github github/gh-aw v0.33.12
gh-aw 0.33.12
on GitHub

latest releases: v0.46.3, v0.46.2, v0.46.1...
one month ago

🌟 Release Highlights

v0.33.12 brings significant improvements to MCP server flexibility, safe output reliability, and documentation quality.

✨ What's New

🔧 Standalone MCP Gateway CLI (awmg)
Added a new lightweight CLI tool for MCP server aggregation and management, enabling local integration and testing without requiring full workflow execution. The awmg command provides gateway utilities and simplified MCP server orchestration. Learn more

⚙️ Flexible MCP Gateway Configuration
The sandbox.mcp configuration now supports custom command and container-based execution modes, giving you control over how the MCP gateway runs. Configure with command for custom binaries or container for Docker-based execution alongside the default awmg mode. Documentation

📋 Complete mcp-server Command Documentation
The CLI reference now includes comprehensive documentation for the mcp-server command, covering all 7 available tools (status, compile, logs, audit, mcp-inspect, add, update) and both stdio and HTTP transport options.

🐛 Bug Fixes & Improvements

🔒 Security Hardening
Fixed clear-text logging vulnerability (CodeQL Alert #71) by removing secret key parameters from validation functions, preventing potential exposure of infrastructure details in logs.

📦 Upload Assets Processing
Resolved issue where assets uploaded via the MCP server tool weren't being published to the orphaned git branch, ensuring all uploaded files are accessible via raw.githubusercontent.com URLs.

📐 JSON Schema Validation
Fixed type: choice conversion to proper JSON Schema format for safe-output custom jobs, preventing Claude API schema validation failures.

🏷️ Consistent Safe Output Naming
Standardized all references to use singular "upload-asset" (instead of "upload-assets") across schemas, parsing, and processing logic with automated migration support.

📚 Documentation

  • Removed documentation bloat from memory reference (12.6% reduction while preserving all essential information)
  • Updated GitHub MCP server configuration examples throughout documentation
  • Enhanced workflow health monitoring with new operational runbook
  • Improved CLI argument syntax consistency across all commands

🔧 Developer Experience

  • Extracted validation functions from interactive forms for better testability
  • Refactored 1,368-line compiler_safe_outputs_consolidated.go into 6 focused modules
  • Enhanced debug logging in parser and CLI compilation stats
  • Added interactive confirmation dialog for file overwrites in workflow builder

For complete details, see the full changelog.

AI generated by Release

What's Changed

  • Resolve merge conflict in action_pins_test.go by @Copilot in #7204
  • Configure release workflow to allow githubnext.github.io network access by @Copilot in #7206
  • Update GitHub MCP server configuration in Agent Performance Analyzer by @Copilot in #7205
  • [log] Add debug logging to parser and CLI compilation stats by @github-actions[bot] in #7210
  • [WIP] Update workflow health dashboard statistics by @Copilot in #7212
  • Remove hour support from expires field schema pattern by @Copilot in #7213
  • [security-fix] Security Fix: Remove sensitive key names from secrets validation log messages (Alert #71) by @github-actions[bot] in #7224
  • Add interactive confirmation dialog for file overwrite in workflow builder by @Copilot in #7223
  • Move "What are Agentic Workflows" to introduction and remove TrialOps badge by @Copilot in #7254
  • [security-fix] Security Fix: Prevent logging of secret key names in validation errors (Alert #71) by @github-actions[bot] in #7240
  • Extract validation functions from interactive forms by @Copilot in #7243
  • [docs] Remove documentation bloat from memory.md by @github-actions[bot] in #7271
  • Increase skip-if-match limit to 9 in issue-monster workflow by @Copilot in #7263
  • [jsweep] Clean safe_outputs_tools_loader.cjs by @github-actions[bot] in #7272
  • Refactor: Split 1,368-line compiler_safe_outputs_consolidated.go into 6 domain-focused modules by @Copilot in #7262
  • Bump @sentry/mcp-server from 0.24.0 to 0.26.0 in /.github/workflows by @dependabot[bot] in #7234
  • docs: complete mcp-server command documentation in CLI reference by @Copilot in #7286
  • Add workflow health monitoring runbook by @Copilot in #7287
  • [security-fix] Fix clear-text logging vulnerability by removing secret key parameter from validation by @github-actions[bot] in #7289
  • Fix Haskell action SHA in runtime setup test by @Copilot in #7288
  • Add standalone awmg CLI for MCP server aggregation by @Copilot in #7050
  • [q] Fix upload-assets not processing files from MCP server by @github-actions[bot] in #7293
  • Fix choice type conversion to JSON Schema in safe-output jobs by @Copilot in #7291
  • Add command/container execution support to sandbox.mcp configuration by @Copilot in #7294
  • Standardize CLI argument syntax for consistency by @Copilot in #7296
  • [ca] Document hourly-ci-cleaner tool access issue by @github-actions[bot] in #7297
  • Replace deprecated --workflows-dir flag with --dir in documentation by @Copilot in #7306
  • Deduplicate action pins in lock file by version precision by @Copilot in #7301
  • Fix init command documentation - clarify MCP enabled by default by @Copilot in #7303
  • Add build steps for gh-aw binary in daily-copilot-token-report workflow by @Copilot in #7302
  • [ca] Fix code formatting alignment in argument syntax test by @github-actions[bot] in #7307
  • [docs] Update documentation for sandbox.mcp command/container execution modes by @github-actions[bot] in #7305
  • Standardize safe output references to singular "upload-asset" and separate job by @Copilot in #7295
  • [instructions] Sync github-agentic-workflows.md with v0.33.11 by @github-actions[bot] in #7312

Full Changelog: v0.33.11...v0.33.12

Check out latest releases or
releases around github/gh-aw v0.33.12

Don't miss a new gh-aw release

NewReleases is sending notifications on new releases.

Get notifications