gh-aw 0.30.5

🌟 Release Highlights

This release brings significant architectural improvements that make gh-aw more reliable and maintainable! We've focused on refactoring internal systems, enhancing the MCP server, and fixing critical bugs in safe outputs.

✨ What's New

• Built-in Serena MCP Support: Added native language service integration for improved code intelligence and Go configuration options, making it easier to work with advanced language features.

• Enhanced skip-if-match Flexibility: The skip-if-match frontmatter field now supports an object format with a max threshold parameter, allowing you to express conditions like "skip if 3 PRs match this request" instead of just 1. Learn more

  # Before: implicitly max = 1
  skip-if-match: "is:pr label:bug"
  
  # Now: control the threshold
  skip-if-match:
    query: "is:pr label:bug"
    max: 3  # skip if 3+ matching PRs exist

🔧 Internal Improvements & Refactoring

• Patch Generation Moved to MCP Server: Git patch generation has been refactored from a dedicated workflow step into the safe-outputs MCP server. This provides immediate error feedback when no changes exist, rather than discovering it later in processing jobs—making debugging much faster!

• Safe Output Validation Consolidation: Centralized configuration defaults and eliminated ~120 lines of duplicated validation code by extracting shared helpers. This improves maintainability and reduces the risk of inconsistencies across safe output handlers.

• MCP Server Utility Extraction: Refactored the monolithic safe_outputs_mcp_server.cjs by extracting 7 utility functions into separate, well-tested modules with automatic bundling. Added 50 comprehensive unit tests and detailed size logging for better observability.

🐛 Bug Fixes

• Fixed App-Token Step Ordering: Resolved a critical issue where safe output jobs using GitHub App authentication referenced the app token before it was generated. Six affected job builders now correctly use buildSafeOutputJob to ensure proper step ordering.

• Clarified update_release Tag Requirement: Updated MCP tool descriptions and workflow documentation to make it crystal clear that the tag field is required and cannot be automatically inferred when workflows are triggered manually via workflow_dispatch.

📚 Documentation

All reference documentation has been updated to reflect the new skip-if-match object format and improved safe output patterns.

🙏 Contributors

Special thanks to the Copilot coding agent for the high-quality automated contributions that made this release possible!

---

For a complete list of changes, see the full changelog.

AI generated by Release Highlights Generator

---

What's Changed

• Fix update_release tag requirement clarity in MCP tool and workflow by @Copilot in #4553
• Fix app-token step ordering in safe output jobs by @Copilot in #4550
• [log] Add debug logging to CLI and workflow packages by @github-actions[bot] in #4555
• Add object format to skip-if-match with max threshold parameter by @Copilot in #4547
• Add close-issue safe output for automated issue cleanup by @Copilot in #4554
• Update Dependabot workflow: change title prefix to [deps] and add automatic issue cleanup by @Copilot in #4560
• Add compilation process reference documentation by @Copilot in #4563
• Add add-reviewer safe output for automated PR reviewer management by @Copilot in #4564
• Update CLI versions: Claude Code 2.0.50, Codex 0.63.0 by @Copilot in #4567
• Add mermaid rendering to Astro with Playwright validation by @Copilot in #4566
• [docs] docs: reduce bloat in compilation-process.md (78% reduction) by @github-actions[bot] in #4573
• Refactor patch generation from workflow step to MCP server by @Copilot in #4570
• Refactor duplicate JSON/JSONL parsing logic into shared utility by @Copilot in #4574
• Extract duplicate safe-output validation logic into shared helpers by @Copilot in #4575
• Add close-pull-request safe output with filtering by @Copilot in #4568
• [docs] Update documentation for new safe output types from Nov 22-23 by @github-actions[bot] in #4583
• [instructions] Sync github-agentic-workflows.instructions.md with v0.30.4 by @github-actions[bot] in #4587
• [log] Add debug logging to CLI components by @github-actions[bot] in #4592
• [docs] Update dictation prompt instructions by @github-actions[bot] in #4582
• [tidy] Update documentation: Add close-pull-request safe output documentation by @github-actions[bot] in #4594
• Refactor safe output validation: centralize config defaults and eliminate hardcoded values from MCP server scripts by @Copilot in #4576
• [cloclo] Refactor: Extract shared helper for parsing participants (assignees/reviewers) by @github-actions[bot] in #4604
• Allow command triggers with label-only issues/PR events by @Copilot in #4602
• Add daily malicious code scan workflow with code-scanning alerts by @Copilot in #4612
• [tidy] Fix trailing whitespace in JavaScript files by @github-actions[bot] in #4611
• Add built-in Serena MCP support with language service integration and Go configuration options by @Copilot in #4610
• Fix PR branch checkout step failing with missing GH_TOKEN by @Copilot in #4609
• Remove shared Serena workflow, use tools: serena frontmatter instead by @Copilot in #4613
• Disable threat detection on daily malicious code scan workflow by @Copilot in #4617
• Add github.workspace to GitHub context prompt by @Copilot in #4618
• Remove bloat from CLI commands documentation by @Copilot in #4620
• Refactor safe_outputs_mcp_server.cjs: Extract utility functions with bundling and size logging by @Copilot in #4601
• Update create-issue and create-discussion tool descriptions to clarify title/body relationship by @Copilot in #4622

Full Changelog: v0.30.4...v0.30.5

gh-aw 0.30.4

🌟 Release Highlights

We're pleased to announce v0.30.4, a maintenance release focused on security hardening and quality improvements!

🔒 Security Enhancements

• Integer Conversion Safety: Fixed potential security issues with bounds checking in ParsePRURL and other integer conversion operations. These improvements prevent potential overflow vulnerabilities when processing GitHub URLs and numeric data.

🐛 Bug Fixes & Improvements

• ASCII Art Alignment: Fixed alignment issues by properly preserving per-line leading spaces in formatted output
• Test Reliability: Updated test expectations for network hook script format to ensure consistent validation
• Code Quality: Removed trailing whitespace throughout the codebase for cleaner formatting
• Workflow Verification: Added verification step to copilot-setup-steps.yml injection for improved workflow reliability

🙏 Contributors

Special thanks to @Copilot, @pelikhan, and @github-actions[bot] for their contributions to this release!

---

For a complete list of changes, see the full changelog.

AI generated by Release Highlights Generator

---

What's Changed

• Add verification step to copilot-setup-steps.yml injection by @Copilot in #4534
• Fix ASCII art alignment by preserving per-line leading spaces by @Copilot in #4537
• [security-fix] Security Fix: Add bounds checking for integer conversion in ParsePRURL by @github-actions[bot] in #4536
• Fix test expectations for network hook script format by @Copilot in #4538
• [tidy] Fix code formatting: remove trailing whitespace by @github-actions[bot] in #4540
• Potential fix for code scanning alert no. 36: Incorrect conversion between integer types by @pelikhan in #4541

Full Changelog: v0.30.3...v0.30.4

gh-aw 0.30.2

🌟 Release Highlights

We're excited to announce v0.30.2 with substantial improvements to workflow debugging, documentation quality, and patch generation reliability!

✨ What's New

• Debug Agent for Workflow Troubleshooting: A new custom agent (debug-agentic-workflow) is now bundled with gh-aw to help you diagnose and fix workflow issues quickly. Learn more about custom agents

• Enhanced Audit Command: The gh aw audit command now includes:

  • Agent-optimized structured output for better LLM parsing
  • File listings with descriptions and relative paths
  • Helpful suggestion to use gh aw audit in run command output
  • Makes workflow introspection much easier for AI agents

• GitHub App Token Support: Safe outputs now support GitHub App token minting, enabling more secure and flexible authentication patterns

• Close Discussion Safe Output: New safe output type allows agents to close discussions with comments and resolution categories

• Simplified Trending Charts Workflow: Added a new shared workflow for generating trending charts with less complexity

🐛 Bug Fixes & Improvements

• Fixed Patch Generation: Commits made directly to the current branch during workflow execution are now properly captured in patch files (fixes issue where patches only captured commits from explicitly named branches)

• Custom Engine Validation: Fixed validateEngine to correctly accept 'custom' engine as documented

• Permission Fixes: Corrected push_to_pull_request_branch job permissions for comment updates

• Workflow Setup: Fixed runtime setup steps being incorrectly inserted before checkout in custom steps

📚 Documentation

Major documentation improvements to help you get started faster and understand the system better:

• Enhanced Quick Start Guide: Added prominent prerequisites checklist, "Why Compile?" explanation, and glossary navigation
• CLI Documentation Improvements:
  • Added "Most Common Commands" section
  • Organized commands into groups for better discoverability
  • Fixed references to non-existent commands
  • Standardized flag descriptions
• New Strategy Guide: Added ResearchPlanAssign strategy documentation
• Reduced Bloat: Streamlined MCP guide (41% reduction) and error reference docs
• Inline Definitions: Technical terms now include definitions on first use
• Fixed Broken Links: Resolved documentation link issues in troubleshooting pages

🔧 Developer Experience

• ASCII Logo in Compiled Workflows: Compiled workflows now include an ASCII logo and original prompt in headers for better attribution
• Improved Logging: Added extensive debug logging to workflow configuration, validation, and patch generation
• Better CLI Help: Commands are now organized into logical groups for easier navigation
• Consolidated Dependency Updates: Dependency update issues are now grouped into single consolidated issues
• Code Quality: Refactored duplicate log parser code into shared module, extracted permission validation utilities

🔄 Configuration Changes

• Renamed Field: The campaign frontmatter field has been renamed to tracker-id for clarity (backwards compatible during transition)
• Updated CLI Versions: Claude Code updated to 2.0.47, Codex to 0.60.1
• Workflow Security: Replaced ${{ '' }} with "" to eliminate zizmor obfuscation warnings

📦 Dependencies

• Updated github.com/Masterminds/semver/v3 from v3.3.0 to v3.4.0

🙏 Thank You

This release includes 54 pull requests from our team and automated workflows, reflecting our commitment to continuous improvement and quality. Special thanks to everyone who contributed feedback and reported issues!

---

For a complete list of changes, see the full changelog.

AI generated by Release Highlights Generator

---

What's Changed

• Refactor: Extract duplicate log parser markdown generation to shared module by @Copilot in #4363
• [tidy] Fix formatting in bundler.go by @github-actions[bot] in #4369
• Mark Claude and Codex engines as experimental by @Copilot in #4368
• [docs] Update documentation for features from 2025-11-20 by @github-actions[bot] in #4375
• Fix broken documentation links in troubleshooting and how-it-works pages by @Copilot in #4374
• Rename frontmatter field campaign to tracker-id by @Copilot in #4289
• [log] Add debug logging to workflow configuration and validation files by @github-actions[bot] in #4383
• Add glossary navigation and link key terms from Quick Start by @Copilot in #4395
• Add "Why Compile?" explanation to Quick Start guide by @Copilot in #4394
• Fix runtime setup steps inserted before checkout in custom steps by @Copilot in #4388
• Replace ${{ '' }} with "" in activation job outputs to eliminate zizmor obfuscation warnings by @Copilot in #4398
• [docs] docs: unbloat MCP guide - 41% reduction by @github-actions[bot] in #4403
• Assign command groups to organize CLI help output by @Copilot in #4400
• Update CLI versions: Claude Code 2.0.47, Codex 0.60.1 by @Copilot in #4399
• Reorganize helper functions: move MCP rendering to mcp_renderer.go and rename gh_helper to github_cli by @Copilot in #4405
• Standardize CLI flag descriptions across commands by @Copilot in #4404
• Add prominent Prerequisites checklist to Quick Start by @Copilot in #4401
• [tidy] Format code: align struct fields and remove trailing whitespace by @github-actions[bot] in #4408
• [tidy] Fix formatting in command_groups_test.go by @github-actions[bot] in #4410
• Add tracker-id to daily workflows by @Copilot in #4412
• Review and update GitHub agentic workflows instruction files by @Copilot in #4414
• Add warning logs for float-to-int truncation by @Copilot in #4425
• [WIP] Fix aw.patch generation logic to handle local commits by @Copilot in #4409
• Fix push_to_pull_request_branch job permissions for comment updates by @Copilot in #4431
• Add noop message parsing to logs and audit commands by @Copilot in #4428
• Add safe output type to close discussion with comment and resolution by @Copilot in #4411
• [tidy] Fix trailing whitespace in close_discussion.go by @github-actions[bot] in #4438
• Fix trailing whitespace in close_discussion.go by @Copilot in #4437
• [docs] docs: remove bloat from error reference documentation by @github-actions[bot] in #4441
• Add audit command suggestion to run command output by @Copilot in #4445
• Refactor: Extract duplicate permission validation to shared utility by @Copilot in #4439
• Add debug-agentic-workflow custom agent for workflow troubleshooting by @Copilot in #4449
• Add --progress flag to run command for agent CLI keepalive by @Copilot in #4450
• [docs] Update documentation for features from 2025-11-21 by @github-actions[bot] in #4451
• [log] Add debug logging to 5 files for improved troubleshooting by @github-actions[bot] in #4468
• Remove unused --progress flag from run command by @Copilot in #4452
• [instructions] Sync github-agentic-workflows.instructions.md with release v0.30.1 by @github-actions[bot] in #4456
• Add file listing with descriptions and relative paths to audit command output by @Copilot in #4453
• [tidy] Fix code formatting and update documentation by @github-actions[bot] in #4474
• Group safe patch dependency updates into single consolidated issue by @Copilot in #4472
• Update github.com/Masterminds/semver/v3 from v3.3.0 to v3.4.0 by @Copilot in #4469
• Bundle debug-agentic-workflow.md agent file on init by @Copilot in #4475
• docs: remove non-existent --progress flag from run command by @Copilot in #4482
• Fix inconsistent workflow name casing in run command example by @Copilot in #4483
• Add agent-optimized structured output to audit command by @Copilot in #4476
• Fix inconsistent workflow name casing in remove command example by @Copilot in #4486
• Fix CLI documentation: Remove references to non-existent pr subcommands by @Copilot in #4485
• Add ResearchPlanAssign strategy documentation b...

gh-aw 0.30.1

What's Changed

• Refactor: Extract common template sync logic to eliminate 80 lines of duplication by @Copilot in #4256
• [log] Add debug logging to 5 core files for better troubleshooting by @github-actions[bot] in #4277
• Add MCP integration tests with JSON validation for all server tools by @Copilot in #4268
• Add MCP tools JSON schema validation test by @Copilot in #4282
• Add skip-if-match field for conditional workflow execution based on GitHub search queries by @Copilot in #4287
• chore: add projectops docs by @mnkiefer in #4294
• Fix pr transfer command documentation inconsistency by @Copilot in #4292
• Add Playwright and Playwright MCP version checking to cli-version-checker workflow by @Copilot in #4293
• Add tools.json update step to safe output type custom agent instructions by @Copilot in #4297
• Add noop safe output for transparent workflow completion by @Copilot in #4286
• Update CLI tool versions: Claude Code 2.0.44, GitHub MCP Server v0.21.0 by @Copilot in #4291
• Display complete tool list in parse log step summary by @Copilot in #4303
• Fix lint errors by wiring up noop safe output job by @Copilot in #4301
• Rename "Status" documentation page to "Labs" by @Copilot in #4304
• Add update-release safe output for modifying GitHub release descriptions by @Copilot in #4278
• [tidy] Remove trailing whitespace from JavaScript files by @github-actions[bot] in #4310
• [docs] Update documentation for features from 2025-11-19 by @github-actions[bot] in #4317
• Apply bundler to noop.cjs to resolve load_agent_output dependency by @Copilot in #4311
• Move noop processing step from separate job into conclusion job by @Copilot in #4318
• [log] Enhance debug logging in engine and workflow processing files by @github-actions[bot] in #4328
• Define jargon terms on first use in documentation by @Copilot in #4331
• Rename "Status" to "Labs" in docs navigation menu by @Copilot in #4348
• Remove tracked test artifacts and ignore *.tmp files by @Copilot in #4337
• Add glossary maintainer workflow with daily incremental and weekly full scans by @Copilot in #4336
• Fix undefined activation job outputs causing actionlint and schema validation errors by @Copilot in #4332
• Update schema to accept polymorphic types for category and version fields by @Copilot in #4333
• Update codeql-action/upload-sarif SHA for v3 tag by @Copilot in #4350
• Exclude fuzz tests from regular test runs in CI by @Copilot in #4351
• Split expressions.go into focused files (nodes, builder, parser) by @Copilot in #4354
• Display detailed diagnostics for MCP server startup failures in Claude logs by @Copilot in #4356
• Add live server integration test for Playwright MCP inspect command by @Copilot in #4353
• Update smoke test workflows to use add-comment and add comprehensive capability testing by @Copilot in #4352
• Extract MCP initialization and errors in Codex log parser by @Copilot in #4358
• Fix Playwright MCP integration: update --allowed-origins to --allowed-hosts by @Copilot in #4359
• Optimize integration tests by splitting into 5 parallel jobs by @Copilot in #4361
• chore(deps): bump astro from 5.15.6 to 5.15.9 in /docs by @dependabot[bot] in #4360
• Add assign-milestone safe output type by @Copilot in #4334
• Fix test isolation in collect_ndjson_output.test.cjs by @Copilot in #4365

Full Changelog: v0.30.0...v0.30.1

gh-aw 0.30.0

What's Changed

• 👨‍💻 Add workflow description extraction feature by @dsyme in #4008
• 🤖 Optimize workflow disabling in trial command by @dsyme in #4009
• [docs] Consolidate developer specifications: Add template injection diagrams by @github-actions[bot] in #4012
• [WIP] Implement 'Did You Mean' suggestions for schema validation by @Copilot in #3999
• Standardize MCP command arguments to workflow-id-or-file by @Copilot in #4014
• Add actionable hints to strict mode validation errors by @Copilot in #4013
• Add role validation for workflow_run triggers to prevent privilege escalation by @Copilot in #4015
• [docs] Update documentation for features from November 15, 2025 by @github-actions[bot] in #4016
• Document max-turns engine compatibility in schema by @Copilot in #4031
• Document max parameter limitation for create-pull-request safe-output by @Copilot in #4032
• [log] Add debug logging to 5 additional Go files by @github-actions[bot] in #4037
• Fix timeout-minutes schema documentation: 20 minutes, not 15 by @Copilot in #4030
• Standardize validation error messages with format examples by @Copilot in #4017
• Add /cloclo command workflow with Claude engine and MCP integrations by @Copilot in #4003
• Add unified MCPConfigRenderer to eliminate duplication across engines by @Copilot in #4023
• [tidy] Fix Go code formatting in Tools struct by @github-actions[bot] in #4044
• Fix control characters in compiled workflows from backslash sequences in bash commands by @Copilot in #4038
• Add daily-file-diet workflow for automated Go file refactoring analysis by @Copilot in #4040
• [tidy] Fix Go formatting in shell_backslash_integration_test.go by @github-actions[bot] in #4055
• Investigation: Error reference documentation already exists and exceeds requirements by @Copilot in #4042
• Simplify cloclo workflow name and add concurrency control by @Copilot in #4054
• Add type information to validation errors using %T by @Copilot in #4056
• Refactor ClaudeEngine to use unified MCPConfigRenderer by @Copilot in #4043
• Standardize CLI error/warning messages to use console formatting helpers by @Copilot in #4057
• Refactor frontmatter.go: Extract 4 focused modules (39% size reduction) by @Copilot in #4059
• Update Claude Code CLI to v2.0.42 by @Copilot in #4066
• Refactor CodexEngine and CustomEngine to use unified MCPConfigRenderer by @Copilot in #4063
• Add concrete examples to repository format validation errors by @Copilot in #4068
• Improve MCP configuration error messages with YAML examples and type information by @Copilot in #4067
• [WIP] Refactor CopilotEngine to use unified MCPConfigRenderer by @Copilot in #4062
• Fix compiler to emit runtime steps before imported steps and deduplicate with field preservation by @Copilot in #4060
• Prevent workflow_run triggers from executing in forked repositories by @Copilot in #4070
• Add inline examples to schema validation errors by @Copilot in #4080
• Enhance engine validation error messages with examples and valid options by @Copilot in #4077
• Improve MCP configuration error messages with complete YAML examples by @Copilot in #4079
• Add automated error message quality linter by @Copilot in #4078
• Remove redundant error wrappers in compiler validation by @Copilot in #4081
• Rename update_reaction job to conclusion and improve condition logic by @Copilot in #4083
• Improve runtime_setup.go error messages with context and examples by @Copilot in #4097
• Remove prescriptive examples from repository-quality-improver workflow to encourage creative focus area selection by @Copilot in #4087
• Pin Playwright to 1.56.1 and add NPM package update tracking by @Copilot in #4103
• Add daily documentation testing workflow with beginner perspective by @Copilot in #4088
• Refactor: Extract duplicate log metrics finalization logic by @Copilot in #4105
• Add update tool to MCP server by @Copilot in #4110
• [docs] Consolidate developer specifications - Add refactoring case study by @github-actions[bot] in #4116
• [docs] Update dictation prompt instructions by @github-actions[bot] in #4117
• [docs] Update documentation for features from 2025-11-16 by @github-actions[bot] in #4118
• feat: add campaign capability update-project by @mnkiefer in #3524
• [log] Add debug logging to workflow compiler components by @github-actions[bot] in #4123
• fix: update default project by @mnkiefer in #4125
• Optimize daily-team-status workflow with data pre-fetching and caching by @Copilot in #4126
• chore: update project URL fallback by @mnkiefer in #4131
• chore: disable scheduled trigger for AI Triage Campaign workflow by @mnkiefer in #4137
• Fix template injection vulnerabilities in cloclo workflow by @Copilot in #4140
• Update actions/github-script to v8 in dev and test-ollama workflows by @Copilot in #4141
• Add missing issues and pull-requests read permissions to docs-noob-tester workflow by @Copilot in #4139
• Configure Q workflow to skip PR creation when no changes exist by @Copilot in #4128
• Generate zizmor annotations for workflow_run triggers by @Copilot in #4129
• Use GitHub API for lock file timestamp checks instead of repository checkout by @Copilot in #4142
• [log] Add debug logging to CLI log parsing and analysis files by @github-actions[bot] in #4147
• Remove deprecated displayMissingToolsAnalysis function that didn't populate Display fields by @Copilot in #4146
• Extract DomainBuckets to eliminate duplicate accessor methods by @Copilot in #4150
• Add semantic types to constants for type safety and clarity by @Copilot in #4160
• Consolidate duplicate GitHub tools lists into shared constant by @Copilot in #4159
• Add unified ToolsConfig struct to replace map[string]any pattern by @Copilot in #4158
• Standardize interface{} to any syntax across codebase by @Copilot in #4161
• Remove obsolete MCP test cases for unimplemented features by @Copilot in #4176
• Fix CHANGELOG v0.21.0: discussion field is optional, not removed by @Copilot in #4179
• Standardize CLI workflow identifier terminology to workflow-id by @Copilot in #4210
• Fix help text formatting: remove dashes, align spacing consistently by @Copilot in #4204
• Migrate to local prettier installation using npm scripts by @Copilot in #4201
• Fix Playwright version confusion between MCP package and browser image by @Copilot in #4205
• Add Node.js 24+ requirement with Makefile validation by @Copilot in #4217
• Fix safe-output jobs failing on agent output parse errors by @Copilot in #4214
• Add deprecated field detection to strict mode validation by @Copilot in #4202
• Isolate test temp directories to prevent conflicts by @Copilot in #4203
• Update github.com/stretchr/testify from v1.8.1 to v1.11.1 by @Copilot in #4206
• chore(deps): bump glob and @vitest/coverage-v8 in /pkg/workflow/js by @dependabot[bot] in #4215
• Update github.com/modelcontextprotocol/go-sdk from v0.4.0 t...

gh-aw 0.29.1

This release brings important security improvements and enhanced offline capabilities. Key updates include an import cache system for offline workflow compilation with SHA-based storage, a critical fix for template injection vulnerability in the copilot-session-insights workflow, and a new --repo option for improved workflow management across repositories.

AI generated by Dev

---

What's Changed

• Add import cache for offline workflow compilation with SHA-based storage by @Copilot in #3981
• Fix template injection risk in copilot-session-insights workflow by @Copilot in #4001
• 🚀 Add --repo option to workflow management commands by @dsyme in #4007

Full Changelog: v0.29.0...v0.29.1

gh-aw 0.29.0

What's Changed

• Fix table CSS to span full width in documentation by @Copilot in #3908
• 🚀 Improve trial command with direct repository mode by @dsyme in #3914
• Refactor: Extract duplicate compilation loops into shared helper by @Copilot in #3911
• Remove hardcoded action pins lists from tests by @Copilot in #3922
• agentics copy by @pelikhan in #3924
• Add --dir flag to update command for custom workflow directories by @Copilot in #3925
• Add GitHub Copilot agent detection and specialized log parser to audit command by @Copilot in #3913
• [docs] Update CLI documentation for features from 2025-11-14 by @github-actions[bot] in #3930
• Add --dir flag and deprecate --workflows-dir in compile command by @Copilot in #3928
• [WIP] Update workflows and recompile scripts after update by @Copilot in #3929
• Migrate interactive workflow creation from add to new command by @Copilot in #3940
• [log] Enhance workflow and job management logging (session 4) by @github-actions[bot] in #3946
• Validate local modifications when workflow source is up-to-date by @Copilot in #3932
• Unify action_pins.json schema and sync generated cache to embedded data by @Copilot in #3933
• Revert changeset workflow to pull_request trigger (9e0ba6b) by @Copilot in #3948
• [WIP] Add helper to wrap 'gh' calls using Exec by @Copilot in #3952
• Organize CLI commands into logical groups in help text by @Copilot in #3935
• daily team status with imports by @pelikhan in #3938
• Add --no-stop-after and --stop-after flags to manage stop-after field in workflows by @Copilot in #3951
• Fix stop-after time preservation during workflow recompilation by @Copilot in #3950
• [tidy] Fix syntax errors in stop_after_test.go by @github-actions[bot] in #3967
• Sort action pins JSON entries alphabetically by key by @Copilot in #3974
• Clean up action cache files left behind by tests by @Copilot in #3976
• Add ghhelper package for consistent GH_TOKEN/GITHUB_TOKEN handling in gh CLI calls by @Copilot in #3977
• chore(deps): bump js-yaml from 4.1.0 to 4.1.1 in /docs by @dependabot[bot] in #3979
• Consolidate ghhelper into pkg/workflow and use go-gh/v2 by @Copilot in #3992
• Update CLI versions: Claude Code 2.0.37→2.0.41, Copilot CLI 0.0.355→0.0.358 by @Copilot in #3991
• Enable stop-time recomputation during workflow updates by @Copilot in #3993
• Add missing -e shorthand to logs command engine flag by @Copilot in #3996
• Extract shared utilities from log parsers to eliminate duplication by @Copilot in #3997
• Add missing permissions to workflows with GitHub toolsets by @Copilot in #3998
• Refactor: Extract shared helpers for safe output config parsing by @Copilot in #3995
• 🚦 Improve Workflow Polling and Signal Handling by @dsyme in #4002
• [WIP] Update permissions in ci-doctor.md for least privilege by @Copilot in #4000
• 🔧 Fix workflow disabling logic in trial command by @dsyme in #4004

Full Changelog: v0.28.7...v0.29.0

gh-aw 0.28.7

What's Changed

• [docs] Update documentation for features from 2025-11-07 by @github-actions[bot] in #3432
• Migrate workflows from deprecated timeout_minutes to timeout-minutes by @Copilot in #3433
• Enable direct file editing in developer-docs-consolidator workflow by @Copilot in #3444
• Update github.com/spf13/cobra from v1.9.1 to v1.10.1 by @Copilot in #3445
• Prevent adding workflows from current repository by @Copilot in #3443
• [WIP] Update frontmatter docs generator to skip deprecated fields by @Copilot in #3446
• Add super-linter agentic workflow for automated code quality analysis by @Copilot in #3442
• docs: more professional appearance by @mnkiefer in #3329
• Add 'add' tool to mcp-server command by @Copilot in #3447
• Add enterprise GitHub support with centralized host resolution by @Copilot in #3441
• Update Claude Code CLI to v2.0.35 by @Copilot in #3453
• Add "help all" command and fix init command Copilot agent usage pattern by @Copilot in #3454
• Render docs for iPhone 16 and fix CSS issues for multiple form factors by @Copilot in #3452
• fix(docs): feature card and grid alignment by @mnkiefer in #3455
• Add support for full GitHub actions specification in jobs field and automatic job dependencies by @Copilot in #3451
• Make feature cards fully clickable on docs landing page by @Copilot in #3456
• Add --dir flag to specify subfolder for workflow installation by @Copilot in #3459
• Auto-add activation dependency to custom jobs without explicit needs by @Copilot in #3458
• [WIP] Fix super linter log issue related to temp folder by @Copilot in #3463
• Fix super-linter LOG_FILE configuration and remove unnecessary setup steps by @Copilot in #3467
• [docs] docs: Remove bloat from MCP Server documentation by @github-actions[bot] in #3466
• [docs] Update documentation for features from 2025-11-08 by @github-actions[bot] in #3477
• [docs] Consolidate developer specifications and fix marketing tone by @github-actions[bot] in #3476
• [log] Add debug logging to 5 workflow files by @github-actions[bot] in #3481
• Fix: Quote cron expressions in schedule sections to prevent YAML parsing ambiguity by @Copilot in #3468
• Refactor: Extract shared log aggregation logic into generic helper by @Copilot in #3465
• Consolidate strict mode validation into strict_mode_validation.go by @Copilot in #3492
• Refactor: Extract engine validation methods to dedicated file by @Copilot in #3491
• Fix npm URL format in cli-version-checker workflow by @Copilot in #3496
• Refactor: Extract detection and validation methods from compiler.go by @Copilot in #3497
• Enhance CLI version checker to fetch and parse GitHub release notes by @Copilot in #3495
• Consolidate duplicate config parsing functions with generic helper by @Copilot in #3490
• Fix super-linter configuration: validate Markdown only by @Copilot in #3469
• [docs] docs: unbloat CLI commands documentation (43% reduction) by @github-actions[bot] in #3501
• Refactor: Extract shared MCP config renderer to eliminate duplication by @Copilot in #3504
• Add comprehensive tests for refactored config parsing and validation functions by @Copilot in #3506
• [log] Add debug logging to CLI utility functions by @github-actions[bot] in #3529
• Update activation comment with PR link after create_pull_request by @Copilot in #3502
• Add default value annotations to JSON schema for engine and reaction fields by @Copilot in #3520
• [docs] Update dictation prompt instructions by @github-actions[bot] in #3523
• Enhance runs-on and concurrency schema descriptions with type variants and examples by @Copilot in #3521
• Remove obsolete safe-jobs backwards compatibility references by @Copilot in #3522
• Add gh-aw MCP server to python-data-charts workflow by @Copilot in #3533
• Rename ValidatePermissions to ValidateIncludedPermissions in imports.go by @Copilot in #3546
• Add shellcheck disable directives for heredoc markdown backticks by @Copilot in #3548
• Optimize SC2002 useless cat patterns in analysis workflows by @Copilot in #3547
• chore: restructure docs following modern DX best practices by @Copilot in #3526
• Update golang.org/x/sys from v0.37.0 to v0.38.0 by @Copilot in #3563
• Fix bundler generating invalid JavaScript for multi-line module.exports by @Copilot in #3566
• Standardize prompt generation pattern - move scattered functions to dedicated files by @Copilot in #3564
• Remove empty network.go file by @Copilot in #3569
• build(deps): bump @sentry/mcp-server from 0.20.0 to 0.21.0 in /.github/workflows by @dependabot[bot] in #3562
• Fix SC2215 shellcheck warnings in Playwright prompt heredoc by @Copilot in #3568
• Refactor: Extract duplicate comment helpers into separate modules by @Copilot in #3565
• [docs] docs: Remove bloat from permissions.md by @github-actions[bot] in #3575
• Fix PR link formatting in cli-version-checker workflow by @Copilot in #3586
• Refactor: Extract duplicate error aggregation logic in logs_report.go by @Copilot in #3587
• Refactor: Extract shared domain aggregation logic in logs_report.go by @Copilot in #3588
• Extract workflow metadata env setup to shared helper by @Copilot in #3580
• Consolidate scattered validation functions into dedicated validation files by @Copilot in #3581
• Remove unsupported docker-image field from cache-memory schema by @Copilot in #3597
• Fix cache-memory classification in frontmatter documentation by @Copilot in #3598
• Refactor: Extract generic aggregation helper to eliminate duplicate code in logs report by @Copilot in #3591
• Refactor: Extract scattered helper functions into dedicated files by @Copilot in #3601
• Update Claude Code CLI from 2.0.35 to 2.0.37 by @Copilot in #3611
• Daily Test Coverage Improver - Add tests for packages.go include dependency functions by @github-actions[bot] in #3590
• Add debug logging to expression extraction, strict mode validation, metrics, PR review comments, and notification workflows by @Copilot in #3612
• Add optional fingerprint field for asset tracking by @Copilot in #3602
• Update GitHub MCP Server version to v0.20.2 by @Copilot in #3625
• Bump actions/download-artifact from v5 to v6 by @Copilot in #3629
• Refactor logs.go: split 2,812-line monolith into focused modules by @Copilot in #3628
• Rename generic utility files in pkg/cli to reflect their specific purpose by @Copilot in #3627
• Consolidate duplicate string extraction functions in pkg/workflow by @Copilot in #3626
• [audit] Document npm registry access in firewall-enabled workflows by @Copilot in #3637
• Add action SHA validation to compile --validate command by @Copilot in #3631
• Add python ecosystem identifier to workflows needing PyPI access by @Copilot in #3641
• Fix Docker registry access blocking in mcp-inspector workflow by @Copilot in #3640
• Add daily code metrics workflow with persistent trend tracking by @Copilot in #3639
• Fix SC2086 shellcheck...

gh-aw 0.28.6

What's Changed

• Filter non-workflow markdown files in add command listing by @Copilot in #3388
• [docs] Consolidate developer specifications into instructions file by @github-actions[bot] in #3390
• Standardize frontmatter across instruction files by @Copilot in #3393
• Merge JavaScript template filtering into interpolation step by @Copilot in #3381
• Refactor log parser entry points to eliminate duplicate bootstrap logic by @Copilot in #3394
• [docs] docs: unbloat CLI commands documentation by @github-actions[bot] in #3395
• Add JavaScript refactoring instructions for .cjs module extraction by @Copilot in #3401
• Bundle is_truthy.cjs and log_parser_bootstrap.cjs dependencies by @Copilot in #3400
• Show available workflows when workflow not found in add command by @Copilot in #3402
• Emit warning instead of error when wildcard adds encounter existing workflows by @Copilot in #3404
• Add Typist workflow for Go type analysis by @Copilot in #3410
• Update github.com/spf13/pflag from v1.0.7 to v1.0.10 by @Copilot in #3425
• Update golang.org/x standard library extensions to latest patch versions by @Copilot in #3417
• Add timeout-minutes field and deprecate timeout_minutes by @Copilot in #3405
• Display workflow list as table with ID, Name, and Description by @Copilot in #3406
• Remove bash wildcard restriction in strict mode by @Copilot in #3407
• [WIP] Fix dependabot-go-checker to link to correct Go module repositories by @Copilot in #3427
• Update github.com/charmbracelet/huh from v0.6.0 to v0.8.0 by @Copilot in #3418
• Add Mermaid diagram for safe output message flow by @Copilot in #3428
• Simplify agentic task description format and add conversational summarization by @Copilot in #3430

Full Changelog: v0.28.5...v0.28.6

gh-aw 0.28.5

What's Changed

• List workflows when only repo name provided to add command by @Copilot in #3373
• Add wildcard support for workflow names in add command by @Copilot in #3374
• Use JavaScript for prompt variable interpolation instead of shell expansion by @Copilot in #3379

Full Changelog: v0.28.4...v0.28.5