v0.51.8

🌟 Release Highlights

This release delivers a notable breaking change with a smooth migration path, a quality-of-life CLI improvement, and enhanced traceability in generated workflow outputs.

⚠️ Breaking Changes

• app: frontmatter key renamed to github-app: — The GitHub App token configuration key has been renamed for clarity. A codemod is included to migrate your existing workflows automatically. Run gh aw update to apply the migration. (#19295)

✨ What's New

• --no-compile flag for update and upgrade — Skip the recompilation step when updating or upgrading workflows, giving you faster iteration when you want to defer compilation. (#19325)
• History links in generated footers — Issues, pull requests, and discussions created by agentic workflows now include a ◷ history link in their footer. Clicking it opens a pre-filtered GitHub search showing all items generated by that workflow, making it easy to audit workflow output at a glance. (#19321)

📚 Documentation

• Added a cache-memory filename safety warning to the workflow authoring guide — filenames with colons (e.g. ISO 8601 timestamps) break artifact uploads on Windows runners. (#19326)
• Added an explicit GitHub MCP requirement warning for all engine types in the workflow creation guide — clarifies that the Copilot coding agent cannot access api.github.com directly and must use the GitHub MCP server. (#19327)
• General documentation refresh covering features released on 2026-03-03. (#19330)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Rename app: to github-app: with codemod by @Copilot in #19295
• Add cache-memory filename safety warning to create-agentic-workflow.md by @Copilot in #19326
• Add explicit GitHub MCP requirement warning for all engines in create-agentic-workflow.md by @Copilot in #19327
• Add --no-compile flag to update and upgrade commands by @Copilot in #19325
• [docs] Update documentation for features from 2026-03-03 by @github-actions[bot] in #19330
• Add history link to generated footers for issues, PRs, and discussions by @Copilot in #19321
• Delete zombie test files from pkg/workflow/ (batch 1 of 2) by @Copilot in #19334
• chore: delete zombie test files from pkg/workflow/ (batch 2 of 2) by @Copilot in #19335

Full Changelog: v0.51.7...v0.51.8

v0.51.7

🌟 Release Highlights

This release strengthens cross-repository workflow capabilities with flexible checkout fetch options and improved authentication, while delivering meaningful reliability fixes across safe-inputs, safe-outputs, and the gh aw status command.

✨ What's New

• Flexible checkout fetch refs — The checkout: config now accepts a fetch: option to retrieve additional Git refs after actions/checkout. Use fetch: ["*"] for all branches, fetch: ["refs/pulls/open/*"] for all open PR branches, or specify exact patterns. Agents are also given clearer context about available branches and fetch depth. This is especially useful for scheduled workflows that need to work on open pull-request branches.

• Enhanced checkout authentication — checkout: now supports github-token: (replacing the deprecated token:) and a new app: object for GitHub App-based authentication (mutually exclusive with github-token). This makes it easier to authenticate against third-party repositories with App credentials.

• app: renamed to github-app: — The workflow frontmatter field app: has been renamed to github-app: for clarity. A codemod is available via gh aw fix --write (add-comment-github-app-rename) to migrate existing workflows automatically. The old app: field remains backward-compatible.

• Agent timeout detection — When a GitHub Actions job times out (timed_out conclusion), the failure handler now detects this case and reports it in the failure issue/comment with a frontmatter hint, rather than silently skipping the event.

🐛 Bug Fixes & Improvements

• Cross-repo create_pull_request fix — The config.json consumed by the MCP server was missing target-repo and other cross-repo fields, causing cross-repository PR creation to fail. Now resolved.
• Safe-inputs MCP error diagnostics — JSON-RPC error codes are now correct and stdout/stderr are included in safe-inputs MCP handler error responses, making failures much easier to debug.
• gh aw status reliability — The compiled-status check now uses hash comparison instead of file modification times, preventing false "needs recompile" reports after git checkout.
• Serena tools now load correctly — hasMCPConfig() now recognizes Serena's languages: config key, so Serena tools are available in both Claude and Copilot engine workflows.
• Cross-repo attribution URL fix — Attribution URLs in safe-outputs handlers for cross-repo operations now point to the correct repository.
• Sentry MCP config — SENTRY_HOST now has a fallback default so the MCP Inspector Agent no longer fails to start when the env var is absent.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @dsyme for Cross-repo push-to-pull-request-branch doesn't have access to correct repo contents (#19219)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: remove unused buildCanonicalFrontmatter function by @Copilot in #19244
• chore: remove dead functions (phase 8) — parser import system by @dsyme in #19246
• [dead-code] chore: remove dead functions — 6 functions removed by @github-actions[bot] in #19257
• [code-simplifier] refactor: simplify frontmatter_hash.go after dead-code removal (#19244) by @github-actions[bot] in #19261
• Add fetch option to checkout: for cross-repo branch access by @Copilot in #19220
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #19278
• chore: remove dead functions (phase 9) — output job builders by @dsyme in #19287
• [docs] docs: remove repetitive bullet lists from custom-agent-for-aw by @github-actions[bot] in #19289
• 🔐 Add fetch option and github-token/app auth to checkout config by @dsyme in #19281
• Fix missing target-repo in config.json for cross-repo create_pull_request by @Copilot in #19284
• fix: Serena tools not loaded — add serena to agent tool permission lists by @Copilot in #19238
• fix: keep SENTRY_HOST with fallback default in sentry MCP config by @Copilot in #19285
• Fix status command: replace mtime-based compiled detection with hash comparison by @Copilot in #19280
• docs: update DEADCODE.md — document completion of dead code removal by @dsyme in #19290
• Remove unused issueReportingJobParams struct to fix lint-go CI failure by @Copilot in #19296
• Fix cross-repo attribution URL and improve update diagnostics in safe-outputs handlers by @Copilot in #19282
• fix: correct JSON-RPC error codes and include stdout/stderr in safe-inputs MCP handler errors by @Copilot in #19300
• feat: detect agent timeout and report it with frontmatter hint in failure issue/comment by @Copilot in #19307
• Replace inline runUrl constructions with buildWorkflowRunUrl helper by @Copilot in #19302
• Remove zombie skipped test functions from pkg/cli/ test files by @Copilot in #19312
• Improve test quality: migrate action_reference_test.go to testify by @Copilot in #19310
• Resolve FIXME-skipped tests in compiler_expression_size_test.go by @Copilot in #19311
• refactor: eliminate cross-package duplicate functions via shared utilities by @Copilot in #19309
• Remove copilot-requests feature flag from smoke-copilot workflow by @Copilot in #19316
• [jsweep] Clean substitute_placeholders.cjs by @github-actions[bot] in #19315

Full Changelog: v0.51.6...v0.51.7

v0.51.6

🌟 Release Highlights

This release sharpens CI inspection capabilities, fixes a critical workflow isolation bug in close-older-issues, and continues an ongoing codebase cleanup pass to reduce complexity and improve maintainability.

✨ What's New

• required_state field in gh aw checks --json — The JSON output from gh aw checks now includes a required_state field that reflects only required CI checks, filtering out optional third-party deployment statuses. This resolves a long-standing issue where non-required statuses could cause auto-merge gating to block unnecessarily. (#19161)

🐛 Bug Fixes & Improvements

• close-older-issues no longer crosses workflow boundaries — Fixed a bug where close-older-issues could inadvertently close issues opened by a different calling workflow. Each workflow now correctly scopes its issue closure to its own context. (#19200)
• gh aw audit returns absolute log paths — The logs_path field in audit responses now always returns an absolute path, preventing failures when the working directory differs from the log location. (#19163)
• CLI help text consistency — Improved help text accuracy for codemods list, --repeat semantics, disable behavior, and project new formatting to reduce confusion. (#19230)
• Report formatting normalized — ci-coach and auto-triage-issues workflows now produce consistently formatted reports. (#19228)

📚 Documentation

• Documentation updated to reflect features introduced through 2026-03-02, including glossary improvements. (#19165, #19192)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @strawgate for close-older-issues closes issues from different calling workflows (#19172)
• @samuelkahessay for gh aw checks --json collapses optional third-party failures into top-level state (#19158)
• @samuelkahessay for Auto-merge gating has no way to ignore non-required third-party deployment statuses (#19020)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Detect triggers: keyword misuse in compile with actionable error by @Copilot in #19142
• [docs] Update documentation for features from 2026-03-02 by @github-actions[bot] in #19165
• [specs] Update layout specification - 2026-03-02 by @github-actions[bot] in #19174
• Fix daily-performance-summary: switch engine from codex to copilot and sanitize xpia.md by @Copilot in #19164
• fix(audit): return absolute path for logs_path in audit response by @Copilot in #19163
• Add required_state to gh aw checks --json to isolate CI verdict from optional third-party commit statuses by @Copilot in #19161
• [docs] Update glossary - weekly full scan by @github-actions[bot] in #19192
• fix: remove unused git helper functions causing lint-go CI failure by @Copilot in #19189
• chore: update github.com/modelcontextprotocol/go-sdk v1.3.1 → v1.4.0 by @Copilot in #19203
• feat: update architecture diagram workflow to maintain scratchpad/architecture.md by @Copilot in #19212
• ci: skip go mod download on cache hit for test and integration jobs by @Copilot in #19226
• chore: update github.com/securego/gosec/v2 from v2.23.0 to v2.24.7 by @Copilot in #19217
• fix: normalize report formatting in ci-coach and auto-triage-issues workflows by @Copilot in #19228
• chore: remove dead functions (phase 5) — CLI git helpers by @dsyme in #19231
• Fix CLI help text consistency: codemods list, --repeat semantics, disable behavior, project new formatting by @Copilot in #19230
• chore: remove dead functions (phase 6) — parser frontmatter by @dsyme in #19232
• [file-diet] Refactor compiler_activation_jobs.go (1052 lines) into focused modules by @Copilot in #19229
• fix: prevent close-older-issues from closing issues across different calling workflows by @Copilot in #19200
• chore: remove dead functions (phase 7) — parser URL & schema by @dsyme in #19233
• rename: "ci: trigger CI checks" → "ci: trigger checks" by @Copilot in #19236

Full Changelog: v0.51.5...v0.51.6

v0.51.5

🌟 Release Highlights

This release focuses on security hardening, improved developer experience, and better error messaging — making workflows safer by default and easier to author correctly.

✨ What's New

• GitHub MCP server is now read-only by default — The dangerous-permissions-write feature flag has been removed; GitHub MCP access is permanently enforced as read-only. This removes an entire class of accidental write-permission exposure. Workflows using read-only: false will now receive a clear validation error. (#19092)

• github.event_name is now an allowed expression — You can now safely reference $\{\{ github.event_name }} in workflow prompts, consistent with other github.* context properties. (#19121)

• gh aw add and gh aw add-wizard are now separate commands — The add command is always non-interactive; --create-pull-request requires an interactive terminal with confirmation. A new dedicated add-wizard command handles the interactive workflow with its own --push flag. This gives cleaner, non-overlapping flag interfaces for both use cases. (#19117)

• safe-output-projects renamed to safe-output-custom-tokens — The setup input now accurately reflects its broader scope: any per-handler github-token, not just project handlers. Update your workflow configurations accordingly. (#19156)

• Better compile errors for triggers: misuse — Using triggers: instead of on: in workflow frontmatter now produces a clear, actionable error at compile time rather than silently treating the workflow as a shared import. (#19142)

🐛 Bug Fixes & Improvements

• Clean /tmp/gh-aw/ on each setup run — The setup script now removes and recreates the temporary directory before each run, preventing stale state from affecting subsequent workflow executions. (#19122)

📚 Documentation

• New FAQ entry: disabling GitHub references to prevent backlinks
• New FAQ entry: using workflows as repository rulesets

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @dsyme for github.event_name should be an allowed expression (#19120)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Add github.event_name to AllowedExpressions by @Copilot in #19121
• [WIP] Remove entire /tmp/gh-aw/ folder before setup by @Copilot in #19122
• [WIP] add command: remove --push flag, require interactive confirmation for --create-pull-request, split add/add-wizard by @Copilot in #19117
• [q] save architecture diagram to scratchpad/architecture.md by @github-actions[bot] in #19132
• docs: add FAQ entry on disabling GitHub references to prevent backlinks by @Copilot in #19135
• docs: add FAQ entry for workflows used as repository rulesets by @Copilot in #19131
• [docs] docs: remove bullet-list bloat from ephemerals guide by @github-actions[bot] in #19141
• [docs] Consolidate architecture diagram and guard policies into dev.md (v3.4) by @github-actions[bot] in #19138
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #19137
• Enforce readonly access to GitHub MCP server; remove dangerous-permissions-write feature flag by @Copilot in #19092
• [WIP] Add smoke tests for cross-repo PR creation and updates by @dsyme in #19127
• 🔑 Rename safe-output-projects to safe-output-custom-tokens by @dsyme in #19156

Full Changelog: v0.51.4...v0.51.5

v0.51.4

🌟 Release Highlights

This release focuses on security hardening, codebase health, and early multi-repository PR support — driven largely by automated agentic workflows improving themselves.

🔒 Security Fix

• Serena local mode removed due to supply chain risk — start_serena_server.sh fetched and executed unversioned code from the tip of an external repository at runtime. The unpinned execution path has been removed; only Docker container mode is supported for Serena going forward. (#19072)

✨ What's New

• Multi-repository PR support (preview) — Initial groundwork for cross-repo PR operations, including improved slug validation and updated allowed-repos error handling. (#18599)
• Daily dead code removal workflow — A new agentic workflow runs deadcode analysis daily, selects batches of unreachable Go functions, and opens PRs to remove them — keeping the codebase lean automatically. (#19111)
• GitHub MCP toolsets updated to v2.1 — The GitHub MCP toolsets mapping is now in sync with the latest upstream source, ensuring workflows have access to the most current GitHub tools. (#19058)

🐛 Bug Fixes & Improvements

• Removed duplicate JS dead code — safe_output_unified_handler_manager.cjs duplicated HANDLER_MAP from safe_output_handler_manager.cjs and was never used in production. Removing it eliminates potential confusion and reduces maintenance surface. (#19068)
• Consolidated reporting guidelines — Inline reporting guidelines duplicated across 33+ workflows have been replaced with references to the shared reporting.md, making future updates a single-file change. (#19079)

📚 Documentation

• Self-healing documentation workflow corrected outdated MCP registry URL (v0 → v0.1) and other stale references. (#19101)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @dsyme for Duplicate HANDLER_MAP in JS code - safe_output_unified_handler_manager.cjs is dead code (#19067)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Remove inline reporting guidelines from 33 workflows duplicating shared/reporting.md by @Copilot in #19079
• Remove start_serena_server.sh and Serena local mode (supply chain risk) by @Copilot in #19072
• [mcp-tools] Update GitHub MCP toolsets mapping with latest tools from source (v2.1) by @github-actions[bot] in #19058
• Remove dead code: safe_output_unified_handler_manager.cjs by @Copilot in #19068
• Beginnings of multi repo PR support by @dsyme in #18599
• [docs] Self-healing documentation fixes from issue analysis - 2026-03-01 by @github-actions[bot] in #19101
• Add daily dead code removal workflow by @Copilot in #19111
• [code-simplifier] refactor: fix orphaned comments in schema_validation.go by @github-actions[bot] in #19100
• [log] Add debug logging to parser, workflow, and cli packages by @github-actions[bot] in #19110

Full Changelog: v0.51.3...v0.51.4

v0.51.3

🌟 Release Highlights

This release delivers a new safe-output capability, two community-reported bug fixes, and a round of reliability improvements across the workflow runtime.

✨ What's New

• set-issue-type safe output — Workflows can now programmatically set the issue type on GitHub issues via safe outputs, expanding the toolkit for issue-management automation. (#18989)

🐛 Bug Fixes & Improvements

• Mixed-trigger concurrency groups fixed — Workflows with both event-based and workflow_dispatch triggers were collapsing all manual runs into a single degenerate concurrency group, causing queuing and cancellation issues. A universal || github.run_id fallback now ensures each run gets a unique group. (#19036)

• Malformed #aw_* references now warn instead of silently passing through — Temporary-ID references with typos or invalid formats were previously ignored; the handler now emits a core.warning() so problems surface at runtime rather than producing unexpected output. (#19035)

• /tmp/gh-aw directory guaranteed before activation scripts run — Activation job scripts could crash with ENOENT when /tmp/gh-aw/ had not yet been created; setup now ensures the directory exists before any workflow scripts execute. (#19040)

• CLI version bumps — Claude Code → 2.1.63, Copilot CLI → 0.0.420, Gemini CLI → 0.31.0. (#19033)

• GitHub Actions pinned versions updated (2026-03-01 pass). (#19034)

🌍 Community Contributions

A huge thank you to the community members who reported issues resolved in this release:

• @samuelkahessay for Mixed-trigger workflows collapse workflow_dispatch runs into degenerate concurrency group (#19023)
• @samuelkahessay for Malformed #aw_* references in body text pass through without validation (#19024)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [docs] Update documentation for safe-outputs concurrency-group by @github-actions[bot] in #19014
• Fix SC2086: quote stderr redirect in prompt-clustering-analysis workflow by @Copilot in #19010
• Add set-issue-type safe output type by @Copilot in #18989
• fix: ensure /tmp/gh-aw exists before activation job scripts run by @Copilot in #19040
• chore: bump CLI versions — Claude Code 2.1.63, Copilot CLI 0.0.420, Gemini CLI 0.31.0 by @Copilot in #19033
• Fix SC2295 shellcheck: quote inner pattern expansion in ci-doctor by @Copilot in #19041
• [actions] Update GitHub Actions versions - 2026-03-01 by @Copilot in #19034
• fix: align step name to Precompute (target) pattern in campaign workflow by @Copilot in #19055
• Fix degenerate concurrency group for mixed-trigger workflows by @Copilot in #19036
• Warn on malformed #aw_* references in body text by @Copilot in #19035

Full Changelog: v0.51.2...v0.51.3

v0.51.2

🌟 Release Highlights

This release improves workflow reliability with better runtime-import path handling, clearer error reporting for git push failures, and a new concurrency-group option for safe-outputs.

✨ What's New

• Safe-outputs concurrency control — The safe-outputs job now supports a concurrency-group field, giving you precise control over job concurrency and cancellation behavior. Learn more

🐛 Bug Fixes & Improvements

• runtime-import fixed for nested workflow paths — Workflows in subdirectories like .github/workflows/shared/*.md now resolve correctly via explicit sparse-checkout cone mode. (#18973)
• Clearer git push error messages — Push failures are no longer misattributed as "Failed to apply patch", making debugging significantly easier. (#18987)
• Playwright screenshot directory pre-created — Eliminates ENOENT errors when Playwright workflows capture screenshots. (#18969)
• Permission hygiene — The agent job no longer automatically injects contents: read permissions, so compiled workflows respect exactly the permissions you declare. (#18976)
• Lockdown validation moved to activation job — Requirements are validated earlier in the pipeline, providing faster feedback on misconfigured workflows. (#18971)
• Fallback issues now labeled agentic-workflows — Issues created when create_pull_request fails are correctly labeled, ensuring they appear in the parent issue aggregation logic. (#18986)

📚 Documentation

• Added reference docs for the new safe-outputs.concurrency-group field.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @DrPye for runtime-import fails for .github/workflows/* paths (resolved as workflows/*)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [jsweep] Clean check_rate_limit.cjs by @github-actions[bot] in #18970
• Fix: Pre-create Playwright screenshot directory to prevent ENOENT errors by @Copilot in #18969
• Move validateLockdownRequirements into generate_aw_info step (activation job) by @Copilot in #18971
• [file-diet] Refactor pkg/parser/import_processor.go into focused modules by @Copilot in #18974
• [docs] Update documentation for features from 2026-03-01 by @github-actions[bot] in #18982
• Remove automatic contents: read from agent job permissions by @Copilot in #18976
• fix: explicit sparse-checkout cone mode for .github/.agents to fix runtime-import on nested paths by @Copilot in #18973
• Add agentic-workflows label to fallback issues in create_pull_request.cjs by @Copilot in #18986
• Fix git push failures misattributed as "Failed to apply patch" by @Copilot in #18987
• Add concurrency-group support to safe_outputs job by @Copilot in #18993
• [docs] Update dictation skill instructions by @github-actions[bot] in #18999

Full Changelog: v0.51.1...v0.51.2

v0.51.1

🌟 Release Highlights

This release focuses on reliability and correctness — squashing several impactful bugs in the safe-outputs and safe-inputs systems, improving audit tooling, and cleaning up dead code.

✨ What's New

• footer: false support for add-comment — Workflows can now suppress the "Generated by..." footer on comments posted via the add-comment safe output handler, giving you cleaner, more controlled output (#18942)

🐛 Bug Fixes & Improvements

• MCP gateway API key quoting fixed — The /close teardown step was sending a shell-quoted API key (e.g., 'abc123') instead of the raw value, causing Authentication failed: invalid API key errors. Gateway teardown now works reliably (#18943)
• safeoutputs MCP server crash on create_pull_request fixed — A context is not defined error caused by a missing GITHUB_REPOSITORY fallback has been resolved, restoring reliable PR creation from workflows (#18939)
• Multi-line safe-inputs block scalar descriptions fixed — YAML | block scalar descriptions in safe-inputs tool definitions were only applying the comment prefix to the first line, breaking generated Python, Shell, and Go scripts at runtime (#18941)
• staged: true now propagated for safe output handlers — Per-handler staged: true config was silently ignored, causing handlers to always perform live GitHub/git operations even in dry-run mode (#18961)
• Audit MCP tool error reporting improved — failure_analysis always returned "No specific errors identified"; it has been removed in favor of surfacing real stderr output for actionable diagnostics (#18955)
• PR review buffer APPROVE/REQUEST_CHANGES fixed — A read:user scope check was causing own-PR review attempts to silently fail. The check is now replaced with an API error retry strategy (#18953)
• Azure Storage Account Key false positives eliminated — The secret redaction pattern was matching any 88-char base64 string ending in ==, flooding logs with false positives from normal agent output (#18932)

📚 Documentation

• CLI setup docs condensed and deduplicated for easier onboarding (#18950)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @srgibbs99 for Bug Report: safeoutputs MCP server crashes with context is not defined on create_pull_request
• @srgibbs99 for Bug: | block scalar description in safe-inputs breaks generated Python script
• @aaronspindler for MCP gateway /close teardown fails with invalid API key (gateway-api-key output quoted)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Merge validate context variable step into generate action info step by @Copilot in #18925
• Fix Azure Storage Account Key false positives in secret redaction by @Copilot in #18932
• Fix: multi-line block scalar descriptions in safe-inputs script generators by @Copilot in #18941
• fix: remove shell quoting (@q) from gateway-api-key step output by @Copilot in #18943
• feat: add footer: false support to add-comment safe output by @Copilot in #18942
• [instructions] Sync github-agentic-workflows.md with v0.40.1: add safe-inputs go: field by @github-actions[bot] in #18947
• [docs] Consolidate developer specifications - 2026-02-28 maintenance review by @github-actions[bot] in #18949
• [docs] docs: unbloat cli.md — remove redundant sections and condense prose by @github-actions[bot] in #18950
• dead16: remove dead functions from pkg/cli by @dsyme in #18944
• Fix context is not defined crash in safeoutputs MCP server on create_pull_request by @Copilot in #18939
• fix(pr_review_buffer): replace broken getAuthenticated check with API error retry by @Copilot in #18953
• dead17: remove 13 dead functions from pkg/cli (round 2) by @dsyme in #18966
• fix(audit): remove failure_analysis, surface stderr in MCP error messages by @Copilot in #18955
• fix: propagate per-handler staged: true to JS safe output handlers by @Copilot in #18961

Full Changelog: v0.51.0...v0.51.1

v0.51.0

🌟 Release Highlights

This release focuses on expanding safe-output capabilities, improving the activation job pipeline, and significant internal housekeeping — delivering a leaner, more reliable runtime.

✨ What's New

• Safe-output results as workflow_call outputs — Workflows using workflow_call can now expose safe-output results as reusable outputs, enabling richer composition of agentic workflows (#18914)
• Enhanced resolve-pull-request-review-thread — Now supports target, target-repo, and allowed-repos configuration, giving you precise control over cross-repo PR review thread resolution (#18891)
• Agent failure issues auto-labeled — Issues created on agent failure are automatically tagged with the agentic-workflows label for easier triage and discoverability (#18842)
• Guard policies support — Introduced guard policy configuration with schema validation (#18589, #18916)
• MCP Gateway payload path prefix configuration — Added payloadPathPrefix and payloadSizeThreshold settings for fine-grained MCP gateway control (#18617)

🐛 Bug Fixes & Improvements

• Checkout token field corrected — Fixed the checkout.github-token → checkout.token rename so actions/checkout receives the right parameter (#18878)
• Activation job directory initialization — The /tmp/gh-aw directory is now reliably created before writing aw_info.json, preventing intermittent activation failures (#18876)
• Emoji ZWJ sequences allowed — Emoji sequences like 👨💻 no longer trigger false positives in the unicode-abuse security scanner (#18793)
• MCP gateway config validation fixed — Removed the undeclared payloadSizeThreshold field that was causing validation failures (#18791)
• Safe output schema completeness — Missing cross-repo and auth properties restored to safe output schemas (#18754)
• Activation job permissions corrected — Fixed missing contents: read permission on the activation job (#18737)
• Report template headers normalized — Report headers now consistently use h3+ levels for proper rendering (#18840)

📚 Documentation

• Trigger shorthands documented — The reference now covers shorthand syntax for workflow triggers (#18764)
• Unsafe expression example replaced — A post-processing pattern example using an unsafe expression has been updated with a safe implementation (#18792)
• Automated self-healing documentation fixes applied on 2026-02-27 and 2026-02-28

🔧 Internal

This release includes an extensive dead-code removal campaign across 15+ PRs (batches 1–14 by @dsyme), removing deprecated bundler subsystems, unused helpers, dead CLI/console/validation functions, and orphaned constants. This significantly reduces binary size and maintenance surface without changing user-facing behavior.

🌍 Community Contributions

A huge thank you to the community members who reported issues resolved in this release:

• @strawgate for feat: add target config to resolve-pull-request-review-thread (#18744)
• @harrisoncramer for Your Docs Provide an Unsafe Expression (#18763)
• @Corb3nik for Fix checkout frontmatter: emit token (not github-token) for actions/checkout (#18825)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• 🔧 Fix activation job contents read permission check by @dsyme in #18737
• Add MCP Gateway payload path prefix and size threshold configuration by @claude in #18617
• feat: add guard policies support by @lpcox in #18589
• [docs] Self-healing documentation fixes from issue analysis - 2026-02-27 by @github-actions[bot] in #18743
• docs: document trigger shorthands by @eaftan in #18764
• 🧹 Remove dead CLI, console, and utility code (batch 1) by @dsyme in #18784
• 🧹 Remove dead code: bundler, CLI, and unused utilities by @dsyme in #18785
• 🧹 Remove dead code: bundler subsystem, utilities, and tests by @dsyme in #18787
• docs: replace unsafe step implementation in post-processing pattern example by @Copilot in #18792
• fix: allow emoji ZWJ sequences in unicode-abuse security scanner by @Copilot in #18793
• Remove SupportsFirewall from agentic engine interface by @Copilot in #18796
• 🧹 Remove dead code functions across multiple packages by @dsyme in #18812
• chore: remove dead validation/map helper functions (batch 5) by @dsyme in #18813
• chore: remove dead engine helper functions (batch 6) by @dsyme in #18814
• chore: remove dead domain helper functions (batch 7) by @dsyme in #18815
• chore: remove dead expression and known_needs functions (batch 8) by @dsyme in #18816
• chore: remove dead String/IsValid methods from constants (batch 9) by @dsyme in #18818
• chore: remove dead console functions (batch 10) by @dsyme in #18820
• chore: remove dead cli functions (batch 11) by @dsyme in #18822
• dead12: remove dead utility functions from 7 packages by @dsyme in #18826
• dead13: remove dead functions from parser and workflow packages by @dsyme in #18830
• dead14: remove dead functions from parser package by @dsyme in #18832
• Fix MCP gateway config validation failure caused by undeclared payloadSizeThreshold field by @Copilot in #18791
• fix(delight): normalize report template headers to h3+ by @Copilot in #18840
• feat: label agent failure issues with agentic-workflows tag by @Copilot in #18842
• Fix golden fixtures and remove unused helpers after MCP gateway payloadSizeThreshold removal by @Copilot in #18844
• Rename supportsLLMGateway bool to llmGatewayPort int and remove SupportsLLMGateway() from interface by @Copilot in #18838
• 🧹 Remove dead script stubs and utility functions across packages by @dsyme in #18846
• Update checkout front matter for current repository by @Copilot in #18713
• Move "Generate agentic run info" to activation job; merge workflow overview into it; rename activation artifact by @Copilot in #18843
• refactor: remove deprecated wrappers, dead code, and orphaned symbols by @Copilot in #18873
• Align title-prefix tool description constraints across all safe output handlers by @Copilot in #18834
• fix(USE-001): use ERR_SYSTEM constant in generate_git_patch.cjs by @Copilot in #18877
• ci: parallelize fuzz tests into 4 matrix groups (~3 min savings) by @Copilot in #18879
• Fix: Create /tmp/gh-aw directory before writing aw_info.json in activation job by @Copilot in #18876
• Fix checkout frontmatter: rename checkout.github-token to checkout.token for actions/checkout by @Copilot in #18878
• Fix missing cross-repo and auth properties in safe output schemas by @Copilot in #18754
• [code-simplifier] refactor: apply project conventions to generate_aw_info.cjs (#18876 follow-up) by @github-actions[bot] in #18890
• fix: correct test assertions in TestAgentVersionInAwInfo to use GH_AW_INFO_ env var names by @Copilot in #18892
• [docs] Self-healing documentation fixes from issue analysis - 2026-02-28 by @github-actions[bot] in #18898
• Mark tools.github.repos and tools.github.min-integrity as experimental by @Copilot in #18904
• feat: add target, target-repo, and allowed-repos to resolve-pull-request-review-thread by @Copilot in #18891
• [log] Add debug logging to 5 pkg/ files by @github-actions[bot] in #18906
• fix: correct test assertions in TestGenerateCreateAwInfoWithStaged by @Copilot in #18905
• fix(ci): skip fuzz go mod download on cache hit, add GOPROXY direct fallback by @Copilot in #18908
• Fix guard policy schema validation and sync step summary test assertions to shared CJS helper by @Copilot in #18916
• fix(test): Update TestGenerateCreateAwInfoWithStaged to assert on GH_AW_INFO_STAGED env var by @Copilot in #18913
• Fix TestAwInfoStepsFirewall: update assertions to match env var-based aw_info generation by @Copilot in #18923
• feat: expose safe-output results as workflo...

v0.50.7

🌟 Release Highlights

This release focuses on smarter workflow updates, better enterprise/OIDC integration, and improved developer experience with clearer error messages and actionable guidance when things go wrong.

✨ What's New

• gh aw update now updates all third-party actions — Previously, force-updating to the latest major version only applied to actions/* core actions. Now all actions across every org are upgraded automatically (#18707, #18692). Use --disable-release-bump to opt out and restore the previous behavior.

• Automatic OIDC/vault permission detection — Workflows using OIDC-based secret managers (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, etc.) in safe-outputs.steps now automatically receive id-token: write permission — no manual configuration required (#18701).

• Firewall block guidance with fix snippets — When the AWF firewall blocks a domain during execution, the footer now includes an actionable code snippet and a documentation link so you can resolve it immediately, rather than just listing the blocked domains (#18676).

🐛 Bug Fixes & Improvements

• Codex policy violation errors now surface in step summaries — When Codex hits a cyber_policy_violation or similar API error, the failure is now clearly reported in the step summary instead of silently producing an empty log (#18699).

• Fixed noop missing from safe-output tools prompt — noop was registered in the MCP server but never listed in the (safe-output-tools) prompt, causing safe-output workflow failures. This is now fixed for all workflows (#18647).

• Fixed context is not defined in safeoutputs MCP backend — The create_pull_request and close_pull_request handlers could fail at runtime due to an unresolved context reference. This regression is now resolved (#18646).

• Fixed Codex tool calls missing from log entries — New-format Codex logs had tool calls detected but never added to logEntries, causing the common renderer to fall back to a blank output. Rendering is now correct (#18678).

📚 Documentation

• Simplified fine-grained PAT setup — PAT creation links now pre-fill the name, description, and permissions, reducing setup friction for new users (#18662, #18682).

🔧 Tool Version Bumps

• Claude Code 2.1.62, GitHub Copilot CLI 0.0.419, Codex 0.106.0, MCP Gateway v0.1.6 (#18669)
• All actions/checkout references upgraded to v6 (#18685)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Fix smoke-trigger.yml startup_failure and missing secrets for workflow_call by @Copilot in #18629
• docs: add pre-filled URL parameters to fine-grained PAT creation links by @Copilot in #18662
• fix: include noop in safe-output tools prompt for all workflows by @Copilot in #18647
• Fix context is not defined error in safeoutputs MCP backend by @Copilot in #18646
• Enhance firewall blocked domains footer with fix snippet and docs link by @Copilot in #18676
• refactor(workflow): deduplicate logic, extract cross-engine helpers, fix interface bypass by @Copilot in #18671
• Fix Codex new-format tool calls missing from logEntries for common renderer by @Copilot in #18678
• docs: update fine-grained PAT repository access instructions for Copi… by @mnkiefer in #18682
• Upgrade actions/checkout to v6 across the repo by @Copilot in #18685
• chore: bump CLI tool versions — Claude Code 2.1.62, Copilot 0.0.419, Codex 0.106.0, MCP Gateway v0.1.6 by @Copilot in #18669
• fix: surface Codex model access blocked errors in step summary by @Copilot in #18699
• feat: update command always updates core actions (actions/*) to latest major version by @Copilot in #18692
• Auto-detect OIDC/vault actions in safe-outputs steps and add id-token:write permission by @Copilot in #18701
• feat: force update all actions to latest major version, add --disable-release-bump flag by @Copilot in #18707

Full Changelog: v0.50.6...v0.50.7