github github/gh-aw v0.57.0
on GitHub

4 hours ago

🌟 Release Highlights

This release delivers a meaningful rename that clarifies the product model, a new concurrency primitive for fan-out workflows, and a focused round of reliability fixes across safe-outputs and developer tooling.

⚠️ Breaking Changes

safe-inputs renamed to mcp-scripts

The safe-inputs frontmatter field has been renamed to mcp-scripts throughout the compiler, schema, documentation, and runtime to better reflect its purpose as a lightweight MCP Script host.

Migration: Run the built-in codemod to update your workflows automatically: 

gh aw fix --write safe-inputs-to-mcp-scripts

All documentation, environment variables, log messages, and shared workflows have been updated accordingly. (#20115)

✨ What's New

concurrency.job-discriminator for fan-out workflows

A new job-discriminator field in the concurrency frontmatter block prevents concurrent fan-out runs from cancelling each other. When set, the expression is appended to compiler-generated job-level concurrency groups (agent, output jobs), making each dispatch unique. 

# Allow concurrent runs dispatched with different inputs
concurrency:
  job-discriminator: $\{\{ inputs.finding_id }}

# Use run_id for scheduled workflows with no distinguishing input
concurrency:
  job-discriminator: $\{\{ github.run_id }}

This is especially useful for workflows invoked in batch — such as per-repository analysis jobs — where the default static concurrency group would cancel all-but-two concurrent runs. (#20190)

🐛 Bug Fixes & Improvements

Safe-Outputs reliability:

  • created_issue_* outputs now emitted correctlycreated_issue_number and created_issue_url were silently dropped after a successful create-issue action due to the handler manager never calling the emitter. Workflows gating on these outputs will now work as expected. (#20130)
  • pull_request_target events now recognized as PR context — Safe-output operations using target: "triggering" (e.g., update-pull-request) were silently skipped or failed when triggered via pull_request_target. (#20198)
  • Cross-repo safe-outputs now pass GITHUB_TOKEN to git CLI — Custom token sources are now wired into the GITHUB_TOKEN environment variable for create-pull-request and push-to-pull-request-branch steps involving cross-repo checkouts. (#19890)

Tooling fixes:

  • gh aw health now finds workflow runs — The path field was accidentally dropped from the gh run list query, causing the .lock.yml filter to discard every run and always report "No workflow runs found". (#20221)
  • Firewall analysis no longer inflates blocked counts — Internal Squid error entries (client ::1:, domain -) were being counted as blocked requests. (#20137)
  • Campaign discovery no longer crashes — The campaign workflow step now inlines discovery logic instead of referencing /opt/gh-aw/actions/campaign_discovery.cjs, which is not a built-in module. (#20109)
  • repo-memory no longer fails on repos without a Wiki — The __GH_AW_WIKI_NOTE__ placeholder in repo_memory_prompt.md is now correctly substituted when wiki: true is not set. (#20236)
  • create-pull-request integer expires values now converted correctly — Integer values (e.g., expires: 14) representing days were previously stored as-is instead of being converted to hours. (#20231)
  • Agent failure issues now use cleaner titles — Pre-agent stage denomination removed; failure issues always use the format [aw] (workflow-name) failed. (#20146)

Engine parity:

  • Codex runs now display a rich session preview in the "Parse agent logs" step, matching the output format of Copilot, Claude, and Gemini engines. (#20199)

No-op runs:

  • The auto-created no-op runs issue template now includes a helpful tip explaining how to disable reporting via safe-outputs. (#20229)

📚 Documentation

  • Cost management reference guide updated with gh aw logs monitoring section and corrected skip-if-match / skip-if-no-match YAML examples. (#20128)
  • Getting-started MCP guide streamlined by 21% — duplicate content and verbose tables removed. (#20136)
  • Project Operations page updated with improved authentication guidance and visual examples. (#20165)

For complete details, see CHANGELOG.

Generated by Release

What's Changed

  • [log] Add debug logging to MCP inspection, workflow resolution, and repo memory by @github-actions[bot] in #20119
  • fix: inline campaign discovery logic in campaign workflow step by @Copilot in #20109
  • [WIP] Improve cost management reference documentation by @Copilot in #20128
  • fix(safe-outputs): emit created_issue_* outputs from handler manager by @Copilot in #20130
  • [instructions] Sync github-agentic-workflows.md with v0.40.1 — document safe-outputs step action outputs by @github-actions[bot] in #20134
  • [docs] docs: unbloat getting-started-mcp guide by @github-actions[bot] in #20136
  • Rename safe-inputs to mcp-scripts by @Copilot in #20115
  • fix: expose GITHUB_TOKEN env var for cross-repo git CLI operations in safe outputs by @Copilot in #19890
  • Fix firewall analysis inflating blocked count with internal Squid error entries by @Copilot in #20137
  • [WIP] Fix agent failure issue creation by removing pre-agent denomination by @Copilot in #20146
  • [jsweep] Clean assign_to_agent.cjs by @github-actions[bot] in #20155
  • [docs] Update documentation for features from 2026-03-09 by @github-actions[bot] in #20159
  • chore: update project ops page by @mnkiefer in #20165
  • [docs] Update glossary - weekly full scan by @github-actions[bot] in #20191
  • [architecture] Update architecture diagram - 2026-03-09 by @github-actions[bot] in #20175
  • [specs] Update layout specification - 2026-03-09 by @github-actions[bot] in #20170
  • fix(safe-outputs): include pull_request_target in PR context detection by @Copilot in #20198
  • Fix broken anchor links in project-ops docs causing CI build failure by @Copilot in #20173
  • Show Codex session preview in parse agent log step like other engines by @Copilot in #20199
  • Add concurrency.job-discriminator to prevent fan-out cancellations in job-level concurrency groups by @Copilot in #20190
  • Add GFM tip to no-op runs issue template explaining how to disable reporting by @Copilot in #20229
  • fix: use preprocessExpiresField for create-pull-request integer expires conversion by @samueltauil in #20231
  • fix: gh aw health always returns "No workflow runs found" by @Copilot in #20221
  • Fix __GH_AW_WIKI_NOTE__ placeholder not substituted when wiki is disabled by @Copilot in #20236

New Contributors

Full Changelog: v0.56.2...v0.57.0

Check out latest releases or
releases around github/gh-aw v0.57.0

Don't miss a new gh-aw release

NewReleases is sending notifications on new releases.

Get notifications