Skip to content

v0.82.1

Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 30 Jun 22:58
Immutable release. Only release title and notes can be modified.
b5fdd69

🌟 Release Highlights

v0.82.1 focuses on a major dashboard overhaul, new workflow authoring primitives, expanded static analysis coverage, and reliability fixes across the compiler and runtime.

⚠️ Behavioral Change: sandbox.agent.sudo Defaults to false

The global default for sandbox.agent.sudo has changed from true to false (network isolation / rootless mode). Workflows that relied on elevated sandbox access must now explicitly set sandbox.agent.sudo: true. This aligns the default with the recommended security posture.

✨ What's New

  • Frontmatter skills support — Workflows can now declare SHA-pinned skills directly in frontmatter. At activation time, gh aw automatically installs them via gh skill install and wires them into the engine. Learn more (#42426, #42543)

  • Model policy controls — New models.allowed and models.disallowed frontmatter fields let you restrict which AI models a workflow can use, with environment-variable overrides for flexibility. (#41824)

  • ARC/DinD rootless topologyrunner.topology: arc-dind is now a first-class frontmatter option, enabling GitHub ARC runners with Docker-in-Docker rootless execution. (#42371)

  • branding field in aw.yml — Package manifests can now include a GitHub Actions branding block without failing schema validation. (#42454)

  • Per-model Copilot SDK wireApi — Updated for Copilot SDK v1.0.4's multi-provider BYOK registry, where transport behavior can vary by model. (#42497)

🖥️ Dashboard Overhaul

The agentic workflows dashboard received extensive polish this release:

  • TypeScript migration — Backend modules migrated from ESM .mjs to strict TypeScript, eliminating all any types and narrowing unknown (#42321, #42353)
  • Bundled into single artifacts — Alpine.js and Node.js code are now bundled into self-contained app.js — no external CDN dependencies (#42300, #42352)
  • Skeleton loaders & spinners — Loading states are now visually communicated while runs and definitions fetch (#42345)
  • Cross-session log caching — Downloaded logs are cached in a shared user-level directory, reducing redundant fetches (#42349)
  • Compact single-line rows — Definitions and Runs lists now render in tighter, more scannable single-line format (#42344)
  • Missing gh binary detection — Dashboard shows a targeted install prompt when the gh CLI is not found (#42303)
  • Fixed hang on inherited handles — Detached spawn prevents gh aw from hanging when dashboard subprocess inherits stdio handles (#42311)

🐛 Bug Fixes & Improvements

  • Fixed concurrent schedule overlapevery N minutes cron expressions are now scattered across different offsets, preventing all same-interval workflows from firing simultaneously (#42524)
  • Hardened API fallbacks — Unauthenticated api.github.com calls now carry a 30-second timeout and request context, eliminating potential goroutine hangs during compilation (#42521)
  • Fixed AWF access.log path — Firewall log analysis now correctly finds access.log in the squid-logs/ subdirectory (#42513)
  • Codex retry loop fix — Codex harness no longer retries on TPM exhaustion or unfinished-goal errors, avoiding run quota drain (#42420)
  • Better engine typo detection — Invalid engine: values now surface as the primary error rather than being masked by downstream schema failures (#42235)
  • Auto-derive checkout path: — Compiler now warns and auto-derives the path: for cross-repo checkout entries where it was missing (#42257)

🔍 New Static Analysis Rules

  • sprintfint Go linter — Flags fmt.Sprintf("%d", x) where x is int, suggesting strconv.Itoa for clarity (#42538)
  • errortypeassertion Go analyzer — Catches direct error-to-concrete type assertions and steers code toward errors.As (#42323)
  • httpnoctx enhancement — Now detects the http.NewRequest(...) + client.Do(req) path, not just helper functions (#42536)
  • ESLint no-core-setoutput-non-string — Flags non-string values passed to core.setOutput, preventing type coercion bugs in Actions JavaScript (#42453)

📚 Documentation

  • Aligned gh aw CLI help text with docs for version, deploy, strict, and secrets flags (#42496)
  • Streamlined MemoryOps guide and troubleshooting common issues pages (#42533, #42308)
  • Added sandbox.agent.sudo glossary entry documenting the AWF privilege model (#42466)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🚀 Release · 64.3 AIC · ⊞ 7.7K


What's Changed

  • Use Sonnet consistently in pr-sous-chef by @pelikhan with @Copilot in #42292
  • feat: add audit logging to comment_release_prs job by @pelikhan with @Copilot in #42306
  • [docs] docs: unbloat troubleshooting common issues by @github-actions[bot] in #42308
  • Skip signed/jsweep/* branches in PR Description Updater by @pelikhan with @Copilot in #42296
  • Refactor forecast command into focused modules and isolate render helper tests by @pelikhan with @Copilot in #42274
  • fix(dashboard): button group styling and Alpine.js FOUC prevention by @pelikhan with @Copilot in #42309
  • fix(aw-dashboard): use detached spawn to prevent gh-aw hang on inherited handles by @pelikhan in #42311
  • Add maintenance view to the agentic workflows dashboard by @pelikhan with @Copilot in #42297
  • Scale MCP logs timeout for larger fetch windows by @pelikhan with @Copilot in #42295
  • feat(dashboard): detect missing gh binary and show targeted install prompt by @pelikhan with @Copilot in #42303
  • fix(contribution-check): eliminate E002 safe-output collisions and retry loops by @pelikhan with @Copilot in #42316
  • docs(aw): add compliance and design-governance patterns to authoring guidance by @pelikhan with @Copilot in #42315
  • Bundle Alpine.js into the dashboard extension by @pelikhan with @Copilot in #42300
  • Simplify gh aw status table output by @pelikhan with @Copilot in #42312
  • Prioritize invalid engine typos over downstream schema/import failures by @pelikhan with @Copilot in #42235
  • Honor global mention allowlists in add-comment sanitization by @pelikhan with @Copilot in #42313
  • Normalize report-style prompts in Priority 1 workflows (h3+ headers + <details> guidance) by @pelikhan with @Copilot in #42324
  • Migrate dashboard backend modules from ESM .mjs to strict TypeScript by @pelikhan with @Copilot in #42321
  • Allow create_pull_request bundle transport to fall back when branch pinning is unavailable by @pelikhan with @Copilot in #42318
  • dashboard: memoize binary detection and robust JSON parsing by @pelikhan in #42334
  • fix(dashboard): alert box spacing and scrollbar polish by @pelikhan with @Copilot in #42335
  • dashboard: add left margin to Counter badges by @pelikhan with @Copilot in #42337
  • dashboard: structured logging, fix cwd/spawn bugs, add build:ts + AGENTS.md by @pelikhan in #42338
  • Extract shared SafeOutputAllowBlockConfig across safe-output handlers by @pelikhan with @Copilot in #42322
  • dashboard: compact single-line rows for Definitions and Runs by @pelikhan with @Copilot in #42344
  • Add spinners and skeleton loaders to dashboard loading states by @pelikhan with @Copilot in #42345
  • fix: replace BtnGroup with gapped flex for consistent button spacing in dashboard by @pelikhan with @Copilot in #42347
  • [caveman] Optimize instruction verbosity — safe-outputs-automation, safe-outputs-content (2026-06-29) by @github-actions[bot] in #42348
  • dashboard: cache downloaded logs in a shared user-level dir across sessions by @pelikhan with @Copilot in #42349
  • feat(linters): add errortypeassertion analyzer for error-to-concrete assertions by @pelikhan with @Copilot in #42323
  • Bundle dashboard extension Node.js code into single app.js by @pelikhan with @Copilot in #42352
  • safe_outputs: set git safe.directory via process-scoped env vars before bundle branch pinning by @pelikhan with @Copilot in #41830
  • Strengthen TypeScript types in dashboard extension — eliminate any, narrow unknown by @pelikhan with @Copilot in #42353
  • Add model policy frontmatter + import unioning + env policy overrides by @pelikhan with @Copilot in #41824
  • opt(mattpocock-skills-reviewer): install only prompt-referenced skills by @pelikhan with @Copilot in #42355
  • fix: replace panic with error return in errortypeassertion linter by @pelikhan with @Copilot in #42358
  • Reduce ambient prompt footprint in Test Quality Sentinel and shared PR review config by @pelikhan with @Copilot in #42359
  • Default sandbox.agent.sudo to false (network isolation) by @pelikhan with @Copilot in #42354
  • Map models to Copilot SDK provider type instead of hardcoding "openai" by @pelikhan with @Copilot in #42351
  • Update Matt Pocock skills reviewer to current upstream skill names by @pelikhan with @Copilot in #42365
  • Remove unused engine/provider config types; fix AuthDefinition YAML tags and schema gaps by @pelikhan with @Copilot in #42357
  • feat(dashboard): require workflow selection before loading runs by @pelikhan in #42363
  • [docs] Self-healing documentation fixes from issue analysis - 2026-06-30 by @github-actions[bot] in #42374
  • feat: add runner.topology arc-dind support for ARC/DinD rootless execution by @lpcox in #42371
  • Remove in-repo agentic-workflows dashboard extension and cleanup build integrations by @pelikhan with @Copilot in #42397
  • [WIP] Fix failing GitHub Actions job for CLI Completion by @pelikhan with @Copilot in #42379
  • compiler: auto-derive and warn on missing path: for cross-repo checkout entries by @dsyme with @Copilot in #42257
  • refactor(pkg/cli): relocate isGHCLIAvailable() to git.go and upgrade getParentDir() to path.Dir by @pelikhan with @Copilot in #42395
  • [community] Update community contributions in README by @github-actions[bot] in #42401
  • [log] Add debug logging to five Go files by @github-actions[bot] in #42409
  • [aw] Raise Daily yamllint Fixer turn budget to prevent max-runs exhaustion by @pelikhan with @Copilot in #42411
  • Allow branding field in aw.yml package manifests by @mnkiefer with @Copilot in #42454
  • [docs] Update glossary - daily scan 2026-06-30 by @github-actions[bot] in #42466
  • [spec-extractor] docs(styles): add missing exported styles to Public API overview table by @github-actions[bot] in #42464
  • chore: bump gh-aw-firewall to v0.27.15 by @lpcox with @Copilot in #42408
  • [ci-coach] fix: update MCP gateway test for default network isolation mode by @github-actions[bot] in #42488
  • [code-simplifier] simplify: extract buildAllowedFieldSet helper and format replay one-liner by @github-actions[bot] in #42410
  • [jsweep] Clean workflow_metadata_helpers.cjs by @github-actions[bot] in #42415
  • Stop Codex harness retry loops on TPM exhaustion and unfinished-goal errors by @pelikhan with @Copilot in #42420
  • build(deps): bump @primer/octicons from 19.28.1 to 19.29.1 in /docs by @dependabot[bot] in #42461
  • build(deps-dev): bump @types/node from 26.0.0 to 26.0.1 in /actions/setup/js by @dependabot[bot] in #42460
  • build(deps-dev): bump @github/copilot-sdk from 1.0.1 to 1.0.4 in /actions/setup/js by @dependabot[bot] in #42463
  • build(deps): bump pdfjs-dist from 6.0.227 to 6.1.200 in /docs by @dependabot[bot] in #42457
  • Fix CJS typecheck regression in loadModelsJson cache path by @pelikhan with @Copilot in #42491
  • Update PR Sous Chef workflow and inline agent to Sonnet 4.5 by @pelikhan with @Copilot in #42492
  • Deduplicate glob-list validation across workflow validators by @pelikhan with @Copilot in #42431
  • [eslint-miner] eslint-factory: add no-core-setoutput-non-string rule by @github-actions[bot] in #42453
  • Deduplicate sandbox and MCP mount validation flow by @pelikhan with @Copilot in #42430
  • Align gh aw docs and help text for version/deploy/strict/secrets consistency by @pelikhan with @Copilot in #42496
  • Support per-model Copilot SDK wireApi via provider/model registry metadata by @pelikhan with @Copilot in #42497
  • docs: flag get_me as unusable under integration token; steer agents to github-context by @pelikhan with @Copilot in #42514
  • Add frontmatter skills support with activation-time gh skill install and engine wiring by @pelikhan with @Copilot in #42426
  • Allow full bash tool access in PR Sous Chef to prevent denial-threshold aborts by @pelikhan with @Copilot in #42518
  • optimize test-quality-sentinel: pre-fetch awk stats, 40 KB diff cap, slim prompt by @pelikhan with @Copilot in #42519
  • [docs] docs: unbloat MemoryOps guide by @github-actions[bot] in #42533
  • SPDD 2026-06-30: tighten normative requirements across 5 specs by @pelikhan with @Copilot in #42530
  • Enable threat detection on token audit/report workflows by @pelikhan with @Copilot in #42520
  • [formal-spec] Add replace-label formal model test suite (P1–P15 + edge cases) by @pelikhan with @Copilot in #42527
  • Scatter every-N-minutes schedules to reduce concurrent overlap by @pelikhan with @Copilot in #42524
  • fix: find access.log in sandbox/firewall/logs/squid-logs/ subdirectory by @pelikhan with @Copilot in #42513
  • fix: harden unauthenticated GitHub API fallbacks with context and 30s timeout by @pelikhan with @Copilot in #42521
  • Auto-label PR Triage report issues on creation by @pelikhan with @Copilot in #42535
  • set_issue_field: remove org-level issueFields fallback from field discovery query by @pelikhan with @Copilot in #42517
  • eslint-factory: remove useless rethrow from require-json-parse-try-catch suggestion by @pelikhan with @Copilot in #42537
  • [linter-miner] linter: add sprintfint — flag fmt.Sprintf("%d", x) where x is int by @github-actions[bot] in #42538
  • fix: correct gh skill install invocation for frontmatter skills by @pelikhan with @Copilot in #42543
  • Bump gh-aw-firewall to v0.27.16 and sync AWF integration artifacts by @lpcox with @Copilot in #42542
  • httpnoctx: detect context-free NewRequest + Do paths by @pelikhan with @Copilot in #42536
  • test(actionpins): improve spec_test.go coverage per testify-expert checklist by @pelikhan with @Copilot in #42551
  • [caveman] Optimize instruction verbosity — serena-tool, skills, subagents (2026-06-30) by @github-actions[bot] in #42573
  • refactor(logs): extract AggregatedSummaryBase from near-duplicate summary structs by @pelikhan with @Copilot in #42552
  • [workflow-style] Normalize daily-team-status report formatting guidance by @pelikhan with @Copilot in #42567

Full Changelog: v0.82.0...v0.82.1