github github/gh-aw v0.33.5
gh-aw 0.33.5
on GitHub

latest releases: v0.43.6, v0.43.5, v0.43.4...
one month ago

🌟 Release Highlights

This release brings significant improvements to campaign orchestration, safe outputs, and security - making multi-repository workflows more robust and discussions fully interactive.

✨ What's New

🗣️ Discussion Updates - AI agents can now update existing discussions with update-discussion safe output, enabling long-running conversations and status updates. Custom footers let you personalize AI-generated updates. [Learn more]((redacted)

🚀 Campaign Token Support - Campaign specs now support project-github-token for fine-grained access control across multi-repository operations, enabling better security in coordinated workflows.

🔥 Codex Firewall (AWF) - Agentic Web Firewall support now extends to Codex engine, bringing the same security and network control available for Copilot workflows.

📊 Campaign Orchestration - Enhanced orchestrator/worker architecture with tracker-id-based monitoring improves reliability of multi-repository campaigns. Workers are now truly system-agnostic with clearer separation of concerns. [View architecture docs]((redacted)

🐛 Bug Fixes & Improvements

Cleaner Logs - Eliminated spurious error annotations in safe_outputs jobs caused by GraphQL diagnostic logging (#6933)

Code Quality - Split massive 1,331-line update_command.go into 8 focused modules for better maintainability (#6897)

Type Safety - Introduced ValidatableTool interface for compile-time permission validation, catching configuration errors earlier (#6896)

Simplified Transport - Removed stdio mode from safe-inputs, standardizing on HTTP-only transport for consistency (#6900)

🔒 Security

Strict Mode Enhancement - Disabled sandbox.agent: false in strict mode for Copilot engine, preventing security bypass (#6903)

Firewall Updates - Bumped gh-aw-firewall to v0.7.0 and enabled AWF in smoke test workflows for better security validation (#6898, #6901)

Cleaner Actions - Replaced Node.js file embedding with bash scripts in setup-safe-outputs, reducing supply chain complexity (#6921)

For complete details, see CHANGELOG.

AI generated by Release

What's Changed

  • Introduce ValidatableTool interface for type-safe permission validation by @Copilot in #6896
  • Refactor update_command.go: Split 1,331-line file into 8 focused modules by @Copilot in #6897
  • Remove stdio mode from safe-inputs, keep HTTP-only transport by @Copilot in #6900
  • Disable sandbox.agent: false in strict mode for copilot engine by @Copilot in #6903
  • Bump gh-aw-firewall version from v0.6.0 to v0.7.0 by @Copilot in #6898
  • Enable firewall (AWF) for smoke-copilot and smoke-copilot-playwright workflows by @Copilot in #6901
  • Add update-discussion safe output type by @Copilot in #6887
  • Fix orchestrator to monitor workers via tracker-id instead of workflow runs by @Copilot in #6893
  • feat: Enable custom footer messages for update-discussion by @Copilot in #6915
  • Document tracker-id mechanism for campaign orchestrator/worker coordination by @Copilot in #6928
  • Campaign orchestrator: enforce system-agnostic separation between workers and coordination by @Copilot in #6929
  • Fix spurious error annotations in safe_outputs jobs from GraphQL diagnostic logging by @Copilot in #6933
  • Add project-github-token support for campaign specs by @Copilot in #6935
  • docs: enhance campaign orchestrator/worker architecture and add roadmap view guidance by @Copilot in #6938
  • Add AWF support for Codex engine by @Copilot in #6906

Full Changelog: v0.33.4...v0.33.5

Check out latest releases or
releases around github/gh-aw v0.33.5

Don't miss a new gh-aw release

NewReleases is sending notifications on new releases.

Get notifications