🌟 Release Highlights

This maintenance release focuses on reliability improvements, CI/CD enhancements, and better developer experience with expanded smoke test coverage.

✨ What's New

🔧 Enhanced API Proxy Architecture - The API proxy now uses capability-based detection (supportsLLMGateway engine flag) instead of hardcoded engine checks, making it easier to add future engines with LLM gateway support (#15557)

🧪 Expanded Smoke Test Coverage - Claude smoke tests now support 50 conversation turns (up from 25), allowing more comprehensive validation of complex workflows with multiple test scenarios (#15565)

📋 Stricter Contribution Guidelines - The project now requires agent-based bug analysis before filing issues, improving issue quality and reducing noise. Use gh aw audit and gh aw logs for automated diagnostics (#15532)

🐛 Bug Fixes & Improvements

Cache & Artifact Naming - Fixed cache-memory and repo-memory artifacts to use sanitized workflow IDs, eliminating issues with spaces and special characters in cache keys. Cache keys now use consistent formatting like memory-smokecopilot-{run-id} instead of memory-Smoke Copilot-{run-id} (#15558)

Test Infrastructure - Added missing build tags to test files and improved HTTP 403 error handling, preventing spurious CI failures (#15526)

Permissions Optimization - Safe outputs now compute minimal required permissions based on configured outputs, reducing over-permissioning (#15518)

PR Approval Flexibility - Pull request approvals no longer require a body comment, and the footer: false setting is now properly honored (#15507)

Codespaces Documentation - Added clear warnings that gh aw secrets set doesn't work in GitHub Codespaces; users should use the GitHub UI instead (#15537)

🔧 Internal

• Fixed hash consistency test by recompiling release.lock.yml (#15538)
• Refactored API proxy capability detection to use engine registry (#15557)

For complete details, see CHANGELOG.

Generated by Release

What's Changed

• feat: prefer Announcements category by default for create-discussion by @Copilot in #15513
• Fix: Compute minimal permissions for conclusion/safe_outputs jobs based on configured safe-outputs by @Copilot in #15518
• Don't require body on PR Approval and honor footer: false by @strawgate in #15507
• Fix test build failures: add missing build tag and handle HTTP 403 by @Copilot in #15526
• Add Codespaces incompatibility note for CLI secrets command by @Copilot in #15537
• Fix hash consistency test by recompiling release.lock.yml by @Copilot in #15538
• Require agent-based bug analysis before filing issues by @Copilot in #15532
• Enable --enable-api-proxy for Claude and Codex engines by @Mossaka in #15533
• Fix cache-memory and repo-memory naming to use sanitized IDs by @Copilot in #15558
• Increase smoke-claude max-turns to 50 by @Copilot in #15565

Full Changelog: v0.43.22...v0.43.23

🌟 Release Highlights

This maintenance release focuses on improving the reliability and usability of safe outputs, particularly for GitHub Discussion and PR creation workflows, plus better security controls for lockdown mode.

✨ What's New

GitHub Discussions Default Behavior - Discussion creation now automatically defaults to "Announcements" category, which provides enhanced visibility and notification features ideal for AI-generated content. This prevents common integration-forbidden errors when using categories without announcement capabilities. Learn more

Enhanced Lockdown Mode Security - Lockdown mode now activates only when at least one custom GitHub token is configured (GH_AW_GITHUB_TOKEN, GH_AW_GITHUB_MCP_SERVER_TOKEN, or custom github-token), providing clearer security boundaries for public repository workflows. Includes runtime validation to catch misconfigurations early. Learn more

Improved Tool Context - When using update_project or create_project_status_update safe outputs, AI agents now receive the configured default project URL in tool descriptions, making it clearer which project they're operating on.

🐛 Bug Fixes & Improvements

Fixed Cross-Repository PR Creation (#15501) - When create-pull-request specifies a target-repo, git operations (checkout, fetch, push) now correctly use the target repository instead of the source repo. Previously only the PR API call used the target, causing workflow failures.

Fixed Comment Body Handling (#15508) - close_issue and close_pull_request now properly use the body field from messages for closure comments. Previously, comments were being lost due to incorrect field mapping.

Cleaner Workflow Listings (#15499) - gh aw status and gh aw list now hide internal workflows, showing only user-created workflows for better clarity.

📚 Documentation

• Added comprehensive guidance on announcement-capable categories for GitHub Discussions
• Updated cross-repository workflow examples with correct git operation patterns
• Improved lockdown mode security documentation with token configuration details

For complete details, see CHANGELOG.

Generated by Release

What's Changed

• Fix cut off border on blog post box by @eaftan in #15496
• Fix landing page header hierarchy and harmonize blog section styling by @Copilot in #15497
• Hide internal workflows from gh aw status and gh aw list by @Copilot in #15499
• Fix: Use target repository for git operations in create-pull-request by @Copilot in #15501
• [code-simplifier] Simplify close safe-output handlers by @github-actions[bot] in #15504
• Include default project URL in update_project and create_project_status_update tool descriptions by @Copilot in #15502
• Document create-discussion announcement-capable category requirement by @Copilot in #15512
• Fix close_issue/close_pull_request to use message body field by @Copilot in #15508
• lockdown: used only of one of user tokens is set by @dsyme in #15509

Full Changelog: v0.43.21...v0.43.22

🌟 Release Highlights

This release focuses on improving the developer experience with clearer messaging, better safe-output handling, and documentation enhancements.

✨ What's New

• Relaxed Temporary ID Validation - Temporary IDs now support 3-8 alphanumeric characters (previously 4-8), making it easier to create short, memorable references like aw_abc (#15482)
• Smarter Permission Validation - When GitHub MCP tools are auto-added, permission validation is now skipped to avoid unnecessary warnings (#15480)
• Enhanced Close Actions - Close safe-output tools (close_issue, close_pull_request, close_discussion) now recommend adding comments and gracefully handle already-closed entities (#15489)

📚 Documentation & UX

• Clearer Compilation Messages - Workflow compilation now provides more actionable feedback to help you understand what's happening (#15478)
• Improved Tool Descriptions - The difference between update_issue (for editing) and close_issue (for closing) is now more clearly documented (#15475)
• Better Docs Navigation - Added a centered blog link section to the documentation landing page for easier discovery (#15476)
• Updated Tutorial Video - Refreshed the Copilot PAT setup video with current instructions (#15479)

🐛 Bug Fixes

• Fixed Blog Post Border - Resolved a visual issue where borders were cut off on blog post boxes in the documentation (#15496)

For complete details, see CHANGELOG.

Generated by Release

What's Changed

• [WIP] Debug workflow failure for Smoke Claude by @Copilot in #15472
• Clarify update-issue vs close-issue tool descriptions by @Copilot in #15475
• chore: update copilot pat video by @mnkiefer in #15479
• Add centered blog link section to docs landing page by @Copilot in #15476
• Skip permission validation when tools.github auto-added by @Copilot in #15480
• Relax temporary ID validation from aw_{4,8} to aw_{3,8} by @Copilot in #15482
• 🔧 Improve workflow compilation message clarity by @dsyme in #15478
• Update close safe-output types to recommend comments and handle already-closed entities by @Copilot in #15489

Full Changelog: v0.43.20...v0.43.21

🌟 Release Highlights

This release includes an important migration notice for existing users, a new security feature flag, and improved temporary ID handling in safe outputs.

⚠️ Migration Notice

If you installed from githubnext/gh-aw, you must re-register the extension to receive future updates:

# Remove old extension
gh extension remove gh-aw

# Install from new location
gh extension install github/gh-aw

The gh-aw project has moved from githubnext/gh-aw to github/gh-aw. Users on the old channel will not receive updates unless they reinstall from the new location.

✨ What's New

• XPIA Prompt Control (#15461) - New disable-xpia-prompt feature flag allows workflows to opt out of the Cross-Prompt Injection Attack (XPIA) security prompt in agent instructions. Useful for workflows with custom security requirements:

  ---
  features:
    disable-xpia-prompt: true
  ---

🐛 Bug Fixes

• Temporary ID Resolution in Comments (#15459) - Fixed add_comment safe output handler to properly resolve temporary IDs (e.g., aw_test01) before validation. Previously, the handler attempted to parse temporary IDs as integers, causing NaN validation errors. Now follows the same resolution pattern as other handlers.

For complete details, see CHANGELOG.

Generated by Release

What's Changed

• Add disable-xpia-prompt feature flag by @Copilot in #15461
• Update CHANGELOG for gh-aw migration and bug fixes by @bmerkle in #15463
• Fix add_comment handler to resolve temporary IDs before validation by @Copilot in #15459

Full Changelog: v0.43.19...v0.43.20

🌟 Release Highlights

This release strengthens strict mode network validation, improves temporary ID handling, enhances bot detection workflows, and refines documentation for better user experience.

✨ What's New

Strict Mode Network Validation Improvements

• Ecosystem identifier suggestions - When custom domains are rejected in strict mode, error messages now suggest the appropriate ecosystem identifier (e.g., "pypi.org" → suggest "python") for easier troubleshooting
• Unified validation for all engines - Strict mode now enforces ecosystem domain validation consistently across all AI engines, including those with LLM gateway support
• Go ecosystem support - Workflows dependent on Go now have the "go" ecosystem available in network allowlists, enabling access to go.dev, golang.org, and Go module proxies

Enhanced Temporary ID System

• New alphanumeric format - Temporary IDs now use aw_[A-Za-z0-9]{4,8} format (4-8 alphanumeric characters) instead of the previous hex format, making them more readable and easier to generate
• Improved validation and normalization - Better handling of temporary ID cross-references in safe-output workflows with comprehensive documentation updates

Bot Detection & Activity Tracking

• Enhanced observability - Added detailed logging throughout bot detection workflows including contributor account loading and precompute steps
• Improved search accuracy - Refined issue and PR search queries for more accurate bot activity detection
• Better activity reporting - Enhanced tracking and reporting of bot activity patterns

🐛 Bug Fixes & Improvements

• SafeOutputMessagesConfig field merging - Fixed incomplete field merging in mergeMessagesConfig to ensure all 13 configuration fields are properly merged during workflow imports
• Strict mode test failures - Resolved failing tests related to custom network domains in strict mode by properly handling ecosystem validation
• XPIA prompt integration - Added cross-prompt injection attack (XPIA) security prompts to strengthen workflow security
• Community feedback integration - Added prominent Community Feedback link to documentation footer for easier user input

📚 Documentation

• Strict mode network validation guide - Comprehensive documentation updates explaining ecosystem identifiers, domain validation rules, and error resolution strategies
• Temporary ID reference - Enhanced documentation with clear examples of valid/invalid formats and usage patterns
• Quick-start improvements - Updated authentication instructions and fixed typos for clearer onboarding experience
• Glossary refinement - Removed unnecessary bloat from glossary for improved readability

🔧 Internal Improvements

• Multiple GitHub Actions workflow fixes and stability improvements
• Code simplification passes for better maintainability
• Test infrastructure enhancements with improved coverage
• Workflow recompilation to propagate schema and validation updates

Full Details: See CHANGELOG for complete list of changes.

Learn More: Visit gh-aw documentation for guides and references.

Generated by Release

What's Changed

• [WIP] Fix failing GitHub Actions workflow Integration: Workflow Misc Part 2 by @Copilot in #15341
• [instructions] Sync github-agentic-workflows.md with v0.40.1 changes by @github-actions[bot] in #15348
• chore: update bot detection workflow to token by @mnkiefer in #15354
• chore: update schedule and token usage by @mnkiefer in #15355
• chore: improve issue and PR search accuracy by @mnkiefer in #15356
• [docs] Update documentation for allowed-extensions default behavior by @github-actions[bot] in #15352
• refactor: improve activity tracking and reporting by @mnkiefer in #15360
• chore: add contributor account loading to bot detection workflow by @mnkiefer in #15366
• [WIP] Add flag to agentic engine interface for LLM gateway support by @Copilot in #15363
• Add observability logging to bot-detection precompute step by @Copilot in #15367
• fix: pass shared temporary ID map by @mnkiefer in #15371
• feat: enhance bot detection logging by @mnkiefer in #15376
• Fix strict mode validation failures for workflows with custom network domains by @Copilot in #15369
• Fix security regression test failing under default strict mode by @Copilot in #15368
• fix: imrpove temporary ID validation and normalization by @mnkiefer in #15392
• [WIP] Fix issues in existing tests by @Copilot in #15395
• Recompile workflows to propagate temporary ID schema updates by @Copilot in #15402
• Enhance documentation for temporary ID by @mnkiefer in #15404
• Fix permissions test: remove network config conflicting with strict mode by @Copilot in #15406
• adding xpia prompt by @pelikhan in #15414
• [WIP] Update terminology from discussions to issues by @Copilot in #15421
• Add Community Feedback link to documentation footer by @Copilot in #15423
• Enforce strict mode network domain validation for all engines by @Copilot in #15409
• Add ecosystem identifier suggestions to strict mode network validation errors by @Copilot in #15424
• [docs] Remove bloat from glossary by @github-actions[bot] in #15433
• [docs] Update documentation for strict mode network validation features from 2026-02-13 by @github-actions[bot] in #15426
• [WIP] Fix failing GitHub Actions workflow test by @Copilot in #15432
• [code-simplifier] Code Simplification - 2026-02-13 by @github-actions[bot] in #15428
• Change temporary ID format from hex to alphanumeric (4-8 chars) by @Copilot in #15419
• Fix typo in 'pre-requisites' in quick-start guide by @lindseywild in #15452
• Add Go ecosystem to network allowlist for Go-dependent workflows by @Copilot in #15454
• Fix incomplete field merging in SafeOutputMessagesConfig imports by @Copilot in #15453
• Update quick-start guide for authentication instructions by @bmerkle in #15455

New Contributors

• @lindseywild made their first contribution in #15452

Full Changelog: v0.43.18...v0.43.19

🌟 Release Highlights

This maintenance release focuses on quality improvements, enhanced debugging capabilities, and critical bug fixes for label trigger handling.

🐛 Bug Fixes

• Label trigger schema validation - Fixed invalid GitHub Actions YAML generation when using label trigger shorthand (on: pull_request labeled (label)). The compiler now correctly applies the labels field only to event types that support native GitHub Actions label filtering (#15321, #15341)

⚡ Improvements

• Activity alert refinements - Enhanced bot detection and activity monitoring with explicit allowlists for domains, accounts, and organizations. Dynamically loads repository and organization members for more accurate filtering (#15343)

• Debug logging enhancements - Added comprehensive debug logging across 5 critical workflow compilation files and removed redundant log.Enabled() conditionals for cleaner code (#15338, #15339)

• JavaScript modernization - Cleaned up add_labels.cjs with modern JavaScript patterns while maintaining full functionality and test coverage (#15336, #15337)

📚 Documentation

• Instructions sync - Updated github-agentic-workflows.md instructions to reflect v0.40.1 changes (#15348)

For complete details, see CHANGELOG.

Generated by Release

What's Changed

• chore: make bot detection agentic by @mnkiefer in #15317
• [jsweep] Clean validate_memory_files.cjs by @github-actions[bot] in #15313
• Fix label trigger schema validation for pull_request events by @Copilot in #15321
• [jsweep] Clean add_labels.cjs by @github-actions[bot] in #15336
• [log] Add debug logging to 5 workflow-related files by @github-actions[bot] in #15338
• chore: adjust activity alerts for allowed domains and accounts by @mnkiefer in #15343

Full Changelog: v0.43.17...v0.43.18

🌟 Release Highlights

This release strengthens security, improves code quality tooling, and enhances the developer experience with better documentation and automated refinement workflows.

🔒 Security Enhancements

• GitHub Lockdown Mode now enabled by default in public repositories - Automatically filters content from untrusted sources to prevent security risks in automated workflows (#15289). Learn more about Lockdown Mode
• Agentic bot detection workflow - New intelligent workflow scores accounts based on risk factors and maintains a centralized triage issue for findings (#15317)
• Command injection vulnerability patched - Fixed HIGH severity vulnerability in merge operations that could lead to arbitrary code execution (#15306)
• Firewall binary update - Bumped to v0.16.3 with latest security fixes (#15323)

✨ New Features

• Refiner workflow - Automated code style and security analysis triggered by the "refine" label. Checks alignment with repository conventions, detects malicious patterns, and identifies test coverage gaps (#15307)
• Friendly PR reviews - PR reviews now support status (approve, request changes, comment) and inline comments attached to reviews (#15299)
• Pagination improvements - Bot detection now uses github.paginate with 500-item caps to catch activity on noisy/abused PRs (#15318)

🐛 Bug Fixes & Improvements

• TypeScript type safety - Fixed TS18046 errors in error handling for unknown types (#15308)
• Test reliability - Avoided flaky assertions in read-only directory tests that failed in elevated privilege environments (#15312)
• JavaScript formatting consistency - Standardized quote styles and removed trailing whitespace across .cjs files (#15316)
• Code modernization - Cleaned up validate_memory_files.cjs with arrow functions, optional chaining, and improved type definitions (#15313)

📚 Documentation

• Safe-outputs GitHub App permissions - Documented per-job token narrowing, automatic permission scoping, and token auto-revocation (#15297). Read the guide
• Unassign-from-user safe output - Added complete documentation for removing user assignments from issues/PRs (#15310)

For complete details, see CHANGELOG.

Generated by Release

What's Changed

• 🔒 Enable GitHub Lockdown Mode Security Feature by default in public repos by @dsyme in #15289
• Document safe-outputs GitHub App permission narrowing by @Copilot in #15297
• Produce friendly PR Reviews by @strawgate in #15299
• [Security] Fix HIGH vulnerability: javascript.lang.security.detect-child-process.detect-child-process by @orbisai0security in #15306
• Add refiner workflow for automated code style and security analysis by @Copilot in #15307
• test: avoid flaky read-only dir assertion in extractZipFile by @liuxiaopai-ai in #15312
• [docs] Update documentation for unassign-from-user safe output by @github-actions[bot] in #15310
• Fix TypeScript type errors in error handling for unknown types by @Copilot in #15308
• awf v0.16.3 by @pelikhan in #15323

New Contributors

• @strawgate made their first contribution in #15299
• @orbisai0security made their first contribution in #15306
• @liuxiaopai-ai made their first contribution in #15312

Full Changelog: v0.43.16...v0.43.17

🌟 Release Highlights

This release brings essential CLI version updates and enhanced PR creation control, keeping your workflows running smoothly with the latest tooling improvements.

✨ What's New

Enhanced PR Creation Control - New fallback-as-issue configuration gives you fine-grained control over PR creation behavior. When set to false, workflows fail cleanly instead of creating fallback issues when PR creation encounters errors. Perfect for workflows where you want explicit failure handling rather than automatic issue creation. Learn more about safe outputs

🔧 Updates & Improvements

Copilot CLI 0.0.409 - Updates to the latest Copilot CLI with critical stability fixes:

• MCP cwd property now properly resolves file paths
• Crash fixes for extensive output improve long-running workflow reliability
• New list_copilot_spaces tool added to GitHub MCP configuration

Codex 0.101.0 - Latest Codex version brings performance and stability enhancements:

• Model slug stability prevents unexpected model switching during execution
• Memory management improvements reduce processing noise
• Better concurrency handling for increased reliability under load

📋 Details

Breaking Changes: None

Backward Compatibility: The fallback-as-issue field defaults to true, preserving existing behavior. Workflows without this field continue creating fallback issues as before.

Configuration Example:

safe-outputs:
  create-pull-request:
    fallback-as-issue: false  # Disable fallback issue creation

Generated by Release

What's Changed

• Update Copilot CLI to 0.0.409 and Codex to 0.101.0 by @Copilot in #15277
• Add fallback-as-issue field to disable PR creation fallback by @Copilot in #15276

Full Changelog: v0.43.15...v0.43.16

🌟 Release Highlights

This release focuses on improving the reliability and consistency of repository checkout handling in compiled workflows.

🐛 Bug Fix

Simplified Repository Checkout Logic (#15279)

• Standardized when checkout steps are automatically added to workflows
• Repository checkout now consistently included unless explicitly present in custom steps
• Improved predictability across different action modes (dev/release/script)

What Changed:

• Extracted action reference generation into a reusable getActionRef() helper function
• Streamlined shouldAddCheckoutStep() logic to use a clearer, more maintainable approach
• Updated tests to reflect the more consistent checkout behavior

Impact: This change ensures workflows reliably have access to repository code when needed, reducing potential runtime errors from missing checkout steps.

For complete details, see CHANGELOG.

Generated by Release

What's Changed

• 🔧 Fix repository checkout logic in workflow compiler by @dsyme in #15279

Full Changelog: v0.43.14...v0.43.15

🌟 Release Highlights

This maintenance release updates internal infrastructure components and fixes documentation.

🔧 Infrastructure Updates

• AWF Firewall v0.16.1 - Updated Agentic Workflow Firewall (AWF) to version 0.16.1 across all workflow lock files, ensuring improved security and stability for sandboxed agent execution

📚 Documentation

• Fixed broken link - Corrected documentation link in coding-development examples guide

For complete details, see CHANGELOG.

Generated by Release

Full Changelog: v0.43.13...v0.43.14