Skip to content

v0.66.0

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 03 Apr 21:31
· 461 commits to main since this release
v0.66.0
b495288
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on AI observability, workflow reliability, and threat detection extensibility β€” making it easier to monitor agent token usage, debug anomalies, and customize security pre/post-steps.

✨ What's New

  • Token Usage Artifact (#24315) β€” Agent token counts are now bundled as an agent_usage.json artifact alongside each run, enabling third-party tooling and dashboards to consume structured token data without parsing step summaries.

  • Log Pattern Mining in Audit & Logs (#24328) β€” gh aw audit report now includes an Agent Event Pattern Analysis section powered by Drain3 log template mining. Use the new gh aw logs --train flag to train weights from your own run history, improving anomaly detection accuracy over time.

  • Threat Detection Pre-Steps & Post-Steps (#24250) β€” The threat detection job now supports custom pre-steps and post-steps, giving security teams the ability to run custom checks before and after detection without modifying the compiled workflow.

  • create_labels Maintenance Operation (#24341) β€” A new agentics-maintenance.yml operation automatically creates any missing repository labels referenced in safe-outputs. Also, compile --json now includes a labels field per ValidationResult and exposes a --no-emit option.

  • GitHub App Token Minting Moved to Activation Job (#24251) β€” GitHub App token minting now happens in the activation job, improving security posture and reducing token lifetime exposure in downstream jobs.

πŸ› Bug Fixes & Improvements

  • GH_HOST regression fixed (#24321) β€” The Install GitHub Copilot CLI step no longer silently drops the GH_HOST: github.com environment pin introduced in v0.65.6, restoring CLI functionality for users behind proxy configurations.

  • SARIF upload overhauled (#24322) β€” Code scanning SARIF uploads now use a dedicated job with proper artifact transfer, direct checkout token computation, and GitHub App checkout support β€” resolving failures that required additional git commit references.

  • push_repo_memory guarded against failed/skipped agents (#24363) β€” The repo-memory push job now requires needs.agent.result == 'success', preventing stale or incomplete memory from being written when the agent fails or is skipped.

  • Pipefail SIGPIPE fixes in token optimizer workflows (#24350, #24354) β€” Token analyzer and optimizer workflows were silently aborting artifact download loops due to SIGPIPE (exit 141) under set -euo pipefail. Replaced piped while read patterns with temp-file approaches.

  • Bundle transport fix for HEAD commits (#24317) β€” Fixed a bug where the bundle transport failed when the agent committed directly to HEAD instead of a named branch.

  • Compiler error formatting (#24316) β€” Eliminated spurious file:1:1: prefix from double-wrapped compiler errors, making diagnostics cleaner.

  • Daily Issues Report Generator restored (#24349) β€” Fixed 11 consecutive days of failures caused by PATH issues on GPU runners and a proxy-related gh issue list crash, with graceful fallback to an empty dataset.

πŸ“š Documentation

  • Updated CLI reference with --train flag docs, --no-emit option, labels JSON field, Agent Event Pattern Analysis, and agent_usage.json artifact table entry (#24377).
  • Expanded the Manual Maintenance Operations guide with a full table of available operations including the new create_labels entry (#24377).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@adamhenson

@chrisfregly

@jaroslawgajewski

@kbreit-insight

For complete details, see CHANGELOG.

Generated by Release Β· ● 1.2M

What's Changed

  • [dead-code] chore: remove dead functions β€” 4 functions removed by @github-actions[bot] in #24288
  • [docs] docs: consolidate dev.md to v5.1 β€” add 3 previously uncovered spec files by @github-actions[bot] in #24275
  • [instructions] Sync github-agentic-workflows.md with release v0.65.6 by @github-actions[bot] in #24273
  • [docs] Update glossary - daily scan (imports and import-schema) by @github-actions[bot] in #24267
  • [community] Update community contributions in README by @github-actions[bot] in #24271
  • [architecture] Update architecture diagram - 2026-04-03 by @github-actions[bot] in #24264
  • Rename isEmptyDiff β†’ isEmptyFirewallDiff for consistency by @Copilot in #24277
  • fix: remove stale action-tag: v0 from daily-fact.md and recompile by @Copilot in #24310
  • refactor: eliminate duplicated AWF injection, secret validation, and MCP secret collection across engine implementations by @Copilot in #24283
  • [q] fix: show effective tokens (ET) in discussion footer by @github-actions[bot] in #24320
  • ci: skip go mod download on cache hit for 9 jobs by @Copilot in #24319
  • perf: eliminate repeated O(n) action pin scans and redundant permissions parsing in MCP workflow compilation by @Copilot in #24256
  • feat: add pre-steps and post-steps to threat detection job by @Copilot in #24250
  • Fix double-wrapped compiler errors emitting spurious file:1:1: prefix by @Copilot in #24316
  • fix: restore GH_HOST: github.com pin on Install GitHub Copilot CLI step by @Copilot in #24321
  • Move github-app token minting to activation job by @Copilot in #24251
  • fix: bundle transport fails when agent commits to HEAD instead of named branch by @Copilot in #24317
  • feat: bundle token usage as agent artifact by @Copilot in #24315
  • fix: update wasm golden files to include GH_HOST env var in Copilot CLI install step by @Copilot in #24330
  • fix: install gh-aw CLI extension in workflow pre-steps by @lpcox in #24335
  • Fix workflow network allowlist gaps from 2026-04-03 firewall report by @Copilot in #24332
  • Upgrade charmbracelet/huh to charm.land/huh/v2 v2.0.3 by @Copilot in #24331
  • Migrate HuhTheme to huh v2 ThemeFunc API by @Copilot in #24343
  • feat: integrate log template mining into audit report and logs by @Copilot in #24328
  • fix: replace piped while loops with temp files to avoid pipefail SIGPIPE by @lpcox in #24350
  • Add create-labels maintenance operation and compile --json label reporting by @Copilot in #24341
  • fix: eliminate piped while loops in token optimizer workflows by @lpcox in #24354
  • fix: restore Daily Issues Report Generator β€” AWF binary install + issues data fetch resilience by @Copilot in #24349
  • Fix copy dictation instructions button on agentic-authoring page by @Copilot in #24362
  • fix: push_repo_memory should not run when agent job is skipped or failed by @Copilot in #24363
  • fix: dedicated upload_code_scanning_sarif job with SARIF artifact transfer, direct checkout token computation, and github-app checkout support by @Copilot in #24322
  • ci: skip GitHub API-heavy jobs on non-main branches by @Copilot in #24370
  • [docs] Update documentation for features from 2026-04-03 by @github-actions[bot] in #24377
  • chore: update drain3 default log pattern weights by @github-actions[bot] in #24381

Full Changelog: v0.65.7...v0.66.0

Contributors

lpcox
Assets 18
Loading