github github/gh-aw v0.33.8
gh-aw 0.33.8
on GitHub

latest releases: v0.44.0, v0.43.23, v0.43.22...
one month ago

🌟 Release Highlights

This release brings significant security and developer experience improvements through the Application Workflow Firewall (AWF) integration across all supported engines and workflow enhancements.

⚡ Major Improvements

Unified Firewall Protection Across All Engines
All agentic workflows now run with AWF firewall enabled by default for Copilot, Claude, and Codex engines (#6905, #7009). AWF provides network isolation via domain allowlisting with:

  • Secure one-liner installer with version pinning (#6925)
  • Pinned Docker image versions using --image-tag flag (#7014)
  • Enhanced firewall log collection and analysis

Better Developer Experience

  • MCP by default: gh aw init now creates MCP configuration automatically; use --no-mcp to opt out (#7001)
  • Automatic fixes on update: gh aw update now runs codemods to migrate workflows to current best practices automatically (#7012)
  • Improved documentation: Restructured [Agentic campaigns docs]((redacted) into focused subsections for easier navigation (#7007)

🐛 Key Bug Fixes

  • Fixed PR creation failures: Resolved missing GH_AW_WORKFLOW_ID propagation causing 100% failure rate for create_pull_request operations (#7029)
  • Better GitHub MCP guidance: Added informational message when using projects toolset, linking to [token documentation]((redacted) (#7016)
  • Schema validation: Reject repository-projects permission via schema validation with clear error messages (#7011)

🔧 Code Quality

  • Refactored update entity config parsers to eliminate duplicate scaffolding, reducing code by ~15% across issue/PR/release/discussion parsers (#7015)
  • Fixed smoke test configurations to properly validate firewall behavior (#7010, #7022)

For complete details, see CHANGELOG.

AI generated by Release

What's Changed

  • Restructure Agentic campaigns docs into subsections by @Copilot in #7007
  • Integrate AWF for Claude engine by @Copilot in #6905
  • Make MCP configuration default in init command, add --no-mcp flag by @Copilot in #7001
  • Fix smoke-codex-firewall test to expect OpenAI access blocked by @Copilot in #7010
  • Reject repository-projects permission via schema validation by @Copilot in #7011
  • Integrate fix codemods into update command flow by @Copilot in #7012
  • Enable strict mode and awf firewall for all agentic workflows by @Copilot in #7009
  • Refactor update entity config parsers to eliminate duplicate scaffolding by @Copilot in #7015
  • Use AWF installer script with version pinning when firewall is enabled by @Copilot in #6925
  • Pin AWF Docker image version using --image-tag flag by @Copilot in #7014
  • Rename Firewall Escape Test Agent to The Great Escapi by @Copilot in #7019
  • Add info message for GitHub MCP projects toolset token requirement by @Copilot in #7016
  • Remove redundant structure explanation from quick start by @Copilot in #7017
  • Fix smoke-copilot-safe-inputs workflow testing disabled tools by @Copilot in #7022
  • Fix GH_AW_WORKFLOW_ID propagation to safe_outputs job for create_pull_request by @Copilot in #7029

Full Changelog: v0.33.7...v0.33.8

Check out latest releases or
releases around github/gh-aw v0.33.8

Don't miss a new gh-aw release

NewReleases is sending notifications on new releases.

Get notifications