Download Latest Version gh-aw-wasm-v0.67.0.tar.gz (4.8 MB)
Email in envelope

Get an email when there's a new version of GitHub Agentic Workflows

Home / v0.67.0
Name Modified Size InfoDownloads / Week
Parent folder
sbom.cdx.json < 14 hours ago 3.2 MB
0
sbom.spdx.json < 14 hours ago 5.5 MB
0
windows-amd64.exe < 14 hours ago 26.2 MB
0
windows-arm64.exe < 14 hours ago 23.9 MB
0
gh-aw-wasm-v0.67.0.tar.gz < 14 hours ago 4.8 MB
0
linux-386 < 14 hours ago 24.6 MB
0
linux-arm < 14 hours ago 24.4 MB
0
linux-arm64 < 14 hours ago 23.6 MB
0
freebsd-arm64 < 14 hours ago 23.5 MB
0
linux-amd64 < 14 hours ago 25.6 MB
0
android-arm64 < 14 hours ago 25.8 MB
0
checksums.txt < 14 hours ago 1.0 kB
0
darwin-amd64 < 14 hours ago 26.1 MB
0
darwin-arm64 < 14 hours ago 24.2 MB
0
freebsd-386 < 14 hours ago 24.4 MB
0
freebsd-amd64 < 14 hours ago 25.5 MB
0
README.md < 15 hours ago 18.0 kB
0
v0.67.0 source code.tar.gz < 15 hours ago 239.5 MB
0
v0.67.0 source code.zip < 15 hours ago 241.6 MB
0
Totals: 19 Items   792.5 MB 0

🌟 Release Highlights

This release delivers a major observability milestone with full OTLP trace export support, resolves critical GitHub MCP App token authentication bugs, expands the environment variable reference documentation, and addresses a wave of community-reported issues across self-hosted runners, cross-repo workflows, and the Codex engine.

✨ What's New

📡 OTLP Trace Export (observability.otlp)

Workflows can now export structured OpenTelemetry spans to any OTLP-compatible backend (e.g. Honeycomb, Grafana Tempo, Sentry) with a single frontmatter block:

:::yaml
observability:
  otlp:
    endpoint: $\{\{ secrets.GH_AW_OTEL_ENDPOINT }}
    headers: $\{\{ secrets.GH_AW_OTEL_HEADERS }}

Every job emits setup and conclusion spans with rich attributes (gh-aw.job.name, gh-aw.workflow.name, gh-aw.engine.id, token usage, and more). Cross-job trace correlation is wired automatically — all jobs in a run share a single trace ID originating from the activation job. Dispatched child workflows inherit the parent's trace context via aw_context, giving you end-to-end visibility across composite workflow chains. When a static endpoint URL is provided, its hostname is automatically added to the AWF firewall allowlist.

📚 Environment Variable Reference

A new comprehensive Environment Variables reference section covers CLI configuration (DEBUG, GH_AW_FEATURES, …), per-phase model override variables (GH_AW_MODEL_AGENT_*), and guard policy fallback variables (GH_AW_GITHUB_BLOCKED_USERS, GH_AW_GITHUB_TRUSTED_USERS) — previously discoverable only by reading source code.

🐛 Bug Fixes & Improvements

  • GitHub MCP App token always emptyactions/create-github-app-token masks its output token and GitHub Actions runner v2.308+ silently drops masked values from job outputs, causing github_mcp_app_token to always arrive empty in the agent job (GitHub MCP server ran unauthenticated). The token is now minted directly in the agent job to avoid the cross-job output masking issue. (closes #24569)

  • Duplicate "Generate GitHub App token" step — when multiple checkout: entries fell back to the top-level github-app:, the compiler produced steps with the same name, causing a duplicate-step validation error. Each step is now uniquely named. (closes #24573)

  • Tavily MCP docs and mcp inspect missing servers — the web-search guide referenced the wrong npm package (@tavily/mcp-server@tavily/mcp) and a dead GitHub URL. Additionally, gh aw mcp inspect now correctly reports MCP servers defined in imported workflows and handles on: issues string triggers. (closes #24567)

  • repo-memory file-glob patterns silently skipping files — documentation and several built-in workflow templates incorrectly instructed agents to prefix file-glob patterns with the branch path (e.g. memory/branch-name/*.json). Patterns are matched against relative paths from the artifact directory, so bare extension patterns (*.json) are correct. All affected workflows and the reference docs have been fixed.

  • Remote workflow calls — fixed a regression that broke workflow_call triggers in cross-repository setups. (closes #24422)

  • workflow_call missing ref: in cross-repo checkout — activation job now correctly passes ref: when checking out a target repository for workflow_call triggers. (closes #20508)

  • setup.sh create_dir() fails on self-hosted Linux runnerscreate_dir() now uses sudo when the runner user lacks write access to /opt/. (closes #20283)

  • Codex engine on self-hosted runners — the vendored codex-x86_64-unknown-linux-musl binary now correctly supports --dangerously-bypass-approvals-and-sandbox. (closes #20157)

  • GH_AW_SAFE_OUTPUTS_CONFIG_PATH / GH_AW_SAFE_OUTPUTS_TOOLS_PATH not available as env vars — these paths are now written to both GITHUB_OUTPUT and GITHUB_ENV so downstream jobs can reference them as environment variables. (closes #23092)

  • agent_version: latest causes 400 Bad Request with Gemini models — version resolution now correctly handles latest for model/version combinations that do not support it. (closes #20833)

  • Runtime parameterization of frontmatter fields — compile-time frontmatter fields can now be overridden at runtime via $\{\{ vars.* }} or $\{\{ secrets.* }} expressions in supported fields. (closes #23724)

🔧 Internal

  • Shared OTLP observability config extracted into shared/observability-otlp.md, adopted by 54 workflows (30% of the repo).
  • hourly-ci-cleaner switched to the Claude engine with max-turns: 20, scoped make recompile to only when .md files changed, and added exit guardrails to eliminate the previous ~43% failure rate.
  • Token optimizer data loading moved to deterministic pre-agentic steps, removing dependency on the unreliable agentic-workflows MCP container.
🌍 Community Contributions — A huge thank you to the community members who reported issues that were resolved in this release! ### `@bbonafed` - [Ask: Runtime Parameterization of Compile-Time Frontmatter Fields](https://github.com/github/gh-aw/issues/23724) _(direct issue)_ ### `@Esomoire-consultancy-Company` - [✨ Set up Copilot instructions](https://github.com/github/gh-aw/issues/20207) _(direct issue)_ ### `@glitch-ux` - [docs: add CLI and operator environment variable reference](https://github.com/github/gh-aw/issues/24403) _(direct issue)_ ### `@grahame-white` - [BUG: Downstream 'GH_AW_SAFE_OUTPUTS_CONFIG_PATH' and 'GH_AW_SAFE_OUTPUTS_TOOLS_PATH' variables not available as env vars due to GITHUB_OUTPUT-only write](https://github.com/github/gh-aw/issues/23092) _(direct issue)_ ### `@jaroslawgajewski` - [feat: OTLP trace export from agent runtime](https://github.com/github/gh-aw/issues/24373) _(direct issue)_ ### `@johnwilliams-12` - [Activation job missing `ref:` in cross-repo checkout for workflow_call triggers](https://github.com/github/gh-aw/issues/20508) _(direct issue)_ ### `@MattSkala` - [Invalid tavily MCP search link and config in docs](https://github.com/github/gh-aw/issues/24567) _(direct issue)_ ### `@microsasa` - [agent_version: latest causes 400 Bad Request with gemini-3-pro-preview model](https://github.com/github/gh-aw/issues/20833) _(direct issue)_ ### `@Rubyj` - [setup.sh: create_dir() does not use sudo on Linux, breaks self-hosted runners where runner user lacks write access to /opt/](https://github.com/github/gh-aw/issues/20283) _(direct issue)_ ### `@straub` - [Bug: `github_mcp_app_token` activation output silently skipped — regression introduced in [#24251]](https://github.com/github/gh-aw/issues/24569) _(direct issue)_ ### `@strawgate` - [Remote workflow call still broken](https://github.com/github/gh-aw/issues/24422) _(direct issue)_ ### `@tomasmed` - [Codex engine fails on self-hosted runner: vendored codex-x86_64-unknown-linux-musl binary does not support --dangerously-bypass-approvals-and-sandbox](https://github.com/github/gh-aw/issues/20157) _(direct issue)_ ### `@yskopets` - [Bug: duplicate 'Generate GitHub App token' step in activation job when checkout + tools.github used with top-level github-app](https://github.com/github/gh-aw/issues/24573) _(direct issue)_

For complete details, see CHANGELOG.

Generated by Release · ● 2.5M

What's Changed

Full Changelog: https://github.com/github/gh-aw/compare/v0.66.1...v0.67.0

Source: README.md, updated 2026-04-05