v0.42.14

🌟 Release Highlights

This release delivers significant improvements across workflow reliability, developer experience, and internal code quality with 45 merged PRs focusing on robustness, testing, and maintainability.

✨ What's New

Enhanced Interactive CLI Experience

• Fuzzy search for workflows (#14394) - Find workflows faster with interactive fuzzy search, making workflow selection more intuitive
• Expanded Huh forms (#14357) - More interactive operations with improved CLI forms for better user experience

Plugin System Improvements

• Plugin imports and merging (#14376) - Import and merge plugin configurations for modular workflow composition
• Per-plugin environment variables (#14381) - Configure MCP environment variables per plugin for granular control
• Sandbox plugin discovery (#14296) - Added --add-dir flag for Copilot plugin discovery in sandbox mode

Frontmatter and Import Enhancements

• Runtime-import macros (#14382) - Simplify frontmatter imports with new macro system
• Runtime frontmatter documentation (#14303) - Complete documentation for runtime version overrides

Agent Workflow Improvements

• Global mood control (#14380) - Centralized agent behavior control for coordinated workflow operations
• Conversation transcript access (#14414) - Copilot Session Insights now has access to conversation transcripts for better analysis

🐛 Bug Fixes & Reliability

Project Draft Issue Handling (Critical Fixes)

• Fixed temporary_id mapping for draft issues in update_project (#14452, #14331, #14323) - Resolves draft issue creation and reference tracking

Workflow Execution Fixes

• Fixed invalid checkout-pr output references in workflows without contents permission (#14286)
• Fixed PR checkout logic with extensive logging and robust fork detection (#14443)
• Fixed audit MCP tool missing InputSchema for jq parameter (#14442)
• Fixed plugin installation format from marketplace URL to GitHub repository path (#14425)
• Fixed agent import test for runtime-import macro behavior (#14401)

Compiler Improvements

• Standardized error wrapping to preserve error chains (#14435)
• Fixed error propagation in compiler (#14301)
• Fixed non-deterministic engine validation error messages (#14313)

Shell Script & Workflow Fixes

• Fixed SC2086 shellcheck errors by quoting variables in generated scripts (#14403)
• Fixed CI Doctor workflow timeout by increasing to 20 minutes (#14344)
• Granted bash execution permissions to Daily Workflow Updater (#14415)

⚡ Performance & Efficiency

• 45% token reduction in Smoke Codex workflow (#14395) - Significant cost savings for testing operations
• Issue Monster optimizations (#14361, #14379, #14383) - Improved scheduling (10m → 30m), rate limiting, and pre-filtering of closed/active PRs

🔧 Code Quality & Testing

Test Coverage Expansion

• Added comprehensive test coverage for compiler components (#14416, #14412, #14419)
• Added regression tests for runtime deduplication (#14384)
• Refactored threat detection tests with testify assertions (#14275)
• Fixed test determinism (#14348)

Code Organization

• Centralized ANSI escape sequences in console package (#14340, #14364)
• Refactored CompileWorkflowData into smaller, testable functions (#14402)
• Implemented Phase 2 validation helpers to consolidate duplicate patterns (#14312)
• Extracted duplicate expired entity cleanup orchestration (#14292)

Debugging & Observability

• Added debug logging to runtime validation and schedule scattering (#14308)
• Extensive PR checkout logging for troubleshooting (#14443)

📚 Documentation

• Added missing health command to CLI reference (#14273)
• Added missing hash-frontmatter command to CLI reference (#14285)
• Documented runtimes frontmatter field (#14303)
• Normalized report formatting guidelines across workflows (#14311)

🔄 Internal Improvements

• Automated test failure reporting to CI workflows (#14302)
• Duplicate issue cleanup in CI failure doctor (#14396)
• Draft title normalization (#14453)

---

Full Details: See the complete CHANGELOG for all changes between v0.42.13 and v0.42.14.

Generated by Release

---

What's Changed

• docs: add missing health command to CLI reference by @Copilot in #14273
• Refactor threat detection tests: testify assertions, table-driven patterns, helper functions by @Copilot in #14275
• Fix invalid checkout-pr output references in workflows without contents permission by @Copilot in #14286
• docs: add missing hash-frontmatter command to CLI reference by @Copilot in #14285
• Fix duplicate draft issue creation in update-project by @Copilot in #14323
• Fix non-deterministic engine validation error message by @Copilot in #14313
• Refactor: Extract duplicate expired entity cleanup orchestration by @Copilot in #14292
• Normalize report formatting guidelines across Phase 1 workflows by @Copilot in #14311
• Add --add-dir for Copilot plugin discovery in sandbox mode by @Copilot in #14296
• Fix error propagation in compiler: return errors instead of swallowing them by @Copilot in #14301
• Document runtimes frontmatter field by @Copilot in #14303
• Add automated test failure reporting to CI workflows by @Copilot in #14302
• [log] Add debug logging to runtime validation and schedule scattering by @github-actions[bot] in #14308
• Implement Phase 2 validation helpers to consolidate duplicate patterns by @Copilot in #14312
• Fix CI Doctor workflow timeout: increase to 20 minutes by @Copilot in #14344
• Centralize ANSI escape sequences in console package by @Copilot in #14340
• Add temporary_id support to update_project for draft issue references by @Copilot in #14331
• Fix TestEmptyMarkdownContentError: use correct GitHub tool name by @Copilot in #14348
• Issue Monster: 10m schedule, pre-filter closed/active PRs by @Copilot in #14361
• Expand Huh forms usage for interactive CLI operations by @Copilot in #14357
• Add plugin imports and merging support by @Copilot in #14376
• Add global mood control file for centralized agent behavior by @Copilot in #14380
• Decrease Issue Monster frequency to 30m with skip-if-match max of 5 by @Copilot in #14383
• Add regression tests for runtime deduplication preserving user versions by @Copilot in #14384
• Use runtime-import macros for frontmatter imports by @Copilot in #14382
• Add duplicate issue cleanup to CI failure doctor workflow by @Copilot in #14396
• Reduce Smoke Codex token usage by 45% by @Copilot in #14395
• Add rate limiting protection to Issue Monster workflow by @Copilot in #14379
• Add fuzzy search to interactive workflow selection by @Copilot in #14394
• Support per-plugin MCP environment variable configuration by @Copilot in #14381
• Fix agent import test for runtime-import macro behavior by @Copilot in #14401
• Fix SC2086 shellcheck errors: Quote variables in generated shell scripts by @Copilot in #14403
• Increase test coverage for compiler_jobs.go dependency resolution by @Copilot in #14412
• Add test coverage for compiler_orchestrator_workflow.go by @Copilot in #14416
• [Code Quality] Centralize ANSI escape sequences in pkg/console/terminal.go by @Copilot in #14364
• Grant bash execution permissions to Daily Workflow Updater by @Copilot in #14415
• Enable conversation transcript access for Copilot Session Insights by @Copilot in #14414
• Increase test coverage for compiler_jobs.go job orchestration logic by @Copilot in #14419
• Refactor CompileWorkflowData into smaller, testable functions by @Copilot in #14402
• Standardize error wrapping in compiler to preserve error chains by @Copilot in #14435
• Fix audit MCP tool: add missing InputSchema for jq parameter by @Copilot in #14442
• Add extensive logging and robust fork detection to PR checkout logic by @Copilot in #14443
• Fix update_project: Return temporary_id mapping for draft issues by @Copilot in #14452
• chore: add draft title normalization by @mnkiefer in #14453

Full Changelog: v0.42.13...v0.42.14

v0.42.13

🌟 Release Highlights

This release focuses on improving developer experience with better error messages, comprehensive documentation updates, and critical bug fixes for workflow compilation and runtime evaluation.

✨ What's New

Fuzzy Matching for Better Error Messages (#14260)
When you mistype an engine or tool name, gh-aw now suggests the closest match using "did you mean" hints. No more guessing why coppilot doesn't work—the compiler will suggest copilot automatically.

SSL-Bump Documentation (#14266)
New comprehensive documentation for the SSL-bump firewall feature, including security considerations and configuration examples. Learn more about network configuration.

Actions Permission Restrictions Documentation (#14253)
The init command now includes clear documentation about Actions permission restrictions, helping you understand and resolve access control issues faster.

🐛 Bug Fixes & Improvements

Compiler Obfuscation Fix (#14257)
Fixed a critical compiler bug where static quoted values were incorrectly wrapped in ${{ }} expressions. This caused workflow failures when using literal strings in step configurations. The compiler now correctly distinguishes between GitHub expressions and static values.

Runtime Expression Evaluation (#14255)
Fixed needs.* expression evaluation in runtime-imported markdown, resolving issues with the issue-monster workflow and other complex workflow dependencies.

MCP Gateway Stability (#14269)
Reverted MCP Gateway to v0.0.103 for improved stability and reliability in production workflows.

---

Generated by Release

---

What's Changed

• Document Actions permission restrictions detected by init command by @Copilot in #14253
• Fix issue-monster workflow by enabling needs.* expression evaluation in runtime-imported markdown by @Copilot in #14255
• Fix compiler obfuscation: Don't wrap static quoted values in ${{ }} by @Copilot in #14257
• Document SSL-bump feature for AWF firewall by @Copilot in #14266
• Add fuzzy matching "did you mean" suggestions for engine and tool validation by @Copilot in #14260
• Revert gh-aw-mcpg to v0.0.103 by @Copilot in #14269

Full Changelog: v0.42.12...v0.42.13

v0.42.12

🌟 Release Highlights

This maintenance release focuses on stability improvements and infrastructure updates for gh-aw workflows.

🐛 Bug Fixes & Improvements

• Fixed Go version PATH ordering (#14237) - Workflows now correctly prioritize the Go version set by actions/setup-go over hostedtoolcache versions, resolving make build failures in Codex smoke tests
• Updated strict mode test syntax (#14242) - Test cases now use bash: [] instead of deprecated anonymous bash: syntax for better validation compatibility
• Refactored repository checks (#14246) - Improved code reusability by extracting shared repository validation methods, plus added add-wizard alias for the add command

⚡ Infrastructure

• Upgraded MCP Gateway to v0.0.107 (#14244) - All 147 compiled workflows now reference the latest MCP Gateway container version

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Remove anonymous bash tool syntax, require explicit configuration by @Copilot in #14222
• Fix Go version ordering in GetNpmBinPathSetup by @Mossaka in #14237
• Fix strict mode tests using deprecated anonymous bash syntax by @Copilot in #14242
• Update MCP Gateway to v0.0.107 by @Copilot in #14244
• 🔧 Refactor repository checks in interactive workflows by @dsyme in #14246

Full Changelog: v0.42.11...v0.42.12

v0.42.11

🌟 Release Highlights

This release improves workflow reliability, clarifies tool configurations, and enhances our Dependabot automation with smarter project management.

✨ What's New

Dependabot Project Manager Enhancement (#14225)

• Refactored to process Dependabot pull requests instead of security alerts, making it easier to review and merge dependency updates
• Streamlines the workflow for managing open Dependabot PRs with bundling and intelligent assignment

Documentation Improvements (#14214)

• Updated guides to use vendor-neutral "AI chatbot" terminology instead of specific tool references
• Makes documentation more inclusive and applicable across different AI platforms

🐛 Bug Fixes & Improvements

Plugin Command Syntax Fix (#14224)

• Corrected plugin installation command ordering from install plugin to plugin install
• Prevents CLI errors when workflows use plugin installations

Cleaner Tool Configuration (#14222)

• Removed ambiguous anonymous bash: syntax (nil values)
• Now requires explicit bash tool configuration for better clarity and predictability

Test Reliability (#14221)

• Fixed false positive in runtime version tests caused by AWF version string matching
• Improved test specificity to avoid version string collisions

⚡ Under the Hood

AWF Framework Update (#14027)

• Bumped AWF (gh-aw-firewall) to v0.13.12 for improved MCP server connectivity in chroot mode

---

For complete details, see the CHANGELOG.

Generated by Release

---

What's Changed

• docs: replace ChatGPT references with generic AI chatbot terminology by @Copilot in #14214
• Add Dependabot Project Manager workflow with bundling and Copilot assignment by @Copilot in #14182
• chore: bump AWF to v0.13.12 by @Mossaka in #14027
• Fix TestRuntimeSetupPreservesUserVersions false positive from AWF version by @Copilot in #14221
• Refactor Dependabot Project Manager to process PRs instead of security alerts by @Copilot in #14225
• Fix plugin command syntax: install plugin → plugin install by @Copilot in #14224

Full Changelog: v0.42.10...v0.42.11

v0.42.10

What's Changed

• Add daily exploratory testing workflow for CLI tools by @Copilot in #14168
• Fix smoke-claude: handle tool failures gracefully and guarantee safe output by @Copilot in #14171
• Rename MCP server identifier from agentic_workflows to agenticworkflows by @Copilot in #14173
• Limit create-issue to 1 in daily-cli-tools-tester workflow by @Copilot in #14184
• Format auto-added "Fixes #N" as bullet point in PR body footer by @Copilot in #14191
• Add network access to agentic-workflows MCP server container by @Copilot in #14201
• Teach create workflow agent to discover CLI automation before manual configuration by @Copilot in #14189
• Make upgrade command version check non-blocking with GitHub API by @Copilot in #14209
• Wrap agent log rendering in collapsible details section by @Copilot in #14208
• Add edit tool and full bash access to daily-cli-tools-tester workflow by @Copilot in #14211

Full Changelog: v0.42.9...v0.42.10

v0.42.9

🌟 Release Highlights

This maintenance release improves debugging capabilities and refines documentation for workflow creation.

🐛 Bug Fixes & Improvements

Enhanced Error Diagnostics for gh CLI - When GitHub CLI commands fail, error logs now capture complete diagnostic information including exit codes, stderr output, and the executed command. This makes troubleshooting workflow issues significantly faster by providing actionable error context. (#14156)

Docker Git Ownership Fixed - Resolved "dubious ownership" errors when working with mounted volumes in Docker containers by configuring git to trust all directories. This eliminates a common friction point in containerized development environments. (#14156)

📚 Documentation

Streamlined Workflow Creation Guide - The create.md documentation now includes helpful references to orchestration and project management patterns, making it easier to discover best practices when building new workflows. Removed outdated instructions for deprecated features. (#14151)

---

Generated by Release

---

What's Changed

• core: update create.md by @mnkiefer in #14151
• Capture exit codes and stderr when gh CLI commands fail, fix Docker git ownership by @Copilot in #14156

Full Changelog: v0.42.8...v0.42.9

v0.42.8

🌟 Release Highlights

This maintenance release brings important bug fixes for workflow execution, improved MCP server reliability, and enhanced documentation experience.

🐛 Key Bug Fixes

Workflow Execution Improvements

• Discussion comment handling: add_comment now automatically falls back to GraphQL when working with discussion numbers, eliminating 404 errors (#14125)
• Dev mode binary access: Fixed gh-aw binary availability in user-defined workflow steps, enabling custom commands to run properly (#14120)
• Action pinning: Updated action-tag references to include all required JavaScript files, preventing missing dependency errors (#14127)

Parser & Validation

• Firewall configuration: Fixed SSL-bump field extraction in frontmatter parser for proper firewall configuration (#13920)
• Version detection: Improved Python dependency version checking in NLP analysis workflows (#14119)

✨ What's New

MCP Server Enhancements

• Binary path auto-detection: MCP server now automatically detects the gh-aw binary path for reliable self-invocation (#14140)
• Concurrency analysis: New daily workflow monitors MCP server tools for potential race conditions and global state issues (#14147)

Documentation & Usability

• Emoji-free rendering: Documentation now strips emojis for cleaner, more professional output using a custom remark plugin (#14122)
• Video tutorials: Updated video files and thumbnails for improved learning experience (#14094, #14099)
• Modern typography: Added Mona Sans webfonts for enhanced readability (#14107)
• Glossary updates: Automated daily scans keep terminology current (#14096)

🧹 Cleanup

• Removed obsolete prompt file management from init, upgrade, and fix commands for simpler initialization flows (#14150)
• Cleaned up deprecated payload-dir references from frontmatter documentation (#14069)

🧪 Testing

• Expanded unit test coverage for workflow compiler main job generation (#14129)

📦 Dependency Updates

• Claude Code: 2.1.34
• Copilot CLI: 0.0.405
• Codex: 0.98.0
• Playwright MCP: 0.0.64

---

Generated by Release

---

What's Changed

• chore: update video files for tutorials by @mnkiefer in #14094
• fix: update video thumbnail paths by @mnkiefer in #14099
• docs: add Mona Sans webfonts by @mnkiefer in #14107
• Remove payload-dir from frontmatter documentation by @Copilot in #14069
• [docs] Update glossary - daily scan by @github-actions[bot] in #14096
• Fix firewall SSL-bump field extraction in frontmatter parser by @Copilot in #13920
• feat: add remark plugin to strip emojis by @mnkiefer in #14122
• Update CLI versions: Claude Code 2.1.34, Copilot 0.0.405, Codex 0.98.0, Playwright MCP 0.0.64 by @Copilot in #14114
• Fix textblob version check in Copilot PR NLP Analysis workflow by @Copilot in #14119
• Fix gh-aw binary availability for user-defined steps in dev mode workflows by @Copilot in #14120
• Fix daily-fact workflow action-tag to include missing parse_mcp_gateway_log.cjs by @Copilot in #14127
• Add unit tests for compiler_yaml_main_job.go by @Copilot in #14129
• Fix add_comment to handle discussion numbers via fallback to GraphQL by @Copilot in #14125
• Add daily concurrency analysis workflow for MCP server tools by @Copilot in #14147
• Add binary path detection for MCP server self-invocation by @Copilot in #14140
• Remove prompt file management functions from init/upgrade/fix commands by @Copilot in #14150

Full Changelog: v0.42.7...v0.42.8

v0.42.7

🌟 Release Highlights

This maintenance release fixes a critical bug in workflow dispatch from pull requests and updates documentation for recently added plugin and payload directory features.

🐛 Bug Fixes

Fixed workflow dispatch from pull requests (#14062)

The dispatch_workflow action now correctly handles PR contexts by using the actual PR branch ref (refs/heads/{branch}) instead of the merge ref (refs/pull/{PR_NUMBER}/merge), which GitHub Actions API rejects. Additionally, the default branch resolution logic was improved to:

• Check context.payload.repository.default_branch first
• Fall back to github.rest.repos.get() API call
• Only use refs/heads/main as last resort

This ensures workflows can dispatch from PRs and correctly handle repositories with non-standard default branches (e.g., "develop", "staging").

📚 Documentation

Updated reference documentation (#14060)

Added comprehensive documentation for two recently merged features:

• Plugin installation: Documented plugins: frontmatter field with both array and object formats, including cascading GitHub token resolution
• Payload directory: Documented payload-dir: configuration for sharing large MCP responses between agent and gateway containers

---

Generated by Release

---

What's Changed

• Fix dispatch_workflow to use PR branch ref and resolve default branch correctly by @Copilot in #14062
• [docs] Update documentation for plugins and payload-dir features by @github-actions[bot] in #14060

Full Changelog: v0.42.6...v0.42.7

v0.42.6

🌟 Release Highlights

This release brings powerful plugin management capabilities and critical MCP server improvements for better reliability and debugging.

✨ What's New

Plugin Installation Support (#14041)
Install GitHub CLI extensions directly from your workflow frontmatter! Supports both simple array and advanced object formats with cascading authentication:

# Simple format
plugins:
  - github/copilot-cli
  - acme/custom-tool

# Advanced format with custom token
plugins:
  repos:
    - github/copilot-cli
  github-token: ${{ secrets.CUSTOM_TOKEN }}

The compiler automatically generates installation steps for Copilot, Claude, and Codex engines with intelligent token resolution (custom token → GH_AW_PLUGINS_TOKEN → GH_AW_GITHUB_TOKEN → GITHUB_TOKEN).

🐛 Bug Fixes & Improvements

MCP Server Configuration (#14044, #14053)

• Fixed: Removed redundant GH_TOKEN environment variable from agentic-workflows MCP server config that was causing "undefined environment variable" errors
• Improved: Added working directory logging and Docker workdir configuration (-w ${{ github.workspace }}) to ensure proper path resolution inside containers
• Technical: The MCP server's ExecGH() helper automatically creates GH_TOKEN from GITHUB_TOKEN when needed, eliminating the need to pass both tokens

These changes improve reliability for workflows using the agentic-workflows MCP server and make debugging container path issues easier.

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Add plugin installation support via frontmatter with dual-format configuration and cascading token resolution by @Copilot in #14041
• Remove GH_TOKEN from agentic-workflows MCP server config by @Copilot in #14044
• Add working directory logging and Docker workdir for agentic-workflows MCP server by @Copilot in #14053

Full Changelog: v0.42.5...v0.42.6

v0.42.5

🌟 Release Highlights

This release focuses on enhancing MCP (Model Context Protocol) infrastructure and telemetry capabilities to improve reliability and performance for agentic workflows.

✨ What's New

🔗 MCP Gateway Payload Sharing (#14026)
Configure payloadDir to enable efficient sharing of large response payloads between agent and MCP gateway containers. The agent container now mounts payloadDir as read-only for security, while the gateway retains write access to create payload files. This enhancement improves performance when working with large API responses or file transfers.

📡 Enterprise Telemetry Support (#14007)
Copilot engine workflows can now reach telemetry.enterprise.githubcopilot.com without explicit network configuration. This domain is automatically added to the Copilot engine's allowlist, simplifying setup for enterprise environments.

🐛 Bug Fixes & Improvements

🛡️ Enhanced Chroot Security (#13970)
Upgraded AWF (gh-aw-firewall) to v0.13.7, which includes critical fixes for chroot mode:

• Fixed /etc/hosts and /etc/resolv.conf mounting in chroot environments
• Resolved .copilot directory permission issues before CLI installation
• Restored HTTPS_PROXY environment variable handling
• Prevented Bun runtime crashes in sandboxed environments

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Add telemetry.enterprise.githubcopilot.com to copilot engine default allowlist by @Copilot in #14007
• chore: bump AWF to v0.13.7 by @Mossaka in #13970
• Configure payloadDir for MCP gateway to enable large payload sharing by @claude in #14026

Full Changelog: v0.42.4...v0.42.5