v0.48.3

🌟 Release Highlights

This release focuses on reliability improvements to the safe-outputs pipeline and workflow tooling, ensuring failures surface cleanly and findings remain actionable.

🐛 Bug Fixes & Improvements

• Fail-fast mode for code-push safe outputs (#17543): When push_to_pull_request_branch or create_pull_request fails, the safe-output pipeline now stops processing subsequent outputs immediately. Previously, downstream steps like add_comment would continue running and produce misleading success-looking messages — this is now fixed.

• Workflow normalizer: single consolidated issue (#17540): The workflow-normalizer was creating parent/sub-issue hierarchies (group: true), which prevented each run's findings from being standalone actionable reports. Findings are now consolidated into a single issue per run.

🔧 Internal Improvements

• Repo memory prompt generation refactored to use runtime template files, aligning it with all other built-in prompt sections (#17544).
• Workflow functions relocated to their correct domain files for improved maintainability (#17541).

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: workflow-normalizer: remove grouping, consolidate findings in single issue by @Copilot in #17540
• refactor(workflow): relocate functions to correct domain files by @Copilot in #17541
• Refactor repo memory prompt generation to use template files by @Copilot in #17544
• Add fail-fast mode for code-push safe outputs by @Copilot in #17543

Full Changelog: v0.48.2...v0.48.3

v0.48.2

🌟 Release Highlights

This release brings meaningful improvements to the workflow authoring experience — a smarter gh aw new wizard, better safe-output tooling, and a wave of reliability fixes across MCP, activation, and compiler-generated scripts.

✨ What's New

• Smarter gh aw new command (#17450): The new-workflow wizard now auto-detects toolsets, generates dynamic safe-outputs, sets read-only permissions by default, and detects repo network access — reducing boilerplate and manual configuration.
• Improved gh aw add wizard (#17517): The add wizard now includes a merge prompt and dirty-check guard, preventing accidental overwrites when your workflow files have uncommitted changes.
• update-issue gains title-prefix support (#17512): Safe-output update-issue operations can now prepend a prefix to the issue title, enabling richer automation patterns.
• Auto-inject create-issue safe output (#17418): Workflows with no non-builtin safe outputs automatically get a create-issue safe output injected, so results are always surfaced somewhere actionable.
• Enhanced scout command (#17429, #17435): The scout command now accepts additional inputs and has an increased timeout for deep research workflows.
• Contribution-check report expiration (#17458): Contribution check reports now expire after 1 day, keeping issue trackers clean.

🐛 Bug Fixes & Improvements

• Activation job correctness (#17499, #17498): Fixed invalid needs.pre_activation.outputs.* references in activation jobs for workflows without a pre_activation step, and resolved matched_command being undefined in pre_activation outputs — eliminating actionlint failures.
• PR fallback comment (#17530): Fixed fallback comment creation on PRs when there is no activation comment, ensuring workflow results always reach the right thread.
• update-pull-request respects footer: false (#17525): The update-pull-request safe output now correctly omits the footer when footer: false is set.
• Safe-output schema validation (#17524): Parser now reports all safe-output schema failures with precise per-field line and column locations, making configuration errors much easier to diagnose.
• Shell quoting in compiled scripts (#17500): Fixed missing quotes around $GITHUB_OUTPUT in compiler-generated shell scripts (SC2086), preventing word-splitting issues in edge cases.
• MCP protocol compliance (#17419): The check_mcp_servers.sh script now implements the proper MCP handshake (ping → initialize → session ID → tools/list), improving reliability of MCP server health checks.
• Assign-to-agent key mismatch (#17396): Resolved a key mismatch (name vs default-agent) in the assign-to-agent handler that could cause agent assignment to silently fail.
• Go toolchain downloads (#17453): Added the Go ecosystem to the CLI version checker's network allowlist, fixing toolchain download failures in restricted environments.
• Multi-repo wildcard support (#17400): Refactored isRepoAllowed() into sanitize_content_core for consistent wildcard matching across multi-repo configurations.

📚 Documentation

• Fixed typos in the AI Engines reference (#17492)
• Corrected nested code fence formatting in the HTTP MCP servers authentication example (#17447)
• Added missing required sections to 7 safe output type reference pages (#17417)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• docs: add missing required sections to 7 safe output types (REQ-002) by @Copilot in #17417
• docs: hyphenate Ops pattern slugs and update cross-references by @mnkiefer in #17422
• Enhance scout command with additional inputs by @mnkiefer in #17429
• Increase scout timeout for deep research by @mnkiefer in #17435
• Auto-inject create-issue safe output when no non-builtin safe outputs are configured by @Copilot in #17418
• Add daily-rendering-scripts-verifier agentic workflow by @Copilot in #17421
• [actions] Update GitHub Actions versions - 2026-02-21 by @github-actions[bot] in #17439
• refactor: use isRepoAllowed() in sanitize_content_core for consistent multi-repo wildcard support by @Copilot in #17400
• docs: fix nested code fence in HTTP MCP servers authentication example by @Copilot in #17447
• fix: resolve assign-to-agent key mismatch (name vs default-agent) by @Copilot in #17396
• Relax brittle description assertion in live MCP registry integration test by @Copilot in #17449
• fix(cli-version-checker): add go ecosystem to network allowlist for toolchain downloads by @Copilot in #17453
• Update CLI versions: Claude Code 2.1.50, Copilot CLI 0.0.414 by @Copilot in #17448
• fix: implement proper MCP protocol (ping + initialize + session ID + tools/list) in check_mcp_servers.sh by @Copilot in #17419
• feat(contribution-check): add 1d expiration to report issues by @Copilot in #17458
• Add missing operations to safe-outputs schema $comment by @Copilot in #17461
• Remove unused git-fallback dead code from download_workflow.go by @Copilot in #17475
• Improve gh aw new command: toolsets, dynamic safe-outputs, read-only permissions, repo network detection by @Copilot in #17450
• Constrain agentic-workflows agent to single-file output by @Copilot in #17479
• Replace %v with %w for error wrapping in fmt.Errorf calls by @Copilot in #17472
• Update wasm golden fixtures for Copilot CLI 0.0.414 by @Copilot in #17478
• Add error return to MCPConfigProvider.RenderMCPConfig interface by @Copilot in #17476
• Add grouped section headers to gh aw logs help text examples by @Copilot in #17491
• Fix typos in AI Engines reference documentation by @Copilot in #17492
• fix: align step names across smoke-gemini, layout-spec-maintainer, prompt-clustering-analysis, and mergefest workflows by @Copilot in #17487
• doc(skills): Add GitHub API limitations section to github-mcp-server skill by @Copilot in #17502
• 🧙 Improve add wizard with merge prompt and dirty check by @dsyme in #17517
• .NET: Add missing new .slnx solution file by @Saibamen in #17516
• 🔧 Refactor update command and move audit to upgrade by @dsyme in #17519
• Fix SC2086: quote $GITHUB_OUTPUT in compiler-generated shell scripts by @Copilot in #17500
• Fix invalid needs.pre_activation.outputs.* references in activation job for workflows without pre_activation by @Copilot in #17499
• Add title-prefix support to update-issue safe output by @Copilot in #17512
• Add security architecture slide to slides/index.md by @Copilot in #17501
• Remove unused checkExtensionUpdate to fix golangci-lint failure by @Copilot in #17526
• 🔧 Fix fallback comment creation on PR when no activation comment by @dsyme in #17530
• fix(parser): report all safe-output schema failures with per-field line/column locations by @Copilot in #17524
• Fix actionlint matched_command undefined in pre_activation outputs by @Copilot in #17498
• fix: update-pull-request honors footer: false by @Copilot in #17525

New Contributors

• @Saibamen made their first contribution in #17516

Full Changelog: v0.48.1...v0.48.2

v0.48.1

🌟 Release Highlights

A focused polish release improving reliability and presentation quality across the board.

🐛 Bug Fixes & Improvements

• More robust summary formatting — Summaries now use 6-backtick fences, preventing escaping breakage when nested code blocks appear in agent-generated output. (#17384)
• Consistent step names — "Set up Go", "Install UV", and "Upload source" step names are now aligned across all workflows, making run logs easier to read and correlate. (#17386)

📚 Documentation

• Multiple PR creation support documented — The docs now cover the ability to create multiple pull requests in a single workflow run, helping users take full advantage of this capability. (#17388)

🎨 Presentation

• Improved slide contrast — Slide code blocks now use a light theme for better readability during projection. (#17385)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• slides: use light code block theme for projection contrast by @Copilot in #17385
• [docs] Update documentation for multiple PR creation support by @github-actions[bot] in #17388
• fix(step-names): align Set up Go, Install UV, and Upload source inconsistencies by @Copilot in #17386
• fix: use 6-backtick fences in summaries to prevent escaping breakage by @Copilot in #17384

Full Changelog: v0.48.0...v0.48.1

v0.48.0

🌟 Release Highlights

This release focuses on reliability and polish — fixing several long-standing bugs in multi-PR workflows and agent assignment, reducing log noise, and sharpening the developer experience.

🐛 Bug Fixes & Improvements

• Multi-PR runs now work correctly — When an agent called create-pull-request or push-to-pull-request-branch multiple times in a single run, only the last patch survived due to a shared /tmp/gh-aw/aw.patch overwrite. Each invocation now gets its own isolated patch file. (#17284)
• base-branch in assign-to-agent is now effective — The field was previously injected as a natural language hint rather than using the baseRef GraphQL field, meaning it had no real effect. It now uses the authoritative API mechanism. (#17347)
• Better network inference for language-specific repos — Agentic authoring on repos using ecosystems like .NET previously defaulted to network: defaults, omitting package registries (e.g. NuGet) and causing dotnet restore failures. Network configuration is now inferred more accurately from the repo's ecosystem. (#17373)
• Quieter logs for runtime-import workflows — Front matter in shared markdown files triggered a core.warning on every import despite being expected behavior. These are now debug-level logs only. (#17374)

✨ Developer Experience

• Cleaner gh aw logs --help — Orchestrator-only guidance (YAML snippets, project board tracking) has been removed from the human-facing help text, making the flags and examples much easier to find. (#17376)
• Report formatting standardized — Four workflows (pr-triage-agent, and others) now use consistent h3+ headers and <details> progressive disclosure, keeping reports readable and collapsible. (#17377)
• Smoke test and daily report issues auto-labelled — Issues created by automation workflows now receive automation and testing labels at creation time, keeping the unlabelled issue backlog near zero. (#17375)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Support multiple create-pull-request and push-to-pull-request-branch in a single run by @Copilot in #17284
• Lower front matter warning to debug log in runtime import by @Copilot in #17374
• Normalize report formatting across four workflows (h3+ headers, progressive disclosure) by @Copilot in #17377
• Trim orchestrator-only guidance from gh aw logs --help by @Copilot in #17376
• Auto-apply labels on smoke test and daily report issue creation by @Copilot in #17375
• fix: improve network ecosystem inference in agentic authoring by @Copilot in #17373
• fix: use GraphQL baseRef field for base-branch in assign-to-agent by @Copilot in #17347

Full Changelog: v0.47.6...v0.48.0

v0.47.6

🌟 Release Highlights

This release focuses on expression replacement reliability, ARM64 platform support, and improved model routing — making workflows more robust across a wider range of environments.

✨ What's New

• ARM64 Support (#17331) — Copilot smoke tests now run on ubuntu-24.04-arm, validating workflow compatibility on ARM64 runners.
• Native Model Routing (#17296) — Model selection is now routed to engines via native CLI environment variables, improving compatibility with engine-specific model configuration.
• JavaScript Global Object Shim (#17353) — Core global object shim implemented for JavaScript files, enabling better runtime compatibility in sandboxed environments.
• Improved Output Preview (#17315) — Replaced the Copilot --share flag with a JS log parser for output preview, providing more reliable workflow output visibility.

🐛 Bug Fixes & Improvements

• Expression Replacement Robustness (#17330, #17332) — Fixed two critical bugs: expressions are now replaced in all occurrences (not just the first), and a double-substitution bug in runtime import expression replacement has been resolved.
• Cache Memory Fix (#17349) — GH_AW_WORKFLOW_ID_SANITIZED is now correctly set in the update_cache_memory job environment, preventing cache key mismatches.
• GFM HTML in Issue Updates (#17346) — Inline HTML tags (e.g., <details>, <summary>) are now preserved when updating issue bodies via safe-outputs.
• Base Ref Handling (#17370) — Workflows now correctly use github.base_ref || github.ref_name for consistent branch targeting across push and pull_request events.
• Maintenance Release Tag (#17316) — Fixed agentics-maintenance incorrectly ignoring --action-tag when running in release mode.
• System Prompt Efficiency (#17314) — System prompts for /session and /md are now compressed and XML-wrapped, reducing token usage; multi-cache placeholder bug also resolved.
• Safe Outputs Auto-Targeting (#17350) — Clarified behavior for add_comment, add_labels, and add_reviewer when no workflow context is available, preventing silent failures.

📚 Documentation

• Developer documentation consolidated (v2.6) and network.md trimmed by 21% for clarity.
• Slides updated from "Research Preview" to Technical Preview status.

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Route model to engine via native CLI environment variables by @Copilot in #17296
• Fix agentics-maintenance ignoring --action-tag in release mode by @Copilot in #17316
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #17319
• [docs] Consolidate developer documentation v2.6 (2026-02-20) by @github-actions[bot] in #17321
• [docs] docs: remove bloat from network.md (21% line reduction) by @github-actions[bot] in #17327
• Copilot/update smoke labels by @pelikhan in #17329
• Compress and XML-wrap system prompts for /session and /md; fix multi-cache placeholder bug by @Copilot in #17314
• feat: add Copilot ARM64 smoke test on ubuntu-24.04-arm by @Mossaka in #17331
• Remove Copilot --share flag; use JS log parser for output preview by @Copilot in #17315
• [safeoutputs] Clarify auto-targeting behavior for add_comment, add_labels, and add_reviewer when no workflow context exists by @Copilot in #17350
• fix: add GH_AW_WORKFLOW_ID_SANITIZED to update_cache_memory job env by @Copilot in #17349
• Allow GFM inline HTML tags in update-issue body sanitization by @Copilot in #17346
• refactor: eliminate duplicate utilities and simplify engine domain API by @Copilot in #17348
• [WIP] Implement core global object shim for JavaScript files by @Copilot in #17353
• Apply documentation site CSS styles to slides by @Copilot in #17367
• 🔧 Fix base ref to use github.base_ref || github.ref_name in all workflows by @dsyme in #17370
• Update slides: Research Preview → Technical Preview by @Copilot in #17369
• fix: improve slides contrast and font sizes by @Copilot in #17372
• 🔧 Fix expression replacement to handle all occurrences by @dsyme in #17330

Full Changelog: v0.47.5...v0.47.6

v0.47.5

🌟 Release Highlights

This release focuses on safe outputs reliability and repository-awareness, adds wildcard support for repository access control, and improves the Gemini engine integration with API proxy support.

✨ What's New

• Wildcard support for allowed-repos — Repository access control now supports wildcard patterns (e.g., github/*), making it easier to grant access across an organization without enumerating every repository. Helper utilities for target-repo are standardized across all safe-output types. (#17280)

• Repository-aware assign-to-agent and create-agent-session — These safe-output types now correctly scope to the target repository, enabling cross-repo agent workflows to work reliably without manual configuration. (#17286)

• Gemini engine API proxy support — The --enable-api-proxy flag is now enabled for the Gemini engine, improving connectivity in restricted network environments. A new parse_gemini_log.cjs utility is included for log analysis. (#17245)

• CentralRepoOps documentation & example — New docs and a worked example for the CentralRepoOps pattern, helping teams centralize multi-repository operations. (Docs) (#17180, #17285)

🐛 Bug Fixes & Improvements

• Safe output validation consistency — Validation rules are now applied uniformly across all safe-output types, eliminating edge cases where some types were less strictly validated. (#17302)

• Custom footer templates fixed — Resolved an issue where the "for issue #..." suffix was incorrectly appended to custom footer templates. (#17293)

• Schema validation improvements — Added minimum: 1 enforcement for timeout-minutes and "Did you mean?" suggestions for enum violations, making configuration errors easier to diagnose. (#17297)

• Safe output documentation accuracy — Corrected documentation errors in agent instructions that could lead to incorrect safe-output usage. (#17306)

• aw.patch download path fix — Corrected the path used in push-failure fallback instructions for downloading patches. (#17267)

• Reduced token usage — The immutable security policy prompt (xpia.md) has been minimized for token efficiency without changing its security guarantees. (#17279)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• feat: add CentralRepoOps docs and first example by @mnkiefer in #17180
• [log] Add debug logging to MCP tools, workflow loader, schema triggers, and git config steps by @github-actions[bot] in #17278
• Fix incorrect aw.patch download path in push-failure fallback instructions by @Copilot in #17267
• update CentralRepoOps docs by @mnkiefer in #17285
• Minimize immutable security policy prompt (xpia.md) for token efficiency by @Copilot in #17279
• feat: wildcard support for allowed-repos and standardize target-repo helpers by @Copilot in #17280
• fix: don't append "for issue #..." suffix to custom footer templates by @Copilot in #17293
• fix: minimum:1 constraint for timeout-minutes + "Did you mean?" for enum violations by @Copilot in #17297
• Update prompting for safe outputs by @dsyme in #17300
• Make assign-to-agent and create-agent-session safe-output types repository-aware by @Copilot in #17286
• Fix safe output documentation errors in agent instructions by @eaftan in #17306
• Update instructions janitor to specifically check safe outputs for co… by @eaftan in #17301
• Enable --enable-api-proxy flag for Gemini engine and add parse_gemini_log.cjs by @Copilot in #17245
• Fix validation consistency across all safe output types by @Copilot in #17302

Full Changelog: v0.47.4...v0.47.5

v0.47.4

🌟 Release Highlights

This release focuses on reliability and correctness — tightening compiler validations, fixing several silent failure modes, and improving GitHub App token handling.

✨ What's New

• Engine environment variable overrides — You can now override agentic engine environment variables using custom secrets via engine.env, giving you fine-grained control over engine configuration without modifying workflow source. (#17211)
• Stricter compiler validation — The compiler now rejects workflows that set both tools.github.app and tools.github.github-token simultaneously, preventing ambiguous token configurations that could lead to unexpected behavior. (#17259)
• Safe-outputs completeness check — A new compiler check verifies that all registered safe-outputs are present in the tools JSON, catching mismatches at compile time rather than at runtime. (#17251)

🐛 Bug Fixes & Improvements

• GitHub App token for MCP — When a GitHub App is configured, GITHUB_MCP_SERVER_TOKEN now correctly uses the App token instead of falling back to an incorrect token. (#17253)
• Checkout branch fix — Fixed an issue where checkout used github.sha instead of the base branch, which could cause incorrect file state in certain workflow runs. (#17249)
• Silent tool drop fixed — The compiler no longer silently drops the update-issue tool when target-repo: "*" is set. (#17247)
• Safe-outputs message parsing — Resolved parsing gaps for detection-failure and agent-failure-* message types in safe-outputs schema. (#17207)
• No-break space in frontmatter — Unicode no-break whitespace (U+00A0) is now sanitized before YAML parsing, preventing subtle parse failures in copy-pasted workflow frontmatter. (#17262)
• Interactive workflow init tool fix — Corrected an invalid add_issue_comment tool reference generated during interactive workflow initialization. (#17264)

📚 Documentation

• Added a Copilot license and inference troubleshooting section to help diagnose common Copilot engine activation issues. (#17242)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Fix safe-outputs message parsing and schema gaps for detection-failure and agent-failure-* by @Copilot in #17207
• Allow overriding agentic engine env vars with custom secrets in engine.env by @Copilot in #17211
• docs: add Copilot license/inference troubleshooting section by @Copilot in #17242
• Remove duplicate section headers by @PetroSilenius in #17255
• [ca] fix: use GitHub App token for GITHUB_MCP_SERVER_TOKEN when app is configured by @github-actions[bot] in #17253
• Fix: compiler silently drops update-issue tool when target-repo: "*" is set by @Copilot in #17247
• [code-simplifier] refactor: extract setStringFromMap helper in parseMessagesConfig by @github-actions[bot] in #17258
• Add compiler check: verify all registered safe-outputs are present in tools JSON by @Copilot in #17251
• feat: reject workflows that set both tools.github.app and tools.github.github-token by @Copilot in #17259
• 🔀 Fix checkout to use base branch instead of github.sha by @dsyme in #17249
• Sanitize no-break whitespace (U+00A0) in frontmatter before YAML parsing by @Copilot in #17262
• Fix invalid add_issue_comment tool in interactive workflow init by @Copilot in #17264

New Contributors

• @PetroSilenius made their first contribution in #17255

Full Changelog: v0.47.3...v0.47.4

v0.47.3

🌟 Release Highlights

This release introduces inlined-imports mode for workflow composition, improves cross-repo agent assignment, hardens security, and updates key AI engine dependencies to their latest versions.

⚠️ Breaking Changes

• engine.steps field removed (#17106): The legacy engine.steps field is no longer supported. A migration codemod is included — run gh aw migrate to automatically update your workflows to the current schema.

✨ What's New

• Inlined-imports mode (#17023): Workflows can now use inlined-imports mode, enabling direct embedding of imported workflow content at compile time. This simplifies workflow composition and eliminates runtime import resolution overhead. Note: agent files cannot be imported with inlined-imports (a clear compilation error is now emitted, #17140).
• base-branch support for assign-to-agent (#17133): The assign-to-agent workflow now accepts a base-branch parameter, enabling cross-repo PR creation targeting specific branches — useful when agents work across multiple repositories or non-default base branches.
• Dependabot auto-fix workflow (#17137): A new built-in .github/aw/dependabot.md workflow is available for automatically fixing Dependabot PRs on generated manifest files, reducing maintenance toil.

🐛 Bug Fixes & Improvements

• Stable frontmatter hashes across platforms (#17153, #17155): Frontmatter hashes are now consistent regardless of LF vs. CRLF line endings, fixing spurious recompilation triggers on Windows and mixed-environment teams.
• Security hardening (#17183): Resolved supply chain and shell injection findings, improving the safety of workflow execution.
• Changeset improvements (#17177): The changeset generator now ignores .lock.yml files and falls back to commit messages for large diffs, producing cleaner and more accurate changelogs.

📦 Dependency Updates

• GitHub Copilot CLI → 0.0.412
• GitHub MCP Server → v0.31.0
• Claude Code → 2.1.49
• Hono → 4.12.0, devalue → 5.6.3

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [ubuntu-image] Update Ubuntu Actions runner image analysis (2026-02-20) by @github-actions[bot] in #17109
• Remove legacy engine.steps field and add migration codemod by @Copilot in #17106
• chore: bump Claude Code → 2.1.49, Copilot → 0.0.412, GitHub MCP Server → v0.31.0 by @Copilot in #17120
• Add .github/aw/dependabot.md for fixing Dependabot PRs on generated manifest files by @Copilot in #17137
• fix: update WASM golden tests for v0.0.412/v0.31.0 bump; harden CI Failure Doctor by @Copilot in #17139
• feat: implement inlined-imports mode by @Copilot in #17023
• Emit compilation error when agent file is imported with inlined-imports by @Copilot in #17140
• Update MCP server version references from v0.30.3 to v0.31.0 by @Copilot in #17146
• Trim wasm golden test suite to 3 essential fixtures by @Copilot in #17142
• Remove actions-lock.json references from dependabot and agent docs by @Copilot in #17150
• Stabilize frontmatter hash across LF/CRLF newline conventions by @Copilot in #17153
• Prevent MCP server version bump test failures by replacing hardcoded versions with constants by @Copilot in #17154
• bump hono 4.11.9→4.12.0 and devalue 5.6.2→5.6.3 by @Copilot in #17160
• parser: add newline-stable frontmatter hash regression tests by @davidahmann in #17155
• ci: consolidate 8 tiny integration matrix groups into 4 (31→23 jobs) by @Copilot in #17175
• changeset: ignore .lock.yml files and fall back to commit messages for large diffs by @Copilot in #17177
• [file-diet] Refactor pkg/cli/mcp_server.go (1372 lines) into focused modules by @Copilot in #17176
• Add base-branch support to assign-to-agent for cross-repo PR creation by @Copilot in #17133
• Delete shared/mood.md workflow and clean up all references by @Copilot in #17181
• fix: supply chain and shell injection security findings by @Copilot in #17183

Full Changelog: v0.47.2...v0.47.3

v0.47.2

🌟 Release Highlights

This release focuses on security hardening, expanded language ecosystem support, and Gemini engine reliability improvements.

⚠️ Breaking Changes

• macOS runners are now blocked in agentic workflows (#17087): Agentic workflows no longer support macOS GitHub Actions runners. If your workflows target macOS runners, switch to a Linux runner (e.g., ubuntu-latest).

🔒 Security Improvements

• Credential cleanup across workspaces (#17086): Git credentials are now recursively scrubbed from all checkouts in the workspace and /tmp/, reducing credential exposure risk between agent steps.
• No-secrets enforcement extended to engine.env (#17065): Secret detection now covers engine.env fields in addition to top-level env, preventing accidental exposure of secrets in engine configuration.
• Validate persist-credentials in checkout steps (#17081): The compiler now validates that actions/checkout steps don't set persist-credentials: true, which could leak credentials to the agent.

✨ What's New

• Expanded ecosystem domain support (#17072): Added network allowlist domains for Clojure, Elixir, Kotlin, Scala, and Zig, enabling workflows that build projects in these languages to access their package ecosystems.

🐛 Bug Fixes & Improvements

• Gemini engine reliability (#16938, #16983): Fixed Gemini engine to use .gemini/settings.json for MCP configuration (replacing the unsupported --mcp-config flag) and added --yolo for auto-approving tool executions.
• Codespaces compatibility (#16952): Resolved HTTP 404 errors when running gh aw init inside GitHub Codespaces.
• PR footer template (#17098): Fixed messages.footer template not being applied in create_pull_request safe output.
• Compile error suggestions (#17029): GH_AW_* environment variables are no longer incorrectly redacted in compile error suggestions.
• Playground editor (#17039): Fixed footer spacing in the Playground editor UI.

📚 Documentation

• Streamlined the templating guide with a leaner, more focused reference (#17003).

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Fix macOS ARM64 smoke test: permissions, Docker, and AWF install by @Mossaka in #16910
• fix: remove leftover smoke test file by @Mossaka in #16969
• Fix HTTP 404 when running gh aw init in codespaces by @Copilot in #16952
• fix: Gemini engine uses .gemini/settings.json instead of unsupported --mcp-config flag by @Copilot in #16938
• [docs] docs: debloat templating.md (-72 lines, -21.6%) by @github-actions[bot] in #17003
• [docs] Consolidate developer specifications - fix tone, add Gemini MCP config pattern (v2.5) by @github-actions[bot] in #17000
• fix: add --yolo flag to Gemini CLI for auto-approving tool executions by @Mossaka in #16983
• Fix footer spacing in Playground editor by @Mossaka in #17039
• Enforce no-secrets check on engine.env in addition to top-level env by @Copilot in #17065
• Add ecosystem domains for clojure, elixir, kotlin, scala, zig by @Mossaka in #17072
• fix: don't redact GH_AW_* env vars in compile error suggestions by @Copilot in #17029
• Recursively clean git credentials from all checkouts in workspace and /tmp/ by @Copilot in #17086
• Validate actions/checkout persist-credentials in agent job steps by @Copilot in #17081
• feat: block macOS runners in agentic workflows with FAQ entry and remove smoke-macos workflow by @Copilot in #17087
• fix: apply messages.footer template in create_pull_request safe output by @Copilot in #17098

Full Changelog: v0.47.1...v0.47.2

v0.47.1

🌟 Release Highlights

This release focuses on improved developer experience with smarter error messages, richer MCP tooling metadata, broader ecosystem support, and a more interactive Playground — plus a security patch for the MCP SDK.

✨ What's New

• WASM assets now bundled into versioned archives (#16948) — WASM release assets are packaged into a single versioned archive, making distribution and versioning of browser-side tooling cleaner and more reliable.
• Hover documentation tooltips in the Playground (#16785) — Frontmatter keys in the Playground now display inline documentation tooltips on hover, reducing the need to switch to reference docs while authoring workflows.
• MCP ToolAnnotations for all 8 server tools (#16921) — All MCP server tools now carry structured annotations, enabling MCP-compatible clients to display richer metadata and hints about tool capabilities.
• Ecosystem domain support for Deno, Java, and Python (#16903) — Network domain allowlists now include the missing ecosystem registries for Deno, Java (Maven/Gradle), and Python (PyPI), unblocking workflows that rely on these runtimes.

🐛 Bug Fixes & Improvements

• Actionable error messages for YAML/schema issues (#16907) — Schema validation errors now surface plain-language, actionable messages instead of raw YAML/JSON Schema jargon, making misconfigured frontmatter much easier to diagnose.
• Daily repo chronicle posts to Announcements (#16930) — Fixed the discussion category for the daily-repo-chronicle workflow to correctly target the Announcements category.

🔒 Security

• MCP SDK upgraded to v1.3.1 (#16923) — github.com/modelcontextprotocol/go-sdk updated to the latest security patch release.

📚 Documentation

• Brotli pre-compression guide for WASM binary (#16913) — New documentation covers how to configure brotli pre-compression for the WASM binary to optimize load performance.

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [log] Add debug logging to 5 Go files in pkg/cli and pkg/workflow by @github-actions[bot] in #16906
• Add hover documentation tooltips for frontmatter keys in Playground by @Mossaka in #16785
• Translate YAML/schema jargon into actionable error messages by @Copilot in #16907
• docs: remove emoji from CLI reference heading by @Copilot in #16924
• Document brotli pre-compression for WASM binary by @Mossaka in #16913
• feat: add missing ecosystem domains for Deno, Java, and Python by @Mossaka in #16903
• refactor(mcp): extract shared root extraction helper and disable SSE in HTTP inspector by @Copilot in #16922
• Add ToolAnnotations to all 8 MCP server tools by @Copilot in #16921
• Upgrade github.com/modelcontextprotocol/go-sdk to v1.3.1 (security patch) by @Copilot in #16923
• fix(daily-repo-chronicle): move discussion category to announcements by @Copilot in #16930
• Bundle WASM release assets into versioned archive by @Mossaka in #16948
• Bump AWF default version to v0.20.2 by @Copilot in #16920

Full Changelog: v0.47.0...v0.47.1