Download Latest Version
gh-aw-wasm-v0.74.8.tar.gz (5.5 MB)
Get an email when there's a new version of GitHub Agentic Workflows
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| windows-arm64.exe | 2026-05-05 | 25.3 MB | |
| linux-arm64 | 2026-05-05 | 25.0 MB | |
| windows-amd64.exe | 2026-05-05 | 27.8 MB | |
| linux-386 | 2026-05-05 | 26.2 MB | |
| linux-amd64 | 2026-05-05 | 27.1 MB | |
| linux-arm | 2026-05-05 | 26.0 MB | |
| freebsd-arm64 | 2026-05-05 | 25.0 MB | |
| gh-aw-wasm-v0.71.5.tar.gz | 2026-05-05 | 5.1 MB | |
| freebsd-amd64 | 2026-05-05 | 27.1 MB | |
| android-arm64 | 2026-05-05 | 27.3 MB | |
| checksums.txt | 2026-05-05 | 1.0 kB | |
| darwin-amd64 | 2026-05-05 | 27.6 MB | |
| darwin-arm64 | 2026-05-05 | 25.6 MB | |
| freebsd-386 | 2026-05-05 | 25.9 MB | |
| README.md | 2026-05-05 | 17.1 kB | |
| v0.71.5 source code.tar.gz | 2026-05-05 | 248.3 MB | |
| v0.71.5 source code.zip | 2026-05-05 | 251.0 MB | |
| Totals: 17 Items | 820.3 MB | 0 | |
🌟 Release Highlights
This release focuses on reliability and correctness across the engine.env compilation pipeline, the security check layer, and the Claude engine — with five community-reported issues resolved.
🐛 Bug Fixes & Improvements
-
Claude engine stability — Workflows using the
claudeengine no longer crash mid-session with "Fast mode unavailable".CLAUDE_CODE_DISABLE_FAST_MODE=1is now set automatically to suppress an incompatible server-side flag introduced in Claude Code 2.1.120+. -
engine.envmulti-line values — Block-scalarengine.envvalues (written with>-and extra-indented continuation lines) previously compiled to broken YAML with embedded newlines. These now compile correctly into valid multi-lineenv:entries. (Reported by@jeffhandleyin #30204) -
engine.envneedsexpressions — Custom job references inengine.envvalues (e.g.${{ needs.my_job.outputs.value }}) were silently dropped from the agent job'sneedslist, causing those expressions to evaluate to empty strings at runtime. The compiler now correctly wires these dependencies. (Reported by@jeffhandleyin #30232) -
gh aw upgradefalse BYOK warning —gh aw upgradewas incorrectly warning "Remove unsafe secrets from engine.env" forCOPILOT_PROVIDER_API_KEYandCOPILOT_PROVIDER_BEARER_TOKEN, silently stripping legitimate BYOK configuration.gh aw upgradenow matchesgh aw compilein allowing these keys. (Reported by@MauroDruwelin #30178) -
pull_request_reviewactivation signal — Workflows triggered bypull_request_reviewevents no longer silently skip the 👀 reaction andrun-startedcomment. ThebuildReactionLikeConditionallowlist now includes this event type. (Reported by@mason-timin #30336) -
Confused-deputy false positive for bot-menu patterns — The security check introduced in v0.71.4 was blocking the legitimate pattern where a bot posts a checkbox-menu comment and a human maintainer edits it to tick a box (
issue_comment:edited). The check now automatically detects[bot]-authored comments and skips the guard for that path, while keeping all otherissue_comment:createdpaths fully protected. (Reported by@theletterfin #30327)
✨ What's New
-
allow-bot-authored-trigger-commentfrontmatter option — For bots that don't follow the standard[bot]naming convention, you can now opt into the confused-deputy bypass explicitly:yaml on: issue_comment: types: [edited] allow-bot-authored-trigger-comment: true -
MCP progress notifications — The
logs,audit, andaudit-diffMCP tools now stream real-time progress updates to AI clients (Copilot, Claude) during long-running operations, eliminating silent 30+ second waits. -
MCP Gateway bump to v0.3.6 — The embedded MCP gateway has been updated to
ghcr.io/github/gh-aw-mcpg:v0.3.6with pinned digest for supply-chain safety.
🌍 Community Contributions
A huge thank you to the community members who reported issues that were resolved in this release!
### `@jeffhandley` - [Agent 'needs' does not incorporate jobs in engine.env expressions](https://github.com/github/gh-aw/issues/30232) _(direct issue)_ - [Multi-line expressions unsupported in `engine.env` values](https://github.com/github/gh-aw/issues/30204) _(direct issue)_ ### `@mason-tim` - [Activation comment / reaction not posted for `pull_request_review` triggers — `buildReactionLikeCondition` allowlist is incomplete](https://github.com/github/gh-aw/issues/30336) _(direct issue)_ ### `@MauroDruwel` - [gh aw upgrade: still warns 'Remove unsafe secrets from engine.env' despite fix in [#29378] for compile](https://github.com/github/gh-aw/issues/30178) _(direct issue)_ ### `@theletterf` - [Confused-deputy check denies legitimate bot-posted-menu / user-checks-box pattern on issue_comment(edited)](https://github.com/github/gh-aw/issues/30327) _(direct issue)_For complete details, see CHANGELOG.
Generated by Release · ● 1.7M
What's Changed
- [spec-enforcer] Enforce specifications for cli by @github-actions[bot] in https://github.com/github/gh-aw/pull/30141
- [docs] Update documentation for features from 2026-05-04 by @github-actions[bot] in https://github.com/github/gh-aw/pull/30136
- [docs] Update glossary - weekly full scan by @github-actions[bot] in https://github.com/github/gh-aw/pull/30133
- feat: auto-allow playwright-cli bash command when playwright cli mode is enabled by @Copilot in https://github.com/github/gh-aw/pull/30126
- Add mattpocock-skills-reviewer agentic workflow by @Copilot in https://github.com/github/gh-aw/pull/30122
- [architecture] Update architecture diagram - 2026-05-04 by @github-actions[bot] in https://github.com/github/gh-aw/pull/30117
- [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in https://github.com/github/gh-aw/pull/30112
- [specs] Update layout specification - 2026-05-04 by @github-actions[bot] in https://github.com/github/gh-aw/pull/30105
- Fix stale
$INSTRUCTIONassertion inTestEngineArgsIntegrationCodexby @Copilot in https://github.com/github/gh-aw/pull/30100 - [schema-coverage] feat: Add schema coverage demo for
metadatafield by @github-actions[bot] in https://github.com/github/gh-aw/pull/30099 - [schema-coverage] feat: Add schema coverage demo for
labelsfield by @github-actions[bot] in https://github.com/github/gh-aw/pull/30098 - [spec-review] Update Safe Outputs conformance checker for recent spec changes by @github-actions[bot] in https://github.com/github/gh-aw/pull/30074
- [log] add debug logging to 5 Go packages by @github-actions[bot] in https://github.com/github/gh-aw/pull/30061
- Add GitHub Copilot billing multipliers collection to daily-model-inventory workflow by @Copilot in https://github.com/github/gh-aw/pull/30060
- Fix missing safe-output calls in Schema Consistency Checker and Multi-Device Docs Tester by @Copilot in https://github.com/github/gh-aw/pull/30109
- fix: resolve 3 claude-engine workflow failures (safe-output misses + blocked commands) by @Copilot in https://github.com/github/gh-aw/pull/30110
- chore: reduce per-engine boilerplate in domains.go public API by @Copilot in https://github.com/github/gh-aw/pull/30072
- [dead-code] chore: remove dead functions — 4 functions removed by @github-actions[bot] in https://github.com/github/gh-aw/pull/30167
- [docs] Consolidate developer specifications v9.0 — tone fix and engine domain registry docs by @github-actions[bot] in https://github.com/github/gh-aw/pull/30157
- docs: fix spec audit — add Public API, Usage Examples, and Dependencies to 17 packages by @Copilot in https://github.com/github/gh-aw/pull/30155
- fix(workflow): normalize report formatting in copilot-pr-nlp-analysis by @Copilot in https://github.com/github/gh-aw/pull/30160
- deps: update github.com/modelcontextprotocol/go-sdk v1.5.0 → v1.6.0 by @Copilot in https://github.com/github/gh-aw/pull/30164
- fix: 4 CLI consistency issues in mcp, logs, and init commands by @Copilot in https://github.com/github/gh-aw/pull/30158
- feat: Add daily Grafana OTel Instrumentation workflow by @mnkiefer in https://github.com/github/gh-aw/pull/30190
- fix: replace hardcoded mcpToolParams() with reflection-based extraction by @Copilot in https://github.com/github/gh-aw/pull/30166
- [jsweep] Clean add_reaction_and_edit_comment.cjs by @github-actions[bot] in https://github.com/github/gh-aw/pull/30062
- fix: add
actions: readpermission to smoke-water.yml (#investigate-smoke-water-failure) by @Copilot in https://github.com/github/gh-aw/pull/30197 - fix: format Go code with go fmt by @Copilot in https://github.com/github/gh-aw/pull/30199
- feat: delegate Phase 6 & 7 of daily-security-red-team to haiku inline sub-agents by @Copilot in https://github.com/github/gh-aw/pull/30195
- Add service.version to setup job spans via compiler env injection by @Copilot in https://github.com/github/gh-aw/pull/30198
- fix: gh aw upgrade strips BYOK credentials from engine.env by @Copilot in https://github.com/github/gh-aw/pull/30194
- fix: add missing noop calls to 4 workflows causing silent failures by @Copilot in https://github.com/github/gh-aw/pull/30210
- feat: merge all OTLP endpoints from shared agentic workflow imports by @Copilot in https://github.com/github/gh-aw/pull/30209
- fix: remove empty parent block after last child is removed by codemod by @Copilot in https://github.com/github/gh-aw/pull/30216
- perf: fix ~28% BenchmarkYAMLGeneration regression by eliminating reflection hot path by @Copilot in https://github.com/github/gh-aw/pull/30208
- fix(otlp): add standard resource attributes to logSpan tool spans by @Copilot in https://github.com/github/gh-aw/pull/30215
- feat: model alias inventory update 2026-05-05 by @Copilot in https://github.com/github/gh-aw/pull/30238
- Bump firewall to v0.25.38 and mcpg to v0.3.6 by @Copilot in https://github.com/github/gh-aw/pull/30230
- test(parser): improve import_cache_test.go quality per testify-expert criteria by @Copilot in https://github.com/github/gh-aw/pull/30218
- Fix
mcp list-toolstab completion offering completions for second positional arg by @Copilot in https://github.com/github/gh-aw/pull/30221 - chore(deps): update fsnotify v1.9.0 → v1.10.0 by @Copilot in https://github.com/github/gh-aw/pull/30222
- Add MCP server unit tests using InMemoryTransport (no subprocess) by @Copilot in https://github.com/github/gh-aw/pull/30223
- refactor: eliminate near-duplicate string utilities, promote general-purpose helpers to pkg/stringutil by @Copilot in https://github.com/github/gh-aw/pull/30249
- fix: set CLAUDE_CODE_DISABLE_FAST_MODE=1 to prevent mid-session crash in Claude engine by @Copilot in https://github.com/github/gh-aw/pull/30255
- fix: add chatgpt.com to CodexDefaultDomains and recompile all workflows by @Copilot in https://github.com/github/gh-aw/pull/30207
- Add MCP progress notifications to logs, audit, and audit-diff tools by @Copilot in https://github.com/github/gh-aw/pull/30247
- fix: handle multi-line engine.env values as YAML literal block scalars by @Copilot in https://github.com/github/gh-aw/pull/30240
- Fix agent job needs not populated from engine.env needs expressions by @Copilot in https://github.com/github/gh-aw/pull/30239
- Remove APM testing from smoke-claude by @Copilot in https://github.com/github/gh-aw/pull/30257
- fix: two-checkpoint pre-flight validation + PR closure reason labeling by @Copilot in https://github.com/github/gh-aw/pull/30253
- [log] Add debug logging to five pkg/ files by @github-actions[bot] in https://github.com/github/gh-aw/pull/30266
- [docs] fix: correct spelling errors in docs (American English conventions) by @github-actions[bot] in https://github.com/github/gh-aw/pull/30265
- fix: remove duplicate repoConfigLog declaration breaking wasm build by @Copilot in https://github.com/github/gh-aw/pull/30268
- docs: generate model alias & multiplier reference tables from JSON data by @Copilot in https://github.com/github/gh-aw/pull/30256
- docs: add FAQ entry on forwarding agent/detection artifacts post-conclusion by @Copilot in https://github.com/github/gh-aw/pull/30278
- feat: emit gh-aw.detection.conclusion and gh-aw.detection.reason as OTLP span attributes by @Copilot in https://github.com/github/gh-aw/pull/30273
- [jsweep] Clean expired_entity_cleanup_helpers.cjs by @github-actions[bot] in https://github.com/github/gh-aw/pull/30271
- feat: handle local directory arguments in compile command by @Copilot in https://github.com/github/gh-aw/pull/30295
- Bump AWF firewall version to v0.25.39 by @Copilot in https://github.com/github/gh-aw/pull/30263
- Auto-switch push_to_pull_request_branch to bundle transport when merge commits are detected by @Copilot in https://github.com/github/gh-aw/pull/30287
- [docs] Update glossary - daily scan by @github-actions[bot] in https://github.com/github/gh-aw/pull/30334
- [instructions] Sync github-agentic-workflows.md with release v0.40.1 by @github-actions[bot] in https://github.com/github/gh-aw/pull/30318
- build(deps): Bump github.com/fsnotify/fsnotify from 1.10.0 to 1.10.1 by @dependabot[bot] in https://github.com/github/gh-aw/pull/30329
- Add stale-pr-cleanup workflow to triage 30+ day PR backlog by @Copilot in https://github.com/github/gh-aw/pull/30317
- [architecture] Update architecture diagram - 2026-05-05 by @github-actions[bot] in https://github.com/github/gh-aw/pull/30323
- feat: enable checksum validation by default in install-gh-aw.sh by @Copilot in https://github.com/github/gh-aw/pull/29223
- chore: remove dead parameters from findIncludesInContent and findPreviousSuccessfulWorkflowRuns by @Copilot in https://github.com/github/gh-aw/pull/30311
- Change architecture diagram workflow from daily to weekly by @Copilot in https://github.com/github/gh-aw/pull/30349
- feat: split github-agentic-workflows.md into focused sub-files and update instructions-janitor by @Copilot in https://github.com/github/gh-aw/pull/30351
- chore: centralize BUG panic for invalid model in domain computation by @Copilot in https://github.com/github/gh-aw/pull/30310
- fix(otel): eliminate gen_ai.usage.* double-counting and gen_ai.request.model duplicate on agent span by @Copilot in https://github.com/github/gh-aw/pull/30350
- [instructions] Sync instruction files — fix cli-proxy and reduce safe-outputs.md by @github-actions[bot] in https://github.com/github/gh-aw/pull/30359
- fix: explicitly default sandbox.agent to awf in strict mode when id is not specified by @Copilot in https://github.com/github/gh-aw/pull/30355
- Normalize report formatting in approach-validator, agent-performance-analyzer, and q workflows by @Copilot in https://github.com/github/gh-aw/pull/30362
- feat: add elseif handler syntax support in template expression rendering (#elseif, #else-if, #else_if variants) by @Copilot in https://github.com/github/gh-aw/pull/30358
- fix: include pull_request_review in reaction/status-comment conditions by @Copilot in https://github.com/github/gh-aw/pull/30354
- Move dictation prompt to root DICTATION.md by @Copilot in https://github.com/github/gh-aw/pull/30366
- fix: allow bot-posted-menu / user-checks-box pattern to bypass confused-deputy check by @Copilot in https://github.com/github/gh-aw/pull/30352
- fix: emit model aliases under
apiProxy.modelsinstead of top-levelconfig.modelsby @Copilot in https://github.com/github/gh-aw/pull/30367 - build(deps-dev): Bump @actions/github from 9.1.0 to 9.1.1 in /actions/setup/js by @dependabot[bot] in https://github.com/github/gh-aw/pull/30331
- docs: add Autoloop callout to landing page by @Copilot in https://github.com/github/gh-aw/pull/30399
- fix: reduce contribution-check token usage via truncation, concurrency, and turn cap by @Copilot in https://github.com/github/gh-aw/pull/30387
- [docs] Update Astro dependencies - 2026-05-05 by @github-actions[bot] in https://github.com/github/gh-aw/pull/30388
- Add
agentic-opsworkflows by @mnkiefer in https://github.com/github/gh-aw/pull/30379 - Add redirect from shared/apm.md to microsoft/apm upstream and update docs by @Copilot in https://github.com/github/gh-aw/pull/30397
- fix: use require.Error for error assertion in compile_args_test.go by @Copilot in https://github.com/github/gh-aw/pull/30394
- feat: Update OTel instrumentation workflow to support multiple endpoints by @mnkiefer in https://github.com/github/gh-aw/pull/30309
- chore: update source reference in token optimizer workflows by @mnkiefer in https://github.com/github/gh-aw/pull/30420
- Rename
MustBeWithin→ValidatePathWithinBaseinpkg/fileutilby @Copilot in https://github.com/github/gh-aw/pull/30421 - Add MCP Gateway v0.3.6 container pin to lock data and embedded pin maps by @Copilot in https://github.com/github/gh-aw/pull/30408
- Fix js-typecheck failure in
template_branch.cjsnull-else branch typing by @Copilot in https://github.com/github/gh-aw/pull/30424 - Fix CJS shard failures caused by
template_branch.cjsintegration gaps by @Copilot in https://github.com/github/gh-aw/pull/30425 - Bump default AWF firewall image set to v0.25.40 by @Copilot in https://github.com/github/gh-aw/pull/30406
Full Changelog: https://github.com/github/gh-aw/compare/v0.71.4...v0.71.5
