Skip to content

v0.81.5

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 27 Jun 00:54
· 34 commits to main since this release
Immutable release. Only release title and notes can be modified.
v0.81.5
f414fc7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on org-mode maturity, performance optimizations, and sandbox hardening β€” making gh aw update/upgrade --org more robust and production-ready while delivering meaningful speed improvements across the compiler and validator.

✨ What's New

  • Action-pin mapping in aw.json (#41579) β€” Define action-pin overrides directly in your aw.json configuration, giving you centralized control over pinned action versions.

  • manifest-version now optional in aw.yml (#41687) β€” Reduces boilerplate in new workflow files; the field is inferred when omitted.

  • Non-TTY fallback for gh aw add wizard (#41717) β€” The interactive add wizard now gracefully falls back to text prompts in non-interactive environments (CI, scripts), unblocking automation pipelines.

  • Org-mode improvements for update/upgrade --org (#41617, #41627, #41719) β€” Workflow-targeted updates, repo prefiltering, version-tag display, unified repo discovery, and per-repo confirmation prompts (with --yes for CI). The --org flag is now significantly more useful for managing fleets of repositories.

  • Sandbox hardening at 50% baseline (#41786) β€” Half of all eligible agentic workflows now run with sandbox.agent.sudo: false, reducing the blast radius of runaway agent steps.

  • Daily detection analysis report workflow (#41802) β€” New built-in workflow that generates automated detection analysis reports.

⚑ Performance

  • Lazy-loaded embedded JSON datasets (#41587) β€” Embedded compile-time JSON is no longer loaded at startup, reducing memory footprint for CLI commands that do not compile.
  • Lazy-loaded GitHub toolset permissions (#41755) β€” Loaded via sync.Once so permission data is only read when needed.
  • Cached regexp in applySanitizePattern (#41762) β€” Eliminates repeated regex compilation on hot code paths.
  • Faster ParseWorkflow (#41772) β€” Model-alias cycle detection overhead reduced.

πŸ› Bug Fixes & Improvements

  • Secret double-escape fix (#41801) β€” Custom MCP server env/header secrets are no longer double-escaped in generated lock files.
  • Agent-supplied branch accepted in push_to_pull_request_branch (#41654) β€” Fixes a regression where agent-provided branch names were rejected.
  • MODEL_NOT_SUPPORTED detection extended (#41792) β€” The pattern now catches 404 "Model not found" responses, improving resilience for unsupported model errors.
  • Bundle manifest path resolution (#41790) β€” .github/ paths are now resolved as repo-root-relative in nested bundle manifests.
  • MCP post-completion relaunch is non-fatal (#41713) β€” A failed MCP server relaunch after job completion no longer fails the workflow.
  • PR Sous Chef cooldown (#41759) β€” Prevents back-to-back comments by enforcing a 30-minute cooldown.
  • Harness exits cleanly (#41675) β€” Exits with code 0 when expected safe-outputs were already produced, even when subsequent steps encounter permission-denied errors.
  • GH_AW_POLICY_STRICT enforced at runtime (#41682) β€” Non-strict compiled workflows now properly respect the strict policy flag at runtime.

πŸ“š Documentation

  • Blog: Custom Linters, Sergo, Linter Miner & LintMonster (#41663) β€” A new blog post walking through the custom linter ecosystem. Read it β†’
  • gh aw env governance guide (#41758) β€” New documentation covering defaults and scope inheritance for environment configuration.

Generated by πŸš€ Release Β· 41.2 AIC Β· ⊞ 8.3K

What's Changed

  • Add action-pin mapping support in aw.json by @pelikhan with @Copilot in #41579
  • pkg/workflow: lazy-load embedded JSON datasets used only at compile-time paths by @pelikhan with @Copilot in #41587
  • feat: add XML markers, deduplication, labels, and release links to org runner PRs/issues by @pelikhan with @Copilot in #41580
  • fix: resource lifecycle and context propagation (lint-monster) by @pelikhan with @Copilot in #41589
  • Replace lint-monster path literals with repository constants in CLI/workflow codepaths by @pelikhan with @Copilot in #41611
  • [UX] Professionalize Architecture Guardian safe-output status messages by @pelikhan with @Copilot in #41612
  • [jsweep] Clean update_context_helpers.cjs by @github-actions[bot] in #41608
  • fix: accept agent-supplied branch in push_to_pull_request_branch (fixes #41643) by @dsyme in #41654
  • fix: replace deprecated gpt-5-mini with gpt-5.4-mini in daily-model-resolution workflow by @pelikhan with @Copilot in #41625
  • Enable sandbox.agent.sudo: false on 20 agentic workflows by @pelikhan with @Copilot in #41628
  • [docs] Update glossary - daily scan by @github-actions[bot] in #41657
  • [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #41653
  • [code-scanning-fix] Fix js/http-to-file-access: validate Content-Type and size for LFS PDF download by @github-actions[bot] in #41635
  • Update gh aw update --org to support workflow-targeted updates and repo prefiltering by @pelikhan with @Copilot in #41617
  • panicinlibrarycode: enforce FuncLit boundaries for init/doc panic exemptions by @pelikhan with @Copilot in #41631
  • [instructions] Sync instruction files with release 0.81.4 by @github-actions[bot] in #41644
  • Replace AWF runtime Python patch with shared JavaScript helper by @pelikhan with @Copilot in #41623
  • Add blog post on custom linters, Sergo, Linter Miner, and LintMonster by @pelikhan with @Copilot in #41663
  • reduce instructions-janitor max lines target from 500 to 400 by @pelikhan with @Copilot in #41673
  • Retry one completed Copilot BYOK proxy auth failure as a fresh run by @pelikhan with @Copilot in #41629
  • Make manifest-version optional in aw.yml by @pelikhan with @Copilot in #41687
  • Harden API consumption log collection against continuation timeouts by @pelikhan with @Copilot in #41676
  • [spec-enforcer] Enforce specifications for setutil by @github-actions[bot] in #41684
  • Refactor duplicated key sorting, engine env assembly, and engine max-* codemods by @pelikhan with @Copilot in #41674
  • fix(harness): exit 0 when expected safe-outputs already produced despite numerous permission-denied by @pelikhan with @Copilot in #41675
  • improve update/upgrade --org: version tags, current version display, unified repo discovery by @pelikhan with @Copilot in #41627
  • Fix go-logger preflight manifest generation failing on jq filter quoting by @pelikhan with @Copilot in #41695
  • fix(USE-001): add standardized error codes to pr_review_buffer and set_issue_type handlers by @pelikhan with @Copilot in #41692
  • Enforce GH_AW_POLICY_STRICT at runtime for non-strict compiled workflows by @pelikhan with @Copilot in #41682
  • parser: add schema validation tests for sandbox.agent.sudo (regression guard for #41679) by @dsyme with @Copilot in #41681
  • logs: populate message field with actionable guidance when no runs found by @pelikhan with @Copilot in #41693
  • docs: resolve spec audit β€” pkg/intent spec, actionpins Mappings field, linters 4 new subpackages by @pelikhan with @Copilot in #41723
  • fix: post-completion MCP relaunch failure is non-fatal; audit-diff surfaces removed denied domains by @pelikhan with @Copilot in #41713
  • Normalize report-format guidance across non-compliant agentic workflows by @pelikhan with @Copilot in #41728
  • Harden Super Linter workflow against generated-summary linting and log artifact permission failures by @pelikhan with @Copilot in #41729
  • Ensure centralized status comments are reused via the standard update path by @pelikhan with @Copilot in #41709
  • chore(deps): bump golang.org/x/vuln to v1.5.0 by @pelikhan with @Copilot in #41726
  • [dead-code] chore: remove dead functions β€” 5 functions removed by @github-actions[bot] in #41731
  • Make banner styling TTY-safe by unexporting BannerStyle and standardizing ShowWelcomeBanner by @pelikhan with @Copilot in #41716
  • Add per-repo confirmations for org-mode update/upgrade create actions, with --yes CI bypass by @pelikhan with @Copilot in #41719
  • feat(mattpocock-reviewer): mention @copilot in review comments by @pelikhan with @Copilot in #41756
  • Add governance guide for gh aw env defaults and scope inheritance by @pelikhan with @Copilot in #41758
  • fix(pr-sous-chef): prevent back-to-back comments and add 30-min cooldown by @pelikhan with @Copilot in #41759
  • Add non-TTY fallback for interactive add wizard (MultiSelect + text prompts) by @pelikhan with @Copilot in #41717
  • Preserve issue-intent label metadata in add_labels REST payload behind feature flag by @pelikhan with @Copilot in #41725
  • Reduce validation benchmark overhead by deduplicating Copilot permission tip emission by @pelikhan with @Copilot in #41753
  • refactor(workflow): split custom job builder module out of compiler_jobs.go by @pelikhan with @Copilot in #41754
  • feat: upgrade experiments_command.go manual tables to console.RenderTable() by @pelikhan with @Copilot in #41718
  • PR Sous Chef: require pr-finisher in Copilot nudge by @pelikhan with @Copilot in #41768
  • Fix daily-spdd-spec-planner tool denial limit exceeded by @pelikhan with @Copilot in #41770
  • fix(compile_stats): replace raw fmt.Fprintf sub-items with console helpers by @pelikhan with @Copilot in #41764
  • Align CLI help/grouping and flag semantics for command consistency by @pelikhan with @Copilot in #41727
  • Clarify workflow trigger selection and reporting patterns for agentic workflows by @pelikhan with @Copilot in #41769
  • Wrap bare error returns in buildActivationJob with context by @pelikhan with @Copilot in #41763
  • Use a named constant for the upgrade-org skills sparse-checkout path by @pelikhan with @Copilot in #41774
  • Refactor deploy --org to run through shared org runner by @pelikhan with @Copilot in #41761
  • Cache compiled regexp in applySanitizePattern by @pelikhan with @Copilot in #41762
  • PR Triage: include same-repo Copilot PRs in eligibility scope by @pelikhan with @Copilot in #41783
  • fix: extend MODEL_NOT_SUPPORTED_PATTERN to catch 404 standalone "Model not found" by @pelikhan with @Copilot in #41792
  • Lazy-load GitHub toolset permissions JSON via sync.Once by @pelikhan with @Copilot in #41755
  • perf(bench): isolate CompileMCPWorkflow benchmark from non-compilation overhead by @pelikhan with @Copilot in #41782
  • Add daily detection analysis report workflow by @pelikhan with @Copilot in #41802
  • ambient-context: compress shared prompts and fix tone conditional syntax by @pelikhan with @Copilot in #41805
  • Fix Copilot log parser for wireApi=responses format; surface tool response previews by @pelikhan with @Copilot in #41767
  • Reduce ParseWorkflow overhead by optimizing model-alias cycle detection by @pelikhan with @Copilot in #41772
  • Add runtime policy guard for create-pull-request safe outputs by @pelikhan with @Copilot in #41771
  • Migrate CLI stderr status output to stderr-aware pkg/console helpers across six commands by @pelikhan with @Copilot in #41773
  • chore(deps): bump charmbracelet/x/exp/golden pseudo-version (Jun 2 β†’ Jun 22) by @pelikhan with @Copilot in #41810
  • fix: prevent double-escape of custom MCP server env/header secrets in generated lock files by @pelikhan with @Copilot in #41801
  • Raise agent sandbox hardening baseline to 50% of eligible workflows by @pelikhan with @Copilot in #41786
  • refactor(workflow): consolidate duplicate runtime action repo maps by @pelikhan with @Copilot in #41809
  • [docs] Self-healing documentation fixes from issue analysis - 2026-06-27 by @github-actions[bot] in #41816
  • fix: treat .github/ paths as repo-root-relative in nested bundle manifests by @mnkiefer with @Copilot in #41790

Full Changelog: v0.81.4...v0.81.5

Contributors

pelikhan, dsyme, and mnkiefer
Assets 17
Loading