Skip to content

v0.81.4

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 26 Jun 04:17
· 13 commits to main since this release
Immutable release. Only release title and notes can be modified.
v0.81.4
1db7b9b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on reliability, performance, and new operational capabilities β€” fixing silent failures across the compiler and agent harnesses, reducing wasted credits on hot paths, and adding important new tooling.

✨ What's New

  • --org flag for upgrade command (#41335) β€” The upgrade command now supports --org and --repos flags, matching the org-wide mode already available in update. Bulk-preview or open upgrade PRs across an entire organization with a single command.

  • Daily YAML Lint Fixer workflow (#41574) β€” A new agentic workflow automatically fixes yamllint violations in generated *.lock.yml files, keeping CI lint checks clean without manual intervention.

  • AWF Firewall startup failure detection (#41472) β€” Firewall proxy startup failures (e.g., DNS not yet resolving at probe time) are now detected and surfaced in the agent failure issue β€” making previously silent infra failures immediately actionable.

  • Spec-driven engine.env allowlist (#41465) β€” The engine environment variable allowlist is now derived from GetSupportedEnvVarKeys rather than a fragile runtime heuristic, enabling strict: false to be safely removed from smoke workflows.

  • Copilot engine launched from ${GITHUB_WORKSPACE} (#41459) β€” The Copilot engine now starts from the workspace root, enabling APM skill discovery for context-aware agent behaviour.

πŸ› Bug Fixes & Improvements

  • Silent YAML parse errors fixed (#41577) β€” Five yaml.Unmarshal call sites in workflow_builder.go were silently discarding errors, producing empty step lists on malformed YAML with no diagnostic. All errors now propagate correctly.

  • Copilot SDK hang bounded by idle watchdog (#41572) β€” After an agent's final tool result, sendAndWait could hang indefinitely until the step timeout killed the runner. A post-completion idle watchdog now bounds this wait, preventing wasted runner minutes.

  • Codex harness no longer drains tokens on rate-limit reconnects (#41385) β€” When Codex hit a TPM rate limit and exhausted reconnect retries, the harness kept retrying unnecessarily. It now recognises exhausted-reconnect exits and stops, preserving credits.

  • Claude harness stops retrying on max_runs_exceeded (#41361) β€” Fresh-run fallbacks no longer burn the full quota when a session has already hit its 20-invocation limit.

  • Issue Monster false-positive 429 detection eliminated (#41471) β€” Rate-limit false positives no longer trigger spurious failure handling.

  • assign_to_agent no longer posts error comments on PRs (#41475) β€” Error comments are now only posted to issues, matching expected behaviour.

  • Daily schedule runs restored (#41362) β€” Daily schedule runs broken since June 5 are now fixed.

  • workflow_call permissions use union of caller + worker (#41387) β€” Imported workflow_call permissions in generated call jobs are now correctly annotated.

⚑ Performance

  • YAML generation is faster (#41333) β€” Duplicate run-script scans in the skip-validation fast path collapsed to a single pass, restoring compilation performance.

  • Design Decision Gate costs reduced (#41332) β€” Now defaults to Sonnet instead of Opus and skips issue lookups on no-op paths, meaningfully reducing AI credit consumption per run.

πŸ”’ Security

  • Safe-output detection hardened (#41547) β€” Detection stays in warn mode on parser/agent failures, ensuring non-reviewable safe outputs are blocked rather than passed through silently.

  • Pi threat-detection model normalisation (#41545) β€” Pi threat-detection models are now normalised before Copilot fallback, preventing misclassification due to model name variance.

πŸ”§ Internal

  • Bumped gh-aw-firewall to v0.27.11 and regenerated pinned workflow artifacts (#41555)
  • Bumped Codex 0.142.1 and Copilot SDK 1.0.4 (#41430)
  • Extracted shared org-wide runner for update and upgrade commands (#41553)

Generated by πŸš€ Release Β· 44.1 AIC Β· ⊞ 8.3K

What's Changed

  • [community] Update community contributions in README by @github-actions[bot] in #41359
  • Lower Design Decision Gate runtime cost with Sonnet default and conditional issue lookups by @pelikhan with @Copilot in #41332
  • Add GitHub lockdown guard-policy warning and sync security specs by @pelikhan with @Copilot in #41331
  • Reduce YAMLGeneration time by collapsing duplicate run-script scans by @pelikhan with @Copilot in #41333
  • fix(go-logger): restore daily schedule runs broken since June 5 by @pelikhan with @Copilot in #41362
  • feat: add --org to upgrade command by @pelikhan with @Copilot in #41335
  • Surface assign-to-agent auth/availability failures in agent failure issues/comments by @pelikhan with @Copilot in #41336
  • chore: set sandbox.agent.sudo: false on 30% of agentic workflows by @pelikhan with @Copilot in #41380
  • [ubuntu-image] research: update Ubuntu runner image analysis for 20260622.220.1 by @github-actions[bot] in #41373
  • [code-scanning-fix] Fix workflow-graphql-static-concat: extract GraphQL query to named constant by @github-actions[bot] in #41357
  • fix(manualmutexunlock): distinguish struct instances sharing a mutex field by @pelikhan with @Copilot in #41383
  • Add nolint parity to non-enforced context-family linters by @pelikhan with @Copilot in #41382
  • Fix stale frontmatter hash in design-decision-gate.lock.yml by @pelikhan with @Copilot in #41390
  • Enable Copilot assignment permissions in Issue Monster workflow by @pelikhan with @Copilot in #41389
  • [jsweep] Clean upload_assets.cjs by @github-actions[bot] in #41371
  • fix: improve agent assignment failure issue reports by @pelikhan with @Copilot in #41392
  • [spec-extractor] Update package specifications for tty, types, typeutil, workflow by @github-actions[bot] in #41414
  • fix: stop codex harness retry loop draining tokens on exhausted rate-limit reconnects by @pelikhan with @Copilot in #41385
  • refactor: consolidate triplicate merge helpers and add sliceutil.SortedKeys by @pelikhan with @Copilot in #41388
  • fix: use union of caller + worker permissions for call-workflow jobs by @pelikhan with @Copilot in #41387
  • fix: revert sandbox.agent.sudo to true in glossary-maintainer workflow by @pelikhan with @Copilot in #41426
  • Handle known Windows ConPTY runner failure in daily CLI integration by @pelikhan with @Copilot in #41428
  • fix(firewall): skip non-Squid diagnostic lines in generate_usage_activity_summary by @pelikhan with @Copilot in #41429
  • chore: bump Codex 0.142.1, Copilot SDK 1.0.4 by @pelikhan with @Copilot in #41430
  • Send GraphQL-Features header for issue intent mutations when issue_intents runtime feature is enabled by @pelikhan with @Copilot in #41425
  • Issue Monster: eliminate false-positive 429 rate-limit detection by @pelikhan with @Copilot in #41471
  • Standardize CLI help section order and GHE note wording by @pelikhan with @Copilot in #41461
  • feat: spec-driven engine.env allowlist via GetSupportedEnvVarKeys; remove strict: false from smoke workflows by @pelikhan with @Copilot in #41465
  • Annotate imported workflow_call permissions in generated call jobs by @pelikhan with @Copilot in #41464
  • fix: prevent assign_to_agent from posting error comments on PRs by @pelikhan with @Copilot in #41475
  • Reduce sandbox.agent.sudo: false usage to policy target across agentic workflows by @pelikhan with @Copilot in #41463
  • Update existing MCP configs with required gh-aw server fields by @pelikhan with @Copilot in #41462
  • feat: detect AWF firewall startup failures and surface them in the agent failure issue by @pelikhan with @Copilot in #41472
  • Render runtime features only when configured; move output behind details disclosure by @pelikhan with @Copilot in #41358
  • Align safe-outputs bundle pre-check with post-apply file detection by @pelikhan with @Copilot in #41457
  • Fix Daily Cache Strategy Analyzer codex model variant to avoid model-not-found failures by @pelikhan with @Copilot in #41541
  • Simplify assign-to-agent flow to issue assignee REST APIs with canonical bot login resolution by @pelikhan with @Copilot in #41524
  • update org resilience by @pelikhan in #41513
  • Fix empty firewall allowlist in Codex external detection job (gh-aw-detection) by @pelikhan with @Copilot in #41525
  • Normalize Pi threat-detection models before Copilot fallback by @pelikhan with @Copilot in #41545
  • [caveman] Optimize instruction verbosity β€” cli-commands, campaign (2026-06-25) by @github-actions[bot] in #41544
  • Keep detection in warn mode on parser/agent failures so non-reviewable safe outputs are blocked by @pelikhan with @Copilot in #41547
  • Fix docs homepage slide preview when the bundled PDF is an LFS pointer by @pelikhan with @Copilot in #41540
  • copilot engine: launch from ${GITHUB_WORKSPACE} to enable APM skill discovery by @pelikhan with @Copilot in #41459
  • Bump default gh-aw-firewall to v0.27.11 and regenerate pinned workflow artifacts by @lpcox with @Copilot in #41555
  • refactor: extract shared org-wide runner for update and upgrade commands by @pelikhan with @Copilot in #41553
  • feat: add daily-yamllint-fixer agentic workflow by @pelikhan with @Copilot in #41574
  • fix: resolve InvalidPDFException and add mobile nav toggle test by @pelikhan with @Copilot in #41575
  • console: swap supplementary-plane emoji for lightweight Unicode symbols by @pelikhan with @Copilot in #41578
  • fix(copilot-sdk): post-completion idle watchdog to bound SDK hang after final tool result by @pelikhan with @Copilot in #41572
  • fix: propagate yaml.Unmarshal errors in workflow_builder.go (5 silent sites) by @pelikhan with @Copilot in #41577

Full Changelog: v0.81.3...v0.81.4

Contributors

pelikhan and lpcox
Assets 17
Loading