v0.62.1

🌟 Release Highlights

This release focuses on workflow reliability and developer experience — adding new label command flexibility, stronger safe-output content handling, faster user feedback, and expanded APM dependency configuration.

✨ What's New

• Label command control — The label_command trigger now supports a remove_label field, giving you the option to disable automatic label removal after an agent processes a command. Useful for workflows that need to preserve labels for auditing or chaining (#21751).
• APM env support in dependencies — The dependencies configuration now accepts an env block for passing environment variables to dependency setups, alongside an upgrade to microsoft/apm v0.8.2 for improved compatibility (#21687).
• Integrity filtering notice in workflow footer — Workflows now display a clear notice when integrity filtering is active, improving transparency for contributors on public repositories (#21749).

🐛 Bug Fixes & Improvements

• Faster user reactions — The reaction step now fires immediately after generate_aw_info, so users see acknowledgment sooner rather than waiting for longer setup steps (#21783).
• Safer validation error messages — Validation errors that include user-controlled expressions are now quoted with %q, preventing format string injection in error output (#21746).
• Sanitized safe-output content — sanitizeContent is now injected into the safe-output script wrapper context, ensuring output content is properly sanitized before processing (#21806).
• Consistent compiler step names — Step names for "Safe Outputs" and "Install Codex CLI" are now consistently pluralized across compiled workflows, fixing visual inconsistencies in Actions run summaries (#21786).

📚 Documentation

Presentation slides have been significantly expanded with new sections on:

• Agentic engineering principles — "Software Engineer → Agentic Engineer" transition, Agentic Human Processes, and supporting Mermaid diagrams (#21750).
• Sandbox design principles — What makes a "useful sandbox" with architectural guidance (#21810).
• Security features — Supply chain integrity and GitHub Guard coverage added to the security slides (#21805).

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: use %q to safely quote user-controlled expressions in validation error messages by @Copilot in #21746
• Fix build-wasm: update golden files for mcpg v0.1.19 by @Copilot in #21747
• slides: add Software Engineer → Agentic Engineer, Agentic Human Processes, and two Mermaid diagrams by @Copilot in #21750
• [docs] Update glossary - daily scan by @github-actions[bot] in #21768
• Add env support to dependencies configuration and upgrade microsoft/apm to v0.8.2 by @Copilot in #21687
• Fix compiler step name inconsistencies: plural "Safe Outputs" and "Install Codex CLI" by @Copilot in #21786
• Move reaction step after generate_aw_info for faster user feedback by @Copilot in #21783
• docs(slides): add supply chain integrity and GitHub Guard sections to security features slide by @Copilot in #21805
• Inject sanitizeContent into safe-output script wrapper context by @Copilot in #21806
• Add remove_label field to label_command to disable automatic label removal by @Copilot in #21751
• docs(slides): add "useful sandbox" design principles slides by @Copilot in #21810
• Add integrity filtering notice to workflow footer by @Copilot in #21749
• Fix failing integration tests: APM env schema + safe-output-items artifact merge by @Copilot in #21811
• fix: restore table row text visibility in slides dark theme by @Copilot in #21817

Full Changelog: v0.62.0...v0.62.1

v0.62.0

🌟 Release Highlights

This release promotes the GitHub MCP guard policy to general availability, adds inline custom safe-output scripts, and ships several quality-of-life improvements for diagnostics and documentation.

✨ What's New

• Custom safe-output scripts — Define inline JavaScript handlers in safe-outputs.scripts that run inside the consolidated safe-outputs job, without creating a separate GitHub Actions job. This gives you lightweight extensibility right where you need it. (#21582)

• GitHub MCP guard policy is now GA — The tools.github repos/min-integrity guard policy is out of experimental status. The noisy "experimental feature" warning has been removed for cleaner workflow logs. (#21717)

• Collapsible guard policy step summary — The GitHub MCP guard policy step now uses a <details> element for its summary, reducing visual noise in the Actions UI while keeping details accessible. (#21677)

🐛 Bug Fixes & Improvements

• Guard policy defaults fixed — Specifying only min-integrity under tools.github without a repos field no longer raises a hard validation error; it now correctly defaults to repos: all. (#21718)

• Audit diagnostics improved — The gh aw audit command no longer shows the contradictory "failed with 0 error(s)" message, and correctly reports workflow_name for pre-activation failures (cancelled runs, infrastructure-level failures). (#21692)

• Better PR permission error guidance — When PR creation fails due to missing GitHub Actions permissions, diagnostics now include a direct link to the relevant FAQ entry to speed up resolution. (#21694)

• Corrected default timeout documentation — The documented default timeout was incorrectly listed as 360 minutes; it is 20 minutes. (#21673)

📚 Documentation

• steps.sanitized.outputs.* is now the canonical form — All documentation has been updated to use $\{\{ steps.sanitized.outputs.text/title/body }} instead of the deprecated $\{\{ needs.activation.outputs.* }} form. The compiler still accepts the old form (with a deprecation warning) for backward compatibility. (#21682)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @dsyme for correct default timeout docs from 360 to 20 minutes (#21663)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: correct default timeout docs from 360 to 20 minutes (#21663) by @dsyme in #21673
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #21683
• Use <details> element for GitHub MCP guard policy step summary by @Copilot in #21677
• Add support for defined custom safe-output scripts by @Copilot in #21582
• Add DIFC_FILTERED event support to gateway log parsing by @Copilot in #21681
• fix: add docs/.npmrc to resolve astro-mermaid peer dep conflict with Astro v6 by @Copilot in #21691
• Deprecate needs.activation.outputs.* in workflow markdown; update all docs to use steps.sanitized.outputs.* by @Copilot in #21682
• Replace github.lockdown with github.repos/min-integrity guard policies in create prompt by @Copilot in #21705
• fix(smoke): remove redundant title-prefix from smoke-update-cross-repo-pr by @Copilot in #21712
• fix(audit): misleading "failed with 0 error(s)" message and wrong workflow_name for pre-activation failures by @Copilot in #21692
• Add FAQ link to "GitHub Actions not permitted to create or approve pull requests" diagnostics by @Copilot in #21694
• Remove experimental warning for tools.github guard policy (repos/min-integrity) by @Copilot in #21717
• fix: default github.repos to all when omitted from guard policy by @Copilot in #21718
• [docs] Update documentation for features from 2026-03-19 by @github-actions[bot] in #21731
• Update gh-aw-mcpg to v0.1.19 by @Copilot in #21737

Full Changelog: v0.61.2...v0.62.0

v0.61.2

🌟 Release Highlights

This release improves ecosystem domain coverage for broader language support, fixes critical expression evaluation bugs on workflow_dispatch, and enhances private repo compatibility — making agentic workflows more reliable across diverse repository configurations.

✨ What's New

• Chrome & Deno ecosystem domain groups — Workflows using headless Chrome/Puppeteer or Deno no longer hit blocked domain errors during build and test phases. New chrome and deno groups cover the required Google/gvt1 domains and Deno registries. (#21653)

• Memory limit passthrough — Set sandbox.memory in your workflow frontmatter to control per-workflow memory limits passed to the AWF sandbox. Previously this field was silently ignored; all workflows defaultly used AWF's default. (#21634)

• MCP gateway upgraded to v0.1.18 — All workflows have been recompiled against the latest gateway release. (#21660)

🐛 Bug Fixes & Improvements

• Fixed: expressions left unresolved on workflow_dispatch — $\{\{ steps.sanitized.outputs.text }} and similar expressions were rendered literally instead of resolving to an empty string when triggered via workflow_dispatch. (#21633)

• Fixed: asset URLs in private repos — raw.githubusercontent.com URLs fail silently for private repositories. Asset URLs now use the blob?raw=true format that works for both public and private repos. (#21646)

• Fixed: missing handler registry entries — assign_to_agent, upload_asset, and noop handlers were absent from the safe-outputs handler registry, causing silent failures. (#21623)

• Fixed: ecosystem domain gaps causing build-test failures — Domain allowlist gaps were identified as the top blocker in the March 2026 v6 build-test run, affecting 35+ repos across Kotlin, Groovy, Java, Scala, Zig, and PowerShell. All gaps have been patched. (#21635)

📚 Documentation

• New FAQ: Sparse checkout for large monorepos — Added guidance on using the sparse-checkout field under checkout: frontmatter to dramatically speed up workflow execution in large monorepos. (#21655)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @Mossaka for Support sparse-checkout in compiled workflows for large monorepos (#21630)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• build(deps): bump h3 from 1.15.5 to 1.15.8 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #21620
• Add missing handler registry entries for assign_to_agent, upload_asset, and noop by @Copilot in #21623
• fix: evaluateExpression resolves steps/needs to empty string on workflow_dispatch by @Copilot in #21633
• [log] log: add debug logging to filter/engine/permissions functions by @github-actions[bot] in #21650
• Add memory-limit passthrough from workflow frontmatter to AWF by @Copilot in #21634
• fix: capitalize "Assets" and "Agent" in workflow step names by @Copilot in #21636
• [cloclo] docs: add FAQ entry for sparse checkout in large monorepos by @github-actions[bot] in #21655
• Recompile workflows to sync lock files by @Copilot in #21652
• build(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 in the go_modules group across 1 directory by @dependabot[bot] in #21654
• Add missing ecosystem domains to fix build-test v6 failures across 10 languages by @Copilot in #21635
• Add chrome and deno ecosystem domain groups for headless Chrome/Puppeteer and Deno testing by @Copilot in #21653
• chore: bump MCP gateway version to v0.1.18 by @lpcox in #21660
• Fix asset URLs to work with private repos by @Copilot in #21646
• chore: upgrade gh-aw-firewall from v0.24.2 to v0.24.3 by @Copilot in #21672

Full Changelog: v0.61.1...v0.61.2

v0.61.1

🌟 Release Highlights

This release focuses on enterprise reliability — bringing signed-commit support for protected branches, improved GitHub Enterprise Server compatibility, and more robust GitHub App authentication across the board.

✨ What's New

• Signed commits for protected branches — Workflows now use GraphQL-signed commits when pushing to branches protected by required-signatures rulesets, unblocking teams on strict branch policies (#21576, #21584)

• Self-hosted runner compatibility — Runtime paths migrated from /opt/gh-aw to $\{\{ runner.temp }}/gh-aw, ensuring agentic workflows run cleanly on self-hosted runners where /opt may be read-only (#21443)

• GitHub App authentication overhaul — Top-level github-app: frontmatter now serves as a universal token-minting fallback, GitHub App-only permission scopes are fully supported, and authentication failures surface as actionable errors in agent failure issues (#21510, #21511, #21424)

• Weekly blog post writer workflow — A new agentic workflow automates weekly blog post generation, showcasing gh-aw's own self-improvement capabilities (#21575)

• Lockdown failure visibility — Lockdown check failures now surface directly in agent failure issues, making it easier to diagnose why a workflow was blocked (#21607)

• Dracula-themed CLI — The interactive CLI now uses a custom Huh theme mapped from the Dracula palette, plus a bubbles v2 library upgrade for a polished terminal experience (#21557, #21520)

• Temporary ID for assign_milestone — The assign_milestone safe output now supports temporary IDs for cross-referencing milestone assignments within a workflow run (#21578)

🐛 Bug Fixes & Improvements

• GHES / GH Enterprise fixes — GH_HOST is now correctly propagated to custom frontmatter jobs and safe-outputs, fixing token and authentication issues on GHES and data-residency deployments (#21523, #21525, #21527)

• Incremental patch fallback — When an incremental patch fetch fails, workflows now fall back gracefully to the existing remote-tracking ref instead of erroring out (#21568)

• APM token & version fixes — GitHub App tokens minted for APM are now properly invalidated after use, and APM version strings are validated before YAML injection to prevent compiler panics (#21508, #21509)

• safe_items_count in cached runs — Fixed an issue where safe_items_count was missing from workflow results when filtering by workflow_name in cached runs (#21491)

• setupGlobals in staged mode — Fixed a ReferenceError in the generate_aw_info step when running in staged mode (#21602)

• Terminal resize handling — List height now updates correctly when the terminal is resized during interactive prompts (#21555)

📚 Documentation

• Expanded troubleshooting guides — "Write Operations Fail" troubleshooting now includes step-by-step diagnosis, and debugging guides ship with copy-paste agent prompt templates (#21519, #21494)

• GHES documentation updates — New guide covering automatic GH_HOST injection in custom jobs and Copilot GHES troubleshooting (#21528)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Surface GitHub App authentication failures as explicit errors in agent failure issues by @Copilot in #21424
• refactor: migrate /opt/gh-aw to ${{ runner.temp }}/gh-aw for self-hosted runner compatibility by @Copilot in #21443
• Fix non-deterministic map iteration in EngineRegistry by @Copilot in #21474
• [docs] Consolidate 5 uncovered spec files into dev.md (v3.9) by @github-actions[bot] in #21485
• refactor: split permissions_validation.go — separate data loading from validation logic by @Copilot in #21492
• refactor: deduplicate github-app field definitions in main_workflow_schema.json by @Copilot in #21493
• docs: update debugging guides with copy-paste agent prompt templates by @Copilot in #21494
• Fix safe_items_count missing from cached runs when filtering by workflow_name by @Copilot in #21491
• Validate APM version string before YAML injection in compiler by @Copilot in #21509
• Fix APM GitHub App token never invalidated after use by @Copilot in #21508
• fix(deep-report): switch discussion data source from MCP to pre-fetched GraphQL by @Copilot in #21507
• Split strict_mode_validation.go into focused concern-specific files by @Copilot in #21506
• refactor: split expression_validation.go into three focused files by @Copilot in #21505
• docs: expand "Write Operations Fail" troubleshooting stub in common-issues.md by @Copilot in #21519
• fix(docs): tablet hamburger nav + mobile animation/code-wrap improvements by @Copilot in #21513
• fix: add protected-files: fallback-to-issue to Q workflow by @Copilot in #21521
• fix: propagate GH_HOST to custom frontmatter jobs and safe-outputs for GHES/GHEC by @lpcox in #21523
• fix: configure_gh_for_ghe.sh — use GH_HOST instead of gh auth login when GH_TOKEN is set by @Copilot in #21525
• feat: migrate charmbracelet/bubbles to v2 (charm.land/bubbles/v2) by @Copilot in #21520
• [docs] Update glossary with GH_HOST and RUNNER_TEMP (daily scan 2026-03-18) by @github-actions[bot] in #21553
• [docs] Update GHES docs: auto GH_HOST in custom jobs and Copilot GHES troubleshooting guide by @github-actions[bot] in #21528
• Fix list height not updating on terminal resize by @Copilot in #21555
• fix(daily-workflow-updater): unblock PR creation by setting protected-files: allowed by @Copilot in #21554
• chore: bump MCP Gateway v0.1.15→v0.1.17 by @Copilot in #21552
• feat: custom Huh theme mapped from pkg/styles Dracula palette by @Copilot in #21557
• Add top-level github-app frontmatter as universal fallback for token minting by @Copilot in #21510
• feat: add GitHub App-only permissions support by @Copilot in #21511
• fix: fall back to existing remote tracking ref when incremental patch fetch fails by @Copilot in #21568
• Add weekly blog post writer agentic workflow by @Copilot in #21575
• ci: add timeout-minutes to all 25 jobs lacking explicit limits by @Copilot in #21601
• fix: add setupGlobals in generate_aw_info step to fix staged mode ReferenceError by @Copilot in #21602
• Disable lockdown mode for weekly blog post generator by @Copilot in #21598
• fix: replace git push with GraphQL signed commits to satisfy required_signatures rulesets by @Copilot in #21576
• [blog] Weekly blog post – 2026-03-18 by @github-actions[bot] in #21608
• Fix threat detection AWF run missing --copilot-api-target and GHE domains on data residency by @Copilot in #21527
• Add temporary ID support to assign_milestone safe output by @Copilot in #21578
• feat: Surface lockdown check failures in agent failure issues by @Copilot in #21607
• [safe-output-integrator] Add missing Go compiler tests for safe-output types by @github-actions[bot] in #21617

Full Changelog: v0.61.0...v0.61.1

v0.61.0

🌟 Release Highlights

v0.61.0 delivers important reliability fixes for safe-outputs, expands cross-repository project management, and improves the debugging experience with automatic runner debug detection. GHE Cloud users also get a critical compatibility fix.

✨ What's New

• 🔍 Automatic debug logging — When running with ACTIONS_RUNNER_DEBUG=true, full debug logging now activates automatically — no more setting DEBUG=* manually to diagnose workflow issues. (#21406)

• 🗂️ Cross-repo project item updates — update_project now accepts a target_repo parameter, enabling org-level project boards to update fields on items from repositories other than the triggering one. (#21404)

• 🏢 GHE Cloud data residency support — Compiled workflows now automatically inject a GH_HOST configuration step, fixing gh CLI failures on *.ghe.com instances. (#21408)

• 📦 CI build artifacts — The build CI job now uploads the compiled gh-aw binary as a downloadable artifact with step summary instructions, making it easier to test binaries from any CI run. (#21440)

🐛 Bug Fixes & Improvements

• Safe-outputs staged mode — safe-outputs.staged: true was silently failing for most handler types due to schema validation issues (additionalProperties) and missing conditional logic. All 40 handler types now work correctly. (#21414)

• set_issue_type in runtime tools — The set_issue_type tool was missing from the runtime tools JSON, making it unavailable to agents at runtime despite being compiled in. (#21421)

• Security: editor URL validation — Fixed a client-side request forgery vulnerability where unvalidated location.hash values were passed directly to fetch(), allowing requests to arbitrary hosts. (#21423)

• Clean lock.yml output — Generated .lock.yml files no longer start with a spurious bare # line before the ASCII logo. (#21413)

• CLI help text consistency — Resolved 10 inconsistencies across command help text including mismatched descriptions, vague group labels, and flag semantic drift. (#21400)

📚 Documentation

• Creating Command Workflows guide — New section in the workflow creation docs covering on-demand "command" workflows and when to use each approach. (#21410)

• Claude plugins + APM dependencies FAQ — Added a FAQ entry explaining how to use Claude Code plugins alongside APM (dependencies:) configuration. (#21409)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @holwerda for Support github-app: auth and Claude Code plugin registration for dependencies: (APM) (#21243)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [doc-healer] DDUw: scan recently closed documentation issues to catch deferred gaps by @Copilot in #21439
• feat(update_project): add target_repo for cross-repo project item resolution by @Copilot in #21404
• [log] log: add debug logging to 5 Go files across workflow and cli packages by @github-actions[bot] in #21445
• ci: upload gh-aw binary from build job as artifact with download instructions by @Copilot in #21440
• [docs] Self-healing documentation fixes from issue analysis - 2026-03-17 by @github-actions[bot] in #21437
• ci(build): add action-mode release + current commit SHA to step summary by @Copilot in #21450
• fix: ensure safe-outputs staged mode works for all handler types by @Copilot in #21414

Full Changelog: v0.60.1...v0.61.0

v0.60.0

🌟 Release Highlights

v0.60.0 focuses on security hardening through a smarter guard policy system, expanded GitHub Enterprise Server (GHES) support, and a wave of reliability fixes — including a critical bot-detection failure that was affecting 84% of runs.

⚠️ Breaking Changes

• Automatic lockdown replaced by automatic guard policies (#21287, #21294) — The runtime no longer auto-emits lockdown=true for public repos. Instead, it automatically configures min_integrity and repos guard policy fields on the GitHub MCP server for all repository types. Public repos get min_integrity=approved; private/internal repos get min_integrity=none. Remove any explicit lockdown: false from your workflow frontmatter as it is no longer needed.

✨ What's New

• GHES domain auto-allowlisting (#21301) — When engine.api-target is set for a GitHub Enterprise Server instance, the compiler now automatically adds the GHES API and base hostnames to the firewall allow-list. Previously, every recompile silently blocked GHES API traffic.

• github-app: auth in APM dependencies (#21286) — APM dependencies: now supports cross-org private package access via github-app: auth, solving failures where GITHUB_TOKEN couldn't reach packages in other organizations.

• APM version pinning (#21297) — The compiler now pins microsoft/APM to v0.8.0 in generated workflow steps, ensuring reproducible APM package resolution.

• Cross-host workflow resolution for GHE (#21349) — gh aw add and gh aw add-wizard now correctly resolve workflows from github.com when GH_HOST points to a GHE instance, preventing HTTP 404 errors on cross-host operations.

• Runtime safe-outputs tools loading (#21323) — safe_outputs_tools.json is now loaded from actions/setup at runtime instead of being inlined at compile time, enabling schema updates without workflow recompilation.

🐛 Bug Fixes & Improvements

• Bot detection reliability (#21386) — Fixed an expired GH_AW_BOT_DETECTION_TOKEN causing an 84% failure rate. The step now correctly falls back to GITHUB_TOKEN when the dedicated token is unavailable.

• checkout: false Git credentials (#21325) — Compiler no longer emits "Configure Git credentials" steps when checkout: false is set, eliminating fatal: not a git repository errors in workflows that skip checkout.

• Safe-outputs prompt clarity (#21307) — The built-in prompt now correctly instructs agents to use safe-outputs only for "GitHub writes and completion signaling," preventing agents from ignoring mounted GitHub MCP read tools.

• Error chain formatting (#21384) — Wrapped error chains are now displayed with newlines and indentation, making multi-layer errors significantly easier to debug.

• Guard policies for non-GitHub MCP servers (#21342) — Write-sink guard policies are now correctly applied to non-GitHub MCP servers (Playwright, Serena, mcp-scripts, etc.) during auto-lockdown.

• gh aw new engine list (#21348) — The interactive new command no longer offers the removed custom engine, preventing immediate compilation failures for newly created workflows.

• audit absolute paths (#21331) — gh aw audit now returns absolute paths for downloaded files, improving compatibility with downstream tooling.

📚 Documentation

• New /reference/auth-projects/ reference page for project authentication (#21280)
• Documented automatic minimum-integrity-approved guard policy for public repositories (#21298)
• Condensed Multi-Repo Operations best practices guide (#21311)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [code-simplifier] refactor: extract parseSecretNames helper to remove duplication (#21262) by @github-actions[bot] in #21275
• refactor(workflow): semantic function clustering — dedup, split, rename by @Copilot in #21277
• docs: create missing /reference/auth-projects/ page by @Copilot in #21280
• [log] log: add debug logging to 5 files across workflow/parser/cli packages by @github-actions[bot] in #21283
• Support github-app: auth in dependencies: for cross-org APM packages by @Copilot in #21286
• Replace automatic lockdown with automatic guard policy for public and private repositories by @Copilot in #21287
• docs: document automatic minimum-integrity-approved guard policy for public repos by @Copilot in #21298
• Remove lockdown: false from all agentic workflows by @Copilot in #21294
• Store default GitHub lockdown value as a named constant by @Copilot in #21303
• Compiler: auto-add GHES domains to --allow-domains when engine.api-target is set by @Copilot in #21301
• Pin microsoft/APM version to v0.8.0 and emit it in generated apm-action steps by @Copilot in #21297
• [docs] docs: condense MultiRepoOps best practices and remove redundant sections by @github-actions[bot] in #21311
• fix: prompt steers model away from GitHub MCP read tools when safe-outputs is also enabled by @Copilot in #21307
• Rename vague helper functions in add_interactive for better AI agent discoverability by @Copilot in #21324
• fix: skip Configure Git credentials when checkout: false by @Copilot in #21325
• fix: Multi-Device Docs Tester hits max-turns without producing safe outputs by @Copilot in #21327
• fix(ci-coach): fallback to issue when PR touches protected files by @Copilot in #21333
• test(fileutil): expand coverage to all exported functions by @Copilot in #21332
• fix(audit): return absolute paths in downloaded_files by @Copilot in #21331
• [jsweep] Clean add_reviewer.cjs by @github-actions[bot] in #21330
• feat: load safe_outputs_tools.json from actions/setup at runtime instead of inlining by @Copilot in #21323
• refactor: extract shared MCP renderer helpers across engine implementations by @Copilot in #21336
• fix: activate GitHub App configuration in shared workflow configs by @Copilot in #21329
• fix: remove github-app from smoke-claude APM dependencies by @Copilot in #21339
• fix: replace removed custom engine with gemini in interactive new command by @Copilot in #21348
• fix: add write-sink guard policies for non-GitHub MCP servers on auto-lockdown by @Copilot in #21342
• [docs] Update glossary - daily scan by @github-actions[bot] in #21364
• fix: format wrapped error chains with newlines and indentation by @Copilot in #21384
• [fp-enhancer] Improve pkg/cli with functional patterns by @github-actions[bot] in #21359
• fix: use GITHUB_TOKEN in bot-detection precompute step (expired GH_AW_BOT_DETECTION_TOKEN causing 84% failure rate) by @Copilot in #21386
• fix: update docs-noob-tester with correct Playwright bridge IP instructions by @Copilot in #21385
• Fix cross-host workflow resolution in add and add-wizard when GH_HOST is a GHE instance by @Copilot in #21349
• Add Update Astro agentic workflow by @Copilot in #21389

Full Changelog: v0.59.0...v0.60.0

v0.59.0

🌟 Release Highlights

v0.59.0 is a substantial release focused on new trigger types, call-workflow reliability, performance fixes, and a streamlined safe-outputs domain configuration. It also ships two new CLI commands and meaningful add-wizard UX improvements.

⚠️ Breaking Changes

• default-redaction renamed to default-safe-outputs — The built-in compound ecosystem identifier has been renamed. Update any frontmatter that references default-redaction in safe-outputs.allowed-domains.
• safe-outputs.allowed-url-domains merged into allowed-domains — The separate allowed-url-domains field has been removed. Its capabilities (ecosystem identifiers, additive URL allowlisting) are now part of the unified allowed-domains field.

✨ What's New

• Label Command Trigger — A new label_command trigger activates workflows when a specific label is added to an issue, PR, or discussion. The label is automatically removed on activation so it can be reapplied to re-trigger. (#21118)

• gh aw domains command — Inspect the effective network domain configuration across all your workflows, or drill into a specific workflow with per-domain ecosystem annotations. (#21086)

• Pre-activation step injection — New on.steps and on.permissions frontmatter fields let you inject custom steps and permissions into the activation job, enabling advanced trigger customization. (#21219)

• Smarter add-wizard — The wizard now detects org-level secrets to skip redundant token prompts (#21262) and offers an "Edit PR title and retry" option when a merge fails (#21261).

• Richer agent step log summaries — MCP tool calls now display their key arguments inline (e.g., ✓ github-list_issues repo=my-repo), giving you at-a-glance insight without digging into raw logs. (#21060)

• Builtin MCP usage guide — The canonical agentic-workflows MCP usage guide is now automatically injected at compile time — no need to duplicate it across workflow prompts. (#21117)

• Default reaction: eyes and status-comment — Slash-command and label-command triggers now enable reaction: eyes and status-comment: true by default, providing immediate visual acknowledgment when a workflow is triggered. (#21229)

⚡ Performance

• Fixed a ~50% regression in FindIncludesInContent that slowed compilation for workflows with many imports. (#21265)
• Fixed a YAML generation regression caused by repeated schema parsing; deprecated-field schema is now cached. (#21264)

🐛 Bug Fixes & Improvements

• call-workflow reliability — Multiple fixes: call-workflow is now wired into the consolidated safe-outputs handler path (#21218), tool registration in the HTTP MCP server is corrected (#21124), workflow_call inputs are properly forwarded (#21085), and caller jobs now inherit the correct permissions (#21080).
• PR reviewers respected — create-pull-request safe output now correctly applies reviewers configured in the workflow frontmatter. (#21217)
• sandbox.mcp payload fields — payloadSizeThreshold and other sandbox MCP fields were silently ignored during frontmatter extraction; this is now fixed. (#21167)
• label_command + slash_command co-existence — Workflows that declare both triggers no longer suppress label_command activation. (#21222)
• Bot allowlist fallback — check_membership.cjs no longer short-circuits the bot allowlist when a permissions API error occurs. (#21109)
• Missing npm treated as warning — Workflows that don't require npm no longer fail compilation on machines where npm is absent. (#21165)
• Long PAT header corruption — Checkout fetch steps now use base64 -w 0 to prevent line-wrapped headers with long PATs. (#21068)
• Compiler error messages — Syntax errors now report more precise locations and clearer descriptions. (#21123)

📚 Documentation

• Fixed the custom trigger filtering guide to use job-based graceful skip instead of exit 1. (#21215)
• Updated ecosystem identifiers and safe-outputs.allowed-domains reference docs. (#21170)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @alondahari for create-pull-request safe output does not add reviewers configured in workflow (#21207)
• @johnwilliams-12 for call-workflow is not wired into the consolidated safe_outputs handler-manager path (#21205)
• @johnwilliams-12 for HTTP safe-outputs server does not register generated call-workflow tools (#21074)
• @johnwilliams-12 for call-workflow generated caller jobs omit required permissions: (#21071)
• @johnwilliams-12 for call-workflow fan-out jobs do not forward declared workflow_call.inputs (#21062)
• @strawgate for sandbox.mcp.payloadSizeThreshold is ignored during frontmatter extraction (#21135)
• @strawgate for Feature: support explicit custom key for close-older matching (#21028)
• @microsasa for check_membership.cjs error branch short-circuits before bot allowlist fallback (#21098)
• @MattSkala for Allow conditional trigger filtering without failing workflow runs (#21203)
• @veverkap for Feature Request: Modify PR before creation (#21257)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Fix engine validation error location and improve error detection (#issue) by @Copilot in #21023
• [docs] Update documentation for features from 2026-03-15 by @github-actions[bot] in #21025
• feat: use action mode for release builds instead of release mode by @Copilot in #21024
• [docs] Update dictation skill glossary with 20 new terms by @github-actions[bot] in #21032
• fix: use qmd vsearch instead of qmd query to avoid LLM dependency in CI by @Copilot in #21046
• [code-simplifier] refactor: simplify fastParseTitle state machine and deduplicate formatCompilerError by @github-actions[bot] in #21050
• [docs] Update dictation skill instructions by @github-actions[bot] in #21059
• feat: enable status-comment on archie, cloclo, and q workflows by @Copilot in #21055
• [cloclo] fix: resolve temporary IDs in add_labels and remove_labels handlers by @github-actions[bot] in #21058
• Fix missing permissions in security-alert-burndown campaign workflow by @Copilot in #21066
• fix: use base64 -w 0 in checkout fetch step to prevent header corruption with long PATs by @Copilot in #21068
• fix(workflow-health-manager): increase repo-memory max-patch-size by @Copilot in #21070
• Show tool arguments and outputs in agent step log summaries by @Copilot in #21060
• cloclo: add protected-files fallback-to-issue by @Copilot in #21078
• Add history URL to agent failure issue/comment footers by @Copilot in #21075
• feat: support explicit custom key for close-older matching by @Copilot in #21076
• Add CI guard for validator file size limit (768 lines) by @Copilot in #21077
• fix: propagate worker job permissions to call-workflow caller jobs (#21061) by @Copilot in #21...

v0.58.3

🌟 Release Highlights

This release focuses on security hardening, GHES compatibility, and developer experience improvements — with better MCP write protection, a new Copilot pre-flight diagnostic for enterprise environments, and a noticeably improved run details summary.

✨ What's New

• MCP Write-Sink Guard Policy — All non-GitHub MCP servers configured via the gateway now enforce a write-sink guard policy, preventing unintended writes through third-party MCP tools. This improves the security posture of workflows using custom MCP integrations. (#21005)

• Copilot Pre-flight Diagnostic for GHES — A new pre-flight check helps diagnose Copilot configuration issues in GitHub Enterprise Server environments before a workflow run fails, saving time when debugging enterprise setups. (#20975)

• Action Pins Mode with gh-aw-actions v0 — The action-tag step now uses action pins mode, enabling stable and auditable action references via gh-aw-actions at the v0 tag. (#20991)

• Enhanced Run Details Step Summary — Workflow run summaries now render as structured bullet points, display the gh-aw version, and include full aw_info output for easier post-run inspection. (#20989)

⚡ Performance

• Faster Workflow Name Extraction — extractWorkflowNameFromFile no longer performs an unnecessary full YAML parse, reducing overhead when processing large workflow collections. (#21012)

🐛 Bug Fixes & Improvements

• GHES Host Leakage Prevention — The "Install GitHub Copilot CLI" step now explicitly emits GH_HOST: github.com, preventing GHES host values from leaking into the Copilot CLI installation context. (#20992)
• Workflow Call Artifact Downloads Fixed — Artifact prefix handling in the conclusion job and script step downloads now works correctly in workflow_call contexts. (#21011)
• TypeScript Type Error Fixed — Resolved a type error in json_object_to_markdown.cjs that could cause runtime failures in certain output scenarios. (#21010)
• Go Firewall Rule for Shared Workflows — The shared/go-make.md shared workflow now includes go in its firewall allowed set, enabling Go toolchain downloads during builds. (#21014)

📚 Documentation

• Accessibility: Live Search Results — The docs site search now announces results to screen readers via aria-live, improving accessibility for keyboard and assistive technology users. (#21019)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Optimize qmd-docs workflows: explicitly instruct models to use qmd-query for doc search by @Copilot in #20987
• Add Copilot pre-flight diagnostic for GHES environments by @claude in #20975
• Improve run details step summary: bullet points, aw version, and full aw_info rendering by @Copilot in #20989
• feat: update action-tag to use action pins mode (gh-aw-actions) with v0 by @Copilot in #20991
• fix: emit GH_HOST: github.com on Install GitHub Copilot CLI step to prevent GHES host leakage by @Copilot in #20992
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #21001
• [docs] docs: condense CentralRepoOps intro and remove duplicate cross-repo notes by @github-actions[bot] in #21003
• feat: add write-sink guard policy to all non-GitHub MCP servers configured by gateway by @Copilot in #21005
• Add go firewall allowed set to shared/go-make.md by @Copilot in #21014
• perf: optimize extractWorkflowNameFromFile by eliminating unnecessary YAML parse by @Copilot in #21012
• fix: use artifact prefix in conclusion job and script step downloads for workflow_call context by @Copilot in #21011
• Remove copilot-preflight script and associated step generation by @Copilot in #21016
• docs: add aria-live enhancement for search results accessibility (#issue) by @Copilot in #21019

Full Changelog: v0.58.2...v0.58.3

v0.58.2

🌟 Release Highlights

This release delivers broad GitHub Enterprise Server (GHES) improvements, making setup and tooling smoother for enterprise users, alongside critical reliability fixes for safe-outputs and several quality-of-life enhancements.

✨ What's New

• GitHub Enterprise Server auto-detection — The audit and add-wizard commands now automatically detect GHES environments and configure themselves accordingly, reducing manual setup friction. GITHUB_HOST is also passed to the GitHub MCP server to enable enterprise-aware API calls. (#20971, #20973, #20944, #20878)

• excluded-files for PR creation — The create-pull-request and push-to-pull-request-branch tools now support an excluded-files field, giving workflows fine-grained control over which files are included in pull requests. (#20935)

• Richer create_pull_request_review_comment schema — The pull_request_number and repo fields are now available in the safe-outputs tool, enabling cross-repo PR review comments. (#20963)

• Clearer run command errors — Missing workflow inputs now produce descriptive, actionable error messages instead of silent failures. (#20951)

🐛 Bug Fixes & Improvements

• Safe-outputs now reliably capture items — Fixed a bug where safe-output-items.jsonl was always empty and SafeItemsCount always reported 0, causing workflows to silently produce no outputs. (#20899)

• Safe-outputs MCP server stability — Disabled HTTP server timeouts that caused idle connection drops during long agent runs, preventing workflows from incorrectly reporting success with no outputs. (#20901)

• close_pull_request tool restored — The tool was missing from config.json despite being defined in the handler, preventing agents from closing PRs even when explicitly configured to do so. (#20897)

• gh aw upgrade drift fix — Corrected a bug where upgrade left a stale with: version: field out of sync with its uses: comment after version changes. (#20895)

• GHES: add-wizard PR creation fixed — The --create-pull-request flag now works correctly on GitHub Enterprise Server repositories. (#20898)

• Suppressed spurious wildcard fetch warning — Public repositories no longer show an irrelevant warning about wildcard branch fetching. (#20955)

• Security: cross-repo dispatch validation — Added allowlist validation to dispatch_workflow to prevent unauthorized cross-repository workflow dispatches. (#20970)

📚 Documentation

Automated documentation self-healing resolved three community-reported issues: improved staged-mode docs, fixed broken CONTRIBUTING.md anchors, and expanded APM guidance in the dependencies: reference.

🌍 Community Contributions

A huge thank you to the community members who reported issues resolved in this release:

• @dsyme for Staged mode support needs better docs (#20241)
• @bmerkle for invalid html anchor used in error message: CONTRIBUTING.md#prerequisites (#20646)
• @danielmeppiel for The dependencies: documentation undersells APM and lacks guidance for users (#20663)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Update gh-aw-mcpg version to v0.1.15 by @claude in #20862
• Add gh CLI configuration for GitHub Enterprise support by @claude in #20878
• [instructions] Sync github-agentic-workflows.md with v0.58.1 by @github-actions[bot] in #20876
• [dead-code] chore: remove dead functions — 5 functions removed by @Copilot in #20871
• [docs] docs: condense tools.md Registry Field section and trim Related Documentation by @github-actions[bot] in #20879
• fix: close_pull_request missing from config.json despite being in handler config by @Copilot in #20897
• Fix add-wizard/add --create-pull-request failing on GitHub Enterprise Server repos by @Copilot in #20898
• fix: correct stale with: version: when uses: comment and version drifted before upgrade by @Copilot in #20895
• fix: safe-output-items.jsonl always empty and SafeItemsCount always 0 by @Copilot in #20899
• [jsweep] Clean add_comment.cjs by @github-actions[bot] in #20900
• fix: disable HTTP server timeouts in safe-outputs MCP server to prevent idle connection drops by @Copilot in #20901
• [docs] Update documentation for GHES improvements from 2026-03-14 by @github-actions[bot] in #20906
• docs: require GitHub Copilot coding agent to always create a pull request by @Copilot in #20933
• refactor: rename runActionlintOnFile to runActionlintOnFiles by @Copilot in #20941
• fix(gemini): move error files into /tmp/gh-aw/ before artifact bundling by @Copilot in #20938
• refactor: extract shared project config parsing helpers to eliminate duplication by @Copilot in #20939
• feat: pass GITHUB_HOST to GitHub MCP server for enterprise support by @Copilot in #20944
• feat: improve run command error output for missing workflow inputs by @Copilot in #20951
• fix: update tests and golden files for GITHUB_HOST in GitHub MCP server config by @Copilot in #20956
• Add excluded-files field to create-pull-request and push-to-pull-request-branch by @Copilot in #20935
• improve test quality in pkg/parser/schedule_parser_test.go by @Copilot in #20969
• [safeoutputs] Add pull_request_number and repo fields to create_pull_request_review_comment tool schema by @Copilot in #20963
• [refactor] Semantic Function Clustering: Outlier Functions in agentic_engine.go and js.go by @Copilot in #20972
• fix(sec-005): add cross-repo allowlist validation to dispatch_workflow and exempt resolve_host_repo by @Copilot in #20970
• [docs] Self-healing documentation fixes from issue analysis - 2026-03-14 by @github-actions[bot] in #20980
• GHES: Add auto-detection helper functions for wizard configuration by @claude in #20971
• Add GHES auto-detection to audit and add-wizard commands by @claude in #20973
• Fix health smoke-copilot CI: use lock file name for gh run list API calls by @Copilot in #20979
• Suppress wildcard fetch warning for public repos by @Copilot in #20955
• [log] Add dedicated debug loggers to 5 pkg files for improved traceability by @github-actions[bot] in #20984

Full Changelog: v0.58.1...v0.58.2

v0.58.1

🌟 Release Highlights

This release focuses on workflow chaining and cross-repo improvements, adding powerful new composition primitives while shipping a broad round of bug fixes and quality improvements.

✨ What's New

• call-workflow safe output for workflow_call chaining (#20806) — Workflows can now emit a call-workflow safe output to chain into other workflows, enabling modular, reusable workflow pipelines.

• checkout: false support for agent jobs (#20844) — Disable automatic repository checkout in agent jobs when it's not needed, reducing startup time and improving security posture.

• preserve-branch-name for create-pull-request (#20788) — The create-pull-request safe output now supports a preserve-branch-name option, giving you control over branch naming in automated PR workflows.

• scope for skip-if-no-match / skip-if-match (#20803) — Activation filters now support a scope field for finer-grained control. github-token and github-app have also been promoted to top-level on: configuration, along with a new shared/activation-app.md shared workflow.

• Unrestricted discussion creation (#20845) — The announcement-capable category restriction for discussion creation has been removed, allowing agents to create discussions in any category.

🐛 Bug Fixes & Improvements

• Guard policy rendering fixed for repos="all" and repos="public" (#20764) — Guard policies now render correctly for broad repository scopes.

• Improved compiler error messages (#20755) — Compilation errors now include better hints, deduplication, position info, YAML translations, and schema hints — making it significantly easier to diagnose workflow issues.

• Cross-repo dispatch-workflow uses caller's GITHUB_REF (#20790) — Fixed an issue where cross-repo dispatched workflows were using the wrong ref, ensuring the caller's branch is preserved.

• Pagination bug in update-project resolved (#20778) — Field fetching was capped at 20 results; projects with more fields now work correctly.

• qmd MCP server startup fixed (#20840) — The qmd MCP server now registers collections before starting, resolving an empty tools list issue on first use.

• Relay activation checkout preserves callee workflow ref (#20714) — Caller-hosted relay workflows now correctly preserve the callee workflow ref and fix checkout behavior for cross-repo relays.

• GitHub App token fallback in workflow_call relays (#20825) — Fixed incorrect use of owner/repo slug (should be repo name only) in the GitHub App token fallback path.

📚 Documentation

• Updated reference documentation for the api-target engine field (#20765)
• Updated docs for new features shipped in this cycle (#20856, #20812)
• Added release process documentation to CONTRIBUTING.md (#20800)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Fix guard-policy rendering for repos="all" and repos="public" by @claude in #20764
• [docs] Update documentation for engine api-target field from 2026-03-13 by @github-actions[bot] in #20765
• refactor(cli): extract shared field-removal codemod factory to eliminate scaffold duplication by @Copilot in #20763
• fix: improve compiler error message quality (hints, dedup, position, YAML translations, schema hints) by @Copilot in #20755
• fix: preserve callee workflow ref in caller-hosted relay activation checkout and fix Checkout actions folder for cross-repo relays by @Copilot in #20714
• refactor: Semantic function clustering — move validation to proper files, remove wrappers, generify duplicate-ID checks by @Copilot in #20756
• Upgrade gh-aw-firewall default to v0.24.1 by @Copilot in #20767
• Move sync_actions instructions to push_tag so they appear before the environment gate by @Copilot in #20774
• Fix pagination bug in update-project field fetching (hard limit of 20) by @Copilot in #20778
• Use runtime ${{ github.action_ref }} for dev-mode "Checkout actions folder" step by @Copilot in #20775
• Add "action" mode for github/gh-aw-actions external actions repo by @Copilot in #20776
• Fix missing target-repo/allowed-repos in submit-pull-request-review schema by @Copilot in #20789
• fix: restore repository: github/gh-aw in dev mode checkout step by @Copilot in #20791
• fix: cross-repo dispatch-workflow uses caller's GITHUB_REF instead of target repo's ref by @Copilot in #20790
• docs: add release process to CONTRIBUTING.md by @Copilot in #20800
• fix: resolve 4 CLI help text consistency issues by @Copilot in #20805
• feat: add preserve-branch-name option to create-pull-request safe output by @Copilot in #20788
• Add shared MCP workflow for qmd-docs indexing by @Copilot in #20792
• [docs] Update documentation for features from 2026-03-13 by @github-actions[bot] in #20812
• fix: update TestGetActionPinsSorting expected count from 31 to 34 (#23057948566) by @Copilot in #20824
• [dead-code] chore: remove dead functions — 5 functions removed by @github-actions[bot] in #20835
• [file-diet] Refactor pkg/workflow/mcp_renderer.go (1053 lines) into focused modules by @Copilot in #20804
• feat: add scope to skip-if-no-match / skip-if-match; move github-token and github-app to top-level on:; add shared/activation-app.md by @Copilot in #20803
• fix: use repo name (not owner/repo slug) for GitHub App token fallback in workflow_call relays by @Copilot in #20825
• fix: ensure qmd MCP server registers collections before start to fix empty tools list by @Copilot in #20840
• [code-simplifier] refactor: simplify targetRepoName extraction in resolve_host_repo.cjs (#20825) by @github-actions[bot] in #20839
• feat: add call-workflow safe output for workflow_call chaining by @Copilot in #20806
• Remove announcement-capable category restriction for discussion creation by @Copilot in #20845
• [log] Add debug logging to 5 files across workflow, parser, and cli packages by @github-actions[bot] in #20850
• Add checkout: false support to disable agent job repository checkout by @Copilot in #20844
• chore(deps): bump undici from 6.23.0 to 6.24.0 in /actions/setup/js in the npm_and_yarn group across 1 directory by @dependabot[bot] in #20853
• Configure smoke-agent workflow with GitHub guard policies for public repos by @claude in #20830
• [docs] Update documentation for features from 2026-03-13 by @github-actions[bot] in #20856
• Update qmd-docs.md to use mcp-scripts instead of MCP server by @Copilot in #20847

Full Changelog: v0.58.0...v0.58.1