v0.82.12
Pre-release
Pre-release
Immutable
release. Only release title and notes can be modified.
π Release Highlights
This release brings usability improvements to gh aw add, important security fixes for agent sandboxing, and a wave of internal refactoring that strengthens the codebase quality and consistency.
β¨ What's New
gh aw addbootstrap by default β The package manifestconfigbootstrap flow now runs automatically when adding a new workflow, reducing manual setup steps.- Enhanced GitHub host detection β PAT creation and setup commands now correctly detect GitHub host variants, improving multi-environment setups.
- New
mapclearlooplinter β Automatically replaces range-delete loops with the idiomaticclear(m)call, keeping generated Go code clean and modern.
π Bug Fixes & Improvements
- Agent sandbox credential isolation β Job-output credential env vars are now correctly excluded from the agent sandbox (
--exclude-env), preventing inadvertent credential leakage. - External threat detection β Custom engine base URLs and allowlist propagation are now properly honored, fixing false-negative detections in custom environments.
- SHA-pinned action version comments β Fixed a bug where version comments were lost when
SkipHardcodedFallbackwas set, restoring full audit traceability. - MAI model update β Updated to
mai-code-1-flash-pickerwith improved sandbox test isolation. - ESLint error-handling normalization β Consistent error-handling patterns in
actions/setup/jsimprove reliability of generated JavaScript setup steps. - Release PR comment throttling β Rate-limit-safe posting prevents secondary rate limit errors during busy release cycles.
π§ Internal
Extensive refactoring this release: unified token-usage metrics (TokenCoreMetrics), options-struct patterns to eliminate excessive function parameters, shared analysis base types, and consolidated AST predicates across linters.
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
Generated by π Release Β· 16.7 AIC Β· β 7.6K
What's Changed
- Run package manifest
configbootstrap flow by default ingh aw addby @mnkiefer with @Copilot in #46041 - Throttle release PR comment posting to avoid secondary rate limits by @pelikhan with @Copilot in #46081
- refactor: extract TokenCoreMetrics to unify token-usage quartet by @pelikhan with @Copilot in #46059
- Replace positional boolean params with named option structs in workflow helpers by @pelikhan with @Copilot in #46064
- [linter-miner] feat(linters): add mapclearloop linter β replace range-delete loops with clear(m) by @github-actions[bot] in #46060
- refactor: introduce options structs to eliminate excessivefuncparams linter violations by @pelikhan with @Copilot in #46065
- Extract shared AnalysisBase from DomainAnalysis/FirewallAnalysis by @pelikhan with @Copilot in #46063
- Extract shared base for access and firewall log summaries by @pelikhan with @Copilot in #46079
- fix: update MAI model to mai-code-1-flash-picker and fix sandbox test isolation by @pelikhan with @Copilot in #46052
- Fix external threat detection to honor custom engine base URLs and allowlist propagation by @pelikhan with @Copilot in #46077
- [log] Add debug logging to workflow and CLI helpers by @github-actions[bot] in #46124
- refactor: consolidate duplicate byte/string AST predicates into linters astutil by @pelikhan with @Copilot in #46108
- Enhance GitHub host detection for PAT creation and setup commands by @mnkiefer in #46128
- fix: SHA-pinned actions lose version comment when SkipHardcodedFallback is set by @pelikhan with @Copilot in #46122
- [community] Update community contributions in README by @github-actions[bot] in #46116
- [yamllint-fixer] Trim trailing whitespace and cap blank runs in inlined prompt content by @github-actions[bot] in #46123
- fix(eslint): normalize error-handling patterns in actions/setup/js by @pelikhan with @Copilot in #46101
- fix: exclude job-output credential env vars from agent sandbox (--exclude-env) by @pelikhan with @Copilot in #46076
Full Changelog: v0.82.11...v0.82.12