github/gh-aw v0.68.0

on GitHub

🌟 Release Highlights

This release brings distributed tracing improvements, important security hardening, permission fixes, and a cleaner add-comment API — with a community-reported bug fix included.

✨ What's New

• OpenTelemetry cross-job trace hierarchy — Parent span IDs are now propagated through aw_context across jobs, enabling end-to-end distributed trace visibility for multi-job workflows. (#25540)

• Simplified discussion comment API — The deprecated add-comment.discussion (singular boolean) field has been removed in favor of the clearer discussions: true/false syntax. Update your workflows using gh aw fix --write. (#25532)

🐛 Bug Fixes & Improvements

• Fixed invalid discussions: write permission on safe-output jobs — The compiler was unconditionally emitting an invalid permission-discussions field into GitHub App token requests for safe-output jobs. This has been corrected. (#25508)

• Security: heredoc content validation — ValidateHeredocContent checks are now applied to five user-controlled heredoc insertion sites, closing a class of potential injection vectors. (#25510)

• MCP schema: proxy-args now accepted at top level — The stdio_mcp_tool schema now includes proxy-args as a top-level property, fixing validation errors for tools that use proxy arguments. (#25542)

• MCP config schema validation re-enabled — Previously dead MCP configuration schema validation paths are now wired up, improving compile-time error detection. (#25507)

• Docker pre-download list updated — The cli-proxy image is now included in the pre-download list, reducing cold-start latency in containerized runs. (#25558)

• Playground editor template dropdown restored — Four missing workflow templates have been restored to the playground editor dropdown. (#25528)

📚 Documentation

• Integrity-filtering inputs fully documented — All integrity-filtering inputs are now documented in the reference. (#25545, Learn more)

🌍 Community Contributions

For complete details, see CHANGELOG.

Generated by Release · ● 1.1M

What's Changed

• [slides] Add OpenTelemetry distributed tracing slide by @github-actions[bot] in #25515
• fix: remove invalid permission-discussions from GitHub App token fields by @Copilot in #25508
• fix: temporarily disable GITHUB_COPILOT_INTEGRATION_ID env var by @lpcox in #25521
• Add ValidateHeredocContent checks to 5 user-controlled heredoc sites by @Copilot in #25510
• Wire up dead MCP config schema validation by @Copilot in #25507
• Fix TestStepOrderingValidation_SecretRedactionBeforeUploads: tighten Upload Safe Outputs assertion by @Copilot in #25524
• [docs] Fix playground editor template dropdown — restore 4 missing templates by @github-actions[bot] in #25528
• [ubuntu-image] research: update Ubuntu runner image analysis to 20260406.80.1 by @github-actions[bot] in #25537
• feat(otel): propagate parent span ID through aw_context for cross-job trace hierarchy by @Copilot in #25540
• Remove deprecated add-comment.discussion (singular) in favor of discussions: true/false by @Copilot in #25532
• docs: document all integrity-filtering inputs by @lpcox in #25545
• fix: add proxy-args to stdio_mcp_tool schema top-level properties by @Copilot in #25542
• [actions] Update GitHub Actions versions - 2026-04-09 by @Copilot in #25541
• [safe-output-integrator] Add missing upload-artifact safe-output test workflow and compiler test by @github-actions[bot] in #25547
• refactor(static-analysis-report): build gh-aw from source instead of installing a release by @Copilot in #25556
• fix: add cli-proxy image to Docker pre-download list by @lpcox in #25558
• Optimize Functional Pragmatist workflow token usage (~54% prompt reduction) by @Copilot in #25560

Full Changelog: v0.67.4...v0.68.0