Skip to content

v0.82.0

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 Jun 17:02
· 51 commits to main since this release
Immutable release. Only release title and notes can be modified.
v0.82.0
be745b1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release brings a new Copilot Canvas extension for agentic workflow operations, significant dashboard improvements, experimental LSP frontmatter support, and an expanded ESLint Factory with new safety rules.

✨ What's New

  • 🎨 Copilot Canvas Extension β€” A new project-scoped GitHub Copilot canvas extension (agentic-workflows-dashboard) lets you browse workflow definitions and runs, review safe markdown step summaries, and dispatch workflows directly from the Copilot chat panel. (#42137)

  • πŸ“Š Dashboard: Experiments Tab β€” The dashboard canvas now surfaces A/B experiment branch data via a dedicated Experiments tab backed by gh aw experiments list. (#42213)

  • πŸ“ˆ Dashboard: Usage Reporting & Continuation-Aware Log Windows β€” Run details now include token usage reporting and context-aware log windows that track continuation state. (#42226)

  • πŸ”¬ Dashboard: Audit Data with Progressive Disclosure β€” Run detail panels now surface structured audit data inline, with progressive disclosure to keep the view clean. (#42269)

  • πŸ› οΈ LSP Frontmatter Support (Experimental) β€” Workflows can now declare lsp: frontmatter configuration so Copilot CLI automatically receives generated lspServers config and required server dependencies during agent setup. Non-Copilot engines fail fast with a clear error. (#41777)

  • πŸ“ ESLint Factory β€” New Safety Rules β€” Three new rules land in the ESLint Factory: no-unsafe-catch-error-property (flags unsafe .message, .stack, .status, .cause, .name access), no-unsafe-promise-catch-error-property (same for promise .catch() callbacks), and require-parseInt-radix (enforces explicit radix argument). (#42057, #42221, #41961)

  • πŸ” Templatable report-failure-as-issue β€” Reusable workflows can now parameterize the safe-outputs.report-failure-as-issue field without post-compile lock-file edits, enabling flexible failure reporting across shared workflow definitions. (#41821)

  • πŸ“ Repo-Local Instruction Overlays β€” Installed gh-aw agents now support repo-local instruction overlay files, allowing per-repository customization of agent behavior without forking upstream workflows. (#42053)

πŸ› Bug Fixes & Improvements

  • Safe-outputs set_issue_type β€” Fixed incorrect GraphQL query and field name in the set_issue_type intent path. (#42232)
  • MCP Gateway config β€” Fixed invalid JSON escape sequences in GitHub remote MCP gateway config generation. (#41864)
  • Setup cleanup β€” gh aw setup now properly cleans up root-owned /tmp/awf-*-chroot-home directories. (#41852)
  • Copilot HTTP 400 failures β€” HTTP 400 responses from Copilot are now surfaced in workflow conclusions rather than silently discarded. (#42228)
  • dispatch-repository key β€” Enforced canonical dispatch-repository safe-output key and deprecated the underscore alias dispatch_repository. (#42150)
  • Audit job steps β€” Structured audit output now correctly populates individual job step data. (#42222)
  • Enterprise host context β€” Enterprise host configuration is now properly propagated into the curated DIFC/CLI proxy environment. (#41912)

πŸ“š Documentation

  • Corrected gh aw mcp add argument order in the setup guide. (#42272)
  • Added dedup checklist, PR escalation guidance, and linked-reference patterns to developer docs. (#42111)
  • Added Agent Finder discovery guidance with direct REST API examples for skill selection. (#42078)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by πŸš€ Release Β· 35.4 AIC Β· ⊞ 7.7K

What's Changed

  • fix: apply_samples derivePrHeadRef uses target-repo config for siderepo PR lookups by @dsyme with @Copilot in #41295
  • Enable templatable report-failure-as-issue and shared-workflow propagation by @pelikhan with @Copilot in #41821
  • Add nolint suppression parity for 5 remaining gh-aw analyzers by @pelikhan with @Copilot in #41849
  • fix(fmterrorfnoverbs): treat %% as escaped literal, not a real verb by @pelikhan with @Copilot in #41850
  • [instructions] Sync instruction files with release v0.81.6 by @github-actions[bot] in #41871
  • [spec-extractor] Update package specifications for envutil, fileutil, gitutil, logger by @github-actions[bot] in #41873
  • [docs] Consolidate developer specifications: v9.19 maintenance tone scan by @github-actions[bot] in #41887
  • [docs] Update editor preview screenshots – 2026-06-27 by @github-actions[bot] in #41868
  • Fix invalid JSON escapes in GitHub remote MCP gateway config generation by @pelikhan with @Copilot in #41864
  • Bump Claude Code to 2.1.195 and Codex to 0.142.3 by @pelikhan with @Copilot in #41865
  • fix(log_parser_bootstrap): guard Claude guardrail with safeOutputEntriesCount escape hatch by @pelikhan with @Copilot in #41886
  • fix(setup): clean up root-owned /tmp/awf-*-chroot-home directories by @pelikhan with @Copilot in #41852
  • Gate CI coverage uploads behind code-quality opt-in variable by @pelikhan with @Copilot in #41922
  • Add Copilot-only lsp frontmatter support with schema, codegen, engine guardrails, and LSP instructions (experimental) by @pelikhan with @Copilot in #41777
  • Strengthen anomaly detector edge coverage and remove order-dependent test behavior by @pelikhan with @Copilot in #41916
  • [linter-miner] linter: add httpstatuscode analyzer β€” flag magic HTTP status code literals by @github-actions[bot] in #41914
  • [formal-spec] Add OTEL observability formal compatibility test suite (v0.4.0 L1/L2) by @pelikhan with @Copilot in #41906
  • Add run-again footer hints for slash and label command triggers by @pelikhan with @Copilot in #41920
  • refactor: extract shared CLI engine execution logic; make Pi backend resolution configurable by @pelikhan with @Copilot in #41921
  • fix(changeset): restrict safe-outputs allowed-files to .changeset/*.md by @pelikhan with @Copilot in #41937
  • [caveman] Optimize instruction verbosity β€” memory.md, mcp-clis.md (2026-06-27) by @github-actions[bot] in #41943
  • safeoutputs: disambiguate submit_pull_request_review.event from action by @pelikhan with @Copilot in #41948
  • Establish ESLint Linter Factory for actions/setup/js and add dedicated ESLint daily workflows by @pelikhan with @Copilot in #41938
  • pr-sous-chef: auto-resolve outdated addressed review threads via thread-resolver sub-agent by @pelikhan with @Copilot in #41959
  • feat(ambient-context): trim prompt size in daily-code-metrics, test-quality-sentinel, smoke-copilot-aoai-entra by @pelikhan with @Copilot in #41960
  • eslint-factory: add hasSuggestions, enriched diagnostic message, and try/catch suggest fix by @pelikhan with @Copilot in #41966
  • [eslint-miner] feat(eslint): add require-parseInt-radix rule β€” ESLint Miner 2026-06-27 by @github-actions[bot] in #41961
  • Clarify LSP capabilities and prompt patterns in lsp.md for authoring efficiency by @pelikhan with @Copilot in #41977
  • Add ready_for_review workflow for Impeccable (needex) skills-based PR review by @pelikhan with @Copilot in #41978
  • Moving ESLint factory to new location by @pelikhan with @Copilot in #41975
  • eslint-factory: fix require-json-parse-try-catch to catch computed JSON["parse"] access by @pelikhan with @Copilot in #42000
  • Bump gh-aw-firewall to v0.27.12 and gh-aw-mcpg to v0.3.31 by @lpcox with @Copilot in #41945
  • [community] Update community contributions in README by @github-actions[bot] in #41996
  • fix(httpstatuscode): replace spelling-based gating with type-aware detection by @pelikhan with @Copilot in #42009
  • [docs] Update dictation skill instructions by @github-actions[bot] in #42024
  • Extend require-parseInt-radix to computed and global-object parseInt calls by @pelikhan with @Copilot in #42027
  • Refactor duplicated update-check state helpers and centralize repo/API normalization by @pelikhan with @Copilot in #41985
  • eslint-factory: complete test suite for require-parseInt-radix by @pelikhan with @Copilot in #42042
  • [aw] Add missing Bash tool allowances for Daily Rendering Scripts Verifier by @pelikhan with @Copilot in #42039
  • fix(go-logger): avoid ARG_MAX overflow in manifest build step by @pelikhan with @Copilot in #42041
  • Allow Daily Safe Output Integrator to create its temp coverage script by @pelikhan with @Copilot in #42028
  • fix: typed error for workflows-scope rejection in review/fallback branch push by @pelikhan with @Copilot in #42001
  • eslint-factory: add require-parseInt-radix suggestion fix and correct docs URL by @pelikhan with @Copilot in #42047
  • Harden Impeccable Skills Reviewer against external skill source failures by @pelikhan with @Copilot in #42043
  • [jsweep] Clean ai_credits_context.cjs by @github-actions[bot] in #42008
  • [aw] Fix Daily Hippo Learn hippo tool invocation for CLI-proxy environments by @pelikhan with @Copilot in #42045
  • audit: count workflow failure when telemetry is unavailable by @pelikhan with @Copilot in #42046
  • lint-monster: replace magic firewall status codes and collapse codemod helper args via options struct by @pelikhan with @Copilot in #42049
  • [spec-extractor] Update package specifications for envutil, fileutil, gitutil, logger by @github-actions[bot] in #42058
  • eslint-factory: add no-unsafe-catch-error-property rule by @pelikhan with @Copilot in #42057
  • [q] Require explicit unresolved-review thread list in PR sous-chef nudges by @pelikhan with @Copilot in #42056
  • Reduce zizmor template-injection signal in generated usage-summary run step by @pelikhan with @Copilot in #42048
  • [actions] Refresh GitHub Actions pins and workflow references by @pelikhan with @Copilot in #42044
  • fix(eslint-factory): isInsideTryBlock unsound for deferred callbacks by @pelikhan with @Copilot in #42060
  • [q] Switch copilot-cli-deep-research safe output from discussion to issue by @pelikhan with @Copilot in #42069
  • Enable multi-pass continuation for long-running security/spec/blog workflows by @pelikhan with @Copilot in #42072
  • Add Agent Finder discovery guidance and direct REST API examples for skill selection by @pelikhan with @Copilot in #42078
  • Make "add this workflow" footer summary less prominent using <sub> style by @pelikhan with @Copilot in #42084
  • Propagate workflow frontmatter features into aw_info.json by @pelikhan with @Copilot in #42068
  • PR Sous Chef: move pr-processor sub-agent to Haiku and lock it in contracts by @pelikhan with @Copilot in #42088
  • Improve agent-persona-explorer: add non-technical personas and systematic cache-memory rotation by @pelikhan with @Copilot in #42085
  • [workflow-style] Normalize report formatting guidance across reporting workflows by @pelikhan with @Copilot in #42097
  • fix: pin grumpy-coder subagent to inherited model in PR Code Quality Reviewer by @pelikhan with @Copilot in #42096
  • Reduce Avenger run-loop pressure by switching to Haiku and inlining prompt guidance by @pelikhan with @Copilot in #42099
  • Fix centralized workflow dispatch API usage and status comment attribution by @pelikhan with @Copilot in #42077
  • [docs] docs: unbloat sharing workflows guide by @github-actions[bot] in #42110
  • docs(aw): add dedup checklist, PR escalation guidance, and linked-reference pattern by @pelikhan with @Copilot in #42111
  • Propagate enterprise host context into curated DIFC/CLI proxy env by @lpcox with @Copilot in #41912
  • [aw] Agent Persona Explorer: fix cache-memory history path to prevent false cache_memory_miss by @pelikhan with @Copilot in #42112
  • [WIP] Fix failing GitHub Actions job Integration: Workflow Features by @pelikhan with @Copilot in #42113
  • Add forecast compliance fixtures and wire AWF config source drift pre-check by @pelikhan with @Copilot in #42107
  • Raise sandbox.agent.sudo: false coverage to 80% of workflows by @pelikhan with @Copilot in #42119
  • [linter-miner] linter: add osgetenvlibrary β€” flag os.Getenv/LookupEnv in library packages by @github-actions[bot] in #42115
  • Add repo-local instruction overlays for installed gh-aw agents by @pelikhan with @Copilot in #42053
  • Render slash-command footer hints for custom safe-output footers by @pelikhan with @Copilot in #42117
  • Reduce ambient-context token bloat in daily metrics and test-quality workflows by @pelikhan with @Copilot in #42127
  • Fix Copilot events parser to render structured tool result payloads by @pelikhan with @Copilot in #42116
  • [caveman] Optimize instruction verbosity β€” report.md (2026-06-28) by @github-actions[bot] in #42131
  • Restore GitHub MCP access in Daily Team Evolution Insights by @pelikhan with @Copilot in #42132
  • [aw] Prevent Daily Safe Output Integrator from tripping tool-denial guardrail by @pelikhan with @Copilot in #42133
  • Increase Daily Code Metrics asset upload limit to match full_detail chart output by @pelikhan with @Copilot in #42134
  • Prevent step-summary conversation truncation when agent output contains fenced code by @pelikhan with @Copilot in #42118
  • Add patchdiff.githubusercontent.com to GitHub network domain set by @pelikhan with @Copilot in #42136
  • Use gh skill install --all in skill review workflows by @pelikhan with @Copilot in #42138
  • Update Code Scanning Fixer to process all alerts by severity by @pelikhan with @Copilot in #42139
  • pr-sous-chef: schedule merge-main skill when branch is CONFLICTING by @pelikhan with @Copilot in #42142
  • Reinstall chart libraries in shared trending setup to prevent audit chart generation failures by @pelikhan with @Copilot in #42144
  • Add create-canvas skill for cloud agent canvas extension authoring by @pelikhan in #42147
  • Add a Copilot Canvas extension for agentic workflow operations by @pelikhan with @Copilot in #42137
  • Bump mcpg to v0.3.32 and firewall to v0.27.13 by @lpcox in #42146
  • [blog] Weekly blog post – 2026-06-29 by @github-actions[bot] in #42167
  • [log] Add debug logging to five pkg/cli files by @github-actions[bot] in #42170
  • [compiler-threat-spec] spec: bump compiler-threat-detection-spec to v1.0.14 (CTR-020) by @github-actions[bot] in #42169
  • [community] Update community contributions in README by @github-actions[bot] in #42159
  • refactor: consolidate reinvented semver helpers into pkg/semverutil by @pelikhan with @Copilot in #42156
  • [spec-review] Update Safe Outputs conformance checker for recent spec changes by @github-actions[bot] in #42184
  • [code-simplifier] Consolidate dashboard status label mapping and align pagination slice style by @pelikhan with @Copilot in #42180
  • fix: apply 13 lint-monster correctness/style findings (2026-06-29) by @pelikhan with @Copilot in #42165
  • fix: resolve osgetenvlibrary lint findings in boundary-layer packages by @pelikhan with @Copilot in #42163
  • [jsweep] Clean unified_timeline.cjs by @github-actions[bot] in #42176
  • Allow code-simplifier to modify .github/extensions/** without request_review by @pelikhan with @Copilot in #42203
  • fix: rebuild wasm and update golden files for AWF v0.27.13 by @pelikhan with @Copilot in #42208
  • hardcodedfilepath: detect full fmt directives (incl. %x) and ignore escaped %% by @pelikhan with @Copilot in #42178
  • [instructions] Sync instruction files with release v0.81.6 by @github-actions[bot] in #42210
  • Enforce canonical dispatch-repository safe-output key (deprecate underscore alias) by @pelikhan with @Copilot in #42150
  • Pin PR Code Quality Reviewer sub-agent to a supported Copilot model by @pelikhan with @Copilot in #42209
  • feat(dashboard): add Experiments tab backed by gh aw experiments list by @pelikhan with @Copilot in #42213
  • Make PR Sous Chef sub-agents always run on Sonnet by @pelikhan with @Copilot in #42220
  • Update GitHub MCP Server v1.5.0, Codex 0.142.4 by @pelikhan with @Copilot in #42211
  • [spec-extractor] Update package specifications for parser, repoutil, semverutil, sliceutil by @github-actions[bot] in #42233
  • refactor(jsonschema): use ErrorKind introspection and dedup compile helper by @pelikhan with @Copilot in #42206
  • fix(safe-outputs): set_issue_type GraphQL intent path uses wrong query and field name by @pelikhan with @Copilot in #42232
  • feat(eslint-factory): add no-unsafe-promise-catch-error-property rule by @pelikhan with @Copilot in #42221
  • eslint-factory: suggestions for .stack/.code and flag computed string-literal access in no-unsafe-catch-error-property by @pelikhan with @Copilot in #42223
  • Surface Copilot HTTP 400 response failures in workflow conclusions by @pelikhan with @Copilot in #42228
  • fix(actionlint): quote RUNNER_TEMP paths and add SC2016 to AWF shellcheck disable by @pelikhan with @Copilot in #42224
  • [docs] Update glossary - weekly full scan 2026-06-29 by @github-actions[bot] in #42237
  • Populate audit job steps in structured audit output by @pelikhan with @Copilot in #42222
  • Add usage reporting and continuation-aware logs windows to the dashboard canvas by @pelikhan with @Copilot in #42226
  • fix: support max field on custom safe-jobs by @dsyme in #42250
  • eslint-factory: broaden no-unsafe-catch-error-property to flag .status, .cause, .name by @pelikhan with @Copilot in #42239
  • Sync pkg/linters spec with newly added analyzer subpackages by @pelikhan with @Copilot in #42267
  • docs(cli): correct gh aw mcp add argument order in setup guide by @pelikhan with @Copilot in #42272
  • Detect missing gh aw in dashboard and surface install guidance by @pelikhan with @Copilot in #42270
  • [dead-code] chore: remove dead functions β€” 1 function removed by @github-actions[bot] in #42275
  • Reduce tool denial failures in three high-frequency agentic workflows by @pelikhan with @Copilot in #42273
  • dashboard: surface audit data in run details with progressive disclosure by @pelikhan with @Copilot in #42269

Full Changelog: v0.81.6...v0.82.0

Contributors

pelikhan, dsyme, and lpcox
Assets 17
Loading