gh-aw 0.31.3

🌟 Release Highlights

This release delivers key improvements to workflow organization, developer experience, and CLI usability with support for importing safe-outputs, enhanced status commands, and streamlined script management.

✨ What's New

Import Safe-Outputs from Shared Workflows
Share safe-output configurations across multiple workflows using the imports: field. Define common settings (issue templates, label sets, GitHub tokens) once and reuse them everywhere. Includes conflict detection to ensure configuration consistency. Learn more about imports

Enhanced Status and Logs Commands
The gh aw status command now accepts --ref for checking workflow status on specific branches or tags. Similarly, gh aw logs has been updated with --ref (replacing --branch) for consistent terminology across the CLI.

Custom Job Outputs Support
Custom jobs in workflows can now define outputs that are accessible to downstream jobs, enabling more sophisticated multi-job workflow patterns.

🐛 Bug Fixes & Improvements

• Firewall Log Parser: Fixed bug where blocked requests were incorrectly skipped during parsing, ensuring accurate network traffic analysis
• AWF Container: Container working directory now properly set to GITHUB_WORKSPACE, improving path resolution in containerized workflows
• AI Triage Campaign: Corrected project URL handling in campaign workflows
• Script Registry: Eliminated 27 redundant sync.Once patterns, simplifying the internal script loading architecture

📚 Documentation

• Tokens Reference: Streamlined documentation with 62% reduction in content while maintaining accuracy and clarity

---

For complete details, see CHANGELOG.

AI generated by Release

---

What's Changed

• fix: update project URL handling in AI triage campaign workflow by @mnkiefer in #4774
• Refactor awf command in workflows to set container working directory to GITHUB_WORKSPACE by @Mossaka in #4767
• Add support for importing safe-outputs from shared agentic workflows by @Copilot in #4761
• Refactor script registry pattern - eliminate 27 sync.Once patterns by @Copilot in #4768
• fix: firewall log parser incorrectly skipping blocked requests by @Mossaka in #4781
• Add --ref flag to gh aw status and rename --branch to --ref in gh aw logs by @Copilot in #4776
• [docs] docs: unbloat tokens.md reference (62% reduction) by @github-actions[bot] in #4785
• Merge release.yml with release-highlights.md and add outputs support for custom jobs by @Copilot in #4778

Full Changelog: v0.31.2...v0.31.3

gh-aw 0.31.2

🌟 Release Highlights

This release enhances the AI agent development experience with smarter tool selection, improved Docker image handling, and better workflow execution. Key improvements focus on making MCP tools more intuitive and fixing several workflow execution issues.

✨ What's New

🤖 Smarter MCP Tool Selection
MCP safe output tools now have significantly enhanced descriptions to help AI agents choose the correct tool when multiple options exist. Clear differentiation between similar tools (create_issue vs create_discussion, add_comment vs create_pull_request_review_comment) results in more accurate tool selection. #4729

📦 Intelligent Docker Image Management
The MCP compile tool now handles Docker image downloads automatically for security scanners (zizmor, poutine, actionlint). When images aren't available locally, downloads start in the background with clear retry guidance, eliminating manual image preparation. #4724

📚 GitHub Tokens Documentation
New comprehensive reference documentation clarifies GitHub token management, authentication flows, and token precedence across different contexts. Learn more #4762

🐛 Key Bug Fixes

• Fixed update_release tool invocation: Release highlights workflow now correctly invokes the MCP tool using JavaScript function call syntax #4728
• Fixed workspace expansion: GITHUB_WORKSPACE variable now expands properly in Copilot CLI --add-dir arguments #4752
• Enhanced agent token handling: GraphQL calls now properly use GH_AW_AGENT_TOKEN for assign-to-agent functionality #4765
• Improved workflow execution: gh aw run command now launches workflows in the current branch instead of always using main #4756

🔧 Developer Experience

• Organized prompt files: All embedded prompts moved to prompts/ folder with compact XML tags for easier maintenance #4753
• Better documentation anchors: Safe output types table now includes anchor links for easier navigation #4739
• Enhanced debug logging: Added comprehensive logging to core workflow files #4742

📦 Dependency Updates

• Sentry MCP Server: 0.23.0 → 0.23.1 #4725
• Claude Code: 2.0.51 → 2.0.53 #4759
• Playwright MCP: 0.0.47 → 0.0.48 #4759

---

For complete details, see the CHANGELOG.

AI generated by Release Highlights Generator

---

🌟 Release Highlights

This maintenance release brings important improvements to MCP tool interactions, workflow execution, and developer experience, along with several bug fixes and documentation enhancements.

✨ What's New

🔧 Smarter MCP Tool Selection
The MCP safe output tools now have significantly improved descriptions to help AI agents choose the right tool for the job. Clear differentiation between similar tools (like create_issue vs create_discussion, or add_comment vs create_pull_request_review_comment) means more accurate tool selection and better workflow outcomes. #4729

📦 Docker Image Management for Security Scanners
The MCP compile tool now intelligently handles Docker image downloads for security scanners (zizmor, poutine, actionlint). When images aren't locally available, downloads start automatically in the background with clear retry guidance for AI agents. #4724

📚 Comprehensive GitHub Tokens Documentation
New reference documentation provides clear guidance on GitHub token management, authentication flows, and token precedence across different tools and contexts. Learn more #4762

📂 Organized Prompt Files
All embedded prompt files have been organized into a dedicated prompts/ folder with more compact XML tags, making the codebase cleaner and prompts easier to maintain. #4753

🐛 Bug Fixes & Improvements

• Fixed update_release tool invocation: The release highlights workflow now uses the correct JavaScript function call syntax for MCP tool invocation, ensuring release notes are properly updated #4728
• Fixed workspace expansion: GITHUB_WORKSPACE variable now expands correctly in Copilot CLI --add-dir arguments #4752
• Improved agent token management: Direct GraphQL calls now properly use GH_AW_AGENT_TOKEN for assign-to-agent functionality #4765
• Enhanced workflow execution: The run command now launches workflows in the current branch instead of always using main #4756

📦 Dependency Updates

• Sentry MCP Server: Upgraded from 0.23.0 to 0.23.1 #4725
• Claude Code: Updated from 2.0.51 to 2.0.53 #4759
• Playwright MCP: Updated from 0.0.47 to 0.0.48 #4759

🎨 Workflow Improvements

Several example workflows and internal workflows received updates:

• Refactored AI triage campaign for improved clarity #4741
• Added GitHub MCP structural analysis workflow #4748
• Added daily-fact workflow for project discussions #4751
• Enhanced debug logging across core workflow files #4742

---

For complete details, see CHANGELOG.

AI generated by Release Highlights Generator

---

What's Changed

• Upgrade @sentry/mcp-server to 0.23.1 by @Copilot in #4725
• [WIP] Fix update_release not being called in agentic workflow by @Copilot in #4728
• Add docker image download handling for MCP compile tool by @Copilot in #4724
• fix: update agent token management for assign-to-agent by @mnkiefer in #4735
• chore: update ai triage campaign by @mnkiefer in #4740
• Add anchor links to Available Safe Output Types table by @Copilot in #4739
• [log] Add debug logging to 5 core workflow files by @github-actions[bot] in #4742
• Improve MCP safe output tool descriptions for better AI tool selection by @Copilot in #4729
• Refactor AI triage campaign workflow for clarity and conciseness by @Copilot in #4741
• Add GitHub MCP structural analysis workflow by @Copilot in #4748
• [WIP] Restore main safe output prompt using safe output tools by @Copilot in #4730
• Organize embedded prompt files in prompts/ folder and compact XML tags by @Copilot in #4753
• Add daily-fact workflow to post random facts about the project to a discussion by @Copilot in #4751
• Fix GITHUB_WORKSPACE variable expansion in Copilot CLI --add-dir argument by @Copilot in #4752
• Update run command to launch workflow in current branch by @Copilot in #4756
• Update CLI tools: Claude Code 2.0.51 → 2.0.53, Playwright MCP 0.0.47 → 0.0.48 by @Copilot in #4759
• Add comprehensive GitHub tokens reference documentation by @Copilot in #4762
• refactor: simplify dev workflow for testing agent assigment by @mnkiefer in #4755
• [WIP] Update daily facts to use codex engine by @Copilot in #4764
• fix: use direct graphql call with GH_AW_AGENT_TOKEN by @mnkiefer in #4765
• [tidy] Format assign_to_agent.cjs with Prettier by @github-actions[bot] in #4773

Full Changelog: v0.31.1...v0.31.2

gh-aw 0.31.1

🌟 Release Highlights

This maintenance release focuses on Agent Workspace Firewall (AWF) compatibility improvements and workflow prompt optimizations, building on the strict mode changes from v0.31.0.

🐛 Bug Fixes & Improvements

AWF Workspace Access - Fixed Agent Workspace Firewall mount mode from read-only to read-write, resolving issues with agents that need to modify workspace files during execution (#4710 by @Mossaka)

Prompt Loading Performance - Optimized prompt file loading to improve workflow initialization times

Command Help Text - Fixed typo in gh aw mcp inspect help text for better CLI usability

Template Expansion - Improved template processing to remove empty lines when conditional blocks are removed, resulting in cleaner generated workflows (#4716)

✨ New Capabilities

Campaign Agent Assignment - Added assign-to-agent safe output for assigning Copilot coding agent to issues programmatically, enabling automated issue delegation workflows (Learn more) (#4415 by @mnkiefer)

Temporary Issue IDs - Create-issue safe output now supports temporary IDs for tracking multiple issues created in a single workflow run (#4698)

Release Context - Added release ID context to workflows for better release automation scenarios (#4713)

📚 Documentation

• Unbloated threat detection guide (28% reduction) for improved readability (#4705)
• Documented temporary IDs and GitHub tool lockdown mode (#4722)
• Enhanced quick start button visibility (#4631)
• Added conventional commits guidance for AI agents (#4632)

🔧 Internal Improvements

• Updated Claude Code CLI to version 2.0.51 (#4703)
• Upgraded @sentry/mcp-server to 0.23.0 (security update) (#4624)
• Removed deprecated shellcheck comment generation (#4718)
• Cleaned up safe-outputs prompt section generation (#4719)
• Added weekly cleanup for stale bot-created discussions (#4627)
• Updated GitHub MCP toolsets mapping (#4635)
• Improved workflow prompt clarity for PR creation (#4626)

---

Note: If you're upgrading from v0.30.x, remember that strict mode is now enabled by default as of v0.31.0. Review the v0.31.0 release notes for migration guidance.

For complete details, see the CHANGELOG.

AI generated by Release Highlights Generator

---

What's Changed

• [docs] docs: unbloat threat-detection guide (28% reduction) by @github-actions[bot] in #4705
• Update Claude Code CLI version from 2.0.50 to 2.0.51 by @Copilot in #4703
• Update Issue Monster to bundle issues and create PRs by @Copilot in #4702
• Add temporary ID support for create_issue safe output by @Copilot in #4698
• awf: change the mount mode from ro to rw by @Mossaka in #4710
• Add Release ID context to various workflows and update documentation by @pelikhan in #4713
• Remove generateSafeOutputsPromptSection and wrap system prompts in XML tags by @Copilot in #4719
• Remove generation of shellcheck comment in shell steps by @Copilot in #4718
• Fix template expansion to remove empty lines when conditional blocks are removed by @Copilot in #4716
• Convert Issue Triage Agent to agentic workflow by @Copilot in #4717
• [docs] Document temporary IDs for issue creation and lockdown mode for GitHub tool by @github-actions[bot] in #4722

Full Changelog: v0.31.0...v0.31.1

gh-aw 0.30.5

🌟 Release Highlights

This release brings significant architectural improvements that make gh-aw more reliable and maintainable! We've focused on refactoring internal systems, enhancing the MCP server, and fixing critical bugs in safe outputs.

✨ What's New

• Built-in Serena MCP Support: Added native language service integration for improved code intelligence and Go configuration options, making it easier to work with advanced language features.

• Enhanced skip-if-match Flexibility: The skip-if-match frontmatter field now supports an object format with a max threshold parameter, allowing you to express conditions like "skip if 3 PRs match this request" instead of just 1. Learn more

  # Before: implicitly max = 1
  skip-if-match: "is:pr label:bug"
  
  # Now: control the threshold
  skip-if-match:
    query: "is:pr label:bug"
    max: 3  # skip if 3+ matching PRs exist

🔧 Internal Improvements & Refactoring

• Patch Generation Moved to MCP Server: Git patch generation has been refactored from a dedicated workflow step into the safe-outputs MCP server. This provides immediate error feedback when no changes exist, rather than discovering it later in processing jobs—making debugging much faster!

• Safe Output Validation Consolidation: Centralized configuration defaults and eliminated ~120 lines of duplicated validation code by extracting shared helpers. This improves maintainability and reduces the risk of inconsistencies across safe output handlers.

• MCP Server Utility Extraction: Refactored the monolithic safe_outputs_mcp_server.cjs by extracting 7 utility functions into separate, well-tested modules with automatic bundling. Added 50 comprehensive unit tests and detailed size logging for better observability.

🐛 Bug Fixes

• Fixed App-Token Step Ordering: Resolved a critical issue where safe output jobs using GitHub App authentication referenced the app token before it was generated. Six affected job builders now correctly use buildSafeOutputJob to ensure proper step ordering.

• Clarified update_release Tag Requirement: Updated MCP tool descriptions and workflow documentation to make it crystal clear that the tag field is required and cannot be automatically inferred when workflows are triggered manually via workflow_dispatch.

📚 Documentation

All reference documentation has been updated to reflect the new skip-if-match object format and improved safe output patterns.

🙏 Contributors

Special thanks to the Copilot coding agent for the high-quality automated contributions that made this release possible!

---

For a complete list of changes, see the full changelog.

AI generated by Release Highlights Generator

---

What's Changed

• Fix update_release tag requirement clarity in MCP tool and workflow by @Copilot in #4553
• Fix app-token step ordering in safe output jobs by @Copilot in #4550
• [log] Add debug logging to CLI and workflow packages by @github-actions[bot] in #4555
• Add object format to skip-if-match with max threshold parameter by @Copilot in #4547
• Add close-issue safe output for automated issue cleanup by @Copilot in #4554
• Update Dependabot workflow: change title prefix to [deps] and add automatic issue cleanup by @Copilot in #4560
• Add compilation process reference documentation by @Copilot in #4563
• Add add-reviewer safe output for automated PR reviewer management by @Copilot in #4564
• Update CLI versions: Claude Code 2.0.50, Codex 0.63.0 by @Copilot in #4567
• Add mermaid rendering to Astro with Playwright validation by @Copilot in #4566
• [docs] docs: reduce bloat in compilation-process.md (78% reduction) by @github-actions[bot] in #4573
• Refactor patch generation from workflow step to MCP server by @Copilot in #4570
• Refactor duplicate JSON/JSONL parsing logic into shared utility by @Copilot in #4574
• Extract duplicate safe-output validation logic into shared helpers by @Copilot in #4575
• Add close-pull-request safe output with filtering by @Copilot in #4568
• [docs] Update documentation for new safe output types from Nov 22-23 by @github-actions[bot] in #4583
• [instructions] Sync github-agentic-workflows.instructions.md with v0.30.4 by @github-actions[bot] in #4587
• [log] Add debug logging to CLI components by @github-actions[bot] in #4592
• [docs] Update dictation prompt instructions by @github-actions[bot] in #4582
• [tidy] Update documentation: Add close-pull-request safe output documentation by @github-actions[bot] in #4594
• Refactor safe output validation: centralize config defaults and eliminate hardcoded values from MCP server scripts by @Copilot in #4576
• [cloclo] Refactor: Extract shared helper for parsing participants (assignees/reviewers) by @github-actions[bot] in #4604
• Allow command triggers with label-only issues/PR events by @Copilot in #4602
• Add daily malicious code scan workflow with code-scanning alerts by @Copilot in #4612
• [tidy] Fix trailing whitespace in JavaScript files by @github-actions[bot] in #4611
• Add built-in Serena MCP support with language service integration and Go configuration options by @Copilot in #4610
• Fix PR branch checkout step failing with missing GH_TOKEN by @Copilot in #4609
• Remove shared Serena workflow, use tools: serena frontmatter instead by @Copilot in #4613
• Disable threat detection on daily malicious code scan workflow by @Copilot in #4617
• Add github.workspace to GitHub context prompt by @Copilot in #4618
• Remove bloat from CLI commands documentation by @Copilot in #4620
• Refactor safe_outputs_mcp_server.cjs: Extract utility functions with bundling and size logging by @Copilot in #4601
• Update create-issue and create-discussion tool descriptions to clarify title/body relationship by @Copilot in #4622

Full Changelog: v0.30.4...v0.30.5

gh-aw 0.30.4

🌟 Release Highlights

We're pleased to announce v0.30.4, a maintenance release focused on security hardening and quality improvements!

🔒 Security Enhancements

• Integer Conversion Safety: Fixed potential security issues with bounds checking in ParsePRURL and other integer conversion operations. These improvements prevent potential overflow vulnerabilities when processing GitHub URLs and numeric data.

🐛 Bug Fixes & Improvements

• ASCII Art Alignment: Fixed alignment issues by properly preserving per-line leading spaces in formatted output
• Test Reliability: Updated test expectations for network hook script format to ensure consistent validation
• Code Quality: Removed trailing whitespace throughout the codebase for cleaner formatting
• Workflow Verification: Added verification step to copilot-setup-steps.yml injection for improved workflow reliability

🙏 Contributors

Special thanks to @Copilot, @pelikhan, and @github-actions[bot] for their contributions to this release!

---

For a complete list of changes, see the full changelog.

AI generated by Release Highlights Generator

---

What's Changed

• Add verification step to copilot-setup-steps.yml injection by @Copilot in #4534
• Fix ASCII art alignment by preserving per-line leading spaces by @Copilot in #4537
• [security-fix] Security Fix: Add bounds checking for integer conversion in ParsePRURL by @github-actions[bot] in #4536
• Fix test expectations for network hook script format by @Copilot in #4538
• [tidy] Fix code formatting: remove trailing whitespace by @github-actions[bot] in #4540
• Potential fix for code scanning alert no. 36: Incorrect conversion between integer types by @pelikhan in #4541

Full Changelog: v0.30.3...v0.30.4

gh-aw 0.30.2

🌟 Release Highlights

We're excited to announce v0.30.2 with substantial improvements to workflow debugging, documentation quality, and patch generation reliability!

✨ What's New

• Debug Agent for Workflow Troubleshooting: A new custom agent (debug-agentic-workflow) is now bundled with gh-aw to help you diagnose and fix workflow issues quickly. Learn more about custom agents

• Enhanced Audit Command: The gh aw audit command now includes:

  • Agent-optimized structured output for better LLM parsing
  • File listings with descriptions and relative paths
  • Helpful suggestion to use gh aw audit in run command output
  • Makes workflow introspection much easier for AI agents

• GitHub App Token Support: Safe outputs now support GitHub App token minting, enabling more secure and flexible authentication patterns

• Close Discussion Safe Output: New safe output type allows agents to close discussions with comments and resolution categories

• Simplified Trending Charts Workflow: Added a new shared workflow for generating trending charts with less complexity

🐛 Bug Fixes & Improvements

• Fixed Patch Generation: Commits made directly to the current branch during workflow execution are now properly captured in patch files (fixes issue where patches only captured commits from explicitly named branches)

• Custom Engine Validation: Fixed validateEngine to correctly accept 'custom' engine as documented

• Permission Fixes: Corrected push_to_pull_request_branch job permissions for comment updates

• Workflow Setup: Fixed runtime setup steps being incorrectly inserted before checkout in custom steps

📚 Documentation

Major documentation improvements to help you get started faster and understand the system better:

• Enhanced Quick Start Guide: Added prominent prerequisites checklist, "Why Compile?" explanation, and glossary navigation
• CLI Documentation Improvements:
  • Added "Most Common Commands" section
  • Organized commands into groups for better discoverability
  • Fixed references to non-existent commands
  • Standardized flag descriptions
• New Strategy Guide: Added ResearchPlanAssign strategy documentation
• Reduced Bloat: Streamlined MCP guide (41% reduction) and error reference docs
• Inline Definitions: Technical terms now include definitions on first use
• Fixed Broken Links: Resolved documentation link issues in troubleshooting pages

🔧 Developer Experience

• ASCII Logo in Compiled Workflows: Compiled workflows now include an ASCII logo and original prompt in headers for better attribution
• Improved Logging: Added extensive debug logging to workflow configuration, validation, and patch generation
• Better CLI Help: Commands are now organized into logical groups for easier navigation
• Consolidated Dependency Updates: Dependency update issues are now grouped into single consolidated issues
• Code Quality: Refactored duplicate log parser code into shared module, extracted permission validation utilities

🔄 Configuration Changes

• Renamed Field: The campaign frontmatter field has been renamed to tracker-id for clarity (backwards compatible during transition)
• Updated CLI Versions: Claude Code updated to 2.0.47, Codex to 0.60.1
• Workflow Security: Replaced ${{ '' }} with "" to eliminate zizmor obfuscation warnings

📦 Dependencies

• Updated github.com/Masterminds/semver/v3 from v3.3.0 to v3.4.0

🙏 Thank You

This release includes 54 pull requests from our team and automated workflows, reflecting our commitment to continuous improvement and quality. Special thanks to everyone who contributed feedback and reported issues!

---

For a complete list of changes, see the full changelog.

AI generated by Release Highlights Generator

---

What's Changed

• Refactor: Extract duplicate log parser markdown generation to shared module by @Copilot in #4363
• [tidy] Fix formatting in bundler.go by @github-actions[bot] in #4369
• Mark Claude and Codex engines as experimental by @Copilot in #4368
• [docs] Update documentation for features from 2025-11-20 by @github-actions[bot] in #4375
• Fix broken documentation links in troubleshooting and how-it-works pages by @Copilot in #4374
• Rename frontmatter field campaign to tracker-id by @Copilot in #4289
• [log] Add debug logging to workflow configuration and validation files by @github-actions[bot] in #4383
• Add glossary navigation and link key terms from Quick Start by @Copilot in #4395
• Add "Why Compile?" explanation to Quick Start guide by @Copilot in #4394
• Fix runtime setup steps inserted before checkout in custom steps by @Copilot in #4388
• Replace ${{ '' }} with "" in activation job outputs to eliminate zizmor obfuscation warnings by @Copilot in #4398
• [docs] docs: unbloat MCP guide - 41% reduction by @github-actions[bot] in #4403
• Assign command groups to organize CLI help output by @Copilot in #4400
• Update CLI versions: Claude Code 2.0.47, Codex 0.60.1 by @Copilot in #4399
• Reorganize helper functions: move MCP rendering to mcp_renderer.go and rename gh_helper to github_cli by @Copilot in #4405
• Standardize CLI flag descriptions across commands by @Copilot in #4404
• Add prominent Prerequisites checklist to Quick Start by @Copilot in #4401
• [tidy] Format code: align struct fields and remove trailing whitespace by @github-actions[bot] in #4408
• [tidy] Fix formatting in command_groups_test.go by @github-actions[bot] in #4410
• Add tracker-id to daily workflows by @Copilot in #4412
• Review and update GitHub agentic workflows instruction files by @Copilot in #4414
• Add warning logs for float-to-int truncation by @Copilot in #4425
• [WIP] Fix aw.patch generation logic to handle local commits by @Copilot in #4409
• Fix push_to_pull_request_branch job permissions for comment updates by @Copilot in #4431
• Add noop message parsing to logs and audit commands by @Copilot in #4428
• Add safe output type to close discussion with comment and resolution by @Copilot in #4411
• [tidy] Fix trailing whitespace in close_discussion.go by @github-actions[bot] in #4438
• Fix trailing whitespace in close_discussion.go by @Copilot in #4437
• [docs] docs: remove bloat from error reference documentation by @github-actions[bot] in #4441
• Add audit command suggestion to run command output by @Copilot in #4445
• Refactor: Extract duplicate permission validation to shared utility by @Copilot in #4439
• Add debug-agentic-workflow custom agent for workflow troubleshooting by @Copilot in #4449
• Add --progress flag to run command for agent CLI keepalive by @Copilot in #4450
• [docs] Update documentation for features from 2025-11-21 by @github-actions[bot] in #4451
• [log] Add debug logging to 5 files for improved troubleshooting by @github-actions[bot] in #4468
• Remove unused --progress flag from run command by @Copilot in #4452
• [instructions] Sync github-agentic-workflows.instructions.md with release v0.30.1 by @github-actions[bot] in #4456
• Add file listing with descriptions and relative paths to audit command output by @Copilot in #4453
• [tidy] Fix code formatting and update documentation by @github-actions[bot] in #4474
• Group safe patch dependency updates into single consolidated issue by @Copilot in #4472
• Update github.com/Masterminds/semver/v3 from v3.3.0 to v3.4.0 by @Copilot in #4469
• Bundle debug-agentic-workflow.md agent file on init by @Copilot in #4475
• docs: remove non-existent --progress flag from run command by @Copilot in #4482
• Fix inconsistent workflow name casing in run command example by @Copilot in #4483
• Add agent-optimized structured output to audit command by @Copilot in #4476
• Fix inconsistent workflow name casing in remove command example by @Copilot in #4486
• Fix CLI documentation: Remove references to non-existent pr subcommands by @Copilot in #4485
• Add ResearchPlanAssign strategy documentation b...

gh-aw 0.30.1

What's Changed

• Refactor: Extract common template sync logic to eliminate 80 lines of duplication by @Copilot in #4256
• [log] Add debug logging to 5 core files for better troubleshooting by @github-actions[bot] in #4277
• Add MCP integration tests with JSON validation for all server tools by @Copilot in #4268
• Add MCP tools JSON schema validation test by @Copilot in #4282
• Add skip-if-match field for conditional workflow execution based on GitHub search queries by @Copilot in #4287
• chore: add projectops docs by @mnkiefer in #4294
• Fix pr transfer command documentation inconsistency by @Copilot in #4292
• Add Playwright and Playwright MCP version checking to cli-version-checker workflow by @Copilot in #4293
• Add tools.json update step to safe output type custom agent instructions by @Copilot in #4297
• Add noop safe output for transparent workflow completion by @Copilot in #4286
• Update CLI tool versions: Claude Code 2.0.44, GitHub MCP Server v0.21.0 by @Copilot in #4291
• Display complete tool list in parse log step summary by @Copilot in #4303
• Fix lint errors by wiring up noop safe output job by @Copilot in #4301
• Rename "Status" documentation page to "Labs" by @Copilot in #4304
• Add update-release safe output for modifying GitHub release descriptions by @Copilot in #4278
• [tidy] Remove trailing whitespace from JavaScript files by @github-actions[bot] in #4310
• [docs] Update documentation for features from 2025-11-19 by @github-actions[bot] in #4317
• Apply bundler to noop.cjs to resolve load_agent_output dependency by @Copilot in #4311
• Move noop processing step from separate job into conclusion job by @Copilot in #4318
• [log] Enhance debug logging in engine and workflow processing files by @github-actions[bot] in #4328
• Define jargon terms on first use in documentation by @Copilot in #4331
• Rename "Status" to "Labs" in docs navigation menu by @Copilot in #4348
• Remove tracked test artifacts and ignore *.tmp files by @Copilot in #4337
• Add glossary maintainer workflow with daily incremental and weekly full scans by @Copilot in #4336
• Fix undefined activation job outputs causing actionlint and schema validation errors by @Copilot in #4332
• Update schema to accept polymorphic types for category and version fields by @Copilot in #4333
• Update codeql-action/upload-sarif SHA for v3 tag by @Copilot in #4350
• Exclude fuzz tests from regular test runs in CI by @Copilot in #4351
• Split expressions.go into focused files (nodes, builder, parser) by @Copilot in #4354
• Display detailed diagnostics for MCP server startup failures in Claude logs by @Copilot in #4356
• Add live server integration test for Playwright MCP inspect command by @Copilot in #4353
• Update smoke test workflows to use add-comment and add comprehensive capability testing by @Copilot in #4352
• Extract MCP initialization and errors in Codex log parser by @Copilot in #4358
• Fix Playwright MCP integration: update --allowed-origins to --allowed-hosts by @Copilot in #4359
• Optimize integration tests by splitting into 5 parallel jobs by @Copilot in #4361
• chore(deps): bump astro from 5.15.6 to 5.15.9 in /docs by @dependabot[bot] in #4360
• Add assign-milestone safe output type by @Copilot in #4334
• Fix test isolation in collect_ndjson_output.test.cjs by @Copilot in #4365

Full Changelog: v0.30.0...v0.30.1

gh-aw 0.30.0

What's Changed

• 👨‍💻 Add workflow description extraction feature by @dsyme in #4008
• 🤖 Optimize workflow disabling in trial command by @dsyme in #4009
• [docs] Consolidate developer specifications: Add template injection diagrams by @github-actions[bot] in #4012
• [WIP] Implement 'Did You Mean' suggestions for schema validation by @Copilot in #3999
• Standardize MCP command arguments to workflow-id-or-file by @Copilot in #4014
• Add actionable hints to strict mode validation errors by @Copilot in #4013
• Add role validation for workflow_run triggers to prevent privilege escalation by @Copilot in #4015
• [docs] Update documentation for features from November 15, 2025 by @github-actions[bot] in #4016
• Document max-turns engine compatibility in schema by @Copilot in #4031
• Document max parameter limitation for create-pull-request safe-output by @Copilot in #4032
• [log] Add debug logging to 5 additional Go files by @github-actions[bot] in #4037
• Fix timeout-minutes schema documentation: 20 minutes, not 15 by @Copilot in #4030
• Standardize validation error messages with format examples by @Copilot in #4017
• Add /cloclo command workflow with Claude engine and MCP integrations by @Copilot in #4003
• Add unified MCPConfigRenderer to eliminate duplication across engines by @Copilot in #4023
• [tidy] Fix Go code formatting in Tools struct by @github-actions[bot] in #4044
• Fix control characters in compiled workflows from backslash sequences in bash commands by @Copilot in #4038
• Add daily-file-diet workflow for automated Go file refactoring analysis by @Copilot in #4040
• [tidy] Fix Go formatting in shell_backslash_integration_test.go by @github-actions[bot] in #4055
• Investigation: Error reference documentation already exists and exceeds requirements by @Copilot in #4042
• Simplify cloclo workflow name and add concurrency control by @Copilot in #4054
• Add type information to validation errors using %T by @Copilot in #4056
• Refactor ClaudeEngine to use unified MCPConfigRenderer by @Copilot in #4043
• Standardize CLI error/warning messages to use console formatting helpers by @Copilot in #4057
• Refactor frontmatter.go: Extract 4 focused modules (39% size reduction) by @Copilot in #4059
• Update Claude Code CLI to v2.0.42 by @Copilot in #4066
• Refactor CodexEngine and CustomEngine to use unified MCPConfigRenderer by @Copilot in #4063
• Add concrete examples to repository format validation errors by @Copilot in #4068
• Improve MCP configuration error messages with YAML examples and type information by @Copilot in #4067
• [WIP] Refactor CopilotEngine to use unified MCPConfigRenderer by @Copilot in #4062
• Fix compiler to emit runtime steps before imported steps and deduplicate with field preservation by @Copilot in #4060
• Prevent workflow_run triggers from executing in forked repositories by @Copilot in #4070
• Add inline examples to schema validation errors by @Copilot in #4080
• Enhance engine validation error messages with examples and valid options by @Copilot in #4077
• Improve MCP configuration error messages with complete YAML examples by @Copilot in #4079
• Add automated error message quality linter by @Copilot in #4078
• Remove redundant error wrappers in compiler validation by @Copilot in #4081
• Rename update_reaction job to conclusion and improve condition logic by @Copilot in #4083
• Improve runtime_setup.go error messages with context and examples by @Copilot in #4097
• Remove prescriptive examples from repository-quality-improver workflow to encourage creative focus area selection by @Copilot in #4087
• Pin Playwright to 1.56.1 and add NPM package update tracking by @Copilot in #4103
• Add daily documentation testing workflow with beginner perspective by @Copilot in #4088
• Refactor: Extract duplicate log metrics finalization logic by @Copilot in #4105
• Add update tool to MCP server by @Copilot in #4110
• [docs] Consolidate developer specifications - Add refactoring case study by @github-actions[bot] in #4116
• [docs] Update dictation prompt instructions by @github-actions[bot] in #4117
• [docs] Update documentation for features from 2025-11-16 by @github-actions[bot] in #4118
• feat: add campaign capability update-project by @mnkiefer in #3524
• [log] Add debug logging to workflow compiler components by @github-actions[bot] in #4123
• fix: update default project by @mnkiefer in #4125
• Optimize daily-team-status workflow with data pre-fetching and caching by @Copilot in #4126
• chore: update project URL fallback by @mnkiefer in #4131
• chore: disable scheduled trigger for AI Triage Campaign workflow by @mnkiefer in #4137
• Fix template injection vulnerabilities in cloclo workflow by @Copilot in #4140
• Update actions/github-script to v8 in dev and test-ollama workflows by @Copilot in #4141
• Add missing issues and pull-requests read permissions to docs-noob-tester workflow by @Copilot in #4139
• Configure Q workflow to skip PR creation when no changes exist by @Copilot in #4128
• Generate zizmor annotations for workflow_run triggers by @Copilot in #4129
• Use GitHub API for lock file timestamp checks instead of repository checkout by @Copilot in #4142
• [log] Add debug logging to CLI log parsing and analysis files by @github-actions[bot] in #4147
• Remove deprecated displayMissingToolsAnalysis function that didn't populate Display fields by @Copilot in #4146
• Extract DomainBuckets to eliminate duplicate accessor methods by @Copilot in #4150
• Add semantic types to constants for type safety and clarity by @Copilot in #4160
• Consolidate duplicate GitHub tools lists into shared constant by @Copilot in #4159
• Add unified ToolsConfig struct to replace map[string]any pattern by @Copilot in #4158
• Standardize interface{} to any syntax across codebase by @Copilot in #4161
• Remove obsolete MCP test cases for unimplemented features by @Copilot in #4176
• Fix CHANGELOG v0.21.0: discussion field is optional, not removed by @Copilot in #4179
• Standardize CLI workflow identifier terminology to workflow-id by @Copilot in #4210
• Fix help text formatting: remove dashes, align spacing consistently by @Copilot in #4204
• Migrate to local prettier installation using npm scripts by @Copilot in #4201
• Fix Playwright version confusion between MCP package and browser image by @Copilot in #4205
• Add Node.js 24+ requirement with Makefile validation by @Copilot in #4217
• Fix safe-output jobs failing on agent output parse errors by @Copilot in #4214
• Add deprecated field detection to strict mode validation by @Copilot in #4202
• Isolate test temp directories to prevent conflicts by @Copilot in #4203
• Update github.com/stretchr/testify from v1.8.1 to v1.11.1 by @Copilot in #4206
• chore(deps): bump glob and @vitest/coverage-v8 in /pkg/workflow/js by @dependabot[bot] in #4215
• Update github.com/modelcontextprotocol/go-sdk from v0.4.0 t...

gh-aw 0.29.1

This release brings important security improvements and enhanced offline capabilities. Key updates include an import cache system for offline workflow compilation with SHA-based storage, a critical fix for template injection vulnerability in the copilot-session-insights workflow, and a new --repo option for improved workflow management across repositories.

AI generated by Dev

---

What's Changed

• Add import cache for offline workflow compilation with SHA-based storage by @Copilot in #3981
• Fix template injection risk in copilot-session-insights workflow by @Copilot in #4001
• 🚀 Add --repo option to workflow management commands by @dsyme in #4007

Full Changelog: v0.29.0...v0.29.1

gh-aw 0.29.0

What's Changed

• Fix table CSS to span full width in documentation by @Copilot in #3908
• 🚀 Improve trial command with direct repository mode by @dsyme in #3914
• Refactor: Extract duplicate compilation loops into shared helper by @Copilot in #3911
• Remove hardcoded action pins lists from tests by @Copilot in #3922
• agentics copy by @pelikhan in #3924
• Add --dir flag to update command for custom workflow directories by @Copilot in #3925
• Add GitHub Copilot agent detection and specialized log parser to audit command by @Copilot in #3913
• [docs] Update CLI documentation for features from 2025-11-14 by @github-actions[bot] in #3930
• Add --dir flag and deprecate --workflows-dir in compile command by @Copilot in #3928
• [WIP] Update workflows and recompile scripts after update by @Copilot in #3929
• Migrate interactive workflow creation from add to new command by @Copilot in #3940
• [log] Enhance workflow and job management logging (session 4) by @github-actions[bot] in #3946
• Validate local modifications when workflow source is up-to-date by @Copilot in #3932
• Unify action_pins.json schema and sync generated cache to embedded data by @Copilot in #3933
• Revert changeset workflow to pull_request trigger (9e0ba6b) by @Copilot in #3948
• [WIP] Add helper to wrap 'gh' calls using Exec by @Copilot in #3952
• Organize CLI commands into logical groups in help text by @Copilot in #3935
• daily team status with imports by @pelikhan in #3938
• Add --no-stop-after and --stop-after flags to manage stop-after field in workflows by @Copilot in #3951
• Fix stop-after time preservation during workflow recompilation by @Copilot in #3950
• [tidy] Fix syntax errors in stop_after_test.go by @github-actions[bot] in #3967
• Sort action pins JSON entries alphabetically by key by @Copilot in #3974
• Clean up action cache files left behind by tests by @Copilot in #3976
• Add ghhelper package for consistent GH_TOKEN/GITHUB_TOKEN handling in gh CLI calls by @Copilot in #3977
• chore(deps): bump js-yaml from 4.1.0 to 4.1.1 in /docs by @dependabot[bot] in #3979
• Consolidate ghhelper into pkg/workflow and use go-gh/v2 by @Copilot in #3992
• Update CLI versions: Claude Code 2.0.37→2.0.41, Copilot CLI 0.0.355→0.0.358 by @Copilot in #3991
• Enable stop-time recomputation during workflow updates by @Copilot in #3993
• Add missing -e shorthand to logs command engine flag by @Copilot in #3996
• Extract shared utilities from log parsers to eliminate duplication by @Copilot in #3997
• Add missing permissions to workflows with GitHub toolsets by @Copilot in #3998
• Refactor: Extract shared helpers for safe output config parsing by @Copilot in #3995
• 🚦 Improve Workflow Polling and Signal Handling by @dsyme in #4002
• [WIP] Update permissions in ci-doctor.md for least privilege by @Copilot in #4000
• 🔧 Fix workflow disabling logic in trial command by @dsyme in #4004

Full Changelog: v0.28.7...v0.29.0