging write permissions; they now run with the minimal permissions they actually need.

  • CLI help text consistency fixes (#21907) β€” Corrected misleading flag descriptions in add, trial, audit, and mcp inspect commands.

  • Protected Files warning now appears in the correct position (#21841) β€” When create_pull_request falls back to an issue, the "Protected Files" section is now inserted before the footer rather than after it.

πŸ“š Documentation

  • /gh-aw (no trailing slash) now redirects correctly (#21906) β€” Previously returned a 404 with a doubled canonical URL.
  • Documentation updated for the new --filtered-integrity logs flag and safe-outputs.actions configuration.

For complete details, see CHANGELOG.

Generated by Release

What's Changed

  • fix: insert Protected Files section before footer in fallback issues by @Copilot in #21841
  • [docs] Self-healing documentation fixes from issue analysis - 2026-03-19 by @github-actions[bot] in #21847
  • [log] Add debug logging to workflow and CLI helper functions by @github-actions[bot] in #21851
  • feat: daily DIFC integrity-filtered events analysis workflow + MCP logs filtered_integrity param by @Copilot in #21855
  • fix: schema validation errors report correct line number and cleaner message prefix by @Copilot in #21853
  • feat: Add schema-feature-coverage agentic workflow for 100% schema field coverage by @Copilot in #21856
  • chore: bump DefaultFirewallVersion to v0.24.5 by @Copilot in #21873
  • feat: mount custom GitHub Actions as safe output tools via safe-outputs.actions by @Copilot in #21752
  • [instructions] Sync github-agentic-workflows.md with v0.40.1 β€” add safe-outputs scripts field by @github-actions[bot] in #21874
  • [docs] docs: remove redundant content from templating.md by @github-actions[bot] in #21876
  • Fix MCP Gateway failure: default repos to "all" when only min-integrity is set by @Copilot in #21893
  • Add trustedBots field to MCP Gateway spec, schema, and frontmatter by @Copilot in #21865
  • feat: update gh-aw-metadata payload to v3 with agent id/model and detection agent id/model by @Copilot in #21899
  • [jsweep] Clean add_copilot_reviewer.cjs by @github-actions[bot] in #21898
  • [docs] Update documentation for 2026-03-20 changes by @github-actions[bot] in #21904
  • Bump absolute maximum for update_issue and update_discussion safe outputs to 256 by @Copilot in #21902
  • refactor: extract shared renderStandardJSONMCPConfig helper across engine MCP modules by @Copilot in #21901
  • fix(docs): redirect /gh-aw (no trailing slash) to /gh-aw/ by @Copilot in #21906
  • refactor: semantic function clustering β€” move functions to better-aligned files by @Copilot in #21908
  • fix: resolve 4 CLI consistency issues from automated inspection by @Copilot in #21907
  • Recompile workflows to sync lock files by @Copilot in #21913
  • Skip write permissions for staged safe output handlers by @Copilot in #21903
  • fix(workflow): normalize report formatting in prompt-clustering-analysis by @Copilot in #21915
  • fix: recompile stale lock files and restore Daily Workflow Updater by @Copilot in #21916

Full Changelog: v0.62.2...v0.62.3

Assets 18
Loading